Documentation ¶
Overview ¶
Package oidc provides ...
Package oidc provides ...
Package oidc provides ...
Package oidc provides ...
Package oidc provides ...
Package oidc provides ...
Package oidc provides ...
Package oidc provides ...
Package oidc provides ...
Index ¶
- Constants
- func ParseMatchURL(baseURL, redirectURL string) (retBaseURL, retRedirectURL *url.URL, err error)
- func ValidateClientSecret(client protocol.Client, secret string) bool
- func ValidateCodeChallenge(codeChall string, codeChallMethod protocol.CodeChallengeMethod) (protocol.CodeChallengeMethod, bool)
- func ValidateGrantType(types []protocol.GrantType, ty protocol.GrantType) bool
- func ValidateIDTokenHint(idTokenHit string) (string, error)
- func ValidateOfflineAccess(prompt []string, scopes []string) ([]string, bool, error)
- func ValidatePrompt(prompts []string, maxAge int) (int, error)
- func ValidateScopes(cli protocol.Client, scopes []string, defaultScopes []string, ...) ([]string, bool, bool)
- func ValidateTokenHint(hint protocol.TokenTypeHint) bool
- func ValidateURI(baseURI, redirectURI string) (realRedirectURI string, err error)
- func ValidateURIList(baseURIList, redirectURI, separator string) (realRedirectURI string, err error)
- type BasicAuth
- type Option
- func WithAllowClientSecretInParams(allow bool) Option
- func WithAllowGetAccessRequest(allow bool) Option
- func WithDefaultScopes(scopes []protocol.Scope) Option
- func WithForcePKCEForPublicClients(force bool) Option
- func WithRedirectURISeparator(s string) Option
- func WithRetainTokenAfterRefresh(s bool) Option
- func WithSession(sess protocol.Session) Option
- func WithStorage(storage protocol.Storage) Option
- func WithSupportedRequestObject(s bool) Option
- func WithTokenType(ty TokenType) Option
- type Options
- type ResponseTypeOK
- type Server
- func (s *Server) FinishAuthorizeRequest(resp *protocol.Response, r *http.Request, req *protocol.AuthorizeRequest)
- func (s *Server) FinishCheckSessionRequest(resp *protocol.Response, w http.ResponseWriter, ...)
- func (s *Server) FinishEndSessionRequest(resp *protocol.Response, r *http.Request, req *protocol.EndSessionRequest)
- func (s *Server) FinishRevocationRequest(resp *protocol.Response, r *http.Request, req *protocol.RevocationRequest)
- func (s *Server) FinishTokenRequest(resp *protocol.Response, r *http.Request, req *protocol.AccessRequest)
- func (s *Server) FinishUserInfoRequest(resp *protocol.Response, r *http.Request, req *protocol.UserInfoRequest)
- func (s *Server) GenerateAccessTokenAndSave(req *protocol.AccessData, genRefresh bool) (token, refresh string, err error)
- func (s *Server) GenerateAuthorizeCodeAndSave(req *protocol.AuthorizeData) (code string, err error)
- func (s *Server) HandleAuthorizeRequest(resp *protocol.Response, r *http.Request, issuer string) *protocol.AuthorizeRequest
- func (s *Server) HandleCheckSessionEndpoint(resp *protocol.Response, r *http.Request, issuer string) *protocol.CheckSessionRequest
- func (s *Server) HandleEndSessionEndpoint(resp *protocol.Response, r *http.Request, issuer string) *protocol.EndSessionRequest
- func (s *Server) HandleRevocationRequest(resp *protocol.Response, r *http.Request, issuer string) *protocol.RevocationRequest
- func (s *Server) HandleTokenRequest(resp *protocol.Response, r *http.Request, issuer string) *protocol.AccessRequest
- func (s *Server) HandleUserInfoRequest(resp *protocol.Response, r *http.Request, issuer string) *protocol.UserInfoRequest
- type TokenType
- type URIValidationError
Constants ¶
const ( TokenTypeBearer = "Bearer" TokenTypeJWT = "JWT" )
token type list
Variables ¶
This section is empty.
