oidc

package

v0.10.3 Latest Latest Go to latest Published: Feb 28, 2020 License: GPL-3.0 Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/CSCfi/qvain-api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package oidcclient implements a basic oidc client to authenticate users at an OpenID Connect IdP using the Code flow.

Index ¶

Constants
Variables
func WithAllowDevLogin(val bool) func(*OidcClient)
func WithSkipExpiryCheck(val bool) func(*OidcClient)
type OidcClient
- func NewOidcClient(name string, id string, secret string, redirectUrl string, providerUrl string, ...) (*OidcClient, error)
type OidcClientOption

Constants ¶

View Source

const (
	// DefaultLoginTimeout is the age, in seconds, of the state cookie during OIDC login.
	DefaultLoginTimeout = 600 // 10m

	// DefaultCookiePath sets the URL path cookies from this package are valid for.
	DefaultCookiePath = "/api/auth"
)

Variables ¶

View Source

var ErrMissingCSCUserName = errors.New("Missing CSCUserName field")

View Source

var ErrMissingOrganization = errors.New("Missing Organization field")

User should have home organization

Functions ¶

func WithAllowDevLogin ¶

func WithAllowDevLogin(val bool) func(*OidcClient)

WithAllowDevLogin enables logging in at [login_url]?token=[jwt_id_token] with a custom token. The token is still validated as usual.

func WithSkipExpiryCheck ¶

func WithSkipExpiryCheck(val bool) func(*OidcClient)

WithSkipExpiryCheck disables checking token expiration time, so expired tokens can be used.

Types ¶

type OidcClient ¶

type OidcClient struct {
	Name string

	//OnLogin func(w http.ResponseWriter, r *http.Request, sub string, exp time.Time) error
	//OnLogin func(http.ResponseWriter, *http.Request, *oauth2.Token, *gooidc.IDToken) error
	OnLogin func(http.ResponseWriter, *http.Request, *oauth2.Token, *gooidc.IDToken) error
	// contains filtered or unexported fields
}

OidcClient holds the OpenID Connect and OAuth2 configuration for an authentication provider.

func NewOidcClient ¶

func NewOidcClient(name string, id string, secret string, redirectUrl string,
	providerUrl string, frontendUrl string, options ...OidcClientOption) (*OidcClient, error)

NewOidcClient creates a new OpenID Connect client for the given provider and credentials.

func (*OidcClient) Auth ¶

func (client *OidcClient) Auth() http.HandlerFunc

Auth is a HTTP handler that forwards the OIDC client to the Authorization endpoint.

func (*OidcClient) Callback ¶

func (client *OidcClient) Callback() http.HandlerFunc

Callback is a HTTP handler that takes the callback from the OIDC token endpoint.

func (*OidcClient) DumpToken ¶

func (client *OidcClient) DumpToken(w http.ResponseWriter, token *oauth2.Token, idToken *gooidc.IDToken)

func (*OidcClient) SetLogger ¶

func (client *OidcClient) SetLogger(logger zerolog.Logger)

SetLogger sets the logger for the OIDC client. It is probably not safe to call this after the handlers are instantiated.

type OidcClientOption ¶

type OidcClientOption func(*OidcClient)

OidcClientOption is used for passing optional configuration to a OidcClient.

Source Files ¶

View all Source files

client.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL