rfc8693

package

v0.1.17 Latest Latest Go to latest Published: Mar 7, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/infratographer/identity-api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rfc8693 contains types and functions for an RFC 8693 Token Exchange service.

Package rfc8693 implements the token exchange grant type per RFC 8693.

Index ¶

Constants
Variables
func NewTokenExchangeHandler(config fositex.OAuth2Configurator, storage any, strategy any) any
type ClaimMappingStrategy
- func NewClaimMappingStrategy(issuerSvc types.IssuerService) ClaimMappingStrategy
- func (m ClaimMappingStrategy) MapClaims(ctx context.Context, claims *jwt.JWTClaims) (jwt.JWTClaimsContainer, error)
type ErrorMissingClaim
- func (e *ErrorMissingClaim) Error() string
type TokenExchangeHandler

Constants ¶

View Source

const (
	// GrantTypeTokenExchange is the grant type for token exchange per RFC 8693.
	GrantTypeTokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange"
	// TokenTypeJWT is the token type for JWT per RFC 8693.
	TokenTypeJWT = "urn:ietf:params:oauth:token-type:jwt"
	// ParamSubjectToken is the OAuth 2.0 request parameter for the subject token.
	ParamSubjectToken = "subject_token"
	// ParamSubjectTokenType is the OAuth 2.0 request parameter for the subject token type.
	ParamSubjectTokenType = "subject_token_type"
	// ParamActorToken is the OAuth 2.0 request parameter for the actor token.
	ParamActorToken = "actor_token"
	// ParamActorTokenType is the OAuth 2.0 request parameter for the actor token type.
	ParamActorTokenType = "actor_token_type"
	// ClaimClientID is the claim for the client ID.
	ClaimClientID = "client_id"
)

Variables ¶

View Source

var (
	// ErrorMissingSub represents an error where the 'sub' claim is missing from the input claims.
	ErrorMissingSub = &ErrorMissingClaim{
		claim: "sub",
	}

	// ErrorMissingIss represents an error where the 'iss' claim is missing from the input claims.
	ErrorMissingIss = &ErrorMissingClaim{
		claim: "iss",
	}
)

View Source

var (
	// ErrJWKSURIProviderNotDefined is returned when the issuer JWKS URI provider is not defined.
	ErrJWKSURIProviderNotDefined = errors.New("no issuer JWKS URI provider defined")
)

Functions ¶

func NewTokenExchangeHandler ¶

func NewTokenExchangeHandler(config fositex.OAuth2Configurator, storage any, strategy any) any

NewTokenExchangeHandler creates a new TokenExchangeHandler,

Types ¶

type ClaimMappingStrategy ¶

type ClaimMappingStrategy struct {
	// contains filtered or unexported fields
}

ClaimMappingStrategy represents a mapping from external identity claims to identity-api claims.

func NewClaimMappingStrategy ¶

func NewClaimMappingStrategy(issuerSvc types.IssuerService) ClaimMappingStrategy

NewClaimMappingStrategy creates a ClaimMappingStrategy given an issuer service.

func (ClaimMappingStrategy) MapClaims ¶

func (m ClaimMappingStrategy) MapClaims(ctx context.Context, claims *jwt.JWTClaims) (jwt.JWTClaimsContainer, error)

MapClaims consumes a set of JWT claims and produces a new set of mapped claims.

type ErrorMissingClaim ¶

type ErrorMissingClaim struct {
	// contains filtered or unexported fields
}

ErrorMissingClaim represents an error where a required claim is missing.

func (*ErrorMissingClaim) Error ¶

func (e *ErrorMissingClaim) Error() string

type TokenExchangeHandler ¶

type TokenExchangeHandler struct {
	// contains filtered or unexported fields
}

TokenExchangeHandler contains the logic for the token exchange grant type. it implements the fosite.TokenEndpointHandler interface.

func (*TokenExchangeHandler) CanHandleTokenEndpointRequest ¶

func (s *TokenExchangeHandler) CanHandleTokenEndpointRequest(_ context.Context, requester fosite.AccessRequester) bool

CanHandleTokenEndpointRequest returns true if the grant type is token exchange.

func (*TokenExchangeHandler) CanSkipClientAuth ¶

func (s *TokenExchangeHandler) CanSkipClientAuth(_ context.Context, _ fosite.AccessRequester) bool

CanSkipClientAuth always returns true, as client auth is not required for token exchange.

func (*TokenExchangeHandler) HandleTokenEndpointRequest ¶

func (s *TokenExchangeHandler) HandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) error

HandleTokenEndpointRequest handles a RFC 8693 token request and provides a response that can be used to generate a token. Currently only supports JWT subject tokens and impersonation semantics.

func (*TokenExchangeHandler) PopulateTokenEndpointResponse ¶

func (s *TokenExchangeHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

PopulateTokenEndpointResponse populates the response with a token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL