oidc

package
v4.30.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 14, 2021 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Audience

type Audience struct {
	Name        string `json:"name"`
	Description string `json:"description"`
}

Audience represents the audience information.

type AutheliaHasher

type AutheliaHasher struct{}

AutheliaHasher implements the fosite.Hasher interface without an actual hashing algo.

func (AutheliaHasher) Compare

func (h AutheliaHasher) Compare(_ context.Context, hash, data []byte) (err error)

Compare compares the hash with the data and returns an error if they don't match.

func (AutheliaHasher) Hash

func (h AutheliaHasher) Hash(_ context.Context, data []byte) (hash []byte, err error)

Hash creates a new hash from data.

type ConsentGetResponseBody

type ConsentGetResponseBody struct {
	ClientID          string     `json:"client_id"`
	ClientDescription string     `json:"client_description"`
	Scopes            []Scope    `json:"scopes"`
	Audience          []Audience `json:"audience"`
}

ConsentGetResponseBody schema of the response body of the consent GET endpoint.

type InternalClient

type InternalClient struct {
	ID          string `json:"id"`
	Description string `json:"-"`
	Secret      []byte `json:"client_secret,omitempty"`
	Public      bool   `json:"public"`

	Policy authorization.Level `json:"-"`

	Audience      []string                  `json:"audience"`
	Scopes        []string                  `json:"scopes"`
	RedirectURIs  []string                  `json:"redirect_uris"`
	GrantTypes    []string                  `json:"grant_types"`
	ResponseTypes []string                  `json:"response_types"`
	ResponseModes []fosite.ResponseModeType `json:"response_modes"`

	UserinfoSigningAlgorithm string `json:"userinfo_signed_response_alg,omitempty"`
}

InternalClient represents the client internally.

func NewClient

func NewClient(config schema.OpenIDConnectClientConfiguration) (client *InternalClient)

NewClient creates a new InternalClient.

func (InternalClient) GetAudience

func (c InternalClient) GetAudience() fosite.Arguments

GetAudience returns the Audience.

func (InternalClient) GetConsentResponseBody

func (c InternalClient) GetConsentResponseBody(session *session.OIDCWorkflowSession) ConsentGetResponseBody

GetConsentResponseBody returns the proper consent response body for this session.OIDCWorkflowSession.

func (InternalClient) GetGrantTypes

func (c InternalClient) GetGrantTypes() fosite.Arguments

GetGrantTypes returns the GrantTypes.

func (InternalClient) GetHashedSecret

func (c InternalClient) GetHashedSecret() []byte

GetHashedSecret returns the Secret.

func (InternalClient) GetID

func (c InternalClient) GetID() string

GetID returns the ID.

func (InternalClient) GetRedirectURIs

func (c InternalClient) GetRedirectURIs() []string

GetRedirectURIs returns the RedirectURIs.

func (InternalClient) GetResponseModes

func (c InternalClient) GetResponseModes() []fosite.ResponseModeType

GetResponseModes returns the valid response modes for this client.

Implements the fosite.ResponseModeClient.

func (InternalClient) GetResponseTypes

func (c InternalClient) GetResponseTypes() fosite.Arguments

GetResponseTypes returns the ResponseTypes.

func (InternalClient) GetScopes

func (c InternalClient) GetScopes() fosite.Arguments

GetScopes returns the Scopes.

func (InternalClient) IsAuthenticationLevelSufficient

func (c InternalClient) IsAuthenticationLevelSufficient(level authentication.Level) bool

IsAuthenticationLevelSufficient returns if the provided authentication.Level is sufficient for the client of the AutheliaClient.

func (InternalClient) IsPublic

func (c InternalClient) IsPublic() bool

IsPublic returns the value of the Public property.

type KeyManager

type KeyManager struct {
	// contains filtered or unexported fields
}

KeyManager keeps track of all of the active/inactive rsa keys and provides them to services requiring them. It additionally allows us to add keys for the purpose of key rotation in the future.

func NewKeyManager

func NewKeyManager() (manager *KeyManager)

NewKeyManager creates a new empty KeyManager.

func NewKeyManagerWithConfiguration

func NewKeyManagerWithConfiguration(configuration *schema.OpenIDConnectConfiguration) (manager *KeyManager, err error)

NewKeyManagerWithConfiguration when provided a schema.OpenIDConnectConfiguration creates a new KeyManager and adds an initial key to the manager.

func (*KeyManager) AddActivePrivateKey

func (m *KeyManager) AddActivePrivateKey(key *rsa.PrivateKey) (webKey *jose.JSONWebKey, err error)

AddActivePrivateKey adds a rsa.PublicKey, then sets it to the active key.

func (*KeyManager) AddActivePrivateKeyData

func (m *KeyManager) AddActivePrivateKeyData(data string) (key *rsa.PrivateKey, webKey *jose.JSONWebKey, err error)

AddActivePrivateKeyData adds a rsa.PublicKey given the key in the PEM string format, then sets it to the active key.

func (KeyManager) GetActiveKey

func (m KeyManager) GetActiveKey() (key *rsa.PublicKey, err error)

GetActiveKey returns the rsa.PublicKey of the currently active key.

func (KeyManager) GetActiveKeyID

func (m KeyManager) GetActiveKeyID() (keyID string)

GetActiveKeyID returns the key id of the currently active key.

func (KeyManager) GetActivePrivateKey

func (m KeyManager) GetActivePrivateKey() (key *rsa.PrivateKey, err error)

GetActivePrivateKey returns the rsa.PrivateKey of the currently active key.

func (KeyManager) GetActiveWebKey

func (m KeyManager) GetActiveWebKey() (webKey *jose.JSONWebKey, err error)

GetActiveWebKey obtains the currently active jose.JSONWebKey.

func (KeyManager) GetKeySet

func (m KeyManager) GetKeySet() (keySet *jose.JSONWebKeySet)

GetKeySet returns the joseJSONWebKeySet containing the rsa.PublicKey types.

func (KeyManager) Strategy

func (m KeyManager) Strategy() (strategy *RS256JWTStrategy)

Strategy returns the RS256JWTStrategy.

type OpenIDConnectProvider

type OpenIDConnectProvider struct {
	Fosite     fosite.OAuth2Provider
	Store      *OpenIDConnectStore
	KeyManager *KeyManager
	// contains filtered or unexported fields
}

OpenIDConnectProvider for OpenID Connect.

func NewOpenIDConnectProvider

func NewOpenIDConnectProvider(configuration *schema.OpenIDConnectConfiguration) (provider OpenIDConnectProvider, err error)

NewOpenIDConnectProvider new-ups a OpenIDConnectProvider.

func (OpenIDConnectProvider) Write

func (p OpenIDConnectProvider) Write(w http.ResponseWriter, r *http.Request, e interface{}, opts ...herodot.EncoderOptions)

Write writes data with herodot.JSONWriter.

func (OpenIDConnectProvider) WriteError

func (p OpenIDConnectProvider) WriteError(w http.ResponseWriter, r *http.Request, err error, opts ...herodot.Option)

WriteError writes an error with herodot.JSONWriter.

func (OpenIDConnectProvider) WriteErrorCode

func (p OpenIDConnectProvider) WriteErrorCode(w http.ResponseWriter, r *http.Request, code int, err error, opts ...herodot.Option)

WriteErrorCode writes an error with an error code with herodot.JSONWriter.

type OpenIDConnectStore

type OpenIDConnectStore struct {
	// contains filtered or unexported fields
}

OpenIDConnectStore is Authelia's internal representation of the fosite.Storage interface.

Currently it is mostly just implementing a decorator pattern other then GetInternalClient.
The long term plan is to have these methods interact with the Authelia storage and
session providers where applicable.

func NewOpenIDConnectStore

func NewOpenIDConnectStore(configuration *schema.OpenIDConnectConfiguration) (store *OpenIDConnectStore, err error)

NewOpenIDConnectStore returns a new OpenIDConnectStore using the provided schema.OpenIDConnectConfiguration.

func (*OpenIDConnectStore) Authenticate

func (s *OpenIDConnectStore) Authenticate(ctx context.Context, name string, secret string) error

Authenticate decorates fosite's storage.MemoryStore Authenticate method.

func (*OpenIDConnectStore) ClientAssertionJWTValid

func (s *OpenIDConnectStore) ClientAssertionJWTValid(ctx context.Context, jti string) error

ClientAssertionJWTValid decorates fosite's storage.MemoryStore ClientAssertionJWTValid method.

func (*OpenIDConnectStore) CreateAccessTokenSession

func (s *OpenIDConnectStore) CreateAccessTokenSession(ctx context.Context, signature string, req fosite.Requester) error

CreateAccessTokenSession decorates fosite's storage.MemoryStore CreateAccessTokenSession method.

func (*OpenIDConnectStore) CreateAuthorizeCodeSession

func (s *OpenIDConnectStore) CreateAuthorizeCodeSession(ctx context.Context, code string, req fosite.Requester) error

CreateAuthorizeCodeSession decorates fosite's storage.MemoryStore CreateAuthorizeCodeSession method.

func (*OpenIDConnectStore) CreateOpenIDConnectSession

func (s *OpenIDConnectStore) CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) error

CreateOpenIDConnectSession decorates fosite's storage.MemoryStore CreateOpenIDConnectSession method.

func (*OpenIDConnectStore) CreatePKCERequestSession

func (s *OpenIDConnectStore) CreatePKCERequestSession(ctx context.Context, code string, req fosite.Requester) error

CreatePKCERequestSession decorates fosite's storage.MemoryStore CreatePKCERequestSession method.

func (*OpenIDConnectStore) CreateRefreshTokenSession

func (s *OpenIDConnectStore) CreateRefreshTokenSession(ctx context.Context, signature string, req fosite.Requester) error

CreateRefreshTokenSession decorates fosite's storage.MemoryStore CreateRefreshTokenSession method.

func (*OpenIDConnectStore) DeleteAccessTokenSession

func (s *OpenIDConnectStore) DeleteAccessTokenSession(ctx context.Context, signature string) error

DeleteAccessTokenSession decorates fosite's storage.MemoryStore DeleteAccessTokenSession method.

func (*OpenIDConnectStore) DeleteOpenIDConnectSession

func (s *OpenIDConnectStore) DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error

DeleteOpenIDConnectSession decorates fosite's storage.MemoryStore DeleteOpenIDConnectSession method.

func (*OpenIDConnectStore) DeletePKCERequestSession

func (s *OpenIDConnectStore) DeletePKCERequestSession(ctx context.Context, code string) error

DeletePKCERequestSession decorates fosite's storage.MemoryStore DeletePKCERequestSession method.

func (*OpenIDConnectStore) DeleteRefreshTokenSession

func (s *OpenIDConnectStore) DeleteRefreshTokenSession(ctx context.Context, signature string) error

DeleteRefreshTokenSession decorates fosite's storage.MemoryStore DeleteRefreshTokenSession method.

func (*OpenIDConnectStore) GetAccessTokenSession

func (s *OpenIDConnectStore) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)

GetAccessTokenSession decorates fosite's storage.MemoryStore GetAccessTokenSession method.

func (*OpenIDConnectStore) GetAuthorizeCodeSession

func (s *OpenIDConnectStore) GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (fosite.Requester, error)

GetAuthorizeCodeSession decorates fosite's storage.MemoryStore GetAuthorizeCodeSession method.

func (*OpenIDConnectStore) GetClient

func (s *OpenIDConnectStore) GetClient(_ context.Context, id string) (fosite.Client, error)

GetClient decorates fosite's storage.MemoryStore GetClient method.

func (OpenIDConnectStore) GetClientPolicy

func (s OpenIDConnectStore) GetClientPolicy(id string) (level authorization.Level)

GetClientPolicy retrieves the policy from the client with the matching provided id.

func (OpenIDConnectStore) GetInternalClient

func (s OpenIDConnectStore) GetInternalClient(id string) (client *InternalClient, err error)

GetInternalClient returns a fosite.Client asserted as an InternalClient matching the provided id.

func (*OpenIDConnectStore) GetOpenIDConnectSession

func (s *OpenIDConnectStore) GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)

GetOpenIDConnectSession decorates fosite's storage.MemoryStore GetOpenIDConnectSession method.

func (*OpenIDConnectStore) GetPKCERequestSession

func (s *OpenIDConnectStore) GetPKCERequestSession(ctx context.Context, code string, session fosite.Session) (fosite.Requester, error)

GetPKCERequestSession decorates fosite's storage.MemoryStore GetPKCERequestSession method.

func (*OpenIDConnectStore) GetPublicKey

func (s *OpenIDConnectStore) GetPublicKey(ctx context.Context, issuer string, subject string, keyID string) (*jose.JSONWebKey, error)

GetPublicKey decorates fosite's storage.MemoryStore GetPublicKey method.

func (*OpenIDConnectStore) GetPublicKeyScopes

func (s *OpenIDConnectStore) GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyID string) ([]string, error)

GetPublicKeyScopes decorates fosite's storage.MemoryStore GetPublicKeyScopes method.

func (*OpenIDConnectStore) GetPublicKeys

func (s *OpenIDConnectStore) GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)

GetPublicKeys decorates fosite's storage.MemoryStore GetPublicKeys method.

func (*OpenIDConnectStore) GetRefreshTokenSession

func (s *OpenIDConnectStore) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)

GetRefreshTokenSession decorates fosite's storage.MemoryStore GetRefreshTokenSession method.

func (*OpenIDConnectStore) InvalidateAuthorizeCodeSession

func (s *OpenIDConnectStore) InvalidateAuthorizeCodeSession(ctx context.Context, code string) error

InvalidateAuthorizeCodeSession decorates fosite's storage.MemoryStore InvalidateAuthorizeCodeSession method.

func (*OpenIDConnectStore) IsJWTUsed

func (s *OpenIDConnectStore) IsJWTUsed(ctx context.Context, jti string) (bool, error)

IsJWTUsed decorates fosite's storage.MemoryStore IsJWTUsed method.

func (OpenIDConnectStore) IsValidClientID

func (s OpenIDConnectStore) IsValidClientID(id string) (valid bool)

IsValidClientID returns true if the provided id exists in the OpenIDConnectProvider.Clients map.

func (*OpenIDConnectStore) MarkJWTUsedForTime

func (s *OpenIDConnectStore) MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error

MarkJWTUsedForTime decorates fosite's storage.MemoryStore MarkJWTUsedForTime method.

func (*OpenIDConnectStore) RevokeAccessToken

func (s *OpenIDConnectStore) RevokeAccessToken(ctx context.Context, requestID string) error

RevokeAccessToken decorates fosite's storage.MemoryStore RevokeAccessToken method.

func (*OpenIDConnectStore) RevokeRefreshToken

func (s *OpenIDConnectStore) RevokeRefreshToken(ctx context.Context, requestID string) error

RevokeRefreshToken decorates fosite's storage.MemoryStore RevokeRefreshToken method.

func (*OpenIDConnectStore) SetClientAssertionJWT

func (s *OpenIDConnectStore) SetClientAssertionJWT(ctx context.Context, jti string, exp time.Time) error

SetClientAssertionJWT decorates fosite's storage.MemoryStore SetClientAssertionJWT method.

type OpenIDSession

type OpenIDSession struct {
	*openid.DefaultSession `json:"idToken"`

	Extra    map[string]interface{} `json:"extra"`
	ClientID string
}

OpenIDSession holds OIDC Session information.

type RS256JWTStrategy

type RS256JWTStrategy struct {
	JWTStrategy *jwt.RS256JWTStrategy
	// contains filtered or unexported fields
}

RS256JWTStrategy is a decorator struct for the fosite RS256JWTStrategy.

func NewRS256JWTStrategy

func NewRS256JWTStrategy(id string, key *rsa.PrivateKey) (strategy *RS256JWTStrategy, err error)

NewRS256JWTStrategy returns a new RS256JWTStrategy.

func (*RS256JWTStrategy) Decode

func (s *RS256JWTStrategy) Decode(ctx context.Context, token string) (*jwt.Token, error)

Decode is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) Generate

func (s *RS256JWTStrategy) Generate(ctx context.Context, claims jwt.MapClaims, header jwt.Mapper) (string, string, error)

Generate is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) GetPublicKeyID

func (s *RS256JWTStrategy) GetPublicKeyID(_ context.Context) (string, error)

GetPublicKeyID is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) GetSignature

func (s *RS256JWTStrategy) GetSignature(ctx context.Context, token string) (string, error)

GetSignature is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) GetSigningMethodLength

func (s *RS256JWTStrategy) GetSigningMethodLength() int

GetSigningMethodLength is a decorator func for the underlying fosite RS256JWTStrategy.

func (*RS256JWTStrategy) Hash

func (s *RS256JWTStrategy) Hash(ctx context.Context, in []byte) ([]byte, error)

Hash is a decorator func for the underlying fosite RS256JWTStrategy.

func (RS256JWTStrategy) KeyID

func (s RS256JWTStrategy) KeyID() (id string)

KeyID returns the key id.

func (*RS256JWTStrategy) SetKey

func (s *RS256JWTStrategy) SetKey(id string, key *rsa.PrivateKey)

SetKey sets the provided key id and key as the active key (this is what triggers fosite to use it).

func (*RS256JWTStrategy) Validate

func (s *RS256JWTStrategy) Validate(ctx context.Context, token string) (string, error)

Validate is a decorator func for the underlying fosite RS256JWTStrategy.

type Scope

type Scope struct {
	Name        string `json:"name"`
	Description string `json:"description"`
}

Scope represents the scope information.

type WellKnownConfiguration

type WellKnownConfiguration struct {
	Issuer  string `json:"issuer"`
	JWKSURI string `json:"jwks_uri"`

	AuthorizationEndpoint string `json:"authorization_endpoint"`
	TokenEndpoint         string `json:"token_endpoint"`
	RevocationEndpoint    string `json:"revocation_endpoint"`
	UserinfoEndpoint      string `json:"userinfo_endpoint"`

	Algorithms         []string `json:"id_token_signing_alg_values_supported"`
	UserinfoAlgorithms []string `json:"userinfo_signing_alg_values_supported"`

	SubjectTypesSupported  []string `json:"subject_types_supported"`
	ResponseTypesSupported []string `json:"response_types_supported"`
	ResponseModesSupported []string `json:"response_modes_supported"`
	ScopesSupported        []string `json:"scopes_supported"`
	ClaimsSupported        []string `json:"claims_supported"`

	RequestURIParameterSupported       bool `json:"request_uri_parameter_supported"`
	BackChannelLogoutSupported         bool `json:"backchannel_logout_supported"`
	FrontChannelLogoutSupported        bool `json:"frontchannel_logout_supported"`
	BackChannelLogoutSessionSupported  bool `json:"backchannel_logout_session_supported"`
	FrontChannelLogoutSessionSupported bool `json:"frontchannel_logout_session_supported"`
}

WellKnownConfiguration is the OIDC well known config struct.

See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL