Documentation ¶
Index ¶
- Constants
- Variables
- func ExtractBearerToken(r *http.Request) (string, error)
- func GenClientID(hostport string) (string, error)
- func NewClaims(iss, sub, aud string, iat, exp time.Time) jose.Claims
- func NewHTTPProviderConfigGetter(hc phttp.Client, issuerURL string) *httpProviderConfigGetter
- func NewRemotePublicKeyRepo(hc phttp.Client, ep string) *remotePublicKeyRepo
- func VerifyClaims(jwt jose.JWT, issuer, clientID string) error
- func VerifyClientClaims(jwt jose.JWT, issuer string) (string, error)
- func VerifySignature(jwt jose.JWT, keys []key.PublicKey) (bool, error)
- type AuthenticatedTransport
- type Client
- func (c *Client) ClientCredsToken(scope []string) (jose.JWT, error)
- func (c *Client) ExchangeAuthCode(code string) (jose.JWT, error)
- func (c *Client) Healthy() error
- func (c *Client) OAuthClient() (*oauth2.Client, error)
- func (c *Client) RefreshToken(refreshToken string) (jose.JWT, error)
- func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{}
- func (c *Client) VerifyJWT(jwt jose.JWT) error
- type ClientConfig
- type ClientCredentials
- type ClientCredsTokenRefresher
- type ClientIdentity
- type ClientMetadata
- type Identity
- type JWTVerifier
- type LoginFunc
- type ProviderConfig
- type ProviderConfigGetter
- type ProviderConfigSetter
- type ProviderConfigSyncer
- type RequestTokenExtractor
- type TokenRefresher
Constants ¶
const ( MaximumProviderConfigSyncInterval = 24 * time.Hour MinimumProviderConfigSyncInterval = time.Minute )
Variables ¶
var (
DefaultScope = []string{"openid", "email", "profile"}
)
Functions ¶
func ExtractBearerToken ¶
ExtractBearerToken is a RequestTokenExtractor which extracts a bearer token from a request's Authorization header.
func GenClientID ¶
func NewRemotePublicKeyRepo ¶
func VerifyClaims ¶
Verify claims in accordance with OIDC spec http://openid.net/specs/openid-connect-basic-1_0.html#IDTokenValidation
func VerifyClientClaims ¶
VerifyClientClaims verifies all the required claims are valid for a "client credentials" JWT. Returns the client ID if valid, or an error if invalid.
Types ¶
type AuthenticatedTransport ¶
type AuthenticatedTransport struct { TokenRefresher http.RoundTripper // contains filtered or unexported fields }
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClient ¶
func NewClient(cfg ClientConfig) (*Client, error)
func (*Client) ClientCredsToken ¶
func (*Client) ExchangeAuthCode ¶
ExchangeAuthCode exchanges an OAuth2 auth code for an OIDC JWT ID token.
func (*Client) RefreshToken ¶
RefreshToken uses a refresh token to exchange for a new OIDC JWT ID Token.
func (*Client) SyncProviderConfig ¶
type ClientConfig ¶
type ClientConfig struct { HTTPClient phttp.Client Credentials ClientCredentials Scope []string RedirectURL string ProviderConfig ProviderConfig KeySet key.PublicKeySet }
type ClientCredentials ¶
type ClientCredentials oauth2.ClientCredentials
type ClientCredsTokenRefresher ¶
type ClientIdentity ¶
type ClientIdentity struct { Credentials ClientCredentials Metadata ClientMetadata }
type ClientMetadata ¶
func (*ClientMetadata) Valid ¶
func (m *ClientMetadata) Valid() error
type JWTVerifier ¶
type JWTVerifier struct {
// contains filtered or unexported fields
}
func NewJWTVerifier ¶
func NewJWTVerifier(issuer, clientID string, syncFunc func() error, keysFunc func() []key.PublicKey) JWTVerifier
type ProviderConfig ¶
type ProviderConfig struct { Issuer string `json:"issuer"` AuthEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` KeysEndpoint string `json:"jwks_uri"` ResponseTypesSupported []string `json:"response_types_supported"` GrantTypesSupported []string `json:"grant_types_supported"` SubjectTypesSupported []string `json:"subject_types_supported"` IDTokenAlgValuesSupported []string `json:"id_token_alg_values_supported"` TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"` ExpiresAt time.Time `json:"-"` }
func FetchProviderConfig ¶
func FetchProviderConfig(hc phttp.Client, issuerURL string) (ProviderConfig, error)
func WaitForProviderConfig ¶
func WaitForProviderConfig(hc phttp.Client, issuerURL string) (pcfg ProviderConfig)
func (ProviderConfig) Empty ¶
func (p ProviderConfig) Empty() bool
func (ProviderConfig) SupportsGrantType ¶
func (p ProviderConfig) SupportsGrantType(grantType string) bool
type ProviderConfigGetter ¶
type ProviderConfigGetter interface {
Get() (ProviderConfig, error)
}
type ProviderConfigSetter ¶
type ProviderConfigSetter interface {
Set(ProviderConfig) error
}
type ProviderConfigSyncer ¶
type ProviderConfigSyncer struct {
// contains filtered or unexported fields
}
func NewProviderConfigSyncer ¶
func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer
func (*ProviderConfigSyncer) Run ¶
func (s *ProviderConfigSyncer) Run() chan struct{}
type RequestTokenExtractor ¶
RequestTokenExtractor funcs extract a raw encoded token from a request.
func CookieTokenExtractor ¶
func CookieTokenExtractor(cookieName string) RequestTokenExtractor
CookieTokenExtractor returns a RequestTokenExtractor which extracts a token from the named cookie in a request.