authentication

package
v1.2.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 21, 2020 License: MIT Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TlsClientAuth     = "tls_client_auth"
	PrivateKeyJwt     = "private_key_jwt"
	ClientSecretBasic = "client_secret_basic"
)

token_endpoint_auth_methods_supported

View Source 
const (
	ClientAssertionType      = "client_assertion_type"
	ClientAssertionTypeValue = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
)
View Source 
const (
	GrantType                  = "grant_type"
	GrantTypeAuthorizationCode = "authorization_code"
)
View Source 
const (
	ClientAssertion = "client_assertion"
)

Variables

This section is empty.

Functions

func CalcKid added in v1.1.6 

func CalcKid(modulus string) (string, error)

func CalculateCHash added in v1.1.16 

func CalculateCHash(alg string, code string) (string, error)

CalculateCHash calculates the code hash (c_hash) value as described in section 3.3.2.11 (ID Token) https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken List of valid algorithms https://openid.net/specs/openid-financial-api-part-2.html#jws-algorithm-considerations At the time of writing, the list shows "PS256", "ES256" https://openbanking.atlassian.net/wiki/spaces/DZ/pages/83919096/Open+Banking+Security+Profile+-+Implementer+s+Draft+v1.1.2#OpenBankingSecurityProfile-Implementer'sDraftv1.1.2-Step2:FormtheJOSEHeader

func CalculateClientSecretBasicToken 

func CalculateClientSecretBasicToken(clientID, clientSecret string) (string, error)

CalculateClientSecretBasicToken tests the generation of `client secret basic` value as a product of `client_id` and `client_secret` as per https://tools.ietf.org/html/rfc7617

func DefaultAuthMethod 

func DefaultAuthMethod(openIDConfigAuthMethods []string, logger *logrus.Entry) string

func GetJWSIssuerString added in v1.1.15 

func GetJWSIssuerString(ctx ContextInterface, cert Certificate) (string, error)

func GetKID added in v1.1.15 

func GetKID(ctx ContextInterface, modulus []byte) (string, error)

GetKID determines the value of the JWS Key ID

func GetSigningAlg added in v1.1.15 

func GetSigningAlg(alg string) (jwt.SigningMethod, error)

func NewJWSSignature added in v1.1.15 

func NewJWSSignature(requestBody string, ctx ContextInterface, alg jwt.SigningMethod) (string, error)

func PSUURLGenerate 

func PSUURLGenerate(claims PSUConsentClaims) (*url.URL, error)

PSUURLGenerate generates a PSU Consent URL based on claims

func SignedString added in v1.1.15 

func SignedString(t *jwt.Token, key interface{}, body string) (string, error)

SignedString Get the complete, signed token for jws usage

func SigningString added in v1.1.15 

func SigningString(t *jwt.Token, body string) (string, error)

SigningString -

func SplitJWSWithBody added in v1.1.15 

func SplitJWSWithBody(token string) string

func SuiteSupportedAuthMethodsMostSecureFirst 

func SuiteSupportedAuthMethodsMostSecureFirst() []string

SuiteSupportedAuthMethodsMostSecureFirst - We have made our own determination of security offered by each auth method. It is not from a formal definition.

Types

type Certificate 

type Certificate interface {
	PublicKey() *rsa.PublicKey
	PrivateKey() *rsa.PrivateKey
	TLSCert() tls.Certificate
	DN() (string, string, string, error)
	SignatureIssuer(bool) (string, error)
}

Certificate - create new Certificate.

func NewCertificate 

func NewCertificate(publicKeyPem, privateKeyPem string) (Certificate, error)

NewCertificate - create new Certificate.

Parameters: * publicKeyPem=PEM encoded public key. * privateKeyPem=PEM encoded private key.

Returns Certificate, or nil with error set if something is invalid.

func SigningCertFromContext added in v1.1.15 

func SigningCertFromContext(ctx ContextInterface) (Certificate, error)

type ContextInterface added in v1.1.15 

type ContextInterface interface {
	// GetString get the string value associated with key
	GetString(key string) (string, error)
	// Get the key form the Context map - currently assumes value converts easily to a string!
	Get(key string) (interface{}, bool)
}

ContextInterface - avoid cycling dependency to `model.Context`.

type OpenIDConfiguration 

type OpenIDConfiguration struct {
	TokenEndpoint                          string   `json:"token_endpoint"`
	TokenEndpointAuthMethodsSupported      []string `json:"token_endpoint_auth_methods_supported"`
	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
	AuthorizationEndpoint                  string   `json:"authorization_endpoint"`
	Issuer                                 string   `json:"issuer"`
	ResponseTypesSupported                 []string `json:"response_types_supported"`
	AcrValuesSupported                     []string `json:"acr_values_supported,omitempty"`
}

OpenIDConfiguration - The OpenID Connect discovery document retrieved by calling /.well-known/openid-configuration. https://openid.net/specs/openid-connect-discovery-1_0.html

func OpenIdConfig 

func OpenIdConfig(url string) (OpenIDConfiguration, error)

type PSUConsentClaims 

type PSUConsentClaims struct {
	AuthorizationEndpoint string
	Aud                   string // Audience
	Iss                   string // ClientID
	ResponseType          string // "code id_token"
	Scope                 string // "openid accounts"
	RedirectURI           string
	ConsentId             string
	State                 string // {test_id}
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.