oidc

package
v0.0.15 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 2, 2025 License: MIT Imports: 24 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateUserInDB 

func CreateUserInDB(dbPath, username, password string) error

func DeleteTokenInDB 

func DeleteTokenInDB(dbPath, token string) error

func DeleteUserInDB 

func DeleteUserInDB(dbPath, username string) error

func PersistClientInDB 

func PersistClientInDB(dbPath, id string, redirects []string) error

func PersistTokenInDB 

func PersistTokenInDB(dbPath string, tr TokenRecord) error

func SetUserPasswordInDB 

func SetUserPasswordInDB(dbPath, username, password string) error

Types

type Authenticator 

type Authenticator interface {
	Authenticate(ctx context.Context, username, password string) (bool, error)
}

Authenticator provides a pluggable username/password verification hook. Implementations should return (true, nil) when the credentials are valid.

type ClientRecord 

type ClientRecord struct {
	ClientID     string
	RedirectURIs []string
}

func ListClientsInDB 

func ListClientsInDB(dbPath string) ([]ClientRecord, error)

type Config 

type Config struct {
	Issuer          string
	DBPath          string
	EnableDevTokens bool
	// Demo/static login credentials (optional; defaults used if empty when no other authenticator is configured)
	User string
	Pass string
	// Optional pluggable authenticator; if nil, one is chosen based on DBPath or static User/Pass
	Authenticator Authenticator
}

Config controls the embedded OIDC server behavior.

type MCPCallLog 

type MCPCallLog struct {
	Timestamp  time.Time
	Subject    string
	ClientID   string
	RequestID  string
	ToolName   string
	ArgsJSON   string
	ResultJSON string
	Status     string
	DurationMs int64
}

MCP tool call logging

type SQLiteAuthenticator 

type SQLiteAuthenticator struct {
	DBPath string
}

SQLiteAuthenticator validates credentials against oauth_users table using bcrypt password hashes.

func (*SQLiteAuthenticator) Authenticate 

func (a *SQLiteAuthenticator) Authenticate(ctx context.Context, username, password string) (bool, error)

type Server 

type Server struct {
	PrivateKey *rsa.PrivateKey
	Issuer     string
	Provider   fosite.OAuth2Provider

	// demo login
	User string
	Pass string
	// contains filtered or unexported fields
}

func New 

func New(c Config) (*Server, error)

New creates a new embedded OIDC server with the provided configuration.

func (*Server) Authorize 

func (s *Server) Authorize(w http.ResponseWriter, r *http.Request)

func (*Server) CreateUser 

func (s *Server) CreateUser(ctx context.Context, username, password string) error

func (*Server) DeleteToken 

func (s *Server) DeleteToken(token string) error

DeleteToken removes a token from storage (when SQLite is enabled).

func (*Server) DeleteUser 

func (s *Server) DeleteUser(ctx context.Context, username string) error

func (*Server) GetToken 

func (s *Server) GetToken(token string) (TokenRecord, bool, error)

func (*Server) InitSQLite 

func (s *Server) InitSQLite(path string) error

InitSQLite enables persistence of clients/keys/tokens to SQLite and loads existing clients on boot.

func (*Server) IntrospectAccessToken 

func (s *Server) IntrospectAccessToken(ctx context.Context, token string) (string, string, bool, error)

IntrospectAccessToken validates a bearer access token and returns subject and clientID when valid. If introspection fails and dev-tokens are enabled with DB persistence, falls back to DB tokens.

func (*Server) ListClients 

func (s *Server) ListClients() ([]ClientRecord, error)

ListClients returns clients from SQLite.

func (*Server) ListTokens 

func (s *Server) ListTokens() ([]TokenRecord, error)

func (*Server) ListUsers 

func (s *Server) ListUsers(ctx context.Context) ([]UserRecord, error)

func (*Server) LogMCPCall 

func (s *Server) LogMCPCall(entry MCPCallLog) error

func (*Server) Login 

func (s *Server) Login(w http.ResponseWriter, r *http.Request)

func (*Server) PersistClient 

func (s *Server) PersistClient(id string, redirects []string) error

PersistClient stores/updates a client entry in SQLite.

func (*Server) PersistToken 

func (s *Server) PersistToken(tr TokenRecord) error

func (*Server) Register 

func (s *Server) Register(w http.ResponseWriter, r *http.Request)

func (*Server) Routes 

func (s *Server) Routes(mux *http.ServeMux)

Routes installs all OIDC / OAuth2 routes on the provided mux.

func (*Server) RoutesASMetadata 

func (s *Server) RoutesASMetadata(w http.ResponseWriter, r *http.Request)

func (*Server) RoutesDiscovery 

func (s *Server) RoutesDiscovery(w http.ResponseWriter, r *http.Request)

Small exported adapters retained for flexibility

func (*Server) SetUserPassword 

func (s *Server) SetUserPassword(ctx context.Context, username, password string) error

func (*Server) Token 

func (s *Server) Token(w http.ResponseWriter, r *http.Request)

type StaticAuthenticator 

type StaticAuthenticator struct {
	User string
	Pass string
}

StaticAuthenticator validates against fixed credentials.

func (*StaticAuthenticator) Authenticate 

func (a *StaticAuthenticator) Authenticate(ctx context.Context, username, password string) (bool, error)

type TokenRecord 

type TokenRecord struct {
	Token     string
	Subject   string
	ClientID  string
	Scopes    []string
	ExpiresAt time.Time
}

Token persistence helpers

func ListTokensInDB 

func ListTokensInDB(dbPath string) ([]TokenRecord, error)

type UserRecord 

type UserRecord struct {
	Username  string
	Disabled  bool
	CreatedAt time.Time
	UpdatedAt time.Time
}

Users persistence and management

func ListUsersInDB 

func ListUsersInDB(dbPath string) ([]UserRecord, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.