oidc

package
v0.15.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 22, 2021 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Overview

Package oidc implements a generic OpenID Connect provider.

https://openid.net/specs/openid-connect-core-1_0.html

Index

Constants

View Source 
const Name = "oidc"

Name identifies the generic OpenID Connect provider.

Variables

View Source 
var ErrMissingAccessToken = errors.New("identity/oidc: missing access token")

ErrMissingAccessToken is returned when no access token was found.

View Source 
var ErrMissingIDToken = errors.New("identity/oidc: missing id_token")

ErrMissingIDToken is returned when (usually on refresh) and identity provider failed to include an id_token in a oauth2 token.

View Source 
var ErrMissingProviderURL = errors.New("identity/oidc: missing provider url")

ErrMissingProviderURL is returned when an identity provider requires a provider url does not receive one.

View Source 
var ErrMissingRefreshToken = errors.New("identity/oidc: missing refresh token")

ErrMissingRefreshToken is returned if no refresh token was found.

View Source 
var ErrRevokeNotImplemented = errors.New("identity/oidc: revoke not implemented")

ErrRevokeNotImplemented is returned when revoke is not implemented by an identity provider.

View Source 
var ErrSignoutNotImplemented = errors.New("identity/oidc: end session not implemented")

ErrSignoutNotImplemented is returned when end session is not implemented by an identity provider https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated

Functions

This section is empty.

Types

type Option added in v0.12.2 

type Option func(*config)

An Option customizes the config.

func WithGetOauthConfig added in v0.12.2 

func WithGetOauthConfig(f func(provider *oidc.Provider) *oauth2.Config) Option

WithGetOauthConfig sets the getOauthConfig function in the config.

func WithGetProvider added in v0.12.2 

func WithGetProvider(f func() (*oidc.Provider, error)) Option

WithGetProvider sets the getProvider function in the config.

func WithGetVerifier added in v0.12.2 

func WithGetVerifier(f func(*oidc.Provider) *oidc.IDTokenVerifier) Option

WithGetVerifier sets the getVerifier function in the config.

type Provider 

type Provider struct {

	// RevocationURL is the location of the OAuth 2.0 token revocation endpoint.
	// https://tools.ietf.org/html/rfc7009
	RevocationURL string `json:"revocation_endpoint,omitempty"`

	// EndSessionURL is another endpoint that can be used by other identity
	// providers that doesn't implement the revocation endpoint but a logout session.
	// https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated
	EndSessionURL string `json:"end_session_endpoint,omitempty"`

	// AuthCodeOptions specifies additional key value pairs query params to add
	// to the request flow signin url.
	AuthCodeOptions map[string]string
	// contains filtered or unexported fields
}

Provider provides a standard, OpenID Connect implementation of an authorization identity provider. https://openid.net/specs/openid-connect-core-1_0.html

func New 

func New(ctx context.Context, o *oauth.Options, options ...Option) (*Provider, error)

New creates a new instance of a generic OpenID Connect provider.

func (*Provider) Authenticate 

func (p *Provider) Authenticate(ctx context.Context, code string, v identity.State) (*oauth2.Token, error)

Authenticate converts an authorization code returned from the identity provider into a token which is then converted into a user session.

func (*Provider) GetOauthConfig added in v0.12.2 

func (p *Provider) GetOauthConfig() (*oauth2.Config, error)

GetOauthConfig gets the oauth.

func (*Provider) GetProvider added in v0.12.2 

func (p *Provider) GetProvider() (*go_oidc.Provider, error)

GetProvider gets the underlying oidc Provider.

func (*Provider) GetSignInURL 

func (p *Provider) GetSignInURL(state string) (string, error)

GetSignInURL returns the url of the provider's OAuth 2.0 consent page that asks for permissions for the required scopes explicitly.

State is a token to protect the user from CSRF attacks. You must always provide a non-empty string and validate that it matches the the state query parameter on your redirect callback. See http://tools.ietf.org/html/rfc6749#section-10.12 for more info.

func (*Provider) GetSubject added in v0.9.0 

func (p *Provider) GetSubject(v interface{}) (string, error)

GetSubject gets the RFC 7519 Subject claim (`sub`) from a

func (*Provider) GetVerifier added in v0.12.2 

func (p *Provider) GetVerifier() (*go_oidc.IDTokenVerifier, error)

GetVerifier gets the verifier.

func (*Provider) LogOut 

func (p *Provider) LogOut() (*url.URL, error)

LogOut returns the EndSessionURL endpoint to allow a logout session to be initiated. https://openid.net/specs/openid-connect-frontchannel-1_0.html#RPInitiated

func (*Provider) Name added in v0.11.0 

func (p *Provider) Name() string

Name returns the provider name.

func (*Provider) Refresh 

func (p *Provider) Refresh(ctx context.Context, t *oauth2.Token, v identity.State) (*oauth2.Token, error)

Refresh renews a user's session using an oidc refresh token without reprompting the user. Group membership is also refreshed. https://openid.net/specs/openid-connect-core-1_0.html#RefreshTokens

func (*Provider) Revoke 

func (p *Provider) Revoke(ctx context.Context, t *oauth2.Token) error

Revoke enables a user to revoke her token. If the identity provider does not support revocation an error is thrown.

https://tools.ietf.org/html/rfc7009#section-2.1

func (*Provider) UpdateUserInfo added in v0.10.0 

func (p *Provider) UpdateUserInfo(ctx context.Context, t *oauth2.Token, v interface{}) error

UpdateUserInfo calls the OIDC (spec required) UserInfo Endpoint as well as any groups endpoint (non-spec) to populate the rest of the user's information.

https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

Source Files

View all Source files

Directories

Path Synopsis
Package auth0 implements OpenID Connect for auth0 https://www.pomerium.io/docs/identity-providers/auth0.html
 Package auth0 implements OpenID Connect for auth0 https://www.pomerium.io/docs/identity-providers/auth0.html
Package azure implements OpenID Connect for Microsoft Azure https://www.pomerium.io/docs/identity-providers/azure.html
 Package azure implements OpenID Connect for Microsoft Azure https://www.pomerium.io/docs/identity-providers/azure.html
Package gitlab implements OpenID Connect for Gitlab https://www.pomerium.io/docs/identity-providers/gitlab.html
 Package gitlab implements OpenID Connect for Gitlab https://www.pomerium.io/docs/identity-providers/gitlab.html
Package google implements OpenID Connect for Google and GSuite.
 Package google implements OpenID Connect for Google and GSuite.
Package okta implements OpenID Connect for okta https://www.pomerium.io/docs/identity-providers/okta.html
 Package okta implements OpenID Connect for okta https://www.pomerium.io/docs/identity-providers/okta.html
Package onelogin implements OpenID Connect for OneLogin https://www.pomerium.io/docs/identity-providers/one-login.html
 Package onelogin implements OpenID Connect for OneLogin https://www.pomerium.io/docs/identity-providers/one-login.html
Package ping implements OpenID Connect for Ping https://www.pomerium.io/docs/identity-providers/ping.html
 Package ping implements OpenID Connect for Ping https://www.pomerium.io/docs/identity-providers/ping.html

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.