Documentation ¶
Index ¶
- func ConvertOIDCClaimsRequest(value string) reflect.Value
- func DecodeSchema(dst interface{}, src map[string][]string) error
- func EncodeSchema(src interface{}, dst map[string][]string) error
- func GetScopeForClaim(claim string) (string, bool)
- func ToMap(payload interface{}) (map[string]interface{}, error)
- type AuthenticationBadRequest
- type AuthenticationError
- type AuthenticationRequest
- func (ar *AuthenticationRequest) ApplyRequestObject(roc *RequestObjectClaims, method jwt.SigningMethod) error
- func (ar *AuthenticationRequest) NewBadRequest(id string, description string) *AuthenticationBadRequest
- func (ar *AuthenticationRequest) NewError(id string, description string) *AuthenticationError
- func (ar *AuthenticationRequest) Validate(keyFunc jwt.Keyfunc) error
- func (ar *AuthenticationRequest) Verify(userID string) error
- type AuthenticationSuccess
- type ClaimsRequest
- type ClaimsRequestMap
- type ClaimsRequestValue
- type ClientRegistrationRequest
- type ClientRegistrationResponse
- type EndSessionRequest
- func (esr *EndSessionRequest) NewBadRequest(id string, description string) *AuthenticationBadRequest
- func (esr *EndSessionRequest) NewError(id string, description string) *AuthenticationError
- func (esr *EndSessionRequest) Validate(keyFunc jwt.Keyfunc) error
- func (esr *EndSessionRequest) Verify(userID string) error
- type RequestObjectClaims
- type Session
- type TokenRequest
- type TokenSuccess
- type UserInfoResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ConvertOIDCClaimsRequest ¶
ConvertOIDCClaimsRequest is a converter function for oidc.ClaimsRequest data provided in URL schema.
func DecodeSchema ¶
DecodeSchema decodes request form data into the provided dst schema struct.
func EncodeSchema ¶
EncodeSchema encodes the provided src schema to the provided map.
func GetScopeForClaim ¶
GetScopeForClaim returns the known scope if any for the provided claim name.
Types ¶
type AuthenticationBadRequest ¶
type AuthenticationBadRequest struct { ErrorID string `url:"error" json:"error"` ErrorDescription string `url:"error_description,omitempty" json:"error_description,omitempty"` State string `url:"state,omitempty" json:"state,omitempty"` }
AuthenticationBadRequest holds the outgoing data for a failed OpenID Connect 1.0 authorize request with bad request parameters which make it impossible to continue with normal auth.
func (*AuthenticationBadRequest) Description ¶
func (ae *AuthenticationBadRequest) Description() string
Description implements ErrorWithDescription interface.
func (*AuthenticationBadRequest) Error ¶
func (ae *AuthenticationBadRequest) Error() string
Error interface implementation.
type AuthenticationError ¶
type AuthenticationError struct { ErrorID string `url:"error" json:"error"` ErrorDescription string `url:"error_description,omitempty" json:"error_description,omitempty"` State string `url:"state,omitempty" json:"state,omitempty"` }
AuthenticationError holds the outgoind data for a failed OpenID Connect 1.0 authorize request as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthError and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthError.
func (*AuthenticationError) Description ¶
func (ae *AuthenticationError) Description() string
Description implements ErrorWithDescription interface.
func (*AuthenticationError) Error ¶
func (ae *AuthenticationError) Error() string
Error interface implementation.
type AuthenticationRequest ¶
type AuthenticationRequest struct { RawScope string `schema:"scope"` Claims *ClaimsRequest `schema:"claims"` RawResponseType string `schema:"response_type"` ResponseMode string `schema:"response_mode"` ClientID string `schema:"client_id"` RawRedirectURI string `schema:"redirect_uri"` State string `schema:"state"` Nonce string `schema:"nonce"` RawPrompt string `schema:"prompt"` RawIDTokenHint string `schema:"id_token_hint"` RawMaxAge string `schema:"max_age"` RawRequest string `schema:"request"` RawRequestURI string `schema:"request_uri"` RawRegistration string `schema:"registration"` CodeChallenge string `schema:"code_challenge"` CodeChallengeMethod string `schema:"code_challenge_method"` Scopes map[string]bool `schema:"-"` ResponseTypes map[string]bool `schema:"-"` Prompts map[string]bool `schema:"-"` RedirectURI *url.URL `schema:"-"` IDTokenHint *jwt.Token `schema:"-"` MaxAge time.Duration `schema:"-"` Request *jwt.Token `schema:"-"` UseFragment bool `schema:"-"` Flow string `schema:"-"` Session *Session `schema:"-"` // contains filtered or unexported fields }
AuthenticationRequest holds the incoming parameters and request data for the OpenID Connect 1.0 authorization endpoint as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest
func DecodeAuthenticationRequest ¶
func DecodeAuthenticationRequest(req *http.Request, providerMetadata *oidc.WellKnown, keyFunc jwt.Keyfunc) (*AuthenticationRequest, error)
DecodeAuthenticationRequest returns a AuthenticationRequest holding the provided requests form data.
func NewAuthenticationRequest ¶
func NewAuthenticationRequest(values url.Values, providerMetadata *oidc.WellKnown, keyFunc jwt.Keyfunc) (*AuthenticationRequest, error)
NewAuthenticationRequest returns a AuthenticationRequest holding the provided url values.
func (*AuthenticationRequest) ApplyRequestObject ¶
func (ar *AuthenticationRequest) ApplyRequestObject(roc *RequestObjectClaims, method jwt.SigningMethod) error
ApplyRequestObject applies the provided request object claims to the associated authentication request data with validation as required.
func (*AuthenticationRequest) NewBadRequest ¶
func (ar *AuthenticationRequest) NewBadRequest(id string, description string) *AuthenticationBadRequest
NewBadRequest creates a new error with id and string and the associated request's state.
func (*AuthenticationRequest) NewError ¶
func (ar *AuthenticationRequest) NewError(id string, description string) *AuthenticationError
NewError creates a new error with id and string and the associated request's state.
func (*AuthenticationRequest) Validate ¶
func (ar *AuthenticationRequest) Validate(keyFunc jwt.Keyfunc) error
Validate validates the request data of the accociated authentication request.
func (*AuthenticationRequest) Verify ¶
func (ar *AuthenticationRequest) Verify(userID string) error
Verify checks that the passed parameters match the accociated requirements.
type AuthenticationSuccess ¶
type AuthenticationSuccess struct { Code string `url:"code,omitempty"` AccessToken string `url:"access_token,omitempty"` TokenType string `url:"token_type,omitempty"` IDToken string `url:"id_token,omitempty"` State string `url:"state"` ExpiresIn int64 `url:"expires_in,omitempty"` Scope string `url:"scope,omitempty"` SessionState string `url:"session_state,omitempty"` }
AuthenticationSuccess holds the outgoind data for a successful OpenID Connect 1.0 authorize request as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthResponse and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse. https://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions
type ClaimsRequest ¶
type ClaimsRequest struct { UserInfo *ClaimsRequestMap `json:"userinfo,omitempty"` IDToken *ClaimsRequestMap `json:"id_token,omitempty"` Passthru json.RawMessage `json:"passthru,omitempty"` }
ClaimsRequest define the base claims structure for OpenID Connect claims request parameter value as specified at https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter - in addition a Konnect specific pass thru value can be used to pass through any application specific values to access and reqfresh tokens.
func (*ClaimsRequest) ApplyScopes ¶
func (cr *ClaimsRequest) ApplyScopes(approvedScopes map[string]bool) error
ApplyScopes removes all claims requests from the accociated claims request which are not mapped to one of the provided approved scopes.
func (*ClaimsRequest) Scopes ¶
func (cr *ClaimsRequest) Scopes(excludedScopes map[string]bool) []string
Scopes adds all scopes of the accociated claims requests claims to the provied scopes mapping safe the scopes already defined in the provided excluded scopes mapping.
type ClaimsRequestMap ¶
type ClaimsRequestMap map[string]*ClaimsRequestValue
ClaimsRequestMap defines a mapping of claims request values used with OpenID Connect claims request parameter values.
func (ClaimsRequestMap) Get ¶
func (crm ClaimsRequestMap) Get(claim string) (*ClaimsRequestValue, bool)
Get returns the accociated maps claim value identified by the provided name.
func (ClaimsRequestMap) GetStringValue ¶
func (crm ClaimsRequestMap) GetStringValue(claim string) (string, bool)
GetStringValue returns the accociated maps claim value identified by the provided name as string value.
type ClaimsRequestValue ¶
type ClaimsRequestValue struct { Essential bool `json:"essential,omitempty"` Value interface{} `json:"value,omitempty"` Values []interface{} `json:"values,omitempty"` }
ClaimsRequestValue is the claims request detail definition of an OpenID Connect claims request parameter value.
func (*ClaimsRequestValue) Match ¶
func (crv *ClaimsRequestValue) Match(value interface{}) bool
Match returns true of the provided value is contained inside the accociated request values values or value.
type ClientRegistrationRequest ¶
type ClientRegistrationRequest struct { RedirectURIs []string `json:"redirect_uris"` ResponseTypes []string `json:"response_types"` GrantTypes []string `json:"grant_types"` ApplicationType string `json:"application_type"` Contacts []string `json:"contacts"` ClientName string `json:"client_name"` ClientURI string `json:"client_uri"` RawJWKS json.RawMessage `json:"jwks"` RawIDTokenSignedResponseAlg string `json:"id_token_signed_response_alg"` RawUserInfoSignedResponseAlg string `json:"userinfo_signed_response_alg"` RawRequestObjectSigningAlg string `json:"request_object_signing_alg"` RawTokenEndpointAuthMethod string `json:"token_endpoint_auth_method"` RawTokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"` PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris"` JWKS *gojwk.Key `json:"-"` }
ClientRegistrationRequest holds the incoming request data for the OpenID Connect Dynamic Client Registration 1.0 client registration endpoint as specified at https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration and https://openid.net/specs/openid-connect-session-1_0.html#DynRegRegistrations
func DecodeClientRegistrationRequest ¶
func DecodeClientRegistrationRequest(req *http.Request) (*ClientRegistrationRequest, error)
DecodeClientRegistrationRequest returns a ClientRegistrationRequest holding the provided request's data.
func (*ClientRegistrationRequest) ClientRegistration ¶
func (crr *ClientRegistrationRequest) ClientRegistration() (*clients.ClientRegistration, error)
ClientRegistration returns new dynamic client registration data for the accociated client registration request.
func (*ClientRegistrationRequest) Validate ¶
func (crr *ClientRegistrationRequest) Validate() error
Validate validates the request data of the accociated client registration request and fills in default data where required.
type ClientRegistrationResponse ¶
type ClientRegistrationResponse struct { ClientID string `json:"client_id"` ClientSecret string `json:"client_secret,omitempty"` ClientIDIssuedAt int64 `json:"client_id_issued_at,omitempty"` ClientSecretExpiresAt int64 `json:"client_secret_expires_at"` // Include validated request data. ClientRegistrationRequest }
ClientRegistrationResponse holds the outgoing data for a successful OpenID Connect Dynamic Client Registration 1.0 clientregistration request as specified at https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse
type EndSessionRequest ¶
type EndSessionRequest struct { RawIDTokenHint string `schema:"id_token_hint"` RawPostLogoutRedirectURI string `schema:"post_logout_redirect_uri"` State string `schema:"state"` IDTokenHint *jwt.Token `schema:"-"` PostLogoutRedirectURI *url.URL `schema:"-"` // contains filtered or unexported fields }
EndSessionRequest holds the incoming parameters and request data for OpenID Connect Session Management 1.0 RP initiaed logout requests as specified at https://openid.net/specs/openid-connect-session-1_0.html#RPLogout
func DecodeEndSessionRequest ¶
func DecodeEndSessionRequest(req *http.Request, providerMetadata *oidc.WellKnown) (*EndSessionRequest, error)
DecodeEndSessionRequest returns a EndSessionRequest holding the provided requests form data.
func NewEndSessionRequest ¶
func NewEndSessionRequest(values url.Values, providerMetadata *oidc.WellKnown) (*EndSessionRequest, error)
NewEndSessionRequest returns a EndSessionRequest holding the provided url values.
