client

package

v0.4.0 Latest Latest Go to latest Published: Mar 27, 2025 License: Apache-2.0 Imports: 22 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Hello-User/openpubkey

Links

Open Source Insights

Documentation ¶

Index ¶

type AuthOpts
- func WithExtraClaim(k string, v string) AuthOpts
type AuthOptsStruct
type BrowserOpenIdProvider
type ClientOpts
- func WithCosignerProvider(cosP *CosignerProvider) ClientOpts
- func WithSigner(signer crypto.Signer, alg jwa.KeyAlgorithm) ClientOpts
type CosignerProvider
type OpenIdProvider
type OpkClient
- func New(op OpenIdProvider, opts ...ClientOpts) (*OpkClient, error)
type PKTokenVerifier

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AuthOpts ¶

type AuthOpts func(a *AuthOptsStruct)

func WithExtraClaim ¶

func WithExtraClaim(k string, v string) AuthOpts

WithExtraClaim specifies additional values to be included in the CIC. These claims will be include in the CIC protected header and will be hashed into the commitment claim in the ID Token. The commitment claim is typically the nonce or aud claim in the ID Token. Example use:

WithExtraClaim("claimKey", "claimValue")

type AuthOptsStruct ¶

type AuthOptsStruct struct {
	// contains filtered or unexported fields
}

type BrowserOpenIdProvider ¶

type BrowserOpenIdProvider = providers.BrowserOpenIdProvider

type ClientOpts ¶

type ClientOpts func(o *OpkClient)

ClientOpts contains options for constructing an OpkClient

func WithCosignerProvider ¶

func WithCosignerProvider(cosP *CosignerProvider) ClientOpts

WithCosignerProvider specifies what cosigner provider should be used to cosign the PK Token. If this is not specified then the cosigning setup is skipped.

func WithSigner ¶

func WithSigner(signer crypto.Signer, alg jwa.KeyAlgorithm) ClientOpts

WithSigner allows the caller to inject their own signer and algorithm. Use this option if to generate to bring your own user key pair. If this option is not set the OpkClient constructor will automatically generate a signer, i.e., key pair. Example use:

signer, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
WithSigner(signer, jwa.ES256)

type CosignerProvider ¶

type CosignerProvider struct {
	Issuer       string
	CallbackPath string
}

func (*CosignerProvider) CreateInitAuthSig ¶

func (c *CosignerProvider) CreateInitAuthSig(redirectURI string) ([]byte, string, error)

CreateInitAuthSig generates a random nonce, validates the redirectURI, creates an InitMFAAuth message, marshals it to JSON, and returns the JSON message along with the nonce.

func (*CosignerProvider) RequestToken ¶

func (c *CosignerProvider) RequestToken(ctx context.Context, signer crypto.Signer, pkt *pktoken.PKToken, redirCh chan string) (*pktoken.PKToken, error)

func (*CosignerProvider) ValidateCos ¶

func (c *CosignerProvider) ValidateCos(cosSig []byte, expectedNonce string, expectedRedirectURI string) error

type OpenIdProvider ¶

type OpenIdProvider = providers.OpenIdProvider

type OpkClient ¶

type OpkClient struct {
	Op OpenIdProvider
	// contains filtered or unexported fields
}

func New ¶

func New(op OpenIdProvider, opts ...ClientOpts) (*OpkClient, error)

New returns a new client.OpkClient. The op argument should be the OpenID Provider you want to authenticate against.

func (*OpkClient) Auth ¶

func (o *OpkClient) Auth(ctx context.Context, opts ...AuthOpts) (*pktoken.PKToken, error)

Auth returns a PK Token by running the OpenPubkey protocol. It will first authenticate to the configured OpenID Provider (OP) and receive an ID Token. Using this ID Token it will generate a PK Token. If a Cosigner has been configured it will also attempt to get the PK Token cosigned.

func (*OpkClient) GetAlg ¶

func (o *OpkClient) GetAlg() jwa.KeyAlgorithm

GetAlg returns the algorithm of the client's key pair (Public Key, Signing Key)

func (*OpkClient) GetCosP ¶

func (o *OpkClient) GetCosP() *CosignerProvider

GetCosP returns the MFA Cosigner Provider the OpkClient has been configured to use

func (*OpkClient) GetOp ¶

func (o *OpkClient) GetOp() OpenIdProvider

GetOp returns the OpenID Provider the OpkClient has been configured to use

func (*OpkClient) GetPKToken ¶

func (o *OpkClient) GetPKToken() (*pktoken.PKToken, error)

GetPKToken returns a deep copy of client's current PK Token

func (*OpkClient) GetSigner ¶

func (o *OpkClient) GetSigner() crypto.Signer

GetSigner returns the client's key pair (Public Key, Signing Key)

func (*OpkClient) Refresh ¶

func (o *OpkClient) Refresh(ctx context.Context) (*pktoken.PKToken, error)

Refresh uses a Refresh Token to request a fresh ID Token and Access Token from an OpenID Provider. It provides a way to refresh the Access and ID Tokens for an OpenID Provider that supports refresh requests, allowing the client to continue making authenticated requests without requiring the user to re-authenticate.

func (*OpkClient) SetPKToken ¶

func (o *OpkClient) SetPKToken(pkt *pktoken.PKToken)

type PKTokenVerifier ¶

type PKTokenVerifier interface {
	VerifyPKToken(ctx context.Context, pkt *pktoken.PKToken, extraChecks ...verifier.Check) error
}

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
choosers

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL