v0.19.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 26, 2022 License: Apache-2.0 Imports: 16 Imported by: 0



Package downstreamsession provides some shared helpers for creating downstream OIDC sessions.



This section is empty.


This section is empty.


func DownstreamLDAPSubject added in v0.13.0

func DownstreamLDAPSubject(uid string, ldapURL url.URL) string

func DownstreamSubjectFromUpstreamLDAP added in v0.18.0

func DownstreamSubjectFromUpstreamLDAP(ldapUpstream provider.UpstreamLDAPIdentityProviderI, authenticateResponse *authenticators.Response) string

func ExtractStringClaimValue added in v0.13.0

func ExtractStringClaimValue(claimName string, upstreamIDPName string, idTokenClaims map[string]interface{}) (string, error)

func GetDownstreamIdentityFromUpstreamIDToken added in v0.11.0

func GetDownstreamIdentityFromUpstreamIDToken(
	upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI,
	idTokenClaims map[string]interface{},
) (string, string, []string, error)

GetDownstreamIdentityFromUpstreamIDToken returns the mapped subject, username, and group names, in that order.

func GetGroupsFromUpstreamIDToken added in v0.13.0

func GetGroupsFromUpstreamIDToken(
	upstreamIDPConfig provider.UpstreamOIDCIdentityProviderI,
	idTokenClaims map[string]interface{},
) ([]string, error)

GetGroupsFromUpstreamIDToken returns mapped group names coerced into a slice of strings. It returns nil when there is no configured groups claim name, or then when the configured claim name is not found in the provided map of claims. It returns an error when the claim exists but its value cannot be parsed.

func GrantScopesIfRequested

func GrantScopesIfRequested(authorizeRequester fosite.AuthorizeRequester)

GrantScopesIfRequested auto-grants the scopes for which we do not require end-user approval, if they were requested.

func MakeDownstreamLDAPOrADCustomSessionData added in v0.18.0

func MakeDownstreamLDAPOrADCustomSessionData(
	ldapUpstream provider.UpstreamLDAPIdentityProviderI,
	idpType psession.ProviderType,
	authenticateResponse *authenticators.Response,
) *psession.CustomSessionData

func MakeDownstreamOIDCCustomSessionData added in v0.13.0

func MakeDownstreamOIDCCustomSessionData(oidcUpstream provider.UpstreamOIDCIdentityProviderI, token *oidctypes.Token) (*psession.CustomSessionData, error)

func MakeDownstreamSession

func MakeDownstreamSession(subject string, username string, groups []string, custom *psession.CustomSessionData) *psession.PinnipedSession

MakeDownstreamSession creates a downstream OIDC session.


This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL