oauth

package

v3.3.0 Latest Latest Go to latest Published: Nov 11, 2024 License: Apache-2.0 Imports: 9 Imported by: 9

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zitadel/zitadel-go

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DefaultAuthorization(path string) authorization.VerifierInitializer[*IntrospectionContext]
func WithIntrospection[T authorization.Ctx](auth IntrospectionAuthentication) authorization.VerifierInitializer[T]
type IntrospectionAuthentication
- func ClientIDSecretIntrospectionAuthentication(clientID, clientSecret string) IntrospectionAuthentication
- func JWTProfileIntrospectionAuthentication(file *client.KeyFile) IntrospectionAuthentication
type IntrospectionContext
type IntrospectionVerification
- func (i *IntrospectionVerification[T]) CheckAuthorization(ctx context.Context, authorizationToken string) (resp T, err error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidAuthorizationHeader = errors.New("invalid authorization header, must be prefixed with `Bearer`")
	ErrIntrospectionFailed        = errors.New("token introspection failed")
)

Functions ¶

func DefaultAuthorization ¶

func DefaultAuthorization(path string) authorization.VerifierInitializer[*IntrospectionContext]

DefaultAuthorization is a short version of [WithIntrospection[*IntrospectionContext](JWTProfileIntrospectionAuthentication)] with a key.json read from a provided path.

func WithIntrospection ¶

func WithIntrospection[T authorization.Ctx](auth IntrospectionAuthentication) authorization.VerifierInitializer[T]

WithIntrospection creates the OAuth2 Introspection implementation of the authorization.Verifier interface. The introspection endpoint itself requires some IntrospectionAuthentication of the client. Possible implementation are JWTProfileIntrospectionAuthentication and ClientIDSecretIntrospectionAuthentication.

Types ¶

type IntrospectionAuthentication ¶

type IntrospectionAuthentication func(ctx context.Context, issuer string) (rs.ResourceServer, error)

func ClientIDSecretIntrospectionAuthentication ¶

func ClientIDSecretIntrospectionAuthentication(clientID, clientSecret string) IntrospectionAuthentication

ClientIDSecretIntrospectionAuthentication allows to authenticate the introspection request with the client_id and client_secret provided by ZITADEL.

func JWTProfileIntrospectionAuthentication ¶

func JWTProfileIntrospectionAuthentication(file *client.KeyFile) IntrospectionAuthentication

JWTProfileIntrospectionAuthentication allows to authenticate the introspection request with JWT Profile using a key.json provided by ZITADEL.

type IntrospectionContext ¶

type IntrospectionContext struct {
	oidc.IntrospectionResponse
	// contains filtered or unexported fields
}

IntrospectionContext implements the authorization.Ctx interface with the oidc.IntrospectionResponse as underlying data.

func (*IntrospectionContext) GetToken ¶

func (c *IntrospectionContext) GetToken() string

func (*IntrospectionContext) IsAuthorized ¶

func (c *IntrospectionContext) IsAuthorized() bool

IsAuthorized implements authorization.Ctx by checking the `active` claim of the oidc.IntrospectionResponse.

func (*IntrospectionContext) IsGrantedRole ¶

func (c *IntrospectionContext) IsGrantedRole(role string) bool

IsGrantedRole implements authorization.Ctx by checking if the `urn:zitadel:iam:org:project:roles` claim contains the requested role.

func (*IntrospectionContext) IsGrantedRoleInOrganization ¶

func (c *IntrospectionContext) IsGrantedRoleInOrganization(role, organizationID string) bool

IsGrantedRoleInOrganization implements authorization.Ctx by checking if the organizationID is part of the list of the `urn:zitadel:iam:org:project:roles` claim requested role.

func (*IntrospectionContext) SetToken ¶

func (c *IntrospectionContext) SetToken(token string)

func (*IntrospectionContext) UserID ¶

func (c *IntrospectionContext) UserID() string

UserID implements authorization.Ctx by returning the `sub` claim of the oidc.IntrospectionResponse.

type IntrospectionVerification ¶

type IntrospectionVerification[T any] struct {
	rs.ResourceServer
}

IntrospectionVerification provides an authorization.Verifier implementation by validating the provided token with an OAuth2 Introspection call. Use WithIntrospection for implementation.

func (*IntrospectionVerification[T]) CheckAuthorization ¶

func (i *IntrospectionVerification[T]) CheckAuthorization(ctx context.Context, authorizationToken string) (resp T, err error)

CheckAuthorization implements the authorization.Verifier interface by checking the authorizationToken on the OAuth2 introspection endpoint. On success, it will return a generic struct of type [T] of the IntrospectionVerification.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL