oidc

package
v1.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 24, 2020 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source
const (
	GrantTypeAuthorizationCode = "authorization_code"
	GrantTypeImplicit          = "implicit"
	ResponseTypeCode           = "code"
)

Variables

This section is empty.

Functions

func AppendClaimsAuthenticationRequestParameter added in v1.3.0

func AppendClaimsAuthenticationRequestParameter(opts []oauth2.AuthCodeOption, requestedClaims map[string]*oidc.Claim) []oauth2.AuthCodeOption

AppendClaimsAuthenticationRequestParameter appends a OIDC claims authentication request parameter to `opts` with the `requestedClaims`

func GetScopesOrDefault added in v1.0.0

func GetScopesOrDefault(scopes []string) []string

func ImplicitFlowURL

func ImplicitFlowURL(c *oauth2.Config, state string, opts ...oauth2.AuthCodeOption) string

ImplicitFlowURL is an adaptation of oauth2.Config::AuthCodeURL() which returns a URL appropriate for an OAuth2 implicit login flow (as opposed to authorization code flow).

func InferGrantType

func InferGrantType(oidcConf *OIDCConfiguration) string

InferGrantType infers the proper grant flow depending on the OAuth2 client config and OIDC configuration. Returns either: "authorization_code" or "implicit"

func OfflineAccess

func OfflineAccess(scopes []string) bool

OfflineAccess returns whether or not 'offline_access' is a supported scope

Types

type ClaimsRequest added in v1.3.0

type ClaimsRequest struct {
	IDToken map[string]*oidc.Claim `json:"id_token"`
}

type ClientApp

type ClientApp struct {
	// contains filtered or unexported fields
}

func NewClientApp

func NewClientApp(settings *settings.ArgoCDSettings, cache *servercache.Cache, dexServerAddr string) (*ClientApp, error)

NewClientApp will register the Argo CD client app (either via Dex or external OIDC) and return an object which has HTTP handlers for handling the HTTP responses for login and callback

func (*ClientApp) HandleCallback

func (a *ClientApp) HandleCallback(w http.ResponseWriter, r *http.Request)

HandleCallback is the callback handler for an OAuth2 login flow

func (*ClientApp) HandleLogin

func (a *ClientApp) HandleLogin(w http.ResponseWriter, r *http.Request)

HandleLogin formulates the proper OAuth2 URL (auth code or implicit) and redirects the user to the IDp login & consent page

type OIDCConfiguration

type OIDCConfiguration struct {
	Issuer                 string   `json:"issuer"`
	ScopesSupported        []string `json:"scopes_supported"`
	ResponseTypesSupported []string `json:"response_types_supported"`
	GrantTypesSupported    []string `json:"grant_types_supported,omitempty"`
}

OIDCConfiguration holds a subset of interested fields from the OIDC configuration spec

func ParseConfig

func ParseConfig(provider *gooidc.Provider) (*OIDCConfiguration, error)

ParseConfig parses the OIDC Config into the concrete datastructure

type Provider added in v0.11.2

type Provider interface {
	Endpoint() (*oauth2.Endpoint, error)

	ParseConfig() (*OIDCConfiguration, error)

	Verify(clientID, tokenString string) (*gooidc.IDToken, error)
}

Provider is a wrapper around go-oidc provider to also provide the following features: 1. lazy initialization/querying of the provider 2. automatic detection of change in signing keys 3. convenience function for verifying tokens We have to initialize the provider lazily since Argo CD can be an OIDC client to itself (in the case of dex reverse proxy), which presents a chicken-and-egg problem of (1) serving dex over HTTP, and (2) querying the OIDC provider (ourself) to initialize the OIDC client.

func NewOIDCProvider

func NewOIDCProvider(issuerURL string, client *http.Client) Provider

NewOIDCProvider initializes an OIDC provider

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL