dex

package

v1.11.0 Latest Latest Go to latest Published: Nov 29, 2023 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/epinio/epinio

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
type CodeVerifier
- func NewCodeVerifier() *CodeVerifier
- func NewCodeVerifierWithLen(len int) *CodeVerifier
- func (c *CodeVerifier) ChallengeS256() string
type Config
- func NewConfig(issuer, clientID string) (Config, error)
- func NewConfigFromSecretData(clientID string, secretData map[string][]byte) (Config, error)
type Group
type OIDCProvider
- func NewOIDCProvider(ctx context.Context, issuer, clientID string) (*OIDCProvider, error)
- func NewOIDCProviderWithConfig(ctx context.Context, config Config) (*OIDCProvider, error)
type ProviderGroups
- func (pg *ProviderGroups) GetRolesFromGroups(groupIDs ...string) []string

Constants ¶

View Source

const (
	// https://dexidp.io/docs/custom-scopes-claims-clients/#public-clients
	OutOfBrowserURN = "urn:ietf:wg:oauth:2.0:oob"
)

Variables ¶

View Source

var (
	// "openid" is a required scope for OpenID Connect flows.
	// Other scopes, such as "groups" can be requested.
	DefaultScopes = []string{oidc.ScopeOpenID, oidc.ScopeOfflineAccess, "profile", "email", "groups", "federated:id"}
)

Functions ¶

This section is empty.

Types ¶

type CodeVerifier ¶

type CodeVerifier struct {
	Value string
}

CodeVerifier is an helper struct used to create a code_challenge for the PKCE Ref: https://www.oauth.com/oauth2-servers/pkce/

func NewCodeVerifier ¶

func NewCodeVerifier() *CodeVerifier

NewCodeVerifier returns a cryptographic secure random CodeVerifier of a fixed length (32)

func NewCodeVerifierWithLen ¶

func NewCodeVerifierWithLen(len int) *CodeVerifier

NewCodeVerifier returns a cryptographic secure random CodeVerifier of the specified length

func (*CodeVerifier) ChallengeS256 ¶

func (c *CodeVerifier) ChallengeS256() string

ChallengeS256 returns an encoded SHA256 code_challenge of the code_verifier

type Config ¶ added in v1.5.0

type Config struct {
	Issuer          string
	ClientID        string
	Endpoint        *url.URL
	ProvidersGroups []ProviderGroups

	Oauth2 *oauth2.Config
}

func NewConfig ¶ added in v1.5.0

func NewConfig(issuer, clientID string) (Config, error)

func NewConfigFromSecretData ¶ added in v1.5.0

func NewConfigFromSecretData(clientID string, secretData map[string][]byte) (Config, error)

type Group ¶ added in v1.5.0

type Group struct {
	ID    string   `yaml:"id"`
	Role  string   `yaml:"role"`
	Roles []string `yaml:"roles"`
}

type OIDCProvider ¶

type OIDCProvider struct {
	Config Config

	Provider *oidc.Provider
}

OIDCProvider wraps an oidc.Provider and its Configuration

func NewOIDCProvider ¶

func NewOIDCProvider(ctx context.Context, issuer, clientID string) (*OIDCProvider, error)

NewOIDCProvider construct an OIDCProvider loading the configuration from the issuer URL

func NewOIDCProviderWithConfig ¶ added in v1.5.0

func NewOIDCProviderWithConfig(ctx context.Context, config Config) (*OIDCProvider, error)

NewOIDCProviderWithConfig construct an OIDCProvider with the provided configuration

func (*OIDCProvider) AddScopes ¶

func (pc *OIDCProvider) AddScopes(scopes ...string)

AddScopes will add scopes to the OIDCProvider.Config.Scopes, extending the DefaultScopes

func (*OIDCProvider) AuthCodeURLWithPKCE ¶

func (pc *OIDCProvider) AuthCodeURLWithPKCE() (string, string)

AuthCodeURLWithPKCE will return an URL that can be used to obtain an auth code, and a code_verifier string. The code_verifier is needed to implement the PKCE auth flow, since this is going to be used by our CLI Ref: https://www.oauth.com/oauth2-servers/pkce/

func (*OIDCProvider) ExchangeWithPKCE ¶

func (pc *OIDCProvider) ExchangeWithPKCE(ctx context.Context, authCode, codeVerifier string) (*oauth2.Token, error)

ExchangeWithPKCE will exchange the authCode with a token, checking if the codeVerifier is valid

func (*OIDCProvider) GetProviderGroups ¶ added in v1.5.0

func (pc *OIDCProvider) GetProviderGroups(providerID string) (*ProviderGroups, error)

GetProviderGroups returns the ProviderGroups of the specified provider

func (*OIDCProvider) Verify ¶

func (pc *OIDCProvider) Verify(ctx context.Context, rawIDToken string) (*oidc.IDToken, error)

Verify will verify the token, and it will return an oidc.IDToken

type ProviderGroups ¶ added in v1.5.0

type ProviderGroups struct {
	ConnectorID string  `yaml:"connectorId"`
	Groups      []Group `yaml:"groups"`
}

func (*ProviderGroups) GetRolesFromGroups ¶ added in v1.5.0

func (pg *ProviderGroups) GetRolesFromGroups(groupIDs ...string) []string

GetRoleFromGroups returns the roles matching the provided groups

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL