oidc

package
v0.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 5, 2026 License: MIT Imports: 5 Imported by: 0

Documentation

Overview

Package oidc serves OAuth/OIDC discovery documents for MCP servers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func JWKSHandler 

func JWKSHandler(manager *keys.Manager) http.Handler

JWKSHandler returns a handler for /.well-known/jwks.json.

Types

type DiscoveryConfig 

type DiscoveryConfig struct {
	Issuer                string
	AuthorizationEndpoint string
	TokenEndpoint         string
	JWKSEndpoint          string
	RevocationEndpoint    string
	RegistrationEndpoint  string
	ScopesSupported       []string
}

DiscoveryConfig holds values needed to build discovery documents.

func NewDiscoveryConfig 

func NewDiscoveryConfig(issuerURL string, scopes []string) DiscoveryConfig

NewDiscoveryConfig builds a discovery config from an issuer URL.

func (DiscoveryConfig) AuthorizationServerHandler 

func (d DiscoveryConfig) AuthorizationServerHandler() http.Handler

AuthorizationServerHandler returns a handler for /.well-known/oauth-authorization-server.

func (DiscoveryConfig) AuthorizationServerMetadata 

func (d DiscoveryConfig) AuthorizationServerMetadata() map[string]any

AuthorizationServerMetadata returns RFC 8414 metadata.

func (DiscoveryConfig) OpenIDConfiguration 

func (d DiscoveryConfig) OpenIDConfiguration() map[string]any

OpenIDConfiguration returns the OIDC discovery document. The same shape is also valid OAuth authorization server metadata for the kit's supported flows.

func (DiscoveryConfig) OpenIDConfigurationHandler 

func (d DiscoveryConfig) OpenIDConfigurationHandler() http.Handler

OpenIDConfigurationHandler returns a handler for /.well-known/openid-configuration.

func (DiscoveryConfig) ProtectedResourceHandler 

func (d DiscoveryConfig) ProtectedResourceHandler(resourceURL string) http.Handler

ProtectedResourceHandler returns a handler for /.well-known/oauth-protected-resource.

func (DiscoveryConfig) ProtectedResourceMetadata 

func (d DiscoveryConfig) ProtectedResourceMetadata(resourceURL string) ProtectedResourceMetadata

ProtectedResourceMetadata returns metadata for an MCP protected resource.

func (DiscoveryConfig) RegisterRoutes 

func (d DiscoveryConfig) RegisterRoutes(mux *http.ServeMux, cfg RouteConfig)

RegisterRoutes mounts discovery routes. If ResourceURL is empty, it uses issuer + "/mcp".

type ProtectedResourceMetadata 

type ProtectedResourceMetadata struct {
	Resource               string   `json:"resource"`
	AuthorizationServers   []string `json:"authorization_servers"`
	BearerMethodsSupported []string `json:"bearer_methods_supported"`
	ScopesSupported        []string `json:"scopes_supported,omitempty"`
}

ProtectedResourceMetadata is RFC 9728 protected resource metadata.

type RouteConfig 

type RouteConfig struct {
	ResourceURL string
	JWKS        http.Handler
}

RouteConfig configures mounted discovery routes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.