Documentation

Index

Constants

View Source
const (
	KeyWellKnownKeys                             = "webfinger.jwks.broadcast_keys"
	KeyOAuth2ClientRegistrationURL               = "webfinger.oidc_discovery.client_registration_url"
	KeyOAuth2TokenURL                            = "webfinger.oidc_discovery.token_url" // #nosec G101
	KeyOAuth2AuthURL                             = "webfinger.oidc_discovery.auth_url"
	KeyJWKSURL                                   = "webfinger.oidc_discovery.jwks_url"
	KeyOIDCDiscoverySupportedClaims              = "webfinger.oidc_discovery.supported_claims"
	KeyOIDCDiscoverySupportedScope               = "webfinger.oidc_discovery.supported_scope"
	KeyOIDCDiscoveryUserinfoEndpoint             = "webfinger.oidc_discovery.userinfo_url"
	KeySubjectTypesSupported                     = "oidc.subject_identifiers.supported_types"
	KeyDefaultClientScope                        = "oidc.dynamic_client_registration.default_scope"
	KeyDSN                                       = "dsn"
	KeyBCryptCost                                = "oauth2.hashers.bcrypt.cost"
	KeyEncryptSessionData                        = "oauth2.session.encrypt_at_rest"
	KeyAdminListenOnHost                         = "serve.admin.host"
	KeyAdminListenOnPort                         = "serve.admin.port"
	KeyAdminSocketOwner                          = "serve.admin.socket.owner"
	KeyAdminSocketGroup                          = "serve.admin.socket.group"
	KeyAdminSocketMode                           = "serve.admin.socket.mode"
	KeyAdminDisableHealthAccessLog               = "serve.admin.access_log.disable_for_health"
	KeyPublicListenOnHost                        = "serve.public.host"
	KeyPublicListenOnPort                        = "serve.public.port"
	KeyPublicSocketOwner                         = "serve.public.socket.owner"
	KeyPublicSocketGroup                         = "serve.public.socket.group"
	KeyPublicSocketMode                          = "serve.public.socket.mode"
	KeyPublicDisableHealthAccessLog              = "serve.public.access_log.disable_for_health"
	KeyCookieSameSiteMode                        = "serve.cookies.same_site_mode"
	KeyCookieSameSiteLegacyWorkaround            = "serve.cookies.same_site_legacy_workaround"
	KeyConsentRequestMaxAge                      = "ttl.login_consent_request"
	KeyAccessTokenLifespan                       = "ttl.access_token"  // #nosec G101
	KeyRefreshTokenLifespan                      = "ttl.refresh_token" // #nosec G101
	KeyIDTokenLifespan                           = "ttl.id_token"      // #nosec G101
	KeyAuthCodeLifespan                          = "ttl.auth_code"
	KeyScopeStrategy                             = "strategies.scope"
	KeyGetCookieSecrets                          = "secrets.cookie"
	KeyGetSystemSecret                           = "secrets.system"
	KeyLogoutRedirectURL                         = "urls.post_logout_redirect"
	KeyLoginURL                                  = "urls.login"
	KeyLogoutURL                                 = "urls.logout"
	KeyConsentURL                                = "urls.consent"
	KeyErrorURL                                  = "urls.error"
	KeyPublicURL                                 = "urls.self.public"
	KeyIssuerURL                                 = "urls.self.issuer"
	KeyAllowTLSTerminationFrom                   = "serve.tls.allow_termination_from"
	KeyAccessTokenStrategy                       = "strategies.access_token"
	KeySubjectIdentifierAlgorithmSalt            = "oidc.subject_identifiers.pairwise.salt"
	KeyPKCEEnforced                              = "oauth2.pkce.enforced"
	KeyPKCEEnforcedForPublicClients              = "oauth2.pkce.enforced_for_public_clients"
	KeyLogLevel                                  = "log.level"
	KeyCGroupsV1AutoMaxProcsEnabled              = "cgroups.v1.auto_max_procs_enabled"
	KeyGrantAllClientCredentialsScopesPerDefault = "oauth2.client_credentials.default_grant_allowed_scope"
	KeyExposeOAuth2Debug                         = "oauth2.expose_internal_errors"
	KeyOAuth2LegacyErrors                        = "oauth2.include_legacy_error_fields"
)
View Source
const DSNMemory = "memory"

Variables

View Source
var (
	Version = "master"
	Date    = "undefined"
	Commit  = "undefined"
)

Functions

func MustValidate

func MustValidate(l *logrusx.Logger, p *Provider)

Types

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

func MustNew

func MustNew(l *logrusx.Logger, opts ...configx.OptionModifier) *Provider

func New

func New(l *logrusx.Logger, opts ...configx.OptionModifier) (*Provider, error)

func (*Provider) AccessTokenLifespan

func (p *Provider) AccessTokenLifespan() time.Duration

func (*Provider) AccessTokenStrategy

func (p *Provider) AccessTokenStrategy() string

func (*Provider) AdminCORS

func (p *Provider) AdminCORS() (cors.Options, bool)

func (*Provider) AdminDisableHealthAccessLog

func (p *Provider) AdminDisableHealthAccessLog() bool

func (*Provider) AdminListenOn

func (p *Provider) AdminListenOn() string

func (*Provider) AdminSocketPermission

func (p *Provider) AdminSocketPermission() *UnixPermission

func (*Provider) AllowTLSTerminationFrom

func (p *Provider) AllowTLSTerminationFrom() []string

func (*Provider) AuthCodeLifespan

func (p *Provider) AuthCodeLifespan() time.Duration

func (*Provider) BCryptCost

func (p *Provider) BCryptCost() int

func (*Provider) CGroupsV1AutoMaxProcsEnabled

func (p *Provider) CGroupsV1AutoMaxProcsEnabled() bool

func (*Provider) CORS

func (p *Provider) CORS(iface string) (cors.Options, bool)

func (*Provider) ConsentRequestMaxAge

func (p *Provider) ConsentRequestMaxAge() time.Duration

func (*Provider) ConsentURL

func (p *Provider) ConsentURL() *url.URL

func (*Provider) CookieSameSiteLegacyWorkaround

func (p *Provider) CookieSameSiteLegacyWorkaround() bool

func (*Provider) CookieSameSiteMode

func (p *Provider) CookieSameSiteMode() http.SameSite

func (*Provider) DSN

func (p *Provider) DSN() string

func (*Provider) DataSourcePlugin

func (p *Provider) DataSourcePlugin() string

func (*Provider) DefaultClientScope

func (p *Provider) DefaultClientScope() []string

func (*Provider) EncryptSessionData

func (p *Provider) EncryptSessionData() bool

func (*Provider) EnforcePKCEForPublicClients

func (p *Provider) EnforcePKCEForPublicClients() bool

func (*Provider) ErrorURL

func (p *Provider) ErrorURL() *url.URL

func (*Provider) GetCookieSecrets

func (p *Provider) GetCookieSecrets() [][]byte

func (*Provider) GetRotatedSystemSecrets

func (p *Provider) GetRotatedSystemSecrets() [][]byte

func (*Provider) GetSystemSecret

func (p *Provider) GetSystemSecret() []byte

func (*Provider) GrantAllClientCredentialsScopesPerDefault

func (p *Provider) GrantAllClientCredentialsScopesPerDefault() bool

func (*Provider) IDTokenLifespan

func (p *Provider) IDTokenLifespan() time.Duration

func (*Provider) InsecureRedirects

func (p *Provider) InsecureRedirects() []string

func (*Provider) IsUsingJWTAsAccessTokens

func (p *Provider) IsUsingJWTAsAccessTokens() bool

func (*Provider) IssuerURL

func (p *Provider) IssuerURL() *url.URL

func (*Provider) JWKSURL

func (p *Provider) JWKSURL() *url.URL

func (*Provider) LoginURL

func (p *Provider) LoginURL() *url.URL

func (*Provider) LogoutRedirectURL

func (p *Provider) LogoutRedirectURL() *url.URL

func (*Provider) LogoutURL

func (p *Provider) LogoutURL() *url.URL

func (*Provider) MustSet

func (p *Provider) MustSet(key string, value interface{})

func (*Provider) OAuth2AuthURL

func (p *Provider) OAuth2AuthURL() *url.URL

func (*Provider) OAuth2ClientRegistrationURL

func (p *Provider) OAuth2ClientRegistrationURL() *url.URL

func (*Provider) OAuth2LegacyErrors

func (p *Provider) OAuth2LegacyErrors() bool

func (*Provider) OAuth2TokenURL

func (p *Provider) OAuth2TokenURL() *url.URL

func (*Provider) OIDCDiscoverySupportedClaims

func (p *Provider) OIDCDiscoverySupportedClaims() []string

func (*Provider) OIDCDiscoverySupportedScope

func (p *Provider) OIDCDiscoverySupportedScope() []string

func (*Provider) OIDCDiscoveryUserinfoEndpoint

func (p *Provider) OIDCDiscoveryUserinfoEndpoint() *url.URL

func (*Provider) PKCEEnforced

func (p *Provider) PKCEEnforced() bool

func (*Provider) PublicCORS

func (p *Provider) PublicCORS() (cors.Options, bool)

func (*Provider) PublicDisableHealthAccessLog

func (p *Provider) PublicDisableHealthAccessLog() bool

func (*Provider) PublicListenOn

func (p *Provider) PublicListenOn() string

func (*Provider) PublicSocketPermission

func (p *Provider) PublicSocketPermission() *UnixPermission

func (*Provider) PublicURL

func (p *Provider) PublicURL() *url.URL

func (*Provider) RefreshTokenLifespan

func (p *Provider) RefreshTokenLifespan() time.Duration

func (*Provider) ScopeStrategy

func (p *Provider) ScopeStrategy() string

func (*Provider) ServesHTTPS

func (p *Provider) ServesHTTPS() bool

func (*Provider) Set

func (p *Provider) Set(key string, value interface{}) error

func (*Provider) ShareOAuth2Debug

func (p *Provider) ShareOAuth2Debug() bool

func (*Provider) Source

func (p *Provider) Source() *configx.Provider

func (*Provider) SubjectIdentifierAlgorithmSalt

func (p *Provider) SubjectIdentifierAlgorithmSalt() string

func (*Provider) SubjectTypesSupported

func (p *Provider) SubjectTypesSupported() []string

func (*Provider) Tracing

func (p *Provider) Tracing() *tracing.Config

func (*Provider) WellKnownKeys

func (p *Provider) WellKnownKeys(include ...string) []string

type UnixPermission

type UnixPermission struct {
	Owner string
	Group string
	Mode  os.FileMode
}

func (*UnixPermission) SetPermission

func (p *UnixPermission) SetPermission(file string) error