Documentation
¶
Overview ¶
Package jwtbearer provides an OAuth 2.0 JWT Bearer Grant (RFC 7523) implementation. It exchanges a JWT assertion (such as an ID-JAG) for an access token at a target authorization server.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct {
// TokenURL is the target authorization server's token endpoint (required).
TokenURL string
// ClientID is the OAuth client identifier at the target AS. When both ClientID
// and ClientSecret are set, the request is authenticated with HTTP Basic per
// RFC 6749 Section 2.3.1. Public-client identification via a body client_id
// parameter (RFC 6749 Section 3.2.1) is not supported — XAA / ID-JAG §8.1
// requires confidential clients, and that is the only intended consumer.
ClientID string
// ClientSecret is the OAuth client secret at the target AS.
ClientSecret string //nolint:gosec // G101: field name, not a credential
// Scopes are the requested scopes for the access token.
Scopes []string
// AssertionProvider returns the JWT assertion (e.g., the ID-JAG from Step A).
// Called on each Token() invocation; must not be nil. The returned JWT must
// satisfy RFC 7523 Section 3 (iss/sub/aud/exp); aud should typically be the
// target AS's token endpoint (TokenURL). The provider must be safe for
// concurrent use — Token() may be called from multiple goroutines (e.g.,
// when wrapped in oauth2.ReuseTokenSource).
AssertionProvider func() (string, error)
// HTTPClient is the HTTP client to use. If nil, oauthproto.DefaultHTTPClient()
// is used.
HTTPClient *http.Client
}
Config holds configuration for an OAuth 2.0 JWT Bearer Grant (RFC 7523).
func (*Config) TokenSource ¶
func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource
TokenSource returns an oauth2.TokenSource that performs the JWT Bearer grant.
Source Files
Click to show internal directories.
Click to hide internal directories.