func (*EndSessionRequest) NewBadRequest ¶
func (esr *EndSessionRequest) NewBadRequest(id string, description string) *AuthenticationBadRequest
NewBadRequest creates a new error with id and string and the associated request's state.
func (*EndSessionRequest) NewError ¶
func (esr *EndSessionRequest) NewError(id string, description string) *AuthenticationError
NewError creates a new error with id and string and the associated request's state.
func (*EndSessionRequest) Validate ¶
func (esr *EndSessionRequest) Validate(keyFunc jwt.Keyfunc) error
Validate validates the request data of the accociated endSession request.
func (*EndSessionRequest) Verify ¶
func (esr *EndSessionRequest) Verify(userID string) error
Verify checks that the passed parameters match the accociated requirements.
type RequestObjectClaims ¶
type RequestObjectClaims struct { jwt.StandardClaims RawScope string `json:"scope"` Claims *ClaimsRequest `json:"claims"` RawResponseType string `json:"response_type"` ResponseMode string `json:"response_mode"` ClientID string `json:"client_id"` RawRedirectURI string `json:"redirect_uri"` State string `json:"state"` Nonce string `json:"nonce"` RawPrompt string `json:"prompt"` RawIDTokenHint string `json:"id_token_hint"` RawMaxAge string `json:"max_age"` RawRegistration string `json:"registration"` CodeChallenge string `json:"code_challenge"` CodeChallengeMethod string `json:"code_challenge_method"` // contains filtered or unexported fields }
RequestObjectClaims holds the incoming request object claims provided as JWT via request parameter to OpenID Connect 1.0 authorization endpoint requests specified at https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests
func (*RequestObjectClaims) Secure ¶
func (roc *RequestObjectClaims) Secure() *clients.Secured
Secure returns the accociated secure client or nil if not secure.
func (*RequestObjectClaims) SetSecure ¶
func (roc *RequestObjectClaims) SetSecure(client *clients.Secured) error
SetSecure sets the provided client as owner of the accociated claims.
type Session ¶
Session defines a Provider's session with a String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different ID values are used to identify distinct sessions. This is implemented as defined in the OIDC Front Channel logout extension https://openid.net/specs/openid-connect-frontchannel-1_0.html#OPLogout
type TokenRequest ¶
type TokenRequest struct { GrantType string `schema:"grant_type"` Code string `schema:"code"` RawRedirectURI string `schema:"redirect_uri"` RawRefreshToken string `schema:"refresh_token"` RawScope string `schema:"scope"` ClientID string `schema:"client_id"` ClientSecret string `schema:"client_secret"` CodeVerifier string `schema:"code_verifier"` RedirectURI *url.URL `schema:"-"` RefreshToken *jwt.Token `schema:"-"` Scopes map[string]bool `schema:"-"` // contains filtered or unexported fields }
TokenRequest holds the incoming parameters and request data for the OpenID Connect 1.0 token endpoint as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest
func DecodeTokenRequest ¶
func DecodeTokenRequest(req *http.Request, providerMetadata *oidc.WellKnown) (*TokenRequest, error)
DecodeTokenRequest return a TokenRequest holding the provided request's form data.
func NewTokenRequest ¶
func NewTokenRequest(values url.Values, providerMetadata *oidc.WellKnown) (*TokenRequest, error)
NewTokenRequest returns a TokenRequest holding the provided url values.
func (*TokenRequest) Validate ¶
func (tr *TokenRequest) Validate(keyFunc jwt.Keyfunc, claims jwt.Claims) error
Validate validates the request data of the accociated token request.
type TokenSuccess ¶
type TokenSuccess struct { AccessToken string `json:"access_token,omitempty"` TokenType string `json:"token_type,omitempty"` IDToken string `json:"id_token,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` ExpiresIn int64 `json:"expires_in,omitempty"` }
TokenSuccess holds the outgoing data for a successful OpenID Connect 1.0 token request as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse.
type UserInfoResponse ¶
type UserInfoResponse struct { oidc.UserInfoClaims *oidc.ProfileClaims *oidc.EmailClaims }
UserInfoResponse defines the data returned from the OIDC UserInfo endpoint.