Documentation
¶
Index ¶
- Constants
- func AddAddressClaims(claims map[string]any, user User)
- func AddEmailClaims(claims map[string]any, user User)
- func AddExtraClaims(claims map[string]any, extraClaims map[string]string, user User)
- func AddPhoneClaims(claims map[string]any, user User)
- func AddProfileClaims(claims map[string]any, user User)
- func AuthorizeHandler(basePath string, tokenService TokenCreator, peopleStore people.Store, ...) http.Handler
- func DiscoveryDocumentHandler(issuer, scope string) http.Handler
- func Error(w http.ResponseWriter, error string, description string, code int)
- func GeneratePrivateKey(keySize int) (*rsa.PrivateKey, []byte, error)
- func IntersectScope(availableScope, requestedScope string) string
- func JwksHandler(publicKeys map[string]*rsa.PublicKey) http.Handler
- func LoadPublicKeys(basePath string, keys []string) (map[string]*rsa.PublicKey, error)
- func ToJwks(publicKeys map[string]*rsa.PublicKey) []jose.JSONWebKey
- func TokenHandler(tokenService TokenCreator, peopleStore people.Store, clients Clients, ...) http.Handler
- func UserInfoHandler(peopleStore people.Store, tokenVerifier TokenVerifier, ...) http.Handler
- type Client
- type Clients
- type DiscoveryDocument
- type ErrorResponse
- type TokenCreator
- type TokenResponse
- type TokenVerifier
- type User
Constants ¶
View Source
const ( ClaimClientID = "client_id" ClaimExpirationTime = "exp" ClaimIssuer = "iss" ClaimIssuedAtTime = "iat" ClaimNotBeforeTime = "nbf" ClaimUserID = "user_id" ClaimScope = "scope" ClaimSubject = "sub" ClaimType = "typ" ClaimAudience = "aud" ClaimAccessTokenHash = "at_hash" ClaimNonce = "nonce" )
View Source
const ( // ErrorInvalidRequest - The request is missing a parameter so the server // can't proceed with the request. This may also be returned if the // request includes an unsupported parameter or repeats a parameter. ErrorInvalidRequest = "invalid_request" // ErrorInvalidClient – Client authentication failed, such as if the // request contains an invalid client ID or secret. Send an HTTP 401 // response in this case. ErrorInvalidClient = "invalid_client" // ErrorInvalidGrant – The authorization code (or user's password for the // password grant type) is invalid or expired. This is also the error you // would return if the redirect URL given in the authorization grant does // not match the URL provided in this access token request. ErrorInvalidGrant = "invalid_grant" // ErrorRedirectURIMismatch - The redirect URI is invalid for the // requested client id ErrorRedirectURIMismatch = "redirect_uri_mismatch" // ErrorUnsupportedGrantType – If a grant type is requested that the // authorization server doesn't recognize, use this code. Note that // unknown grant types also use this specific error code rather than using // the ErrorInvalidRequest above. ErrorUnsupportedGrantType = "unsupported_grant_type" ErrorInternal = "internal_server_error" ErrorNotFound = "not_found" )
View Source
const ( GrantTypeAuthorizationCode = "authorization_code" GrantTypeClientCredentials = "client_credentials" GrantTypeRefreshToken = "refresh_token" TokenTypeCode = "code" TokenTypeRefreshToken = "refresh" TokenTypeAccessToken = "at" TokenTypeIDToken = "id" ResponseTypeCode = "code" ResponseTypeToken = "token" )
View Source
const OIDCDefaultScope = "openid profile email phone address offline_access"
Variables ¶
This section is empty.
Functions ¶
func AddAddressClaims ¶ added in v0.3.0
func AddEmailClaims ¶
func AddExtraClaims ¶
func AddPhoneClaims ¶ added in v0.3.0
func AddProfileClaims ¶
func AuthorizeHandler ¶
func GeneratePrivateKey ¶
func GeneratePrivateKey(keySize int) (*rsa.PrivateKey, []byte, error)
func IntersectScope ¶
func LoadPublicKeys ¶
func TokenHandler ¶
func UserInfoHandler ¶
Types ¶
type Clients ¶
func (Clients) ClientsMatchingRedirectURI ¶
type DiscoveryDocument ¶
type DiscoveryDocument struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
JwksURI string `json:"jwks_uri"`
ResponseTypesSupported []string `json:"response_types_supported"`
GrantTypesSupported []string `json:"grant_types_supported"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
ScopesSupported []string `json:"scopes_supported"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
}
type ErrorResponse ¶
type TokenCreator ¶
type TokenCreator interface {
TokenVerifier
GenerateAccessToken(user User, clientID, scope string) (string, error)
GenerateIDToken(user User, clientID, scope, accessTokenHash, nonce string) (string, error)
GenerateAuthCode(userID, clientID, scope, challenge, nonce string) (string, error)
GenerateRefreshToken(userID, clientID, scope, nonce string) (string, error)
VerifyAuthCode(rawToken string) (userID, scope, challenge, nonce string, valid bool)
VerifyRefreshToken(rawToken string) (userID, scope, nonce string, valid bool)
AccessTokenTTL() int64
Issuer() string
}
func NewTokenService ¶
func NewTokenService(privateKey *rsa.PrivateKey, keyID, issuer, scope string, accessTokenTTL, refreshTokenTTL, idTokenTTL int64, accessTokenExtraClaims, idTokenExtraClaims map[string]string) (TokenCreator, error)
type TokenResponse ¶
type TokenVerifier ¶
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.