oidc

package
v7.0.0-...-1c7ecba Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 11, 2023 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type DiscoveryProvider 

type DiscoveryProvider interface {
	Endpoints() Endpoints
	PKCE() PKCE
	SupportedSigningAlgs() []string
}

DiscoveryProvider holds information about an identity provider having used OIDC discovery to retrieve the information.

func NewProvider 

func NewProvider(ctx context.Context, issuerURL string, skipIssuerVerification bool) (DiscoveryProvider, error)

NewProvider allows a user to perform an OIDC discovery and returns the DiscoveryProvider. We implement this here as opposed to using oidc.Provider so that we can override the Issuer verification check. As we have our own verifier and fetch the userinfo separately, the rest of the oidc.Provider implementation is not useful to us.

type Endpoints 

type Endpoints struct {
	AuthURL     string
	TokenURL    string
	JWKsURL     string
	UserInfoURL string
}

Endpoints represents the endpoints discovered as part of the OIDC discovery process that will be used by the authentication providers.

type IDTokenVerificationOptions 

type IDTokenVerificationOptions struct {
	AudienceClaims []string
	ClientID       string
	ExtraAudiences []string
}

IDTokenVerificationOptions options for the oidc.idTokenVerifier that are required to verify an ID Token

type IDTokenVerifier 

type IDTokenVerifier interface {
	Verify(context.Context, string) (*oidc.IDToken, error)
}

idTokenVerifier allows an ID Token to be verified against the issue and provided keys.

func NewVerifier 

func NewVerifier(iv *oidc.IDTokenVerifier, vo IDTokenVerificationOptions) IDTokenVerifier

NewVerifier constructs a new idTokenVerifier

type PKCE 

type PKCE struct {
	CodeChallengeAlgs []string
}

PKCE holds information relevant to the PKCE (code challenge) support of the provider.

type ProviderVerifier 

type ProviderVerifier interface {
	DiscoveryEnabled() bool
	Provider() DiscoveryProvider
	Verifier() IDTokenVerifier
}

ProviderVerifier represents the OIDC discovery and verification process

func NewProviderVerifier 

func NewProviderVerifier(ctx context.Context, opts ProviderVerifierOptions) (ProviderVerifier, error)

NewProviderVerifier constructs a ProviderVerifier from the options given.

type ProviderVerifierOptions 

type ProviderVerifierOptions struct {
	// AudienceClaim allows to define any claim that is verified against the client id
	// By default `aud` claim is used for verification.
	AudienceClaims []string

	// ClientID is the OAuth Client ID that is defined in the provider
	ClientID string

	// ExtraAudiences is a list of additional audiences that are allowed
	// to pass verification in addition to the client id.
	ExtraAudiences []string

	// IssuerURL is the OpenID Connect issuer URL
	// eg: https://accounts.google.com
	IssuerURL string

	// JWKsURL is the OpenID Connect JWKS URL
	// eg: https://www.googleapis.com/oauth2/v3/certs
	JWKsURL string

	// SkipDiscovery allows to skip OIDC discovery and use manually supplied Endpoints
	SkipDiscovery bool

	// SkipIssuerVerification skips verification of ID token issuers.
	// When false, ID Token Issuers must match the OIDC discovery URL.
	SkipIssuerVerification bool

	// SupportedSigningAlgs is the list of signature algorithms supported by the
	// provider.
	SupportedSigningAlgs []string
}

ProviderVerifierOptions allows you to configure a ProviderVerifier

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.