Documentation
¶
Index ¶
- func AccessTokenToClipboard(tokenSet *TokenSet)
- func CacheDir() string
- func EnsureDirExists(dirPath string) string
- func FatalOnError(err error)
- func IntrospectToken(token string)
- func IsJSON(str string) bool
- func JWKToPEM(jwk JWK) string
- func LogRestyResp(resp *resty.Response, err error)
- func Logout(issuer string)
- func PrettyPrintDecodedJWT(token string)
- func PrettyPrintJSON(jsonBytes []byte)
- func PrintStructAsJSON(anyStruct interface{})
- func PrintTokenSet(tokenSet *TokenSet)
- func TokenRevocation()
- func UserInfo(accessToken string) string
- func WriteFile(fileContent []byte, path string)
- func WriteJWKSet(issuer string, jwkSet *JWKSet)
- func WriteJWT(jwt []byte, symlinkLatest bool)
- type JOSEHeader
- type JWK
- type JWKS
- type JWKSet
- type JWS
- type JWTRegisteredClaims
- type OIDCMetadata
- type OpenIDAddressClaim
- type OpenIDStandardClaims
- type Token
- type TokenErrorResponse
- type TokenSet
- func AuthorizationCodeAuth(clientID, clientSecret, openidIssuerURL string) *TokenSet
- func ClientCredenitalsAuth(issuer, clientID, clientSecret string) *TokenSet
- func ImplicitAuth(clientID, clientSecret, openidIssuerURL string) *TokenSet
- func RefreshToken(issuer, clientID, refreshToken string) *TokenSet
- func ResourceOwnerCredentialsAuth(issuer, clientID, username, password string) *TokenSet
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AccessTokenToClipboard ¶ added in v0.1.1
func AccessTokenToClipboard(tokenSet *TokenSet)
AccessTokenToClipboard copies the access token from a given tokenset to users system clipboard.
func EnsureDirExists ¶ added in v0.2.3
func FatalOnError ¶
func FatalOnError(err error)
FatalOnError checks the err parameter and terminates the process if an error exists
func IntrospectToken ¶ added in v0.1.1
func IntrospectToken(token string)
IntrospectToken implements token introspection as defined in RFC7662 See https://tools.ietf.org/html/rfc7662
func LogRestyResp ¶ added in v0.2.0
func LogRestyResp(resp *resty.Response, err error)
LogRestyResp logs a resty http response in only two lines
func Logout ¶ added in v0.1.1
func Logout(issuer string)
Logout performs a logout based on the OpenID Connect "end_session_endpoint". The spec of "end_session_endpoint" is still a draft and could be changed in future. Therefore, it is advisable not to depend too much on it :-) See https://openid.net/specs/openid-connect-session-1_0.html
func PrettyPrintDecodedJWT ¶
func PrettyPrintDecodedJWT(token string)
PrettyPrintDecodedJWT parses base64 encoded JWT and prints it's header and payload to stdout.
func PrettyPrintJSON ¶
func PrettyPrintJSON(jsonBytes []byte)
PrettyPrintJSON prints a given json object to stdout. With indentation and syntax highlighting.
func PrintStructAsJSON ¶ added in v0.2.3
func PrintStructAsJSON(anyStruct interface{})
func PrintTokenSet ¶ added in v0.1.1
func PrintTokenSet(tokenSet *TokenSet)
PrintTokenSet prints a given TokenSet to stdout
func TokenRevocation ¶ added in v0.1.1
func TokenRevocation()
TokenRevocation as defined in RFC7009. Not yet supported by a wide range of OIDC providers. See https://tools.ietf.org/html/rfc7009
func UserInfo ¶ added in v0.1.1
UserInfo fetches the user info OIDC endpoint and returns the result. The result is a userinfo token -- also a JWT.
func WriteJWKSet ¶ added in v0.2.3
Types ¶
type JOSEHeader ¶
type JOSEHeader struct {
Typ string `json:"typ"`
Alg string `json:"alg"`
KeyID string `json:"kid"`
}
JOSEHeader - the JSON Object Signing and Encryption Header is comprised of a set of Header Parameters. See RFC7515
type JWK ¶
type JWK struct {
// Key ID
Kid string `json:"kid"`
// Key Type
Kty string `json:"kty"`
// Key Operations
// sign, verify, encrypt, decrypt, wrapKey, unwrapKey, deriveKey, deriveBits
KeyOps string `json:"key_ops"`
// Algorithm
// See https://tools.ietf.org/html/rfc7518
Alg string `json:"alg"`
// Public Key Use (sig or enc)
Use string `json:"use"`
N string `json:"n"`
E string `json:"e"`
// X.509 URL
X5C []string `json:"x5c"`
// X.509 Certificate SHA-1 Thumbprint
X5T string `json:"x5t"`
// X.509 Certificate SHA-256 Thumbprint
X5TS256 string `json:"x5t#S256"`
}
JWK - JSON Web Key A JWK is a JSON object that represents a cryptographic key. The members of the object represent properties of the key, including its value. See https://tools.ietf.org/html/rfc7517#section-4
type JWKSet ¶
type JWKSet struct {
Keys []JWK `json:"keys"`
}
JWKSet is a JSON object that represents a set of JWKs. See https://tools.ietf.org/html/rfc7517#section-5
func FetchJWKSet ¶ added in v0.2.0
FetchJWKSet fetches all JWKs from a given OpenID Connect Cert URL
type JWS ¶
type JWS struct{}
JWS (JSON Web Signature) represents digitally signed or MACed content using JSON data structures and base64url encoding.
type JWTRegisteredClaims ¶
type JWTRegisteredClaims struct {
Issuer string `json:"iss"`
Subject string `json:"sub"`
Audience string `json:"aud"`
ExpirationTime int `json:"exp"`
NotBefore int `json:"nbf"`
IssuedAt int `json:"iat"`
JWTID string `json:"jit"`
}
JWTRegisteredClaims is a struct containing all registered JWT claims defined by RFC7519. See https://tools.ietf.org/html/rfc7519#section-4.1
type OIDCMetadata ¶ added in v0.2.0
type OIDCMetadata struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
IntrospectionEndpoint string `json:"introspection_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
JwksURI string `json:"jwks_uri"`
CheckSessionIframe string `json:"check_session_iframe"`
GrantTypesSupported []string `json:"grant_types_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
IDTokenEncryptionAlgValuesSupported []string `json:"id_token_encryption_alg_values_supported"`
IDTokenEncryptionEncValuesSupported []string `json:"id_token_encryption_enc_values_supported"`
UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"`
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
ResponseModesSupported []string `json:"response_modes_supported"`
RegistrationEndpoint string `json:"registration_endpoint"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
ClaimsSupported []string `json:"claims_supported"`
ClaimTypesSupported []string `json:"claim_types_supported"`
ClaimsParameterSupported bool `json:"claims_parameter_supported"`
ScopesSupported []string `json:"scopes_supported"`
RequestParameterSupported bool `json:"request_parameter_supported"`
RequestURIParameterSupported bool `json:"request_uri_parameter_supported"`
RequireRequestURIRegistration bool `json:"require_request_uri_registration"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens"`
RevocationEndpoint string `json:"revocation_endpoint"`
RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported"`
RevocationEndpointAuthSigningAlgValuesSupported []string `json:"revocation_endpoint_auth_signing_alg_values_supported"`
BackchannelLogoutSupported bool `json:"backchannel_logout_supported"`
BackchannelLogoutSessionSupported bool `json:"backchannel_logout_session_supported"`
}
OpenIDProviderMetadata is the description of the OpenID Providers configuration. This information can be fetched from a well known URL. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
func FetchOidcMetadata ¶ added in v0.2.0
func FetchOidcMetadata(issuerURL string) OIDCMetadata
DiscoverOidcMetadata fetches OpenID Connect Provider configuration from an issuer URL
type OpenIDAddressClaim ¶
type OpenIDAddressClaim struct {
Formatted string `json:"formatted"`
StreetAddress string `json:"street_address"`
Locality string `json:"locality"`
Region string `json:"region"`
PostalCode string `json:"postal_code"`
Country string `json:"country"`
}
OpenIDAddressClaim is a struct containing the address datatype as defined in the openid spec. See https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim
type OpenIDStandardClaims ¶
type OpenIDStandardClaims struct {
Subject string `json:"sub"`
Name string `json:"name"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
MiddleName string `json:"middle_name"`
Nickname string `json:"nickname"`
PreferredUsername string `json:"preferred_username"`
Profile string `json:"profile"`
Picture string `json:"picture"`
Website string `json:"website"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Gender string `json:"gender"`
Birthdate string `json:"birthdate"`
Zoneinfo string `json:"zoneinfo"`
Locale string `json:"locale"`
PhoneNumber string `json:"phone_number"`
PhoneNumberVerified string `json:"phone_number_verified"`
Address OpenIDAddressClaim `json:"address"`
UpdatedAt string `json:"updated_at"`
}
OpenIDStandardClaims is a struct containing all standard claims defined by the openid spec. See https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
type Token ¶
Token is an OAuth Token
func DecodeToken ¶ added in v0.1.1
DecodeToken constructs a Token type object from a raw base64 JWT
func (*Token) GetJOSEHeader ¶
func (t *Token) GetJOSEHeader() *JOSEHeader
GetJOSEHeader returns the JOSE Header information from this token.
func (*Token) GetOidcStandardClaims ¶
func (t *Token) GetOidcStandardClaims() *OpenIDStandardClaims
GetOidcStandardClaims returns the OpenID Connect standard claims from this token.
func (*Token) GetRegisteredClaims ¶
func (t *Token) GetRegisteredClaims() *JWTRegisteredClaims
GetRegisteredClaims returns the registered claims from this token.
type TokenErrorResponse ¶ added in v0.1.1
type TokenErrorResponse struct {
Error string `json:"error,omitempty"`
ErrorDescription string `json:"error_description,omitempty"`
ErrorURI string `json:"error_uri,omitempty"`
}
TokenErrorResponse is the response type of an unsuccessful request against the OpenID Connect endpoints as defined in RFC6749. See https://tools.ietf.org/html/rfc6749#section-5.2
type TokenSet ¶ added in v0.1.1
type TokenSet struct {
AccessToken string `json:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
RefreshExpiresIn int `json:"refresh_expires_in,omitempty"`
IDToken string `json:"id_token,omitempty"`
Scope string `json:"scope,omitempty"`
NotBeforePolicy int `json:"not-before-policy,omitempty"`
SessionState string `json:"session_state,omitempty"`
}
TokenSet is the successful response of issuing an access token as defined by RFC6749. See https://tools.ietf.org/html/rfc6749#section-5.1
func AuthorizationCodeAuth ¶
AuthorizationCodeAuth is a redirect based authentication flow to retrieve a TokenSet See https://tools.ietf.org/html/rfc6749#section-4.1
func ClientCredenitalsAuth ¶
ClientCredenitalsAuth uses a client id and client secret to retrieve a TokenSet See https://tools.ietf.org/html/rfc6749#section-4.4
func ImplicitAuth ¶ added in v0.1.1
ImplicitAuth is a redirect based authentication flow without support for refresh tokens. See https://tools.ietf.org/html/rfc6749#section-4.2
func RefreshToken ¶
RefreshToken uses an existing refresh token to retrieve a new TokenSet See https://tools.ietf.org/html/rfc6749#section-6
func ResourceOwnerCredentialsAuth ¶
ResourceOwnerCredentialsAuth uses a username and password to retrieve a TokenSet See https://tools.ietf.org/html/rfc6749#section-10.7
Source Files