Documentation ¶
Index ¶
- func Introspect[R any](ctx context.Context, rp ResourceServer, token string) (resp R, err error)
- type Option
- type ResourceServer
- func NewResourceServerClientCredentials(ctx context.Context, issuer, clientID, clientSecret string, option ...Option) (ResourceServer, error)
- func NewResourceServerFromKeyFile(ctx context.Context, issuer, path string, options ...Option) (ResourceServer, error)
- func NewResourceServerJWTProfile(ctx context.Context, issuer, clientID, keyID string, key []byte, ...) (ResourceServer, error)
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Introspect ¶
Introspect calls the RFC7662 Token Introspection endpoint and returns the response in an instance of type R. *oidc.IntrospectionResponse can be used as a good example, or use a custom type if type-safe access to custom claims is needed.
Example (Custom) ¶
package main import ( "context" "fmt" "github.com/zitadel/oidc/v4/pkg/client/rs" "github.com/zitadel/oidc/v4/pkg/oidc" ) type IntrospectionResponse struct { Active bool `json:"active"` Scope oidc.SpaceDelimitedArray `json:"scope,omitempty"` ClientID string `json:"client_id,omitempty"` TokenType string `json:"token_type,omitempty"` Expiration oidc.Time `json:"exp,omitempty"` IssuedAt oidc.Time `json:"iat,omitempty"` NotBefore oidc.Time `json:"nbf,omitempty"` Subject string `json:"sub,omitempty"` Audience oidc.Audience `json:"aud,omitempty"` Issuer string `json:"iss,omitempty"` JWTID string `json:"jti,omitempty"` Username string `json:"username,omitempty"` oidc.UserInfoProfile oidc.UserInfoEmail oidc.UserInfoPhone Address *oidc.UserInfoAddress `json:"address,omitempty"` // Foo and Bar are custom claims Foo string `json:"foo,omitempty"` Bar struct { Val1 string `json:"val_1,omitempty"` Val2 string `json:"val_2,omitempty"` } `json:"bar,omitempty"` // Claims are all the combined claims, including custom. Claims map[string]any `json:"-,omitempty"` } func main() { rss, err := rs.NewResourceServerClientCredentials(context.TODO(), "http://localhost:8080", "clientid", "clientsecret") if err != nil { panic(err) } resp, err := rs.Introspect[*IntrospectionResponse](context.TODO(), rss, "accesstokenstring") if err != nil { panic(err) } fmt.Println(resp) }
Output:
Types ¶
type Option ¶
type Option func(*resourceServer)
func WithClient ¶
WithClient provides the ability to set an http client to be used for the resource server
func WithStaticEndpoints ¶
WithStaticEndpoints provides the ability to set static token and introspect URL
type ResourceServer ¶
type ResourceServer interface { IntrospectionURL() string TokenEndpoint() string HttpClient() *http.Client AuthFn() (any, error) }
Click to show internal directories.
Click to hide internal directories.