Documentation
¶
Index ¶
- Constants
- Variables
- func AppendIfNotExisted(targets []string, item string) []string
- func GenerateCodeChallenge(codeVerifier string) string
- func GenerateCodeVerifier() string
- func GenerateSignInUri(option *SignInUriGenerationOptions) (string, error)
- func GenerateSignOutUri(option *SignOutUriGenerationOptions) (string, error)
- func GenerateState() string
- func ParseSignedJwt(token string) (*jwt.JSONWebToken, error)
- func Revoke(client *http.Client, options *RevocationOptions) error
- func VerifyAndParseCodeFromCallbackUri(callbackUri, redirectUri, state string) (string, error)
- func VerifyIdToken(idToken, clientId, issuer string, jwks *jose.JSONWebKeySet) error
- type CodeTokenResponse
- type DirectSignInOptions
- type FetchTokenByAuthorizationCodeOptions
- type FetchTokenByRefreshTokenOptions
- type IdTokenClaims
- type JwksResponse
- type OidcConfigResponse
- type Organization
- type OrganizationAccessTokenClaims
- type RefreshTokenResponse
- type RevocationOptions
- type SignInUriGenerationOptions
- type SignOutUriGenerationOptions
- type UserInfoResponse
Constants ¶
View Source
const ( ReservedScopeOpenId = "openid" ReservedScopeOfflineAccess = "offline_access" )
View Source
const ( UserScopeProfile = "profile" UserScopeEmail = "email" UserScopePhone = "phone" UserScopeCustomData = "custom_data" UserScopeIdentities = "identities" UserScopeRoles = "roles" UserScopeOrganizations = "urn:logto:scope:organizations" UserScopeOrganizationRoles = "urn:logto:scope:organization_roles" )
View Source
const ( QueryKeyClientID = "client_id" QueryKeyRedirectURI = "redirect_uri" QueryKeyCodeChallenge = "code_challenge" QueryKeyCodeChallengeMethod = "code_challenge_method" QueryKeyState = "state" QueryKeyScope = "scope" QueryKeyResource = "resource" QueryKeyResponseType = "response_type" QueryKeyPrompt = "prompt" QueryKeyLoginHint = "login_hint" QueryKeyFirstScreen = "first_screen" QueryKeyIdentifiers = "identifiers" QueryKeyDirectSignIn = "direct_sign_in" )
View Source
const ( IdentifierEmail = "email" IdentifierPhone = "phone" IdentifierUsername = "username" )
View Source
const ( DirectSignInMethodSocial = "social" DirectSignInMethodSso = "sso" )
View Source
const ( PromptConsent = "consent" PromptLogin = "login" )
View Source
const ( FirstScreenSignIn = "sign_in" FirstScreenRegister = "register" FirstScreenResetPassword = "reset_password" FirstScreenSingleSignOn = "single_sign_on" FirstScreenIdentifierSignIn = "identifier:sign_in" FirstScreenIdentifierRegister = "identifier:register" )
View Source
const (
ReservedResourceOrganization = "urn:logto:resource:organizations"
)
View Source
const (
ResponseTypeCode = "code"
)
Variables ¶
View Source
var ( ErrTokenIssuerNotMatch = errors.New("token issuer not match") ErrTokenAudienceNotMatch = errors.New("token audience not match") ErrTokenExpired = errors.New("token expired") ErrTokenIssuedInTheFuture = errors.New("token issued in the future") ErrTokenIssuedInThePast = errors.New("token issued in the past") ErrCallbackUriNotMatchRedirectUri = errors.New("callback uri not match redirect uri") ErrStateNotMatch = errors.New("state not match") ErrCodeNotFoundInCallbackUri = errors.New("code not found in callback uri") )
View Source
var ( DefaultScopes = []string{ ReservedScopeOpenId, ReservedScopeOfflineAccess, UserScopeProfile, } )
View Source
var ISSUED_AT_RESTRICTIONS int64 = 60 // in seconds
Functions ¶
func AppendIfNotExisted ¶
func GenerateCodeChallenge ¶
func GenerateCodeVerifier ¶
func GenerateCodeVerifier() string
func GenerateSignInUri ¶
func GenerateSignInUri(option *SignInUriGenerationOptions) (string, error)
func GenerateSignOutUri ¶
func GenerateSignOutUri(option *SignOutUriGenerationOptions) (string, error)
func GenerateState ¶
func GenerateState() string
func ParseSignedJwt ¶
func ParseSignedJwt(token string) (*jwt.JSONWebToken, error)
func VerifyIdToken ¶
func VerifyIdToken(idToken, clientId, issuer string, jwks *jose.JSONWebKeySet) error
Types ¶
type CodeTokenResponse ¶
type CodeTokenResponse struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
IdToken string `json:"id_token"`
Scope string `json:"scope"`
ExpireIn int `json:"expires_in"`
}
func FetchTokenByAuthorizationCode ¶
func FetchTokenByAuthorizationCode(client *http.Client, options *FetchTokenByAuthorizationCodeOptions) (CodeTokenResponse, error)
type DirectSignInOptions ¶
type IdTokenClaims ¶
type IdTokenClaims struct {
Iss string `json:"iss"`
Sub string `json:"sub"`
Aud string `json:"aud"`
Exp int64 `json:"exp"`
Iat int64 `json:"iat"`
AtHash string `json:"at_hash"`
Name string `json:"name"`
Username string `json:"username"`
Picture string `json:"picture"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
PhoneNumber string `json:"phone_number"`
PhoneNumberVerified bool `json:"phone_number_verified"`
Roles []string `json:"roles"`
Organizations []string `json:"organizations"`
OrganizationRoles []string `json:"organization_roles"`
}
func DecodeIdToken ¶
func DecodeIdToken(token string) (IdTokenClaims, error)
type JwksResponse ¶
type OidcConfigResponse ¶
type OidcConfigResponse struct {
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
RevocationEndpoint string `json:"revocation_endpoint"`
JwksUri string `json:"jwks_uri"`
Issuer string `json:"issuer"`
}
func FetchOidcConfig ¶
func FetchOidcConfig(client *http.Client, endpoint string) (OidcConfigResponse, error)
type Organization ¶
type RefreshTokenResponse ¶
type RefreshTokenResponse = CodeTokenResponse
func FetchTokenByRefreshToken ¶
func FetchTokenByRefreshToken(client *http.Client, options *FetchTokenByRefreshTokenOptions) (RefreshTokenResponse, error)
type RevocationOptions ¶
type SignInUriGenerationOptions ¶
type SignInUriGenerationOptions struct {
AuthorizationEndpoint string
ClientId string
RedirectUri string
CodeChallenge string
State string
Scopes []string
Resources []string
Prompt string
LoginHint string
FirstScreen string
Identifiers []string
DirectSignIn *DirectSignInOptions
ExtraParams map[string]string
IncludeReservedScopes *bool
}
type UserInfoResponse ¶
type UserInfoResponse struct {
Sub string `json:"sub"` // The user's unique ID.
Name string `json:"name"` // The user's full name.
Username string `json:"username"` // The user's username.
Picture string `json:"picture"` // The user's profile picture URL.
Email string `json:"email"` // The user's email address.
EmailVerified bool `json:"email_verified"` // Whether the user's email address is verified.
PhoneNumber string `json:"phone_number"` // The user's phone number.
PhoneNumberVerified bool `json:"phone_number_verified"` // Whether the user's phone number is verified.
CustomData map[string]interface{} `json:"custom_data"` // The user's custom data
Identities map[string]interface{} `json:"identities"` // The user's social identities information
Roles []string `json:"roles"` // The role names of the current user.
Organizations []string `json:"organizations"` // The organization IDs that the user has membership.
// The organization roles that the user has.
// Each role is in the format of `<organization_id>:<role_name>`.
// # Example #
// The following array indicates that user is an admin of org1 and a member of org2:
// “`go
// {"org1:admin", "org2:member"}
// “`
OrganizationRoles []string `json:"organization_roles"`
OrganizationData []Organization `json:"organization_data"` // The organization data that the user has membership.
}
func FetchUserInfo ¶
func FetchUserInfo(userInfoEndpoint, accessToken string) (UserInfoResponse, error)
Source Files
Click to show internal directories.
Click to hide internal directories.