Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthorizationChecker ¶
type AuthorizationChecker interface {
CheckAuthorization(req TokenIntrospectionRequest) (bool, error)
}
AuthorizationChecker is an interface type that provides a way to check if the client used proper authorization
type IntrospectionAuthChecker ¶
type IntrospectionAuthChecker struct {
// contains filtered or unexported fields
}
IntrospectionAuthChecker is an AuthorizationChecker that uses the linked native introspection endpoint to send a dummy token introspection request with the same authorization
func NewIntrospectionAuthChecker ¶
func NewIntrospectionAuthChecker(introspectionEndpoint string) IntrospectionAuthChecker
NewIntrospectionAuthChecker creates a new IntrospectionAuthChecker with the passed introspectionEndpoint
func (IntrospectionAuthChecker) CheckAuthorization ¶
func (c IntrospectionAuthChecker) CheckAuthorization(req TokenIntrospectionRequest) (bool, error)
CheckAuthorization implements the AuthorizationChecker interface
type LinkedIssuerConf ¶
type TIP ¶
type TIP struct {
// contains filtered or unexported fields
}
func NewTokenProxy ¶
func NewTokenProxy(conf TIPConfig, authChecker AuthorizationChecker) *TIP
func (TIP) Introspect ¶
func (t TIP) Introspect(req TokenIntrospectionRequest) (*TokenIntrospectionResponse, error)
type TIPConfig ¶
type TIPConfig struct {
LinkedIssuer LinkedIssuerConf `yaml:"linked_issuer"`
RemoteIssuers []remoteIssuerConf `yaml:"remote_issuers"`
FallbackIssuerUnknown remoteIssuerConf `yaml:"fallback_issuer_unknown_token_issuer"`
FallbackIssuerUnsupported remoteIssuerConf `yaml:"fallback_issuer_unsupported_token_issuer"`
Federation federationConf `yaml:"federation"`
}
type TIPError ¶
type TokenIntrospectionRequest ¶
type TokenIntrospectionRequest struct {
Token string `json:"token" form:"token" query:"token" url:"token"`
TokenTypeHint string `json:"token_type_hint,omitempty" form:"token_type_hint,omitempty" query:"token,omitempty" url:"token,omitempty"`
Authorization string `json:"-" form:"-" query:"-" url:"-"`
Body []byte `json:"-" form:"-" query:"-" url:"-"`
ContentType string `json:"-" form:"-" query:"-" url:"-"`
}
type TokenIntrospectionResponse ¶
type TokenIntrospectionResponse struct {
Active bool `json:"active"`
Scope string `json:"scope,omitempty"`
ClientID string `json:"client_id,omitempty"`
Username string `json:"username,omitempty"`
TokenType string `json:"token_type,omitempty"`
Expiration unixtime.UnixTime `json:"exp,omitempty"`
IssuedAt unixtime.UnixTime `json:"iat,omitempty"`
NotBefore unixtime.UnixTime `json:"nbf,omitempty"`
Subject string `json:"sub,omitempty"`
Audience oidfed.SliceOrSingleValue[string] `json:"aud,omitempty"`
Issuer string `json:"iss,omitempty"`
JTI string `json:"jti,omitempty"`
Extra map[string]any `json:"-"`
}
func (TokenIntrospectionResponse) MarshalJSON ¶
func (r TokenIntrospectionResponse) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface. It also marshals extra fields.
func (*TokenIntrospectionResponse) UnmarshalJSON ¶
func (r *TokenIntrospectionResponse) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface. It also unmarshalls additional fields into the Extra claim.
type WellKnownProxy ¶
type WellKnownProxy struct {
// contains filtered or unexported fields
}
WellKnownProxy handles fetching and caching the OpenID configuration metadata from the linked issuer, replacing the introspection_endpoint with TIP's endpoint.
func NewWellKnownProxy ¶
func NewWellKnownProxy(conf LinkedIssuerConf) *WellKnownProxy
NewWellKnownProxy creates a new WellKnownProxy for the given linked issuer configuration.
func (*WellKnownProxy) GetMetadata ¶
func (w *WellKnownProxy) GetMetadata() (map[string]any, error)
GetMetadata returns the OpenID configuration metadata with the introspection_endpoint replaced with TIP's public endpoint. Results are cached for the configured TTL.
Source Files