Documentation
¶
Index ¶
Constants ¶
View Source
const ( // AuthStyleParams sends client_id and client_secret in the request body AuthStyleParams = "params" // AuthStyleHeader sends client credentials as HTTP Basic Authentication header AuthStyleHeader = "header" )
View Source
const ( GrantTypeTokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange" TokenTypeAccessToken = "urn:ietf:params:oauth:token-type:access_token" TokenTypeJWT = "urn:ietf:params:oauth:token-type:jwt" )
View Source
const ( FormKeyGrantType = "grant_type" FormKeySubjectToken = "subject_token" FormKeySubjectTokenType = "subject_token_type" FormKeySubjectIssuer = "subject_issuer" FormKeyAudience = "audience" FormKeyClientID = "client_id" FormKeyClientSecret = "client_secret" FormKeyScope = "scope" FormKeyRequestedTokenType = "requested_token_type" )
View Source
const ( HeaderContentType = "Content-Type" HeaderAuthorization = "Authorization" ContentTypeXWWWFormUrlEncoded = "application/x-www-form-urlencoded" )
View Source
const ( StrategyKeycloakV1 = "keycloak-v1" StrategyRFC8693 = "rfc8693" )
Variables ¶
This section is empty.
Functions ¶
func RegisterTokenExchanger ¶
func RegisterTokenExchanger(strategy string, exchanger TokenExchanger)
Types ¶
type TargetTokenExchangeConfig ¶
type TargetTokenExchangeConfig struct {
// TokenURL is the token endpoint for the target
TokenURL string `toml:"token_url"`
// ClientID is the OAuth client ID for the target
ClientID string `toml:"client_id"`
// ClientSecret is the OAuth client secret for the target
ClientSecret string `toml:"client_secret"`
// Audience is the target audience for the exchanged token
Audience string `toml:"audience"`
// SubjectTokenType specifies the token type for the subject token
// For same-realm: "urn:ietf:params:oauth:token-type:access_token"
// For cross-realm: "urn:ietf:params:oauth:token-type:jwt"
SubjectTokenType string `toml:"subject_token_type"`
// SubjectIssuer is the IDP alias for cross-realm token exchange
// Only required when exchanging tokens across Keycloak realms
SubjectIssuer string `toml:"subject_issuer,omitempty"`
// Scopes are optional scopes to request during token exchange
Scopes []string `toml:"scopes,omitempty"`
// CAFile is the path to a CA certificate file for TLS verification
// Used when the token endpoint uses a certificate signed by a private CA
CAFile string `toml:"ca_file,omitempty"`
// AuthStyle specifies how client credentials are sent to the token endpoint
// "params" (default): client_id/secret in request body
// "header": HTTP Basic Authentication header
AuthStyle string `toml:"auth_style,omitempty"`
// contains filtered or unexported fields
}
TargetTokenExchangeConfig holds per-target token exchange configuration This is used by providers that support per-target token exchange to keep configuration consistent between providers
func (*TargetTokenExchangeConfig) HTTPCLient ¶
func (c *TargetTokenExchangeConfig) HTTPCLient() (*http.Client, error)
func (*TargetTokenExchangeConfig) Validate ¶
func (c *TargetTokenExchangeConfig) Validate() error
Validate checks that the configuration values are valid
type TokenExchanger ¶
type TokenExchanger interface {
Exchange(ctx context.Context, cfg *TargetTokenExchangeConfig, subjectToken string) (*oauth2.Token, error)
}
func GetTokenExchanger ¶
func GetTokenExchanger(strategy string) (TokenExchanger, bool)
Source Files
Click to show internal directories.
Click to hide internal directories.