Documentation
¶
Index ¶
- Constants
- Variables
- func FetchUserInfo(endpoint, token string, opts ...ClientOption) (map[string]interface{}, error)
- func ValidateIDToken(token string, keySet jwk.Set) (openid.Token, error)
- type ClientOption
- type ClientOptions
- type DiscoverySpec
- type OpenidConfig
- type OpenidMiddleware
- type TokenType
- type UserInfo
- type UserInfoCache
- type WellKnownConfiguration
Constants ¶
View Source
const (
TokenKey = "token"
)
Variables ¶
View Source
var ( ErrIssuerMismatch = errors.New("issuer mismatch") ErrMissingDiscoveryConfig = errors.New("at least one of 'discovery' or 'wellKnownConfiguration' fields must be set") )
View Source
var ErrMissingRequiredField = errors.New("openid configuration missing required field")
View Source
var (
ErrNoSigningKeyFound = fmt.Errorf("no signing key found in the JWK set")
)
Functions ¶
func FetchUserInfo ¶
func FetchUserInfo(endpoint, token string, opts ...ClientOption) (map[string]interface{}, error)
Types ¶
type ClientOption ¶ added in v0.5.4
type ClientOption func(*ClientOptions)
func WithHTTPClient ¶ added in v0.5.4
func WithHTTPClient(client *http.Client) ClientOption
type ClientOptions ¶ added in v0.5.4
type ClientOptions struct {
// contains filtered or unexported fields
}
type DiscoverySpec ¶
type DiscoverySpec struct {
// Relative path at which to find the openid configuration. If not set,
// defaults to '/.well-known/openid-configuration'.
//+kubebuilder:default=/.well-known/openid-configuration
Path *string `json:"path,omitempty"`
// The OP's Issuer identifier. This must exactly match the issuer URL
// obtained from the discovery endpoint, and will match the `iss' claim
// in the ID Tokens issued by the OP.
Issuer string `json:"issuer"`
// Optional path to the issuer's CA Certificate.
CACert *string `json:"cacert,omitempty"`
}
+k8s:deepcopy-gen=true
func (*DiscoverySpec) DeepCopy ¶ added in v0.9.0
func (in *DiscoverySpec) DeepCopy() *DiscoverySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DiscoverySpec.
func (*DiscoverySpec) DeepCopyInto ¶ added in v0.9.0
func (in *DiscoverySpec) DeepCopyInto(out *DiscoverySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type OpenidConfig ¶
type OpenidConfig struct {
// Discovery and WellKnownConfiguration are mutually exclusive.
// If the OP (openid provider) has a discovery endpoint, it should be
// configured in the Discovery field, otherwise the well-known configuration
// fields can be set manually.
Discovery *DiscoverySpec `json:"discovery,omitempty"`
WellKnownConfiguration *WellKnownConfiguration `json:"wellKnownConfiguration,omitempty"`
// IdentifyingClaim is the claim that will be used to identify the user
// (e.g. "sub", "email", etc). Defaults to "sub".
//+kubebuilder:default=sub
IdentifyingClaim string `json:"identifyingClaim,omitempty"`
}
+k8s:deepcopy-gen=true
func (*OpenidConfig) DeepCopy ¶
func (in *OpenidConfig) DeepCopy() *OpenidConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OpenidConfig.
func (*OpenidConfig) DeepCopyInto ¶
func (in *OpenidConfig) DeepCopyInto(out *OpenidConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*OpenidConfig) GetWellKnownConfiguration ¶
func (oc *OpenidConfig) GetWellKnownConfiguration() (*WellKnownConfiguration, error)
type OpenidMiddleware ¶
type OpenidMiddleware struct {
// contains filtered or unexported fields
}
func New ¶
func New(ctx context.Context, config v1beta1.AuthProviderSpec) (*OpenidMiddleware, error)
func (*OpenidMiddleware) Handle ¶
func (m *OpenidMiddleware) Handle(c *gin.Context)
type UserInfoCache ¶
type UserInfoCache struct {
ClientOptions
// contains filtered or unexported fields
}
func NewUserInfoCache ¶
func NewUserInfoCache( config *OpenidConfig, logger *slog.Logger, opts ...ClientOption, ) (*UserInfoCache, error)
type WellKnownConfiguration ¶
type WellKnownConfiguration struct {
Issuer string `json:"issuer,omitempty"`
AuthEndpoint string `json:"authorization_endpoint,omitempty"`
TokenEndpoint string `json:"token_endpoint,omitempty"`
UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
JwksUri string `json:"jwks_uri,omitempty"`
ScopesSupported []string `json:"scopes_supported,omitempty"`
ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
ResponseModesSupported []string `json:"response_modes_supported,omitempty"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
ClaimsSupported []string `json:"claims_supported,omitempty"`
RequestURIParameterSupported bool `json:"request_uri_parameter_supported,omitempty"`
EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
}
+k8s:deepcopy-gen=true
func (WellKnownConfiguration) CheckRequiredFields ¶
func (w WellKnownConfiguration) CheckRequiredFields() error
func (*WellKnownConfiguration) DeepCopy ¶ added in v0.9.0
func (in *WellKnownConfiguration) DeepCopy() *WellKnownConfiguration
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WellKnownConfiguration.
func (*WellKnownConfiguration) DeepCopyInto ¶ added in v0.9.0
func (in *WellKnownConfiguration) DeepCopyInto(out *WellKnownConfiguration)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
Source Files
Click to show internal directories.
Click to hide internal directories.