Documentation
¶
Index ¶
- Constants
- Variables
- func FilterRequestedScopes(scopes []string, requestedScopes []string) []string
- func GrantScopes(ctx context.Context, aud string, sub string, scopes []string) (grantedScopes []string, err error)
- func TokenType(token string) string
- type AccessToken
- type Address
- type AuthRequest
- type AuthResponse
- type Configuration
- type IdTokenClaims
- type JWK
- type KeySet
- type RevokeTokenRequest
- type Scopes
- type Server
- func (s *Server) CreateAccessToken(aud string, sub string, scopes []string) (string, error)
- func (s *Server) CreateIdToken(aud string, u *Userinfo, nonce string) (string, error)
- func (s *Server) CreateRefreshToken(aud string, sess string) (string, error)
- func (s *Server) CreateSession(ctx context.Context, aud string, sub string, scopes []string, nonce string) (refreshToken string, accessToken string, grantedScopes []string, ...)
- func (server *Server) CreateToken(claims map[string]interface{}) (string, error)
- func (s *Server) ParseAccessToken(accessToken string) (aud string, sub string, scopes []string, iat time.Time, exp time.Time, ...)
- func (s *Server) ParseRefreshToken(refreshToken string) (aud string, sess string, err error)
- func (server *Server) ParseToken(str string) (claims map[string]interface{}, err error)
- func (s *Server) RefreshSession(ctx context.Context, refreshToken string, filterScopes []string) (accessToken string, grantedScopes []string, expiresIn int64, err error)
- func (s *Server) Revoke(ctx context.Context, refreshToken string) (err error)
- func (s *Server) ServeHTTOpenIdConfiguration(resp http.ResponseWriter, req *http.Request)
- func (s *Server) ServeHTTP(resp http.ResponseWriter, req *http.Request)
- func (s *Server) Userinfo(ctx context.Context, accessToken string) (*Userinfo, error)
- type Session
- type SessionStore
- type SocialProvider
- type TokenRequest
- type TokenResponse
- type UserStore
- type Userinfo
- type UserinfoUpdate
Constants ¶
View Source
const AccessTokenSubjectPrefix = "user|"
View Source
const Audience = "aud"
View Source
const ExpiresAt = "exp"
View Source
const IssuedAt = "iat"
View Source
const Issuer = "iss"
View Source
const NotBefore = "nbf"
View Source
const OpenIdScope = "openid"
View Source
const RefreshTokenSubjectPrefix = "session|"
View Source
const Subject = "sub"
Variables ¶
View Source
var ErrEmailAlreadyRegistered = e("email_already_registered")
View Source
var ErrInvalidCredentials = e("invalid_credentials")
View Source
var ErrNoUser = e("no_user")
View Source
var _, _, Module = module.New("openid", messages)
Functions ¶
func FilterRequestedScopes ¶
func GrantScopes ¶
Types ¶
type AccessToken ¶
type AccessToken struct {
Audience string `json:"aud"`
Subject string `json:"sub"`
Scope string `json:"scope"`
ExpiresAt int64 `json:"exp"`
IssuedAt int64 `json:"iat"`
}
func (AccessToken) Valid ¶
func (t AccessToken) Valid() error
type AuthRequest ¶
type AuthResponse ¶
type AuthResponse struct {
// for ReponseType = code
Code string
// for ReponseType = token
TokenType string `json:"token_type"`
AccessToken string `json:"access_token"`
ExpiresIn int64 `json:"expires_in,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
// for ReponseType = id_token
IdToken string `json:"id_token,omitempty"`
State string `json:"state,omitempty"`
}
type Configuration ¶
type Configuration struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
TokenIntrospectionEndpoint string `json:"token_introspection_endpoint"`
UserinfoEndpoint string `json:"userinfo_endpoint"`
EndSessionEndpoint string `json:"end_session_endpoint"`
JwksUri string `json:"jwks_uri"`
CheckSessionIframe string `json:"check_session_iframe"`
GrantTypesSupported []string `json:"grant_types_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
SubjectTypesSupported []string `json:"subject_types_supported"`
IdTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"`
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
ResponseModesSupported []string `json:"response_modes_supported"`
RegistrationEndpoint string `json:"registration_endpoint"`
TokenEndpoinAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
ClaimsSupported []string `json:"claims_supported"`
ClaimTypesSupported []string `json:"claim_types_supported"`
ClaimsParameterSupported bool `json:"claims_parameter_supported"`
ScopesSupported []string `json:"scopes_supported"`
RequestParameterSupported bool `json:"request_parameter_supported"`
RequestUriParameterSupported bool `json:"request_uri_parameter_supported"`
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
TlsClientCertificateBoundAccessTokens bool `json:"tls_client_certificate_bound_access_tokens"`
}
func Discover ¶
func Discover(url string) (c *Configuration, err error)
func MustDiscover ¶
func MustDiscover(url string) *Configuration
func NewConfiguration ¶
func NewConfiguration(issuer string) *Configuration
type IdTokenClaims ¶
type IdTokenClaims struct {
Audience string `json:"aud"`
Issuer string `json:"iss"`
Userinfo
Nonce string `json:"nonce"`
}
func (IdTokenClaims) Valid ¶
func (IdTokenClaims) Valid() error
type JWK ¶
func (*JWK) UnmarshalJSON ¶
type RevokeTokenRequest ¶
type Server ¶
type Server struct {
Addr string
Config *Configuration
RefreshTokenKey []byte
TokenKey []byte
TokenExpiry time.Duration
SessionStore SessionStore
UserStore UserStore
GrantScopes func(ctx context.Context, aud string, sub string, scopes []string) (grantedScopes []string, err error)
// contains filtered or unexported fields
}
func (*Server) CreateAccessToken ¶
func (*Server) CreateIdToken ¶
func (*Server) CreateRefreshToken ¶
func (*Server) CreateSession ¶
func (*Server) CreateToken ¶
func (*Server) ParseAccessToken ¶
func (*Server) ParseRefreshToken ¶
func (*Server) ParseToken ¶
func (*Server) RefreshSession ¶
func (*Server) ServeHTTOpenIdConfiguration ¶
func (s *Server) ServeHTTOpenIdConfiguration(resp http.ResponseWriter, req *http.Request)
type Session ¶
type Session struct {
IssuedAt time.Time
ExpiresAt time.Time
Aud string
Subject string
Scopes []string
Server *Server
}
func CtxSession ¶
func HasAllScopes ¶
func HasAnyScope ¶
func (*Session) HasAllScopes ¶
func (*Session) HasAnyScope ¶
type SessionStore ¶
type SessionStore interface {
RefreshSession(ctx context.Context, id string, filterScopes []string) (sub string, grantedScopes []string, err error)
CreateSession(ctx context.Context, aud string, sub string, scopes []string) (id string, err error)
RevokeSession(ctx context.Context, id string) (err error)
}
type SocialProvider ¶
type TokenRequest ¶
type TokenRequest struct {
GrantType string `json:"grant_type"` // authorization_code, refresh_token
// for GrantType = authorization_code
// https://www.rfc-editor.org/rfc/rfc6749#section-4.1.3
Code string `json:"code"`
RedirectUri string `json:"redirect_uri"` // must match the redirect_uri in the auth request
ClientId string `json:"client_id"`
// for GrantType = refresh_token
// https://www.rfc-editor.org/rfc/rfc6749#section-6
RefreshToken string `json:"refresh_token"`
Scope string `json:"scope"`
Nonce string `json:"nonce"`
}
type TokenResponse ¶
type TokenResponse struct {
// for ResponseType = token
TokenType string `json:"token_type"`
AccessToken string `json:"access_token"`
ExpiresIn int64 `json:"expires_in,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
// for ReponseType = id_token
IdToken string `json:"id_token,omitempty"`
State string `json:"state,omitempty"`
}
type Userinfo ¶
type Userinfo struct {
Subject string `json:"sub,omitempty"`
CreatedAt int64 `json:"created_at,omitempty"`
Name string `json:"name,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
MiddleName string `json:"middle_name,omitempty"`
Nickname string `json:"nickname,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
PreferredUsernameVerified bool `json:"preferred_username_verified"`
Profile string `json:"profile,omitempty"`
Picture string `json:"picture,omitempty"`
Website string `json:"website,omitempty"`
Email string `json:"email"`
EmailVerified bool `json:"email_verified"`
Gender string `json:"gender,omitempty"`
Birthdate string `json:"birthdat,omitempty"`
Zoneinfo string `json:"zoneinfo,omitempty"`
Locale string `json:"locale,omitempty"`
PhoneNumber string `json:"phone_number,omitempty"`
PhoneNumberVerified bool `json:"phone_number_verified"`
Address *Address `json:"address,omitempty"`
SocialProviders []*SocialProvider `json:"social_providers,omitempty"`
UpdatedAt int64 `json:"updated_at,omitempty"`
}
type UserinfoUpdate ¶
type UserinfoUpdate struct {
Subject string `json:"sub,omitempty"`
Name *string `json:"name"`
GivenName *string `json:"given_name"`
FamilyName *string `json:"family_name"`
MiddleName *string `json:"middle_name"`
Nickname *string `json:"nickname"`
PreferredUsername *string `json:"preferred_username"`
Email *string `json:"email"`
EmailVerified *bool `json:"email_verified"`
Gender *string `json:"gender"`
Birthdate *string `json:"birthdate"`
Zoneinfo *string `json:"zoneinfo"`
Locale *string `json:"locale"`
Address *Address `json:"address"`
Password *string `json:"password,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.