providers

package
v0.19.783 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 13, 2026 License: AGPL-3.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	GitHubProviderName = "github"
	GitHubUserInfoURL  = "https://api.github.com/user"
	GitHubUserOrgURL   = "https://api.github.com/orgs/:org_id/members/:username"
	GitHubUserTeamURL  = "https://api.github.com/orgs/:org_id/teams/:team_slug/memberships/:username"
)
View Source 
const (
	GoogleProviderName = "google"
	GoogleUserInfoURL  = "https://www.googleapis.com/oauth2/v3/userinfo"
)
View Source 
const (
	OpenIDProviderName = "openid"
)

Variables

View Source 
var (
	ErrMissingClientID     = errors.New("client_id is required")
	ErrMissingClientSecret = errors.New("client_secret is required")
	ErrMissingIssuerURL    = errors.New("issuer_url is required")
	ErrMissingRedirectURL  = errors.New("redirect_url is required")
)

Config validation errors

Functions

This section is empty.

Types

type BaseConfig 

type BaseConfig struct {
	ClientID     string   `json:"client_id"`
	ClientSecret string   `json:"client_secret"`
	RedirectURL  string   `json:"redirect_url"`
	Scopes       []string `json:"scopes,omitempty"`
}

BaseConfig holds common OAuth configuration fields shared by all providers.

func (*BaseConfig) Validate 

func (c *BaseConfig) Validate() error

Validate checks that required base fields are present.

type BaseProvider 

type BaseProvider struct {
	// contains filtered or unexported fields
}

BaseProvider provides common functionality for OAuth providers.

func (*BaseProvider) ExchangeCode 

func (b *BaseProvider) ExchangeCode(ctx context.Context, code string, opts ...oauth2.AuthCodeOption) (*http.Client, *oauth2.Token, *ProviderTokens, error)

ExchangeCode exchanges the authorization code for tokens and returns an HTTP client.

func (*BaseProvider) FetchUserInfo 

func (b *BaseProvider) FetchUserInfo(ctx context.Context, client *http.Client) ([]byte, error)

FetchUserInfo fetches user information from the provider's userinfo endpoint.

func (*BaseProvider) GetOAuth2Config 

func (b *BaseProvider) GetOAuth2Config() *oauth2.Config

GetOAuth2Config returns the OAuth2 configuration for generating auth URLs.

func (*BaseProvider) Logger 

func (b *BaseProvider) Logger() *zap.Logger

Logger returns the configured logger.

func (*BaseProvider) MapClaims 

func (b *BaseProvider) MapClaims(data []byte, customClaims *CustomClaims) error

MapClaims extracts configured claims from the raw response.

func (*BaseProvider) Name 

func (b *BaseProvider) Name() string

Name returns the provider name.

func (*BaseProvider) ParseUserInfo 

func (b *BaseProvider) ParseUserInfo(data []byte) (*UserInfo, error)

ParseUserInfo unmarshals the userinfo response into a UserInfo struct.

func (*BaseProvider) SetupOAuth2Config 

func (b *BaseProvider) SetupOAuth2Config(cfg *ProviderConfig)

SetupOAuth2Config initializes the OAuth2 configuration.

type CustomClaims 

type CustomClaims struct {
	Claims map[string]any
}

CustomClaims holds additional claims extracted from the provider response.

type GitHubConfig 

type GitHubConfig struct {
	BaseConfig

	// Organization restricts login to members of specific GitHub orgs (optional)
	AllowedOrgs []string `json:"allowed_orgs,omitempty"`

	// Teams restricts login to members of specific teams (format: "org/team")
	AllowedTeams []string `json:"allowed_teams,omitempty"`

	// GitHub Enterprise support (optional)
	EnterpriseURL string `json:"enterprise_url,omitempty"`
}

GitHubConfig holds configuration for GitHub OAuth.

func (*GitHubConfig) Validate 

func (c *GitHubConfig) Validate() error

Validate checks that required GitHub fields are present.

type GitHubProvider 

type GitHubProvider struct {
	BaseProvider
	// contains filtered or unexported fields
}

GitHubProvider implements the Provider interface for GitHub OAuth.

func NewGitHubProvider 

func NewGitHubProvider() *GitHubProvider

NewGitHubProvider creates a new GitHub OAuth provider instance.

func (*GitHubProvider) AuthCodeURL 

func (p *GitHubProvider) AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string

AuthCodeURL returns the URL to redirect the user to for authentication.

func (*GitHubProvider) Configure 

func (p *GitHubProvider) Configure(cfg *ProviderConfig) error

Configure initializes the GitHub provider with the given configuration.

func (*GitHubProvider) ConfigureWithTeams 

func (p *GitHubProvider) ConfigureWithTeams(cfg *GitHubProviderConfig) error

ConfigureWithTeams initializes the GitHub provider with team/org membership checking.

func (*GitHubProvider) GetUserInfo 

func (p *GitHubProvider) GetUserInfo(ctx context.Context, r *http.Request, opts ...oauth2.AuthCodeOption) (*UserInfo, *ProviderTokens, error)

GetUserInfo exchanges the authorization code for tokens and retrieves user information.

type GitHubProviderConfig 

type GitHubProviderConfig struct {
	*ProviderConfig
	TeamWhitelist []string // List of org or org/team to check membership
	UserOrgURL    string   // URL template for checking org membership
	UserTeamURL   string   // URL template for checking team membership
}

GitHubProviderConfig extends ProviderConfig with GitHub-specific options.

type GitHubTeamMembershipState 

type GitHubTeamMembershipState struct {
	State string `json:"state"` // "active" or "pending"
	Role  string `json:"role"`  // "member" or "maintainer"
}

GitHubTeamMembershipState represents the team membership response from GitHub.

type GitHubUserInfo 

type GitHubUserInfo struct {
	ID        int    `json:"id"`
	Login     string `json:"login"`
	Name      string `json:"name"`
	Email     string `json:"email"`
	AvatarURL string `json:"avatar_url"`
	HTMLURL   string `json:"html_url"`
	Type      string `json:"type"`
	Company   string `json:"company"`
	Blog      string `json:"blog"`
	Location  string `json:"location"`
	Bio       string `json:"bio"`
}

GitHubUserInfo represents user information from GitHub's API.

type GoogleConfig 

type GoogleConfig struct {
	BaseConfig

	// HostedDomain restricts login to a specific G Suite domain (optional)
	HostedDomain string `json:"hosted_domain,omitempty"`
}

GoogleConfig holds configuration for Google OAuth.

func (*GoogleConfig) Validate 

func (c *GoogleConfig) Validate() error

Validate checks that required Google fields are present.

type GoogleProvider 

type GoogleProvider struct {
	BaseProvider
}

GoogleProvider implements the Provider interface for Google OAuth.

func NewGoogleProvider 

func NewGoogleProvider() *GoogleProvider

NewGoogleProvider creates a new Google OAuth provider instance.

func (*GoogleProvider) AuthCodeURL 

func (p *GoogleProvider) AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string

AuthCodeURL returns the URL to redirect the user to for authentication.

func (*GoogleProvider) Configure 

func (p *GoogleProvider) Configure(cfg *ProviderConfig) error

Configure initializes the Google provider with the given configuration.

func (*GoogleProvider) GetUserInfo 

func (p *GoogleProvider) GetUserInfo(ctx context.Context, r *http.Request, opts ...oauth2.AuthCodeOption) (*UserInfo, *ProviderTokens, error)

GetUserInfo exchanges the authorization code for tokens and retrieves user information.

type GoogleUserInfo 

type GoogleUserInfo struct {
	Sub           string `json:"sub"`
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified"`
	Name          string `json:"name"`
	GivenName     string `json:"given_name"`
	FamilyName    string `json:"family_name"`
	Picture       string `json:"picture"`
	Locale        string `json:"locale"`
	HostDomain    string `json:"hd"` // G Suite domain
}

GoogleUserInfo represents user information from Google's userinfo endpoint.

type OpenIDConfig 

type OpenIDConfig struct {
	BaseConfig

	// IssuerURL is used for OIDC discovery (/.well-known/openid-configuration)
	IssuerURL string `json:"issuer_url"`

	// Optional: explicit URLs if discovery is not available
	AuthURL     string `json:"auth_url,omitempty"`
	TokenURL    string `json:"token_url,omitempty"`
	UserInfoURL string `json:"userinfo_url,omitempty"`

	// Optional: claims to extract from the ID token or userinfo response
	ClaimsToExtract []string `json:"claims_to_extract,omitempty"`
}

OpenIDConfig holds configuration for generic OpenID Connect providers.

func (*OpenIDConfig) Validate 

func (c *OpenIDConfig) Validate() error

Validate checks that required OpenID fields are present.

type OpenIDDiscoveryConfig 

type OpenIDDiscoveryConfig struct {
	Issuer                string   `json:"issuer"`
	AuthorizationEndpoint string   `json:"authorization_endpoint"`
	TokenEndpoint         string   `json:"token_endpoint"`
	UserinfoEndpoint      string   `json:"userinfo_endpoint"`
	JwksURI               string   `json:"jwks_uri"`
	ScopesSupported       []string `json:"scopes_supported"`
	ClaimsSupported       []string `json:"claims_supported"`
}

OpenIDDiscoveryConfig holds the discovered OIDC configuration from the well-known endpoint.

type OpenIDProvider 

type OpenIDProvider struct {
	BaseProvider
	// contains filtered or unexported fields
}

OpenIDProvider implements the Provider interface for generic OpenID Connect providers.

func NewOpenIDProvider 

func NewOpenIDProvider() *OpenIDProvider

NewOpenIDProvider creates a new OpenID Connect provider instance.

func (*OpenIDProvider) AuthCodeURL 

func (p *OpenIDProvider) AuthCodeURL(state string, opts ...oauth2.AuthCodeOption) string

AuthCodeURL returns the URL to redirect the user to for authentication.

func (*OpenIDProvider) Configure 

func (p *OpenIDProvider) Configure(cfg *ProviderConfig) error

Configure initializes the OpenID provider with the given configuration. If IssuerURL is provided, it will attempt OIDC discovery to auto-configure endpoints.

func (*OpenIDProvider) GetDiscoveryConfig 

func (p *OpenIDProvider) GetDiscoveryConfig() *OpenIDDiscoveryConfig

GetDiscoveryConfig returns the discovered OIDC configuration, if available.

func (*OpenIDProvider) GetUserInfo 

func (p *OpenIDProvider) GetUserInfo(ctx context.Context, r *http.Request, opts ...oauth2.AuthCodeOption) (*UserInfo, *ProviderTokens, error)

GetUserInfo exchanges the authorization code for tokens and retrieves user information.

type Provider 

type Provider interface {
	// Name returns the provider identifier (e.g., "google", "github", "openid").
	Name() string

	// Configure initializes the provider with the given configuration.
	Configure(cfg *ProviderConfig) error

	// GetUserInfo exchanges the authorization code for tokens and retrieves user information.
	GetUserInfo(ctx context.Context, r *http.Request, opts ...oauth2.AuthCodeOption) (*UserInfo, *ProviderTokens, error)
}

Provider defines the interface that all OAuth/OIDC providers must implement.

type ProviderConfig 

type ProviderConfig struct {
	// OAuth2 configuration
	ClientID     string
	ClientSecret string
	RedirectURL  string
	Scopes       []string

	// Provider-specific URLs (some providers use discovery, others need explicit URLs)
	AuthURL     string
	TokenURL    string
	UserInfoURL string

	// For OIDC providers
	IssuerURL string

	// Optional: claims to extract from the ID token or userinfo response
	ClaimsToExtract []string

	// Logger
	Logger *zap.Logger
}

ProviderConfig holds the configuration needed to set up an OAuth provider.

type ProviderTokens 

type ProviderTokens struct {
	AccessToken  string
	RefreshToken string
	IDToken      string
	TokenType    string
	Expiry       int64 // Unix timestamp
}

ProviderTokens holds the tokens received from the OAuth provider.

type UserInfo 

type UserInfo struct {
	// Standard claims
	Subject       string `json:"sub"`
	Email         string `json:"email"`
	EmailVerified bool   `json:"email_verified"`
	Name          string `json:"name"`
	Username      string `json:"username,omitempty"`
	Picture       string `json:"picture,omitempty"`

	// Provider-specific identifier
	ProviderUserID string `json:"-"`

	// Raw claims from the provider (for custom claim extraction)
	RawClaims map[string]any `json:"-"`
}

UserInfo represents the authenticated user's information.

func (*UserInfo) PrepareUserData 

func (u *UserInfo) PrepareUserData()

PrepareUserData ensures required fields are populated with fallbacks.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.