oidc

package

v1.15.2 Latest Latest Go to latest Published: Apr 13, 2026 License: Apache-2.0 Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openkcm/common-sdk

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Configuration
type CouldNotFindKeyForKeyIDError
- func (e CouldNotFindKeyForKeyIDError) Error() string
type CouldNotUnmarshallResponseError
- func (e CouldNotUnmarshallResponseError) Error() string
type Introspection
type Provider
- func NewProvider(issuer string, audiences []string, opts ...ProviderOption) (*Provider, error)
type ProviderOption
type ProviderRespondedNon200Error
- func (e ProviderRespondedNon200Error) Error() string

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	ErrInvalidURI                 = errors.New("invalid URI")
	ErrInvalidURLScheme           = errors.New("invalid URL scheme")
	ErrCouldNotGetWellKnownConfig = errors.New("could not get well known OpenID configuration")
	ErrCouldNotBuildURL           = errors.New("could not build URL")
	ErrCouldNotCreateHTTPRequest  = errors.New("could not create HTTP request")
	ErrCouldNotDoHTTPRequest      = errors.New("could not do HTTP request")
	ErrCouldNotReadResponseBody   = errors.New("could not read response body")
	ErrNoIntrospectionEndpoint    = errors.New("no introspection endpoint in configuration")
	ErrTokenIntrospectionDisabled = errors.New("token introspection is disabled")
)

View Source

var (
	DefaultIssuerClaims = []string{"iss"}
)

Functions ¶

This section is empty.

Types ¶

type Configuration ¶

type Configuration struct {
	Issuer                            string   `json:"issuer,omitempty"`
	AuthorizationEndpoint             string   `json:"authorization_endpoint,omitempty"`
	TokenEndpoint                     string   `json:"token_endpoint,omitempty"`
	UserinfoEndpoint                  string   `json:"userinfo_endpoint,omitempty"`
	JwksURI                           string   `json:"jwks_uri,omitempty"`
	ResponseTypesSupported            []string `json:"response_types_supported,omitempty"`
	GrantTypesSupported               []string `json:"grant_types_supported,omitempty"`
	SubjectTypesSupported             []string `json:"subject_types_supported,omitempty"`
	IDTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported,omitempty"`
	ScopesSupported                   []string `json:"scopes_supported,omitempty"`
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
	ClaimsSupported                   []string `json:"claims_supported,omitempty"`

	// From https://datatracker.ietf.org/doc/html/rfc7662
	IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"`

	// From https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OPMetadata
	EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
}

Configuration is the meta data describing the configuration of an OpenID Provider. It can be onbtained from the .well-known/openid-configuration endpoint. See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata for details.

type CouldNotFindKeyForKeyIDError ¶

type CouldNotFindKeyForKeyIDError struct {
	KeyID string
}

func (CouldNotFindKeyForKeyIDError) Error ¶

func (e CouldNotFindKeyForKeyIDError) Error() string

type CouldNotUnmarshallResponseError ¶

type CouldNotUnmarshallResponseError struct {
	Err  error
	Body string
}

func (CouldNotUnmarshallResponseError) Error ¶

func (e CouldNotUnmarshallResponseError) Error() string

type Introspection ¶

type Introspection struct {
	Active bool     `json:"active"`
	Groups []string `json:"groups,omitempty"`

	// Error response fields e.g. bad credentials
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

Introspection represents the response from an introspection request.

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

func NewProvider ¶

func NewProvider(issuer string, audiences []string, opts ...ProviderOption) (*Provider, error)

NewProvider creates a new provider and applies the given options.

func (*Provider) Audiences ¶

func (p *Provider) Audiences() []string

func (*Provider) CustomJWKSURI ¶

func (p *Provider) CustomJWKSURI() string

func (*Provider) GetConfiguration ¶

func (p *Provider) GetConfiguration(ctx context.Context) (*Configuration, error)

GetConfiguration fetches and stores the OpenID configuration for the provider.

func (*Provider) GetSigningKey ¶

func (p *Provider) GetSigningKey(ctx context.Context, keyID string) (*jose.JSONWebKey, error)

GetSigningKey returns the key for the given key.

func (*Provider) IntrospectToken ¶

func (p *Provider) IntrospectToken(ctx context.Context, token string) (Introspection, error)

IntrospectToken introspects the given token using the OpenID Provider's introspection endpoint.

func (*Provider) Issuer ¶

func (p *Provider) Issuer() string

func (*Provider) IssuerURI ¶

func (p *Provider) IssuerURI() string

func (*Provider) UniqueID ¶

func (p *Provider) UniqueID() string

UniqueID returns a unique identifier for the provider. This allows for providers having the same issuer but different endpoints. It can be used for caching and should be unique across different providers.

type ProviderOption ¶

type ProviderOption func(*Provider)

ProviderOption is used to configure a provider.

func WithAllowHttpScheme ¶

func WithAllowHttpScheme(allowHttpScheme bool) ProviderOption

WithAllowHttpScheme configures whether to allow HTTP scheme for URIs. By default, the HTTPS scheme is enforced.

func WithCustomIssuerURI ¶

func WithCustomIssuerURI(issuerURI string) ProviderOption

WithCustomIssuerURI configures a custom issuer URI.

func WithCustomJWKSURI ¶

func WithCustomJWKSURI(customJWKSURI string) ProviderOption

WithCustomJWKSURI configures a custom JWKS URI.

func WithDisableTokenIntrospection ¶

func WithDisableTokenIntrospection(disableTokenIntrospection bool) ProviderOption

WithDisableTokenIntrospection configures whether to disable token introspection.

func WithIntrospectQueryParameters ¶

func WithIntrospectQueryParameters(params map[string]string) ProviderOption

WithIntrospectQueryParameters let's you define addition query parameters to be sent with the introspection request.

func WithPublicHTTPClient ¶

func WithPublicHTTPClient(c *http.Client) ProviderOption

WithPublicHTTPClient let's you set the client to be used for public endpoints, e.g. the well known OpenID configuration endpoint.

func WithSecureHTTPClient ¶

func WithSecureHTTPClient(c *http.Client) ProviderOption

WithSecureHTTPClient let's you set the client to be used for secured endpoints, e.g. the token endpoint.

type ProviderRespondedNon200Error ¶

type ProviderRespondedNon200Error struct {
	Code int
	Body string
}

func (ProviderRespondedNon200Error) Error ¶

func (e ProviderRespondedNon200Error) Error() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL