oidc

package

v1.0.8 Latest Latest Go to latest Published: Nov 7, 2015 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/legionus/origin

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ExtractBearerToken(r *http.Request) (string, error)
func GenClientID(hostport string) (string, error)
func NewClaims(iss, sub, aud string, iat, exp time.Time) jose.Claims
func NewHTTPProviderConfigGetter(hc phttp.Client, issuerURL string) *httpProviderConfigGetter
func NewRemotePublicKeyRepo(hc phttp.Client, ep string) *remotePublicKeyRepo
func VerifyClaims(jwt jose.JWT, issuer, clientID string) error
func VerifyClientClaims(jwt jose.JWT, issuer string) (string, error)
func VerifySignature(jwt jose.JWT, keys []key.PublicKey) (bool, error)
type AuthenticatedTransport
- func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error)
type Client
- func NewClient(cfg ClientConfig) (*Client, error)
- func (c *Client) ClientCredsToken(scope []string) (jose.JWT, error)
- func (c *Client) ExchangeAuthCode(code string) (jose.JWT, error)
- func (c *Client) Healthy() error
- func (c *Client) OAuthClient() (*oauth2.Client, error)
- func (c *Client) RefreshToken(refreshToken string) (jose.JWT, error)
- func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{}
- func (c *Client) VerifyJWT(jwt jose.JWT) error
type ClientConfig
type ClientCredentials
type ClientCredsTokenRefresher
- func (c *ClientCredsTokenRefresher) Refresh() (jwt jose.JWT, err error)
- func (c *ClientCredsTokenRefresher) Verify(jwt jose.JWT) (err error)
type ClientIdentity
type ClientMetadata
- func (m *ClientMetadata) Valid() error
type Identity
- func IdentityFromClaims(claims jose.Claims) (*Identity, error)
type JWTVerifier
- func NewJWTVerifier(issuer, clientID string, syncFunc func() error, ...) JWTVerifier
- func (v *JWTVerifier) Verify(jwt jose.JWT) error
type LoginFunc
type ProviderConfig
- func FetchProviderConfig(hc phttp.Client, issuerURL string) (ProviderConfig, error)
- func WaitForProviderConfig(hc phttp.Client, issuerURL string) (pcfg ProviderConfig)
- func (p ProviderConfig) Empty() bool
- func (p ProviderConfig) SupportsGrantType(grantType string) bool
type ProviderConfigGetter
type ProviderConfigSetter
type ProviderConfigSyncer
- func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer
- func (s *ProviderConfigSyncer) Run() chan struct{}
type RequestTokenExtractor
- func CookieTokenExtractor(cookieName string) RequestTokenExtractor
type TokenRefresher

Constants ¶

View Source

const (
	MaximumProviderConfigSyncInterval = 24 * time.Hour
	MinimumProviderConfigSyncInterval = time.Minute
)

Variables ¶

View Source

var (
	DefaultScope = []string{"openid", "email", "profile"}
)

Functions ¶

func ExtractBearerToken ¶

func ExtractBearerToken(r *http.Request) (string, error)

ExtractBearerToken is a RequestTokenExtractor which extracts a bearer token from a request's Authorization header.

func GenClientID ¶

func GenClientID(hostport string) (string, error)

func NewClaims ¶

func NewClaims(iss, sub, aud string, iat, exp time.Time) jose.Claims

func NewHTTPProviderConfigGetter ¶

func NewHTTPProviderConfigGetter(hc phttp.Client, issuerURL string) *httpProviderConfigGetter

func NewRemotePublicKeyRepo ¶

func NewRemotePublicKeyRepo(hc phttp.Client, ep string) *remotePublicKeyRepo

func VerifyClaims ¶

func VerifyClaims(jwt jose.JWT, issuer, clientID string) error

Verify claims in accordance with OIDC spec http://openid.net/specs/openid-connect-basic-1_0.html#IDTokenValidation

func VerifyClientClaims ¶

func VerifyClientClaims(jwt jose.JWT, issuer string) (string, error)

VerifyClientClaims verifies all the required claims are valid for a "client credentials" JWT. Returns the client ID if valid, or an error if invalid.

func VerifySignature ¶

func VerifySignature(jwt jose.JWT, keys []key.PublicKey) (bool, error)

Types ¶

type AuthenticatedTransport ¶

type AuthenticatedTransport struct {
	TokenRefresher
	http.RoundTripper
	// contains filtered or unexported fields
}

func (*AuthenticatedTransport) RoundTrip ¶

func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error)

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

func NewClient ¶

func NewClient(cfg ClientConfig) (*Client, error)

func (*Client) ClientCredsToken ¶

func (c *Client) ClientCredsToken(scope []string) (jose.JWT, error)

func (*Client) ExchangeAuthCode ¶

func (c *Client) ExchangeAuthCode(code string) (jose.JWT, error)

ExchangeAuthCode exchanges an OAuth2 auth code for an OIDC JWT ID token.

func (*Client) Healthy ¶

func (c *Client) Healthy() error

func (*Client) OAuthClient ¶

func (c *Client) OAuthClient() (*oauth2.Client, error)

func (*Client) RefreshToken ¶

func (c *Client) RefreshToken(refreshToken string) (jose.JWT, error)

RefreshToken uses a refresh token to exchange for a new OIDC JWT ID Token.

func (*Client) SyncProviderConfig ¶

func (c *Client) SyncProviderConfig(discoveryURL string) chan struct{}

func (*Client) VerifyJWT ¶

func (c *Client) VerifyJWT(jwt jose.JWT) error

type ClientConfig ¶

type ClientConfig struct {
	HTTPClient     phttp.Client
	Credentials    ClientCredentials
	Scope          []string
	RedirectURL    string
	ProviderConfig ProviderConfig
	KeySet         key.PublicKeySet
}

type ClientCredentials ¶

type ClientCredentials oauth2.ClientCredentials

type ClientCredsTokenRefresher ¶

type ClientCredsTokenRefresher struct {
	Issuer     string
	OIDCClient *Client
}

func (*ClientCredsTokenRefresher) Refresh ¶

func (c *ClientCredsTokenRefresher) Refresh() (jwt jose.JWT, err error)

func (*ClientCredsTokenRefresher) Verify ¶

func (c *ClientCredsTokenRefresher) Verify(jwt jose.JWT) (err error)

type ClientIdentity ¶

type ClientIdentity struct {
	Credentials ClientCredentials
	Metadata    ClientMetadata
}

type ClientMetadata ¶

type ClientMetadata struct {
	RedirectURLs []url.URL
}

func (*ClientMetadata) Valid ¶

func (m *ClientMetadata) Valid() error

type Identity ¶

type Identity struct {
	ID        string
	Name      string
	Email     string
	ExpiresAt time.Time
}

func IdentityFromClaims ¶

func IdentityFromClaims(claims jose.Claims) (*Identity, error)

type JWTVerifier ¶

type JWTVerifier struct {
	// contains filtered or unexported fields
}

func NewJWTVerifier ¶

func NewJWTVerifier(issuer, clientID string, syncFunc func() error, keysFunc func() []key.PublicKey) JWTVerifier

func (*JWTVerifier) Verify ¶

func (v *JWTVerifier) Verify(jwt jose.JWT) error

type LoginFunc ¶

type LoginFunc func(ident Identity, sessionKey string) (redirectURL string, err error)

type ProviderConfig ¶

type ProviderConfig struct {
	Issuer                            string    `json:"issuer"`
	AuthEndpoint                      string    `json:"authorization_endpoint"`
	TokenEndpoint                     string    `json:"token_endpoint"`
	KeysEndpoint                      string    `json:"jwks_uri"`
	ResponseTypesSupported            []string  `json:"response_types_supported"`
	GrantTypesSupported               []string  `json:"grant_types_supported"`
	SubjectTypesSupported             []string  `json:"subject_types_supported"`
	IDTokenAlgValuesSupported         []string  `json:"id_token_alg_values_supported"`
	TokenEndpointAuthMethodsSupported []string  `json:"token_endpoint_auth_methods_supported"`
	ExpiresAt                         time.Time `json:"-"`
}

func FetchProviderConfig ¶

func FetchProviderConfig(hc phttp.Client, issuerURL string) (ProviderConfig, error)

func WaitForProviderConfig ¶

func WaitForProviderConfig(hc phttp.Client, issuerURL string) (pcfg ProviderConfig)

func (ProviderConfig) Empty ¶

func (p ProviderConfig) Empty() bool

func (ProviderConfig) SupportsGrantType ¶

func (p ProviderConfig) SupportsGrantType(grantType string) bool

type ProviderConfigGetter ¶

type ProviderConfigGetter interface {
	Get() (ProviderConfig, error)
}

type ProviderConfigSetter ¶

type ProviderConfigSetter interface {
	Set(ProviderConfig) error
}

type ProviderConfigSyncer ¶

type ProviderConfigSyncer struct {
	// contains filtered or unexported fields
}

func NewProviderConfigSyncer ¶

func NewProviderConfigSyncer(from ProviderConfigGetter, to ProviderConfigSetter) *ProviderConfigSyncer

func (*ProviderConfigSyncer) Run ¶

func (s *ProviderConfigSyncer) Run() chan struct{}

type RequestTokenExtractor ¶

type RequestTokenExtractor func(r *http.Request) (string, error)

RequestTokenExtractor funcs extract a raw encoded token from a request.

func CookieTokenExtractor ¶

func CookieTokenExtractor(cookieName string) RequestTokenExtractor

CookieTokenExtractor returns a RequestTokenExtractor which extracts a token from the named cookie in a request.

type TokenRefresher ¶

type TokenRefresher interface {
	// Verify checks if the provided token is currently valid or not.
	Verify(jose.JWT) error

	// Refresh attempts to authenticate and retrieve a new token.
	Refresh() (jose.JWT, error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL