Documentation
¶
Index ¶
- type CachedDiscovery
- type CachedJWKS
- type JWK
- type JWKS
- type OIDCDiscovery
- type OIDCTokenResponse
- type OIDCUserInfo
- type PKCEChallenge
- type Service
- func (s *Service) ExchangeCodeForTokens(ctx context.Context, ...) (*OIDCTokenResponse, error)
- func (s *Service) FetchDiscovery(ctx context.Context, issuerURL string) (*OIDCDiscovery, error)
- func (s *Service) FetchJWKS(ctx context.Context, jwksURL string) (*JWKS, error)
- func (s *Service) GeneratePKCEChallenge() (*PKCEChallenge, error)
- func (s *Service) GetPublicKeyFromJWK(jwk *JWK) (interface{}, error)
- func (s *Service) GetUserInfo(ctx context.Context, userinfoEndpoint, accessToken string) (*OIDCUserInfo, error)
- func (s *Service) RefreshTokens(ctx context.Context, ...) (*OIDCTokenResponse, error)
- func (s *Service) ValidateIDToken(ctx context.Context, tokenString, jwksURL, issuer, clientID, nonce string) (*jwt.MapClaims, error)
- func (s *Service) ValidateIDTokenWithJWKS(ctx context.Context, ...) (*jwt.MapClaims, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CachedDiscovery ¶
type CachedDiscovery struct {
Discovery *OIDCDiscovery
ExpiresAt time.Time
}
CachedDiscovery represents cached OIDC discovery document with expiration
type CachedJWKS ¶
CachedJWKS represents cached JWKS with expiration
type JWK ¶
type JWK struct {
Kty string `json:"kty"` // Key Type
Use string `json:"use,omitempty"` // Public Key Use
Kid string `json:"kid,omitempty"` // Key ID
Alg string `json:"alg,omitempty"` // Algorithm
N string `json:"n,omitempty"` // RSA modulus
E string `json:"e,omitempty"` // RSA exponent
X string `json:"x,omitempty"` // EC/OKP x coordinate
Y string `json:"y,omitempty"` // EC y coordinate
Crv string `json:"crv,omitempty"` // EC curve / OKP subtype
}
JWK represents a JSON Web Key
type OIDCDiscovery ¶
type OIDCDiscovery struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`
JwksURI string `json:"jwks_uri"`
RegistrationEndpoint string `json:"registration_endpoint,omitempty"`
ScopesSupported []string `json:"scopes_supported,omitempty"`
ResponseTypesSupported []string `json:"response_types_supported"`
ResponseModesSupported []string `json:"response_modes_supported,omitempty"`
GrantTypesSupported []string `json:"grant_types_supported,omitempty"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`
ClaimsSupported []string `json:"claims_supported,omitempty"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"`
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
}
OIDCDiscovery represents OIDC Provider Configuration Reference: https://openid.net/specs/openid-connect-discovery-1_0.html
type OIDCTokenResponse ¶
type OIDCTokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
RefreshToken string `json:"refresh_token,omitempty"`
IDToken string `json:"id_token,omitempty"`
Scope string `json:"scope,omitempty"`
}
OIDCTokenResponse represents the response from token endpoint
type OIDCUserInfo ¶
type OIDCUserInfo struct {
Sub string `json:"sub"`
Name string `json:"name,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
Email string `json:"email,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
Picture string `json:"picture,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
}
OIDCUserInfo represents user information from userinfo endpoint
type PKCEChallenge ¶
PKCEChallenge represents PKCE challenge data
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service handles OIDC operations
func (*Service) ExchangeCodeForTokens ¶
func (s *Service) ExchangeCodeForTokens(ctx context.Context, tokenEndpoint, clientID, clientSecret, code, redirectURI, codeVerifier string) (*OIDCTokenResponse, error)
ExchangeCodeForTokens exchanges authorization code for tokens
func (*Service) FetchDiscovery ¶
FetchDiscovery fetches OIDC Provider Configuration with caching issuerURL should be the base issuer URL (e.g., "https://accounts.google.com")
func (*Service) GeneratePKCEChallenge ¶
func (s *Service) GeneratePKCEChallenge() (*PKCEChallenge, error)
GeneratePKCEChallenge generates a PKCE challenge for OAuth2 flow
func (*Service) GetPublicKeyFromJWK ¶
GetPublicKeyFromJWK converts a JWK to a public key for JWT verification
func (*Service) GetUserInfo ¶
func (s *Service) GetUserInfo(ctx context.Context, userinfoEndpoint, accessToken string) (*OIDCUserInfo, error)
GetUserInfo fetches user information from the userinfo endpoint
func (*Service) RefreshTokens ¶
func (s *Service) RefreshTokens(ctx context.Context, tokenEndpoint, clientID, clientSecret, refreshToken string) (*OIDCTokenResponse, error)
RefreshTokens refreshes access tokens using a refresh token
Source Files
Click to show internal directories.
Click to hide internal directories.