Documentation

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrInvalidSession = errors.New("Session type mismatch")
)
View Source
var ErrNoSessionFound = fosite.ErrNotFound

Functions

This section is empty.

Types

type DefaultSession

type DefaultSession struct {
	Claims    *jwt.IDTokenClaims
	Headers   *jwt.Headers
	ExpiresAt map[fosite.TokenType]time.Time
	Username  string
	Subject   string
}

    IDTokenSession is a session container for the id token

    func NewDefaultSession

    func NewDefaultSession() *DefaultSession

    func (*DefaultSession) Clone

    func (s *DefaultSession) Clone() fosite.Session

    func (*DefaultSession) GetExpiresAt

    func (s *DefaultSession) GetExpiresAt(key fosite.TokenType) time.Time

    func (*DefaultSession) GetSubject

    func (s *DefaultSession) GetSubject() string

    func (*DefaultSession) GetUsername

    func (s *DefaultSession) GetUsername() string

    func (*DefaultSession) IDTokenClaims

    func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims

    func (*DefaultSession) IDTokenHeaders

    func (s *DefaultSession) IDTokenHeaders() *jwt.Headers

    func (*DefaultSession) SetExpiresAt

    func (s *DefaultSession) SetExpiresAt(key fosite.TokenType, exp time.Time)

    func (*DefaultSession) SetSubject

    func (s *DefaultSession) SetSubject(subject string)

    type DefaultStrategy

    type DefaultStrategy struct {
    	jwt.JWTStrategy
    
    	Expiry time.Duration
    	Issuer string
    
    	MinParameterEntropy int
    }

    func (DefaultStrategy) GenerateIDToken

    func (h DefaultStrategy) GenerateIDToken(ctx context.Context, requester fosite.Requester) (token string, err error)

    type IDTokenHandleHelper

    type IDTokenHandleHelper struct {
    	IDTokenStrategy OpenIDConnectTokenStrategy
    }

    func (*IDTokenHandleHelper) GetAccessTokenHash

    func (i *IDTokenHandleHelper) GetAccessTokenHash(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) string

    func (*IDTokenHandleHelper) IssueExplicitIDToken

    func (i *IDTokenHandleHelper) IssueExplicitIDToken(ctx context.Context, ar fosite.Requester, resp fosite.AccessResponder) error

    func (*IDTokenHandleHelper) IssueImplicitIDToken

    func (i *IDTokenHandleHelper) IssueImplicitIDToken(ctx context.Context, ar fosite.Requester, resp fosite.AuthorizeResponder) error

    type OpenIDConnectExplicitHandler

    type OpenIDConnectExplicitHandler struct {
    	// OpenIDConnectRequestStorage is the storage for open id connect sessions.
    	OpenIDConnectRequestStorage   OpenIDConnectRequestStorage
    	OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
    
    	*IDTokenHandleHelper
    }

    func (*OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest

    func (c *OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

    func (*OpenIDConnectExplicitHandler) CanSkipClientAuth

    func (c *OpenIDConnectExplicitHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

    func (*OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest

    func (c *OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

    func (*OpenIDConnectExplicitHandler) HandleTokenEndpointRequest

    func (c *OpenIDConnectExplicitHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

    func (*OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse

    func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

    type OpenIDConnectHybridHandler

    type OpenIDConnectHybridHandler struct {
    	AuthorizeImplicitGrantTypeHandler *oauth2.AuthorizeImplicitGrantTypeHandler
    	AuthorizeExplicitGrantHandler     *oauth2.AuthorizeExplicitGrantHandler
    	IDTokenHandleHelper               *IDTokenHandleHelper
    	ScopeStrategy                     fosite.ScopeStrategy
    	OpenIDConnectRequestValidator     *OpenIDConnectRequestValidator
    	OpenIDConnectRequestStorage       OpenIDConnectRequestStorage
    
    	Enigma *jwt.RS256JWTStrategy
    
    	MinParameterEntropy int
    }

    func (*OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest

    func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

    type OpenIDConnectImplicitHandler

    type OpenIDConnectImplicitHandler struct {
    	AuthorizeImplicitGrantTypeHandler *oauth2.AuthorizeImplicitGrantTypeHandler
    	*IDTokenHandleHelper
    	ScopeStrategy                 fosite.ScopeStrategy
    	OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
    
    	RS256JWTStrategy *jwt.RS256JWTStrategy
    
    	MinParameterEntropy int
    }

    func (*OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest

    func (c *OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

    type OpenIDConnectRefreshHandler

    type OpenIDConnectRefreshHandler struct {
    	*IDTokenHandleHelper
    }

    func (*OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest

    func (c *OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

    func (*OpenIDConnectRefreshHandler) CanSkipClientAuth

    func (c *OpenIDConnectRefreshHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

    func (*OpenIDConnectRefreshHandler) HandleTokenEndpointRequest

    func (c *OpenIDConnectRefreshHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

    func (*OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse

    func (c *OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

    type OpenIDConnectRequestStorage

    type OpenIDConnectRequestStorage interface {
    	// CreateOpenIDConnectSession creates an open id connect session
    	// for a given authorize code. This is relevant for explicit open id connect flow.
    	CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) error
    
    	// IsOpenIDConnectSession returns error
    	// - nil if a session was found,
    	// - ErrNoSessionFound if no session was found
    	// - or an arbitrary error if an error occurred.
    	GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)
    
    	// DeleteOpenIDConnectSession removes an open id connect session from the store.
    	DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
    }

    type OpenIDConnectRequestValidator

    type OpenIDConnectRequestValidator struct {
    	AllowedPrompt       []string
    	Strategy            jwt.JWTStrategy
    	IsRedirectURISecure func(*url.URL) bool
    }

    func NewOpenIDConnectRequestValidator

    func NewOpenIDConnectRequestValidator(prompt []string, strategy jwt.JWTStrategy) *OpenIDConnectRequestValidator

    func (*OpenIDConnectRequestValidator) ValidatePrompt

    func (*OpenIDConnectRequestValidator) WithRedirectSecureChecker

    func (v *OpenIDConnectRequestValidator) WithRedirectSecureChecker(checker func(*url.URL) bool) *OpenIDConnectRequestValidator

    type OpenIDConnectTokenStrategy

    type OpenIDConnectTokenStrategy interface {
    	GenerateIDToken(ctx context.Context, requester fosite.Requester) (token string, err error)
    }

    type Session

    type Session interface {
    	// IDTokenClaims returns a pointer to claims which will be modified in-place by handlers.
    	// Session should store this pointer and return always the same pointer.
    	IDTokenClaims() *jwt.IDTokenClaims
    	// IDTokenHeaders returns a pointer to header values which will be modified in-place by handlers.
    	// Session should store this pointer and return always the same pointer.
    	IDTokenHeaders() *jwt.Headers
    
    	fosite.Session
    }