oidc

package

v1.4.3 Latest Latest Go to latest Published: Oct 16, 2016 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/zlabjp/kubernetes

Documentation ¶

Overview ¶

oidc implements the authenticator.Token interface using the OpenID Connect protocol.

config := oidc.OIDCOptions{
	IssuerURL:     "https://accounts.google.com",
	ClientID:      os.Getenv("GOOGLE_CLIENT_ID"),
	UsernameClaim: "email",
}
tokenAuthenticator, err := oidc.New(config)

Index ¶

type OIDCAuthenticator
- func New(opts OIDCOptions) (*OIDCAuthenticator, error)
- func (a *OIDCAuthenticator) AuthenticateToken(value string) (user.Info, bool, error)
- func (a *OIDCAuthenticator) Close()
type OIDCOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OIDCAuthenticator ¶

type OIDCAuthenticator struct {
	// contains filtered or unexported fields
}

func New ¶

func New(opts OIDCOptions) (*OIDCAuthenticator, error)

New creates a token authenticator which validates OpenID Connect ID Tokens.

func (*OIDCAuthenticator) AuthenticateToken ¶

func (a *OIDCAuthenticator) AuthenticateToken(value string) (user.Info, bool, error)

AuthenticateToken decodes and verifies a ID Token using the OIDC client, if the verification succeeds, then it will extract the user info from the JWT claims.

func (*OIDCAuthenticator) Close ¶ added in v1.2.0

func (a *OIDCAuthenticator) Close()

Close stops all goroutines used by the authenticator.

type OIDCOptions ¶ added in v1.3.0

type OIDCOptions struct {
	// IssuerURL is the URL the provider signs ID Tokens as. This will be the "iss"
	// field of all tokens produced by the provider and is used for configuration
	// discovery.
	//
	// The URL is usually the provider's URL without a path, for example
	// "https://accounts.google.com" or "https://login.salesforce.com".
	//
	// The provider must implement configuration discovery.
	// See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
	IssuerURL string

	// ClientID the JWT must be issued for, the "sub" field. This plugin only trusts a single
	// client to ensure the plugin can be used with public providers.
	//
	// The plugin supports the "authorized party" OpenID Connect claim, which allows
	// specialized providers to issue tokens to a client for a different client.
	// See: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
	ClientID string

	// Path to a PEM encoded root certificate of the provider.
	CAFile string

	// UsernameClaim is the JWT field to use as the user's username.
	UsernameClaim string

	// GroupsClaim, if specified, causes the OIDCAuthenticator to try to populate the user's
	// groups with a ID Token field. If the GrouppClaim field is present in a ID Token the value
	// must be a list of strings.
	GroupsClaim string
}

Source Files ¶

View all Source files

oidc.go

Directories ¶

Path	Synopsis
testing

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL