Documentation
¶
Index ¶
- Variables
- type Connector
- func (g *Connector) ConfigFields() []plugin.ConfigField
- func (g *Connector) ConfigReceiver(config []byte) error
- func (g *Connector) ConnectorLogoSVG() string
- func (g *Connector) ConnectorName() plugin.Translator
- func (g *Connector) ConnectorReceiver(ctx *plugin.GinContext, receiverURL string) (userInfo plugin.ExternalLoginUserInfo, err error)
- func (g *Connector) ConnectorSender(ctx *plugin.GinContext, receiverURL string) (redirectURL string)
- func (g *Connector) ConnectorSlugName() string
- func (g *Connector) Info() plugin.Info
- type ConnectorConfig
Constants ¶
This section is empty.
Variables ¶
View Source
var ( //go:embed info.yaml Info embed.FS )
Functions ¶
This section is empty.
Types ¶
type Connector ¶
type Connector struct {
Config *ConnectorConfig
}
func (*Connector) ConfigFields ¶
func (g *Connector) ConfigFields() []plugin.ConfigField
func (*Connector) ConfigReceiver ¶
func (*Connector) ConnectorLogoSVG ¶
func (*Connector) ConnectorName ¶
func (g *Connector) ConnectorName() plugin.Translator
func (*Connector) ConnectorReceiver ¶
func (g *Connector) ConnectorReceiver(ctx *plugin.GinContext, receiverURL string) (userInfo plugin.ExternalLoginUserInfo, err error)
ConnectorReceiver handles the OAuth2 / OIDC callback:
- Verifies the state cookie (always — CSRF guard).
- Exchanges the authorization code for an access token. When PKCE is enabled the exchange is done via a raw HTTP POST so the code_verifier can be included; otherwise the oauth2 library is used.
- Fetches the user JSON from the configured (or discovered) userinfo URL and extracts fields via gjson paths.
func (*Connector) ConnectorSender ¶
func (g *Connector) ConnectorSender(ctx *plugin.GinContext, receiverURL string) (redirectURL string)
ConnectorSender builds the authorization URL.
- A random state value is always stored in a short-lived cookie for CSRF protection.
- When PKCE is enabled a code_verifier is generated, stored in a cookie, and the S256 code_challenge is appended to the authorization URL.
- When IssuerURL is set the authorization endpoint is resolved via OIDC discovery.
func (*Connector) ConnectorSlugName ¶
type ConnectorConfig ¶
type ConnectorConfig struct {
Name string `json:"name"`
// OIDC auto-discovery — if set, authorize_url / token_url / user_json_url
// are populated automatically from {issuer}/.well-known/openid-configuration.
// Manual URL fields below take precedence when both are provided.
IssuerURL string `json:"issuer_url"`
ClientID string `json:"client_id"`
ClientSecret string `json:"client_secret"`
AuthorizeUrl string `json:"authorize_url"`
TokenUrl string `json:"token_url"`
UserJsonUrl string `json:"user_json_url"`
UserIDJsonPath string `json:"user_id_json_path"`
UserDisplayNameJsonPath string `json:"user_display_name_json_path"`
UserUsernameJsonPath string `json:"user_username_json_path"`
UserEmailJsonPath string `json:"user_email_json_path"`
UserAvatarJsonPath string `json:"user_avatar_json_path"`
CheckEmailVerified bool `json:"check_email_verified"`
EmailVerifiedJsonPath string `json:"email_verified_json_path"`
Scope string `json:"scope"`
LogoSVG string `json:"logo_svg"`
// Security options
EnablePKCE bool `json:"enable_pkce"`
SkipTLSVerify bool `json:"skip_tls_verify"`
}
ConnectorConfig holds all admin-configurable options.
Click to show internal directories.
Click to hide internal directories.