This section is empty.


This section is empty.


This section is empty.


type DynamicTLSCertProvider

type DynamicTLSCertProvider interface {
	SetIssuerHostToTLSCertMap(issuerToJWKSMap map[string]*tls.Certificate)
	SetDefaultTLSCert(certificate *tls.Certificate)
	GetTLSCert(lowercaseIssuerHostName string) *tls.Certificate
	GetDefaultTLSCert() *tls.Certificate

func NewDynamicTLSCertProvider

func NewDynamicTLSCertProvider() DynamicTLSCertProvider

type DynamicUpstreamIDPProvider

type DynamicUpstreamIDPProvider interface {
	SetIDPList(oidcIDPs []UpstreamOIDCIdentityProviderI)
	GetIDPList() []UpstreamOIDCIdentityProviderI

func NewDynamicUpstreamIDPProvider

func NewDynamicUpstreamIDPProvider() DynamicUpstreamIDPProvider

type FederationDomainIssuer

type FederationDomainIssuer struct {
	// contains filtered or unexported fields

    FederationDomainIssuer represents all of the settings and state for a downstream OIDC provider as defined by a FederationDomain.

    func NewFederationDomainIssuer

    func NewFederationDomainIssuer(issuer string) (*FederationDomainIssuer, error)

    func (*FederationDomainIssuer) Issuer

    func (p *FederationDomainIssuer) Issuer() string

    func (*FederationDomainIssuer) IssuerHost

    func (p *FederationDomainIssuer) IssuerHost() string

    func (*FederationDomainIssuer) IssuerPath

    func (p *FederationDomainIssuer) IssuerPath() string

    type UpstreamOIDCIdentityProviderI

    type UpstreamOIDCIdentityProviderI interface {
    	// A name for this upstream provider, which will be used as a component of the path for the callback endpoint
    	// hosted by the Supervisor.
    	GetName() string
    	// The Oauth client ID registered with the upstream provider to be used in the authorization code flow.
    	GetClientID() string
    	// The Authorization Endpoint fetched from discovery.
    	GetAuthorizationURL() *url.URL
    	// Scopes to request in authorization flow.
    	GetScopes() []string
    	// ID Token username claim name. May return empty string, in which case we will use some reasonable defaults.
    	GetUsernameClaim() string
    	// ID Token groups claim name. May return empty string, in which case we won't try to read groups from the upstream provider.
    	GetGroupsClaim() string
    	// Performs upstream OIDC authorization code exchange and token validation.
    	// Returns the validated raw tokens as well as the parsed claims of the ID token.
    		ctx context.Context,
    		authcode string,
    		pkceCodeVerifier pkce.Code,
    		expectedIDTokenNonce nonce.Nonce,
    		redirectURI string,
    	) (*oidctypes.Token, error)
    	ValidateToken(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce) (*oidctypes.Token, error)


    Path Synopsis