Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrProviderNonHTTPSURL = errors.New("provider_non_https_url")
Functions ¶
This section is empty.
Types ¶
type AppleJWTSecret ¶
type ClientSecret ¶
type ClientSecret struct {
Value string
Strategy string
AppleJWT *AppleJWTSecret
}
ClientSecret carries the provider's client secret as explicit config. There is deliberately NO env-var indirection (#231): AuthKit is a library and never reads process env — hosts/binaries resolve secrets at their own boundary and pass Value (or a Strategy) here.
func (ClientSecret) ResolveStatic ¶
func (s ClientSecret) ResolveStatic() string
ResolveStatic returns the statically configured secret value (empty when unset or when a dynamic Strategy is used instead).
type Provider ¶
type Provider struct {
Name string
Kind Kind
Issuer string
ClientID string
ClientSecret ClientSecret
Scopes []string
PKCE bool
AuthorizeURL string
TokenURL string
UserInfoURL string
UserInfoAccept string
ExtraAuthParams map[string]string
// EmailFallbackURL is an optional secondary userinfo endpoint queried when the
// primary userinfo response yields no email. It exists for OAuth2 providers
// (GitHub) whose /user email may be empty; the fetched JSON is expected to be an
// array of {email, primary, verified} entries, and the primary+verified entry is
// selected. Empty for providers without a fallback.
EmailFallbackURL string
EmailFallbackAccept string
// IdentityMapper maps a provider's parsed userinfo JSON into an Identity. It is
// required for OAuth2 providers (OIDC providers read standard ID-token claims via
// the oidc path instead). Built-ins set this in-code; custom OAuth2 providers must
// supply their own.
IdentityMapper func(any) (Identity, error)
// SecretProvider is the internal escape hatch for callers that already
// construct dynamic secrets in code. Config-first providers should prefer
// ClientSecret strategies.
SecretProvider func(context.Context) (string, error)
}
func Apple ¶ added in v0.72.0
Apple returns the built-in Apple OIDC provider configured with the given OAuth client credentials. For the Apple "client secret JWT" strategy, set ClientSecret.Strategy / ClientSecret.AppleJWT on the returned provider.
func Discord ¶ added in v0.72.0
Discord returns the built-in Discord OAuth2 provider configured with the given OAuth client credentials.
func GitHub ¶ added in v0.72.0
GitHub returns the built-in GitHub OAuth2 provider configured with the given OAuth client credentials.
func Google ¶ added in v0.72.0
Google returns the built-in Google OIDC provider configured with the given OAuth client credentials — the convenience form of an authprovider.Provider for IdentityConfig.Providers (#143). Override fields on the result for custom scopes/mapping.