Documentation
¶
Index ¶
- type EntityStatement
- type Error
- type FederationEntityMetadata
- type IdentityProviderInfo
- type Metadata
- type OpenIDProviderMetadata
- type OpenIDRelyingPartyMetadata
- type OpenidFederation
- type OpenidProvider
- type RelyingParty
- func (rp *RelyingParty) ClientID() string
- func (rp *RelyingParty) Federation() *OpenidFederation
- func (rp *RelyingParty) NewClient(iss string) (oidc.Client, error)
- func (rp *RelyingParty) Serve(w http.ResponseWriter, r *http.Request)
- func (rp *RelyingParty) ServeSignedJwks(w http.ResponseWriter, r *http.Request)
- func (rp *RelyingParty) SignEntityStatement() ([]byte, error)
- type RelyingPartyClient
- func (c *RelyingPartyClient) AuthCodeURL(state, nonce, verifier string, opts ...oauth2.ParameterOption) (string, error)
- func (c *RelyingPartyClient) ClientID() string
- func (c *RelyingPartyClient) Exchange(code, verifier string, opts ...oauth2.ParameterOption) (*oauth2.TokenResponse, error)
- func (c *RelyingPartyClient) Issuer() string
- func (c *RelyingPartyClient) LogoURI() string
- func (c *RelyingPartyClient) Name() string
- func (c *RelyingPartyClient) ParseIDToken(response *oauth2.TokenResponse) (jwt.Token, error)
- type RelyingPartyConfig
- type UserType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type EntityStatement ¶
type Error ¶
type Error struct {
Operation string `json:"operation"`
ErrorCode string `json:"error"`
Description string `json:"error_description"`
GematikTimestamp int64 `json:"gematik_timestamp,omitempty"`
GematikUUID string `json:"gematik_uuid,omitempty"`
GematikCode string `json:"gematik_code,omitempty"`
// Some IDPs return description in camelCase instead of snake_case
BadDescription string `json:"errorDescription,omitempty"`
}
type FederationEntityMetadata ¶
type FederationEntityMetadata struct {
Name string `json:"name,omitempty"`
Contacts []string `json:"contacts,omitempty"`
HomepageURI string `json:"homepage_uri,omitempty"`
FederationFetchEndpoint string `json:"federation_fetch_endpoint,omitempty"`
FederationListEndpoint string `json:"federation_list_endpoint,omitempty"`
IdpListEndpoint string `json:"idp_list_endpoint,omitempty"`
}
type IdentityProviderInfo ¶
type Metadata ¶
type Metadata struct {
OpenidRelyingParty *OpenIDRelyingPartyMetadata `json:"openid_relying_party,omitempty"`
OpenidProvider *OpenIDProviderMetadata `json:"openid_provider,omitempty"`
FederationEntity *FederationEntityMetadata `json:"federation_entity"`
}
type OpenIDProviderMetadata ¶
type OpenIDProviderMetadata struct {
AuthorizationEndpoint string `json:"authorization_endpoint"`
ClientRegistrationTypesSupported []string `json:"client_registration_types_supported"`
GrantTypesSupported []string `json:"grant_types_supported"`
IDTokenEncryptionAlgValuesSupported []string `json:"id_token_encryption_alg_values_supported"`
IDTokenEncryptionEncValuesSupported []string `json:"id_token_encryption_enc_values_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
Issuer string `json:"issuer"`
LogoURI string `json:"logo_uri"`
OrganizationName string `json:"organization_name"`
PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
RequestAuthenticationMethodsSupported struct {
Ar []string `json:"ar"`
Par []string `json:"par"`
} `json:"request_authentication_methods_supported"`
RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests"`
ResponseModesSupported []string `json:"response_modes_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
ScopesSupported []string `json:"scopes_supported"`
SignedJwksUri string `json:"signed_jwks_uri"`
SubjectTypesSupported []string `json:"subject_types_supported"`
TokenEndpoint string `json:"token_endpoint"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
UserTypeSupported []UserType `json:"user_type_supported"`
}
type OpenIDRelyingPartyMetadata ¶
type OpenIDRelyingPartyMetadata struct {
SignedJwksUri string `json:"signed_jwks_uri,omitempty"`
Jwks *util.Jwks `json:"jwks"`
OrganizationName string `json:"organization_name"`
ClientName string `json:"client_name"`
LogoURI string `json:"logo_uri"`
RedirectURIs []string `json:"redirect_uris"`
ResponseTypes []string `json:"response_types"`
ClientRegistrationTypes []string `json:"client_registration_types"`
GrantTypes []string `json:"grant_types"`
RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests"`
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
DefaultACRValues []string `json:"default_acr_values"`
IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg"`
IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg"`
IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc"`
Scope string `json:"scope"`
}
type OpenidFederation ¶
type OpenidFederation struct {
// contains filtered or unexported fields
}
func NewOpenidFederation ¶
func NewOpenidFederation(fedMasterURL string, jwks jwk.Set) (*OpenidFederation, error)
func (*OpenidFederation) FederationMasterURL ¶
func (f *OpenidFederation) FederationMasterURL() string
func (*OpenidFederation) FetchEntityStatement ¶
func (f *OpenidFederation) FetchEntityStatement(iss string) (*EntityStatement, error)
fetches and verifies the entity statement for the given issuer
func (*OpenidFederation) FetchIdpList ¶
func (f *OpenidFederation) FetchIdpList() ([]IdentityProviderInfo, error)
func (*OpenidFederation) FetchSignedJwks ¶
func (f *OpenidFederation) FetchSignedJwks(op *EntityStatement) (jwk.Set, error)
type OpenidProvider ¶
type OpenidProvider struct {
Issuer string
}
type RelyingParty ¶
type RelyingParty struct {
// contains filtered or unexported fields
}
func NewRelyingPartyFromConfig ¶
func NewRelyingPartyFromConfig(cfg *RelyingPartyConfig) (*RelyingParty, error)
func NewRelyingPartyFromConfigFile ¶
func NewRelyingPartyFromConfigFile(path string) (*RelyingParty, error)
func (*RelyingParty) ClientID ¶
func (rp *RelyingParty) ClientID() string
func (*RelyingParty) Federation ¶
func (rp *RelyingParty) Federation() *OpenidFederation
func (*RelyingParty) Serve ¶
func (rp *RelyingParty) Serve(w http.ResponseWriter, r *http.Request)
func (*RelyingParty) ServeSignedJwks ¶
func (rp *RelyingParty) ServeSignedJwks(w http.ResponseWriter, r *http.Request)
func (*RelyingParty) SignEntityStatement ¶
func (rp *RelyingParty) SignEntityStatement() ([]byte, error)
type RelyingPartyClient ¶
type RelyingPartyClient struct {
// contains filtered or unexported fields
}
func (*RelyingPartyClient) AuthCodeURL ¶
func (c *RelyingPartyClient) AuthCodeURL(state, nonce, verifier string, opts ...oauth2.ParameterOption) (string, error)
func (*RelyingPartyClient) ClientID ¶
func (c *RelyingPartyClient) ClientID() string
func (*RelyingPartyClient) Exchange ¶
func (c *RelyingPartyClient) Exchange(code, verifier string, opts ...oauth2.ParameterOption) (*oauth2.TokenResponse, error)
func (*RelyingPartyClient) Issuer ¶
func (c *RelyingPartyClient) Issuer() string
func (*RelyingPartyClient) LogoURI ¶
func (c *RelyingPartyClient) LogoURI() string
func (*RelyingPartyClient) Name ¶
func (c *RelyingPartyClient) Name() string
func (*RelyingPartyClient) ParseIDToken ¶
func (c *RelyingPartyClient) ParseIDToken(response *oauth2.TokenResponse) (jwt.Token, error)
type RelyingPartyConfig ¶
type RelyingPartyConfig struct {
Url string `yaml:"url" validate:"required"`
FedMasterURL string `yaml:"fed_master_url" validate:"required"`
FedMasterJwks map[string]interface{} `yaml:"fed_master_jwks" validate:"required"`
SignKid string `yaml:"sign_kid" validate:"required"`
SignPrivateKeyPath string `yaml:"sign_private_key_path" validate:"required"`
EncKid string `yaml:"enc_kid" validate:"required"`
EncPrivateKeyPath string `yaml:"enc_private_key_path" validate:"required"`
ClientKid string `yaml:"client_kid" validate:"required"`
ClientPrivateKeyPath string `yaml:"client_private_key_path" validate:"required"`
ClientCertPath string `yaml:"client_cert_path" validate:"required"`
MetadataTemplate map[string]interface{} `yaml:"metadata" validate:"required"`
// contains filtered or unexported fields
}
func LoadRelyingPartyConfig ¶
func LoadRelyingPartyConfig(path string) (*RelyingPartyConfig, error)
Click to show internal directories.
Click to hide internal directories.