authn

package
v0.4.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 18, 2025 License: EUPL-1.2 Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source 
const AuthRequestLifetime = 5 * time.Minute
View Source 
const IDTokenLifetime = time.Hour

IDTokenLifetime defines the lifetime of ID tokens issued to clients. TODO: Adjust this if needed

View Source 
const TokenLifetime = 5 * time.Minute

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthRequest 

type AuthRequest struct {
	oidc.AuthRequest
	ID string

	Subject         string
	DeziToken       string
	ParsedDeziToken *jwt.Token
	AuthTime        time.Time
	AuthDone        bool
	Code            string
	ApplicationID   string

	ExpirationTime time.Time
}

AuthRequest represents an authentication request in the authorized code flow. It's also used for storage.

func (*AuthRequest) Authenticate 

func (a *AuthRequest) Authenticate(deziToken string) error

func (AuthRequest) Done 

func (a AuthRequest) Done() bool

func (AuthRequest) GetACR 

func (a AuthRequest) GetACR() string

func (AuthRequest) GetAMR 

func (a AuthRequest) GetAMR() []string

func (AuthRequest) GetAudience 

func (a AuthRequest) GetAudience() []string

func (AuthRequest) GetAuthTime 

func (a AuthRequest) GetAuthTime() time.Time

func (AuthRequest) GetClientID 

func (a AuthRequest) GetClientID() string

func (AuthRequest) GetCodeChallenge 

func (a AuthRequest) GetCodeChallenge() *oidc.CodeChallenge

func (AuthRequest) GetID 

func (a AuthRequest) GetID() string

func (AuthRequest) GetNonce 

func (a AuthRequest) GetNonce() string

func (AuthRequest) GetScopes 

func (a AuthRequest) GetScopes() []string

func (AuthRequest) GetSubject 

func (a AuthRequest) GetSubject() string

type Client 

type Client struct {
	ID           string   `koanf:"id"`
	Secret       string   `koanf:"secret"`
	RedirectURLs []string `koanf:"redirecturls"`
	// contains filtered or unexported fields
}

Client represents an OAuth2/OIDC client application. It is used to configure client-specific settings such as redirect URIs, authentication methods, grant types, and token lifetimes.

func (Client) AccessTokenType 

func (c Client) AccessTokenType() op.AccessTokenType

func (Client) ApplicationType 

func (c Client) ApplicationType() op.ApplicationType

func (Client) AuthMethod 

func (c Client) AuthMethod() oidc.AuthMethod

func (Client) ClockSkew 

func (c Client) ClockSkew() time.Duration

func (Client) DevMode 

func (c Client) DevMode() bool

func (Client) GetID 

func (c Client) GetID() string

func (Client) GrantTypes 

func (c Client) GrantTypes() []oidc.GrantType

func (Client) IDTokenLifetime 

func (c Client) IDTokenLifetime() time.Duration

func (Client) IDTokenUserinfoClaimsAssertion 

func (c Client) IDTokenUserinfoClaimsAssertion() bool

func (Client) IsScopeAllowed 

func (c Client) IsScopeAllowed(scope string) bool

func (Client) LoginURL 

func (c Client) LoginURL(authRequestID string) string

func (Client) PostLogoutRedirectURIs 

func (c Client) PostLogoutRedirectURIs() []string

func (Client) RedirectURIs 

func (c Client) RedirectURIs() []string

func (Client) ResponseTypes 

func (c Client) ResponseTypes() []oidc.ResponseType

func (Client) RestrictAdditionalAccessTokenScopes 

func (c Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string

func (Client) RestrictAdditionalIdTokenScopes 

func (c Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string

type Component 

type Component struct {
	// contains filtered or unexported fields
}

Component implements an OpenID Connect Provider using the zitadel/oidc library. Since its clients (the EHR) are internal to the Nuts Knooppunt, endpoints intended for the clients are registered on the internal mux. Endpoints intended for end-users (like the authorization endpoint) are registered on the public mux, so they can be accessed through the browser. This also means only confidential clients (clients capable of keeping a secret) are supported (https://oauth.net/2/client-types/).

func New 

func New(config Config, httpInterfaces httpComponent.InterfaceInfo, coreConfig core.Config) (*Component, error)

func (*Component) RegisterHttpHandlers 

func (c *Component) RegisterHttpHandlers(publicMux *http.ServeMux, internalMux *http.ServeMux)

func (*Component) Start 

func (c *Component) Start() error

func (*Component) Stop 

func (c *Component) Stop(ctx context.Context) error

type Config 

type Config struct {
	Clients []Client `koanf:"clients"`
}

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey represents a public key that is used for signing ID tokens.

func (PublicKey) Algorithm 

func (p PublicKey) Algorithm() jose.SignatureAlgorithm

func (PublicKey) ID 

func (p PublicKey) ID() string

func (PublicKey) Key 

func (p PublicKey) Key() any

func (PublicKey) Use 

func (p PublicKey) Use() string

type SigningKey 

type SigningKey struct {
	// contains filtered or unexported fields
}

SigningKey represents a key pair that is used to sign ID tokens.

func (SigningKey) ID 

func (s SigningKey) ID() string

func (SigningKey) Key 

func (s SigningKey) Key() any

func (SigningKey) Public 

func (p SigningKey) Public() PublicKey

func (SigningKey) SignatureAlgorithm 

func (s SigningKey) SignatureAlgorithm() jose.SignatureAlgorithm

type Storage 

type Storage struct {
	// contains filtered or unexported fields
}

Storage implements the op.Storage interface using in-memory maps. TODO: Change to persistent token storage

func (Storage) AuthRequestByCode 

func (o Storage) AuthRequestByCode(ctx context.Context, code string) (op.AuthRequest, error)

func (Storage) AuthRequestByID 

func (o Storage) AuthRequestByID(ctx context.Context, id string) (op.AuthRequest, error)

func (Storage) AuthenticateUser 

func (o Storage) AuthenticateUser(ctx context.Context, authRequestID string, deziToken string) error

func (Storage) AuthorizeClientIDSecret 

func (o Storage) AuthorizeClientIDSecret(ctx context.Context, clientID, clientSecret string) error

func (Storage) CreateAccessAndRefreshTokens 

func (o Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshTokenID string, expiration time.Time, err error)

func (Storage) CreateAccessToken 

func (o Storage) CreateAccessToken(ctx context.Context, request op.TokenRequest) (accessTokenID string, expiration time.Time, err error)

func (Storage) CreateAuthRequest 

func (o Storage) CreateAuthRequest(ctx context.Context, request *oidc.AuthRequest, userID string) (op.AuthRequest, error)

func (Storage) CreateTokenExchangeRequest 

func (o Storage) CreateTokenExchangeRequest(ctx context.Context, request op.TokenExchangeRequest) error

func (Storage) DeleteAuthRequest 

func (o Storage) DeleteAuthRequest(ctx context.Context, id string) error

func (Storage) GetClientByClientID 

func (o Storage) GetClientByClientID(ctx context.Context, clientID string) (op.Client, error)

func (Storage) GetKeyByIDAndClientID 

func (o Storage) GetKeyByIDAndClientID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error)

func (Storage) GetPrivateClaimsFromScopes 

func (o Storage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (map[string]any, error)

func (Storage) GetPrivateClaimsFromTokenExchangeRequest 

func (o Storage) GetPrivateClaimsFromTokenExchangeRequest(ctx context.Context, request op.TokenExchangeRequest) (claims map[string]any, err error)

func (Storage) GetRefreshTokenInfo 

func (o Storage) GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)

func (Storage) Health 

func (o Storage) Health(ctx context.Context) error

func (Storage) KeySet 

func (o Storage) KeySet(ctx context.Context) ([]op.Key, error)

func (Storage) RevokeToken 

func (o Storage) RevokeToken(ctx context.Context, tokenOrTokenID string, userID string, clientID string) *oidc.Error

func (Storage) SaveAuthCode 

func (o Storage) SaveAuthCode(ctx context.Context, id string, code string) error

func (Storage) SetIntrospectionFromToken 

func (o Storage) SetIntrospectionFromToken(ctx context.Context, userinfo *oidc.IntrospectionResponse, tokenID, subject, clientID string) error

func (Storage) SetUserinfoFromRequest 

func (o Storage) SetUserinfoFromRequest(ctx context.Context, userinfo *oidc.UserInfo, request op.IDTokenRequest, scopes []string) error

func (Storage) SetUserinfoFromScopes 

func (o Storage) SetUserinfoFromScopes(ctx context.Context, userinfo *oidc.UserInfo, userID, clientID string, scopes []string) error

SetUserinfoFromScopes sets the userinfo claims based on the requested scopes and user ID. Since we don't want to store the userinfo in the database, we just return nil here. User info should then be set through SetUserinfoFromRequest

func (Storage) SetUserinfoFromToken 

func (o Storage) SetUserinfoFromToken(ctx context.Context, userInfo *oidc.UserInfo, tokenID, subject, origin string) error

func (Storage) SetUserinfoFromTokenExchangeRequest 

func (o Storage) SetUserinfoFromTokenExchangeRequest(ctx context.Context, userinfo *oidc.UserInfo, request op.TokenExchangeRequest) error

func (Storage) SignatureAlgorithms 

func (o Storage) SignatureAlgorithms(ctx context.Context) ([]jose.SignatureAlgorithm, error)

func (Storage) SigningKey 

func (o Storage) SigningKey(ctx context.Context) (op.SigningKey, error)

func (Storage) TerminateSession 

func (o Storage) TerminateSession(ctx context.Context, userID string, clientID string) error

func (Storage) TokenRequestByRefreshToken 

func (o Storage) TokenRequestByRefreshToken(ctx context.Context, refreshTokenID string) (op.RefreshTokenRequest, error)

func (Storage) ValidateJWTProfileScopes 

func (o Storage) ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error)

func (Storage) ValidateTokenExchangeRequest 

func (o Storage) ValidateTokenExchangeRequest(ctx context.Context, request op.TokenExchangeRequest) error

type Token 

type Token struct {
	ID       string
	Audience []string
	Scopes   []string

	ExpirationTime time.Time
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.