authprovider

package
v0.72.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 26, 2026 License: MIT Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrClientSecretEnvEmpty     = errors.New("client_secret_env_empty")
	ErrProviderInvalidTransform = errors.New("provider_invalid_transform")
	ErrProviderNonHTTPSURL      = errors.New("provider_non_https_url")
)

Functions

func BuiltIns 

func BuiltIns() map[string]Provider

func MapFallbackEmail 

func MapFallbackEmail(root any, fallback FallbackLookup) (string, bool)

Types

type AppleJWTSecret 

type AppleJWTSecret struct {
	TeamID        string
	KeyID         string
	PrivateKeyPEM []byte
	PrivateKeyEnv string
	TTL           time.Duration
}

type ClientSecret 

type ClientSecret struct {
	Value    string
	Env      string
	Strategy string
	AppleJWT *AppleJWTSecret
}

func (ClientSecret) ResolveStatic 

func (s ClientSecret) ResolveStatic() (string, error)

type FallbackLookup 

type FallbackLookup struct {
	URL    string
	Accept string
	Array  bool
	Select map[string]any

	Email         FieldMapping
	EmailVerified FieldMapping
}

type FieldMapping 

type FieldMapping struct {
	Path       string
	Value      any
	Transforms []string
}

type Identity 

type Identity struct {
	Subject           string
	Email             string
	EmailVerified     bool
	PreferredUsername string
	DisplayName       string
}

func MapIdentity 

func MapIdentity(root any, mapping UserMapping) (Identity, error)

type Kind 

type Kind string
const (
	KindOIDC   Kind = "oidc"
	KindOAuth2 Kind = "oauth2"

	// SecretStrategyAppleJWT selects dynamic Apple ES256 client-secret minting.
	SecretStrategyAppleJWT = "apple_jwt"
)

type Provider 

type Provider struct {
	Name            string
	Kind            Kind
	Issuer          string
	ClientID        string
	ClientSecret    ClientSecret
	Scopes          []string
	PKCE            bool
	AuthorizeURL    string
	TokenURL        string
	UserInfoURL     string
	UserInfoAccept  string
	ExtraAuthParams map[string]string
	UserMapping     UserMapping
	EmailFallback   *FallbackLookup

	// IdentityMapper is an internal escape hatch for providers whose userinfo
	// response cannot be represented by declarative mappings.
	IdentityMapper func(any) (Identity, error)

	// SecretProvider is the internal escape hatch for callers that already
	// construct dynamic secrets in code. Config-first providers should prefer
	// ClientSecret strategies.
	SecretProvider func(context.Context) (string, error)
}

func Apple added in v0.72.0 

func Apple(clientID, clientSecret string) Provider

Apple returns the built-in Apple OIDC provider configured with the given OAuth client credentials. For the Apple "client secret JWT" strategy, set ClientSecret.Strategy / ClientSecret.AppleJWT on the returned provider.

func BuiltIn 

func BuiltIn(name string) (Provider, bool)

func Clone 

func Clone(in Provider) Provider

func Discord added in v0.72.0 

func Discord(clientID, clientSecret string) Provider

Discord returns the built-in Discord OAuth2 provider configured with the given OAuth client credentials.

func GitHub added in v0.72.0 

func GitHub(clientID, clientSecret string) Provider

GitHub returns the built-in GitHub OAuth2 provider configured with the given OAuth client credentials.

func Google added in v0.72.0 

func Google(clientID, clientSecret string) Provider

Google returns the built-in Google OIDC provider configured with the given OAuth client credentials — the convenience form of an authprovider.Provider for IdentityConfig.Providers (#143). Override fields on the result for custom scopes/mapping.

func (Provider) NormalizedName 

func (p Provider) NormalizedName() string

func (Provider) Validate added in v0.12.2 

func (p Provider) Validate() error

Validate checks descriptor shape for config-loaded providers.

type UserMapping 

type UserMapping struct {
	Subject           FieldMapping
	Email             FieldMapping
	EmailVerified     FieldMapping
	PreferredUsername FieldMapping
	DisplayName       FieldMapping
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.