The highest tagged major version is v3.

internal

package

v1.8.1 Latest Latest Go to latest Published: Sep 30, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zitadel/oidc

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func CodeChallengeToOIDC(challenge *OIDCCodeChallenge) *oidc.CodeChallenge
func MaxAgeToInternal(maxAge *uint) *time.Duration
func NewStorage() *storage
func PromptToInternal(oidcPrompt oidc.SpaceDelimitedArray) []string
func RefreshTokenRequestFromBusiness(token *RefreshToken) op.RefreshTokenRequest
func RegisterClients(registerClients ...*Client)
type AuthRequest
type Client
- func NativeClient(id string, redirectURIs ...string) *Client
- func WebClient(id, secret string, redirectURIs ...string) *Client
type OIDCCodeChallenge
type RefreshToken
type RefreshTokenRequest
type Service
type Token
type User

Constants ¶

View Source

const (
	//CustomScope is an example for how to use custom scopes in this library
	//(in this scenario, when requested, it will return a custom claim)
	CustomScope = "custom_scope"

	//CustomClaim is an example for how to return custom claims with this library
	CustomClaim = "custom_claim"
)

Variables ¶

This section is empty.

Functions ¶

func CodeChallengeToOIDC ¶

func CodeChallengeToOIDC(challenge *OIDCCodeChallenge) *oidc.CodeChallenge

func MaxAgeToInternal ¶

func MaxAgeToInternal(maxAge *uint) *time.Duration

func NewStorage ¶

func NewStorage() *storage

func PromptToInternal ¶

func PromptToInternal(oidcPrompt oidc.SpaceDelimitedArray) []string

func RefreshTokenRequestFromBusiness ¶

func RefreshTokenRequestFromBusiness(token *RefreshToken) op.RefreshTokenRequest

RefreshTokenRequestFromBusiness will simply wrap the internal RefreshToken to implement the op.RefreshTokenRequest interface

func RegisterClients ¶

func RegisterClients(registerClients ...*Client)

RegisterClients enables you to register clients for the example implementation there are some clients (web and native) to try out different cases add more if necessary

Types ¶

type AuthRequest ¶

type AuthRequest struct {
	ID            string
	CreationDate  time.Time
	ApplicationID string
	CallbackURI   string
	TransferState string
	Prompt        []string
	UiLocales     []language.Tag
	LoginHint     string
	MaxAuthAge    *time.Duration
	UserID        string
	Scopes        []string
	ResponseType  oidc.ResponseType
	Nonce         string
	CodeChallenge *OIDCCodeChallenge
	// contains filtered or unexported fields
}

func (*AuthRequest) Done ¶

func (a *AuthRequest) Done() bool

func (*AuthRequest) GetACR ¶

func (a *AuthRequest) GetACR() string

func (*AuthRequest) GetAMR ¶

func (a *AuthRequest) GetAMR() []string

func (*AuthRequest) GetAudience ¶

func (a *AuthRequest) GetAudience() []string

func (*AuthRequest) GetAuthTime ¶

func (a *AuthRequest) GetAuthTime() time.Time

func (*AuthRequest) GetClientID ¶

func (a *AuthRequest) GetClientID() string

func (*AuthRequest) GetCodeChallenge ¶

func (a *AuthRequest) GetCodeChallenge() *oidc.CodeChallenge

func (*AuthRequest) GetID ¶

func (a *AuthRequest) GetID() string

func (*AuthRequest) GetNonce ¶

func (a *AuthRequest) GetNonce() string

func (*AuthRequest) GetRedirectURI ¶

func (a *AuthRequest) GetRedirectURI() string

func (*AuthRequest) GetResponseMode ¶

func (a *AuthRequest) GetResponseMode() oidc.ResponseMode

func (*AuthRequest) GetResponseType ¶

func (a *AuthRequest) GetResponseType() oidc.ResponseType

func (*AuthRequest) GetScopes ¶

func (a *AuthRequest) GetScopes() []string

func (*AuthRequest) GetState ¶

func (a *AuthRequest) GetState() string

func (*AuthRequest) GetSubject ¶

func (a *AuthRequest) GetSubject() string

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client represents the internal model of an OAuth/OIDC client this could also be your database model

func NativeClient ¶

func NativeClient(id string, redirectURIs ...string) *Client

NativeClient will create a client of type native, which will always use PKCE and allow the use of refresh tokens user-defined redirectURIs may include: - http://localhost without port specification (e.g. http://localhost/auth/callback) - custom protocol (e.g. custom://auth/callback) (the examples will be used as default, if none is provided)

func WebClient ¶

func WebClient(id, secret string, redirectURIs ...string) *Client

WebClient will create a client of type web, which will always use Basic Auth and allow the use of refresh tokens user-defined redirectURIs may include: - http://localhost with port specification (e.g. http://localhost:9999/auth/callback) (the example will be used as default, if none is provided)

func (*Client) AccessTokenType ¶

func (c *Client) AccessTokenType() op.AccessTokenType

AccessTokenType must return the type of access token the client uses (Bearer (opaque) or JWT)

func (*Client) ApplicationType ¶

func (c *Client) ApplicationType() op.ApplicationType

ApplicationType must return the type of the client (app, native, user agent)

func (*Client) AuthMethod ¶

func (c *Client) AuthMethod() oidc.AuthMethod

AuthMethod must return the authentication method (client_secret_basic, client_secret_post, none, private_key_jwt)

func (*Client) ClockSkew ¶

func (c *Client) ClockSkew() time.Duration

ClockSkew enables clients to instruct the OP to apply a clock skew on the various times and expirations (subtract from issued_at, add to expiration, ...)

func (*Client) DevMode ¶

func (c *Client) DevMode() bool

DevMode enables the use of non-compliant configs such as redirect_uris (e.g. http schema for user agent client)

func (*Client) GetID ¶

func (c *Client) GetID() string

GetID must return the client_id

func (*Client) GrantTypes ¶

func (c *Client) GrantTypes() []oidc.GrantType

GrantTypes must return all allowed grant types (authorization_code, refresh_token, urn:ietf:params:oauth:grant-type:jwt-bearer)

func (*Client) IDTokenLifetime ¶

func (c *Client) IDTokenLifetime() time.Duration

IDTokenLifetime must return the lifetime of the client's id_tokens

func (*Client) IDTokenUserinfoClaimsAssertion ¶

func (c *Client) IDTokenUserinfoClaimsAssertion() bool

IDTokenUserinfoClaimsAssertion allows specifying if claims of scope profile, email, phone and address are asserted into the id_token even if an access token if issued which violates the OIDC Core spec (5.4. Requesting Claims using Scope Values: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) some clients though require that e.g. email is always in the id_token when requested even if an access_token is issued

func (*Client) IsScopeAllowed ¶

func (c *Client) IsScopeAllowed(scope string) bool

IsScopeAllowed enables Client specific custom scopes validation in this example we allow the CustomScope for all clients

func (*Client) LoginURL ¶

func (c *Client) LoginURL(id string) string

LoginURL will be called to redirect the user (agent) to the login UI you could implement some logic here to redirect the users to different login UIs depending on the client

func (*Client) PostLogoutRedirectURIs ¶

func (c *Client) PostLogoutRedirectURIs() []string

PostLogoutRedirectURIs must return the registered post_logout_redirect_uris for sign-outs

func (*Client) RedirectURIs ¶

func (c *Client) RedirectURIs() []string

RedirectURIs must return the registered redirect_uris for Code and Implicit Flow

func (*Client) ResponseTypes ¶

func (c *Client) ResponseTypes() []oidc.ResponseType

ResponseTypes must return all allowed response types (code, id_token token, id_token) these must match with the allowed grant types

func (*Client) RestrictAdditionalAccessTokenScopes ¶

func (c *Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string

RestrictAdditionalAccessTokenScopes allows specifying which custom scopes shall be asserted into the JWT access_token

func (*Client) RestrictAdditionalIdTokenScopes ¶

func (c *Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string

RestrictAdditionalIdTokenScopes allows specifying which custom scopes shall be asserted into the id_token

type OIDCCodeChallenge ¶

type OIDCCodeChallenge struct {
	Challenge string
	Method    string
}

type RefreshToken ¶

type RefreshToken struct {
	ID            string
	Token         string
	AuthTime      time.Time
	AMR           []string
	Audience      []string
	UserID        string
	ApplicationID string
	Expiration    time.Time
	Scopes        []string
}

type RefreshTokenRequest ¶

type RefreshTokenRequest struct {
	*RefreshToken
}

func (*RefreshTokenRequest) GetAMR ¶

func (r *RefreshTokenRequest) GetAMR() []string

func (*RefreshTokenRequest) GetAudience ¶

func (r *RefreshTokenRequest) GetAudience() []string

func (*RefreshTokenRequest) GetAuthTime ¶

func (r *RefreshTokenRequest) GetAuthTime() time.Time

func (*RefreshTokenRequest) GetClientID ¶

func (r *RefreshTokenRequest) GetClientID() string

func (*RefreshTokenRequest) GetScopes ¶

func (r *RefreshTokenRequest) GetScopes() []string

func (*RefreshTokenRequest) GetSubject ¶

func (r *RefreshTokenRequest) GetSubject() string

func (*RefreshTokenRequest) SetCurrentScopes ¶

func (r *RefreshTokenRequest) SetCurrentScopes(scopes []string)

type Service ¶

type Service struct {
	// contains filtered or unexported fields
}

type Token ¶

type Token struct {
	ID             string
	ApplicationID  string
	Subject        string
	RefreshTokenID string
	Audience       []string
	Expiration     time.Time
	Scopes         []string
}

type User ¶

type User struct {
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL