Documentation ¶
Index ¶
- type AccessTokenClaims
- type AccessTokenRes
- type Audience
- type DiscoveryConfiguration
- type EndSessionModel
- type IDTokenClaims
- type IntrospectionModel
- type JWTClientTokenClaims
- type TokenClaims
- func (t *TokenClaims) CheckAudience(audience string) error
- func (t *TokenClaims) CheckAuthorizationContextClassReference(acr string) error
- func (t *TokenClaims) CheckExpiration() error
- func (t *TokenClaims) CheckIssuedAt() error
- func (t *TokenClaims) CheckIssuer(issuer string) error
- func (t *TokenClaims) CheckNonce(nonce string) error
- type UserInfo
- type UserInfoAddress
- type UserInfoEmail
- type UserInfoPhone
- type UserInfoProfile
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessTokenClaims ¶
type AccessTokenClaims struct { TokenClaims Scopes string `json:"scope,omitempty"` //Then Scopes apace delimited array }
type AccessTokenRes ¶
type AccessTokenRes struct { AccessToken string `json:"access_token,omitempty" schema:"access_token,omitempty"` TokenType string `json:"token_type,omitempty" schema:"token_type,omitempty"` RefreshToken string `json:"refresh_token,omitempty" schema:"refresh_token,omitempty"` ExpiresIn uint64 `json:"expires_in,omitempty" schema:"expires_in,omitempty"` IDToken string `json:"id_token,omitempty" schema:"id_token,omitempty"` State string `json:"state,omitempty" schema:"state,omitempty"` }
type DiscoveryConfiguration ¶
type DiscoveryConfiguration struct { // Issuer is the identifier of the OP and is used in the tokens as `iss` claim. Issuer string `json:"issuer,omitempty"` // AuthorizationEndpoint is the URL of the OAuth 2.0 Authorization Endpoint where all user interactive login start AuthorizationEndpoint string `json:"authorization_endpoint,omitempty"` // TokenEndpoint is the URL of the OAuth 2.0 Token Endpoint where all tokens are issued, except when using Implicit Flow TokenEndpoint string `json:"token_endpoint,omitempty"` // IntrospectionEndpoint is the URL of the OAuth 2.0 Introspection Endpoint. IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"` // UserinfoEndpoint is the URL where an access_token can be used to retrieve the userinfo. UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"` // RevocationEndpoint is the URL of the OAuth 2.0 Revocation Endpoint. RevocationEndpoint string `json:"revocation_endpoint,omitempty"` // EndSessionEndpoint is a URL where the RP can perform a redirect to request that the End-User be logged out at the OP. EndSessionEndpoint string `json:"end_session_endpoint,omitempty"` // DeviceAuthorizationEndpoint The Device Authorization Endpoint is an OAuth 2.0 endpoint that enables devices with limited input capabilities, such as smart TVs, gaming consoles, and IoT devices, to obtain user authorization to access protected resources. DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint,omitempty"` // CheckSessionIframe is a URL where the OP provides an iframe that support cross-origin communications for session state information with the RP Client. CheckSessionIframe string `json:"check_session_iframe,omitempty"` // JwksURI is the URL of the JSON Web Key Set. This site contains the signing keys that RPs can use to validate the signature. // It may also contain the OP's encryption keys that RPs can use to encrypt request to the OP. JwksURI string `json:"jwks_uri,omitempty"` // RegistrationEndpoint is the URL for the Dynamic Client Registration. RegistrationEndpoint string `json:"registration_endpoint,omitempty"` // ScopesSupported lists an array of supported scopes. This list must not include every supported scope by the OP. ScopesSupported []string `json:"scopes_supported,omitempty"` // ResponseTypesSupported contains a list of the OAuth 2.0 response_type values that the OP supports (code, id_token, token id_token, ...). ResponseTypesSupported []string `json:"response_types_supported,omitempty"` // ResponseModesSupported contains a list of the OAuth 2.0 response_mode values that the OP supports. If omitted, the default value is ["query", "fragment"]. ResponseModesSupported []string `json:"response_modes_supported,omitempty"` // GrantTypesSupported contains a list of the OAuth 2.0 grant_type values that the OP supports. If omitted, the default value is ["authorization_code", "implicit"]. GrantTypesSupported []string `json:"grant_types_supported,omitempty"` // ACRValuesSupported contains a list of Authentication Context Class References that the OP supports. ACRValuesSupported []string `json:"acr_values_supported,omitempty"` // SubjectTypesSupported contains a list of Subject Identifier types that the OP supports (pairwise, public). SubjectTypesSupported []string `json:"subject_types_supported,omitempty"` // IDTokenSigningAlgValuesSupported contains a list of JWS signing algorithms (alg values) supported by the OP for the ID Token. IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"` // IDTokenEncryptionAlgValuesSupported contains a list of JWE encryption algorithms (alg values) supported by the OP for the ID Token. IDTokenEncryptionAlgValuesSupported []string `json:"id_token_encryption_alg_values_supported,omitempty"` // IDTokenEncryptionEncValuesSupported contains a list of JWE encryption algorithms (enc values) supported by the OP for the ID Token. IDTokenEncryptionEncValuesSupported []string `json:"id_token_encryption_enc_values_supported,omitempty"` // UserinfoSigningAlgValuesSupported contains a list of JWS signing algorithms (alg values) supported by the OP for UserInfo Endpoint. UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported,omitempty"` // UserinfoEncryptionAlgValuesSupported contains a list of JWE encryption algorithms (alg values) supported by the OP for the UserInfo Endpoint. UserinfoEncryptionAlgValuesSupported []string `json:"userinfo_encryption_alg_values_supported,omitempty"` // UserinfoEncryptionEncValuesSupported contains a list of JWE encryption algorithms (enc values) supported by the OP for the UserInfo Endpoint. UserinfoEncryptionEncValuesSupported []string `json:"userinfo_encryption_enc_values_supported,omitempty"` // RequestObjectSigningAlgValuesSupported contains a list of JWS signing algorithms (alg values) supported by the OP for Request Objects. // These algorithms are used both then the Request Object is passed by value (using the request parameter) and when it is passed by reference (using the request_uri parameter). RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported,omitempty"` // RequestObjectEncryptionAlgValuesSupported contains a list of JWE encryption algorithms (alg values) supported by the OP for Request Objects. // These algorithms are used both when the Request Object is passed by value and by reference. RequestObjectEncryptionAlgValuesSupported []string `json:"request_object_encryption_alg_values_supported,omitempty"` // RequestObjectEncryptionEncValuesSupported contains a list of JWE encryption algorithms (enc values) supported by the OP for Request Objects. // These algorithms are used both when the Request Object is passed by value and by reference. RequestObjectEncryptionEncValuesSupported []string `json:"request_object_encryption_enc_values_supported,omitempty"` // TokenEndpointAuthMethodsSupported contains a list of Client Authentication methods supported by the Token Endpoint. If omitted, the default is client_secret_basic. TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"` // TokenEndpointAuthSigningAlgValuesSupported contains a list of JWS signing algorithms (alg values) supported by the Token Endpoint // for the signature of the JWT used to authenticate the Client by private_key_jwt and client_secret_jwt. TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported,omitempty"` // RevocationEndpointAuthMethodsSupported contains a list of Client Authentication methods supported by the Revocation Endpoint. If omitted, the default is client_secret_basic. RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported,omitempty"` // RevocationEndpointAuthSigningAlgValuesSupported contains a list of JWS signing algorithms (alg values) supported by the Revocation Endpoint // for the signature of the JWT used to authenticate the Client by private_key_jwt and client_secret_jwt. RevocationEndpointAuthSigningAlgValuesSupported []string `json:"revocation_endpoint_auth_signing_alg_values_supported,omitempty"` // IntrospectionEndpointAuthMethodsSupported contains a list of Client Authentication methods supported by the Introspection Endpoint. IntrospectionEndpointAuthMethodsSupported []string `json:"introspection_endpoint_auth_methods_supported,omitempty"` // IntrospectionEndpointAuthSigningAlgValuesSupported contains a list of JWS signing algorithms (alg values) supported by the Revocation Endpoint // for the signature of the JWT used to authenticate the Client by private_key_jwt and client_secret_jwt. IntrospectionEndpointAuthSigningAlgValuesSupported []string `json:"introspection_endpoint_auth_signing_alg_values_supported,omitempty"` // DisplayValuesSupported contains a list of display parameter values that the OP supports (page, popup, touch, wap). DisplayValuesSupported []string `json:"display_values_supported,omitempty"` // ClaimTypesSupported contains a list of Claim Types that the OP supports (normal, aggregated, distributed). If omitted, the default is normal Claims. ClaimTypesSupported []string `json:"claim_types_supported,omitempty"` // ClaimsSupported contains a list of Claim Names the OP may be able to supply values for. This list might not be exhaustive. ClaimsSupported []string `json:"claims_supported,omitempty"` // ClaimsParameterSupported specifies whether the OP supports use of the `claims` parameter. If omitted, the default is false. ClaimsParameterSupported bool `json:"claims_parameter_supported,omitempty"` // CodeChallengeMethodsSupported contains a list of Proof Key for Code Exchange (PKCE) code challenge methods supported by the OP. CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"` // ServiceDocumentation is a URL where developers can get information about the OP and its usage. ServiceDocumentation string `json:"service_documentation,omitempty"` // ClaimsLocalesSupported contains a list of BCP47 language tag values that the OP supports for values of Claims returned. ClaimsLocalesSupported []language.Tag `json:"claims_locales_supported,omitempty"` // UILocalesSupported contains a list of BCP47 language tag values that the OP supports for the user interface. UILocalesSupported []language.Tag `json:"ui_locales_supported,omitempty"` // RequestParameterSupported specifies whether the OP supports use of the `request` parameter. If omitted, the default value is false. RequestParameterSupported bool `json:"request_parameter_supported,omitempty"` // RequestURIParameterSupported specifies whether the OP supports use of the `request_uri` parameter. If omitted, the default value is true. (therefore no omitempty) RequestURIParameterSupported bool `json:"request_uri_parameter_supported"` // RequireRequestURIRegistration specifies whether the OP requires any `request_uri` to be pre-registered using the request_uris registration parameter. If omitted, the default value is false. RequireRequestURIRegistration bool `json:"require_request_uri_registration,omitempty"` // OPPolicyURI is a URL the OP provides to the person registering the Client to read about the OP's requirements on how the RP can use the data provided by the OP. OPPolicyURI string `json:"op_policy_uri,omitempty"` // OPTermsOfServiceURI is a URL the OpenID Provider provides to the person registering the Client to read about OpenID Provider's terms of service. OPTermsOfServiceURI string `json:"op_tos_uri,omitempty"` }
type EndSessionModel ¶
type IDTokenClaims ¶
type IDTokenClaims struct { TokenClaims AuthTime int64 `json:"auth_time,omitempty"` AccessTokenHash string `json:"at_hash,omitempty"` CodeHash string `json:"c_hash,omitempty"` SessionID string `json:"sid,omitempty"` UserInfoProfile UserInfoEmail UserInfoPhone Address *UserInfoAddress `json:"address,omitempty"` }
IDTokenClaims extends TokenClaims by further implementing OpenID Connect Core 1.0, sections 3.1.3.6 (Code flow), 3.2.2.10 (implicit), 3.3.2.11 (Hybrid) and 5.1 (UserInfo). https://openid.net/specs/openid-connect-core-1_0.html#toc
func (*IDTokenClaims) SetUserInfo ¶
func (s *IDTokenClaims) SetUserInfo(i *UserInfo)
type IntrospectionModel ¶
type IntrospectionModel struct { Active bool `json:"active"` Scope string `json:"scope,omitempty"` ClientID string `json:"client_id,omitempty"` TokenType string `json:"token_type,omitempty"` Expiration int64 `json:"exp,omitempty"` IssuedAt int64 `json:"iat,omitempty"` NotBefore int64 `json:"nbf,omitempty"` Audience []string `json:"aud,omitempty"` Issuer string `json:"iss,omitempty"` JWTID string `json:"jti,omitempty"` *UserInfo }
IntrospectionRes implements RFC 7662, section 2.2 and OpenID Connect Core 1.0, section 5.1 (UserInfo). https://www.rfc-editor.org/rfc/rfc7662.html#section-2.2. https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims.
type JWTClientTokenClaims ¶
type TokenClaims ¶
type TokenClaims struct { Issuer string `json:"iss,omitempty"` Subject string `json:"sub,omitempty"` Audience Audience `json:"aud,omitempty"` Expiration int64 `json:"exp,omitempty"` IssuedAt int64 `json:"iat,omitempty"` NotBefore int64 `json:"nbf,omitempty"` Nonce string `json:"nonce,omitempty"` AuthenticationContextClassReference string `json:"acr,omitempty"` AuthenticationMethodsReferences []string `json:"amr,omitempty"` AuthorizedParty string `json:"azp,omitempty"` ClientID string `json:"client_id,omitempty"` JWTID string `json:"jti,omitempty"` }
TokenClaims contains the base Claims used all tokens. It implements OpenID Connect Core 1.0, section 2. https://openid.net/specs/openid-connect-core-1_0.html#IDToken And RFC 9068: JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens, section 2.2. https://datatracker.ietf.org/doc/html/rfc9068#name-data-structure
TokenClaims implements the Claims interface, and can be used to extend larger claim types by embedding.
func (*TokenClaims) CheckAudience ¶
func (t *TokenClaims) CheckAudience(audience string) error
func (*TokenClaims) CheckAuthorizationContextClassReference ¶
func (t *TokenClaims) CheckAuthorizationContextClassReference(acr string) error
func (*TokenClaims) CheckExpiration ¶
func (t *TokenClaims) CheckExpiration() error
func (*TokenClaims) CheckIssuedAt ¶
func (t *TokenClaims) CheckIssuedAt() error
func (*TokenClaims) CheckIssuer ¶
func (t *TokenClaims) CheckIssuer(issuer string) error
func (*TokenClaims) CheckNonce ¶
func (t *TokenClaims) CheckNonce(nonce string) error
type UserInfo ¶
type UserInfo struct { Subject string `json:"sub,omitempty"` UserInfoProfile UserInfoEmail UserInfoPhone Address *UserInfoAddress `json:"address,omitempty"` }
type UserInfoAddress ¶
type UserInfoAddress struct { Formatted string `json:"formatted,omitempty"` StreetAddress string `json:"street_address,omitempty"` Locality string `json:"locality,omitempty"` Region string `json:"region,omitempty"` PostalCode string `json:"postal_code,omitempty"` Country string `json:"country,omitempty"` }
type UserInfoEmail ¶
type UserInfoEmail struct { Email string `json:"email,omitempty"` // Handle providers that return email_verified as a string // https://forums.aws.amazon.com/thread.jspa?messageID=949441󧳁 // https://discuss.elastic.co/t/openid-error-after-authenticating-against-aws-cognito/206018/11 EmailVerified bool `json:"email_verified,omitempty"` }
type UserInfoPhone ¶
type UserInfoProfile ¶
type UserInfoProfile struct { Name string `json:"name,omitempty"` GivenName string `json:"given_name,omitempty"` FamilyName string `json:"family_name,omitempty"` MiddleName string `json:"middle_name,omitempty"` Nickname string `json:"nickname,omitempty"` Profile string `json:"profile,omitempty"` Picture string `json:"picture,omitempty"` Website string `json:"website,omitempty"` Gender string `json:"gender,omitempty"` Birthdate string `json:"birthdate,omitempty"` ZoneInfo string `json:"zoneinfo,omitempty"` Locale string `json:"locale,omitempty"` UpdatedAt int64 `json:"updated_at,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` }