oidc

package
v0.0.10 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 15, 2024 License: MIT Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultLocalServerSuccessHTML = `` /* 477-byte string literal not displayed */

DefaultLocalServerSuccessHTML is a default response body on authorization success.

Variables

This section is empty.

Functions

func NewNonce 

func NewNonce() (string, error)

func NewState 

func NewState() (string, error)

Types

type AuthCodeFlowOpts 

type AuthCodeFlowOpts struct {
	OAuth2Config oauth2.Config

	// Hostname of the redirect URL.
	// You can set this if your provider does not accept localhost.
	// Default to localhost.
	RedirectURLHostname string
	// Options for an authorization request.
	// You can set oauth2.AccessTypeOffline and the PKCE options here.
	AuthCodeOptions []oauth2.AuthCodeOption
	// Options for a token request.
	// You can set the PKCE options here.
	TokenRequestOptions []oauth2.AuthCodeOption
	// State parameter in the authorization request.
	// Default to a string of random 32 bytes.
	State string

	// Candidates of hostname and port which the local server binds to.
	// You can set port number to 0 to allocate a free port.
	// If multiple addresses are given, it will try the ports in order.
	// If nil or an empty slice is given, it defaults to "127.0.0.1:0" i.e. a free port.
	LocalServerBindAddress []string

	// Response HTML body on authorization completed.
	// Default to DefaultLocalServerSuccessHTML.
	LocalServerSuccessHTML string
	// Middleware for the local server. Default to none.
	LocalServerMiddleware func(h http.Handler) http.Handler
	// A channel to send its URL when the local server is ready. Default to none.
	LocalServerReadyChan chan<- string

	// Redirect URL upon successful login
	SuccessRedirectURL string
	// Redirect URL upon failed login
	FailureRedirectURL string

	Logf func(string, ...any)
}

type Client 

type Client interface {
	ClientSecret() string
	SetClientSecret(s string)
	SupportedPKCEMethods() []string
	GetTokenByAuthCode(
		ctx context.Context,
		opts GetTokenByAuthCodeOpts,
		localServerReadyChan chan<- string,
	) (*Token, error)
	GetTokenByPassword(ctx context.Context, username string, password string) (*Token, error)
	DeviceAuth(ctx context.Context) (*oauth2.DeviceAuthResponse, error)
	GetTokenByDeviceCode(ctx context.Context, resp *oauth2.DeviceAuthResponse) (*Token, error)
	GetTokenByDeviceCodeManual(ctx context.Context, resp *oauth2.DeviceAuthResponse) (*Token, error)
	GetTokenByClientCredentials(ctx context.Context) (*Token, error)
	Refresh(ctx context.Context, refreshToken string) (*Token, error)
}

type Clock 

type Clock interface {
	Now() time.Time
}

type Config 

type Config struct {
	IssuerURL    string
	ClientID     string
	ClientSecret string   // optional
	ExtraScopes  []string // optional
	UsePKCE      bool     // optional
}

type GetTokenByAuthCodeOpts 

type GetTokenByAuthCodeOpts struct {
	BindAddress            []string
	State                  string
	Nonce                  string
	PKCEParams             pkce.Params
	RedirectURLHostname    string
	AuthRequestExtraParams map[string]string
	LocalServerSuccessHTML string
}

type Listener 

type Listener struct {

	// URL to the listener.
	// This is always "http://localhost:PORT" regardless of the listening address.
	URL *url.URL
	// contains filtered or unexported fields
}

Listener wraps a net.Listener and provides its URL.

func NewListener 

func NewListener(addressCandidates []string) (*Listener, error)

NewListener starts a Listener on one of the addresses. Caller should close the listener finally.

If nil or an empty slice is given, it defaults to "127.0.0.1:0". If multiple address are given, it will try the addresses in order.

If the port in the address is 0, it will allocate a free port.

If no port is available, it will return an NoAvailablePortError.

func NewListenerOn 

func NewListenerOn(address string) (*Listener, error)

NewListenerOn starts a Listener on the address. Caller should close the listener finally.

If an empty string is given, it defaults to "127.0.0.1:0".

If the port in the address is 0, it will allocate a free port.

func (*Listener) Accept 

func (l *Listener) Accept() (net.Conn, error)

func (*Listener) Addr 

func (l *Listener) Addr() net.Addr

func (*Listener) Close 

func (l *Listener) Close() error

type NoAvailablePortError 

type NoAvailablePortError interface {
	error

	// Return the array of errors.
	// You can unwrap the error to check the root cause.
	Causes() []error
}

NoAvailablePortError provides a set of errors on the port allocation.

type OIDCClient 

type OIDCClient struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(ctx context.Context, cfg *Config, opts ...Option) (*OIDCClient, error)

func (*OIDCClient) ClientSecret 

func (c *OIDCClient) ClientSecret() string

func (*OIDCClient) DeviceAuth 

func (c *OIDCClient) DeviceAuth(ctx context.Context) (*oauth2.DeviceAuthResponse, error)

DeviceAuth initializes the device authorization code challenge

func (*OIDCClient) GetTokenByAuthCode 

func (c *OIDCClient) GetTokenByAuthCode(
	ctx context.Context,
	ops GetTokenByAuthCodeOpts,
	localServerReadyChan chan<- string,
) (*Token, error)

GetTokenByAuthCode performs the authentication code flow

func (*OIDCClient) GetTokenByClientCredentials 

func (c *OIDCClient) GetTokenByClientCredentials(ctx context.Context) (*Token, error)

GetTokenByClientCredentials performs the client credentials token flow.

func (*OIDCClient) GetTokenByDeviceCode 

func (c *OIDCClient) GetTokenByDeviceCode(ctx context.Context, resp *oauth2.DeviceAuthResponse) (*Token, error)

GetTokenByDeviceCode exchanges the device code to a token

func (*OIDCClient) GetTokenByDeviceCodeManual 

func (c *OIDCClient) GetTokenByDeviceCodeManual(ctx context.Context, resp *oauth2.DeviceAuthResponse) (*Token, error)

GetTokenByDeviceCodeManual manually exchanges the device code to a token

func (*OIDCClient) GetTokenByPassword 

func (c *OIDCClient) GetTokenByPassword(ctx context.Context, username string, password string) (*Token, error)

GetTokenByPassword performs the resource owner password credentials flow

func (*OIDCClient) Refresh 

func (c *OIDCClient) Refresh(ctx context.Context, refreshToken string) (*Token, error)

Refresh sends a refresh token request and returns a token set.

func (*OIDCClient) SetClientSecret 

func (c *OIDCClient) SetClientSecret(s string)

func (*OIDCClient) SupportedPKCEMethods 

func (c *OIDCClient) SupportedPKCEMethods() []string

SupportedPKCEMethods returns the PKCE methods supported by the provider. This may return nil if PKCE is not supported.

type Option 

type Option func(*option)

func WithClock 

func WithClock(c Clock) Option

func WithHttpClient 

func WithHttpClient(c *http.Client) Option

func WithLogger 

func WithLogger(l logger.LogWriter) Option

type Token 

type Token struct {
	IDToken      string
	AccessToken  string
	RefreshToken string
}

Token represents a set of ID token, access token and refresh token.

func (Token) DecodeWithoutVerify 

func (t Token) DecodeWithoutVerify() (*jwt.Claims, error)

func (Token) Username 

func (t Token) Username() (string, error)

type Transport 

type Transport struct {
	Base   http.RoundTripper
	Logger logger.LogWriter
}

func (*Transport) RoundTrip 

func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.