- type TokenVerifier
- func (v *TokenVerifier) Callback(ctx context.Context, u *url.URL) (string, string, int, error)
- func (v *TokenVerifier) IssueRedirect(originURL string) string
- func (v *TokenVerifier) Validate(ctx context.Context, token string) (string, bool, string, error)
- func (v *TokenVerifier) VerifierType() common.JWTType
type TokenVerifier ¶
TokenVerifier is an OIDC validator.
NewClient creates a new validator client
Callback is the function that is called back by the IDP to catch the token and perform all other validations. It will return the resulting token, the original URL that was called to initiate the protocol, and the http status response.
func (*TokenVerifier) IssueRedirect ¶
IssueRedirect creates the redirect URL. The URI is created by the provider and it includes a state that is random. The state will be remembered for the return. There is an assumption here that the LBs in front of applications are sticky or the TCP session is re-used. Otherwise, we will need a global state that could introduce additional calls to a central system. TODO: add support for a global state.
Validate checks if the token is valid and returns the claims. The validator maintains an internal cache with tokens to accelerate performance. If the token is not in the cache, it will validate it with the central authorizer.