provider

package
v0.26.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2019 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	Config *config.Config

	IssuerIdentifier       string
	WellKnownPath          string
	JwksPath               string
	AuthorizationPath      string
	TokenPath              string
	UserInfoPath           string
	EndSessionPath         string
	CheckSessionIframePath string
	RegistrationPath       string

	BrowserStateCookiePath string
	BrowserStateCookieName string

	SessionCookiePath string
	SessionCookieName string

	AccessTokenDuration  time.Duration
	IDTokenDuration      time.Duration
	RefreshTokenDuration time.Duration
}

Config defines a Provider's configuration settings.

type Provider

type Provider struct {
	Config *Config
	// contains filtered or unexported fields
}

Provider defines an OIDC provider with the handlers for the OIDC endpoints.

func NewProvider

func NewProvider(c *Config) (*Provider, error)

NewProvider returns a new Provider.

func (*Provider) AuthorizeHandler

func (p *Provider) AuthorizeHandler(rw http.ResponseWriter, req *http.Request)

AuthorizeHandler implements the HTTP authorization endpoint for OpenID Connect 1.0 as specified at http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthorizationEndpoint

Currently AuthorizeHandler implements only the Implicit Flow as specified at http://openid.net/specs/openid-connect-core-1_0.html#ImplicitFlowAuth

func (*Provider) AuthorizeResponse

func (p *Provider) AuthorizeResponse(rw http.ResponseWriter, req *http.Request, ar *payload.AuthenticationRequest, auth identity.AuthRecord, err error)

AuthorizeResponse writes the result according to the provided parameters to the provided http.ResponseWriter.

func (*Provider) CheckSessionIframeHandler

func (p *Provider) CheckSessionIframeHandler(rw http.ResponseWriter, req *http.Request)

CheckSessionIframeHandler implements the HTTP endpoint for OP iframe with OpenID Connect Session Management 1.0 as specified at https://openid.net/specs/openid-connect-session-1_0.html#OPiframe

func (*Provider) EndSessionHandler

func (p *Provider) EndSessionHandler(rw http.ResponseWriter, req *http.Request)

EndSessionHandler implements the HTTP endpoint for RP initiated logout with OpenID Connect Session Management 1.0 as specified at https://openid.net/specs/openid-connect-session-1_0.html#RPLogout

func (*Provider) ErrorPage

func (p *Provider) ErrorPage(rw http.ResponseWriter, code int, title string, message string)

ErrorPage writes a HTML error page to the provided ResponseWriter.

func (*Provider) Found

func (p *Provider) Found(rw http.ResponseWriter, uri *url.URL, params interface{}, asFragment bool)

Found writes a HTTP 302 to the provided ResponseWriter with the appropriate Location header creates from the other parameters.

func (*Provider) GetAccessTokenClaimsFromRequest

func (p *Provider) GetAccessTokenClaimsFromRequest(req *http.Request) (*konnect.AccessTokenClaims, error)

GetAccessTokenClaimsFromRequest reads incoming request, validates the access token and returns the validated claims.

func (*Provider) GetSigningKey

func (p *Provider) GetSigningKey(signingMethod jwt.SigningMethod) (*SigningKey, bool)

GetSigningKey returns a matching signing key for the provided signing method.

func (*Provider) GetValidationKey

func (p *Provider) GetValidationKey(id string) (crypto.PublicKey, bool)

GetValidationKey returns the validation key for the provided id.

func (*Provider) InitializeMetadata

func (p *Provider) InitializeMetadata() error

InitializeMetadata creates the accociated providers meta data document. Call this once all other settings at the provider have been done.

func (*Provider) JwksHandler

func (p *Provider) JwksHandler(rw http.ResponseWriter, req *http.Request)

JwksHandler implements the HTTP provider JWKS endpoint for OpenID provider metadata used with OpenID Connect Discovery 1.0 as specified at https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata

func (*Provider) LoginRequiredPage

func (p *Provider) LoginRequiredPage(rw http.ResponseWriter, req *http.Request, uri *url.URL)

LoginRequiredPage writes a HTTP 30 to the provided ResponseWrite with the URL of the provided request (set to the scheme and host of issuer) as continue parameter.

func (*Provider) MakeAccessToken

func (p *Provider) MakeAccessToken(ctx context.Context, audience string, auth identity.AuthRecord) (string, error)

MakeAccessToken implements the oidc.AccessTokenProvider interface.

func (*Provider) PublicSubjectFromAuth

func (p *Provider) PublicSubjectFromAuth(auth identity.AuthRecord) (string, error)

PublicSubjectFromAuth creates the provideds auth Subject value with the accociated provider. This subject can be used as URL safe value to uniquely identify the provided auth user with remote systems.

func (*Provider) RegisterManagers

func (p *Provider) RegisterManagers(mgrs *managers.Managers) error

RegisterManagers registers the provided managers from the

func (*Provider) RegistrationHandler

func (p *Provider) RegistrationHandler(rw http.ResponseWriter, req *http.Request)

RegistrationHandler implements the HTTP endpoint for client self registration with OpenID Connect Registration 1.0 as specified at https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration

func (*Provider) ServeHTTP

func (p *Provider) ServeHTTP(rw http.ResponseWriter, req *http.Request)

ServerHTTP implements the http.HandlerFunc interface.

func (*Provider) SetSigningKey

func (p *Provider) SetSigningKey(id string, key crypto.Signer) error

SetSigningKey sets the provided signer as key for token signing with the provided id as key id. The public key of the provided signer is also added as validation key with the same key id.

func (*Provider) SetSigningMethod

func (p *Provider) SetSigningMethod(signingMethod jwt.SigningMethod) error

SetSigningMethod sets the provided signing method as default signing method of the associated provider.

func (*Provider) SetValidationKey

func (p *Provider) SetValidationKey(id string, key crypto.PublicKey) error

SetValidationKey sets the provider public key as validation key for token validation for tokens with the provided key.

func (*Provider) TokenHandler

func (p *Provider) TokenHandler(rw http.ResponseWriter, req *http.Request)

TokenHandler implements the HTTP token endpoint for OpenID Connect 1.0 as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenEndpoint

func (*Provider) UserInfoHandler

func (p *Provider) UserInfoHandler(rw http.ResponseWriter, req *http.Request)

UserInfoHandler implements the HTTP userinfo endpoint for OpenID Connect 1.0 as specified at https://openid.net/specs/openid-connect-core-1_0.html#UserInfo

func (*Provider) WellKnownHandler

func (p *Provider) WellKnownHandler(rw http.ResponseWriter, req *http.Request)

WellKnownHandler implements the HTTP provider configuration endpoint for OpenID Connect 1.0 as specified at https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig

type SigningKey

type SigningKey struct {
	ID            string
	PrivateKey    crypto.Signer
	SigningMethod jwt.SigningMethod
}

A SigningKey bundles a signer with meta data and a signign method.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL