oidc

package
v4.30.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 14, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Audience 

type Audience struct {
	Name        string `json:"name"`
	Description string `json:"description"`
}

Audience represents the audience information.

type AutheliaHasher 

type AutheliaHasher struct{}

AutheliaHasher implements the fosite.Hasher interface without an actual hashing algo.

func (AutheliaHasher) Compare 

func (h AutheliaHasher) Compare(_ context.Context, hash, data []byte) (err error)

Compare compares the hash with the data and returns an error if they don't match.

func (AutheliaHasher) Hash 

func (h AutheliaHasher) Hash(_ context.Context, data []byte) (hash []byte, err error)

Hash creates a new hash from data.

type ConsentGetResponseBody 

type ConsentGetResponseBody struct {
	ClientID          string     `json:"client_id"`
	ClientDescription string     `json:"client_description"`
	Scopes            []Scope    `json:"scopes"`
	Audience          []Audience `json:"audience"`
}

ConsentGetResponseBody schema of the response body of the consent GET endpoint.

type InternalClient 

type InternalClient struct {
	ID          string `json:"id"`
	Description string `json:"-"`
	Secret      []byte `json:"client_secret,omitempty"`
	Public      bool   `json:"public"`

	Policy authorization.Level `json:"-"`

	Audience      []string                  `json:"audience"`
	Scopes        []string                  `json:"scopes"`
	RedirectURIs  []string                  `json:"redirect_uris"`
	GrantTypes    []string                  `json:"grant_types"`
	ResponseTypes []string                  `json:"response_types"`
	ResponseModes []fosite.ResponseModeType `json:"response_modes"`

	UserinfoSigningAlgorithm string `json:"userinfo_signed_response_alg,omitempty"`
}

InternalClient represents the client internally.

func NewClient 

func NewClient(config schema.OpenIDConnectClientConfiguration) (client *InternalClient)

NewClient creates a new InternalClient.

func (InternalClient) GetAudience 

func (c InternalClient) GetAudience() fosite.Arguments

GetAudience returns the Audience.

func (InternalClient) GetConsentResponseBody 

func (c InternalClient) GetConsentResponseBody(session *session.OIDCWorkflowSession) ConsentGetResponseBody

GetConsentResponseBody returns the proper consent response body for this session.OIDCWorkflowSession.

func (InternalClient) GetGrantTypes 

func (c InternalClient) GetGrantTypes() fosite.Arguments

GetGrantTypes returns the GrantTypes.

func (InternalClient) GetHashedSecret 

func (c InternalClient) GetHashedSecret() []byte

GetHashedSecret returns the Secret.

func (InternalClient) GetID 

func (c InternalClient) GetID() string

GetID returns the ID.

func (InternalClient) GetRedirectURIs 

func (c InternalClient) GetRedirectURIs() []string

GetRedirectURIs returns the RedirectURIs.

func (InternalClient) GetResponseModes 

func (c InternalClient) GetResponseModes() []fosite.ResponseModeType

GetResponseModes returns the valid response modes for this client.

Implements the fosite.ResponseModeClient.

func (InternalClient) GetResponseTypes 

func (c InternalClient) GetResponseTypes() fosite.Arguments

GetResponseTypes returns the ResponseTypes.

func (InternalClient) GetScopes 

func (c InternalClient) GetScopes() fosite.Arguments

GetScopes returns the Scopes.

func (InternalClient) IsAuthenticationLevelSufficient 

func (c InternalClient) IsAuthenticationLevelSufficient(level authentication.Level) bool

IsAuthenticationLevelSufficient returns if the provided authentication.Level is sufficient for the client of the AutheliaClient.

func (InternalClient) IsPublic 

func (c InternalClient) IsPublic() bool

IsPublic returns the value of the Public property.

type KeyManager 

type KeyManager struct {
	// contains filtered or unexported fields
}

KeyManager keeps track of all of the active/inactive rsa keys and provides them to services requiring them. It additionally allows us to add keys for the purpose of key rotation in the future.

func NewKeyManager 

func NewKeyManager() (manager *KeyManager)

NewKeyManager creates a new empty KeyManager.

func NewKeyManagerWithConfiguration 

func NewKeyManagerWithConfiguration(configuration *schema.OpenIDConnectConfiguration) (manager *KeyManager, err error)

NewKeyManagerWithConfiguration when provided a schema.OpenIDConnectConfiguration creates a new KeyManager and adds an initial key to the manager.

func (*KeyManager) AddActivePrivateKey 

func (m *KeyManager) AddActivePrivateKey(key *rsa.PrivateKey) (webKey *jose.JSONWebKey, err error)

AddActivePrivateKey adds a rsa.PublicKey, then sets it to the active key.

func (*KeyManager) AddActivePrivateKeyData 

func (m *KeyManager) AddActivePrivateKeyData(data string) (key *rsa.PrivateKey, webKey *jose.JSONWebKey, err error)

AddActivePrivateKeyData adds a rsa.PublicKey given the key in the PEM string format, then sets it to the active key.

func (KeyManager) GetActiveKey 

func (m KeyManager) GetActiveKey() (key *rsa.PublicKey, err error)

GetActiveKey returns the rsa.PublicKey of the currently active key.

func (KeyManager) GetActiveKeyID 

func (m KeyManager) GetActiveKeyID() (keyID string)

GetActiveKeyID returns the key id of the currently active key.

func (KeyManager) GetActivePrivateKey 

func (m KeyManager) GetActivePrivateKey() (key *rsa.PrivateKey, err error)

GetActivePrivateKey returns the rsa.PrivateKey of the currently active key.

func (KeyManager) GetActiveWebKey 

func (m KeyManager) GetActiveWebKey() (webKey *jose.JSONWebKey, err error)

GetActiveWebKey obtains the currently active jose.JSONWebKey.

func (KeyManager) GetKeySet 

func (m KeyManager) GetKeySet() (keySet *jose.JSONWebKeySet)

GetKeySet returns the joseJSONWebKeySet containing the rsa.PublicKey types.

func (KeyManager) Strategy 

func (m KeyManager) Strategy() (strategy *RS256JWTStrategy)

Strategy returns the RS256JWTStrategy.

type OpenIDConnectProvider 

type OpenIDConnectProvider struct {
	Fosite     fosite.OAuth2Provider
	Store      *OpenIDConnectStore
	KeyManager *KeyManager
	// contains filtered or unexported fields
}

OpenIDConnectProvider for OpenID Connect.

func NewOpenIDConnectProvider 

func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration) (provider OpenIDConnectProvider, err error)

NewOpenIDConnectProvider new-ups a OpenIDConnectProvider.

func (OpenIDConnectProvider) Write 

func (p OpenIDConnectProvider) Write(w http.ResponseWriter, r *http.Request, e interface{}, opts ...herodot.EncoderOptions)

Write writes data with herodot.JSONWriter.

func (OpenIDConnectProvider) WriteError 

func (p OpenIDConnectProvider) WriteError(w http.ResponseWriter, r *http.Request, err error, opts ...herodot.Option)

WriteError writes an error with herodot.JSONWriter.

func (OpenIDConnectProvider) WriteErrorCode 

func (p OpenIDConnectProvider) WriteErrorCode(w http.ResponseWriter, r *http.Request, code int, err error, opts ...herodot.Option)

WriteErrorCode writes an error with an error code with herodot.JSONWriter.

type OpenIDConnectStore 

type OpenIDConnectStore struct {
	// contains filtered or unexported fields
}

OpenIDConnectStore is Authelia's internal representation of the fosite.Storage interface. 

Currently it is mostly just implementing a decorator pattern other then GetInternalClient.
The long term plan is to have these methods interact with the Authelia storage and
session providers where applicable.

func NewOpenIDConnectStore 

func NewOpenIDConnectStore(configuration *schema.OpenIDConnectConfiguration) (store *OpenIDConnectStore, err error)

NewOpenIDConnectStore returns a new OpenIDConnectStore using the provided schema.OpenIDConnectConfiguration.

func (*OpenIDConnectStore) Authenticate 

func (s *OpenIDConnectStore) Authenticate(ctx context.Context, name string, secret string) error

Authenticate decorates fosite's storage.MemoryStore Authenticate method.

func (*OpenIDConnectStore) ClientAssertionJWTValid 

func (s *OpenIDConnectStore) ClientAssertionJWTValid(ctx context.Context, jti string) error

ClientAssertionJWTValid decorates fosite's storage.MemoryStore ClientAssertionJWTValid method.

func (*OpenIDConnectStore) CreateAccessTokenSession 

func (s *OpenIDConnectStore) CreateAccessTokenSession(ctx context.Context, signature string, req fosite.Requester) error

CreateAccessTokenSession decorates fosite's storage.MemoryStore CreateAccessTokenSession method.

func (*OpenIDConnectStore) CreateAuthorizeCodeSession 

func (s *OpenIDConnectStore) CreateAuthorizeCodeSession(ctx context.Context, code string, req fosite.Requester) error

CreateAuthorizeCodeSession decorates fosite's storage.MemoryStore CreateAuthorizeCodeSession method.

func (*OpenIDConnectStore) CreateOpenIDConnectSession 

func (s *OpenIDConnectStore) CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) error

CreateOpenIDConnectSession decorates fosite's storage.MemoryStore CreateOpenIDConnectSession method.

func (*OpenIDConnectStore) CreatePKCERequestSession 

func (s *OpenIDConnectStore) CreatePKCERequestSession(ctx context.Context, code string, req fosite.Requester) error

CreatePKCERequestSession decorates fosite's storage.MemoryStore CreatePKCERequestSession method.

func (*OpenIDConnectStore) CreateRefreshTokenSession 

func (s *OpenIDConnectStore) CreateRefreshTokenSession(ctx context.Context, signature string, req fosite.Requester) error

CreateRefreshTokenSession decorates fosite's storage.MemoryStore CreateRefreshTokenSession method.

func (*OpenIDConnectStore) DeleteAccessTokenSession 

func (s *OpenIDConnectStore) DeleteAccessTokenSession(ctx context.Context, signature string) error

DeleteAccessTokenSession decorates fosite's storage.MemoryStore DeleteAccessTokenSession method.

func (*OpenIDConnectStore) DeleteOpenIDConnectSession 

func (s *OpenIDConnectStore) DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error

DeleteOpenIDConnectSession decorates fosite's storage.MemoryStore DeleteOpenIDConnectSession method.

func (*OpenIDConnectStore) DeletePKCERequestSession 

func (s *OpenIDConnectStore) DeletePKCERequestSession(ctx context.Context, code string) error

DeletePKCERequestSession decorates fosite's storage.MemoryStore DeletePKCERequestSession method.

func (*OpenIDConnectStore) DeleteRefreshTokenSession 

func (s *OpenIDConnectStore) DeleteRefreshTokenSession(ctx context.Context, signature string) error

DeleteRefreshTokenSession decorates fosite's storage.MemoryStore DeleteRefreshTokenSession method.

func (*OpenIDConnectStore) GetAccessTokenSession 

func (s *OpenIDConnectStore) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)

GetAccessTokenSession decorates fosite's storage.MemoryStore GetAccessTokenSession method.

func (*OpenIDConnectStore) GetAuthorizeCodeSession 

func (s *OpenIDConnectStore) GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (fosite.Requester, error)

GetAuthorizeCodeSession decorates fosite's storage.MemoryStore GetAuthorizeCodeSession method.

