oidc

package

v1.4.0-alpha.1 Latest Latest Go to latest Published: Jul 11, 2016 License: Apache-2.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/mayusy/kubernetes

Links

Open Source Insights

Documentation ¶

Overview ¶

oidc implements the authenticator.Token interface using the OpenID Connect protocol.

config := oidc.OIDCOptions{
	IssuerURL:     "https://accounts.google.com",
	ClientID:      os.Getenv("GOOGLE_CLIENT_ID"),
	UsernameClaim: "email",
}
tokenAuthenticator, err := oidc.New(config)

Index ¶

type OIDCAuthenticator
- func New(opts OIDCOptions) (*OIDCAuthenticator, error)
- func (a *OIDCAuthenticator) AuthenticateToken(value string) (user.Info, bool, error)
- func (a *OIDCAuthenticator) Close()
type OIDCOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type OIDCAuthenticator ¶

type OIDCAuthenticator struct {
	// contains filtered or unexported fields
}

func New ¶

func New(opts OIDCOptions) (*OIDCAuthenticator, error)

New creates a token authenticator which validates OpenID Connect ID Tokens.

func (*OIDCAuthenticator) AuthenticateToken ¶

func (a *OIDCAuthenticator) AuthenticateToken(value string) (user.Info, bool, error)

AuthenticateToken decodes and verifies a ID Token using the OIDC client, if the verification succeeds, then it will extract the user info from the JWT claims.

func (*OIDCAuthenticator) Close ¶ added in v1.2.0

func (a *OIDCAuthenticator) Close()

Close stops all goroutines used by the authenticator.

type OIDCOptions ¶ added in v1.3.0

type OIDCOptions struct {
	// IssuerURL is the URL the provider signs ID Tokens as. This will be the "iss"
	// field of all tokens produced by the provider and is used for configuration
	// discovery.
	//
	// The URL is usually the provider's URL without a path, for example
	// "https://accounts.google.com" or "https://login.salesforce.com".
	//
	// The provider must implement configuration discovery.
	// See: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
	IssuerURL string

	// ClientID the JWT must be issued for, the "sub" field. This plugin only trusts a single
	// client to ensure the plugin can be used with public providers.
	//
	// The plugin supports the "authorized party" OpenID Connect claim, which allows
	// specialized providers to issue tokens to a client for a different client.
	// See: https://openid.net/specs/openid-connect-core-1_0.html#IDToken
	ClientID string

	// Path to a PEM encoded root certificate of the provider.
	CAFile string

	// UsernameClaim is the JWT field to use as the user's username.
	UsernameClaim string

	// GroupsClaim, if specified, causes the OIDCAuthenticator to try to populate the user's
	// groups with a ID Token field. If the GrouppClaim field is present in a ID Token the value
	// must be a list of strings.
	GroupsClaim string
}

Source Files ¶

View all Source files

oidc.go

Directories ¶

Path	Synopsis
testing

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL