oauth

package
v1.1.86 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TypeGeneric  = "generic"
	TypeOkta     = "okta"
	TypeKeycloak = "keycloak"
)

Provider type string const

View Source 
const (
	GrantTypeAuthorizationCode = "authorization_code"
	GrantTypeImplicit          = "implicit"
	GrantTypeClientCredentials = "client_credentials"

	AuthResponseToken = "token"
	AuthResponseCode  = "code"

	TLSClientAuthSubjectDN = "tls_client_auth_subject_dn"
	TLSClientAuthSanDNS    = "tls_client_auth_san_dns"
	TLSClientAuthSanEmail  = "tls_client_auth_san_email"
	TLSClientAuthSanIP     = "tls_client_auth_san_ip"
	TLSClientAuthSanURI    = "tls_client_auth_san_uri"
)
View Source 
const (
	SigningMethodRS256 = "RS256"
	SigningMethodRS384 = "RS384"
	SigningMethodRS512 = "RS512"

	SigningMethodES256 = "ES256"
	SigningMethodES384 = "ES384"
	SigningMethodES512 = "ES512"

	SigningMethodPS256 = "PS256"
	SigningMethodPS384 = "PS384"
	SigningMethodPS512 = "PS512"

	SigningMethodHS256 = "HS256"
	SigningMethodHS384 = "HS384"
	SigningMethodHS512 = "HS512"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthClient 

type AuthClient interface {
	GetToken() (string, error)
	FetchToken(useCachedToken bool) (string, error)
}

AuthClient - Interface representing the auth Client

func NewAuthClient 

func NewAuthClient(tokenURL string, apiClient api.Client, opts ...AuthClientOption) (AuthClient, error)

NewAuthClient - create a new auth client with client options

type AuthClientOption 

type AuthClientOption func(*authClientOptions)

AuthClientOption - configures auth client.

func WithClientSecretBasicAuth added in v1.1.61 

func WithClientSecretBasicAuth(clientID, clientSecret, scope string) AuthClientOption

WithClientSecretBasicAuth - sets up to use client secret basic authenticator

func WithClientSecretJwtAuth added in v1.1.61 

func WithClientSecretJwtAuth(clientID, clientSecret, scope, issuer, aud, signingMethod string) AuthClientOption

WithClientSecretJwtAuth - sets up to use client secret authenticator

func WithClientSecretPostAuth added in v1.1.61 

func WithClientSecretPostAuth(clientID, clientSecret, scope string) AuthClientOption

WithClientSecretPostAuth - sets up to use client secret authenticator

func WithKeyPairAuth 

func WithKeyPairAuth(clientID, issuer, audience string, privKey *rsa.PrivateKey, publicKey []byte, scope, signingMethod string) AuthClientOption

WithKeyPairAuth - sets up to use public/private key pair authenticator

func WithQueryParams added in v1.1.86 

func WithQueryParams(queryParams map[string]string) AuthClientOption

WithQueryParams - sets up the additional query params in auth client

func WithRequestHeaders added in v1.1.86 

func WithRequestHeaders(hdr map[string]string) AuthClientOption

WithRequestHeaders - sets up the additional request headers in auth client

func WithServerName 

func WithServerName(serverName string) AuthClientOption

WithServerName - sets up the server name in auth client

func WithTLSClientAuth added in v1.1.61 

func WithTLSClientAuth(clientID, scope string) AuthClientOption

WithTLSClientAuth - sets up to use tls_client_auth and self_signed_tls_client_auth authenticator

type AuthorizationServerMetadata 

type AuthorizationServerMetadata struct {
	Issuer string `json:"issuer,omitempty"`

	AuthorizationEndpoint              string `json:"authorization_endpoint,omitempty"`
	TokenEndpoint                      string `json:"token_endpoint,omitempty"`
	RegistrationEndpoint               string `json:"registration_endpoint,omitempty"`
	JwksURI                            string `json:"jwks_uri,omitempty"`
	IntrospectionEndpoint              string `json:"introspection_endpoint,omitempty"`
	RevocationEndpoint                 string `json:"revocation_endpoint,omitempty"`
	EndSessionEndpoint                 string `json:"end_session_endpoint,omitempty"`
	DeviceAuthorizationEndpoint        string `json:"device_authorization_endpoint,omitempty"`
	PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint,omitempty"`

	ResponseTypesSupported                    []string `json:"response_types_supported,omitempty"`
	ResponseModesSupported                    []string `json:"response_modes_supported,omitempty"`
	GrantTypesSupported                       []string `json:"grant_types_supported,omitempty"`
	SubjectTypeSupported                      []string `json:"subject_types_supported,omitempty"`
	ScopesSupported                           []string `json:"scopes_supported,omitempty"`
	TokenEndpointAuthMethodSupported          []string `json:"token_endpoint_auth_methods_supported,omitempty"`
	ClaimsSupported                           []string `json:"claims_supported,omitempty"`
	CodeChallengeMethodsSupported             []string `json:"code_challenge_methods_supported,omitempty"`
	IntrospectionEndpointAuthMethodsSupported []string `json:"introspection_endpoint_auth_methods_supported,omitempty"`
	RevocationEndpointAuthMethodsSupported    []string `json:"revocation_endpoint_auth_methods_supported,omitempty"`

	RequestParameterSupported              bool     `json:"request_parameter_supported,omitempty"`
	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported,omitempty"`

	MTLSEndPointAlias *MTLSEndPointAlias `json:"mtls_endpoint_aliases,omitempty"`
}

AuthorizationServerMetadata - OAuth metadata from IdP

type ClientBuilder 

type ClientBuilder interface {
	SetClientName(string) ClientBuilder

	SetScopes([]string) ClientBuilder
	SetGrantTypes([]string) ClientBuilder
	SetResponseType([]string) ClientBuilder
	SetTokenEndpointAuthMethod(tokenAuthMethod string) ClientBuilder

	SetRedirectURIs([]string) ClientBuilder
	SetLogoURI(string) ClientBuilder

	SetJWKSURI(string) ClientBuilder
	SetJWKS([]byte) ClientBuilder

	SetCertificateMetadata(certificateMetaddata string) ClientBuilder
	SetTLSClientAuthSanDNS(tlsClientAuthSanDNS string) ClientBuilder
	SetTLSClientAuthSanEmail(tlsClientAuthSanEmail string) ClientBuilder
	SetTLSClientAuthSanIP(tlsClientAuthSanIP string) ClientBuilder
	SetTLSClientAuthSanURI(tlsClientAuthSanURI string) ClientBuilder
	SetExtraProperties(map[string]string) ClientBuilder

	Build() (ClientMetadata, error)
}

ClientBuilder - Builder for IdP client representation

func NewClientMetadataBuilder 

func NewClientMetadataBuilder() ClientBuilder

NewClientMetadataBuilder - create a new instance of builder to construct client metadata

type ClientMetadata 

type ClientMetadata interface {
	GetClientName() string
	GetClientID() string
	GetClientSecret() string
	GetClientIDIssuedAt() *time.Time
	GetClientSecretExpiresAt() *time.Time
	GetScopes() []string
	GetGrantTypes() []string
	GetTokenEndpointAuthMethod() string
	GetResponseTypes() []string
	GetClientURI() string
	GetRedirectURIs() []string
	GetLogoURI() string
	GetJwksURI() string
	GetJwks() map[string]interface{}
	GetExtraProperties() map[string]string
	GetTLSClientAuthSanDNS() string
	GetTLSClientAuthSanEmail() string
	GetTLSClientAuthSanIP() string
	GetTLSClientAuthSanURI() string
	GetRegistrationAccessToken() string
}

ClientMetadata - Interface for IdP client metadata representation

type KeyReader added in v1.1.61 

type KeyReader interface {
	GetPrivateKey() (*rsa.PrivateKey, error)
	GetPublicKey() ([]byte, error)
}

func NewKeyReader added in v1.1.61 

func NewKeyReader(privateKey, publicKey, password string) KeyReader

type MTLSEndPointAlias added in v1.1.61 

type MTLSEndPointAlias struct {
	TokenEndpoint         string `json:"token_endpoint,omitempty"`
	RegistrationEndpoint  string `json:"registration_endpoint,omitempty"`
	IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"`
	RevocationEndpoint    string `json:"revocation_endpoint,omitempty"`
}

type MockIDPServer 

type MockIDPServer interface {
	GetMetadataURL() string
	GetIssuer() string
	GetTokenURL() string
	GetAuthEndpoint() string
	SetMetadataResponseCode(statusCode int)
	SetTokenResponse(accessToken string, expiry time.Duration, statusCode int)
	SetRegistrationResponseCode(statusCode int)
	GetTokenRequestHeaders() http.Header
	GetTokenQueryParams() url.Values
	GetTokenRequestValues() url.Values
	GetRequestHeaders() http.Header
	GetQueryParams() url.Values
	Close()
}

MockIDPServer - interface for mock IDP server

func NewMockIDPServer 

func NewMockIDPServer() MockIDPServer

NewMockIDPServer - creates a new mock IDP server for tests

type Provider 

type Provider interface {
	GetName() string
	GetTitle() string
	GetIssuer() string
	GetTokenEndpoint() string
	GetMTLSTokenEndpoint() string
	GetAuthorizationEndpoint() string
	GetSupportedScopes() []string
	GetSupportedGrantTypes() []string
	GetSupportedTokenAuthMethods() []string
	GetSupportedResponseMethod() []string
	RegisterClient(clientMetadata ClientMetadata) (ClientMetadata, error)
	UnregisterClient(clientID, accessToken string) error
}

Provider - interface for external IdP provider

func NewProvider 

func NewProvider(idp corecfg.IDPConfig, tlsCfg corecfg.TLSConfig, proxyURL string, clientTimeout time.Duration) (Provider, error)

NewProvider - create a new IdP provider

type ProviderRegistry 

type ProviderRegistry interface {
	// RegisterProvider - registers the provider using the config
	RegisterProvider(idp corecfg.IDPConfig, tlsCfg corecfg.TLSConfig, proxyURL string, clientTimeout time.Duration) error
	// GetProviderByName - returns the provider from registry based on the name
	GetProviderByName(name string) (Provider, error)
	// GetProviderByIssuer - returns the provider from registry based on the IDP issuer
	GetProviderByIssuer(issuer string) (Provider, error)
	// GetProviderByTokenEndpoint - returns the provider from registry based on the IDP token endpoint
	GetProviderByTokenEndpoint(tokenEndpoint string) (Provider, error)
	// GetProviderByAuthorizationEndpoint - returns the provider from registry based on the IDP authorization endpoint
	GetProviderByAuthorizationEndpoint(authEndpoint string) (Provider, error)
}

ProviderRegistry - interface for provider registry

func NewProviderRegistry 

func NewProviderRegistry() ProviderRegistry

NewProviderRegistry - create a new provider registry

type ProviderType 

type ProviderType int

ProviderType - type of provider 

const (
	Generic ProviderType = iota + 1
	Okta
	KeyCloak
)

Provider types

type Scopes 

type Scopes []string

Scopes - type for serializing scopes in client representation

func (*Scopes) MarshalJSON 

func (s *Scopes) MarshalJSON() ([]byte, error)

MarshalJSON - serializes the scopes in array as space separated string

func (*Scopes) UnmarshalJSON 

func (s *Scopes) UnmarshalJSON(data []byte) error

UnmarshalJSON - deserializes the scopes from space separated string to array

type Time 

type Time time.Time

Time - time

func (*Time) MarshalJSON 

func (t *Time) MarshalJSON() ([]byte, error)

MarshalJSON - serialize time to unix timestamp

func (*Time) UnmarshalJSON 

func (t *Time) UnmarshalJSON(data []byte) error

UnmarshalJSON - deserialize time to unix timestamp

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.