oidc

package

v1.7.16 Latest Latest Go to latest Published: Mar 29, 2018 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/GoogleCloudPlatform/kubernetes

Documentation ¶

Overview ¶

oidc implements the authenticator.Token interface using the OpenID Connect protocol.

config := oidc.OIDCOptions{
	IssuerURL:     "https://accounts.google.com",
	ClientID:      os.Getenv("GOOGLE_CLIENT_ID"),
	UsernameClaim: "email",
}
tokenAuthenticator, err := oidc.New(config)

Index ¶

type OIDCAuthenticator
- func New(opts OIDCOptions) (*OIDCAuthenticator, error)
- func (a *OIDCAuthenticator) AuthenticateToken(value string) (user.Info, bool, error)
- func (a *OIDCAuthenticator) Close()
type OIDCOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OIDCAuthenticator ¶

type OIDCAuthenticator struct {
	// contains filtered or unexported fields
}

func New ¶

func New(opts OIDCOptions) (*OIDCAuthenticator, error)

New creates a token authenticator which validates OpenID Connect ID Tokens.

func (*OIDCAuthenticator) AuthenticateToken ¶

func (a *OIDCAuthenticator) AuthenticateToken(value string) (user.Info, bool, error)

AuthenticateToken decodes and verifies an ID Token using the OIDC client, if the verification succeeds, then it will extract the user info from the JWT claims.

func (*OIDCAuthenticator) Close ¶

func (a *OIDCAuthenticator) Close()

Close stops all goroutines used by the authenticator.

type OIDCOptions ¶

type OIDCOptions struct {
	// IssuerURL is the URL the provider signs ID Tokens as. This will be the "iss"
	// field of all tokens produced by the provider and is used for configuration
	// discovery.
	//
	// The URL is usually the provider's URL without a path, for example
	// "https://accounts.google.com" or "https://login.salesforce.com".
	//
	// The provider must implement configuration discovery.
	// See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
	IssuerURL string

	// ClientID the JWT must be issued for, the "sub" field. This plugin only trusts a single
	// client to ensure the plugin can be used with public providers.
	//
	// The plugin supports the "authorized party" OpenID Connect claim, which allows
	// specialized providers to issue tokens to a client for a different client.
	// See: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
	ClientID string

	// Path to a PEM encoded root certificate of the provider.
	CAFile string

	// UsernameClaim is the JWT field to use as the user's username.
	UsernameClaim string

	// GroupsClaim, if specified, causes the OIDCAuthenticator to try to populate the user's
	// groups with an ID Token field. If the GrouppClaim field is present in an ID Token the value
	// must be a string or list of strings.
	GroupsClaim string
}

Source Files ¶

View all Source files

oidc.go

Directories ¶

Path	Synopsis
testing

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL