Documentation
¶
Index ¶
- Variables
- type ClientOption
- type OIDCClient
- func (o *OIDCClient) Do(req *http.Request) (*http.Response, error)
- func (o *OIDCClient) FetchNewIncusTokenURL(req *http.Request) (string, *oidc.DeviceAuthorizationResponse, rp.RelyingParty, error)
- func (o *OIDCClient) GetAccessToken() string
- func (o *OIDCClient) GetOIDCTokens() oidc.Tokens[*oidc.IDTokenClaims]
- func (o *OIDCClient) WaitForToken(resp *oidc.DeviceAuthorizationResponse, provider rp.RelyingParty) error
- type OIDCContext
- type OIDCTrustTuple
Constants ¶
This section is empty.
Variables ¶
var ErrOIDCExpired = fmt.Errorf("OIDC token expired, please re-try the request")
ErrOIDCExpired is returned when the token is expired and we can't retry the request ourselves.
Functions ¶
This section is empty.
Types ¶
type ClientOption ¶
type ClientOption func(c *OIDCClient)
type OIDCClient ¶
type OIDCClient struct {
// contains filtered or unexported fields
}
OIDCClient is a structure encapsulating an HTTP client, OIDC transport, and OIDC context (token, trust tupple) for OpenID Connect (OIDC) operations.
func NewClient ¶
func NewClient(httpClient *http.Client, oidcContextFile string, opts ...ClientOption) *OIDCClient
NewClient constructs a new OIDCClient, ensuring the token field is non-nil to prevent panics during authentication.
func (*OIDCClient) Do ¶
Do function executes an HTTP request using the OIDCClient's http client, and manages authorization by refreshing or authenticating as needed. If the request fails with an HTTP Unauthorized status, it attempts to refresh the access token, or perform an OIDC authentication if refresh fails.
func (*OIDCClient) FetchNewIncusTokenURL ¶
func (o *OIDCClient) FetchNewIncusTokenURL(req *http.Request) (string, *oidc.DeviceAuthorizationResponse, rp.RelyingParty, error)
func (*OIDCClient) GetAccessToken ¶
func (o *OIDCClient) GetAccessToken() string
GetAccessToken returns the Access Token from the OIDCClient's tokens, or an empty string if no tokens are present.
func (*OIDCClient) GetOIDCTokens ¶
func (o *OIDCClient) GetOIDCTokens() oidc.Tokens[*oidc.IDTokenClaims]
GetOIDCTokens returns the current OIDC tokens, if any.
func (*OIDCClient) WaitForToken ¶
func (o *OIDCClient) WaitForToken(resp *oidc.DeviceAuthorizationResponse, provider rp.RelyingParty) error
type OIDCContext ¶
type OIDCContext struct {
TrustTuple OIDCTrustTuple `json:"trust_tuple"`
Tokens oidc.Tokens[*oidc.IDTokenClaims] `json:"tokens"`
}
OIDCContext holds the OIDC context information, which is required to authenticate with OIDC and to refresh the OIDC tokens if necessary.
type OIDCTrustTuple ¶
type OIDCTrustTuple struct {
Issuer string `json:"issuer"`
ClientID string `json:"client_id"`
Audience string `json:"audience"`
}
OIDCTrustTuple is the issuer, clientid and the audience shared by the server in order to authenticate (or refresh) with the OIDC relying party.
Source Files