 Documentation
      ¶
      Documentation
      ¶
    
    
  
    
  
    Overview ¶
oidc implements the authenticator.Token interface using the OpenID Connect protocol.
config := oidc.OIDCOptions{
	IssuerURL:     "https://accounts.google.com",
	ClientID:      os.Getenv("GOOGLE_CLIENT_ID"),
	UsernameClaim: "email",
}
tokenAuthenticator, err := oidc.New(config)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type OIDCAuthenticator ¶
type OIDCAuthenticator struct {
	// contains filtered or unexported fields
}
    func New ¶
func New(opts OIDCOptions) (*OIDCAuthenticator, error)
New creates a token authenticator which validates OpenID Connect ID Tokens.
func (*OIDCAuthenticator) AuthenticateToken ¶
AuthenticateToken decodes and verifies a ID Token using the OIDC client, if the verification succeeds, then it will extract the user info from the JWT claims.
func (*OIDCAuthenticator) Close ¶ added in v1.2.0
func (a *OIDCAuthenticator) Close()
Close stops all goroutines used by the authenticator.
type OIDCOptions ¶ added in v1.3.0
type OIDCOptions struct {
	// IssuerURL is the URL the provider signs ID Tokens as. This will be the "iss"
	// field of all tokens produced by the provider and is used for configuration
	// discovery.
	//
	// The URL is usually the provider's URL without a path, for example
	// "https://accounts.google.com" or "https://login.salesforce.com".
	//
	// The provider must implement configuration discovery.
	// See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
	IssuerURL string
	// ClientID the JWT must be issued for, the "sub" field. This plugin only trusts a single
	// client to ensure the plugin can be used with public providers.
	//
	// The plugin supports the "authorized party" OpenID Connect claim, which allows
	// specialized providers to issue tokens to a client for a different client.
	// See: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
	ClientID string
	// Path to a PEM encoded root certificate of the provider.
	CAFile string
	// UsernameClaim is the JWT field to use as the user's username.
	UsernameClaim string
	// GroupsClaim, if specified, causes the OIDCAuthenticator to try to populate the user's
	// groups with a ID Token field. If the GrouppClaim field is present in a ID Token the value
	// must be a list of strings.
	GroupsClaim string
}
     Click to show internal directories. 
   Click to hide internal directories.