openid

package
Version: v0.40.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 28, 2021 License: Apache-2.0 Imports: 16 Imported by: 96

Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidSession = errors.New("Session type mismatch")
)
View Source
var ErrNoSessionFound = fosite.ErrNotFound

Functions

This section is empty.

Types

type DefaultSession

type DefaultSession struct {
	Claims    *jwt.IDTokenClaims
	Headers   *jwt.Headers
	ExpiresAt map[fosite.TokenType]time.Time
	Username  string
	Subject   string
}

IDTokenSession is a session container for the id token

func NewDefaultSession added in v0.5.0

func NewDefaultSession() *DefaultSession

func (*DefaultSession) Clone added in v0.6.0

func (s *DefaultSession) Clone() fosite.Session

func (*DefaultSession) GetExpiresAt added in v0.5.0

func (s *DefaultSession) GetExpiresAt(key fosite.TokenType) time.Time

func (*DefaultSession) GetSubject added in v0.5.0

func (s *DefaultSession) GetSubject() string

func (*DefaultSession) GetUsername added in v0.5.0

func (s *DefaultSession) GetUsername() string

func (*DefaultSession) IDTokenClaims

func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims

func (*DefaultSession) IDTokenHeaders

func (s *DefaultSession) IDTokenHeaders() *jwt.Headers

func (*DefaultSession) SetExpiresAt added in v0.5.0

func (s *DefaultSession) SetExpiresAt(key fosite.TokenType, exp time.Time)

func (*DefaultSession) SetSubject added in v0.37.0

func (s *DefaultSession) SetSubject(subject string)

type DefaultStrategy

type DefaultStrategy struct {
	jwt.JWTStrategy

	Expiry time.Duration
	Issuer string

	MinParameterEntropy int
}

func (DefaultStrategy) GenerateIDToken

func (h DefaultStrategy) GenerateIDToken(ctx context.Context, requester fosite.Requester) (token string, err error)

type IDTokenHandleHelper

type IDTokenHandleHelper struct {
	IDTokenStrategy OpenIDConnectTokenStrategy
}

func (*IDTokenHandleHelper) GetAccessTokenHash added in v0.25.1

func (i *IDTokenHandleHelper) GetAccessTokenHash(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) string

func (*IDTokenHandleHelper) IssueExplicitIDToken

func (i *IDTokenHandleHelper) IssueExplicitIDToken(ctx context.Context, ar fosite.Requester, resp fosite.AccessResponder) error

func (*IDTokenHandleHelper) IssueImplicitIDToken

func (i *IDTokenHandleHelper) IssueImplicitIDToken(ctx context.Context, ar fosite.Requester, resp fosite.AuthorizeResponder) error

type OpenIDConnectExplicitHandler

type OpenIDConnectExplicitHandler struct {
	// OpenIDConnectRequestStorage is the storage for open id connect sessions.
	OpenIDConnectRequestStorage   OpenIDConnectRequestStorage
	OpenIDConnectRequestValidator *OpenIDConnectRequestValidator

	*IDTokenHandleHelper
}

func (*OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest added in v0.37.0

func (c *OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*OpenIDConnectExplicitHandler) CanSkipClientAuth added in v0.37.0

func (c *OpenIDConnectExplicitHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest

func (c *OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*OpenIDConnectExplicitHandler) HandleTokenEndpointRequest

func (c *OpenIDConnectExplicitHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

func (*OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse

func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type OpenIDConnectHybridHandler

type OpenIDConnectHybridHandler struct {
	AuthorizeImplicitGrantTypeHandler *oauth2.AuthorizeImplicitGrantTypeHandler
	AuthorizeExplicitGrantHandler     *oauth2.AuthorizeExplicitGrantHandler
	IDTokenHandleHelper               *IDTokenHandleHelper
	ScopeStrategy                     fosite.ScopeStrategy
	OpenIDConnectRequestValidator     *OpenIDConnectRequestValidator
	OpenIDConnectRequestStorage       OpenIDConnectRequestStorage

	Enigma *jwt.RS256JWTStrategy

	MinParameterEntropy int
}

func (*OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest

func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

type OpenIDConnectImplicitHandler

type OpenIDConnectImplicitHandler struct {
	AuthorizeImplicitGrantTypeHandler *oauth2.AuthorizeImplicitGrantTypeHandler
	*IDTokenHandleHelper
	ScopeStrategy                 fosite.ScopeStrategy
	OpenIDConnectRequestValidator *OpenIDConnectRequestValidator

	RS256JWTStrategy *jwt.RS256JWTStrategy

	MinParameterEntropy int
}

func (*OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest

func (c *OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

type OpenIDConnectRefreshHandler added in v0.11.0

type OpenIDConnectRefreshHandler struct {
	*IDTokenHandleHelper
}

func (*OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest added in v0.37.0

func (c *OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*OpenIDConnectRefreshHandler) CanSkipClientAuth added in v0.37.0

func (c *OpenIDConnectRefreshHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*OpenIDConnectRefreshHandler) HandleTokenEndpointRequest added in v0.11.0

func (c *OpenIDConnectRefreshHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

func (*OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse added in v0.11.0

func (c *OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type OpenIDConnectRequestStorage

type OpenIDConnectRequestStorage interface {
	// CreateOpenIDConnectSession creates an open id connect session
	// for a given authorize code. This is relevant for explicit open id connect flow.
	CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) error

	// IsOpenIDConnectSession returns error
	// - nil if a session was found,
	// - ErrNoSessionFound if no session was found
	// - or an arbitrary error if an error occurred.
	GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)

	// DeleteOpenIDConnectSession removes an open id connect session from the store.
	DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
}

type OpenIDConnectRequestValidator added in v0.18.1

type OpenIDConnectRequestValidator struct {
	AllowedPrompt       []string
	Strategy            jwt.JWTStrategy
	IsRedirectURISecure func(*url.URL) bool
}

func NewOpenIDConnectRequestValidator added in v0.18.1

func NewOpenIDConnectRequestValidator(prompt []string, strategy jwt.JWTStrategy) *OpenIDConnectRequestValidator

func (*OpenIDConnectRequestValidator) ValidatePrompt added in v0.18.1

func (*OpenIDConnectRequestValidator) WithRedirectSecureChecker added in v0.35.1

func (v *OpenIDConnectRequestValidator) WithRedirectSecureChecker(checker func(*url.URL) bool) *OpenIDConnectRequestValidator

type OpenIDConnectTokenStrategy

type OpenIDConnectTokenStrategy interface {
	GenerateIDToken(ctx context.Context, requester fosite.Requester) (token string, err error)
}

type Session

type Session interface {
	// IDTokenClaims returns a pointer to claims which will be modified in-place by handlers.
	// Session should store this pointer and return always the same pointer.
	IDTokenClaims() *jwt.IDTokenClaims
	// IDTokenHeaders returns a pointer to header values which will be modified in-place by handlers.
	// Session should store this pointer and return always the same pointer.
	IDTokenHeaders() *jwt.Headers

	fosite.Session
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL