rs

package
v3.45.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 3, 2025 License: Apache-2.0 Imports: 7 Imported by: 5

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Introspect 

func Introspect[R any](ctx context.Context, rp ResourceServer, token string) (resp R, err error)

Introspect calls the RFC7662 Token Introspection endpoint and returns the response in an instance of type R. *oidc.IntrospectionResponse can be used as a good example, or use a custom type if type-safe access to custom claims is needed.

Example (Custom) 
package main

import (
	"context"
	"fmt"

	"github.com/zitadel/oidc/v3/pkg/client/rs"
	"github.com/zitadel/oidc/v3/pkg/oidc"
)

type IntrospectionResponse struct {
	Active     bool                     `json:"active"`
	Scope      oidc.SpaceDelimitedArray `json:"scope,omitempty"`
	ClientID   string                   `json:"client_id,omitempty"`
	TokenType  string                   `json:"token_type,omitempty"`
	Expiration oidc.Time                `json:"exp,omitempty"`
	IssuedAt   oidc.Time                `json:"iat,omitempty"`
	NotBefore  oidc.Time                `json:"nbf,omitempty"`
	Subject    string                   `json:"sub,omitempty"`
	Audience   oidc.Audience            `json:"aud,omitempty"`
	Issuer     string                   `json:"iss,omitempty"`
	JWTID      string                   `json:"jti,omitempty"`
	Username   string                   `json:"username,omitempty"`
	oidc.UserInfoProfile
	oidc.UserInfoEmail
	oidc.UserInfoPhone
	Address *oidc.UserInfoAddress `json:"address,omitempty"`

	// Foo and Bar are custom claims
	Foo string `json:"foo,omitempty"`
	Bar struct {
		Val1 string `json:"val_1,omitempty"`
		Val2 string `json:"val_2,omitempty"`
	} `json:"bar,omitempty"`

	// Claims are all the combined claims, including custom.
	Claims map[string]any `json:"-,omitempty"`
}

func main() {
	rss, err := rs.NewResourceServerClientCredentials(context.TODO(), "http://localhost:8080", "clientid", "clientsecret")
	if err != nil {
		panic(err)
	}

	resp, err := rs.Introspect[*IntrospectionResponse](context.TODO(), rss, "accesstokenstring")
	if err != nil {
		panic(err)
	}

	fmt.Println(resp)
}

Types

type Option 

type Option func(*resourceServer)

func WithClient 

func WithClient(client *http.Client) Option

WithClient provides the ability to set an http client to be used for the resource server

func WithStaticEndpoints 

func WithStaticEndpoints(tokenURL, introspectURL string) Option

WithStaticEndpoints provides the ability to set static token and introspect URL

type ResourceServer 

type ResourceServer interface {
	IntrospectionURL() string
	TokenEndpoint() string
	HttpClient() *http.Client
	AuthFn() (any, error)
}

func NewResourceServerClientCredentials 

func NewResourceServerClientCredentials(ctx context.Context, issuer, clientID, clientSecret string, option ...Option) (ResourceServer, error)

func NewResourceServerFromKeyFile 

func NewResourceServerFromKeyFile(ctx context.Context, issuer, path string, options ...Option) (ResourceServer, error)

func NewResourceServerJWTProfile 

func NewResourceServerJWTProfile(ctx context.Context, issuer, clientID, keyID string, key []byte, options ...Option) (ResourceServer, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.