View Source
const (
	OOBRedirectURI = "urn:ietf:wg:oauth:2.0:oob"


View Source
var (
	ErrorInvalidClientID = errors.New("not a valid client ID")

	ErrorInvalidClientSecret = errors.New("not a valid client Secret")

	ErrorDuplicateClientID = errors.New("client ID already exists")

	ErrorInvalidRedirectURL    = errors.New("not a valid redirect url for the given client")
	ErrorCantChooseRedirectURL = errors.New("must provide a redirect url; client has many")
	ErrorNoValidRedirectURLs   = errors.New("no valid redirect URLs for this client.")

	ErrorPublicClientRedirectURIs = errors.New("public clients cannot have redirect URIs")
	ErrorPublicClientMissingName  = errors.New("public clients must have a name")

	ErrorMissingRedirectURI = errors.New("no client redirect url given")

	ErrorNotFound = errors.New("no data found")


func HashSecret

func HashSecret(creds oidc.ClientCredentials) ([]byte, error)

func ValidRedirectURL

func ValidRedirectURL(rURL *url.URL, redirectURLs []url.URL) (url.URL, error)

    ValidRedirectURL returns the passed in URL if it is present in the redirectURLs list, and returns an error otherwise. If nil is passed in as the rURL and there is only one URL in redirectURLs, that URL will be returned. If nil is passed but theres >1 URL in the slice, then an error is returned.


    type Client

    type Client struct {
    	Credentials oidc.ClientCredentials
    	Metadata    oidc.ClientMetadata
    	Admin       bool
    	Public      bool

    func (Client) ValidRedirectURL

    func (c Client) ValidRedirectURL(u *url.URL) (url.URL, error)

    type ClientRepo

    type ClientRepo interface {
    	Get(tx repo.Transaction, clientID string) (Client, error)
    	// GetSecret returns the (base64 encoded) hashed client secret
    	GetSecret(tx repo.Transaction, clientID string) ([]byte, error)
    	// All returns all registered Clients
    	All(tx repo.Transaction) ([]Client, error)
    	// New registers a Client with the repo.
    	// An unused ID must be provided. A corresponding secret will be returned
    	// in a ClientCredentials struct along with the provided ID.
    	New(tx repo.Transaction, client Client) (*oidc.ClientCredentials, error)
    	Update(tx repo.Transaction, client Client) error
    	// GetTrustedPeers returns the list of clients authorized to mint ID token for the given client.
    	GetTrustedPeers(tx repo.Transaction, clientID string) ([]string, error)
    	// SetTrustedPeers sets the list of clients authorized to mint ID token for the given client.
    	SetTrustedPeers(tx repo.Transaction, clientID string, clientIDs []string) error

    type LoadableClient

    type LoadableClient struct {
    	Client       Client
    	TrustedPeers []string

      LoadableClient contains sufficient information for creating a Client and its related entities.

      func ClientsFromReader

      func ClientsFromReader(r io.Reader) ([]LoadableClient, error)

      type ValidationError

      type ValidationError struct {
      	Err error

      func (ValidationError) Error

      func (v ValidationError) Error() string

      Source Files


      Path Synopsis