Documentation
¶
Index ¶
- Constants
- Variables
- type Claims
- type Configuration
- type ConfigurationCollection
- type CredentialsConfig
- type Provider
- type ProviderGenericOIDC
- type ProviderGitHub
- type ProviderGoogle
- type RequestMethod
- type Strategy
- func (s *Strategy) Config() (*ConfigurationCollection, error)
- func (s *Strategy) ID() identity.CredentialsType
- func (s *Strategy) LoginStrategyID() identity.CredentialsType
- func (s *Strategy) PopulateLoginMethod(r *http.Request, sr *login.Request) error
- func (s *Strategy) PopulateRegistrationMethod(r *http.Request, sr *registration.Request) error
- func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
- func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)
- func (s *Strategy) RegistrationStrategyID() identity.CredentialsType
- func (s *Strategy) WithTokenGenerator(g form.CSRFGenerator)
- type ValidationExtension
Constants ¶
View Source
const ( BasePath = "/self-service/browser/flows/registration/strategies/oidc" AuthPath = BasePath + "/auth/:request" CallbackPath = BasePath + "/callback/:provider" )
Variables ¶
View Source
var ( ErrScopeMissing = herodot.ErrBadRequest. WithError("authentication failed because a required scope was not granted"). WithReasonf(`Unable to finish because one or more permissions were not granted. Please retry and accept all permissions.`) ErrIDTokenMissing = herodot.ErrBadRequest. WithError("authentication failed because id_token is missing"). WithReasonf(`Authentication failed because no id_token was returned. Please accept the "openid" permission and try again.`) )
Functions ¶
This section is empty.
Types ¶
type Claims ¶
type Claims struct {
Issuer string `json:"iss,omitempty"`
Subject string `json:"sub,omitempty"`
Name string `json:"name,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
LastName string `json:"last_name,omitempty"`
MiddleName string `json:"middle_name,omitempty"`
Nickname string `json:"nickname,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
Profile string `json:"profile,omitempty"`
Picture string `json:"picture,omitempty"`
Website string `json:"website,omitempty"`
Email string `json:"email,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
Gender string `json:"gender,omitempty"`
Birthdate string `json:"birthdate,omitempty"`
Zoneinfo string `json:"zoneinfo,omitempty"`
Locale string `json:"locale,omitempty"`
PhoneNumber string `json:"phone_number,omitempty"`
PhoneNumberVerified bool `json:"phone_number_verified,omitempty"`
UpdatedAt int64 `json:"updated_at,omitempty"`
}
type Configuration ¶
type Configuration struct {
// RequestID is the provider RequestID
ID string `json:"id"`
// Provider is either "generic" for a generic OAuth 2.0 / OpenID Connect Provider or one of:
// - generic
// - google
Provider string `json:"provider"`
// ClientID is the application's RequestID.
ClientID string `json:"client_id"`
// ClientSecret is the application's secret.
ClientSecret string `json:"client_secret"`
// IssuerURL is the OpenID Connect Server URL. You can leave this empty if `provider` is not set to `generic`.
// If set, neither `auth_url` nor `token_url` are required.
IssuerURL string `json:"issuer_url"`
// AuthURL is the authorize url, typically something like: https://example.org/oauth2/auth
// Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when
// `provider` is set to `generic`.
AuthURL string `json:"auth_url"`
// TokenURL is the token url, typically something like: https://example.org/oauth2/token
// Should only be used when the OAuth2 / OpenID Connect server is not supporting OpenID Connect Discovery and when
// `provider` is set to `generic`.
TokenURL string `json:"token_url"`
// Scope specifies optional requested permissions.
Scope []string `json:"scope"`
SchemaURL string `json:"schema_url"`
}
type ConfigurationCollection ¶
type ConfigurationCollection struct {
Providers []Configuration `json:"providers"`
}
type CredentialsConfig ¶
swagger:model oidcStrategyCredentialsConfig
type ProviderGenericOIDC ¶
type ProviderGenericOIDC struct {
// contains filtered or unexported fields
}
func NewProviderGenericOIDC ¶
func NewProviderGenericOIDC( config *Configuration, public *url.URL, ) *ProviderGenericOIDC
func (*ProviderGenericOIDC) Config ¶
func (g *ProviderGenericOIDC) Config() *Configuration
type ProviderGitHub ¶
type ProviderGitHub struct {
// contains filtered or unexported fields
}
func NewProviderGitHub ¶
func NewProviderGitHub( config *Configuration, public *url.URL, ) *ProviderGitHub
func (*ProviderGitHub) Config ¶
func (g *ProviderGitHub) Config() *Configuration
type ProviderGoogle ¶
type ProviderGoogle struct {
*ProviderGenericOIDC
}
func NewProviderGoogle ¶
func NewProviderGoogle( config *Configuration, public *url.URL, ) *ProviderGoogle
type RequestMethod ¶
swagger:model oidcStrategyRequestMethod
func NewRequestMethodConfig ¶
func NewRequestMethodConfig(f *form.HTMLForm) *RequestMethod
func (*RequestMethod) AddProviders ¶
func (r *RequestMethod) AddProviders(providers []Configuration) *RequestMethod
type Strategy ¶
type Strategy struct {
// contains filtered or unexported fields
}
Strategy implements selfservice.LoginStrategy, selfservice.RegistrationStrategy. It supports both login and registration via OpenID Providers.
func NewStrategy ¶
func NewStrategy( d dependencies, c configuration.Provider, ) *Strategy
func (*Strategy) Config ¶
func (s *Strategy) Config() (*ConfigurationCollection, error)
func (*Strategy) ID ¶
func (s *Strategy) ID() identity.CredentialsType
func (*Strategy) LoginStrategyID ¶
func (s *Strategy) LoginStrategyID() identity.CredentialsType
func (*Strategy) PopulateLoginMethod ¶
func (*Strategy) PopulateRegistrationMethod ¶
func (*Strategy) RegisterLoginRoutes ¶
func (s *Strategy) RegisterLoginRoutes(r *x.RouterPublic)
func (*Strategy) RegisterRegistrationRoutes ¶
func (s *Strategy) RegisterRegistrationRoutes(r *x.RouterPublic)
func (*Strategy) RegistrationStrategyID ¶
func (s *Strategy) RegistrationStrategyID() identity.CredentialsType
func (*Strategy) WithTokenGenerator ¶
func (s *Strategy) WithTokenGenerator(g form.CSRFGenerator)
type ValidationExtension ¶
type ValidationExtension struct {
// contains filtered or unexported fields
}
func NewValidationExtension ¶
func NewValidationExtension() *ValidationExtension
func (*ValidationExtension) Call ¶
func (e *ValidationExtension) Call(value interface{}, config *schema.Extension, context *gojsonschema.JsonContext) error
func (*ValidationExtension) Values ¶
func (e *ValidationExtension) Values() json.RawMessage
func (*ValidationExtension) WithIdentity ¶
func (e *ValidationExtension) WithIdentity(i *identity.Identity) identity.ValidationExtender
Source Files
Click to show internal directories.
Click to hide internal directories.