Documentation
¶
Index ¶
- Variables
- type DefaultSession
- func (s *DefaultSession) Clone() oauth2.Session
- func (s *DefaultSession) GetExpiresAt(key oauth2.TokenType) time.Time
- func (s *DefaultSession) GetSubject() string
- func (s *DefaultSession) GetUsername() string
- func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims
- func (s *DefaultSession) IDTokenHeaders() *jwt.Headers
- func (s *DefaultSession) SetExpiresAt(key oauth2.TokenType, exp time.Time)
- func (s *DefaultSession) SetSubject(subject string)
- type DefaultStrategy
- type IDTokenHandleHelper
- func (i *IDTokenHandleHelper) ComputeHash(ctx context.Context, sess Session, token string) (string, error)
- func (i *IDTokenHandleHelper) GetAccessTokenHash(ctx context.Context, requester oauth2.AccessRequester, ...) string
- func (i *IDTokenHandleHelper) IssueExplicitIDToken(ctx context.Context, lifespan time.Duration, ar oauth2.Requester, ...) error
- func (i *IDTokenHandleHelper) IssueImplicitIDToken(ctx context.Context, lifespan time.Duration, ar oauth2.Requester, ...) error
- type OpenIDConnectDeviceAuthorizeHandler
- func (c *OpenIDConnectDeviceAuthorizeHandler) CanHandleTokenEndpointRequest(_ context.Context, requester oauth2.AccessRequester) (handle bool)
- func (c *OpenIDConnectDeviceAuthorizeHandler) CanSkipClientAuth(_ context.Context, _ oauth2.AccessRequester) (skip bool)
- func (c *OpenIDConnectDeviceAuthorizeHandler) HandleRFC8628UserAuthorizeEndpointRequest(_ context.Context, _ oauth2.DeviceAuthorizeRequester) (err error)
- func (c *OpenIDConnectDeviceAuthorizeHandler) HandleTokenEndpointRequest(_ context.Context, _ oauth2.AccessRequester) (err error)
- func (c *OpenIDConnectDeviceAuthorizeHandler) PopulateRFC8628UserAuthorizeEndpointResponse(ctx context.Context, req oauth2.DeviceAuthorizeRequester, ...) (err error)
- func (c *OpenIDConnectDeviceAuthorizeHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, ...) (err error)
- type OpenIDConnectExplicitHandler
- func (c *OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool
- func (c *OpenIDConnectExplicitHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool
- func (c *OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, ...) error
- func (c *OpenIDConnectExplicitHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error
- func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, ...) error
- type OpenIDConnectHybridHandler
- type OpenIDConnectImplicitHandler
- type OpenIDConnectRefreshHandler
- func (c *OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool
- func (c *OpenIDConnectRefreshHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool
- func (c *OpenIDConnectRefreshHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error
- func (c *OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, ...) error
- type OpenIDConnectRequestStorage
- type OpenIDConnectRequestValidator
- type OpenIDConnectTokenStrategy
- type Session
- type TokenValidationStrategy
Constants ¶
This section is empty.
Variables ¶
View Source
var (
ErrInvalidSession = errors.New("Session type mismatch")
)
View Source
var ErrNoSessionFound = oauth2.ErrNotFound
Functions ¶
This section is empty.
Types ¶
type DefaultSession ¶
type DefaultSession struct {
Claims *jwt.IDTokenClaims `json:"id_token_claims"`
Headers *jwt.Headers `json:"headers"`
ExpiresAt map[oauth2.TokenType]time.Time `json:"expires_at"`
Username string `json:"username"`
Subject string `json:"subject"`
}
DefaultSession is a session container for the id token.
func NewDefaultSession ¶
func NewDefaultSession() *DefaultSession
func (*DefaultSession) Clone ¶
func (s *DefaultSession) Clone() oauth2.Session
func (*DefaultSession) GetExpiresAt ¶
func (s *DefaultSession) GetExpiresAt(key oauth2.TokenType) time.Time
func (*DefaultSession) GetSubject ¶
func (s *DefaultSession) GetSubject() string
func (*DefaultSession) GetUsername ¶
func (s *DefaultSession) GetUsername() string
func (*DefaultSession) IDTokenClaims ¶
func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims
func (*DefaultSession) IDTokenHeaders ¶
func (s *DefaultSession) IDTokenHeaders() *jwt.Headers
func (*DefaultSession) SetExpiresAt ¶
func (s *DefaultSession) SetExpiresAt(key oauth2.TokenType, exp time.Time)
func (*DefaultSession) SetSubject ¶
func (s *DefaultSession) SetSubject(subject string)
type DefaultStrategy ¶
type DefaultStrategy struct {
jwt.Signer
Config interface {
oauth2.IDTokenIssuerProvider
oauth2.IDTokenLifespanProvider
oauth2.MinParameterEntropyProvider
}
}
func (DefaultStrategy) GenerateIDToken ¶
func (h DefaultStrategy) GenerateIDToken(ctx context.Context, lifespan time.Duration, requester oauth2.Requester) (token string, err error)
GenerateIDToken returns a JWT string.
lifespan is ignored if requester.GetSession().IDTokenClaims().ExpiresAt is not zero.
TODO: Refactor time permitting.
type IDTokenHandleHelper ¶
type IDTokenHandleHelper struct {
IDTokenStrategy OpenIDConnectTokenStrategy
}
func (*IDTokenHandleHelper) ComputeHash ¶
func (i *IDTokenHandleHelper) ComputeHash(ctx context.Context, sess Session, token string) (string, error)
ComputeHash computes the hash using the alg defined in the id_token header
func (*IDTokenHandleHelper) GetAccessTokenHash ¶
func (i *IDTokenHandleHelper) GetAccessTokenHash(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) string
func (*IDTokenHandleHelper) IssueExplicitIDToken ¶
func (i *IDTokenHandleHelper) IssueExplicitIDToken(ctx context.Context, lifespan time.Duration, ar oauth2.Requester, resp oauth2.AccessResponder) error
func (*IDTokenHandleHelper) IssueImplicitIDToken ¶
func (i *IDTokenHandleHelper) IssueImplicitIDToken(ctx context.Context, lifespan time.Duration, ar oauth2.Requester, resp oauth2.AuthorizeResponder) error
type OpenIDConnectDeviceAuthorizeHandler ¶
type OpenIDConnectDeviceAuthorizeHandler struct {
OpenIDConnectRequestStorage OpenIDConnectRequestStorage
OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
hoauth2.CodeTokenEndpointHandler
Config interface {
oauth2.IDTokenLifespanProvider
}
*IDTokenHandleHelper
}
func (*OpenIDConnectDeviceAuthorizeHandler) CanHandleTokenEndpointRequest ¶
func (c *OpenIDConnectDeviceAuthorizeHandler) CanHandleTokenEndpointRequest(_ context.Context, requester oauth2.AccessRequester) (handle bool)
func (*OpenIDConnectDeviceAuthorizeHandler) CanSkipClientAuth ¶
func (c *OpenIDConnectDeviceAuthorizeHandler) CanSkipClientAuth(_ context.Context, _ oauth2.AccessRequester) (skip bool)
func (*OpenIDConnectDeviceAuthorizeHandler) HandleRFC8628UserAuthorizeEndpointRequest ¶
func (c *OpenIDConnectDeviceAuthorizeHandler) HandleRFC8628UserAuthorizeEndpointRequest(_ context.Context, _ oauth2.DeviceAuthorizeRequester) (err error)
func (*OpenIDConnectDeviceAuthorizeHandler) HandleTokenEndpointRequest ¶
func (c *OpenIDConnectDeviceAuthorizeHandler) HandleTokenEndpointRequest(_ context.Context, _ oauth2.AccessRequester) (err error)
func (*OpenIDConnectDeviceAuthorizeHandler) PopulateRFC8628UserAuthorizeEndpointResponse ¶
func (c *OpenIDConnectDeviceAuthorizeHandler) PopulateRFC8628UserAuthorizeEndpointResponse(ctx context.Context, req oauth2.DeviceAuthorizeRequester, _ oauth2.DeviceUserAuthorizeResponder) (err error)
func (*OpenIDConnectDeviceAuthorizeHandler) PopulateTokenEndpointResponse ¶
func (c *OpenIDConnectDeviceAuthorizeHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) (err error)
type OpenIDConnectExplicitHandler ¶
type OpenIDConnectExplicitHandler struct {
// OpenIDConnectRequestStorage is the storage for open id connect sessions.
OpenIDConnectRequestStorage OpenIDConnectRequestStorage
OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
Config interface {
oauth2.IDTokenLifespanProvider
}
*IDTokenHandleHelper
}
func (*OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest ¶
func (c *OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool
func (*OpenIDConnectExplicitHandler) CanSkipClientAuth ¶
func (c *OpenIDConnectExplicitHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool
func (*OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest ¶
func (c *OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error
func (*OpenIDConnectExplicitHandler) HandleTokenEndpointRequest ¶
func (c *OpenIDConnectExplicitHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error
func (*OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse ¶
func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) error
type OpenIDConnectHybridHandler ¶
type OpenIDConnectHybridHandler struct {
AuthorizeImplicitGrantTypeHandler *hoauth2.AuthorizeImplicitGrantTypeHandler
AuthorizeExplicitGrantHandler *hoauth2.AuthorizeExplicitGrantHandler
IDTokenHandleHelper *IDTokenHandleHelper
OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
OpenIDConnectRequestStorage OpenIDConnectRequestStorage
Enigma *jwt.DefaultSigner
Config interface {
oauth2.IDTokenLifespanProvider
oauth2.MinParameterEntropyProvider
oauth2.ScopeStrategyProvider
}
}
func (*OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest ¶
func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error
HandleAuthorizeEndpointRequest implements oauth2.AuthorizeEndpointHandler.
TODO: Refactor time permitting.
type OpenIDConnectImplicitHandler ¶
type OpenIDConnectImplicitHandler struct {
*IDTokenHandleHelper
AuthorizeImplicitGrantTypeHandler *hoauth2.AuthorizeImplicitGrantTypeHandler
OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
RS256JWTStrategy *jwt.DefaultSigner
Config interface {
oauth2.IDTokenLifespanProvider
oauth2.MinParameterEntropyProvider
oauth2.ScopeStrategyProvider
}
}
func (*OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest ¶
func (c *OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error
HandleAuthorizeEndpointRequest implements oauth2.AuthorizeEndpointHandler.
TODO: Refactor time permitting.
type OpenIDConnectRefreshHandler ¶
type OpenIDConnectRefreshHandler struct {
*IDTokenHandleHelper
Config interface {
oauth2.IDTokenLifespanProvider
}
}
func (*OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest ¶
func (c *OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool
func (*OpenIDConnectRefreshHandler) CanSkipClientAuth ¶
func (c *OpenIDConnectRefreshHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool
func (*OpenIDConnectRefreshHandler) HandleTokenEndpointRequest ¶
func (c *OpenIDConnectRefreshHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error
func (*OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse ¶
func (c *OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) error
type OpenIDConnectRequestStorage ¶
type OpenIDConnectRequestStorage interface {
// CreateOpenIDConnectSession creates an open id connect session
// for a given authorize code. This is relevant for explicit open id connect flow.
CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, requester oauth2.Requester) error
// GetOpenIDConnectSession returns error
// - nil if a session was found,
// - ErrNoSessionFound if no session was found
// - or an arbitrary error if an error occurred.
GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester oauth2.Requester) (oauth2.Requester, error)
// DeleteOpenIDConnectSession deletes the OpenID Connect 1.0 session from storage.
DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
}
type OpenIDConnectRequestValidator ¶
type OpenIDConnectRequestValidator struct {
Strategy jwt.Signer
Config openIDConnectRequestValidatorConfigProvider
}
func NewOpenIDConnectRequestValidator ¶
func NewOpenIDConnectRequestValidator(strategy jwt.Signer, config openIDConnectRequestValidatorConfigProvider) *OpenIDConnectRequestValidator
func (*OpenIDConnectRequestValidator) ValidatePrompt ¶
func (v *OpenIDConnectRequestValidator) ValidatePrompt(ctx context.Context, req oauth2.AuthorizeRequester) error
ValidatePrompt ensures the prompt is valid for the OpenID Connect 1.0 Flows.
TODO: Refactor time permitting.
type Session ¶
type Session interface {
// IDTokenClaims returns a pointer to claims which will be modified in-place by handlers.
// Session should store this pointer and return always the same pointer.
IDTokenClaims() *jwt.IDTokenClaims
// IDTokenHeaders returns a pointer to header values which will be modified in-place by handlers.
// Session should store this pointer and return always the same pointer.
IDTokenHeaders() *jwt.Headers
oauth2.Session
}
Source Files
Click to show internal directories.
Click to hide internal directories.