func (*OpenIDConnectStore) GetClient 

func (s *OpenIDConnectStore) GetClient(_ context.Context, id string) (fosite.Client, error)

GetClient decorates fosite's storage.MemoryStore GetClient method.

func (OpenIDConnectStore) GetClientPolicy 

func (s OpenIDConnectStore) GetClientPolicy(id string) (level authorization.Level)

GetClientPolicy retrieves the policy from the client with the matching provided id.

func (OpenIDConnectStore) GetInternalClient 

func (s OpenIDConnectStore) GetInternalClient(id string) (client *InternalClient, err error)

GetInternalClient returns a fosite.Client asserted as an InternalClient matching the provided id.

func (*OpenIDConnectStore) GetOpenIDConnectSession 

func (s *OpenIDConnectStore) GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)

GetOpenIDConnectSession decorates fosite's storage.MemoryStore GetOpenIDConnectSession method.

func (*OpenIDConnectStore) GetPKCERequestSession 

func (s *OpenIDConnectStore) GetPKCERequestSession(ctx context.Context, code string, session fosite.Session) (fosite.Requester, error)

GetPKCERequestSession decorates fosite's storage.MemoryStore GetPKCERequestSession method.

func (*OpenIDConnectStore) GetPublicKey 

func (s *OpenIDConnectStore) GetPublicKey(ctx context.Context, issuer string, subject string, keyID string) (*jose.JSONWebKey, error)

GetPublicKey decorates fosite's storage.MemoryStore GetPublicKey method.

func (*OpenIDConnectStore) GetPublicKeyScopes 

func (s *OpenIDConnectStore) GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyID string) ([]string, error)

GetPublicKeyScopes decorates fosite's storage.MemoryStore GetPublicKeyScopes method.

func (*OpenIDConnectStore) GetPublicKeys 

func (s *OpenIDConnectStore) GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)

GetPublicKeys decorates fosite's storage.MemoryStore GetPublicKeys method.

func (*OpenIDConnectStore) GetRefreshTokenSession 

func (s *OpenIDConnectStore) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)

GetRefreshTokenSession decorates fosite's storage.MemoryStore GetRefreshTokenSession method.

func (*OpenIDConnectStore) InvalidateAuthorizeCodeSession 

func (s *OpenIDConnectStore) InvalidateAuthorizeCodeSession(ctx context.Context, code string) error

InvalidateAuthorizeCodeSession decorates fosite's storage.MemoryStore InvalidateAuthorizeCodeSession method.

func (*OpenIDConnectStore) IsJWTUsed 

func (s *OpenIDConnectStore) IsJWTUsed(ctx context.Context, jti string) (bool, error)

IsJWTUsed decorates fosite's storage.MemoryStore IsJWTUsed method.

func (OpenIDConnectStore) IsValidClientID 

func (s OpenIDConnectStore) IsValidClientID(id string) (valid bool)

IsValidClientID returns true if the provided id exists in the OpenIDConnectProvider.Clients map.

func (*OpenIDConnectStore) MarkJWTUsedForTime 

func (s *OpenIDConnectStore) MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error

MarkJWTUsedForTime decorates fosite's storage.MemoryStore MarkJWTUsedForTime method.

func (*OpenIDConnectStore) RevokeAccessToken 

func (s *OpenIDConnectStore) RevokeAccessToken(ctx context.Context, requestID string) error

RevokeAccessToken decorates fosite's storage.MemoryStore RevokeAccessToken method.

func (*OpenIDConnectStore) RevokeRefreshToken 

func (s *OpenIDConnectStore) RevokeRefreshToken(ctx context.Context, requestID string) error

RevokeRefreshToken decorates fosite's storage.MemoryStore RevokeRefreshToken method.

func (*OpenIDConnectStore) SetClientAssertionJWT 

func (s *OpenIDConnectStore) SetClientAssertionJWT(ctx context.Context, jti string, exp time.Time) error

SetClientAssertionJWT decorates fosite's storage.MemoryStore SetClientAssertionJWT method.

type OpenIDSession 

type OpenIDSession struct {
	*openid.DefaultSession `json:"idToken"`

	Extra    map[string]interface{} `json:"extra"`
	ClientID string
}

OpenIDSession holds OIDC Session information.

type RS256JWTStrategy 

type RS256JWTStrategy struct {
	JWTStrategy *jwt.RS256JWTStrategy
	// contains filtered or unexported fields
}

RS256JWTStrategy is a decorator struct for the fosite RS256JWTStrategy.

func NewRS256JWTStrategy 

func NewRS256JWTStrategy(id string, key *rsa.PrivateKey) (strategy *RS256JWTStrategy, err error)

NewRS256JWTStrategy returns a new RS256JWTStrategy.

func (*RS256JWTStrategy) Decode 

func (s *RS256JWTStrategy) Decode(ctx context.Context, token string) (*jwt.Token, error)

Decode is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) Generate 

func (s *RS256JWTStrategy) Generate(ctx context.Context, claims jwt.MapClaims, header jwt.Mapper) (string, string, error)

Generate is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) GetPublicKeyID 

func (s *RS256JWTStrategy) GetPublicKeyID(_ context.Context) (string, error)

GetPublicKeyID is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) GetSignature 

func (s *RS256JWTStrategy) GetSignature(ctx context.Context, token string) (string, error)

GetSignature is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) GetSigningMethodLength 

func (s *RS256JWTStrategy) GetSigningMethodLength() int

GetSigningMethodLength is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) Hash 

func (s *RS256JWTStrategy) Hash(ctx context.Context, in []byte) ([]byte, error)

Hash is a decorator func for the underlying fosite RS256JWTStrategy.

func (RS256JWTStrategy) KeyID 

func (s RS256JWTStrategy) KeyID() (id string)

KeyID returns the key id.

func (*RS256JWTStrategy) SetKey 

func (s *RS256JWTStrategy) SetKey(id string, key *rsa.PrivateKey)

SetKey sets the provided key id and key as the active key (this is what triggers fosite to use it).

func (*RS256JWTStrategy) Validate 

func (s *RS256JWTStrategy) Validate(ctx context.Context, token string) (string, error)

Validate is a decorator func for the underlying fosite RS256JWTStrategy.

type Scope 

type Scope struct {
	Name        string `json:"name"`
	Description string `json:"description"`
}

Scope represents the scope information.

type WellKnownConfiguration 

type WellKnownConfiguration struct {
	Issuer  string `json:"issuer"`
	JWKSURI string `json:"jwks_uri"`

	AuthorizationEndpoint string `json:"authorization_endpoint"`
	TokenEndpoint         string `json:"token_endpoint"`
	RevocationEndpoint    string `json:"revocation_endpoint"`
	UserinfoEndpoint      string `json:"userinfo_endpoint"`

	Algorithms         []string `json:"id_token_signing_alg_values_supported"`
	UserinfoAlgorithms []string `json:"userinfo_signing_alg_values_supported"`

	SubjectTypesSupported  []string `json:"subject_types_supported"`
	ResponseTypesSupported []string `json:"response_types_supported"`
	ResponseModesSupported []string `json:"response_modes_supported"`
	ScopesSupported        []string `json:"scopes_supported"`
	ClaimsSupported        []string `json:"claims_supported"`

	RequestURIParameterSupported       bool `json:"request_uri_parameter_supported"`
	BackChannelLogoutSupported         bool `json:"backchannel_logout_supported"`
	FrontChannelLogoutSupported        bool `json:"frontchannel_logout_supported"`
	BackChannelLogoutSessionSupported  bool `json:"backchannel_logout_session_supported"`
	FrontChannelLogoutSessionSupported bool `json:"frontchannel_logout_session_supported"`
}

WellKnownConfiguration is the OIDC well known config struct.

See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.