options

package
v0.0.44 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 8, 2024 License: MIT Imports: 4 Imported by: 10

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type ClaimsContextKeyName added in v0.0.8 

type ClaimsContextKeyName string

ClaimsContextKeyName is the type for they key value used to pass claims using request context. Using separate type because of the following: https://staticcheck.io/docs/checks#SA1029 

const DefaultClaimsContextKeyName ClaimsContextKeyName = "claims"

DefaultClaimsContextKeyName is of type ClaimsContextKeyName and defaults to "claims"

type ClaimsValidationFn added in v0.0.37 

type ClaimsValidationFn[T any] func(*T) error

ClaimsValidationFn is a generic function to validate calims. If an error is returned, the claims failed the validation. If `nil` is provided instead of a function when configuration the handler, no additional validation of the claims will be done.

type ErrorDescription added in v0.0.16 

type ErrorDescription string

ErrorDescription is used to pass the description of the error to ErrorHandler 

const (
	// GetTokenErrorDescription is returned to ErrorHandler if the middleware is unable to get a token from the request
	GetTokenErrorDescription ErrorDescription = "unable to get token string"
	// ParseTokenErrorDescription is returned to ErrorHandler if the middleware is unable to parse the token extracted from the request
	ParseTokenErrorDescription ErrorDescription = "unable to parse token string"
	// ConvertTokenErrorDescription is returned to ErrorHandler if the middleware is unable to convert the token to a map
	ConvertTokenErrorDescription ErrorDescription = "unable to convert token to map"
)

type ErrorHandler added in v0.0.16 

type ErrorHandler func(ctx context.Context, oidcErr *OidcError) *Response

ErrorHandler is called by the middleware if not nil

type OidcError added in v0.0.42 

type OidcError struct {
	Url     *url.URL
	Headers http.Header
	Error   error
	Status  ErrorDescription
}

OidcError contains context information for the error handler.

type Option 

type Option func(*Options)

Option returns a function that modifies an Options pointer.

func WithAllowedTokenDrift 

func WithAllowedTokenDrift(opt time.Duration) Option

WithAllowedTokenDrift sets the AllowedTokenDrift parameter for an Options pointer. AllowedTokenDrift adds the duration to the token expiration to allow for time drift between parties. Defaults to 10 seconds

func WithClaimsContextKeyName added in v0.0.8 

func WithClaimsContextKeyName(opt string) Option

WithClaimsContextKeyName sets the ClaimsContextKeyName parameter for an Options pointer. ClaimsContextKeyName is the name of key that will be used to pass claims using request context. Not supported by Echo JWT and will be ignored if used by it.

Important note: If you change this using `options.WithClaimsContextKeyName("foo")`, then you also need to use it like this: `claims, ok := r.Context().Value(options.ClaimsContextKeyName("foo")).(map[string]interface{})`

Default: `options.DefaultClaimsContextKeyName` Used like this: “claims, ok := r.Context().Value(options.DefaultClaimsContextKeyName).(map[string]interface{})“

When used with gin, it is converted to normal string - by default: `claimsValue, found := c.Get("claims")`

func WithDisableIssuerValidation added in v0.0.40 

func WithDisableIssuerValidation() Option

WithDisableIssuerValidation will disable the Issuer validation. Use with care, make sure to do some kind of validation inside of the ClaimsValidationFn. Default to false

func WithDisableKeyID 

func WithDisableKeyID(opt bool) Option

WithDisableKeyID sets the DisableKeyID parameter for an Options pointer. DisableKeyID adjusts if a KeyID needs to be extracted from the token or not Defaults to false and means KeyID is required to be present in both the jwks and token The OIDC specification doesn't require KeyID if there's only one key in the jwks: https://openid.net/specs/openid-connect-core-1_0.html#Signing

This also means that if enabled, refresh of the jwks will be done if the token can't be validated due to invalid key. The JWKS fetch will fail if there's more than one key present.

func WithDiscoveryFetchTimeout added in v0.0.27 

func WithDiscoveryFetchTimeout(opt time.Duration) Option

WithDiscoveryFetchTimeout sets the DiscoveryFetchTimeout parameter for an Options pointer. DiscoveryFetchTimeout sets the context timeout when downloading the discovery metadata Defaults to 5 seconds

func WithDiscoveryUri 

func WithDiscoveryUri(opt string) Option

WithDiscoveryUri sets the Issuer parameter for an Options pointer. DiscoveryUri is where the `jwks_uri` will be grabbed Defaults to `fmt.Sprintf("%s/.well-known/openid-configuration", strings.TrimSuffix(issuer, "/"))`

func WithErrorHandler added in v0.0.16 

func WithErrorHandler(opt ErrorHandler) Option

WithErrorHandler sets the ErrorHandler parameter for an Options pointer. You can pass a function to run custom logic on errors, logging as an example. Defaults to nil

func WithFallbackSignatureAlgorithm 

func WithFallbackSignatureAlgorithm(opt string) Option

WithFallbackSignatureAlgorithm sets the FallbackSignatureAlgorithm parameter for an Options pointer. FallbackSignatureAlgorithm needs to be used when the jwks doesn't contain the alg key. If not specified and jwks doesn't contain alg key, will default to: - RS256 for key type (kty) RSA - ES256 for key type (kty) EC

When specified and jwks contains alg key, alg key from jwks will be used.

Example values (one of them): RS256 RS384 RS512 ES256 ES384 ES512

func WithHttpClient 

func WithHttpClient(opt *http.Client) Option

WithHttpClient sets the HttpClient parameter for an Options pointer. HttpClient takes a *http.Client for external calls Defaults to http.DefaultClient

func WithIssuer 

func WithIssuer(opt string) Option

WithIssuer sets the Issuer parameter for Options. Issuer is the authority that issues the tokens

func WithJwksFetchTimeout 

func WithJwksFetchTimeout(opt time.Duration) Option

WithJwksFetchTimeout sets the JwksFetchTimeout parameter for an Options pointer. JwksFetchTimeout sets the context timeout when downloading the jwks Defaults to 5 seconds

func WithJwksRateLimit 

func WithJwksRateLimit(opt uint) Option

WithJwksRateLimit sets the JwksFetchTimeout parameter for an Options pointer. JwksRateLimit takes an uint and makes sure that the jwks will at a maximum be requested these many times per second. Defaults to 1 (Request Per Second) Please observe: Requests that force update of jwks (like wrong keyID) will be rate limited

func WithJwksUri 

func WithJwksUri(opt string) Option

WithJwksUri sets the JwksUri parameter for an Options pointer. JwksUri is used to download the public key(s) Defaults to the `jwks_uri` from the response of DiscoveryUri

func WithLazyLoadJwks 

func WithLazyLoadJwks(opt bool) Option

WithLazyLoadJwks sets the LazyLoadJwks parameter for an Options pointer. LazyLoadJwks makes it possible to use OIDC Discovery without being able to load the keys at startup. Default setting is disabled. Please observe: If enabled, it will always load even though settings may be wrong / not working.

func WithRequiredAudience 

func WithRequiredAudience(opt string) Option

WithRequiredAudience sets the RequiredAudience parameter for an Options pointer. RequiredAudience is used to require a specific Audience `aud` in the claims. Defaults to empty string `""` and means all audiences are allowed.

func WithRequiredTokenType 

func WithRequiredTokenType(opt string) Option

WithRequiredTokenType sets the RequiredTokenType parameter for an Options pointer. RequiredTokenType is used if only specific tokens should be allowed. Default is empty string `""` and means all token types are allowed. Use case could be to configure this if the TokenType (set in the header of the JWT) should be `JWT` or maybe even `JWT+AT` to differentiate between access tokens and id tokens. Not all providers support or use this.

func WithTokenString 

func WithTokenString(setters ...TokenStringOption) Option

WithTokenString sets the TokenString parameter for an Options pointer. TokenString makes it possible to configure how the JWT token should be extracted from an http header. Not supported by Echo JWT and will be ignored if used by it. Defaults to: 'Authorization: Bearer JWT'

type Options 

type Options struct {
	Issuer                     string
	DiscoveryUri               string
	DiscoveryFetchTimeout      time.Duration
	JwksUri                    string
	JwksFetchTimeout           time.Duration
	JwksRateLimit              uint
	FallbackSignatureAlgorithm string
	AllowedTokenDrift          time.Duration
	LazyLoadJwks               bool
	RequiredTokenType          string
	RequiredAudience           string
	DisableKeyID               bool
	DisableIssuerValidation    bool
	HttpClient                 *http.Client
	TokenString                [][]TokenStringOption
	ClaimsContextKeyName       ClaimsContextKeyName
	ErrorHandler               ErrorHandler
}

Options defines the options for OIDC Middleware.

func New added in v0.0.8 

func New(setters ...Option) *Options

New takes Option setters and returns an Options pointer. Mainly used by the internal functions and most likely not needed by any external application using this library.

type Response added in v0.0.42 

type Response struct {
	StatusCode int
	Headers    map[string]string
	Body       []byte
}

Response holds an abstract HTTP response that the framework adapter will render.

func (*Response) ContentType added in v0.0.42 

func (r *Response) ContentType() string

ContentType returns the content-type header from this response, or "applicatin/octet-stream" as per HTTP standard.

type TokenStringOption 

type TokenStringOption func(*TokenStringOptions)

TokenStringOption returns a function that modifies a TokenStringOptions pointer.

func WithTokenStringHeaderName 

func WithTokenStringHeaderName(opt string) TokenStringOption

WithTokenStringHeaderName sets the HeaderName parameter for a TokenStringOptions pointer. HeaderName is the name of the header. Default: "Authorization"

func WithTokenStringListSeparator added in v0.0.10 

func WithTokenStringListSeparator(opt string) TokenStringOption

WithTokenStringListSeparator sets the ListSeparator parameter for a TokenStringOptions pointer. ListSeparator defines if the value of the header is a list or not. The value will be split (up to 20 slices) by the ListSeparator. Default disabled: ""

func WithTokenStringPostExtractionFn added in v0.0.11 

func WithTokenStringPostExtractionFn(opt func(string) (string, error)) TokenStringOption

WithTokenStringPostExtractionFn sets the PostExtractionFn parameter for a TokenStringOptions pointer. PostExtractionFn will be run if not nil after a token has been successfully extracted. Default: nil

func WithTokenStringTokenPrefix added in v0.0.10 

func WithTokenStringTokenPrefix(opt string) TokenStringOption

WithTokenStringTokenPrefix sets the TokenPrefix parameter for a TokenStringOptions pointer. TokenPrefix defines the prefix that should be trimmed from the header value to extract the token. Default: "Bearer "

type TokenStringOptions 

type TokenStringOptions struct {
	HeaderName       string
	TokenPrefix      string
	ListSeparator    string
	PostExtractionFn func(string) (string, error)
}

TokenStringOptions handles the settings for how to extract the token from a request.

func NewTokenString added in v0.0.8 

func NewTokenString(setters ...TokenStringOption) *TokenStringOptions

NewTokenString takes TokenStringOption setters and returns a TokenStringOptions pointer. Mainly used by the internal functions and most likely not needed by any external application using this library.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.