Documentation
¶
Index ¶
- func GenerateState() (string, error)
- type Claims
- type Config
- type DiscoveryDocument
- type HTTPClient
- type Provider
- func (p *Provider) AuthorizationURL(ctx context.Context, state string) (string, error)
- func (p *Provider) CallbackHandler(...) http.HandlerFunc
- func (p *Provider) Config() Config
- func (p *Provider) Discover(ctx context.Context) (*DiscoveryDocument, error)
- func (p *Provider) ExchangeCode(ctx context.Context, code string) (*TokenResponse, error)
- type TokenResponse
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateState ¶
GenerateState produces a cryptographically random state parameter.
Types ¶
type Claims ¶
type Claims struct {
Subject string `json:"sub"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Name string `json:"name"`
Groups []string `json:"groups,omitempty"`
Issuer string `json:"iss"`
Audience string `json:"aud"`
ExpiresAt int64 `json:"exp"`
IssuedAt int64 `json:"iat"`
}
Claims represents the standard claims extracted from an ID token.
func ParseIDTokenUnverified ¶
ParseIDTokenUnverified extracts claims from an ID token without cryptographic verification. Use this only when you have already validated the token via the token endpoint response.
type Config ¶
type Config struct {
Issuer string `json:"issuer" yaml:"issuer"`
ClientID string `json:"client_id" yaml:"client_id"`
ClientSecret string `json:"client_secret" yaml:"client_secret"`
RedirectURI string `json:"redirect_uri" yaml:"redirect_uri"`
Scopes []string `json:"scopes" yaml:"scopes"`
}
Config holds OIDC provider configuration.
type DiscoveryDocument ¶
type DiscoveryDocument struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserInfoEndpoint string `json:"userinfo_endpoint"`
JWKSURI string `json:"jwks_uri"`
ScopesSupported []string `json:"scopes_supported"`
}
DiscoveryDocument represents the OpenID Connect discovery response.
type HTTPClient ¶
HTTPClient is the interface for making HTTP requests (allows testing).
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider handles OIDC authentication flows.
func NewProvider ¶
func NewProvider(cfg Config, client HTTPClient) (*Provider, error)
NewProvider creates a new OIDC provider with the given configuration.
func (*Provider) AuthorizationURL ¶
AuthorizationURL builds the URL to redirect users for authentication.
func (*Provider) CallbackHandler ¶
func (p *Provider) CallbackHandler(onSuccess func(w http.ResponseWriter, r *http.Request, claims *Claims, tokens *TokenResponse)) http.HandlerFunc
CallbackHandler returns an HTTP handler that processes the OIDC authorization code callback. On success it calls onSuccess with the extracted claims.
func (*Provider) Discover ¶
func (p *Provider) Discover(ctx context.Context) (*DiscoveryDocument, error)
Discover fetches the OIDC discovery document from the issuer.
func (*Provider) ExchangeCode ¶
ExchangeCode exchanges an authorization code for tokens.
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
RefreshToken string `json:"refresh_token,omitempty"`
IDToken string `json:"id_token,omitempty"`
}
TokenResponse represents the response from the token endpoint.
Source Files