Documentation
¶
Index ¶
- Constants
- Variables
- func AddAddressClaims(claims map[string]any, user User)
- func AddEmailClaims(claims map[string]any, user User)
- func AddExtraClaims(claims map[string]any, extraClaims map[string]string, user User, ...)
- func AddPhoneClaims(claims map[string]any, user User)
- func AddProfileClaims(claims map[string]any, user User)
- func AuthorizeHandler(basePath string, tokenService TokenCreator, peopleStore people.Store, ...) http.Handler
- func DiscoveryDocumentHandler(issuer, scope string) http.Handler
- func Error(w http.ResponseWriter, error string, description string, code int)
- func GeneratePrivateKey(keySize int, keyID string) ([]byte, error)
- func IntersectScope(availableScope, requestedScope string) string
- func JwksHandler(publicKeys map[string]any) http.Handler
- func LoadPublicKeys(basePath string, keys []string) (map[string]any, error)
- func NewTokenID(timestamp time.Time) string
- func RevokeHandler(tokenCreator TokenCreator, clientStore clients.Store, trlStore trl.Store) http.Handler
- func ToJwks(publicKeys map[string]any) []jose.JSONWebKey
- func ToPublicKeys(jwks []jose.JSONWebKey) map[string]any
- func TokenHandler(tokenService TokenCreator, peopleStore people.Store, clientStore clients.Store, ...) http.Handler
- func UnmarshalJWKS(bytes []byte) ([]jose.JSONWebKey, error)
- func UserInfoHandler(peopleStore people.Store, extraClaims map[string]string) http.Handler
- type DiscoveryDocument
- type ErrorResponse
- type TokenCreator
- type TokenResponse
- type User
- type VerifiedClaims
Constants ¶
View Source
const ( ClaimClientID = "client_id" ClaimExpiryTime = "exp" ClaimIssuer = "iss" ClaimIssuedAtTime = "iat" ClaimNotBeforeTime = "nbf" ClaimUserID = "user_id" ClaimScope = "scope" ClaimSubject = "sub" ClaimType = "typ" ClaimAudience = "aud" ClaimAccessTokenHash = "at_hash" ClaimNonce = "nonce" ClaimTokenID = "jti" )
View Source
const ( // ErrorInvalidRequest - The request is missing a parameter so the server // can't proceed with the request. This may also be returned if the // request includes an unsupported parameter or repeats a parameter. ErrorInvalidRequest = "invalid_request" // ErrorInvalidClient – Client authentication failed, such as if the // request contains an invalid client ID or secret. Send an HTTP 401 // response in this case. ErrorInvalidClient = "invalid_client" // ErrorInvalidGrant – The authorization code (or user's password for the // password grant type) is invalid or expired. This is also the error you // would return if the redirect URL given in the authorization grant does // not match the URL provided in this access token request. ErrorInvalidGrant = "invalid_grant" // ErrorRedirectURIMismatch - The redirect URI is invalid for the // requested client id ErrorRedirectURIMismatch = "redirect_uri_mismatch" // ErrorUnsupportedGrantType – If a grant type is requested that the // authorization server doesn't recognize, use this code. Note that // unknown grant types also use this specific error code rather than using // the ErrorInvalidRequest above. ErrorUnsupportedGrantType = "unsupported_grant_type" ErrorInternal = "internal_server_error" ErrorNotFound = "not_found" )
View Source
const ( GrantTypeAuthorizationCode = "authorization_code" GrantTypeClientCredentials = "client_credentials" GrantTypeRefreshToken = "refresh_token" GrantTypePassword = "password" TokenTypeCode = "code" TokenTypeRefreshToken = "refresh_token" ResponseTypeCode = "code" ResponseTypeToken = "token" )
View Source
const HeaderKeyID = "KeyID"
View Source
const OIDCDefaultScope = "openid profile email phone address offline_access"
Variables ¶
View Source
var ErrInvalidTokenType = errors.New("invalid token type (typ)")
Functions ¶
func AddAddressClaims ¶ added in v0.3.0
func AddEmailClaims ¶
func AddExtraClaims ¶
func AddPhoneClaims ¶ added in v0.3.0
func AddProfileClaims ¶
func AuthorizeHandler ¶
func IntersectScope ¶
func NewTokenID ¶ added in v0.4.1
func RevokeHandler ¶ added in v0.4.1
func ToPublicKeys ¶ added in v0.4.1
func TokenHandler ¶
func UnmarshalJWKS ¶ added in v0.6.0
Types ¶
type DiscoveryDocument ¶
type DiscoveryDocument struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
JwksURI string `json:"jwks_uri"`
ResponseTypesSupported []string `json:"response_types_supported"`
GrantTypesSupported []string `json:"grant_types_supported"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
ScopesSupported []string `json:"scopes_supported"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
RevocationEndpoint string `json:"revocation_endpoint"`
RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported"`
}
type ErrorResponse ¶
type TokenCreator ¶
type TokenCreator interface {
GenerateAccessToken(user User, subject, clientID, scope string) (string, error)
GenerateIDToken(user User, clientID, scope, accessTokenHash, nonce string) (string, error)
GenerateAuthCode(userID, clientID, scope, challenge, nonce string) (string, error)
GenerateRefreshToken(userID, clientID, scope, nonce string) (string, error)
Verify(rawToken, tokenType string) (*VerifiedClaims, error)
AccessTokenTTL() int64
Issuer() string
}
func NewTokenCreator ¶ added in v0.4.1
func NewTokenCreator(privateKey *rsa.PrivateKey, keyID, issuer, scope string, accessTokenTTL, refreshTokenTTL, idTokenTTL int64, accessTokenExtraClaims, idTokenExtraClaims map[string]string) (TokenCreator, error)
type TokenResponse ¶
type VerifiedClaims ¶ added in v0.4.1
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.