openid

package module
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2020 License: MIT Imports: 11 Imported by: 0

README

openid

-- import "github.com/autom8ter/openid"

Example


import (
	"github.com/autom8ter/openid"
	"log"
	"net/http"
	"os"
)

func main() {
	config, err := openid.NewConfig(&openid.Opts{
		DiscoveryUrl:    os.Getenv("OPENID_TEST_DISCOVERY_URL"), // ex: https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration
		ClientID:        os.Getenv("OPENID_TEST_CLIENT_ID"),
		ClientSecret:    os.Getenv("OPENID_TEST_CLIENT_SECRET"), //do not commit to code
		Redirect:        os.Getenv("OPENID_TEST_REDIRECT"),      //localhost:8080/login
		Scopes:          openid.DefaultScopes,
		SkipIssuerCheck: true,
	})
	if err != nil {
		log.Fatal(err.Error())
	}
	const (
		logout        = "/logout"
		home          = "/home"                //this is a protected route that cannot be accessed unless they have logged in
		login         = "/login"               //this is where the identity provider will redirect the user to after they login
		authorization = "/login/authorization" //redirects the user to login to the identity provider
	)
	mux := http.NewServeMux()
	mux.HandleFunc(logout, func(w http.ResponseWriter, r *http.Request) {
		openid.Logout(w, r) //clear user session
		w.Write([]byte("logged out!"))
	})
	mux.HandleFunc(authorization, config.HandleAuthorizationRedirect())
	//protected, will redirect to authorization if not logged in.
	mux.HandleFunc(home, openid.Middleware(func(w http.ResponseWriter, r *http.Request) {
		usr, err := config.GetUser(r)
		if err != nil {
			http.Error(w, "failed to get user", http.StatusInternalServerError)
			return
		}
		w.Write([]byte(usr.String()))
	}, authorization))
	//this is the oauth2 callback that will redirect to home after login
	mux.HandleFunc(login, config.HandleLogin(home, func(u *openid.AuthUser, r *http.Request) error {
		log.Print(u.ToUser().String())
		return nil
	}))
	http.ListenAndServe(":8080", mux)
}

Usage

var (

	//DefaultScopes are added if a Configs scopes are empty, they include: openid, email, profile
	DefaultScopes = []string{"openid", "email", "profile"}
)
func GetSession
func GetSession(r *http.Request) (*sessions.Session, error)
func Logout
func Logout(w http.ResponseWriter, r *http.Request)

Logout logs the user out so they cant pass the middleware without authenticating against at least one idp

func Middleware
func Middleware(handler http.HandlerFunc, redirect string) http.HandlerFunc

Middleware wraps the http handler and redirects the user to the redirect if they are not logged in

func SetSession
func SetSession(store *sessions.CookieStore)

SetSession overrides the default session store(recommended for production usage)

type AuthUser
type AuthUser struct {
	AuthToken *oauth2.Token
	IDToken   map[string]interface{}
	UserInfo  map[string]interface{}
}
func (AuthUser) ToUser
func (u AuthUser) ToUser() *User
type Config
type Config struct {
}

Config is used to to complete the Open ID Connect protocol using the Authorization Grant Authentication Flow.

func NewConfig
func NewConfig(opts *Opts) (*Config, error)

NewConfig creates a new Config from the given options

func (*Config) Exchange
func (c *Config) Exchange(ctx context.Context, code string) (*AuthUser, error)

Exchange gets an AuthUser type by exchanging the authorization code for an access & id token, then calling the userinfo endpoint

func (*Config) GetSession
func (c *Config) GetSession(r *http.Request) (*sessions.Session, error)
func (*Config) GetUser
func (c *Config) GetUser(r *http.Request) (*User, error)
func (*Config) HandleAuthorizationRedirect
func (c *Config) HandleAuthorizationRedirect() http.HandlerFunc

HandleAuthorizationRedirect is an http handler that redirects the user to the identity providers login screen

func (*Config) HandleLogin
func (c *Config) HandleLogin(redirect string, onLogins ...OnLoginFunc) http.HandlerFunc

HandleLogin gets the user from the request, executes the LoginHandler and then redirects to the input redirect

func (*Config) Issuer
func (c *Config) Issuer() string

OAuth2 returns the Configs issuer returned from the discovery endpoint

func (*Config) OAuth2
func (c *Config) OAuth2() *oauth2.Config

OAuth2 returns a pointer to the Configs oauth2.Config

func (*Config) UserInfoUrl
func (c *Config) UserInfoUrl() string

OAuth2 returns the Configs user info url returned from the discovery endpoint

type OnLoginFunc
type OnLoginFunc func(u *AuthUser, r *http.Request) error

OnLoginFunc may be optionally passed into config.HandleLogin in order to execute additional logic against the user after the login occurs

type Opts
type Opts struct {
	// OpenID Connect describes a metadata document that contains most of the information required for an app to do sign-in.
	// ex: https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration
	DiscoveryUrl string
	// ClientID is the application's ID.
	ClientID string
	// ClientSecret is the application's secret.
	ClientSecret string
	// RedirectURL is the URL to redirect users going through
	// the OAuth flow, after the resource owner's URLs.
	Redirect string
	// Scope specifies optional requested permissions.
	Scopes []string
	// SkipIssuerCheck skips the openid issuer check
	SkipIssuerCheck bool
}

Opts are options used when creating a new Configuration

type User
type User struct {
	IDToken  map[string]interface{} `json:"id_token"`
	UserInfo map[string]interface{} `json:"user_info"`
}

User is a combination of the IDToken and the data returned from the UserInfo endpoint

func (*User) String
func (o *User) String() string

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (

	//DefaultScopes are added if a Configs scopes are empty, they include: openid, email, profile
	DefaultScopes = []string{"openid", "email", "profile"}
)

Functions

func GetSession 

func GetSession(r *http.Request) (*sessions.Session, error)

func Logout 

func Logout(w http.ResponseWriter, r *http.Request)

Logout logs the user out so they cant pass the middleware without authenticating against at least one idp

func Middleware 

func Middleware(handler http.HandlerFunc, redirect string) http.HandlerFunc

Middleware wraps the http handler and redirects the user to the redirect if they are not logged in

func SetSession 

func SetSession(store *sessions.CookieStore)

SetSession overrides the default session store(recommended for production usage)

Types

type AuthUser 

type AuthUser struct {
	AuthToken *oauth2.Token
	IDToken   map[string]interface{}
	UserInfo  map[string]interface{}
}

func (AuthUser) ToUser 

func (u AuthUser) ToUser() *User

type Config 

type Config struct {
	// contains filtered or unexported fields
}

Config is used to to complete the Open ID Connect protocol using the Authorization Grant Authentication Flow.

func NewConfig 

func NewConfig(opts *Opts) (*Config, error)

NewConfig creates a new Config from the given options

func (*Config) Copy added in v0.0.3 

func (c *Config) Copy() *Config

func (*Config) Exchange added in v0.0.1 

func (c *Config) Exchange(ctx context.Context, code string) (*AuthUser, error)

Exchange gets an AuthUser type by exchanging the authorization code for an access & id token, then calling the userinfo endpoint

func (*Config) GetSession 

func (c *Config) GetSession(r *http.Request) (*sessions.Session, error)

func (*Config) GetUser 

func (c *Config) GetUser(r *http.Request) (*User, error)

func (*Config) HandleAuthorizationRedirect 

func (c *Config) HandleAuthorizationRedirect() http.HandlerFunc

HandleAuthorizationRedirect is an http handler that redirects the user to the identity providers login screen

func (*Config) HandleLogin 

func (c *Config) HandleLogin(redirect string, onLogins ...OnLoginFunc) http.HandlerFunc

HandleLogin gets the user from the request, executes the LoginHandler and then redirects to the input redirect

func (*Config) Issuer 

func (c *Config) Issuer() string

OAuth2 returns the Configs issuer returned from the discovery endpoint

func (*Config) OAuth2 

func (c *Config) OAuth2() *oauth2.Config

OAuth2 returns a pointer to the Configs oauth2.Config

func (*Config) UserInfoUrl 

func (c *Config) UserInfoUrl() string

OAuth2 returns the Configs user info url returned from the discovery endpoint

type OnLoginFunc 

type OnLoginFunc func(u *AuthUser, r *http.Request) error

OnLoginFunc may be optionally passed into config.HandleLogin in order to execute additional logic against the user after the login occurs

type Opts 

type Opts struct {
	// OpenID Connect describes a metadata document that contains most of the information required for an app to do sign-in.
	// ex: https://login.microsoftonline.com/organizations/v2.0/.well-known/openid-configuration
	DiscoveryUrl string `json:"discoveryUrl"`
	// ClientID is the application's ID.
	ClientID string `json:"clientID"`
	// ClientSecret is the application's secret.
	ClientSecret string `json:"clientSecret"`
	// RedirectURL is the URL to redirect users going through
	// the OAuth flow, after the resource owner's URLs.
	Redirect string `json:"redirect"`
	// Scope specifies optional requested permissions.
	Scopes []string `json:"scopes"`
	// SkipIssuerCheck skips the openid issuer check
	SkipIssuerCheck bool `json:"skipIssuerCheck"`
}

Opts are options used when creating a new Configuration

type User 

type User struct {
	IDToken  map[string]interface{} `json:"id_token"`
	UserInfo map[string]interface{} `json:"user_info"`
}

User is a combination of the IDToken and the data returned from the UserInfo endpoint

func (*User) String 

func (o *User) String() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.