v0.1.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Sep 3, 2015 License: Apache-2.0 Imports: 18 Imported by: 0




View Source
const (
	MaximumProviderConfigSyncInterval = 24 * time.Hour
	MinimumProviderConfigSyncInterval = time.Minute


View Source
var (
	DefaultScope = []string{"openid", "email", "profile"}


func ExtractBearerToken

func ExtractBearerToken(r *http.Request) (string, error)

ExtractBearerToken is a RequestTokenExtractor which extracts a bearer token from a request's Authorization header.

func GenClientID

func GenClientID(hostport string) (string, error)

func NewClaims

func NewClaims(iss, sub, aud string, iat, exp time.Time) jose.Claims

func NewHTTPProviderConfigGetter

func NewHTTPProviderConfigGetter(hc phttp.Client, issuerURL string) *httpProviderConfigGetter

func NewRemotePublicKeyRepo

func NewRemotePublicKeyRepo(hc phttp.Client, ep string) *remotePublicKeyRepo

func VerifyClaims

func VerifyClaims(jwt jose.JWT, issuer, clientID string) error

Verify claims in accordance with OIDC spec http://openid.net/specs/openid-connect-basic-1_0.html#IDTokenValidation

func VerifyClientClaims

func VerifyClientClaims(jwt jose.JWT, issuer string) (string, error)

VerifyClientClaims verifies all the required claims are valid for a "client credentials" JWT. Returns the client ID if valid, or an error if invalid.

func VerifySignature

func VerifySignature(jwt jose.JWT, keys []key.PublicKey) (bool, error)


type AuthenticatedTransport

type AuthenticatedTransport struct {
	// contains filtered or unexported fields

func (*AuthenticatedTransport) RoundTrip

func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error)

type Client

type Client struct {
	// contains filtered or unexported fields

func NewClient

func NewClient(cfg ClientConfig) (*Client, error)

func (*Client) ClientCredsToken

func (c *Client) ClientCredsToken(scope []string) (jose.JWT, error)

func (*Client) ExchangeAuthCode

func (c *Client) ExchangeAuthCode(code string) (jose.JWT, error)

ExchangeAuthCode exchanges an OAuth2 auth code for an OIDC JWT ID token.

func (*Client) Healthy

func (c *Client) Healthy() error

func (*Client) OAuthClient

func (c *Client) OAuthClient() (*oauth2.Client, error)

func (*Client) RefreshToken

func (c *Client) RefreshToken(refreshToken string) (jose.JWT, error)

RefreshToken uses a refresh token to exchange for a new OIDC JWT ID Token.

func (*Client) SyncProviderConfig

func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{}

func (*Client) VerifyJWT

func (c *Client) VerifyJWT(jwt jose.JWT) error

type ClientConfig

type ClientConfig struct {
	HTTPClient     phttp.Client
	Credentials    ClientCredentials
	Scope          []string
	RedirectURL    string
	ProviderConfig ProviderConfig
	KeySet         key.PublicKeySet

type ClientCredentials

type ClientCredentials oauth2.ClientCredentials

type ClientCredsTokenRefresher

type ClientCredsTokenRefresher struct {
	Issuer     string
	OIDCClient *Client

func (*ClientCredsTokenRefresher) Refresh

func (c *ClientCredsTokenRefresher) Refresh() (jwt jose.JWT, err error)

func (*ClientCredsTokenRefresher) Verify

func (c *ClientCredsTokenRefresher) Verify(jwt jose.JWT) (err error)

type ClientIdentity

type ClientIdentity struct {
	Credentials ClientCredentials
	Metadata    ClientMetadata

type ClientMetadata

type ClientMetadata struct {
	RedirectURLs []url.URL

func (*ClientMetadata) Valid

func (m *ClientMetadata) Valid() error

type Identity

type Identity struct {
	ID        string
	Name      string
	Email     string
	ExpiresAt time.Time

func IdentityFromClaims

func IdentityFromClaims(claims jose.Claims) (*Identity, error)

type JWTVerifier

type JWTVerifier struct {
	// contains filtered or unexported fields

func NewJWTVerifier

func NewJWTVerifier(issuer, clientID string, syncFunc func() error, keysFunc func() []key.PublicKey) JWTVerifier

func (*JWTVerifier) Verify

func (v *JWTVerifier) Verify(jwt jose.JWT) error

type LoginFunc

type LoginFunc func(ident Identity, sessionKey string) (redirectURL string, err error)

type ProviderConfig

type ProviderConfig struct {
	Issuer                            string    `json:"issuer"`
	AuthEndpoint                      string    `json:"authorization_endpoint"`
	TokenEndpoint                     string    `json:"token_endpoint"`
	KeysEndpoint                      string    `json:"jwks_uri"`
	ResponseTypesSupported            []string  `json:"response_types_supported"`
	GrantTypesSupported               []string  `json:"grant_types_supported"`
	SubjectTypesSupported             []string  `json:"subject_types_supported"`
	IDTokenAlgValuesSupported         []string  `json:"id_token_alg_values_supported"`
	TokenEndpointAuthMethodsSupported []string  `json:"token_endpoint_auth_methods_supported"`
	ExpiresAt                         time.Time `json:"-"`

func FetchProviderConfig

func FetchProviderConfig(hc phttp.Client, issuerURL string) (ProviderConfig, error)

func WaitForProviderConfig

func WaitForProviderConfig(hc phttp.Client, issuerURL string) (pcfg ProviderConfig)

func (ProviderConfig) Empty

func (p ProviderConfig) Empty() bool

func (ProviderConfig) SupportsGrantType

func (p ProviderConfig) SupportsGrantType(grantType string) bool

type ProviderConfigGetter

type ProviderConfigGetter interface {
	Get() (ProviderConfig, error)

type ProviderConfigSetter

type ProviderConfigSetter interface {
	Set(ProviderConfig) error

type ProviderConfigSyncer

type ProviderConfigSyncer struct {
	// contains filtered or unexported fields

func (*ProviderConfigSyncer) Run

func (s *ProviderConfigSyncer) Run() chan struct{}

type RequestTokenExtractor

type RequestTokenExtractor func(r *http.Request) (string, error)

RequestTokenExtractor funcs extract a raw encoded token from a request.

func CookieTokenExtractor

func CookieTokenExtractor(cookieName string) RequestTokenExtractor

CookieTokenExtractor returns a RequestTokenExtractor which extracts a token from the named cookie in a request.

type TokenRefresher

type TokenRefresher interface {
	// Verify checks if the provided token is currently valid or not.
	Verify(jose.JWT) error

	// Refresh attempts to authenticate and retrieve a new token.
	Refresh() (jose.JWT, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL