Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DynamicTLSCertProvider ¶
type DynamicTLSCertProvider interface { SetIssuerHostToTLSCertMap(issuerToJWKSMap map[string]*tls.Certificate) SetDefaultTLSCert(certificate *tls.Certificate) GetTLSCert(lowercaseIssuerHostName string) *tls.Certificate GetDefaultTLSCert() *tls.Certificate }
func NewDynamicTLSCertProvider ¶
func NewDynamicTLSCertProvider() DynamicTLSCertProvider
type DynamicUpstreamIDPProvider ¶ added in v0.3.0
type DynamicUpstreamIDPProvider interface { SetIDPList(oidcIDPs []UpstreamOIDCIdentityProviderI) GetIDPList() []UpstreamOIDCIdentityProviderI }
func NewDynamicUpstreamIDPProvider ¶ added in v0.3.0
func NewDynamicUpstreamIDPProvider() DynamicUpstreamIDPProvider
type FederationDomainIssuer ¶ added in v0.3.0
type FederationDomainIssuer struct {
// contains filtered or unexported fields
}
FederationDomainIssuer represents all of the settings and state for a downstream OIDC provider as defined by a FederationDomain.
func NewFederationDomainIssuer ¶ added in v0.3.0
func NewFederationDomainIssuer(issuer string) (*FederationDomainIssuer, error)
func (*FederationDomainIssuer) Issuer ¶ added in v0.3.0
func (p *FederationDomainIssuer) Issuer() string
func (*FederationDomainIssuer) IssuerHost ¶ added in v0.3.0
func (p *FederationDomainIssuer) IssuerHost() string
func (*FederationDomainIssuer) IssuerPath ¶ added in v0.3.0
func (p *FederationDomainIssuer) IssuerPath() string
type UpstreamOIDCIdentityProviderI ¶ added in v0.3.0
type UpstreamOIDCIdentityProviderI interface { // A name for this upstream provider, which will be used as a component of the path for the callback endpoint // hosted by the Supervisor. GetName() string // The Oauth client ID registered with the upstream provider to be used in the authorization code flow. GetClientID() string // The Authorization Endpoint fetched from discovery. GetAuthorizationURL() *url.URL // Scopes to request in authorization flow. GetScopes() []string // ID Token username claim name. May return empty string, in which case we will use some reasonable defaults. GetUsernameClaim() string // ID Token groups claim name. May return empty string, in which case we won't try to read groups from the upstream provider. GetGroupsClaim() string // Performs upstream OIDC authorization code exchange and token validation. // Returns the validated raw tokens as well as the parsed claims of the ID token. ExchangeAuthcodeAndValidateTokens( ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, expectedIDTokenNonce nonce.Nonce, redirectURI string, ) (*oidctypes.Token, error) ValidateToken(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce) (*oidctypes.Token, error) }
Source Files ¶
Click to show internal directories.
Click to hide internal directories.