Documentation
¶
Index ¶
- func AddApiKeyTransport(t http.RoundTripper) http.RoundTripper
- type CodeChallengeMethod
- type EntityStatement
- type Error
- type FederationEntityMetadata
- type IdentityProviderInfo
- type Jwk
- type Jwks
- type Metadata
- type OpenIDProviderMetadata
- type OpenIDRelyingPartyMetadata
- type OpenidFederation
- type OpenidProvider
- type RelyingParty
- func (rp *RelyingParty) ClientID() string
- func (rp *RelyingParty) Federation() *OpenidFederation
- func (rp *RelyingParty) NewClient(issuer string) (oidc.Client, error)
- func (rp *RelyingParty) Serve(w http.ResponseWriter, r *http.Request)
- func (rp *RelyingParty) ServeSignedJwks(w http.ResponseWriter, r *http.Request)
- func (rp *RelyingParty) SignEntityStatement() ([]byte, error)
- type RelyingPartyClient
- func (c *RelyingPartyClient) AuthenticationURL(state, nonce, verifier string, options ...oidc.Option) (string, error)
- func (c *RelyingPartyClient) ClientID() string
- func (c *RelyingPartyClient) ExchangeForIdentity(code, verifier string, options ...oidc.Option) (*oidc.TokenResponse, error)
- func (c *RelyingPartyClient) Issuer() string
- func (c *RelyingPartyClient) LogoURI() string
- func (c *RelyingPartyClient) Name() string
- func (c *RelyingPartyClient) RedirectURI() string
- type RelyingPartyConfig
- type UserType
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AddApiKeyTransport ¶
func AddApiKeyTransport(t http.RoundTripper) http.RoundTripper
Types ¶
type CodeChallengeMethod ¶
type CodeChallengeMethod string
const (
CodeChallengeMethodS256 CodeChallengeMethod = "S256"
)
type EntityStatement ¶
type Error ¶
type Error struct {
Operation string `json:"operation"`
ErrorCode string `json:"error"`
Description string `json:"error_description"`
GematikTimestamp int64 `json:"gematik_timestamp,omitempty"`
GematikUUID string `json:"gematik_uuid,omitempty"`
GematikCode string `json:"gematik_code,omitempty"`
// Some IDPs return description in camelCase instead of snake_case
BadDescription string `json:"errorDescription,omitempty"`
}
type FederationEntityMetadata ¶
type FederationEntityMetadata struct {
Name string `json:"name,omitempty"`
Contacts []string `json:"contacts,omitempty"`
HomepageURI string `json:"homepage_uri,omitempty"`
FederationFetchEndpoint string `json:"federation_fetch_endpoint,omitempty"`
FederationListEndpoint string `json:"federation_list_endpoint,omitempty"`
IdpListEndpoint string `json:"idp_list_endpoint,omitempty"`
}
type IdentityProviderInfo ¶
type Jwk ¶
small trick to make jwk.Key JSON-serializable
func NewJwkFromJson ¶
func (*Jwk) MarshalJSON ¶
func (*Jwk) UnmarshalJSON ¶
func (*Jwk) UnmarshalYAML ¶
type Jwks ¶
small trick to make jwk.Set JSON-serializable
func (*Jwks) MarshalJSON ¶
func (*Jwks) UnmarshalJSON ¶
type Metadata ¶
type Metadata struct {
OpenidRelyingParty *OpenIDRelyingPartyMetadata `json:"openid_relying_party,omitempty"`
OpenidProvider *OpenIDProviderMetadata `json:"openid_provider,omitempty"`
FederationEntity *FederationEntityMetadata `json:"federation_entity"`
}
type OpenIDProviderMetadata ¶
type OpenIDProviderMetadata struct {
AuthorizationEndpoint string `json:"authorization_endpoint"`
ClientRegistrationTypesSupported []string `json:"client_registration_types_supported"`
GrantTypesSupported []string `json:"grant_types_supported"`
IDTokenEncryptionAlgValuesSupported []string `json:"id_token_encryption_alg_values_supported"`
IDTokenEncryptionEncValuesSupported []string `json:"id_token_encryption_enc_values_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
Issuer string `json:"issuer"`
LogoURI string `json:"logo_uri"`
OrganizationName string `json:"organization_name"`
PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
RequestAuthenticationMethodsSupported struct {
Ar []string `json:"ar"`
Par []string `json:"par"`
} `json:"request_authentication_methods_supported"`
RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests"`
ResponseModesSupported []string `json:"response_modes_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
ScopesSupported []string `json:"scopes_supported"`
SignedJwksUri string `json:"signed_jwks_uri"`
SubjectTypesSupported []string `json:"subject_types_supported"`
TokenEndpoint string `json:"token_endpoint"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
UserTypeSupported []UserType `json:"user_type_supported"`
}
type OpenIDRelyingPartyMetadata ¶
type OpenIDRelyingPartyMetadata struct {
SignedJwksUri string `json:"signed_jwks_uri,omitempty"`
Jwks *Jwks `json:"jwks"`
OrganizationName string `json:"organization_name"`
ClientName string `json:"client_name"`
LogoURI string `json:"logo_uri"`
RedirectURIs []string `json:"redirect_uris"`
ResponseTypes []string `json:"response_types"`
ClientRegistrationTypes []string `json:"client_registration_types"`
GrantTypes []string `json:"grant_types"`
RequirePushedAuthorizationRequests bool `json:"require_pushed_authorization_requests"`
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
DefaultACRValues []string `json:"default_acr_values"`
IDTokenSignedResponseAlg string `json:"id_token_signed_response_alg"`
IDTokenEncryptedResponseAlg string `json:"id_token_encrypted_response_alg"`
IDTokenEncryptedResponseEnc string `json:"id_token_encrypted_response_enc"`
Scope string `json:"scope"`
}
type OpenidFederation ¶
type OpenidFederation struct {
// contains filtered or unexported fields
}
func NewOpenidFederation ¶
func NewOpenidFederation(fedMasterURL string, jwks jwk.Set) (*OpenidFederation, error)
func (*OpenidFederation) FederationMasterURL ¶
func (f *OpenidFederation) FederationMasterURL() string
func (*OpenidFederation) FetchEntityStatement ¶
func (f *OpenidFederation) FetchEntityStatement(iss string) (*EntityStatement, error)
fetches and verifies the entity statement for the given issuer
func (*OpenidFederation) FetchIdpList ¶
func (f *OpenidFederation) FetchIdpList() ([]IdentityProviderInfo, error)
func (*OpenidFederation) FetchSignedJwks ¶
func (f *OpenidFederation) FetchSignedJwks(op *EntityStatement) (jwk.Set, error)
type OpenidProvider ¶
type OpenidProvider struct {
Issuer string
}
type RelyingParty ¶
type RelyingParty struct {
// contains filtered or unexported fields
}
func NewRelyingPartyFromConfig ¶
func NewRelyingPartyFromConfig(cfg *RelyingPartyConfig) (*RelyingParty, error)
func NewRelyingPartyFromConfigFile ¶
func NewRelyingPartyFromConfigFile(path string) (*RelyingParty, error)
func (*RelyingParty) ClientID ¶
func (rp *RelyingParty) ClientID() string
func (*RelyingParty) Federation ¶
func (rp *RelyingParty) Federation() *OpenidFederation
func (*RelyingParty) NewClient ¶
func (rp *RelyingParty) NewClient(issuer string) (oidc.Client, error)
func (*RelyingParty) Serve ¶
func (rp *RelyingParty) Serve(w http.ResponseWriter, r *http.Request)
func (*RelyingParty) ServeSignedJwks ¶
func (rp *RelyingParty) ServeSignedJwks(w http.ResponseWriter, r *http.Request)
func (*RelyingParty) SignEntityStatement ¶
func (rp *RelyingParty) SignEntityStatement() ([]byte, error)
type RelyingPartyClient ¶
type RelyingPartyClient struct {
// contains filtered or unexported fields
}
func (*RelyingPartyClient) AuthenticationURL ¶
func (*RelyingPartyClient) ClientID ¶
func (c *RelyingPartyClient) ClientID() string
func (*RelyingPartyClient) ExchangeForIdentity ¶
func (c *RelyingPartyClient) ExchangeForIdentity(code, verifier string, options ...oidc.Option) (*oidc.TokenResponse, error)
func (*RelyingPartyClient) Issuer ¶
func (c *RelyingPartyClient) Issuer() string
func (*RelyingPartyClient) LogoURI ¶
func (c *RelyingPartyClient) LogoURI() string
func (*RelyingPartyClient) Name ¶
func (c *RelyingPartyClient) Name() string
func (*RelyingPartyClient) RedirectURI ¶
func (c *RelyingPartyClient) RedirectURI() string
type RelyingPartyConfig ¶
type RelyingPartyConfig struct {
BaseDir string `yaml:"-"`
Subject string `yaml:"sub" validate:"required"`
FedMasterURL string `yaml:"fed_master_url" validate:"required"`
FedMasterJwk Jwk `yaml:"fed_master_jwk" validate:"required"`
SignKid string `yaml:"sign_kid" validate:"required"`
SignPrivateKeyPath string `yaml:"sign_private_key_path" validate:"required"`
EncKid string `yaml:"enc_kid" validate:"required"`
EncPrivateKeyPath string `yaml:"enc_private_key_path" validate:"required"`
ClientKid string `yaml:"client_kid" validate:"required"`
ClientPrivateKeyPath string `yaml:"client_private_key_path" validate:"required"`
ClientCertPath string `yaml:"client_cert_path" validate:"required"`
MetadataTemplate map[string]interface{} `yaml:"metadata_template" validate:"required"`
}
func LoadRelyingPartyConfig ¶
func LoadRelyingPartyConfig(path string) (*RelyingPartyConfig, error)
Source Files
Click to show internal directories.
Click to hide internal directories.