README
¶
oidc
Cookie based OIDC authentication middleware
Documentation
¶
Index ¶
- func Must(h func(http.Handler) http.Handler, err error) func(http.Handler) http.Handler
- func OpenIDConnect(iss, clientID, clientSecret string, opts ...Option) (func(http.Handler) http.Handler, error)
- type AuthHandler
- type CookieOptions
- type Option
- type Options
- func (o *Options) AuthCookie(w http.ResponseWriter, r *http.Request) (*Token, error)
- func (o *Options) RemoveAuthCookie(w http.ResponseWriter)
- func (o *Options) RenewAccessToken(w http.ResponseWriter, r *http.Request)
- func (o *Options) RenewAccessTokenCall(w http.ResponseWriter, r *http.Request) (error, string)
- func (o *Options) SetAuthCookie(w http.ResponseWriter, r *http.Request, token *Token) error
- func (o *Options) SignIn(w http.ResponseWriter, r *http.Request)
- func (o *Options) SignInCallback(w http.ResponseWriter, r *http.Request)
- func (o *Options) SignOut(w http.ResponseWriter, r *http.Request)
- func (o *Options) SignOutCallback(w http.ResponseWriter, r *http.Request)
- type ResponseMode
- type Token
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AuthHandler ¶
type AuthHandler interface {
SignIn(http.ResponseWriter, *http.Request)
SignInCallback(http.ResponseWriter, *http.Request)
SignOut(http.ResponseWriter, *http.Request)
SignOutCallback(http.ResponseWriter, *http.Request)
RenewAccessToken(http.ResponseWriter, *http.Request)
}
type CookieOptions ¶
type CookieOptions struct {
Name string // Default: oidc
Expires time.Time
MaxAge int
Domain string
Path string
SameSite http.SameSite
}
CookieOptions is the various cookie options that are configurable for the identity cookie
func DefaultCookieOptions ¶
func DefaultCookieOptions() CookieOptions
type Option ¶
type Option func(*Options)
Option is the type used to modify the default Options
func WithCookieOptions ¶
func WithCookieOptions(c CookieOptions) Option
func WithPostSignInHandler ¶
WithPostSignInHandler can be used to customise Post SignIn Redirection
func WithPostSignInHandlerFunc ¶
func WithPostSignInHandlerFunc(h func(w http.ResponseWriter, r *http.Request)) Option
WithPostSignInHandler can be used to customise Post SignIn Redirection
type Options ¶
type Options struct {
Issuer string
CookieOptions CookieOptions
Prefix string
SignInPath string
SignOutPath string
SignInCallbackPath string
SignOutCallbackPath string
PostSignInRedirect string
PostSignOutRedirect string
RenewTokenPath string
ResponseType string
ResponseMode ResponseMode
PostSignInRedirectHandler http.Handler
PostSignOutRedirectHandler http.Handler
Provider oidc.Provider
Config oauth2.Config
NotFoundHandler http.Handler
Client http.Client
ErrorLogger *log.Logger
TempCodec securecookie.Codec
RedirectionMaxAge int
IDTokenVerifier *oidc.IDTokenVerifier
LogoutURI string
AuthHandler AuthHandler
}
Options is the configuration required for running the oidc server
func (*Options) AuthCookie ¶
func (*Options) RemoveAuthCookie ¶
func (o *Options) RemoveAuthCookie(w http.ResponseWriter)
func (*Options) RenewAccessToken ¶
func (o *Options) RenewAccessToken(w http.ResponseWriter, r *http.Request)
func (*Options) RenewAccessTokenCall ¶
func (*Options) SetAuthCookie ¶
func (*Options) SignInCallback ¶
func (o *Options) SignInCallback(w http.ResponseWriter, r *http.Request)
func (*Options) SignOutCallback ¶
func (o *Options) SignOutCallback(w http.ResponseWriter, r *http.Request)
type ResponseMode ¶
type ResponseMode = string
ResponseMode ..
const ( // ResponseModeFormPost ... ResponseModeFormPost ResponseMode = "form_post" // ResponseModeQuery .. ResponseModeQuery ResponseMode = "query" )
type Token ¶
type Token struct {
// AccessToken is the token that authorizes and authenticates
// the requests.
AccessToken string `json:"access_token"`
// TokenType is the type of token.
// The Type method returns either this or "Bearer", the default.
TokenType string `json:"token_type,omitempty"`
// RefreshToken is a token that's used by the application
// (as opposed to the user) to refresh the access token
// if it expires.
RefreshToken string `json:"refresh_token,omitempty"`
// Expiry is the optional expiration time of the access token.
//
// If zero, TokenSource implementations will reuse the same
// token forever and RefreshToken or equivalent
// mechanisms for that TokenSource will not be used.
Expiry time.Time `json:"expiry,omitempty"`
// IDToken is the OpenID addition to the excellent OAuth 2.0
IDToken string `json:"id_token,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.