gemidp

package
v0.0.0-...-763e60b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2026 License: EUPL-1.2 Imports: 20 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	BaseURLProduction string = "https://idp.app.ti-dienste.de"
	BaseURLReference  string = "https://idp-ref.app.ti-dienste.de"
	BaseURLTest       string = "https://idp-test.app.ti-dienste.de"
)

BaseURLs of the different environments

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticator 

type Authenticator struct {
	Environment Environment
	Metadata    Metadata
	// contains filtered or unexported fields
}

func NewAuthenticator 

func NewAuthenticator(config AuthenticatorConfig) (*Authenticator, error)

NewAuthenticator creates a new Authenticator

func (*Authenticator) Authenticate 

func (a *Authenticator) Authenticate(authURL string) (*CodeRedirectURL, error)

Authenticate authenticates the user with the gematik IDP-Dienst and returns the URL to which the user is redirected after authenticating. The challenge from the gematik IDP-Dienst is signed using the signer function in the AuthenticatorConfig.

type AuthenticatorConfig 

type AuthenticatorConfig struct {
	Environment Environment
	SignerFunc  ChallengeSignerFunc
}

type Challenge 

type Challenge struct {
	Challenge   string      `json:"challenge"`
	UserConsent UserConsent `json:"user_consent"`
}

Challenge sent from the gematik IDP-Dienst to the authenticator

type ChallengePayload 

type ChallengePayload struct {
	Iss                 string `json:"iss"`
	Iat                 int64  `json:"iat"`
	Exp                 int64  `json:"exp"`
	TokenType           string `json:"token_type"`
	Jti                 string `json:"jti"`
	Snc                 string `json:"snc"`
	Scope               string `json:"scope"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
	ResponseType        string `json:"response_type"`
	RedirectURI         string `json:"redirect_uri"`
	ClientID            string `json:"client_id"`
	State               string `json:"state"`
	Nonce               string `json:"nonce"`
}

Payload of the signed challenge token sent from the gematik IDP-Dienst to the authenticator

type ChallengeSignerFunc 

type ChallengeSignerFunc func(challenge Challenge) (string, error)

func SignWith 

func SignWith(signFunc brainpool.SignFunc, certFunc func() (*x509.Certificate, error)) ChallengeSignerFunc

func SignWithSoftkey 

func SignWithSoftkey(prk *ecdsa.PrivateKey, cert *x509.Certificate) ChallengeSignerFunc

func SignWithSoftkeyPEM 

func SignWithSoftkeyPEM(prkPEM []byte, certPEM []byte) ChallengeSignerFunc

type Client 

type Client struct {
	Metadata Metadata
	// contains filtered or unexported fields
}

func NewClientFromConfig 

func NewClientFromConfig(config ClientConfig) (*Client, error)

func (*Client) AuthCodeURL 

func (c *Client) AuthCodeURL(state, nonce, verifier string, opts ...oauth2.ParameterOption) (string, error)

func (*Client) AuthCodeURLAuthenticator 

func (c *Client) AuthCodeURLAuthenticator(state, nonce, verifier string, opts ...oauth2.ParameterOption) (string, error)

func (*Client) AuthCodeURLDirect 

func (c *Client) AuthCodeURLDirect(state, nonce, verifier string, opts ...oauth2.ParameterOption) (string, error)

func (*Client) ClientID 

func (c *Client) ClientID() string

func (*Client) Exchange 

func (c *Client) Exchange(code, verifier string, opts ...oauth2.ParameterOption) (*oauth2.TokenResponse, error)

func (*Client) Issuer 

func (c *Client) Issuer() string

func (*Client) LogoURI 

func (c *Client) LogoURI() string

func (*Client) Name 

func (c *Client) Name() string

func (*Client) ParseIDToken 

func (c *Client) ParseIDToken(response *oauth2.TokenResponse) (jwt.Token, error)

type ClientConfig 

type ClientConfig struct {
	Environment       Environment `yaml:"environment"`
	Name              string      `yaml:"name"`
	LogiURI           string      `yaml:"logo_uri"`
	ClientID          string      `yaml:"client_id"`
	RedirectURI       string      `yaml:"redirect_uri"`
	Scopes            []string    `yaml:"scopes"`
	AuthenticatorMode bool        `yaml:"authenticator_mode"`
}

ClientConfig of the gematik IDP-Dienst client

type CodeRedirectURL 

type CodeRedirectURL struct {
	*url.URL
	Code  string
	State string
}

CodeRedirectURL is the URL to which the user is redirected after authenticating

type Environment 

type Environment int

Environment of the gematik IDP-Dienst 

const (
	EnvironmentTest Environment = iota
	EnvironmentReference
	EnvironmentProduction
)

func NewEnvironment 

func NewEnvironment(s string) Environment

func (Environment) GetBaseURL 

func (e Environment) GetBaseURL() string

func (*Environment) UnmarshalYAML 

func (e *Environment) UnmarshalYAML(unmarshal func(interface{}) error) error

type Error 

type Error struct {
	HttpCode         int    `json:"-"`
	ErrorCode        string `json:"error"`
	GematikErrorText string `json:"gematik_error_text"`
	GematikTimestamp int64  `json:"gematik_timestamp"`
	GematikUUID      string `json:"gematik_uuid"`
	GematikCode      string `json:"gematik_code"`
}

gematik IDP-Dienst retusn an error in the following format: 

{
	 "error":"invalid_request",
	 "gematik_error_text":
	 "client_id ist ungültig",
	 "gematik_timestamp":1713603116,
	 "gematik_uuid":"c0e2a77c-dfae-4b93-9baf-f170683962cb",
	 "gematik_code":"2012"
}

func (*Error) Error 

func (e *Error) Error() string

type Metadata 

type Metadata struct {
	Issuer                            string   `json:"issuer"`
	AuthorizationEndpoint             string   `json:"authorization_endpoint"`
	TokenEndpoint                     string   `json:"token_endpoint"`
	JwksURI                           string   `json:"jwks_uri"`
	ResponseTypesSupported            []string `json:"response_types_supported"`
	ResponseModesSupported            []string `json:"response_modes_supported"`
	CodeChallengeMethodsSupported     []string `json:"code_challenge_methods_supported"`
	GrantTypesSupported               []string `json:"grant_types_supported"`
	IdTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported"`
	ScopesSupported                   []string `json:"scopes_supported"`
	SubjectTypesSupported             []string `json:"subject_types_supported"`
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
	SigningKeyURI                     string   `json:"uri_puk_idp_sig"`
	EncryptionKeyURI                  string   `json:"uri_puk_idp_enc"`
}

OpenID Connect metadata of the gematik IDP-Dienst

type Njwt 

type Njwt struct {
	Njwt string `json:"njwt"`
}

Nested JWT claims used during the challenge response flow

type TokenKeyPayload 

type TokenKeyPayload struct {
	TokenKey     string `json:"token_key"`
	CodeVerifier string `json:"code_verifier"`
}

Payload of the token key sent from the client to the gematik IDP-Dienst to encrypt the token(s) when exchanging the authorization code

type UserConsent 

type UserConsent struct {
	RequestedScopes map[string]string `json:"requested_scopes"`
	RequestedClaims map[string]string `json:"requested_claims"`
}

User consent of the challenge sent from the gematik IDP-Dienst to the authenticator

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.