authprovider

package
v0.59.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 23, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrClientSecretEnvEmpty     = errors.New("client_secret_env_empty")
	ErrProviderInvalidTransform = errors.New("provider_invalid_transform")
	ErrProviderNonHTTPSURL      = errors.New("provider_non_https_url")
)

Functions

func BuiltIns 

func BuiltIns() map[string]Provider

func MapFallbackEmail 

func MapFallbackEmail(root any, fallback FallbackLookup) (string, bool)

Types

type AppleJWTSecret 

type AppleJWTSecret struct {
	TeamID        string
	KeyID         string
	PrivateKeyPEM []byte
	PrivateKeyEnv string
	TTL           time.Duration
}

type ClientSecret 

type ClientSecret struct {
	Value    string
	Env      string
	Strategy string
	AppleJWT *AppleJWTSecret
}

func (ClientSecret) ResolveStatic 

func (s ClientSecret) ResolveStatic() (string, error)

type FallbackLookup 

type FallbackLookup struct {
	URL    string
	Accept string
	Array  bool
	Select map[string]any

	Email         FieldMapping
	EmailVerified FieldMapping
}

type FieldMapping 

type FieldMapping struct {
	Path       string
	Value      any
	Transforms []string
}

type Identity 

type Identity struct {
	Subject           string
	Email             string
	EmailVerified     bool
	PreferredUsername string
	DisplayName       string
}

func MapIdentity 

func MapIdentity(root any, mapping UserMapping) (Identity, error)

type Kind 

type Kind string
const (
	KindOIDC   Kind = "oidc"
	KindOAuth2 Kind = "oauth2"

	// SecretStrategyAppleJWT selects dynamic Apple ES256 client-secret minting.
	SecretStrategyAppleJWT = "apple_jwt"
)

type Provider 

type Provider struct {
	Name            string
	Kind            Kind
	Issuer          string
	ClientID        string
	ClientSecret    ClientSecret
	Scopes          []string
	PKCE            bool
	AuthorizeURL    string
	TokenURL        string
	UserInfoURL     string
	UserInfoAccept  string
	ExtraAuthParams map[string]string
	UserMapping     UserMapping
	EmailFallback   *FallbackLookup

	// IdentityMapper is an internal escape hatch for providers whose userinfo
	// response cannot be represented by declarative mappings.
	IdentityMapper func(any) (Identity, error)

	// SecretProvider is the internal escape hatch for callers that already
	// construct dynamic secrets in code. Config-first providers should prefer
	// ClientSecret strategies.
	SecretProvider func(context.Context) (string, error)
}

func BuiltIn 

func BuiltIn(name string) (Provider, bool)

func Clone 

func Clone(in Provider) Provider

func (Provider) NormalizedName 

func (p Provider) NormalizedName() string

func (Provider) Validate added in v0.12.2 

func (p Provider) Validate() error

Validate checks descriptor shape for config-loaded providers.

type UserMapping 

type UserMapping struct {
	Subject           FieldMapping
	Email             FieldMapping
	EmailVerified     FieldMapping
	PreferredUsername FieldMapping
	DisplayName       FieldMapping
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.