oauth2

package

v1.24.1 Latest Latest Go to latest Published: Jul 16, 2025 License: MIT Imports: 24 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/jkroepke/openvpn-auth-oauth2

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Client
- func New(ctx context.Context, logger *slog.Logger, conf config.Config, ...) (*Client, error)
type Provider

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrMismatch                     = errors.New("mismatch")
	ErrMissingClaim                 = errors.New("missing claim")
	ErrMissingRequiredRole          = errors.New("missing required role")
	ErrMissingRequiredGroup         = errors.New("missing required group")
	ErrMissingToken                 = errors.New("no tokens provided")
	ErrAuthAndTokenEndpointRequired = errors.New("both oauth2.endpoints.tokenUrl and oauth2.endpoints.authUrl are required")
	ErrNoRefreshToken               = errors.New("no refresh token received from provider")

	ErrClientRejected = errors.New("client rejected")
)

Functions ¶

This section is empty.

Types ¶

type Client ¶ added in v1.22.6

type Client struct {
	// contains filtered or unexported fields
}

func New ¶ added in v1.13.0

func New(ctx context.Context, logger *slog.Logger, conf config.Config, httpClient *http.Client, tokenStorage tokenstorage.Storage,
	provider Provider, openvpn openvpnManagementClient,
) (*Client, error)

New returns a Client instance.

func (Client) ClientDisconnect ¶ added in v1.22.6

func (c Client) ClientDisconnect(ctx context.Context, logger *slog.Logger, client connection.Client)

ClientDisconnect purges the refresh token from the tokenstorage.Storage.

func (Client) OAuth2Callback ¶ added in v1.22.6

func (c Client) OAuth2Callback() http.Handler

OAuth2Callback returns a http.Handler that handles the OAuth2 callback.

func (Client) OAuth2Start ¶ added in v1.22.6

func (c Client) OAuth2Start() http.Handler

OAuth2Start returns a http.Handler that starts the OAuth2 authorization flow. It checks if the request has a valid state GET parameter generated by state.New. Optionally, it checks the HTTP client IP address against the VPN IP address. After the checks, the request is delegated to rp.AuthURLHandler.

func (Client) OAuthConfig ¶ added in v1.22.6

func (c Client) OAuthConfig() *oauth2.Config

OAuthConfig returns the underlying oauth2.Config used by the relying party. It is primarily exposed for tests that need direct access to the client configuration.

func (Client) RefreshClientAuth ¶ added in v1.22.6

func (c Client) RefreshClientAuth(ctx context.Context, logger *slog.Logger, client connection.Client) (bool, error)

RefreshClientAuth initiate a non-interactive authentication against the sso provider.

type Provider ¶ added in v1.3.0

type Provider interface {
	CheckUser(ctx context.Context, session state.State, user types.UserData, tokens *oidc.Tokens[*idtoken.Claims]) error
	GetProviderConfig() (types.ProviderConfig, error)
	GetName() string
	GetRefreshToken(tokens *oidc.Tokens[*idtoken.Claims]) (string, error)
	GetUser(ctx context.Context, logger *slog.Logger, tokens *oidc.Tokens[*idtoken.Claims]) (types.UserData, error)

	// Refresh initiates a non-interactive authentication against the sso provider.
	Refresh(ctx context.Context, logger *slog.Logger, relyingParty rp.RelyingParty, refreshToken string) (*oidc.Tokens[*idtoken.Claims], error)
	RevokeRefreshToken(ctx context.Context, logger *slog.Logger, relyingParty rp.RelyingParty, refreshToken string) error
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
idtoken
providers
generic
github
google
types

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL