Documentation ¶
Index ¶
- Constants
- Variables
- func BuildCustomUIEndpoint(base string) (*url.URL, error)
- func DecodeSID(sid string) (typ session.Type, sessionID string, ok bool)
- func EncodeSID(s SessionLike) string
- func IsScopeAllowed(scope string) bool
- func ValidateScopes(client *config.OAuthClientConfig, scopes []string) error
- type BaseURLProvider
- type EndpointsProvider
- type IDTokenHintResolver
- type IDTokenHintResolverIssuer
- type IDTokenHintResolverSessionProvider
- type IDTokenIssuer
- func (ti *IDTokenIssuer) GetPublicKeySet() (jwk.Set, error)
- func (ti *IDTokenIssuer) GetUserInfo(userID string, clientLike *oauth.ClientLike) (map[string]interface{}, error)
- func (ti *IDTokenIssuer) Iss() string
- func (ti *IDTokenIssuer) IssueIDToken(opts IssueIDTokenOptions) (string, error)
- func (ti *IDTokenIssuer) PopulateNonPIIUserClaims(token jwt.Token, userID string) error
- func (ti *IDTokenIssuer) PopulateUserClaims(token jwt.Token, userID string, nonPIIUserClaimsOnly bool) error
- func (ti *IDTokenIssuer) VerifyIDTokenHint(client *config.OAuthClientConfig, idTokenHint string) (token jwt.Token, err error)
- func (ti *IDTokenIssuer) VerifyIDTokenHintWithoutClient(idTokenHint string) (token jwt.Token, err error)
- type IssueIDTokenOptions
- type MetadataProvider
- type RolesAndGroupsProvider
- type SessionLike
- type UIInfo
- type UIInfoByProduct
- type UIInfoClientResolver
- type UIInfoResolver
- func (r *UIInfoResolver) GetAuthenticationInfoID(req *http.Request) (string, bool)
- func (r *UIInfoResolver) GetOAuthSessionID(req *http.Request, urlQuery string) (string, bool)
- func (r *UIInfoResolver) GetOAuthSessionIDLegacy(req *http.Request, urlQuery string) (string, bool)
- func (r *UIInfoResolver) RemoveOAuthSessionID(w http.ResponseWriter, req *http.Request)
- func (r *UIInfoResolver) ResolveForAuthorizationEndpoint(client *config.OAuthClientConfig, req protocol.AuthorizationRequest) (*UIInfo, *UIInfoByProduct, error)
- func (r *UIInfoResolver) ResolveForUI(req protocol.AuthorizationRequest) (*UIInfo, error)
- func (r *UIInfoResolver) SetAuthenticationInfoInQuery(redirectURI string, e *authenticationinfo.Entry) string
- type UIInfoResolverCookieManager
- type UIInfoResolverIDTokenHintResolver
- type UIInfoResolverPromptResolver
- type UIURLBuilder
- type UIURLBuilderAuthUIEndpointsProvider
- type UserProvider
Constants ¶
View Source
const IDTokenValidDuration = duration.Short
IDTokenValidDuration is the valid period of ID token. It can be short, since id_token_hint should accept expired ID tokens.
Variables ¶
View Source
var AllowedScopes = []string{ "openid", "offline_access", oauth.FullAccessScope, oauth.FullUserInfoScope, }
View Source
var DependencySet = wire.NewSet( wire.Struct(new(MetadataProvider), "*"), wire.Struct(new(IDTokenIssuer), "*"), wire.Bind(new(IDTokenHintResolverIssuer), new(*IDTokenIssuer)), wire.Struct(new(IDTokenHintResolver), "*"), wire.Struct(new(UIInfoResolver), "*"), wire.Bind(new(UIInfoResolverIDTokenHintResolver), new(*IDTokenHintResolver)), wire.Struct(new(UIURLBuilder), "*"), )
View Source
var ErrInvalidCustomURI = apierrors.Invalid.WithReason("WebUIInvalidCustomURI")
View Source
var ErrInvalidSettingsAction = apierrors.Invalid.WithReason("WebUIInvalidSettingsAction")
View Source
var IDTokenStandardAttributes = []string{ stdattrs.Email, stdattrs.EmailVerified, stdattrs.PhoneNumber, stdattrs.PhoneNumberVerified, stdattrs.PreferredUsername, }
View Source
var UserinfoScopes = []string{ oauth.FullAccessScope, oauth.FullUserInfoScope, }
Functions ¶
func EncodeSID ¶
func EncodeSID(s SessionLike) string
func IsScopeAllowed ¶
func ValidateScopes ¶
func ValidateScopes(client *config.OAuthClientConfig, scopes []string) error
Types ¶
type BaseURLProvider ¶
type EndpointsProvider ¶
type IDTokenHintResolver ¶
type IDTokenHintResolver struct { Issuer IDTokenHintResolverIssuer Sessions IDTokenHintResolverSessionProvider OfflineGrants oauth.OfflineGrantStore }
func (*IDTokenHintResolver) ResolveIDTokenHint ¶
func (r *IDTokenHintResolver) ResolveIDTokenHint(client *config.OAuthClientConfig, req protocol.AuthorizationRequest) (idToken jwt.Token, sidSession session.Session, err error)
type IDTokenHintResolverSessionProvider ¶
type IDTokenHintResolverSessionProvider interface {
Get(id string) (*idpsession.IDPSession, error)
}
type IDTokenIssuer ¶
type IDTokenIssuer struct { Secrets *config.OAuthKeyMaterials BaseURL BaseURLProvider Users UserProvider RolesAndGroups RolesAndGroupsProvider Clock clock.Clock }
func (*IDTokenIssuer) GetPublicKeySet ¶
func (ti *IDTokenIssuer) GetPublicKeySet() (jwk.Set, error)
func (*IDTokenIssuer) GetUserInfo ¶
func (ti *IDTokenIssuer) GetUserInfo(userID string, clientLike *oauth.ClientLike) (map[string]interface{}, error)
func (*IDTokenIssuer) Iss ¶
func (ti *IDTokenIssuer) Iss() string
func (*IDTokenIssuer) IssueIDToken ¶
func (ti *IDTokenIssuer) IssueIDToken(opts IssueIDTokenOptions) (string, error)
func (*IDTokenIssuer) PopulateNonPIIUserClaims ¶
func (ti *IDTokenIssuer) PopulateNonPIIUserClaims(token jwt.Token, userID string) error
func (*IDTokenIssuer) PopulateUserClaims ¶
func (*IDTokenIssuer) VerifyIDTokenHint ¶
func (ti *IDTokenIssuer) VerifyIDTokenHint(client *config.OAuthClientConfig, idTokenHint string) (token jwt.Token, err error)
func (*IDTokenIssuer) VerifyIDTokenHintWithoutClient ¶
func (ti *IDTokenIssuer) VerifyIDTokenHintWithoutClient(idTokenHint string) (token jwt.Token, err error)
type IssueIDTokenOptions ¶
type IssueIDTokenOptions struct { ClientID string SID string Nonce string AuthenticationInfo authenticationinfo.T ClientLike *oauth.ClientLike }
type MetadataProvider ¶
type MetadataProvider struct {
Endpoints EndpointsProvider
}
func (*MetadataProvider) PopulateMetadata ¶
func (p *MetadataProvider) PopulateMetadata(meta map[string]interface{})
type RolesAndGroupsProvider ¶
type SessionLike ¶
type UIInfo ¶
type UIInfo struct { // ClientID is client_id ClientID string // RedirectURI is the redirect_uri the UI should redirect to. // The redirect_uri in the URL has lower precedence. // The rationale for this is if the end-user bookmarked the // authorization URL in the browser, redirect to the app is // possible. RedirectURI string // Prompt is the resolved prompt with prompt, max_age, and id_token_hint taken into account. Prompt []string // UILocales is ui_locales. UILocales string // UserIDHint is for reauthentication. UserIDHint string // CanUseIntentReauthenticate is for reauthentication. CanUseIntentReauthenticate bool // State is the state parameter State string // XState is the x_state parameter XState string // Page is the x_page parameter Page string // SuppressIDPSessionCookie is the x_suppress_idp_session_cookie and x_sso_enabled parameter. SuppressIDPSessionCookie bool // OAuthProviderAlias is the x_oauth_provider_alias parameter. OAuthProviderAlias string // LoginHint is the OIDC login_hint parameter. LoginHint string // IDTokenHint is the OIDC id_token_hint parameter. IDTokenHint string }
UIInfo is a collection of information that is essential to the UI.
type UIInfoByProduct ¶
type UIInfoClientResolver ¶
type UIInfoClientResolver interface {
ResolveClient(clientID string) *config.OAuthClientConfig
}
type UIInfoResolver ¶
type UIInfoResolver struct { Config *config.OAuthConfig EndpointsProvider oauth.EndpointsProvider PromptResolver UIInfoResolverPromptResolver IDTokenHintResolver UIInfoResolverIDTokenHintResolver Clock clock.Clock Cookies UIInfoResolverCookieManager ClientResolver UIInfoClientResolver }
func (*UIInfoResolver) GetAuthenticationInfoID ¶
func (r *UIInfoResolver) GetAuthenticationInfoID(req *http.Request) (string, bool)
func (*UIInfoResolver) GetOAuthSessionID ¶
func (*UIInfoResolver) GetOAuthSessionIDLegacy ¶
func (*UIInfoResolver) RemoveOAuthSessionID ¶
func (r *UIInfoResolver) RemoveOAuthSessionID(w http.ResponseWriter, req *http.Request)
func (*UIInfoResolver) ResolveForAuthorizationEndpoint ¶
func (r *UIInfoResolver) ResolveForAuthorizationEndpoint( client *config.OAuthClientConfig, req protocol.AuthorizationRequest, ) (*UIInfo, *UIInfoByProduct, error)
func (*UIInfoResolver) ResolveForUI ¶
func (r *UIInfoResolver) ResolveForUI(req protocol.AuthorizationRequest) (*UIInfo, error)
func (*UIInfoResolver) SetAuthenticationInfoInQuery ¶
func (r *UIInfoResolver) SetAuthenticationInfoInQuery(redirectURI string, e *authenticationinfo.Entry) string
type UIInfoResolverIDTokenHintResolver ¶
type UIInfoResolverIDTokenHintResolver interface {
ResolveIDTokenHint(client *config.OAuthClientConfig, r protocol.AuthorizationRequest) (idToken jwt.Token, sidSession session.Session, err error)
}
type UIInfoResolverPromptResolver ¶
type UIInfoResolverPromptResolver interface {
ResolvePrompt(r protocol.AuthorizationRequest, sidSession session.Session) (prompt []string)
}
type UIURLBuilder ¶
type UIURLBuilder struct {
Endpoints UIURLBuilderAuthUIEndpointsProvider
}
func (*UIURLBuilder) BuildAuthenticationURL ¶
func (b *UIURLBuilder) BuildAuthenticationURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)
func (*UIURLBuilder) BuildSettingsActionURL ¶
func (b *UIURLBuilder) BuildSettingsActionURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry, redirectURI *url.URL) (*url.URL, error)
type UserProvider ¶
Source Files ¶
Click to show internal directories.
Click to hide internal directories.