Functions ¶
func ParseMatchURL ¶
ParseMatchURL resolving uri references to base url
func ValidateClientSecret ¶
ValidateClientSecret determines whether the given secret matches a secret held by the client. Public clients return true for a secret of ""
func ValidateCodeChallenge ¶
func ValidateCodeChallenge(codeChall string, codeChallMethod protocol.CodeChallengeMethod) (protocol.CodeChallengeMethod, bool)
ValidateCodeChallenge validates the code challenge https://tools.ietf.org/html/rfc7636
func ValidateGrantType ¶
ValidateGrantType validates the client grant type support
func ValidateIDTokenHint ¶
ValidateIDTokenHint validates the id_token_hint (if passed as parameter in the request) and returns the `sub` claim
func ValidateOfflineAccess ¶
ValidateOfflineAccess validate offline_access
func ValidatePrompt ¶
ValidatePrompt validate prompt, set max_age=0 if prompt login is present
func ValidateScopes ¶
func ValidateScopes(cli protocol.Client, scopes []string, defaultScopes []string, respTypeCode bool, prompt []string) ([]string, bool, bool)
ValidateScopes validates the scopes & remove invalid scope
func ValidateTokenHint ¶
func ValidateTokenHint(hint protocol.TokenTypeHint) bool
ValidateTokenHint only support access_token & refresh_token
func ValidateURI ¶
ValidateURI validates that redirectURI is contained in baseURI
func ValidateURIList ¶
func ValidateURIList(baseURIList, redirectURI, separator string) (realRedirectURI string, err error)
ValidateURIList validates that redirectURI is contained in baseURIList.
Types ¶
type Option ¶
type Option func(opts *Options)
Option custon option
func WithAllowClientSecretInParams ¶
WithAllowClientSecretInParams whether client secret also in params
func WithAllowGetAccessRequest ¶
WithAllowGetAccessRequest whether access request using GET
func WithDefaultScopes ¶
WithDefaultScopes set default scopes
func WithForcePKCEForPublicClients ¶
WithForcePKCEForPublicClients PKCE for public clients
func WithRedirectURISeparator ¶
WithRedirectURISeparator separator to support multiple URIs
func WithRetainTokenAfterRefresh ¶
WithRetainTokenAfterRefresh retain token afrer refresh until expired
func WithSession ¶
WithSession session management for check_session_iframe/end_session_endpoint
func WithStorage ¶
WithStorage implements protocol.Storage object
func WithSupportedRequestObject ¶
WithSupportedRequestObject the authorize request obj
func WithTokenType ¶
WithTokenType change default: Bearer to anothor
type Options ¶
type Options struct { // Token type access: default Bearer TokenType TokenType // If true allows client secret algo in params, it's not recommended: default false AllowClientSecretInParams bool // If true allows access request using GET, else only POST: default false AllowGetAccessRequest bool // Separator to support multiple URIs in Client.RedirectURI() RedirectURISeparator string // ForcePKCEForPublicClients authoorize_code flow must be PKCE ForcePKCEForPublicClients bool // Supported request object SupportedRequestObject bool // Retain token after refresh RetainTokenAfrerRefresh bool // DefaultScopes is client request scope is empty DefaultScopes []protocol.Scope Storage protocol.Storage Session protocol.Session }
Options oidc server options
type ResponseTypeOK ¶
type ResponseTypeOK struct { ResponseTypeCode bool ResponseTypeToken bool ResponseTypeIDToken bool ResponseTypeNone bool ResponseTypeDevice bool }
ResponseTypeOK response type ok
func ValidateResponseType ¶
func ValidateResponseType(cli protocol.Client, reqTypes []string) (ResponseTypeOK, error)
ValidateResponseType validates the response type
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server OAuth2/OIDC
func (*Server) FinishAuthorizeRequest ¶
func (s *Server) FinishAuthorizeRequest(resp *protocol.Response, r *http.Request, req *protocol.AuthorizeRequest)
FinishAuthorizeRequest finish authorize request
func (*Server) FinishCheckSessionRequest ¶
func (s *Server) FinishCheckSessionRequest(resp *protocol.Response, w http.ResponseWriter, req *protocol.CheckSessionRequest)
FinishCheckSessionRequest check_session_iframe request finish
func (*Server) FinishEndSessionRequest ¶
func (s *Server) FinishEndSessionRequest(resp *protocol.Response, r *http.Request, req *protocol.EndSessionRequest)
FinishEndSessionRequest end_session request finish
func (*Server) FinishRevocationRequest ¶
func (s *Server) FinishRevocationRequest(resp *protocol.Response, r *http.Request, req *protocol.RevocationRequest)
FinishRevocationRequest revocation request finish
func (*Server) FinishTokenRequest ¶
func (s *Server) FinishTokenRequest(resp *protocol.Response, r *http.Request, req *protocol.AccessRequest)
FinishTokenRequest token request finish
func (*Server) FinishUserInfoRequest ¶
func (s *Server) FinishUserInfoRequest(resp *protocol.Response, r *http.Request, req *protocol.UserInfoRequest)
FinishUserInfoRequest userinfo request finish The sub (subject) Claim MUST always be returned in the UserInfo Response. https://openid.net/specs/openid-connect-core-1_0.html#UserInfoResponse
func (*Server) GenerateAccessTokenAndSave ¶
func (s *Server) GenerateAccessTokenAndSave(req *protocol.AccessData, genRefresh bool) (token, refresh string, err error)
GenerateAccessTokenAndSave generate access token or refresh_token
func (*Server) GenerateAuthorizeCodeAndSave ¶
func (s *Server) GenerateAuthorizeCodeAndSave(req *protocol.AuthorizeData) (code string, err error)
GenerateAuthorizeCodeAndSave default authorize code generator
func (*Server) HandleAuthorizeRequest ¶
func (s *Server) HandleAuthorizeRequest(resp *protocol.Response, r *http.Request, issuer string) *protocol.AuthorizeRequest
HandleAuthorizeRequest authorization endpoint
func (*Server) HandleCheckSessionEndpoint ¶
func (s *Server) HandleCheckSessionEndpoint(resp *protocol.Response, r *http.Request, issuer string) *protocol.CheckSessionRequest
HandleCheckSessionEndpoint check_session endpoint https://technospace.medium.com/managing-sessions-with-openid-connect-d3b6fb4f552b
func (*Server) HandleEndSessionEndpoint ¶
func (s *Server) HandleEndSessionEndpoint(resp *protocol.Response, r *http.Request, issuer string) *protocol.EndSessionRequest
HandleEndSessionEndpoint end_session endpoint
func (*Server) HandleRevocationRequest ¶
func (s *Server) HandleRevocationRequest(resp *protocol.Response, r *http.Request, issuer string) *protocol.RevocationRequest
HandleRevocationRequest revocation endpoint, Implementations MUST support the revocation of refresh tokens and SHOULD support the revocation of access tokens (see Implementation Note).
func (*Server) HandleTokenRequest ¶
func (s *Server) HandleTokenRequest(resp *protocol.Response, r *http.Request, issuer string) *protocol.AccessRequest
HandleTokenRequest token endpoint
func (*Server) HandleUserInfoRequest ¶
func (s *Server) HandleUserInfoRequest(resp *protocol.Response, r *http.Request, issuer string) *protocol.UserInfoRequest
HandleUserInfoRequest userinfo endpoint, should support CORS https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
type URIValidationError ¶
type URIValidationError string
URIValidationError error returned when validation don't match
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package examples provides ...
|
Package examples provides ... |
op
Package main provides ...
|
Package main provides ... |
rp
Package main provides ...
|
Package main provides ... |
pkg
|
|
crypto
Package crypto provides ...
|
Package crypto provides ... |
Package protocol provides ...
|
Package protocol provides ... |