Documentation
¶
Overview ¶
oidc implements the authenticator.Token interface using the OpenID Connect protocol.
config := oidc.Options{
IssuerURL: "https://accounts.google.com",
ClientID: os.Getenv("GOOGLE_CLIENT_ID"),
UsernameClaim: "email",
}
tokenAuthenticator, err := oidc.New(config)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
func New ¶
func New(opts Options) (*Authenticator, error)
func (*Authenticator) AuthenticateToken ¶
func (a *Authenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error)
func (*Authenticator) Close ¶
func (a *Authenticator) Close()
type CAContentProvider ¶ added in v0.22.0
type CAContentProvider interface {
CurrentCABundleContent() []byte
}
Subset of dynamiccertificates.CAContentProvider that can be used to dynamically load root CAs.
type Options ¶
type Options struct {
// JWTAuthenticator is the authenticator that will be used to verify the JWT.
JWTAuthenticator apiserver.JWTAuthenticator
// Optional KeySet to allow for synchronous initialization instead of fetching from the remote issuer.
KeySet oidc.KeySet
// PEM encoded root certificate contents of the provider. Mutually exclusive with Client.
CAContentProvider CAContentProvider
// Optional http.Client used to make all requests to the remote issuer. Mutually exclusive with CAContentProvider.
Client *http.Client
// SupportedSigningAlgs sets the accepted set of JOSE signing algorithms that
// can be used by the provider to sign tokens.
//
// https://tools.ietf.org/html/rfc7518#section-3.1
//
// This value defaults to RS256, the value recommended by the OpenID Connect
// spec:
//
// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
SupportedSigningAlgs []string
// contains filtered or unexported fields
}
Source Files
Click to show internal directories.
Click to hide internal directories.