Documentation ¶
Overview ¶
Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.
Index ¶
- func DownstreamLDAPSubject(uid string, ldapURL url.URL) string
- func ExtractStringClaimValue(claimName string, upstreamIDPName string, idTokenClaims map[string]interface{}) (string, error)
- func GetDownstreamIdentityFromUpstreamIDToken(upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, ...) (string, string, []string, error)
- func GetGroupsFromUpstreamIDToken(upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, ...) ([]string, error)
- func GrantScopesIfRequested(authorizeRequester fosite.AuthorizeRequester)
- func MakeDownstreamOIDCCustomSessionData(oidcUpstream provider.UpstreamOIDCIdentityProviderI, token *oidctypes.Token) (*psession.CustomSessionData, error)
- func MakeDownstreamSession(subject string, username string, groups []string, ...) *psession.PinnipedSession
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func DownstreamLDAPSubject ¶ added in v0.13.0
func ExtractStringClaimValue ¶ added in v0.13.0
func GetDownstreamIdentityFromUpstreamIDToken ¶ added in v0.11.0
func GetDownstreamIdentityFromUpstreamIDToken( upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, idTokenClaims map[string]interface{}, ) (string, string, []string, error)
GetDownstreamIdentityFromUpstreamIDToken returns the mapped subject, username, and group names, in that order.
func GetGroupsFromUpstreamIDToken ¶ added in v0.13.0
func GetGroupsFromUpstreamIDToken( upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI, idTokenClaims map[string]interface{}, ) ([]string, error)
GetGroupsFromUpstreamIDToken returns mapped group names coerced into a slice of strings. It returns nil when there is no configured groups claim name, or then when the configured claim name is not found in the provided map of claims. It returns an error when the claim exists but its value cannot be parsed.
func GrantScopesIfRequested ¶
func GrantScopesIfRequested(authorizeRequester fosite.AuthorizeRequester)
GrantScopesIfRequested auto-grants the scopes for which we do not require end-user approval, if they were requested.
func MakeDownstreamOIDCCustomSessionData ¶ added in v0.13.0
func MakeDownstreamOIDCCustomSessionData(oidcUpstream provider.UpstreamOIDCIdentityProviderI, token *oidctypes.Token) (*psession.CustomSessionData, error)
func MakeDownstreamSession ¶
func MakeDownstreamSession(subject string, username string, groups []string, custom *psession.CustomSessionData) *psession.PinnipedSession
MakeDownstreamSession creates a downstream OIDC session.
Types ¶
This section is empty.