authentication

package
v1.1.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 10, 2019 License: MIT Imports: 21 Imported by: 0

Documentation

Index

Constants

View Source
const (
	TlsClientAuth     = "tls_client_auth"
	PrivateKeyJwt     = "private_key_jwt"
	ClientSecretBasic = "client_secret_basic"
)

token_endpoint_auth_methods_supported

View Source
const (
	ClientAssertionType      = "client_assertion_type"
	ClientAssertionTypeValue = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
)
View Source
const (
	GrantType                  = "grant_type"
	GrantTypeAuthorizationCode = "authorization_code"
)
View Source
const (
	ClientAssertion = "client_assertion"
)

Variables

View Source
var SuiteSupportedAuthMethodsMostSecureFirst = []string{
	TlsClientAuth,
	PrivateKeyJwt,
	ClientSecretBasic,
}

SuiteSupportedAuthMethodsMostSecureFirst - We have made our own determination of security offered by each auth method. It is not from a formal definition.

Functions

func CalcKid added in v1.1.6

func CalcKid(modulus string) (string, error)

func CalculateClientSecretBasicToken

func CalculateClientSecretBasicToken(clientID, clientSecret string) (string, error)

CalculateClientSecretBasicToken tests the generation of `client secret basic` value as a product of `client_id` and `client_secret` as per https://tools.ietf.org/html/rfc7617

func DefaultAuthMethod

func DefaultAuthMethod(openIDConfigAuthMethods []string, logger *logrus.Entry) string

func PSUURLGenerate

func PSUURLGenerate(claims PSUConsentClaims) (*url.URL, error)

PSUURLGenerate generates a PSU Consent URL based on claims

Types

type Certificate

type Certificate interface {
	PublicKey() *rsa.PublicKey
	PrivateKey() *rsa.PrivateKey
	TLSCert() tls.Certificate
	DN() (string, error)
}

Certificate - create new Certificate.

func NewCertificate

func NewCertificate(publicKeyPem, privateKeyPem string) (Certificate, error)

NewCertificate - create new Certificate.

Parameters: * publicKeyPem=PEM encoded public key. * privateKeyPem=PEM encoded private key.

Returns Certificate, or nil with error set if something is invalid.

type OpenIDConfiguration

type OpenIDConfiguration struct {
	TokenEndpoint                          string   `json:"token_endpoint"`
	TokenEndpointAuthMethodsSupported      []string `json:"token_endpoint_auth_methods_supported"`
	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
	AuthorizationEndpoint                  string   `json:"authorization_endpoint"`
	Issuer                                 string   `json:"issuer"`
	ResponseTypesSupported                 []string `json:"response_types_supported"`
}

OpenIDConfiguration - The OpenID Connect discovery document retrieved by calling /.well-known/openid-configuration. https://openid.net/specs/openid-connect-discovery-1_0.html

func OpenIdConfig

func OpenIdConfig(url string) (OpenIDConfiguration, error)

type PSUConsentClaims

type PSUConsentClaims struct {
	AuthorizationEndpoint string
	Aud                   string // Audience
	Iss                   string // ClientID
	ResponseType          string // "code id_token"
	Scope                 string // "openid accounts"
	RedirectURI           string
	ConsentId             string
	State                 string // {test_id}
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL