Documentation
¶
Overview ¶
Package userinfo implements the OIDC UserInfo endpoint plugin.
It handles GET/POST /userinfo (OIDC Core §5.3), returning claims about the authenticated end-user. Supports both JSON and JWT response formats (OIDC Core §5.3.2).
Index ¶
Constants ¶
View Source
const DefaultUserInfoJWTLifetime = 5 * time.Minute
DefaultUserInfoJWTLifetime is the default expiration for UserInfo JWTs.
Variables ¶
View Source
var ( ErrNoIssuer = &userInfoJWTError{"issuer not found in context"} ErrNoClientID = &userInfoJWTError{"client_id not found for token"} )
sentinel errors for JWT response fallback.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
Store storm.UserinfoStore
CNFLookup storm.TokenCNFLookup // optional, enables DPoP/mTLS token binding verification
ClientLookup storm.TokenClientProvider // optional, enables JWT response (aud claim)
Crypto storm.UniCrypto
KeyStore storm.KeyStore
}
Config holds the dependencies for the UserInfo plugin.
type Plugin ¶
type Plugin struct {
// contains filtered or unexported fields
}
Plugin implements the OIDC UserInfo endpoint.
func New ¶
func New(ctx *storm.PluginContext) *Plugin
New creates a new UserInfo plugin from a PluginContext.
func NewWithConfig ¶
NewWithConfig creates a new UserInfo plugin with explicit config.
func (*Plugin) Category ¶
func (p *Plugin) Category() storm.PluginCategory
Category returns CategoryStandard — userinfo is optional but enabled by default.
func (*Plugin) Contribute ¶
func (p *Plugin) Contribute(ctx context.Context, cfg *protocol.DiscoveryConfiguration)
Contribute returns the discovery fields for the userinfo endpoint.
Source Files
Click to show internal directories.
Click to hide internal directories.