Documentation

Overview

    Package oidcclient implements a CLI OIDC login flow.

    Index

    Constants

    This section is empty.

    Variables

    This section is empty.

    Functions

    func Login

    func Login(issuer string, clientID string, opts ...Option) (*oidctypes.Token, error)

      Login performs an OAuth2/OIDC authorization code login using a localhost listener.

      Types

      type Option

      type Option func(*handlerState) error

        Option is an optional configuration for Login().

        func WithBrowserOpen

        func WithBrowserOpen(openURL func(url string) error) Option

          WithBrowserOpen overrides the default "open browser" functionality with a custom callback. If not specified, an implementation using https://github.com/pkg/browser will be used by default.

          func WithClient

          func WithClient(httpClient *http.Client) Option

            WithClient sets the HTTP client used to make CLI-to-provider requests.

            func WithContext

            func WithContext(ctx context.Context) Option

              WithContext specifies a specific context.Context under which to perform the login. If this option is not specified, login happens under context.Background().

              func WithListenPort

              func WithListenPort(port uint16) Option

                WithListenPort specifies a TCP listen port on localhost, which will be used for the redirect_uri and to handle the authorization code callback. By default, a random high port will be chosen which requires the authorization server to support wildcard port numbers as described by https://tools.ietf.org/html/rfc8252:

                The authorization server MUST allow any port to be specified at the time of the request for loopback IP redirect URIs, to accommodate clients that obtain an available ephemeral port from the operating system at the time of the request.

                func WithRequestAudience

                func WithRequestAudience(audience string) Option

                  WithRequestAudience causes the login flow to perform an additional token exchange using the RFC8693 flow.

                  func WithScopes

                  func WithScopes(scopes []string) Option

                    WithScopes sets the OAuth2 scopes to request during login. If not specified, it defaults to "offline_access openid email profile".

                    func WithSessionCache

                    func WithSessionCache(cache SessionCache) Option

                      WithSessionCache sets the session cache backend for storing and retrieving previously-issued ID tokens and refresh tokens.

                      type SessionCache

                      type SessionCache interface {
                      	GetToken(SessionCacheKey) *oidctypes.Token
                      	PutToken(SessionCacheKey, *oidctypes.Token)
                      }

                      type SessionCacheKey

                      type SessionCacheKey struct {
                      	Issuer      string   `json:"issuer"`
                      	ClientID    string   `json:"clientID"`
                      	Scopes      []string `json:"scopes"`
                      	RedirectURI string   `json:"redirect_uri"`
                      }

                        SessionCacheKey contains the data used to select a valid session cache entry.

                        Source Files

                        Directories

                        Path Synopsis
                        Package cachefile implements the file format for session caches.
                        Package cachefile implements the file format for session caches.
                        Package nonce implements
                        Package nonce implements
                        Package oidctypes provides core data types for OIDC token structures.
                        Package oidctypes provides core data types for OIDC token structures.