Documentation
¶
Overview ¶
Package google implements OpenID Connect for Google and GSuite.
https://www.pomerium.io/docs/identity-providers/google.html https://developers.google.com/identity/protocols/oauth2/openid-connect
Index ¶
Constants ¶
const (
// Name identifies the Google identity provider
Name = "google"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Provider ¶
Provider is a Google implementation of the Authenticator interface.
func (*Provider) GetSignInURL ¶
GetSignInURL returns a URL to OAuth 2.0 provider's consent page that asks for permissions for the required scopes explicitly. Google requires an additional access scope for offline access which is a requirement for any application that needs to access a Google API when the user is not present. Support for this scope differs between OpenID Connect providers. For instance Google rejects it, favoring appending "access_type=offline" as part of the authorization request instead. Google only provide refresh_token on the first authorization from the user. If user clears cookies, re-authorization will not bring back refresh_token. A work around to this is to add prompt=consent to the OAuth redirect URL and will always return a refresh_token. https://openid.net/specs/openid-connect-core-1_0.html#OfflineAccess
func (*Provider) UserGroups ¶
UserGroups returns a slice of group names a given user is in NOTE: groups via Directory API is limited to 1 QPS! https://developers.google.com/admin-sdk/directory/v1/reference/groups/list https://developers.google.com/admin-sdk/directory/v1/limits
Source Files