oidc

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 30, 2022 License: MIT Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ClientCredentialsTokenSource

type ClientCredentialsTokenSource struct {
	TokenURL        string
	ClientID        string
	ClientSecret    string
	CustomAudiences []string
}

ClientCredentialsTokenSource encapsulates parameters required to issue a Client Credentials OIDC request and return a token

func (ClientCredentialsTokenSource) GetToken

func (ccts ClientCredentialsTokenSource) GetToken() (string, error)

GetToken issues a request to an OIDC-compliant token endpoint to perform the Client Credentials flow in exchange for an access token.

type StandardClaims

type StandardClaims struct {
	Audience  []string `json:"aud,omitempty"`
	ExpiresAt int64    `json:"exp,omitempty"`
	ID        string   `json:"jti,omitempty"`
	IssuedAt  int64    `json:"iat,omitempty"`
	Issuer    string   `json:"iss,omitempty"`
	NotBefore int64    `json:"nbf,omitempty"`
	Subject   string   `json:"sub,omitempty"`
}

StandardClaims is forked from golang-jwt/jwt.StandardClaims, except Audience is an array here per the actual spec:

In the general case, the "aud" value is an array of case-sensitive strings, each containing
a StringOrURI value.  In the special case when the JWT has one audience, the "aud" value MAY
be a single case-sensitive string containing a StringOrURI value.  The interpretation of
audience values is generally application specific. Use of this claim is OPTIONAL.

https://tools.ietf.org/html/rfc7519#section-4.1

func (StandardClaims) Valid

func (c StandardClaims) Valid() error

Valid implements jwt.Claims interface

type TokenClaims

type TokenClaims struct {
	Name          string `json:"name,omitempty"`
	Nickname      string `json:"nickname,omitempty"`
	Email         string `json:"email,omitempty"`
	EmailVerified bool   `json:"email_verified"`
	Picture       string `json:"picture,omitempty"`
	Nonce         string `json:"nonce,omitempty"`
	UpdatedAt     int64  `json:"updated_at,omitempty"` // NOTE: Auth0 treats this as a string, but OIDC says this is seconds since the Unix Epoch
	StandardClaims

	// TODO: not sure if this is the right place for this, but didn't come up with a clever interface
	// to use with GeneratePlexUserToken etc yet. With omitempty, it shouldn't affect anything else when unused
	ImpersonatedBy string `json:"impersonated_by,omitempty"`
}

TokenClaims represents the claims made by a token, and is also used by the UserInfo endpoint to return standard OIDC user claims.

func (TokenClaims) Valid

func (t TokenClaims) Valid() error

Valid implements jwt.Claims interface

type TokenResponse

type TokenResponse struct {
	AccessToken  string `json:"access_token,omitempty"`
	TokenType    string `json:"token_type,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int    `json:"expires_in,omitempty"`
	IDToken      string `json:"id_token,omitempty"`

	ErrorType string `json:"error,omitempty"`
	ErrorDesc string `json:"error_description,omitempty"`
}

TokenResponse is an OIDC-compliant response from a token endpoint. (either token exchange or resource owner password credential flow). See https://datatracker.ietf.org/doc/html/rfc6749#section-5.1. ErrorType will be non-empty if error.

type TokenSource

type TokenSource interface {
	GetToken() (string, error)
}

TokenSource describes a source of JWTs for jsonclient etc

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL