rs

package
v3.34.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 17, 2025 License: Apache-2.0 Imports: 7 Imported by: 7

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Introspect

func Introspect[R any](ctx context.Context, rp ResourceServer, token string) (resp R, err error)

Introspect calls the RFC7662 Token Introspection endpoint and returns the response in an instance of type R. *oidc.IntrospectionResponse can be used as a good example, or use a custom type if type-safe access to custom claims is needed.

Example (Custom)
package main

import (
	"context"
	"fmt"

	"github.com/zitadel/oidc/v3/pkg/client/rs"
	"github.com/zitadel/oidc/v3/pkg/oidc"
)

type IntrospectionResponse struct {
	Active     bool                     `json:"active"`
	Scope      oidc.SpaceDelimitedArray `json:"scope,omitempty"`
	ClientID   string                   `json:"client_id,omitempty"`
	TokenType  string                   `json:"token_type,omitempty"`
	Expiration oidc.Time                `json:"exp,omitempty"`
	IssuedAt   oidc.Time                `json:"iat,omitempty"`
	NotBefore  oidc.Time                `json:"nbf,omitempty"`
	Subject    string                   `json:"sub,omitempty"`
	Audience   oidc.Audience            `json:"aud,omitempty"`
	Issuer     string                   `json:"iss,omitempty"`
	JWTID      string                   `json:"jti,omitempty"`
	Username   string                   `json:"username,omitempty"`
	oidc.UserInfoProfile
	oidc.UserInfoEmail
	oidc.UserInfoPhone
	Address *oidc.UserInfoAddress `json:"address,omitempty"`

	// Foo and Bar are custom claims
	Foo string `json:"foo,omitempty"`
	Bar struct {
		Val1 string `json:"val_1,omitempty"`
		Val2 string `json:"val_2,omitempty"`
	} `json:"bar,omitempty"`

	// Claims are all the combined claims, including custom.
	Claims map[string]any `json:"-,omitempty"`
}

func main() {
	rss, err := rs.NewResourceServerClientCredentials(context.TODO(), "http://localhost:8080", "clientid", "clientsecret")
	if err != nil {
		panic(err)
	}

	resp, err := rs.Introspect[*IntrospectionResponse](context.TODO(), rss, "accesstokenstring")
	if err != nil {
		panic(err)
	}

	fmt.Println(resp)
}
Output:

Types

type Option

type Option func(*resourceServer)

func WithClient

func WithClient(client *http.Client) Option

WithClient provides the ability to set an http client to be used for the resource server

func WithStaticEndpoints

func WithStaticEndpoints(tokenURL, introspectURL string) Option

WithStaticEndpoints provides the ability to set static token and introspect URL

type ResourceServer

type ResourceServer interface {
	IntrospectionURL() string
	TokenEndpoint() string
	HttpClient() *http.Client
	AuthFn() (any, error)
}

func NewResourceServerClientCredentials

func NewResourceServerClientCredentials(ctx context.Context, issuer, clientID, clientSecret string, option ...Option) (ResourceServer, error)

func NewResourceServerFromKeyFile

func NewResourceServerFromKeyFile(ctx context.Context, issuer, path string, options ...Option) (ResourceServer, error)

func NewResourceServerJWTProfile

func NewResourceServerJWTProfile(ctx context.Context, issuer, clientID, keyID string, key []byte, options ...Option) (ResourceServer, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL