The highest tagged major version is
Documentation
¶
Index ¶
- Constants
- func ClaimHash(claim string, sigAlgorithm jose.SignatureAlgorithm) (string, error)
- func NewSHACodeChallenge(code string) string
- func VerifyCodeChallenge(c *CodeChallenge, codeVerifier string) bool
- type AccessTokenClaims
- type AccessTokenRequest
- type AccessTokenResponse
- type AuthRequest
- type CodeChallenge
- type CodeChallengeMethod
- type DiscoveryConfiguration
- type Display
- type EndSessionRequest
- type Gender
- type GrantType
- type IDTokenClaims
- type KeySet
- type Locales
- type Prompt
- type ResponseType
- type Scopes
- type TokenExchangeRequest
- type TokenRequest
- type TokenRequestType
- type Tokens
- type UserInfoRequest
- type Userinfo
- type UserinfoAddress
- type UserinfoEmail
- type UserinfoPhone
- type UserinfoProfile
Constants ¶
View Source
const ( //ScopeOpenID defines the scope `openid` //OpenID Connect requests MUST contain the `openid` scope value ScopeOpenID = "openid" //ScopeProfile defines the scope `profile` //This (optional) scope value requests access to the End-User's default profile Claims, //which are: name, family_name, given_name, middle_name, nickname, preferred_username, //profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at. ScopeProfile = "profile" //ScopeEmail defines the scope `email` //This (optional) scope value requests access to the email and email_verified Claims. ScopeEmail = "email" //ScopeAddress defines the scope `address` //This (optional) scope value requests access to the address Claim. ScopeAddress = "address" //ScopePhone defines the scope `phone` //This (optional) scope value requests access to the phone_number and phone_number_verified Claims. ScopePhone = "phone" //ScopeOfflineAccess defines the scope `offline_access` //This (optional) scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token //that grants access to the End-User's UserInfo Endpoint even when the End-User is not present (not logged in). ScopeOfflineAccess = "offline_access" //ResponseTypeCode for the Authorization Code Flow returning a code from the Authorization Server ResponseTypeCode ResponseType = "code" //ResponseTypeIDToken for the Implicit Flow returning id and access tokens directly from the Authorization Server ResponseTypeIDToken ResponseType = "id_token token" //ResponseTypeIDTokenOnly for the Implicit Flow returning only id token directly from the Authorization Server ResponseTypeIDTokenOnly ResponseType = "id_token" DisplayPage Display = "page" DisplayPopup Display = "popup" DisplayTouch Display = "touch" DisplayWAP Display = "wap" //PromptNone (`none`) disallows the Authorization Server to display any authentication or consent user interface pages. //An error (login_required, interaction_required, ...) will be returned if the user is not already authenticated or consent is needed PromptNone Prompt = "none" //PromptLogin (`login`) directs the Authorization Server to prompt the End-User for reauthentication. PromptLogin Prompt = "login" //PromptConsent (`consent`) directs the Authorization Server to prompt the End-User for consent (of sharing information). PromptConsent Prompt = "consent" //PromptSelectAccount (`select_account `) directs the Authorization Server to prompt the End-User to select a user account (to enable multi user / session switching) PromptSelectAccount Prompt = "select_account" //GrantTypeCode defines the grant_type `authorization_code` used for the Token Request in the Authorization Code Flow GrantTypeCode GrantType = "authorization_code" //BearerToken defines the token_type `Bearer`, which is returned in a successful token response BearerToken = "Bearer" )
View Source
const (
DiscoveryEndpoint = "/.well-known/openid-configuration"
)
Variables ¶
This section is empty.
Functions ¶
func NewSHACodeChallenge ¶
func VerifyCodeChallenge ¶
func VerifyCodeChallenge(c *CodeChallenge, codeVerifier string) bool
Types ¶
type AccessTokenClaims ¶
type AccessTokenClaims struct {
Issuer string
Subject string
Audiences []string
Expiration time.Time
IssuedAt time.Time
NotBefore time.Time
JWTID string
AuthorizedParty string
Nonce string
AuthTime time.Time
CodeHash string
AuthenticationContextClassReference string
AuthenticationMethodsReferences []string
SessionID string
Scopes []string
ClientID string
AccessTokenUseNumber int
}
func (*AccessTokenClaims) MarshalJSON ¶
func (t *AccessTokenClaims) MarshalJSON() ([]byte, error)
func (*AccessTokenClaims) UnmarshalJSON ¶
func (t *AccessTokenClaims) UnmarshalJSON(b []byte) error
type AccessTokenRequest ¶
type AccessTokenRequest struct {
Code string `schema:"code"`
RedirectURI string `schema:"redirect_uri"`
ClientID string `schema:"client_id"`
ClientSecret string `schema:"client_secret"`
CodeVerifier string `schema:"code_verifier"`
}
func (*AccessTokenRequest) GrantType ¶
func (a *AccessTokenRequest) GrantType() GrantType
type AccessTokenResponse ¶
type AccessTokenResponse struct {
AccessToken string `json:"access_token,omitempty" schema:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty" schema:"token_type,omitempty"`
RefreshToken string `json:"refresh_token,omitempty" schema:"refresh_token,omitempty"`
ExpiresIn uint64 `json:"expires_in,omitempty" schema:"expires_in,omitempty"`
IDToken string `json:"id_token,omitempty" schema:"id_token,omitempty"`
}
type AuthRequest ¶
type AuthRequest struct {
ID string
Scopes Scopes `schema:"scope"`
ResponseType ResponseType `schema:"response_type"`
ClientID string `schema:"client_id"`
RedirectURI string `schema:"redirect_uri"` //TODO: type
State string `schema:"state"`
Nonce string `schema:"nonce"`
Display Display `schema:"display"`
Prompt Prompt `schema:"prompt"`
MaxAge uint32 `schema:"max_age"`
UILocales Locales `schema:"ui_locales"`
IDTokenHint string `schema:"id_token_hint"`
LoginHint string `schema:"login_hint"`
ACRValues []string `schema:"acr_values"`
CodeChallenge string `schema:"code_challenge"`
CodeChallengeMethod CodeChallengeMethod `schema:"code_challenge_method"`
}
AuthRequest according to: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
func (*AuthRequest) GetRedirectURI ¶
func (a *AuthRequest) GetRedirectURI() string
GetRedirectURI returns the redirect_uri value for the ErrAuthRequest interface
func (*AuthRequest) GetResponseType ¶
func (a *AuthRequest) GetResponseType() ResponseType
GetResponseType returns the response_type value for the ErrAuthRequest interface
func (*AuthRequest) GetState ¶
func (a *AuthRequest) GetState() string
GetState returns the optional state value for the ErrAuthRequest interface
type CodeChallenge ¶
type CodeChallenge struct {
Challenge string
Method CodeChallengeMethod
}
type CodeChallengeMethod ¶
type CodeChallengeMethod string
const ( CodeChallengeMethodPlain CodeChallengeMethod = "plain" CodeChallengeMethodS256 CodeChallengeMethod = "S256" )
type DiscoveryConfiguration ¶
type DiscoveryConfiguration struct {
Issuer string `json:"issuer,omitempty"`
AuthorizationEndpoint string `json:"authorization_endpoint,omitempty"`
TokenEndpoint string `json:"token_endpoint,omitempty"`
IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"`
UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`
EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
CheckSessionIframe string `json:"check_session_iframe,omitempty"`
JwksURI string `json:"jwks_uri,omitempty"`
ScopesSupported []string `json:"scopes_supported,omitempty"`
ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
ResponseModesSupported []string `json:"response_modes_supported,omitempty"`
GrantTypesSupported []string `json:"grant_types_supported,omitempty"`
SubjectTypesSupported []string `json:"subject_types_supported,omitempty"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"`
ClaimsSupported []string `json:"claims_supported,omitempty"`
}
type EndSessionRequest ¶ added in v0.4.0
type IDTokenClaims ¶
type IDTokenClaims struct {
Issuer string
Audiences []string
Expiration time.Time
NotBefore time.Time
IssuedAt time.Time
JWTID string
UpdatedAt time.Time
AuthorizedParty string
Nonce string
AuthTime time.Time
AccessTokenHash string
CodeHash string
AuthenticationContextClassReference string
AuthenticationMethodsReferences []string
ClientID string
Userinfo
Signature jose.SignatureAlgorithm //TODO: ???
}
func (*IDTokenClaims) MarshalJSON ¶
func (t *IDTokenClaims) MarshalJSON() ([]byte, error)
func (*IDTokenClaims) UnmarshalJSON ¶
func (t *IDTokenClaims) UnmarshalJSON(b []byte) error
type KeySet ¶
type KeySet interface {
// VerifySignature parses the JSON web token, verifies the signature, and returns
// the raw payload. Header and claim fields are validated by other parts of the
// package. For example, the KeySet does not need to check values such as signature
// algorithm, issuer, and audience since the IDTokenVerifier validates these values
// independently.
//
// If VerifySignature makes HTTP requests to verify the token, it's expected to
// use any HTTP client associated with the context through ClientContext.
VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) (payload []byte, err error)
}
KeySet is a set of publc JSON Web Keys that can be used to validate the signature of JSON web tokens. This is expected to be backed by a remote key set through provider metadata discovery or an in-memory set of keys delivered out-of-band.
type Locales ¶
func (*Locales) UnmarshalText ¶
type ResponseType ¶
type ResponseType string
type TokenExchangeRequest ¶
type TokenExchangeRequest struct {
Scope []string `schema:"scope"`
// contains filtered or unexported fields
}
type TokenRequest ¶
type TokenRequest interface {
// GrantType GrantType `schema:"grant_type"`
GrantType() GrantType
}
type TokenRequestType ¶
type TokenRequestType GrantType
type UserInfoRequest ¶ added in v0.4.2
type UserInfoRequest struct {
AccessToken string `schema:"access_token"`
}
type Userinfo ¶
type Userinfo struct {
Subject string
UserinfoProfile
UserinfoEmail
UserinfoPhone
Address *UserinfoAddress
Authorizations []string
// contains filtered or unexported fields
}
func (*Userinfo) MarshalJSON ¶
func (*Userinfo) UnmmarshalJSON ¶
type UserinfoAddress ¶
type UserinfoEmail ¶
type UserinfoPhone ¶
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.