Documentation
¶
Overview ¶
Package auth provides shared authentication helpers and protocol types for integration auth flows
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrOAuthRelyingPartyInit indicates Zitadel relying party construction failed ErrOAuthRelyingPartyInit = errors.New("auth: oauth relying party initialization failed") // ErrOAuthStateGeneration indicates random CSRF state generation failed ErrOAuthStateGeneration = errors.New("auth: oauth state generation failed") // ErrOAuthStateInvalid indicates the stored oauth start state could not be decoded ErrOAuthStateInvalid = errors.New("auth: oauth state invalid") // ErrOAuthStateMismatch indicates the callback state does not match the stored CSRF state ErrOAuthStateMismatch = errors.New("auth: oauth state mismatch") // ErrOAuthCodeMissing indicates the authorization code is absent from the callback input ErrOAuthCodeMissing = errors.New("auth: oauth callback code missing") // ErrOAuthCodeExchange indicates the authorization code exchange failed ErrOAuthCodeExchange = errors.New("auth: oauth code exchange failed") // ErrOAuthClaimsEncode indicates OIDC claims could not be serialized to a map ErrOAuthClaimsEncode = errors.New("auth: oauth claims encoding failed") )
Functions ¶
func OAuthRegistration ¶
func OAuthRegistration[T any](opts OAuthRegistrationOptions[T]) *types.AuthRegistration
OAuthRegistration adapts the shared OAuth transport flow to one definition-local auth registration
func StartOAuth ¶
func StartOAuth(ctx context.Context, cfg OAuthConfig) (types.AuthStartResult, error)
StartOAuth builds an authorization URL for the given config and returns an AuthStartResult
Types ¶
type OAuthConfig ¶
type OAuthConfig struct {
// ClientID is the OAuth application client identifier
ClientID string
// ClientSecret is the OAuth application client secret
ClientSecret string
// AuthURL is the authorization endpoint URL; leave empty when DiscoveryURL is set
AuthURL string
// TokenURL is the token endpoint URL; leave empty when DiscoveryURL is set
TokenURL string
// DiscoveryURL is the OIDC issuer URL used for endpoint discovery
DiscoveryURL string
// RedirectURL is typically the callback URL registered with the OAuth provider
RedirectURL string
// Scopes lists the OAuth scopes to request
Scopes []string
// AuthParams holds extra query parameters appended to the authorization URL
AuthParams map[string]string
// TokenParams holds extra parameters sent during code exchange
TokenParams map[string]string
}
OAuthConfig describes OAuth2 or OIDC endpoint configuration for an integration auth flow each individual provider will have their own respective fields (like ClientID, ClientSecret) so these aren't duplications
type OAuthMaterial ¶
type OAuthMaterial struct {
// AccessToken is the OAuth2 access token
AccessToken string
// RefreshToken is the OAuth2 refresh token, if provided
RefreshToken string
// Expiry is the access token expiration time, if known
Expiry *time.Time
// Claims holds decoded OIDC ID token claims, if present
Claims map[string]any
}
OAuthMaterial holds the credential material produced by a completed OAuth flow
func CompleteOAuth ¶
func CompleteOAuth(ctx context.Context, cfg OAuthConfig, state json.RawMessage, input types.AuthCallbackInput) (OAuthMaterial, error)
CompleteOAuth exchanges an authorization code for OAuth credential material
type OAuthRegistrationOptions ¶
type OAuthRegistrationOptions[T any] struct { // CredentialRef identifies which credential slot receives the completed OAuth credential CredentialRef types.CredentialRef[T] // Config describes the provider OAuth endpoints and request parameters Config OAuthConfig // Material maps shared OAuth material to the definition-local credential payload Material func(OAuthMaterial) (T, error) // EncodeCredentialError is returned when the typed credential cannot be serialized EncodeCredentialError error }
OAuthRegistrationOptions describes how one definition maps shared OAuth mechanics to its local credential type
Source Files
Click to show internal directories.
Click to hide internal directories.