oidc

package

v0.0.2 Latest Latest Go to latest Published: Jan 12, 2026 License: Apache-2.0 Imports: 31 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/ether/etherpad-go

Links

Open Source Insights

Documentation ¶

Index ¶

func GenerateAuthCodeURL(issuer, clientID, redirectURI string, scopes []string) (string, string, string, error)
type Authenticator
- func Init(store *lib.InitStore) *Authenticator
- func NewAuthenticator(retrievedSettings *settings.Settings) *Authenticator
type IssuerPublicKeys
type MemoryStore
- func NewMemoryStore() *MemoryStore
type MemoryUserRelation
type PublicKeyScopes
type StoreAuthorizeCode
type StoreRefreshToken
type SubjectPublicKeys
type WellKnownResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func GenerateAuthCodeURL ¶

func GenerateAuthCodeURL(issuer, clientID, redirectURI string, scopes []string) (string, string, string, error)

Types ¶

type Authenticator ¶

type Authenticator struct {
	// contains filtered or unexported fields
}

func Init ¶

func Init(store *lib.InitStore) *Authenticator

func NewAuthenticator ¶

func NewAuthenticator(retrievedSettings *settings.Settings) *Authenticator

func (*Authenticator) AuthEndpoint ¶

func (a *Authenticator) AuthEndpoint(rw http.ResponseWriter, req *http.Request, setupLogger *zap.SugaredLogger, retrievedSettings *settings.Settings)

func (*Authenticator) IntrospectionEndpoint ¶

func (a *Authenticator) IntrospectionEndpoint(rw http.ResponseWriter, req *http.Request)

func (*Authenticator) JwksEndpoint ¶

func (a *Authenticator) JwksEndpoint(rw http.ResponseWriter, req *http.Request)

func (*Authenticator) OicWellKnown ¶

func (a *Authenticator) OicWellKnown(rw http.ResponseWriter, req *http.Request, retrievedSettings *settings.Settings)

func (*Authenticator) RevokeEndpoint ¶

func (a *Authenticator) RevokeEndpoint(rw http.ResponseWriter, req *http.Request)

func (*Authenticator) TokenEndpoint ¶

func (a *Authenticator) TokenEndpoint(rw http.ResponseWriter, req *http.Request)

func (*Authenticator) ValidateAdminToken ¶

func (a *Authenticator) ValidateAdminToken(tokenString string, adminClient *settings.SSOClient) (bool, error)

type IssuerPublicKeys ¶

type IssuerPublicKeys struct {
	Issuer    string
	KeysBySub map[string]SubjectPublicKeys
}

type MemoryStore ¶

type MemoryStore struct {
	Clients         map[string]fosite.Client
	AuthorizeCodes  map[string]StoreAuthorizeCode
	IDSessions      map[string]fosite.Requester
	AccessTokens    map[string]fosite.Requester
	RefreshTokens   map[string]StoreRefreshToken
	PKCES           map[string]fosite.Requester
	Users           map[string]MemoryUserRelation
	BlacklistedJTIs map[string]time.Time
	// In-memory request ID to token signatures
	AccessTokenRequestIDs  map[string]string
	RefreshTokenRequestIDs map[string]string
	// Public keys to check signature in auth grant jwt assertion.
	IssuerPublicKeys map[string]IssuerPublicKeys
	PARSessions      map[string]fosite.AuthorizeRequester
	// contains filtered or unexported fields
}

func NewMemoryStore ¶

func NewMemoryStore() *MemoryStore

func (*MemoryStore) Authenticate ¶

func (s *MemoryStore) Authenticate(_ context.Context, name string, secret string) (subject string, err error)

func (*MemoryStore) ClientAssertionJWTValid ¶

func (s *MemoryStore) ClientAssertionJWTValid(_ context.Context, jti string) error

func (*MemoryStore) CreateAccessTokenSession ¶

func (s *MemoryStore) CreateAccessTokenSession(_ context.Context, signature string, req fosite.Requester) error

func (*MemoryStore) CreateAuthorizeCodeSession ¶

func (s *MemoryStore) CreateAuthorizeCodeSession(_ context.Context, code string, req fosite.Requester) error

func (*MemoryStore) CreateOpenIDConnectSession ¶

func (s *MemoryStore) CreateOpenIDConnectSession(_ context.Context, authorizeCode string, requester fosite.Requester) error

func (*MemoryStore) CreatePARSession ¶

func (s *MemoryStore) CreatePARSession(ctx context.Context, requestURI string, request fosite.AuthorizeRequester) error

CreatePARSession stores the pushed authorization request context. The requestURI is used to derive the key.

func (*MemoryStore) CreatePKCERequestSession ¶

func (s *MemoryStore) CreatePKCERequestSession(_ context.Context, code string, req fosite.Requester) error

func (*MemoryStore) CreateRefreshTokenSession ¶

func (s *MemoryStore) CreateRefreshTokenSession(_ context.Context, signature, accessTokenSignature string, req fosite.Requester) error

func (*MemoryStore) DeleteAccessTokenSession ¶

func (s *MemoryStore) DeleteAccessTokenSession(_ context.Context, signature string) error

func (*MemoryStore) DeleteOpenIDConnectSession ¶

func (s *MemoryStore) DeleteOpenIDConnectSession(_ context.Context, authorizeCode string) error

func (*MemoryStore) DeletePARSession ¶

func (s *MemoryStore) DeletePARSession(ctx context.Context, requestURI string) (err error)

DeletePARSession deletes the context.

func (*MemoryStore) DeletePKCERequestSession ¶

func (s *MemoryStore) DeletePKCERequestSession(_ context.Context, code string) error

func (*MemoryStore) DeleteRefreshTokenSession ¶

func (s *MemoryStore) DeleteRefreshTokenSession(_ context.Context, signature string) error

func (*MemoryStore) GetAccessTokenSession ¶

func (s *MemoryStore) GetAccessTokenSession(_ context.Context, signature string, _ fosite.Session) (fosite.Requester, error)

func (*MemoryStore) GetAuthorizeCodeSession ¶

func (s *MemoryStore) GetAuthorizeCodeSession(_ context.Context, code string, _ fosite.Session) (fosite.Requester, error)

func (*MemoryStore) GetClient ¶

func (s *MemoryStore) GetClient(_ context.Context, id string) (fosite.Client, error)

func (*MemoryStore) GetOpenIDConnectSession ¶

func (s *MemoryStore) GetOpenIDConnectSession(_ context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)

func (*MemoryStore) GetPARSession ¶

func (s *MemoryStore) GetPARSession(ctx context.Context, requestURI string) (fosite.AuthorizeRequester, error)

GetPARSession gets the push authorization request context. If the request is nil, a new request object is created. Otherwise, the same object is updated.

func (*MemoryStore) GetPKCERequestSession ¶

func (s *MemoryStore) GetPKCERequestSession(_ context.Context, code string, _ fosite.Session) (fosite.Requester, error)

func (*MemoryStore) GetPublicKey ¶

func (s *MemoryStore) GetPublicKey(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error)

func (*MemoryStore) GetPublicKeyScopes ¶

func (s *MemoryStore) GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) ([]string, error)

func (*MemoryStore) GetPublicKeys ¶

func (s *MemoryStore) GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)

func (*MemoryStore) GetRefreshTokenSession ¶

func (s *MemoryStore) GetRefreshTokenSession(_ context.Context, signature string, _ fosite.Session) (fosite.Requester, error)

func (*MemoryStore) InvalidateAuthorizeCodeSession ¶

func (s *MemoryStore) InvalidateAuthorizeCodeSession(ctx context.Context, code string) error

func (*MemoryStore) IsJWTUsed ¶

func (s *MemoryStore) IsJWTUsed(ctx context.Context, jti string) (bool, error)

func (*MemoryStore) MarkJWTUsedForTime ¶

func (s *MemoryStore) MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error

func (*MemoryStore) RevokeAccessToken ¶

func (s *MemoryStore) RevokeAccessToken(ctx context.Context, requestID string) error

func (*MemoryStore) RevokeRefreshToken ¶

func (s *MemoryStore) RevokeRefreshToken(ctx context.Context, requestID string) error

func (*MemoryStore) RotateRefreshToken ¶

func (s *MemoryStore) RotateRefreshToken(ctx context.Context, requestID string, refreshTokenSignature string) (err error)

func (*MemoryStore) SetClientAssertionJWT ¶

func (s *MemoryStore) SetClientAssertionJWT(_ context.Context, jti string, exp time.Time) error

func (*MemoryStore) SetTokenLifespans ¶

func (s *MemoryStore) SetTokenLifespans(clientID string, lifespans *fosite.ClientLifespanConfig) error

type MemoryUserRelation ¶

type MemoryUserRelation struct {
	Username string
	Password string
	Admin    bool
}

type PublicKeyScopes ¶

type PublicKeyScopes struct {
	Key    *jose.JSONWebKey
	Scopes []string
}

type StoreAuthorizeCode ¶

type StoreAuthorizeCode struct {
	fosite.Requester
	// contains filtered or unexported fields
}

type StoreRefreshToken ¶

type StoreRefreshToken struct {
	fosite.Requester
	// contains filtered or unexported fields
}

type SubjectPublicKeys ¶

type SubjectPublicKeys struct {
	Subject string
	Keys    map[string]PublicKeyScopes
}

type WellKnownResponse ¶

type WellKnownResponse struct {
	Issuer                            string   `json:"issuer"`
	AuthorizationEndpoint             string   `json:"authorization_endpoint"`
	TokenEndpoint                     string   `json:"token_endpoint"`
	JwksURI                           string   `json:"jwks_uri"`
	ResponseTypesSupported            []string `json:"response_types_supported"`
	SubjectTypesSupported             []string `json:"subject_types_supported"`
	IdTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported"`
	ScopesSupported                   []string `json:"scopes_supported"`
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL