oidc

package
v0.0.0-...-c4f7e29 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 26, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source 
const IDTokenValidDuration = duration.Short

IDTokenValidDuration is the valid period of ID token. It can be short, since id_token_hint should accept expired ID tokens.

Variables

View Source 
var AllowedScopes = []string{
	"openid",
	"offline_access",
	oauth.FullAccessScope,
	oauth.FullUserInfoScope,
}
View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(MetadataProvider), "*"),
	wire.Struct(new(IDTokenIssuer), "*"),
	wire.Bind(new(IDTokenHintResolverIssuer), new(*IDTokenIssuer)),
	wire.Struct(new(IDTokenHintResolver), "*"),
	wire.Struct(new(UIInfoResolver), "*"),
	wire.Bind(new(UIInfoResolverIDTokenHintResolver), new(*IDTokenHintResolver)),
	wire.Struct(new(UIURLBuilder), "*"),
)
View Source 
var ErrInvalidCustomURI = apierrors.Invalid.WithReason("WebUIInvalidCustomURI")
View Source 
var ErrInvalidSettingsAction = apierrors.Invalid.WithReason("WebUIInvalidSettingsAction")
View Source 
var IDTokenStandardAttributes = []string{
	stdattrs.Email,
	stdattrs.EmailVerified,
	stdattrs.PhoneNumber,
	stdattrs.PhoneNumberVerified,
	stdattrs.PreferredUsername,
}
View Source 
var UserinfoScopes = []string{
	oauth.FullAccessScope,
	oauth.FullUserInfoScope,
}

Functions

func BuildCustomUIEndpoint 

func BuildCustomUIEndpoint(base string) (*url.URL, error)

func DecodeSID 

func DecodeSID(sid string) (typ session.Type, sessionID string, ok bool)

func EncodeSID 

func EncodeSID(s SessionLike) string

func IsScopeAllowed 

func IsScopeAllowed(scope string) bool

func ValidateScopes 

func ValidateScopes(client *config.OAuthClientConfig, scopes []string) error

Types

type BaseURLProvider 

type BaseURLProvider interface {
	Origin() *url.URL
}

type EndpointsProvider 

type EndpointsProvider interface {
	Origin() *url.URL
	JWKSEndpointURL() *url.URL
	UserInfoEndpointURL() *url.URL
	EndSessionEndpointURL() *url.URL
}

type IDTokenHintResolver 

type IDTokenHintResolver struct {
	Issuer        IDTokenHintResolverIssuer
	Sessions      IDTokenHintResolverSessionProvider
	OfflineGrants oauth.OfflineGrantStore
}

func (*IDTokenHintResolver) ResolveIDTokenHint 

func (r *IDTokenHintResolver) ResolveIDTokenHint(client *config.OAuthClientConfig, req protocol.AuthorizationRequest) (idToken jwt.Token, sidSession session.Session, err error)

type IDTokenHintResolverIssuer 

type IDTokenHintResolverIssuer interface {
	VerifyIDTokenHint(client *config.OAuthClientConfig, idTokenHint string) (idToken jwt.Token, err error)
}

type IDTokenHintResolverSessionProvider 

type IDTokenHintResolverSessionProvider interface {
	Get(id string) (*idpsession.IDPSession, error)
}

type IDTokenIssuer 

type IDTokenIssuer struct {
	Secrets        *config.OAuthKeyMaterials
	BaseURL        BaseURLProvider
	Users          UserProvider
	RolesAndGroups RolesAndGroupsProvider
	Clock          clock.Clock
}

func (*IDTokenIssuer) GetPublicKeySet 

func (ti *IDTokenIssuer) GetPublicKeySet() (jwk.Set, error)

func (*IDTokenIssuer) GetUserInfo 

func (ti *IDTokenIssuer) GetUserInfo(userID string, clientLike *oauth.ClientLike) (map[string]interface{}, error)

func (*IDTokenIssuer) Iss 

func (ti *IDTokenIssuer) Iss() string

func (*IDTokenIssuer) IssueIDToken 

func (ti *IDTokenIssuer) IssueIDToken(opts IssueIDTokenOptions) (string, error)

func (*IDTokenIssuer) PopulateNonPIIUserClaims 

func (ti *IDTokenIssuer) PopulateNonPIIUserClaims(token jwt.Token, userID string) error

func (*IDTokenIssuer) PopulateUserClaims 

func (ti *IDTokenIssuer) PopulateUserClaims(token jwt.Token, userID string, nonPIIUserClaimsOnly bool) error

func (*IDTokenIssuer) VerifyIDTokenHint 

func (ti *IDTokenIssuer) VerifyIDTokenHint(client *config.OAuthClientConfig, idTokenHint string) (token jwt.Token, err error)

func (*IDTokenIssuer) VerifyIDTokenHintWithoutClient 

func (ti *IDTokenIssuer) VerifyIDTokenHintWithoutClient(idTokenHint string) (token jwt.Token, err error)

type IssueIDTokenOptions 

type IssueIDTokenOptions struct {
	ClientID           string
	SID                string
	Nonce              string
	AuthenticationInfo authenticationinfo.T
	ClientLike         *oauth.ClientLike
}

type MetadataProvider 

type MetadataProvider struct {
	Endpoints EndpointsProvider
}

func (*MetadataProvider) PopulateMetadata 

func (p *MetadataProvider) PopulateMetadata(meta map[string]interface{})

type RolesAndGroupsProvider 

type RolesAndGroupsProvider interface {
	ListEffectiveRolesByUserID(userID string) ([]*model.Role, error)
}

type SessionLike 

type SessionLike interface {
	SessionID() string
	SessionType() session.Type
}

type UIInfo 

type UIInfo struct {
	// ClientID is client_id
	ClientID string
	// RedirectURI is the redirect_uri the UI should redirect to.
	// The redirect_uri in the URL has lower precedence.
	// The rationale for this is if the end-user bookmarked the
	// authorization URL in the browser, redirect to the app is
	// possible.
	RedirectURI string
	// Prompt is the resolved prompt with prompt, max_age, and id_token_hint taken into account.
	Prompt []string
	// UILocales is ui_locales.
	UILocales string
	// UserIDHint is for reauthentication.
	UserIDHint string
	// CanUseIntentReauthenticate is for reauthentication.
	CanUseIntentReauthenticate bool
	// State is the state parameter
	State string
	// XState is the x_state parameter
	XState string
	// Page is the x_page parameter
	Page string
	// SuppressIDPSessionCookie is the x_suppress_idp_session_cookie and x_sso_enabled parameter.
	SuppressIDPSessionCookie bool
	// OAuthProviderAlias is the x_oauth_provider_alias parameter.
	OAuthProviderAlias string
	// LoginHint is the OIDC login_hint parameter.
	LoginHint string
	// IDTokenHint is the OIDC id_token_hint parameter.
	IDTokenHint string
}

UIInfo is a collection of information that is essential to the UI.

func (*UIInfo) ToUIParam 

func (i *UIInfo) ToUIParam() uiparam.T

type UIInfoByProduct 

type UIInfoByProduct struct {
	IDToken        jwt.Token
	SIDSession     session.Session
	IDTokenHintSID string
}

type UIInfoClientResolver 

type UIInfoClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type UIInfoResolver 

type UIInfoResolver struct {
	Config              *config.OAuthConfig
	EndpointsProvider   oauth.EndpointsProvider
	PromptResolver      UIInfoResolverPromptResolver
	IDTokenHintResolver UIInfoResolverIDTokenHintResolver
	Clock               clock.Clock
	Cookies             UIInfoResolverCookieManager
	ClientResolver      UIInfoClientResolver
}

func (*UIInfoResolver) GetAuthenticationInfoID 

func (r *UIInfoResolver) GetAuthenticationInfoID(req *http.Request) (string, bool)

func (*UIInfoResolver) GetOAuthSessionID 

func (r *UIInfoResolver) GetOAuthSessionID(req *http.Request, urlQuery string) (string, bool)

func (*UIInfoResolver) GetOAuthSessionIDLegacy 

func (r *UIInfoResolver) GetOAuthSessionIDLegacy(req *http.Request, urlQuery string) (string, bool)

func (*UIInfoResolver) RemoveOAuthSessionID 

func (r *UIInfoResolver) RemoveOAuthSessionID(w http.ResponseWriter, req *http.Request)

func (*UIInfoResolver) ResolveForAuthorizationEndpoint 

func (r *UIInfoResolver) ResolveForAuthorizationEndpoint(
	client *config.OAuthClientConfig,
	req protocol.AuthorizationRequest,
) (*UIInfo, *UIInfoByProduct, error)

func (*UIInfoResolver) ResolveForUI 

func (r *UIInfoResolver) ResolveForUI(req protocol.AuthorizationRequest) (*UIInfo, error)

func (*UIInfoResolver) SetAuthenticationInfoInQuery 

func (r *UIInfoResolver) SetAuthenticationInfoInQuery(redirectURI string, e *authenticationinfo.Entry) string

type UIInfoResolverCookieManager 

type UIInfoResolverCookieManager interface {
	GetCookie(r *http.Request, def *httputil.CookieDef) (*http.Cookie, error)
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type UIInfoResolverIDTokenHintResolver 

type UIInfoResolverIDTokenHintResolver interface {
	ResolveIDTokenHint(client *config.OAuthClientConfig, r protocol.AuthorizationRequest) (idToken jwt.Token, sidSession session.Session, err error)
}

type UIInfoResolverPromptResolver 

type UIInfoResolverPromptResolver interface {
	ResolvePrompt(r protocol.AuthorizationRequest, sidSession session.Session) (prompt []string)
}

type UIURLBuilder 

type UIURLBuilder struct {
	Endpoints UIURLBuilderAuthUIEndpointsProvider
}

func (*UIURLBuilder) BuildAuthenticationURL 

func (b *UIURLBuilder) BuildAuthenticationURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)

func (*UIURLBuilder) BuildSettingsActionURL 

func (b *UIURLBuilder) BuildSettingsActionURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry, redirectURI *url.URL) (*url.URL, error)

type UIURLBuilderAuthUIEndpointsProvider 

type UIURLBuilderAuthUIEndpointsProvider interface {
	OAuthEntrypointURL() *url.URL
	SettingsChangePasswordURL() *url.URL
}

type UserProvider 

type UserProvider interface {
	Get(id string, role accesscontrol.Role) (*model.User, error)
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.