Documentation
¶
Index ¶
- func CustomClaimsFromContext[T jwtvalidator.CustomClaims](ctx context.Context) T
- func DeviceCodeUIConsoleQR(deviceCode *oauth2.DeviceAuthResponse) error
- func DeviceCodeUIConsoleText(deviceCode *oauth2.DeviceAuthResponse) error
- func ExtractClaims[T jwtvalidator.CustomClaims](claims interface{}) (jwtvalidator.RegisteredClaims, T, error)
- func LoadTokenFromFile(filePath string) (*oauth2.Token, error)
- func NewHTTPClientFromConfig(config *ClientConfig) (*http.Client, error)
- func NewTokenSourceFromConfig(config ClientConfig) oauth2.TokenSource
- func NewValidatorFromConfig(config *ValidatorConfig, opts ...jwtvalidator.Option) (*jwtvalidator.Validator, error)
- func NewValidatorsFromConfig(configs []ValidatorConfig, opts ...jwtvalidator.Option) ([]*jwtvalidator.Validator, error)
- func NewWaitingTokenSource(tokenSource oauth2.TokenSource, interval time.Duration, maxTime time.Duration) oauth2.TokenSource
- func NewWaitingTokenSourceFromConfig(config ClientConfig, interval time.Duration, maxTime time.Duration) oauth2.TokenSource
- func Oauth2ClientWithBaseTransport(client *http.Client, baseTransport http.RoundTripper) (*http.Client, error)
- func Oauth2ClientWithTLS(client *http.Client, tlsConfig tls.ClientConfig) (*http.Client, error)
- func ResolveToken(c ClientConfig) (*oauth2.Token, error)
- func SaveTokenToFile(accessToken *oauth2.Token, authFilePath string) error
- type Client
- func (c *Client) ClientCredentialsToken(ctx context.Context, opts ...RequestOpt) (*oauth2.Token, error)
- func (c *Client) DeviceToken(ctx context.Context, scopes ...string) (*oauth2.Token, error)
- func (c *Client) Endpoint() Endpoint
- func (c *Client) GothProvider(callbackURL *url.URL, scopes ...string) (goth.Provider, error)
- func (c *Client) HTTPClient(t *oauth2.Token) (*http.Client, error)
- func (c *Client) IntrospectToken(ctx context.Context, token string) (*IntrospectionResponse, error)
- func (c *Client) TokenSource(t *oauth2.Token) (oauth2.TokenSource, error)
- func (c *Client) ValidateToken(ctx context.Context, token string, audiences []string) (*jwtvalidator.ValidatedClaims, error)
- type ClientConfig
- type ClientOpt
- func WithClientID(clientID string) ClientOpt
- func WithClientIDAndSecret(clientID, clientSecret string) ClientOpt
- func WithDeviceCodeUI(ui DeviceCodeUI) ClientOpt
- func WithKeyCacheTTL(ttl time.Duration) ClientOpt
- func WithValidatingSignatureAlgorithm(algorithm jwtvalidator.SignatureAlgorithm) ClientOpt
- type DeviceCodeUI
- type Endpoint
- type EndpointConfig
- type GitHubEndpoint
- func (e *GitHubEndpoint) DiscoveredConfiguration() (*OpenIDConfiguration, error)
- func (e *GitHubEndpoint) DiscoveryEndpoint() (*url.URL, error)
- func (e *GitHubEndpoint) GothProvider(clientID, clientSecret string, callbackURL *url.URL, scopes ...string) (goth.Provider, error)
- func (e *GitHubEndpoint) OAuth2Endpoint() (oauth2.Endpoint, error)
- func (e *GitHubEndpoint) URL() *url.URL
- type GothEndpoint
- type IntrospectionResponse
- type KeycloakEndpoint
- type MultiValidator
- type OpenIDConfiguration
- type RequestOpt
- type TrustConfig
- type ValidatorConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CustomClaimsFromContext ¶ added in v0.40.2
func CustomClaimsFromContext[T jwtvalidator.CustomClaims](ctx context.Context) T
func DeviceCodeUIConsoleQR ¶
func DeviceCodeUIConsoleQR(deviceCode *oauth2.DeviceAuthResponse) error
func DeviceCodeUIConsoleText ¶
func DeviceCodeUIConsoleText(deviceCode *oauth2.DeviceAuthResponse) error
func ExtractClaims ¶
func ExtractClaims[T jwtvalidator.CustomClaims](claims interface{}) (jwtvalidator.RegisteredClaims, T, error)
func NewHTTPClientFromConfig ¶
func NewHTTPClientFromConfig(config *ClientConfig) (*http.Client, error)
func NewTokenSourceFromConfig ¶ added in v0.41.0
func NewTokenSourceFromConfig(config ClientConfig) oauth2.TokenSource
func NewValidatorFromConfig ¶
func NewValidatorFromConfig(config *ValidatorConfig, opts ...jwtvalidator.Option) (*jwtvalidator.Validator, error)
func NewValidatorsFromConfig ¶
func NewValidatorsFromConfig(configs []ValidatorConfig, opts ...jwtvalidator.Option) ([]*jwtvalidator.Validator, error)
func NewWaitingTokenSource ¶ added in v0.41.0
func NewWaitingTokenSource(tokenSource oauth2.TokenSource, interval time.Duration, maxTime time.Duration) oauth2.TokenSource
func NewWaitingTokenSourceFromConfig ¶ added in v0.41.0
func NewWaitingTokenSourceFromConfig(config ClientConfig, interval time.Duration, maxTime time.Duration) oauth2.TokenSource
func Oauth2ClientWithBaseTransport ¶ added in v0.41.1
func Oauth2ClientWithTLS ¶ added in v0.41.1
func ResolveToken ¶
func ResolveToken(c ClientConfig) (*oauth2.Token, error)
Types ¶
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func NewClientFromConfig ¶
func NewClientFromConfig(config *ClientConfig) (*Client, error)
func (*Client) ClientCredentialsToken ¶
func (c *Client) ClientCredentialsToken(ctx context.Context, opts ...RequestOpt) (*oauth2.Token, error)
ClientCredentialsToken gets a token using the client_credentials grant It sends the client_id and client_secret to the token endpoint and gets a token in response
func (*Client) DeviceToken ¶
func (*Client) GothProvider ¶ added in v0.40.1
func (*Client) IntrospectToken ¶
IntrospectToken introspects the token It sends the token to the introspection endpoint and gets the response
func (*Client) TokenSource ¶ added in v0.40.0
func (*Client) ValidateToken ¶
func (c *Client) ValidateToken(ctx context.Context, token string, audiences []string) (*jwtvalidator.ValidatedClaims, error)
ValidateToken VerifyToke verifies the token and returns the claims It fetches the verification keys from the OIDC server and uses them to verify the token
type ClientConfig ¶
type ClientConfig struct {
// Provider EndpointConfig `json:"provider"` // e.g. "github", "keycloak"
EndpointConfig `mapstructure:",squash"`
ClientID string `json:"client-id" mapstructure:"client-id"`
ClientSecret util.MaskedString `json:"client-secret,omitempty" mapstructure:"client-secret,omitempty"`
Audience string `json:"audience,omitempty" mapstructure:"audience,omitempty"`
// do these belong somewhere else?
TokenFile string `json:"token-file" mapstructure:"token-file"`
}
type ClientOpt ¶
type ClientOpt func(c *Client)
func WithClientID ¶
func WithClientIDAndSecret ¶
func WithDeviceCodeUI ¶
func WithDeviceCodeUI(ui DeviceCodeUI) ClientOpt
func WithKeyCacheTTL ¶
func WithValidatingSignatureAlgorithm ¶
func WithValidatingSignatureAlgorithm(algorithm jwtvalidator.SignatureAlgorithm) ClientOpt
type DeviceCodeUI ¶
type DeviceCodeUI func(deviceCode *oauth2.DeviceAuthResponse) error
type Endpoint ¶
type Endpoint interface {
URL() *url.URL
DiscoveryEndpoint() (*url.URL, error)
DiscoveredConfiguration() (*OpenIDConfiguration, error)
OAuth2Endpoint() (oauth2.Endpoint, error)
}
func NewEndpoint ¶
func NewEndpointFromConfig ¶
func NewEndpointFromConfig(config *EndpointConfig) (Endpoint, error)
func NewGitHubEndpoint ¶
type EndpointConfig ¶
type GitHubEndpoint ¶
type GitHubEndpoint struct {
// contains filtered or unexported fields
}
func (*GitHubEndpoint) DiscoveredConfiguration ¶
func (e *GitHubEndpoint) DiscoveredConfiguration() (*OpenIDConfiguration, error)
func (*GitHubEndpoint) DiscoveryEndpoint ¶ added in v0.40.0
func (e *GitHubEndpoint) DiscoveryEndpoint() (*url.URL, error)
func (*GitHubEndpoint) GothProvider ¶ added in v0.40.1
func (*GitHubEndpoint) OAuth2Endpoint ¶
func (e *GitHubEndpoint) OAuth2Endpoint() (oauth2.Endpoint, error)
func (*GitHubEndpoint) URL ¶
func (e *GitHubEndpoint) URL() *url.URL
type GothEndpoint ¶ added in v0.40.1
type IntrospectionResponse ¶
type IntrospectionResponse struct {
ExpiresAt int `json:"exp"`
IssuedAt int `json:"iat"`
AuthTime int `json:"auth_time"`
ID string `json:"jti"`
Issuer string `json:"iss"`
Audience string `json:"aud"`
Subject string `json:"sub"`
Type string `json:"typ"`
AuthorizedParty string `json:"azp"`
SessionID string `json:"sid"`
AuthenticationContextClassReference string `json:"acr"`
AllowedOrigins []string `json:"allowed-origins"`
RealmAccess struct {
Roles []string `json:"roles"`
} `json:"realm_access"`
ResourceAccess struct {
Account struct {
Roles []string `json:"roles"`
} `json:"account"`
} `json:"resource_access"`
Scope string `json:"scope"`
UserPrincipalName string `json:"upn"`
EmailVerified bool `json:"email_verified"`
Name string `json:"name"`
Groups []string `json:"groups"`
PreferredUsername string `json:"preferred_username"`
GivenName string `json:"given_name"`
FamilyName string `json:"family_name"`
Email string `json:"email"`
ClientId string `json:"client_id"`
Username string `json:"username"`
TokenType string `json:"token_type"`
Active bool `json:"active"`
}
type KeycloakEndpoint ¶
type KeycloakEndpoint struct {
// contains filtered or unexported fields
}
func NewKeycloakEndpoint ¶
func NewKeycloakEndpoint(baseURLStr string) (*KeycloakEndpoint, error)
func (*KeycloakEndpoint) RealmEndpoint ¶
func (e *KeycloakEndpoint) RealmEndpoint(realm string) Endpoint
type MultiValidator ¶
type MultiValidator struct {
// contains filtered or unexported fields
}
func NewMultiValidator ¶
func NewMultiValidator(validators ...*jwtvalidator.Validator) *MultiValidator
func NewMultiValidatorFromConfig ¶
func NewMultiValidatorFromConfig(configs []ValidatorConfig, opts ...jwtvalidator.Option) (*MultiValidator, error)
func (*MultiValidator) ValidateToken ¶
func (v *MultiValidator) ValidateToken(ctx context.Context, tokenString string) (interface{}, error)
type OpenIDConfiguration ¶
type OpenIDConfiguration struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
JWKSURI string `json:"jwks_uri"`
RegistrationEndpoint string `json:"registration_endpoint"`
ScopesSupported []string `json:"scopes_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
GrantTypesSupported []string `json:"grant_types_supported"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
ClaimsSupported []string `json:"claims_supported"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
IntrospectionEndpoint string `json:"introspection_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
FrontchannelLogoutSessionSupported bool `json:"frontchannel_logout_session_supported"`
FrontchannelLogoutSupported bool `json:"frontchannel_logout_supported"`
CheckSessionIframe string `json:"check_session_iframe"`
AcrValuesSupported []string `json:"acr_values_supported"`
IDTokenEncryptionAlgValuesSupported []string `json:"id_token_encryption_alg_values_supported"`
IDTokenEncryptionEncValuesSupported []string `json:"id_token_encryption_enc_values_supported"`
UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"`
UserinfoEncryptionAlgValuesSupported []string `json:"userinfo_encryption_alg_values_supported"`
UserinfoEncryptionEncValuesSupported []string `json:"userinfo_encryption_enc_values_supported"`
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
RequestObjectEncryptionAlgValuesSupported []string `json:"request_object_encryption_alg_values_supported"`
RequestObjectEncryptionEncValuesSupported []string `json:"request_object_encryption_enc_values_supported"`
ResponseModesSupported []string `json:"response_modes_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
IntrospectionEndpointAuthMethodsSupported []string `json:"introspection_endpoint_auth_methods_supported"`
IntrospectionEndpointAuthSigningAlgValuesSupported []string `json:"introspection_endpoint_auth_signing_alg_values_supported"`
AuthorizationSigningAlgValuesSupported []string `json:"authorization_signing_alg_values_supported"`
AuthorizationEncryptionAlgValuesSupported []string `json:"authorization_encryption_alg_values_supported"`
AuthorizationEncryptionEncValuesSupported []string `json:"authorization_encryption_enc_values_supported"`
ClaimTypesSupported []string `json:"claim_types_supported"`
ClaimsParameterSupported bool `json:"claims_parameter_supported"`
RequestParameterSupported bool `json:"request_parameter_supported"`
RequestURIParameterSupported bool `json:"request_uri_parameter_supported"`
RequireRequestURIRegistration bool `json:"require_request_uri_registration"`
TLSClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens"`
RevocationEndpoint string `json:"revocation_endpoint"`
RevocationEndpointAuthMethodsSupported []string `json:"revocation_endpoint_auth_methods_supported"`
RevocationEndpointAuthSigningAlgValuesSupported []string `json:"revocation_endpoint_auth_signing_alg_values_supported"`
BackchannelLogoutSupported bool `json:"backchannel_logout_supported"`
BackchannelLogoutSessionSupported bool `json:"backchannel_logout_session_supported"`
DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
BackchannelTokenDeliveryModesSupported []string `json:"backchannel_token_delivery_modes_supported"`
BackchannelAuthenticationEndpoint string `json:"backchannel_authentication_endpoint"`
BackchannelAuthenticationRequestSigningAlgValuesSupported []string `json:"backchannel_authentication_request_signing_alg_values_supported"`
RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests"`
PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
MTLSEndpointAliases struct {
TokenEndpoint string `json:"token_endpoint"`
RevocationEndpoint string `json:"revocation_endpoint"`
IntrospectionEndpoint string `json:"introspection_endpoint"`
DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
RegistrationEndpoint string `json:"registration_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
BackchannelAuthenticationEndpoint string `json:"backchannel_authentication_endpoint"`
} `json:"mtls_endpoint_aliases"`
AuthorizationResponseIssParameterSupported bool `json:"authorization_response_iss_parameter_supported"`
}
type RequestOpt ¶
func WithAudience ¶
func WithAudience(audience string) RequestOpt
type TrustConfig ¶
type TrustConfig struct {
Verifiers []ValidatorConfig `json:"validators" mapstructure:"validators"`
}
type ValidatorConfig ¶ added in v0.40.0
type ValidatorConfig struct {
EndpointConfig `mapstructure:",squash"`
Audiences []string `json:"audiences" mapstructure:"audiences"`
Issuer string `json:"issuer" mapstructure:"issuer"`
CacheTTL int `json:"cache_ttl_seconds" mapsstructure:"cache_ttl_seconds"`
SignatureAlgorithm string `json:"signature_algorithm" mapstructure:"signature_algorithm"`
AllowedClockSkew int `json:"allowed_clock_skew_seconds" mapstructure:"allowed_clock_skew_seconds"`
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.