client

Documentation

Index

• Variables
• func CallDeviceAccessTokenEndpoint(ctx context.Context, request *DeviceAccessTokenRequest, ...) (*oidc.AccessTokenResponse, error)
• func CallDeviceAuthorizationEndpoint(ctx context.Context, request *oidc.ClientCredentialsRequest, ...) (*oidc.DeviceAuthorizationResponse, error)
• func CallEndSessionEndpoint(ctx context.Context, request any, authFn any, caller EndSessionCaller) (*url.URL, error)
• func CallRevokeEndpoint(ctx context.Context, request any, authFn any, caller RevokeCaller) error
• func CallTokenEndpoint(ctx context.Context, request any, caller TokenEndpointCaller) (newToken *oauth2.Token, err error)
• func CallTokenExchangeEndpoint(ctx context.Context, request any, authFn any, caller TokenEndpointCaller) (resp *oidc.TokenExchangeResponse, err error)
• func ClientAssertionCodeOptions(assertion string) []oauth2.AuthCodeOption
• func ClientAssertionFormAuthorization(assertion string) http.FormAuthorization
• func Discover(ctx context.Context, issuer string, httpClient *http.Client, ...) (*oidc.DiscoveryConfiguration, error)
• func JWTProfileExchange(ctx context.Context, jwtProfileGrantRequest *oidc.JWTProfileGrantRequest, ...) (*oauth2.Token, error)
• func NewSignerFromPrivateKeyByte(key []byte, keyID string) (jose.Signer, error)
• func PollDeviceAccessTokenEndpoint(ctx context.Context, interval time.Duration, request *DeviceAccessTokenRequest, ...) (*oidc.AccessTokenResponse, error)
• func SignedJWTProfileAssertion(clientID string, audience []string, expiration time.Duration, ...) (string, error)
• type DeviceAccessTokenRequest
• type DeviceAuthorizationCaller
• type EndSessionCaller
• type KeyFile
  • func ConfigFromKeyFile(path string) (*KeyFile, error)
  • func ConfigFromKeyFileData(data []byte) (*KeyFile, error)
• type RevokeCaller
• type RevokeRequest
• type TokenEndpointCaller

Variables

var (
	Encoder = httphelper.Encoder(oidc.NewEncoder())
	Tracer  = otel.Tracer("github.com/zitadel/oidc/pkg/client")
)

Functions

func CallDeviceAccessTokenEndpoint

func CallDeviceAccessTokenEndpoint(ctx context.Context, request *DeviceAccessTokenRequest, caller TokenEndpointCaller) (*oidc.AccessTokenResponse, error)

func CallDeviceAuthorizationEndpoint

func CallDeviceAuthorizationEndpoint(ctx context.Context, request *oidc.ClientCredentialsRequest, caller DeviceAuthorizationCaller, authFn any) (*oidc.DeviceAuthorizationResponse, error)

func CallEndSessionEndpoint

func CallEndSessionEndpoint(ctx context.Context, request any, authFn any, caller EndSessionCaller) (*url.URL, error)

func CallRevokeEndpoint

func CallRevokeEndpoint(ctx context.Context, request any, authFn any, caller RevokeCaller) error

func CallTokenEndpoint

func CallTokenEndpoint(ctx context.Context, request any, caller TokenEndpointCaller) (newToken *oauth2.Token, err error)

func CallTokenExchangeEndpoint

func CallTokenExchangeEndpoint(ctx context.Context, request any, authFn any, caller TokenEndpointCaller) (resp *oidc.TokenExchangeResponse, err error)

func ClientAssertionCodeOptions

func ClientAssertionCodeOptions(assertion string) []oauth2.AuthCodeOption

func ClientAssertionFormAuthorization

func ClientAssertionFormAuthorization(assertion string) http.FormAuthorization

func Discover

func Discover(ctx context.Context, issuer string, httpClient *http.Client, wellKnownUrl ...string) (*oidc.DiscoveryConfiguration, error)

Discover calls the discovery endpoint of the provided issuer and returns its configuration It accepts an optional argument "wellknownUrl" which can be used to overide the dicovery endpoint url

func JWTProfileExchange

func JWTProfileExchange(ctx context.Context, jwtProfileGrantRequest *oidc.JWTProfileGrantRequest, caller TokenEndpointCaller) (*oauth2.Token, error)

JWTProfileExchange handles the oauth2 jwt profile exchange

func NewSignerFromPrivateKeyByte

func NewSignerFromPrivateKeyByte(key []byte, keyID string) (jose.Signer, error)

func PollDeviceAccessTokenEndpoint

func PollDeviceAccessTokenEndpoint(ctx context.Context, interval time.Duration, request *DeviceAccessTokenRequest, caller TokenEndpointCaller) (*oidc.AccessTokenResponse, error)

func SignedJWTProfileAssertion

func SignedJWTProfileAssertion(clientID string, audience []string, expiration time.Duration, signer jose.Signer) (string, error)

Types

type DeviceAccessTokenRequest

type DeviceAccessTokenRequest struct {
	*oidc.ClientCredentialsRequest
	oidc.DeviceAccessTokenRequest
}

type DeviceAuthorizationCaller

type DeviceAuthorizationCaller interface {
	GetDeviceAuthorizationEndpoint() string
	HttpClient() *http.Client
}

type EndSessionCaller

type EndSessionCaller interface {
	GetEndSessionEndpoint() string
	HttpClient() *http.Client
}

type KeyFile

type KeyFile struct {
	Type   string `json:"type"` // serviceaccount or application
	KeyID  string `json:"keyId"`
	Key    string `json:"key"`
	Issuer string `json:"issuer"` // not yet in file

	// serviceaccount
	UserID string `json:"userId"`

	// application
	ClientID string `json:"clientId"`
}

func ConfigFromKeyFile

func ConfigFromKeyFile(path string) (*KeyFile, error)

func ConfigFromKeyFileData

func ConfigFromKeyFileData(data []byte) (*KeyFile, error)

type RevokeCaller

type RevokeCaller interface {
	GetRevokeEndpoint() string
	HttpClient() *http.Client
}

type RevokeRequest

type RevokeRequest struct {
	Token         string `schema:"token"`
	TokenTypeHint string `schema:"token_type_hint"`
	ClientID      string `schema:"client_id"`
	ClientSecret  string `schema:"client_secret"`
}

type TokenEndpointCaller

type TokenEndpointCaller interface {
	TokenEndpoint() string
	HttpClient() *http.Client
}