Version: v0.19.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 26, 2022 License: Apache-2.0 Imports: 20 Imported by: 0



Package upstreamoidc implements an abstraction of upstream OIDC provider interactions.



This section is empty.


This section is empty.



type ProviderConfig

type ProviderConfig struct {
	Name                     string
	ResourceUID              types.UID
	UsernameClaim            string
	GroupsClaim              string
	Config                   *oauth2.Config
	Client                   *http.Client
	AllowPasswordGrant       bool
	AdditionalAuthcodeParams map[string]string
	RevocationURL            *url.URL // will commonly be nil: many providers do not offer this
	Provider                 interface {
		Verifier(*coreosoidc.Config) *coreosoidc.IDTokenVerifier
		Claims(v interface{}) error
		UserInfo(ctx context.Context, tokenSource oauth2.TokenSource) (*coreosoidc.UserInfo, error)

ProviderConfig holds the active configuration of an upstream OIDC provider.

func (*ProviderConfig) AllowsPasswordGrant added in v0.11.0

func (p *ProviderConfig) AllowsPasswordGrant() bool

func (*ProviderConfig) ExchangeAuthcodeAndValidateTokens

func (p *ProviderConfig) ExchangeAuthcodeAndValidateTokens(ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, expectedIDTokenNonce nonce.Nonce, redirectURI string) (*oidctypes.Token, error)

func (*ProviderConfig) GetAdditionalAuthcodeParams added in v0.13.0

func (p *ProviderConfig) GetAdditionalAuthcodeParams() map[string]string

func (*ProviderConfig) GetAuthorizationURL

func (p *ProviderConfig) GetAuthorizationURL() *url.URL

func (*ProviderConfig) GetClientID

func (p *ProviderConfig) GetClientID() string

func (*ProviderConfig) GetGroupsClaim

func (p *ProviderConfig) GetGroupsClaim() string

func (*ProviderConfig) GetName

func (p *ProviderConfig) GetName() string

func (*ProviderConfig) GetResourceUID added in v0.13.0

func (p *ProviderConfig) GetResourceUID() types.UID

func (*ProviderConfig) GetRevocationURL added in v0.13.0

func (p *ProviderConfig) GetRevocationURL() *url.URL

func (*ProviderConfig) GetScopes

func (p *ProviderConfig) GetScopes() []string

func (*ProviderConfig) GetUsernameClaim

func (p *ProviderConfig) GetUsernameClaim() string

func (*ProviderConfig) HasUserInfoURL added in v0.13.0

func (p *ProviderConfig) HasUserInfoURL() bool

func (*ProviderConfig) PasswordCredentialsGrantAndValidateTokens added in v0.11.0

func (p *ProviderConfig) PasswordCredentialsGrantAndValidateTokens(ctx context.Context, username, password string) (*oidctypes.Token, error)

func (*ProviderConfig) PerformRefresh added in v0.13.0

func (p *ProviderConfig) PerformRefresh(ctx context.Context, refreshToken string) (*oauth2.Token, error)

func (*ProviderConfig) RevokeToken added in v0.13.0

func (p *ProviderConfig) RevokeToken(ctx context.Context, token string, tokenType provider.RevocableTokenType) error

RevokeToken will attempt to revoke the given token, if the provider has a revocation endpoint. It may return an error wrapped by a RetryableRevocationError, which is an error indicating that it may be worth trying to revoke the same token again later. Any other error returned should be assumed to represent an error such that it is not worth retrying revocation later, even though revocation failed.

func (*ProviderConfig) ValidateTokenAndMergeWithUserInfo added in v0.13.0

func (p *ProviderConfig) ValidateTokenAndMergeWithUserInfo(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce, requireIDToken bool, requireUserInfo bool) (*oidctypes.Token, error)

ValidateTokenAndMergeWithUserInfo will validate the ID token. It will also merge the claims from the userinfo endpoint response, if the provider offers the userinfo endpoint.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL