Retracted

oidc

package

v0.6.0 Latest Latest Go to latest Published: Apr 11, 2023 License: MIT Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/userclouds/authzsdk-golang

Links

Open Source Insights

Documentation ¶

Index ¶

type ClientCredentialsTokenSource
- func (ccts ClientCredentialsTokenSource) GetToken() (string, error)
type StandardClaims
- func (c StandardClaims) Valid() error
type TokenClaims
- func (t TokenClaims) Valid() error
type TokenResponse
type TokenSource

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClientCredentialsTokenSource ¶

type ClientCredentialsTokenSource struct {
	TokenURL        string   `json:"token_url"`
	ClientID        string   `json:"client_id"`
	ClientSecret    string   `json:"client_secret"`
	CustomAudiences []string `json:"custom_audiences"`
	SubjectJWT      string   `json:"subject_jwt"` // optional, ID Token for a UC user if this access token is being created on their behalf
}

ClientCredentialsTokenSource encapsulates parameters required to issue a Client Credentials OIDC request and return a token

func (ClientCredentialsTokenSource) GetToken ¶

func (ccts ClientCredentialsTokenSource) GetToken() (string, error)

GetToken issues a request to an OIDC-compliant token endpoint to perform the Client Credentials flow in exchange for an access token.

type StandardClaims ¶

type StandardClaims struct {
	Audience        []string `json:"aud,omitempty"`
	AuthorizedParty string   `json:"azp,omitempty"`
	ExpiresAt       int64    `json:"exp,omitempty"`
	ID              string   `json:"jti,omitempty"`
	IssuedAt        int64    `json:"iat,omitempty"`
	Issuer          string   `json:"iss,omitempty"`
	NotBefore       int64    `json:"nbf,omitempty"`
	Subject         string   `json:"sub,omitempty"`
}

StandardClaims is forked from golang-jwt/jwt.StandardClaims, except Audience is an array here per the actual spec:

In the general case, the "aud" value is an array of case-sensitive strings, each containing
a StringOrURI value.  In the special case when the JWT has one audience, the "aud" value MAY
be a single case-sensitive string containing a StringOrURI value.  The interpretation of
audience values is generally application specific. Use of this claim is OPTIONAL.

https://tools.ietf.org/html/rfc7519#section-4.1

AZP is also added here, per the OIDC spec, which is slightly ambiguous:

From 2 https://openid.net/specs/openid-connect-core-1_0.html#IDToken: OPTIONAL. Authorized party - the party to which the ID Token was issued. If present, it MUST contain the OAuth 2.0 Client ID of this party. This Claim is only needed when the ID Token has a single audience value and that audience is different than the authorized party. It MAY be included even when the authorized party is the same as the sole audience. The azp value is a case sensitive string containing a StringOrURI value.

From 3.1.3.7 https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation 4. If the ID Token contains multiple audiences, the Client SHOULD verify that an azp Claim is present. 5. If an azp (authorized party) Claim is present, the Client SHOULD verify that its client_id is the Claim Value.

func (StandardClaims) Valid ¶

func (c StandardClaims) Valid() error

Valid implements jwt.Claims interface

type TokenClaims ¶

type TokenClaims struct {
	Name            string   `json:"name,omitempty"`
	Nickname        string   `json:"nickname,omitempty"`
	Email           string   `json:"email,omitempty"`
	EmailVerified   bool     `json:"email_verified,omitempty"`
	Picture         string   `json:"picture,omitempty"`
	Nonce           string   `json:"nonce,omitempty"`
	UpdatedAt       int64    `json:"updated_at,omitempty"` // NOTE: Auth0 treats this as a string, but OIDC says this is seconds since the Unix Epoch
	RefreshAudience []string `json:"refresh_aud,omitempty"`
	StandardClaims

	// TODO: not sure if this is the right place for this, but didn't come up with a clever interface
	// to use with GeneratePlexUserToken etc yet. With omitempty, it shouldn't affect anything else when unused
	ImpersonatedBy string `json:"impersonated_by,omitempty"`
}

TokenClaims represents the claims made by a token, and is also used by the UserInfo endpoint to return standard OIDC user claims.

func (TokenClaims) Valid ¶

func (t TokenClaims) Valid() error

Valid implements jwt.Claims interface

type TokenResponse ¶

type TokenResponse struct {
	AccessToken  string `json:"access_token,omitempty"`
	TokenType    string `json:"token_type,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int    `json:"expires_in,omitempty"`
	IDToken      string `json:"id_token,omitempty"`

	ErrorType string `json:"error,omitempty"`
	ErrorDesc string `json:"error_description,omitempty"`
}

TokenResponse is an OIDC-compliant response from a token endpoint. (either token exchange or resource owner password credential flow). See https://datatracker.ietf.org/doc/html/rfc6749#section-5.1. ErrorType will be non-empty if error.

type TokenSource ¶

type TokenSource interface {
	GetToken() (string, error)
}

TokenSource describes a source of JWTs for jsonclient etc

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL