Documentation ¶
Overview ¶
Package oidc is a simple OpenID Connect client library for Go. Its goal is to make OIDC based authentication as easy as it should be. Give it the application URL, provide credentials, done.
Why should this exist? Honestly, it shouldn't. I don't know if I missed the other 200 libraries out there that already solve this issue, or if I am really the first person to think of it.
There are also examples available, even if pkg.go.dev decides not to show them. Just check the sourcecode for simple examples on how to use the various functions.
Index ¶
- Constants
- Variables
- type Configuration
- func (cfg *Configuration) Callback(code, state string) (*Token, error)
- func (cfg *Configuration) GetAuthorizationURL() string
- func (cfg *Configuration) LogoutURL() string
- func (cfg *Configuration) ParseJWT(token string) (*Token, error)
- func (cfg *Configuration) SetCredentials(clientID, clientSecret string)
- func (cfg *Configuration) SetScopes(scopes ...string) error
- func (cfg *Configuration) UseAppPassword(username, password string) (*Token, error)
- type Token
- func (t *Token) Address() *openid.AddressClaim
- func (t *Token) Audience() []string
- func (t *Token) Birthdate() time.Time
- func (t *Token) Email() string
- func (t *Token) EmailVerified() bool
- func (t *Token) Expiration() time.Time
- func (t *Token) FamilyName() string
- func (t *Token) Gender() string
- func (t *Token) GetField(field string) (any, bool)
- func (t *Token) GivenName() string
- func (t *Token) Locale() string
- func (t *Token) LogoutURL() string
- func (t *Token) MiddleName() string
- func (t *Token) Name() string
- func (t *Token) Nickname() string
- func (t *Token) PhoneNumber() string
- func (t *Token) PhoneNumberVerified() bool
- func (t *Token) Picture() string
- func (t *Token) PreferredUsername() string
- func (t *Token) Profile() string
- func (t *Token) String() string
- func (t *Token) Subject() string
- func (t *Token) Token() (*oauth2.Token, error)
- func (t *Token) UpdateClaims() error
- func (t *Token) UpdatedAt() time.Time
- func (t *Token) Valid() bool
- func (t *Token) Website() string
- func (t *Token) Zoneinfo() string
Constants ¶
const ( // OptionSkipScopeValidation disables the scope validation. This is // intended to only be used if a known non-standard compliant service // *has* to be used. OptionSkipScopeValidation option = 1 << iota // OptionDisableCSRFProtection disables CSRF protection. OptionDisableCSRFProtection // OptionForceApprovalPrompt forces the user to approve the login. OptionForceApprovalPrompt // OptionRequestOfflineToken sends a request for an offline token. This // is only useful if the token is used without user-interaction to // authenticate with another system. OptionRequestOfflineToken // OptionSkipTokenValidation skips the validation of the returned JWT. OptionSkipTokenValidation )
const ( TokenClaimAddressFormattedKey = openid.AddressFormattedKey TokenClaimAddressStreetAddressKey = openid.AddressStreetAddressKey TokenClaimAddressLocalityKey = openid.AddressLocalityKey TokenClaimAddressRegionKey = openid.AddressRegionKey TokenClaimAddressPostalCodeKey = openid.AddressPostalCodeKey TokenClaimAddressCountryKey = openid.AddressCountryKey TokenClaimAddressKey = openid.AddressKey TokenClaimBirthdateKey = openid.BirthdateKey TokenClaimEmailKey = openid.EmailKey TokenClaimEmailVerifiedKey = openid.EmailVerifiedKey TokenClaimFamilyNameKey = openid.FamilyNameKey TokenClaimGenderKey = openid.GenderKey TokenClaimGivenNameKey = openid.GivenNameKey TokenClaimLocaleKey = openid.LocaleKey TokenClaimMiddleNameKey = openid.MiddleNameKey TokenClaimNameKey = openid.NameKey TokenClaimNicknameKey = openid.NicknameKey TokenClaimPhoneNumberKey = openid.PhoneNumberKey TokenClaimPhoneNumberVerifiedKey = openid.PhoneNumberVerifiedKey TokenClaimPictureKey = openid.PictureKey TokenClaimPreferredUsernameKey = openid.PreferredUsernameKey TokenClaimProfileKey = openid.ProfileKey TokenClaimUpdatedAtKey = openid.UpdatedAtKey TokenClaimWebsiteKey = openid.WebsiteKey TokenClaimZoneinfoKey = openid.ZoneinfoKey )
Variables ¶
var ( // ErrScopeUnsupported is returned if the service does not advertise // support for a particular scope. ErrScopeUnsupported = errors.New("scope not supported") // ErrCSRFValidationFailed is returned if the validation of the CSRF // token failed. ErrCSRFValidationFailed = errors.New("CSRF validation failed") )
Functions ¶
This section is empty.
Types ¶
type Configuration ¶
type Configuration struct {
// contains filtered or unexported fields
}
Configuration wraps an OIDC service
func Configure ¶
func Configure(address string, callbackURL string, opts ...option) (*Configuration, error)
Configure parses the well-known config and returns a Configuration based on it. The .well-known/openid-configuration is automatically appended. In case of a non-standard endpoint, the direct response is also parsed. callbackURL is where the callback-handler is wired up to.
func (*Configuration) Callback ¶
func (cfg *Configuration) Callback(code, state string) (*Token, error)
Callback completes the authentication of a user and returns a token for the user.
func (*Configuration) GetAuthorizationURL ¶
func (cfg *Configuration) GetAuthorizationURL() string
GetAuthorizationURL returns the authorization URL. Redirect your user to the returned URL and be happy.
func (*Configuration) LogoutURL ¶
func (cfg *Configuration) LogoutURL() string
LogoutURL returns the generic logout URL
func (*Configuration) ParseJWT ¶
func (cfg *Configuration) ParseJWT(token string) (*Token, error)
ParseJWT parses and validates a provided token for example from an Authorization header.
func (*Configuration) SetCredentials ¶
func (cfg *Configuration) SetCredentials(clientID, clientSecret string)
SetCredentials sets the clientID and clientSecret for the service.
func (*Configuration) SetScopes ¶
func (cfg *Configuration) SetScopes(scopes ...string) error
SetScopes sets the scopes for the service. They are checked against the scopes advertised by the service, and ErrScopeUnsupported is returned if the service does not advertise support for this scope.
func (*Configuration) UseAppPassword ¶
func (cfg *Configuration) UseAppPassword(username, password string) (*Token, error)
UseAppPassword returns a token using the app password flow. This is less secure and should be generally avoided.
type Token ¶
type Token struct {
// contains filtered or unexported fields
}
Token returns an OIDC token returned by the service
func (*Token) Address ¶
func (t *Token) Address() *openid.AddressClaim
func (*Token) EmailVerified ¶
func (*Token) Expiration ¶
func (*Token) FamilyName ¶
func (*Token) MiddleName ¶
func (*Token) PhoneNumber ¶
func (*Token) PhoneNumberVerified ¶
func (*Token) PreferredUsername ¶
func (*Token) Token ¶
Token returns the current OAuth2 token associated with the OIDC token. You probably don't want this.
func (*Token) UpdateClaims ¶
UpdateClaims forces an update of the information in a token. By default, the results are cached and if a user was to change any field in the identity provider, they have to login again for the token to reflect that.