Documentation ¶
Overview ¶
Package oidcclient implements a CLI OIDC login flow.
Index ¶
- func Login(issuer string, clientID string, opts ...Option) (*oidctypes.Token, error)
- type Option
- func WithBrowserOpen(openURL func(url string) error) Option
- func WithClient(httpClient *http.Client) Option
- func WithContext(ctx context.Context) Option
- func WithListenPort(port uint16) Option
- func WithLogger(logger logr.Logger) Option
- func WithRequestAudience(audience string) Option
- func WithScopes(scopes []string) Option
- func WithSessionCache(cache SessionCache) Option
- type SessionCache
- type SessionCacheKey
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Option ¶
type Option func(*handlerState) error
Option is an optional configuration for Login().
func WithBrowserOpen ¶
WithBrowserOpen overrides the default "open browser" functionality with a custom callback. If not specified, an implementation using https://github.com/pkg/browser will be used by default.
func WithClient ¶
WithClient sets the HTTP client used to make CLI-to-provider requests.
func WithContext ¶
WithContext specifies a specific context.Context under which to perform the login. If this option is not specified, login happens under context.Background().
func WithListenPort ¶
WithListenPort specifies a TCP listen port on localhost, which will be used for the redirect_uri and to handle the authorization code callback. By default, a random high port will be chosen which requires the authorization server to support wildcard port numbers as described by https://tools.ietf.org/html/rfc8252:
The authorization server MUST allow any port to be specified at the time of the request for loopback IP redirect URIs, to accommodate clients that obtain an available ephemeral port from the operating system at the time of the request.
func WithLogger ¶ added in v0.8.0
WithLogger specifies a PLogger to use with the login. If not specified this will default to a new logger.
func WithRequestAudience ¶
WithRequestAudience causes the login flow to perform an additional token exchange using the RFC8693 flow.
func WithScopes ¶
WithScopes sets the OAuth2 scopes to request during login. If not specified, it defaults to "offline_access openid email profile".
func WithSessionCache ¶
func WithSessionCache(cache SessionCache) Option
WithSessionCache sets the session cache backend for storing and retrieving previously-issued ID tokens and refresh tokens.
type SessionCache ¶
type SessionCache interface { GetToken(SessionCacheKey) *oidctypes.Token PutToken(SessionCacheKey, *oidctypes.Token) }
Directories ¶
Path | Synopsis |
---|---|
Package cachefile implements the file format for session caches.
|
Package cachefile implements the file format for session caches. |
Package nonce implements
|
Package nonce implements |
Package oidctypes provides core data types for OIDC token structures.
|
Package oidctypes provides core data types for OIDC token structures. |