oidc

package
v1.1.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 12, 2025 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultFetchInterval = 1200 * time.Second

DefaultFetchInterval is the default interval to use when none is set.

Variables

View Source 
var (
	// ErrJWKSParse is returned when the JWKS document cannot be parsed.
	ErrJWKSParse = errors.New("error parsing JWKS document")
	// ErrJWKSFetch is returned when the JWKS document cannot be fetched.
	ErrJWKSFetch = errors.New("error fetching JWKS document")
)
View Source 
var (
	ErrRedis            = errors.New("redis error")
	ErrRedisConfigureCA = errors.New("error configuring custom CA certificates for the redis client")
)

Functions

func NewRedisClient added in v1.1.0 

func NewRedisClient(config *oidc.RedisConfig) (redis.Cmdable, error)

NewRedisClient creates a new Redis client based on the provided OIDC Redis configuration.

func ParseToken 

func ParseToken(token string) (jwt.Token, error)

ParseToken parses the token string and returns the token and an error if any.

Types

type AuthorizationState 

type AuthorizationState struct {
	State        string
	Nonce        string
	RequestedURL string
	CodeVerifier string
}

AuthorizationState contains information about the state of the authorization process.

type Clock 

type Clock struct {
	// Override for time.Now.
	NowFn func() time.Time
}

Clock represents a source of current time.

func (*Clock) Now 

func (s *Clock) Now() time.Time

Now returns the current local time.

type DefaultJWKSProvider 

type DefaultJWKSProvider struct {
	// contains filtered or unexported fields
}

DefaultJWKSProvider provides a JWKS set

func NewJWKSProvider 

func NewJWKSProvider(cfg *configv1.Config, tlsPool inthttp.TLSConfigPool) *DefaultJWKSProvider

NewJWKSProvider returns a new JWKSProvider.

func (*DefaultJWKSProvider) Get 

func (j *DefaultJWKSProvider) Get(ctx context.Context, config *oidcv1.OIDCConfig) (jwk.Set, error)

Get the JWKS for the given OIDC configuration

func (*DefaultJWKSProvider) Name 

func (j *DefaultJWKSProvider) Name() string

Name of the JWKSProvider run.Unit

func (*DefaultJWKSProvider) ServeContext 

func (j *DefaultJWKSProvider) ServeContext(ctx context.Context) error

type JWKSProvider 

type JWKSProvider interface {
	// Get the JWKS for the given OIDC configuration
	Get(context.Context, *oidcv1.OIDCConfig) (jwk.Set, error)
}

JWKSProvider provides a JWKS set for a given OIDC configuration.

type SessionGenerator 

type SessionGenerator interface {
	GenerateSessionID() string
	GenerateNonce() string
	GenerateState() string
	GenerateCodeVerifier() string
}

SessionGenerator is an interface for generating session data.

func NewRandomGenerator 

func NewRandomGenerator() SessionGenerator

NewRandomGenerator creates a new random session generator.

func NewStaticGenerator 

func NewStaticGenerator(sessionID, nonce, state, codeVerifier string) SessionGenerator

NewStaticGenerator creates a new static session generator.

type SessionStore 

type SessionStore interface {
	SetTokenResponse(ctx context.Context, sessionID string, tokenResponse *TokenResponse) error
	GetTokenResponse(ctx context.Context, sessionID string) (*TokenResponse, error)
	SetAuthorizationState(ctx context.Context, sessionID string, authorizationState *AuthorizationState) error
	GetAuthorizationState(ctx context.Context, sessionID string) (*AuthorizationState, error)
	ClearAuthorizationState(ctx context.Context, sessionID string) error
	RemoveSession(ctx context.Context, sessionID string) error
	RemoveAllExpired(ctx context.Context) error
}

SessionStore is an interface for storing session data.

func NewMemoryStore 

func NewMemoryStore(clock *Clock, absoluteSessionTimeout, idleSessionTimeout time.Duration) SessionStore

NewMemoryStore creates a new in-memory session store.

func NewRedisStore 

func NewRedisStore(clock *Clock, client redis.Cmdable, absoluteSessionTimeout, idleSessionTimeout time.Duration) (SessionStore, error)

NewRedisStore creates a new SessionStore that stores the session data in a given Redis server.

type SessionStoreFactory 

type SessionStoreFactory interface {
	Get(cfg *oidcv1.OIDCConfig) SessionStore
}

SessionStoreFactory is a factory for managing multiple SessionStores. It uses the OIDC configuration to determine which store to use.

type SessionStoreFactoryUnit 

type SessionStoreFactoryUnit interface {
	run.PreRunner
	SessionStoreFactory
}

SessionStoreFactoryUnit is a combination of a run.PreRunner and a SessionStoreFactory.

func NewSessionStoreFactory 

func NewSessionStoreFactory(cfg *configv1.Config, fileWatcher watch.Callbacker) SessionStoreFactoryUnit

NewSessionStoreFactory creates a factory for managing session stores. It uses the OIDC configuration to determine which store to use.

type TokenResponse 

type TokenResponse struct {
	IDToken              string
	AccessToken          string
	AccessTokenExpiresAt time.Time
	RefreshToken         string
}

TokenResponse contains information about the tokens returned by the Identity Provider.

func (*TokenResponse) ParseIDToken 

func (t *TokenResponse) ParseIDToken() (jwt.Token, error)

ParseIDToken parses the ID token string and returns the token and an error if any.

type WellKnownConfig 

type WellKnownConfig struct {
	Issuer                   string   `json:"issuer"`
	AuthorizationEndpoint    string   `json:"authorization_endpoint"`
	TokenEndpoint            string   `json:"token_endpoint"`
	JWKSURL                  string   `json:"jwks_uri"`
	ResponseTypesSupported   []string `json:"response_types_supported"`
	SubjectTypesSupported    []string `json:"subject_types_supported"`
	IDTokenSigningAlgorithms []string `json:"id_token_signing_alg_values_supported"`
	TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported"`
	UserInfoEndpoint         string   `json:"userinfo_endpoint"`
	EndSessionEndpoint       string   `json:"end_session_endpoint"`
	RevocationEndpoint       string   `json:"revocation_endpoint"`
	IntrospectionEndpoint    string   `json:"introspection_endpoint"`
	ScopesSupported          []string `json:"scopes_supported"`
	ClaimsSupported          []string `json:"claims_supported"`
	CodeChallengeMethods     []string `json:"code_challenge_methods_supported"`
	TokenRevocationEndpoint  string   `json:"token_revocation_endpoint"`
}

WellKnownConfig represents the OIDC well-known configuration

func GetWellKnownConfig 

func GetWellKnownConfig(client *http.Client, url string) (WellKnownConfig, error)

GetWellKnownConfig retrieves the OIDC well-known configuration from the given issuer URL.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.