Documentation
¶
Index ¶
- Constants
- func CalcKid(modulus string) (string, error)
- func CalculateClientSecretBasicToken(clientID, clientSecret string) (string, error)
- func DefaultAuthMethod(openIDConfigAuthMethods []string, logger *logrus.Entry) string
- func PSUURLGenerate(claims PSUConsentClaims) (*url.URL, error)
- func SuiteSupportedAuthMethodsMostSecureFirst() []string
- type Certificate
- type OpenIDConfiguration
- type PSUConsentClaims
Constants ¶
const ( TlsClientAuth = "tls_client_auth" PrivateKeyJwt = "private_key_jwt" ClientSecretBasic = "client_secret_basic" )
token_endpoint_auth_methods_supported
const ( ClientAssertionType = "client_assertion_type" ClientAssertionTypeValue = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer" )
const ( GrantType = "grant_type" GrantTypeAuthorizationCode = "authorization_code" )
const (
ClientAssertion = "client_assertion"
)
Variables ¶
This section is empty.
Functions ¶
func CalculateClientSecretBasicToken ¶
CalculateClientSecretBasicToken tests the generation of `client secret basic` value as a product of `client_id` and `client_secret` as per https://tools.ietf.org/html/rfc7617
func DefaultAuthMethod ¶
func PSUURLGenerate ¶
func PSUURLGenerate(claims PSUConsentClaims) (*url.URL, error)
PSUURLGenerate generates a PSU Consent URL based on claims
func SuiteSupportedAuthMethodsMostSecureFirst ¶
func SuiteSupportedAuthMethodsMostSecureFirst() []string
SuiteSupportedAuthMethodsMostSecureFirst - We have made our own determination of security offered by each auth method. It is not from a formal definition.
Types ¶
type Certificate ¶
type Certificate interface {
PublicKey() *rsa.PublicKey
PrivateKey() *rsa.PrivateKey
TLSCert() tls.Certificate
DN() (string, error)
SignatureIssuer(bool) (string, error)
}
Certificate - create new Certificate.
func NewCertificate ¶
func NewCertificate(publicKeyPem, privateKeyPem string) (Certificate, error)
NewCertificate - create new Certificate.
Parameters: * publicKeyPem=PEM encoded public key. * privateKeyPem=PEM encoded private key.
Returns Certificate, or nil with error set if something is invalid.
type OpenIDConfiguration ¶
type OpenIDConfiguration struct {
TokenEndpoint string `json:"token_endpoint"`
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
Issuer string `json:"issuer"`
ResponseTypesSupported []string `json:"response_types_supported"`
}
OpenIDConfiguration - The OpenID Connect discovery document retrieved by calling /.well-known/openid-configuration. https://openid.net/specs/openid-connect-discovery-1_0.html
func OpenIdConfig ¶
func OpenIdConfig(url string) (OpenIDConfiguration, error)
Source Files
Directories