README
¶
OpenID Connect SDK (client and server) for Go
X-OIDC Introduction
The reimplemented OIDC (OpenID Connect) library, based on the zitadel/oidc library, includes both client (RP) and (OP) functionality.
It is easier to use and more extensible than the original zitadel/oidc library. This library appears to be very useful, especially for applications that need to implement the OIDC standard.
Have you already used this library in your application? If you have any questions or need further assistance, please let me know.
Basic Overview
The most important packages of the library:
/ecode Definition and Implementation of Error Message Optimization
/log Definition and Implementation of Logger
/rp definition and implementation of an OIDC Relying Party (client)
/example
/client RP demonstrating authorization code flow using various authentication methods (code, PKCE, JWT profile)
/server examples of an OpenID Provider implementations (including dynamic) with some very basic login UI
op.go definition and implementation of an OIDC OpenID Provider (server)
Third-party Library
The library primarily depends on the third-party library "go-jose/v3".
The HTTP processing section uses an interface-based approach , which can be extended as needed.
When starting OP, implement Config.OpenIDWrapper. By default, github. com/xslass/x-oidc/example/server/httpwrapper can be used. Implementation based on net/HTTP.
github.com/go-jose/go-jose/v3 v3.0.0
github.com/google/uuid v1.3.0
golang.org/x/text v0.9.0
Special thanks to zitadel/oidc. This project referred to the redesign and implementation of interface functions for zitadel/oidc.
Contributors
Made with contrib.rocks.
Documentation
¶
Index ¶
- type AuthRequestReq
- type AuthorizeCallbackReq
- type Config
- type DiscoveryConfigReq
- type EndSessionReq
- type Endpoint
- type IntrospectionReq
- type OAuthClientReq
- type OpenIDOption
- type OpenIDProvider
- func (o *OpenIDProvider) CreateAccessToken(ctx context.Context, req *storage.AuthRequest, client storage.IClient, ...) (accessToken, refreshToken string, validity time.Duration, err error)
- func (o *OpenIDProvider) CreateAccessTokenAndIDToken(ctx context.Context, req *storage.AuthRequest, client storage.IClient, ...) (*model.AccessTokenRes, error)
- func (o *OpenIDProvider) CreateIDToken(ctx context.Context, req *storage.AuthRequest, client storage.IClient, ...) (string, error)
- func (o *OpenIDProvider) CreateJWTAccessToken(ctx context.Context, req *storage.AuthRequest, client storage.IClient, ...) (string, error)
- func (o *OpenIDProvider) VerifyAccessToken(ctx context.Context, tokenStr string) (*model.AccessTokenClaims, error)
- func (o *OpenIDProvider) VerifyIDToken(ctx context.Context, tokenStr string) (*model.IDTokenClaims, error)
- type OpenIDWrapper
- type Option
- type RevokeTokenReq
- type TokenExchangeReq
- type TokenResponse
- type UserinfoReq
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthRequestReq ¶
type AuthRequestReq struct {
Scopes string `json:"scope" form:"scope"`
ResponseType string `json:"response_type" form:"response_type"`
ClientID string `json:"client_id" form:"client_id"`
RedirectURI string `json:"redirect_uri" form:"redirect_uri"`
State string `json:"state" form:"state"`
Nonce string `json:"nonce" form:"nonce"`
ResponseMode string `json:"response_mode" form:"response_mode"`
Display string `json:"display" form:"display"`
Prompt string `json:"prompt" form:"prompt"`
MaxAge int64 `json:"max_age" form:"max_age"`
UILocales string `json:"ui_locales" form:"ui_locales"` //SpaceDelimitedArray
LoginHint string `json:"login_hint" form:"login_hint"`
ACRValues string `json:"acr_values" form:"acr_values"` //SpaceDelimitedArray
CodeChallenge string `json:"code_challenge" form:"code_challenge"`
CodeChallengeMethod string `json:"code_challenge_method" form:"code_challenge_method"`
// RequestParam enables OIDC requests to be passed in a single, self-contained parameter (as JWT, called Request Object)
RequestParam string `json:"request" form:"request"`
IDTokenHint string `json:"id_token_hint" form:"id_token_hint"`
}
AuthRequestReq according to: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
type AuthorizeCallbackReq ¶
type Config ¶
type Config struct {
Issuer string
Crypto util.JWTCertifier
OpenIDWrapper OpenIDWrapper
Storage storage.IStorage
}
type DiscoveryConfigReq ¶
type DiscoveryConfigReq struct {
// RegistrationEndpoint is an API endpoint that handles the registration of new users or accounts in a web application or service.
RegistrationEndpoint string
// OPPolicyEndpoint is an API endpoint that provides access to the OpenID Connect Provider (OP) policy documents.
OPPolicyEndpoint string
// OPTermsOfServiceEndpoint is an API endpoint that provides access to the terms of service (TOS) of the OpenID Connect Provider (OP).
OPTermsOfServiceEndpoint string
// ServiceDocumentationEndpoint is a URL where developers can get information about the OP and its usage.
ServiceDocumentationEndpoint string
}
type EndSessionReq ¶
type EndSessionReq struct {
IdTokenHint string `schema:"id_token_hint"`
ClientID string `schema:"client_id"`
PostLogoutRedirectURI string `schema:"post_logout_redirect_uri"`
State string `schema:"state"`
UILocales string `json:"ui_locales" form:"ui_locales"` //SpaceDelimitedArray
}
EndSessionRequest for the RP-Initiated Logout according to: https://openid.net/specs/openid-connect-rpinitiated-1_0.html#RPLogout
type IntrospectionReq ¶
type IntrospectionReq struct {
*OAuthClientReq
Token string `json:"token"`
TokenTypeHint string `json:"token_type_hint" form:"token_type_hint"`
}
type OAuthClientReq ¶
type OAuthClientReq struct {
ClientID string `json:"client_id" form:"client_id"`
ClientSecret string `json:"client_secret" form:"client_secret"`
ClientAssertion string `json:"client_assertion" form:"client_assertion"`
ClientAssertionType string `json:"client_assertion_type" form:"client_assertion_type"`
}
type OpenIDOption ¶
type OpenIDOption struct {
Endpoint
// contains filtered or unexported fields
}
type OpenIDProvider ¶
type OpenIDProvider struct {
// contains filtered or unexported fields
}
func NewOpenIDProvider ¶
func NewOpenIDProvider(cfg *Config, opts ...Option) (*OpenIDProvider, error)
func (*OpenIDProvider) CreateAccessToken ¶
func (o *OpenIDProvider) CreateAccessToken(ctx context.Context, req *storage.AuthRequest, client storage.IClient, fn func() (*storage.TokenModel, error)) (accessToken, refreshToken string, validity time.Duration, err error)
func (*OpenIDProvider) CreateAccessTokenAndIDToken ¶
func (o *OpenIDProvider) CreateAccessTokenAndIDToken(ctx context.Context, req *storage.AuthRequest, client storage.IClient, fn func() (*storage.TokenModel, error)) (*model.AccessTokenRes, error)
func (*OpenIDProvider) CreateIDToken ¶
func (o *OpenIDProvider) CreateIDToken(ctx context.Context, req *storage.AuthRequest, client storage.IClient, authTime time.Time, fn func(claims *model.IDTokenClaims) error) (string, error)
func (*OpenIDProvider) CreateJWTAccessToken ¶
func (o *OpenIDProvider) CreateJWTAccessToken(ctx context.Context, req *storage.AuthRequest, client storage.IClient, fn func(claims *model.AccessTokenClaims) error) (string, error)
func (*OpenIDProvider) VerifyAccessToken ¶
func (o *OpenIDProvider) VerifyAccessToken(ctx context.Context, tokenStr string) (*model.AccessTokenClaims, error)
func (*OpenIDProvider) VerifyIDToken ¶
func (o *OpenIDProvider) VerifyIDToken(ctx context.Context, tokenStr string) (*model.IDTokenClaims, error)
type OpenIDWrapper ¶ added in v0.1.1
type OpenIDWrapper interface {
SetLogger(logger log.Logger)
DiscoveryJWKs(jwksEndpoint string, handler func() (*jose.JSONWebKeySet, error))
DiscoveryConfig(discoveryEndpoint string, handler func(req *DiscoveryConfigReq) *model.DiscoveryConfiguration)
Authorize(authorizationEndpoint string, handler func(ctx context.Context, req *AuthRequestReq) (string, error))
EndSession(endSessionEndpoint string, handler func(ctx context.Context, req *EndSessionReq) (string, error))
Introspect(introspectionEndpoint string, handler func(ctx context.Context, req *IntrospectionReq, r *http.Request) (*model.IntrospectionModel, error))
RevokeToken(revocationEndpoint string, handler func(ctx context.Context, req *RevokeTokenReq, r *http.Request) error)
TokenExchange(tokenExchangeEndpoint string, handler func(ctx context.Context, req *TokenExchangeReq, r *http.Request) (interface{}, error))
Userinfo(userinfoEndpoint string, handler func(ctx context.Context, req *UserinfoReq, r *http.Request) (*model.UserInfo, error))
AuthorizeCallback(authorizeCallbackEndpoint string, handler func(ctx context.Context, req *AuthorizeCallbackReq) (callbackUrl string, err error))
}
type RevokeTokenReq ¶
type RevokeTokenReq struct {
*OAuthClientReq
Token string `schema:"token"`
TokenTypeHint string `schema:"token_type_hint"`
}
type TokenExchangeReq ¶
type TokenExchangeReq struct {
*OAuthClientReq
GrantType string `json:"grant_type" form:"grant_type"`
//GrantTypeCode
Code string `json:"code" form:"code"`
RedirectURI string `json:"redirect_uri" form:"redirect_uri"`
CodeVerifier string `json:"code_verifier" form:"code_verifier"`
//GrantTypeRefreshToken
RefreshToken string `json:"refresh_token" form:"refresh_token"`
Scopes string `json:"scope" form:"scope"` //SpaceDelimitedArray
//GrantTypeJwtBearer
Assertion string `json:"assertion" form:"assertion"`
//GrantTypeTokenExchange
SubjectToken string `json:"subject_token" form:"subject_token"`
SubjectTokenType string `json:"subject_token_type" form:"subject_token_type"`
ActorToken string `json:"actor_token" form:"actor_token"`
ActorTokenType string `json:"actor_token_type" form:"actor_token_type"`
Resource string `json:"resource" form:"resource"` //SpaceDelimitedArray
Audience string `json:"audience" form:"audience"` //SpaceDelimitedArray
RequestedTokenType string `json:"requested_token_type" form:"requested_token_type"`
}
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token,omitempty" schema:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty" schema:"token_type,omitempty"`
RefreshToken string `json:"refresh_token,omitempty" schema:"refresh_token,omitempty"`
ExpiresIn uint64 `json:"expires_in,omitempty" schema:"expires_in,omitempty"`
IDToken string `json:"id_token,omitempty" schema:"id_token,omitempty"`
State string `json:"state,omitempty" schema:"state,omitempty"`
}
type UserinfoReq ¶
type UserinfoReq struct {
AccessToken string `schema:"access_token"`
}
Source Files
¶
- authorize.go
- authorizecallback.go
- config.go
- discovery.go
- discoveryjwks.go
- endsession.go
- granttype_client_credentials_exchange.go
- granttype_code_exchange.go
- granttype_device_code_exchange.go
- granttype_implicit_exchange.go
- granttype_jwtbearer_exchange.go
- granttype_refreshToken_exchange.go
- granttype_token_exchange.go
- introspection.go
- op.go
- option.go
- revoketoken.go
- token.go
- token_exchange.go
- userinfo.go
Directories
Click to show internal directories.
Click to hide internal directories.