Documentation
¶
Overview ¶
Package identity provides support for making OpenID Connect (OIDC) and OAuth2 authenticated HTTP requests with third party identity providers.
Index ¶
- Variables
- func RegisterAuthenticator(name string, ctor AuthenticatorConstructor)
- type Authenticator
- type AuthenticatorConstructor
- type Claims
- type FlattenedClaims
- type MockProvider
- func (mp MockProvider) Authenticate(context.Context, string, identity.State) (*oauth2.Token, error)
- func (mp MockProvider) DeviceAccessToken(_ context.Context, _ *oauth2.DeviceAuthResponse, _ identity.State) (*oauth2.Token, error)
- func (mp MockProvider) DeviceAuth(_ context.Context) (*oauth2.DeviceAuthResponse, error)
- func (mp MockProvider) Name() string
- func (mp MockProvider) Refresh(context.Context, *oauth2.Token, identity.State) (*oauth2.Token, error)
- func (mp MockProvider) Revoke(_ context.Context, _ *oauth2.Token) error
- func (mp MockProvider) SignIn(_ http.ResponseWriter, _ *http.Request, _ string) error
- func (mp MockProvider) SignOut(_ http.ResponseWriter, _ *http.Request, _, _, _ string) error
- func (mp MockProvider) UpdateUserInfo(_ context.Context, _ *oauth2.Token, _ any) error
- func (mp MockProvider) VerifyAccessToken(_ context.Context, _ string) (claims map[string]any, err error)
- func (mp MockProvider) VerifyIdentityToken(_ context.Context, _ string) (claims map[string]any, err error)
- type SessionClaims
- type State
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrVerifyAccessTokenNotSupported = identity.ErrVerifyAccessTokenNotSupported ErrVerifyIdentityTokenNotSupported = identity.ErrVerifyIdentityTokenNotSupported )
re-exported errors
Functions ¶
func RegisterAuthenticator ¶
func RegisterAuthenticator(name string, ctor AuthenticatorConstructor)
RegisterAuthenticator registers a new Authenticator.
Types ¶
type Authenticator ¶
type Authenticator interface {
Authenticate(context.Context, string, State) (*oauth2.Token, error)
Refresh(context.Context, *oauth2.Token, State) (*oauth2.Token, error)
Revoke(context.Context, *oauth2.Token) error
Name() string
UpdateUserInfo(ctx context.Context, t *oauth2.Token, v any) error
VerifyAccessToken(ctx context.Context, rawAccessToken string) (claims map[string]any, err error)
VerifyIdentityToken(ctx context.Context, rawIdentityToken string) (claims map[string]any, err error)
SignIn(w http.ResponseWriter, r *http.Request, state string) error
SignOut(w http.ResponseWriter, r *http.Request, idTokenHint, authenticateSignedOutURL, redirectToURL string) error
DeviceAuth(ctx context.Context) (*oauth2.DeviceAuthResponse, error)
DeviceAccessToken(ctx context.Context, r *oauth2.DeviceAuthResponse, state State) (*oauth2.Token, error)
}
Authenticator is an interface representing the ability to authenticate with an identity provider.
func GetIdentityProvider ¶ added in v0.30.0
func GetIdentityProvider( ctx context.Context, tracerProvider oteltrace.TracerProvider, idp *identitypb.Provider, redirectURL *url.URL, overwriteIDTokenOnRefresh bool, ) (Authenticator, error)
func NewAuthenticator ¶
func NewAuthenticator(ctx context.Context, tracerProvider oteltrace.TracerProvider, o oauth.Options) (a Authenticator, err error)
NewAuthenticator returns a new identity provider based on its name.
type AuthenticatorConstructor ¶
AuthenticatorConstructor makes an Authenticator from the given options.
type Claims ¶
Claims are JWT claims.
func NewClaimsFromRaw ¶
func NewClaimsFromRaw(raw map[string]json.RawMessage) Claims
NewClaimsFromRaw creates a new Claims map from a map of raw messages.
func (Claims) Flatten ¶
func (claims Claims) Flatten() FlattenedClaims
Flatten flattens the claims to a FlattenedClaims map. For example:
{ "a": { "b": { "c": 12345 } } } => { "a.b.c": [12345] }
func (*Claims) UnmarshalJSON ¶
UnmarshalJSON unmarshals the raw json data into the claims object.
type FlattenedClaims ¶
FlattenedClaims are a set claims flattened into a single-level map.
func NewFlattenedClaimsFromPB ¶
func NewFlattenedClaimsFromPB(m map[string]*structpb.ListValue) FlattenedClaims
NewFlattenedClaimsFromPB creates a new FlattenedClaims from the protobuf struct type.
func (FlattenedClaims) ToPB ¶
func (claims FlattenedClaims) ToPB() map[string]*structpb.ListValue
ToPB converts the flattened claims into a protobuf type.
func (*FlattenedClaims) UnmarshalJSON ¶
func (claims *FlattenedClaims) UnmarshalJSON(data []byte) error
UnmarshalJSON unmarshals JSON into the flattened claims.
type MockProvider ¶
type MockProvider struct {
AuthenticateResponse oauth2.Token
AuthenticateError error
RefreshResponse oauth2.Token
RefreshError error
RevokeError error
UpdateUserInfoError error
SignInError error
SignOutError error
DeviceAuthResponse oauth2.DeviceAuthResponse
DeviceAuthError error
DeviceAccessTokenResponse oauth2.Token
DeviceAccessTokenError error
}
MockProvider provides a mocked implementation of the providers interface.
func (MockProvider) Authenticate ¶
Authenticate is a mocked providers function.
func (MockProvider) DeviceAccessToken ¶ added in v0.30.0
func (mp MockProvider) DeviceAccessToken(_ context.Context, _ *oauth2.DeviceAuthResponse, _ identity.State) (*oauth2.Token, error)
DeviceAccessToken implements Authenticator.
func (MockProvider) DeviceAuth ¶ added in v0.30.0
func (mp MockProvider) DeviceAuth(_ context.Context) (*oauth2.DeviceAuthResponse, error)
DeviceAuth implements Authenticator.
func (MockProvider) Refresh ¶
func (mp MockProvider) Refresh(context.Context, *oauth2.Token, identity.State) (*oauth2.Token, error)
Refresh is a mocked providers function.
func (MockProvider) SignIn ¶
func (mp MockProvider) SignIn(_ http.ResponseWriter, _ *http.Request, _ string) error
SignIn is a mocked providers function.
func (MockProvider) SignOut ¶
func (mp MockProvider) SignOut(_ http.ResponseWriter, _ *http.Request, _, _, _ string) error
SignOut is a mocked providers function.
func (MockProvider) UpdateUserInfo ¶
UpdateUserInfo is a mocked providers function.
func (MockProvider) VerifyAccessToken ¶ added in v0.29.0
func (mp MockProvider) VerifyAccessToken(_ context.Context, _ string) (claims map[string]any, err error)
VerifyAccessToken verifies an access token.
func (MockProvider) VerifyIdentityToken ¶ added in v0.29.0
func (mp MockProvider) VerifyIdentityToken(_ context.Context, _ string) (claims map[string]any, err error)
VerifyIdentityToken verifies an identity token.
type SessionClaims ¶
SessionClaims are claims that are attached to a session so we can store the raw id token.
func (*SessionClaims) SetRawIDToken ¶
func (claims *SessionClaims) SetRawIDToken(rawIDToken string)
SetRawIDToken sets the raw id token.
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
Package identity is a package to avoid a dependency cycle.
|
Package identity is a package to avoid a dependency cycle. |
|
Package manager contains an identity manager responsible for refreshing sessions and creating users.
|
Package manager contains an identity manager responsible for refreshing sessions and creating users. |
|
Package oauth provides support for making OAuth2 authorized and authenticated HTTP requests, as specified in RFC 6749.
|
Package oauth provides support for making OAuth2 authorized and authenticated HTTP requests, as specified in RFC 6749. |
|
apple
Package apple implements OpenID Connect for apple
|
Package apple implements OpenID Connect for apple |
|
github
Package github implements OAuth2 based authentication for github
|
Package github implements OAuth2 based authentication for github |
|
Package oidc implements a generic OpenID Connect provider.
|
Package oidc implements a generic OpenID Connect provider. |
|
auth0
Package auth0 implements OpenID Connect for auth0
|
Package auth0 implements OpenID Connect for auth0 |
|
azure
Package azure implements OpenID Connect for Microsoft Azure
|
Package azure implements OpenID Connect for Microsoft Azure |
|
cognito
Package cognito provides support for AWS Cognito
|
Package cognito provides support for AWS Cognito |
|
gitlab
Package gitlab implements OpenID Connect for Gitlab
|
Package gitlab implements OpenID Connect for Gitlab |
|
google
Package google implements OpenID Connect for Google and GSuite.
|
Package google implements OpenID Connect for Google and GSuite. |
|
okta
Package okta implements OpenID Connect for okta
|
Package okta implements OpenID Connect for okta |
|
onelogin
Package onelogin implements OpenID Connect for OneLogin
|
Package onelogin implements OpenID Connect for OneLogin |
|
ping
Package ping implements OpenID Connect for Ping
|
Package ping implements OpenID Connect for Ping |
Click to show internal directories.
Click to hide internal directories.