handler

package

v0.11.3 Latest Latest Go to latest Published: Mar 13, 2026 License: Apache-2.0 Imports: 12 Imported by: 0

Details

This section is empty.

View Source

var (
	ErrInvalidToken = errors.New("invalid token")
	ErrNoProvider   = errors.New("no provider")
)

This section is empty.

type OIDC struct {
	// contains filtered or unexported fields
}

OIDC tracks the set of identity providers to support multi tenancy.

func NewOIDC(opts ...OIDCOption) (*OIDC, error)

NewOIDC creates a new handler and applies the given options.

func (handler *OIDC) ParseAndValidate(ctx context.Context, rawToken, tenantID string, userclaims any, useCache bool) error

func (handler *OIDC) ProviderFor(ctx context.Context, issuer, jwksURI, tenantID string) (*oidc.Provider, error)

ProviderFor returns the provider for the given issuer/jwksURI.

func (handler *OIDC) RegisterStaticProvider(provider *oidc.Provider)

RegisterStaticProvider registers a provider with the handler.

type OIDCOption func(*OIDC) error

OIDCOption is used to configure a handler.

func WithFeatureGates(fg *commoncfg.FeatureGates) OIDCOption

func WithIssuerClaimKeys(issuerClaimKeys ...string) OIDCOption

WithIssuerClaimKeys configures the behavior of a certain provider.

func WithProviderCacheExpiration(expiration, cleanup time.Duration) OIDCOption

WithProviderCacheExpiration configures the expiration of cached providers.

func WithSessionManager(sm *session.Manager) OIDCOption

func WithStaticProvider(provider *oidc.Provider) OIDCOption

WithStaticProvider registers the given provider.