oidc_auth

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 18, 2024 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AuthRequestIdHeader = "auth-request-id"
	AcceptHeader        = "accept"
	TotpRequiredHeader  = "totp-required"
	ContentTypeHeader   = "content-type"

	FormContentType = "application/x-www-form-urlencoded"
	JsonContentType = "application/json"
	HtmlContentType = "text/html"
)
View Source 
const (
	WellKnownOidcConfiguration = "/.well-known/openid-configuration"

	SourceTypeOidc = "oidc_auth"

	AuthMethodPassword = model.AuthMethodPassword
	AuthMethodExtJwt   = model.AuthMethodExtJwt
	AuthMethodCert     = db.MethodAuthenticatorCert

	AuthMethodSecondaryTotp   = "totp"
	AuthMethodSecondaryExtJwt = "ejs"

	DefaultNativeClientId = "native"
)
View Source 
const (
	ScopeTokenId      = "tid-"
	ScopeApiSessionId = "asid-"
)
View Source 
const JwtTokenPrefix = "ey"

Variables

This section is empty.

Functions

func HttpRequestFromContext 

func HttpRequestFromContext(ctx context.Context) (*http.Request, error)

HttpRequestFromContext returns the initiating http.Request for the current OIDC context

func MapToStruct added in v0.34.0 

func MapToStruct(m map[string][]string, dst interface{}) error

func NewChangeCtx 

func NewChangeCtx() *change.Context

NewChangeCtx creates a change.Context scoped to oidc_auth package

func NewHttpChangeCtx 

func NewHttpChangeCtx(r *http.Request) *change.Context

NewHttpChangeCtx creates a change.Context scoped to oidc_auth package and supplied http.Request

func NewNativeOnlyOP 

func NewNativeOnlyOP(ctx context.Context, env model.Env, config Config) (http.Handler, error)

NewNativeOnlyOP creates an OIDC Provider that allows native clients and only the AutCode PKCE flow.

func NewRevocation 

func NewRevocation(tokenId string, expiresAt time.Time) *model.Revocation

Types

type AuthRequest 

type AuthRequest struct {
	oidc.AuthRequest
	Id                      string
	CreationDate            time.Time
	IdentityId              string
	AuthTime                time.Time
	ApiSessionId            string
	SecondaryTotpRequired   bool
	SecondaryExtJwtRequired bool
	SecondaryExtJwtId       string
	ConfigTypes             []string
	Amr                     map[string]struct{}

	PeerCerts           []*x509.Certificate
	RequestedMethod     string
	BearerTokenDetected bool
	SdkInfo             *rest_model.SdkInfo
	EnvInfo             *rest_model.EnvInfo
	RemoteAddress       string
}

AuthRequest represents an OIDC authentication request and implements op.AuthRequest

func (*AuthRequest) AddAmr 

func (a *AuthRequest) AddAmr(amr string)

AddAmr adds the supplied amr

func (*AuthRequest) Done 

func (a *AuthRequest) Done() bool

Done returns true once authentication has been completed and implements op.AuthRequest

func (*AuthRequest) GetACR 

func (a *AuthRequest) GetACR() string

GetACR returns the authentication class reference provided by client and implements oidc.AuthRequest All ACRs are currently ignored.

func (*AuthRequest) GetAMR 

func (a *AuthRequest) GetAMR() []string

GetAMR returns the authentication method references the authentication has undergone and implements op.AuthRequest

func (*AuthRequest) GetAudience 

func (a *AuthRequest) GetAudience() []string

GetAudience returns all current audience targets and implements op.AuthRequest

func (*AuthRequest) GetAuthTime 

func (a *AuthRequest) GetAuthTime() time.Time

GetAuthTime returns the time at which authentication has occurred and implements op.AuthRequest

func (*AuthRequest) GetCertFingerprints 

func (a *AuthRequest) GetCertFingerprints() []string

func (*AuthRequest) GetClientID 

func (a *AuthRequest) GetClientID() string

GetClientID returns the client id requested and implements op.AuthRequest

func (*AuthRequest) GetCodeChallenge 

func (a *AuthRequest) GetCodeChallenge() *oidc.CodeChallenge

GetCodeChallenge returns the rp supplied code change and implements op.AuthRequest

func (*AuthRequest) GetID 

func (a *AuthRequest) GetID() string

GetID returns an AuthRequest's ID and implements op.AuthRequest

func (*AuthRequest) GetNonce 

func (a *AuthRequest) GetNonce() string

GetNonce returns the rp supplied nonce and implements op.AuthRequest

func (*AuthRequest) GetRedirectURI 

func (a *AuthRequest) GetRedirectURI() string

GetRedirectURI returns the rp supplied redirect target and implements op.AuthRequest

func (*AuthRequest) GetResponseMode 

func (a *AuthRequest) GetResponseMode() oidc.ResponseMode

GetResponseMode is not supported and all tokens are turned via query string and implements op.AuthRequest

func (*AuthRequest) GetResponseType 

func (a *AuthRequest) GetResponseType() oidc.ResponseType

GetResponseType returns the rp supplied response type and implements op.AuthRequest

func (*AuthRequest) GetScopes 

func (a *AuthRequest) GetScopes() []string

GetScopes returns the current scopes and implements op.AuthRequest Scopes are also used to transport custom claims into access tokens. The zitadel oidc framework does not provide a method for accessing the request object during JWT signing time, and any claims supplied are overwritten.

func (*AuthRequest) GetState 

func (a *AuthRequest) GetState() string

GetState returns the rp provided state and implements op.AuthRequest

func (*AuthRequest) GetSubject 

func (a *AuthRequest) GetSubject() string

GetSubject returns the target subject and implements op.AuthRequest

func (*AuthRequest) HasAmr 

func (a *AuthRequest) HasAmr(amr string) bool

HasAmr returns true if the supplied amr is present

func (*AuthRequest) HasFullAuth 

func (a *AuthRequest) HasFullAuth() bool

HasFullAuth returns true if an authentication request has passed all primary and secondary authentications.

func (*AuthRequest) HasPrimaryAuth 

func (a *AuthRequest) HasPrimaryAuth() bool

HasPrimaryAuth returns true if a primary authentication mechanism has been passed.

func (*AuthRequest) HasSecondaryAuth 

func (a *AuthRequest) HasSecondaryAuth() bool

HasSecondaryAuth returns true if all applicable secondary authentications have been passed

type AuthRequestBody added in v0.34.0 

type AuthRequestBody struct {
	AuthRequestId string `json:"id"`
}

func (*AuthRequestBody) GetAuthRequestId added in v0.34.0 

func (a *AuthRequestBody) GetAuthRequestId() string

func (*AuthRequestBody) SetAuthRequestId added in v0.34.0 

func (a *AuthRequestBody) SetAuthRequestId(id string)

type AuthRequestIdHolder added in v0.34.0 

type AuthRequestIdHolder interface {
	SetAuthRequestId(string)
	GetAuthRequestId() string
}

type Client 

type Client struct {
	// contains filtered or unexported fields
}

Client represents an OIDC Client and implements op.Client

func NativeClient 

func NativeClient(id string, redirectURIs, postlogoutURIs []string) *Client

NativeClient will create a client of type native, which will always use PKCE and allow the use of refresh tokens

func (*Client) AccessTokenType 

func (c *Client) AccessTokenType() op.AccessTokenType

AccessTokenType returns the type of access token the client uses (Bearer (opaque) or JWT), implements op.Client

func (*Client) ApplicationType 

func (c *Client) ApplicationType() op.ApplicationType

ApplicationType returns the application type (app, native, user agent), implements op.Client

func (*Client) AuthMethod 

func (c *Client) AuthMethod() oidc.AuthMethod

AuthMethod returns the authentication method (client_secret_basic, client_secret_post, none, private_key_jwt), implements op.Client

func (*Client) ClockSkew 

func (c *Client) ClockSkew() time.Duration

ClockSkew enables clients to instruct the OP to apply a clock skew on the various times and expirations (subtract from issued_at, add to expiration, ...), implements op.Client

func (*Client) DevMode 

func (c *Client) DevMode() bool

DevMode enables the use of non-compliant configs such as redirect_uris, implements op.Client

func (*Client) GetID 

func (c *Client) GetID() string

GetID returns the clients id, implements op.Client

func (*Client) GrantTypes 

func (c *Client) GrantTypes() []oidc.GrantType

GrantTypes returns all allowed grant types (authorization_code, refresh_token, urn:ietf:params:oauth:grant-type:jwt-bearer), implements op.Client

func (*Client) IDTokenLifetime 

func (c *Client) IDTokenLifetime() time.Duration

IDTokenLifetime returns the lifetime of the client's id_tokens

func (*Client) IDTokenUserinfoClaimsAssertion 

func (c *Client) IDTokenUserinfoClaimsAssertion() bool

IDTokenUserinfoClaimsAssertion allows specifying if claims of scope profile, email, phone and address are asserted into the id_token even if an access token if issued which violates the OIDC Core spec (5.4. Requesting Claims using Scope Values: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) some clients though require that e.g. email is always in the id_token when requested even if an access_token is issued, implements op.Client

func (*Client) IsScopeAllowed 

func (c *Client) IsScopeAllowed(_ string) bool

IsScopeAllowed enables Client custom scopes validation, implements op.Client No custom scopes are currently supported.

func (*Client) LoginURL 

func (c *Client) LoginURL(id string) string

LoginURL returns the URL clients should be directed to for login based on authentication request id, implements op.Client

func (*Client) PostLogoutRedirectURIGlobs added in v0.34.0 

func (c *Client) PostLogoutRedirectURIGlobs() []string

PostLogoutRedirectURIGlobs must return the registered post_logout_redirect_uris for sign-outs that match via path.Math

func (*Client) PostLogoutRedirectURIs 

func (c *Client) PostLogoutRedirectURIs() []string

PostLogoutRedirectURIs returns an array of post logout redirect URIs, implements op.Client

func (*Client) RedirectURIGlobs added in v0.34.0 

func (c *Client) RedirectURIGlobs() []string

RedirectURIGlobs must return the registered redirect_uris for Code and Implicit Flow that match via path.Match

func (*Client) RedirectURIs 

func (c *Client) RedirectURIs() []string

RedirectURIs returns an array of valid redirect URIs, implements op.Client

func (*Client) ResponseTypes 

func (c *Client) ResponseTypes() []oidc.ResponseType

ResponseTypes returns all allowed response types (code, id_token token, id_token), these must match with the allowed grant types, implements op.Client

func (*Client) RestrictAdditionalAccessTokenScopes 

func (c *Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string

RestrictAdditionalAccessTokenScopes allows specifying which custom scopes shall be asserted into the JWT access_token, implements op.Client

func (*Client) RestrictAdditionalIdTokenScopes 

func (c *Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string

RestrictAdditionalIdTokenScopes allows specifying which custom scopes shall be asserted into the id_token, implements op.Client

type Config 

type Config struct {
	Issuer               string
	TokenSecret          string
	Storage              Storage
	Certificate          *x509.Certificate
	PrivateKey           crypto.PrivateKey
	IdTokenDuration      time.Duration
	RefreshTokenDuration time.Duration
	AccessTokenDuration  time.Duration
	RedirectURIs         []string
	PostLogoutURIs       []string
	// contains filtered or unexported fields
}

Config represents the configuration necessary to operate an OIDC Provider

func NewConfig 

func NewConfig(issuer string, cert *x509.Certificate, key crypto.PrivateKey) Config

NewConfig will create a Config with default values

func (*Config) MaxTokenDuration 

func (c *Config) MaxTokenDuration() time.Duration

MaxTokenDuration returns the maximum token lifetime currently configured

func (*Config) Secret 

func (c *Config) Secret() [32]byte

Secret returns a sha256 sum of the configured token secret

type FieldTranslator added in v0.34.0 

type FieldTranslator interface {
	Translate(string, ...string) (string, bool)
}

type HybridStorage 

type HybridStorage struct {
	// contains filtered or unexported fields
}

HybridStorage implements the Storage interface Authentication requests are not synchronized with other controllers. Authentication must happen entirely with one controller. After id, access, and/or refresh tokens are acquired, they may be used at any controller. All token revocations are synchronized with other controllers.

func NewStorage 

func NewStorage(kid string, publicKey crypto.PublicKey, privateKey crypto.PrivateKey, singingMethod jwt.SigningMethod, config *Config, env model.Env) *HybridStorage

func (*HybridStorage) AddClient 

func (s *HybridStorage) AddClient(client *Client)

func (*HybridStorage) AuthRequestByCode 

func (s *HybridStorage) AuthRequestByCode(ctx context.Context, code string) (op.AuthRequest, error)

AuthRequestByCode implements the op.Storage interface

func (*HybridStorage) AuthRequestByID 

func (s *HybridStorage) AuthRequestByID(_ context.Context, id string) (op.AuthRequest, error)

AuthRequestByID implements the op.Storage interface

func (*HybridStorage) AuthRequestDone 

func (s *HybridStorage) AuthRequestDone(id string) error

AuthRequestDone is used by testing and is not required to implement op.Storage

func (*HybridStorage) Authenticate 

func (s *HybridStorage) Authenticate(authCtx model.AuthContext, id string, configTypes []string) (*AuthRequest, error)

Authenticate will verify supplied credentials and update the primary authentication status of an AuthRequest

func (*HybridStorage) AuthorizeClientIDSecret 

func (s *HybridStorage) AuthorizeClientIDSecret(_ context.Context, clientID, clientSecret string) error

AuthorizeClientIDSecret implements the op.Storage interface

func (*HybridStorage) Clean 

func (s *HybridStorage) Clean()

Clean removes abandoned auth requests and associated data

func (*HybridStorage) ClientCredentials 

func (s *HybridStorage) ClientCredentials(_ context.Context, clientID, clientSecret string) (op.Client, error)

ClientCredentials implements op.ClientCredentialsStorage

func (*HybridStorage) ClientCredentialsTokenRequest 

func (s *HybridStorage) ClientCredentialsTokenRequest(_ context.Context, clientID string, scopes []string) (op.TokenRequest, error)

ClientCredentialsTokenRequest implements op.ClientCredentialsStorage

func (*HybridStorage) CompleteDeviceAuthorization 

func (s *HybridStorage) CompleteDeviceAuthorization(_ context.Context, userCode, subject string) error

CompleteDeviceAuthorization implements op.DeviceAuthorizationStorage

func (*HybridStorage) CompleteTotpEnrollment added in v0.34.0 

func (s *HybridStorage) CompleteTotpEnrollment(changeCtx *change.Context, authRequestId, code string) error

func (*HybridStorage) CreateAccessAndRefreshTokens 

func (s *HybridStorage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshToken string, expiration time.Time, err error)

CreateAccessAndRefreshTokens implements the op.Storage interface

func (*HybridStorage) CreateAccessToken 

func (s *HybridStorage) CreateAccessToken(ctx context.Context, request op.TokenRequest) (string, time.Time, error)

CreateAccessToken implements the op.Storage interface

func (*HybridStorage) CreateAuthRequest 

func (s *HybridStorage) CreateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, identityId string) (op.AuthRequest, error)

CreateAuthRequest creates a new AuthRequest based on an incoming request, implements the op.Storage interface

func (*HybridStorage) CreateTokenExchangeRequest 

func (s *HybridStorage) CreateTokenExchangeRequest(_ context.Context, _ op.TokenExchangeRequest) error

func (*HybridStorage) DeleteAuthRequest 

func (s *HybridStorage) DeleteAuthRequest(_ context.Context, id string) error

DeleteAuthRequest implements the op.Storage interface

func (*HybridStorage) DenyDeviceAuthorization 

func (s *HybridStorage) DenyDeviceAuthorization(_ context.Context, userCode string) error

DenyDeviceAuthorization implements op.DeviceAuthorizationStorage

func (*HybridStorage) GetAuthRequest 

func (s *HybridStorage) GetAuthRequest(id string) (*AuthRequest, error)

GetAuthRequest returns an AuthRequest by id

func (*HybridStorage) GetClientByClientID 

func (s *HybridStorage) GetClientByClientID(_ context.Context, clientID string) (op.Client, error)

GetClientByClientID implements the op.Storage interface

func (*HybridStorage) GetDeviceAuthorizationByUserCode 

func (s *HybridStorage) GetDeviceAuthorizationByUserCode(_ context.Context, userCode string) (*op.DeviceAuthorizationState, error)

GetDeviceAuthorizationByUserCode implements op.DeviceAuthorizationStorage

func (*HybridStorage) GetDeviceAuthorizatonState 

func (s *HybridStorage) GetDeviceAuthorizatonState(ctx context.Context, clientID, deviceCode string) (*op.DeviceAuthorizationState, error)

GetDeviceAuthorizatonState implements op.DeviceAuthorizationStorage

func (*HybridStorage) GetKeyByIDAndClientID 

func (s *HybridStorage) GetKeyByIDAndClientID(_ context.Context, keyID, _ string) (*jose.JSONWebKey, error)

GetKeyByIDAndClientID implements the op.Storage interface

func (*HybridStorage) GetPrivateClaimsFromScopes 

func (s *HybridStorage) GetPrivateClaimsFromScopes(ctx context.Context, identityId, clientID string, scopes []string) (claims map[string]interface{}, err error)

GetPrivateClaimsFromScopes implements the op.Storage interface

func (*HybridStorage) GetPrivateClaimsFromTokenExchangeRequest 

func (s *HybridStorage) GetPrivateClaimsFromTokenExchangeRequest(ctx context.Context, request op.TokenExchangeRequest) (claims map[string]interface{}, err error)

GetPrivateClaimsFromTokenExchangeRequest implements the op.TokenExchangeStorage interface

func (*HybridStorage) GetRefreshTokenInfo 

func (s *HybridStorage) GetRefreshTokenInfo(_ context.Context, _ string, token string) (identityId string, tokenID string, err error)

GetRefreshTokenInfo implements the op.Storage interface

func (*HybridStorage) Health 

func (s *HybridStorage) Health(_ context.Context) error

Health implements the op.Storage interface

func (*HybridStorage) IsTokenRevoked 

func (s *HybridStorage) IsTokenRevoked(tokenId string) bool

IsTokenRevoked returns true or false if a token has been revoked

func (*HybridStorage) KeySet 

func (s *HybridStorage) KeySet(_ context.Context) ([]op.Key, error)

KeySet implements the op.Storage interface

func (*HybridStorage) RevokeToken 

func (s *HybridStorage) RevokeToken(_ context.Context, tokenIDOrToken string, _ string, _ string) *oidc.Error

RevokeToken implements the op.Storage interface

func (*HybridStorage) SaveAuthCode 

func (s *HybridStorage) SaveAuthCode(_ context.Context, id string, code string) error

SaveAuthCode implements the op.Storage interface

func (*HybridStorage) SetIntrospectionFromToken 

func (s *HybridStorage) SetIntrospectionFromToken(_ context.Context, _ *oidc.IntrospectionResponse, _, _, _ string) error

SetIntrospectionFromToken implements the op.Storage interface

func (*HybridStorage) SetUserinfoFromRequest 

func (s *HybridStorage) SetUserinfoFromRequest(_ context.Context, userinfo *oidc.UserInfo, token op.IDTokenRequest, scopes []string) error

SetUserinfoFromRequest implements the op.CanSetUserinfoFromRequest interface.

func (*HybridStorage) SetUserinfoFromScopes 

func (s *HybridStorage) SetUserinfoFromScopes(_ context.Context, _ *oidc.UserInfo, _, _ string, _ []string) error

SetUserinfoFromScopes implements the op.Storage interface.

func (*HybridStorage) SetUserinfoFromToken 

func (s *HybridStorage) SetUserinfoFromToken(ctx context.Context, userinfo *oidc.UserInfo, tokenID, subject, _ string) error

SetUserinfoFromToken implements the op.Storage interface

func (*HybridStorage) SetUserinfoFromTokenExchangeRequest 

func (s *HybridStorage) SetUserinfoFromTokenExchangeRequest(ctx context.Context, userinfo *oidc.UserInfo, request op.TokenExchangeRequest) error

SetUserinfoFromTokenExchangeRequest implements the op.TokenExchangeStorage interface

func (*HybridStorage) SignatureAlgorithms 

func (s *HybridStorage) SignatureAlgorithms(context.Context) ([]jose.SignatureAlgorithm, error)

SignatureAlgorithms implements the op.Storage interface

func (*HybridStorage) SigningKey 

func (s *HybridStorage) SigningKey(_ context.Context) (op.SigningKey, error)

SigningKey implements the op.Storage interface

func (*HybridStorage) StartTotpEnrollment added in v0.34.0 

func (s *HybridStorage) StartTotpEnrollment(changeCtx *change.Context, authRequestId string) (string, error)

func (*HybridStorage) StoreDeviceAuthorization 

func (s *HybridStorage) StoreDeviceAuthorization(_ context.Context, clientID, deviceCode, userCode string, expires time.Time, scopes []string) error

StoreDeviceAuthorization implements op.DeviceAuthorizationStorage

func (*HybridStorage) TerminateSession 

func (s *HybridStorage) TerminateSession(_ context.Context, identityId string, clientID string) error

TerminateSession implements the op.Storage interface

func (*HybridStorage) TokenRequestByRefreshToken 

func (s *HybridStorage) TokenRequestByRefreshToken(_ context.Context, refreshToken string) (op.RefreshTokenRequest, error)

TokenRequestByRefreshToken implements the op.Storage interface

func (*HybridStorage) ValidateJWTProfileScopes 

func (s *HybridStorage) ValidateJWTProfileScopes(_ context.Context, _ string, scopes []string) ([]string, error)

ValidateJWTProfileScopes implements the op.Storage interface

func (*HybridStorage) ValidateTokenExchangeRequest 

func (s *HybridStorage) ValidateTokenExchangeRequest(_ context.Context, request op.TokenExchangeRequest) error

ValidateTokenExchangeRequest implements the op.TokenExchangeStorage interface

func (*HybridStorage) VerifyTotp 

func (s *HybridStorage) VerifyTotp(ctx *change.Context, code string, id string) (*AuthRequest, error)

VerifyTotp will update and return the AuthRequest associated with `id`

type RefreshTokenRequest 

type RefreshTokenRequest struct {
	common.RefreshClaims
}

RefreshTokenRequest is a wrapper around RefreshClaims to avoid collisions between go-jwt interface requirements and zitadel oidc interface names. Implements zitadel op.RefreshTokenRequest

func (*RefreshTokenRequest) GetAMR 

func (r *RefreshTokenRequest) GetAMR() []string

GetAMR implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetAudience 

func (r *RefreshTokenRequest) GetAudience() []string

GetAudience implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetAuthTime 

func (r *RefreshTokenRequest) GetAuthTime() time.Time

GetAuthTime implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetCertFingerprints 

func (r *RefreshTokenRequest) GetCertFingerprints() []string

func (*RefreshTokenRequest) GetClientID 

func (r *RefreshTokenRequest) GetClientID() string

GetClientID implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetScopes 

func (r *RefreshTokenRequest) GetScopes() []string

GetScopes implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetSubject 

func (r *RefreshTokenRequest) GetSubject() string

GetSubject implements op.RefreshTokenRequest

func (*RefreshTokenRequest) SetCurrentScopes 

func (r *RefreshTokenRequest) SetCurrentScopes(scopes []string)

SetCurrentScopes implements op.RefreshTokenRequest

type Storage 

type Storage interface {
	op.Storage

	// Authenticate attempts to perform authentication on supplied credentials for all known authentication methods
	Authenticate(authCtx model.AuthContext, id string, configTypes []string) (*AuthRequest, error)

	// VerifyTotp will verify the supplied code for the current authentication request's subject
	// A change context is required for the removal of one-time TOTP recovery codes
	VerifyTotp(ctx *change.Context, code string, id string) (*AuthRequest, error)

	StartTotpEnrollment(ctx *change.Context, authRequestId string) (string, error)

	CompleteTotpEnrollment(ctx *change.Context, authRequestId, code string) error

	// IsTokenRevoked will return true if a token has been removed.
	// TokenId may be a JWT token id or an identity id
	IsTokenRevoked(tokenId string) bool

	// AddClient adds an OIDC Client to the registry of valid clients.
	AddClient(client *Client)

	// GetAuthRequest returns an *AuthRequest by its id
	GetAuthRequest(id string) (*AuthRequest, error)
}

Storage is a compound interface of op.Storage and custom storage functions

type TokenState added in v0.34.0 

type TokenState struct {
	AccessClaims  *common.AccessClaims
	RefreshClaims *common.RefreshClaims
}

func TokenStateFromContext added in v0.34.0 

func TokenStateFromContext(ctx context.Context) (*TokenState, error)

type Totp added in v0.34.0 

type Totp struct {
	AuthRequestBody
	Code string `json:"code"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.