Documentation
¶
Overview ¶
Package oidc implements OIDC token handling in a multi-tenant environment. For this a Handler is created, which holds the Providers for validating tokens. You can either register providers in a static manner, or inject a client to query providers during runtime.
Index ¶
- Constants
- Variables
- type Handler
- type HandlerOption
- type Introspection
- type Provider
- type ProviderOption
- func WithCustomJWKSURI(jwksURI *url.URL) ProviderOption
- func WithIntrospectTokenURL(introspectURL *url.URL) ProviderOption
- func WithProviderHTTPClient(c *http.Client) ProviderOption
- func WithSigningKeyCacheExpiration(expiration, cleanup time.Duration) ProviderOption
- func WithoutCache() ProviderOption
Constants ¶
const ( IssuerPrefix = "issuer_" IntrospectPrefix = "introspect_" )
Variables ¶
var ( ErrInvalidToken = errors.New("invalid token") ErrNoProvider = errors.New("no provider") )
var (
DefaultIssuerClaims = []string{"iss"}
)
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler tracks the set of identity providers to support multi tenancy.
func NewHandler ¶
func NewHandler(opts ...HandlerOption) (*Handler, error)
NewHandler creates a new handler and applies the given options.
func (*Handler) ParseAndValidate ¶
func (*Handler) ProviderFor ¶
ProviderFor returns the provider for the given issuer.
func (*Handler) RegisterStaticProvider ¶ added in v0.5.4
RegisterStaticProvider registers a provider with the handler.
type HandlerOption ¶
HandlerOption is used to configure a handler.
func WithFeatureGates ¶ added in v0.7.0
func WithFeatureGates(fg *commoncfg.FeatureGates) HandlerOption
func WithIssuerClaimKeys ¶
func WithIssuerClaimKeys(issuerClaimKeys ...string) HandlerOption
WithIssuerClaimKeys configures the behavior of a certain provider.
func WithProviderCacheExpiration ¶
func WithProviderCacheExpiration(expiration, cleanup time.Duration) HandlerOption
WithProviderCacheExpiration configures the expiration of cached providers.
func WithStaticProvider ¶ added in v0.5.4
func WithStaticProvider(provider *Provider) HandlerOption
WithStaticProvider registers the given provider.
type Introspection ¶
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider represents a specific OIDC provider.
func NewProvider ¶
NewProvider creates a new provider and applies the given options.
func (*Provider) SigningKeyFor ¶
func (provider *Provider) SigningKeyFor(ctx context.Context, keyID string) (*jose.JSONWebKey, error)
SigningKeyFor returns the key for the given key.
type ProviderOption ¶
ProviderOption is used to configure a provider.
func WithCustomJWKSURI ¶
func WithCustomJWKSURI(jwksURI *url.URL) ProviderOption
WithCustomJWKSURI configures a custom JWKS URI.
func WithIntrospectTokenURL ¶
func WithIntrospectTokenURL(introspectURL *url.URL) ProviderOption
WithIntrospectTokenURL configures a token introspection endpoint.
func WithProviderHTTPClient ¶ added in v0.9.5
func WithProviderHTTPClient(c *http.Client) ProviderOption
WithProviderHTTPClient configures a dedicated http client.
func WithSigningKeyCacheExpiration ¶
func WithSigningKeyCacheExpiration(expiration, cleanup time.Duration) ProviderOption
WithSigningKeyCacheExpiration configures the expiration of cached signing keys. A cach miss will result in a new request to the JWKS URI.
func WithoutCache ¶
func WithoutCache() ProviderOption
Source Files