oidc

package
v1.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 12, 2026 License: Apache-2.0 Imports: 17 Imported by: 0

Documentation

Overview

Package oidc ...

Package oidc provides functionality related OIDC based IDPs.

Index

Constants

View Source 
const (
	// WellKnownPath is the path to the well-known OIDC configuration.
	WellKnownPath = "/.well-known/openid-configuration"
)

Variables

View Source 
var ErrUnexpectedSatusCode = fmt.Errorf("unexpected status code")

ErrUnexpectedSatusCode is returned when HTTP 200 is not returned.

Functions

func ValidateClientID added in v1.5.0 

func ValidateClientID(clientID string) error

ValidateClientID checks if the provided client ID is valid.

func ValidateScopes added in v1.5.0 

func ValidateScopes(scopes []string) error

ValidateScopes checks if the provided scopes are valid.

func ValidateURL added in v1.5.0 

func ValidateURL(u string) error

ValidateURL checks if the provided URL is valid.

Types

type Config 

type Config struct {
	// KubeconfigPath is a path to a kubeconfig
	KubeconfigPath string
	// Pretty print the output.
	Pretty bool
	// IssuerURL OIDC issuer url.
	IssuerURL string
	// ClientID ID of the client OIDC app.
	ClientID string
	// Scopes requested scopes.
	Scopes []string
}

Config stores configuration for the OIDC command.

func (*Config) PopulateClientID added in v1.5.0 

func (cfg *Config) PopulateClientID(ctx context.Context) error

PopulateClientID function to fill the configuration with the required ClientID. This function shall be called only in cases when there is no other way to obtain value for ClientID. User will be asked to provide the ClientID in interactive mode. Provided by user value will be parsed, validated and stored in the ClientID property. Note: in case ClientID is not empty - it will be overwritten by user's input.

func (*Config) PopulateIssuerURL added in v1.5.0 

func (cfg *Config) PopulateIssuerURL(ctx context.Context) error

PopulateIssuerURL function to fill the configuration with the required IssuerURL. This function shall be called only in cases when there is no other way to obtain value for IssuerURL. User will be asked to provide the IssuerURL in interactive mode. Provided by user url will be parsed, validated and stored in the IssuerURL property. Note: in case IssuerURL is not empty - it will be overwritten by user's input.

type OIDC 

type OIDC struct {
	// contains filtered or unexported fields
}

OIDC describes the command to configure OIDC settings.

func NewOIDC 

func NewOIDC(c Config, l *zap.SugaredLogger) (*OIDC, error)

NewOIDC returns a new OIDC struct.

func (*OIDC) Run 

func (u *OIDC) Run(ctx context.Context) error

Run runs the command.

type ProviderConfig 

type ProviderConfig struct {
	OriginalIssuer string
	Issuer         string   `json:"issuer"`
	AuthURL        string   `json:"authorization_endpoint"`
	TokenURL       string   `json:"token_endpoint"`
	DeviceAuthURL  string   `json:"device_authorization_endpoint"`
	JWKSURL        string   `json:"jwks_uri"`
	UserInfoURL    string   `json:"userinfo_endpoint"`
	Algorithms     []string `json:"id_token_signing_alg_values_supported"`
}

ProviderConfig contains the configuration of an OIDC provider.

func NewProviderConfig added in v1.6.0 

func NewProviderConfig(ctx context.Context, issuer string) (ProviderConfig, error)

func (*ProviderConfig) NewKeyFunc added in v1.6.0 

func (c *ProviderConfig) NewKeyFunc(ctx context.Context) (jwt.Keyfunc, error)

NewKeyFunc returns a new function for getting the public JWK keys from the OIDC provider at the given issuer URL.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.