Documentation
¶
Index ¶
- Constants
- Variables
- func DPoPSignRequest(signingKey string, hc *http.Client, r *http.Request) error
- func DPoPThumbprint(signingKey string, hc *http.Client) (string, error)
- func EncryptJWT(token string, encrypterProvider EncrypterProvider) (nestedJWT string, key interface{}, err error)
- func FetchOpenIDConfiguration(ctx context.Context, issuerURL string, hc *http.Client) (request Request, c ServerConfig, err error)
- func ParseError(resp *http.Response) error
- func PlaintextJWT(claimsProvider ClaimsProvider) (jwt string, key string, err error)
- func RandomString(n int) string
- func ReadKey(use KeyUse, location string, hc *http.Client) (jose.JSONWebKey, error)
- func ReadKeyPair(cert string, key string, hc *http.Client) (keyPair tls.Certificate, err error)
- func ReadRootCA(location string, hc *http.Client) (pool *x509.CertPool, err error)
- func ReadURL(location string, hc *http.Client) (data []byte, err error)
- func RequestDeviceAuthorization(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, ...) (request Request, response DeviceAuthorizationResponse, err error)
- func RequestPAR(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, ...) (parRequest Request, parResponse PARResponse, authorizeRequest Request, ...)
- func RequestToken(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, ...) (request Request, response TokenResponse, err error)
- func SignJWT(claimsProvider ClaimsProvider, signerProvider SignerProvider) (jwt string, key interface{}, err error)
- func UnsafeParseJWT(token string) (*jwt.JSONWebToken, map[string]interface{}, error)
- func WithAuthorizationCode(code string) func(*RequestTokenParams)
- func WithCodeVerifier(codeVerifier string) func(*RequestTokenParams)
- func WithDeviceCode(deviceCode string) func(*RequestTokenParams)
- func WithRedirectURL(url string) func(*RequestTokenParams)
- type ClaimsProvider
- type ClientConfig
- type DPoPClaims
- type DeviceAuthorizationResponse
- type EncrypterProvider
- type Error
- type FlexibleInt64
- type KeyUse
- type PARResponse
- type Request
- func (r *Request) AuthenticateClient(endpoint string, mtlsEndpoint string, cconfig ClientConfig, ...) (string, error)
- func (r *Request) AuthorizeRequest(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (codeVerifier string, err error)
- func (r *Request) Get(key string) string
- func (r *Request) ParseJARM(signingKey interface{}, encryptionKey interface{}) error
- type RequestTokenOption
- type RequestTokenParams
- type ServerConfig
- type SignerProvider
- type TokenResponse
Constants ¶
View Source
const ( DPoPHeaderName = "DPoP" DPoPHeaderType = "dpop+jwt" )
View Source
const ( ErrAuthorizationPending = "authorization_pending" ErrSlowDown = "slow_down" )
View Source
const ( AuthorizationCodeGrantType string = "authorization_code" ClientCredentialsGrantType string = "client_credentials" ImplicitGrantType string = "implicit" PasswordGrantType string = "password" RefreshTokenGrantType string = "refresh_token" JWTBearerGrantType string = "urn:ietf:params:oauth:grant-type:jwt-bearer" TokenExchangeGrantType string = "urn:ietf:params:oauth:grant-type:token-exchange" DeviceGrantType string = "urn:ietf:params:oauth:grant-type:device_code" )
grant types
View Source
const ( ClientSecretBasicAuthMethod string = "client_secret_basic" ClientSecretPostAuthMethod string = "client_secret_post" ClientSecretJwtAuthMethod string = "client_secret_jwt" PrivateKeyJwtAuthMethod string = "private_key_jwt" SelfSignedTLSAuthMethod string = "self_signed_tls_client_auth" TLSClientAuthMethod string = "tls_client_auth" NoneAuthMethod string = "none" )
auth methods
View Source
const CodeVerifierLength = 43
View Source
const (
JwtBearerClientAssertion string = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
)
client assertion types
View Source
const OpenIDConfigurationPath = "/.well-known/openid-configuration"
Variables ¶
View Source
var CodeChallengeEncoder = base64.RawURLEncoding
Functions ¶
func DPoPSignRequest ¶ added in v1.6.0
func DPoPThumbprint ¶ added in v1.6.0
func EncryptJWT ¶ added in v1.5.0
func EncryptJWT(token string, encrypterProvider EncrypterProvider) (nestedJWT string, key interface{}, err error)
func ParseError ¶
func PlaintextJWT ¶ added in v1.5.0
func PlaintextJWT(claimsProvider ClaimsProvider) (jwt string, key string, err error)
func RandomString ¶
func ReadKeyPair ¶ added in v1.1.0
func ReadRootCA ¶ added in v1.1.0
func RequestDeviceAuthorization ¶ added in v1.4.0
func RequestDeviceAuthorization(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (request Request, response DeviceAuthorizationResponse, err error)
func RequestPAR ¶ added in v1.4.0
func RequestPAR( ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client, ) (parRequest Request, parResponse PARResponse, authorizeRequest Request, codeVerifier string, err error)
func RequestToken ¶
func RequestToken( ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client, opts ...RequestTokenOption, ) (request Request, response TokenResponse, err error)
func SignJWT ¶
func SignJWT(claimsProvider ClaimsProvider, signerProvider SignerProvider) (jwt string, key interface{}, err error)
func UnsafeParseJWT ¶ added in v1.4.0
func UnsafeParseJWT(token string) (*jwt.JSONWebToken, map[string]interface{}, error)
func WithAuthorizationCode ¶
func WithAuthorizationCode(code string) func(*RequestTokenParams)
func WithCodeVerifier ¶
func WithCodeVerifier(codeVerifier string) func(*RequestTokenParams)
func WithDeviceCode ¶ added in v1.4.0
func WithDeviceCode(deviceCode string) func(*RequestTokenParams)
func WithRedirectURL ¶
func WithRedirectURL(url string) func(*RequestTokenParams)
Types ¶
type ClaimsProvider ¶ added in v1.1.0
func AssertionClaims ¶ added in v1.1.0
func AssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider
func ClientAssertionClaims ¶ added in v1.1.0
func ClientAssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider
func RequestObjectClaims ¶ added in v1.5.0
func RequestObjectClaims(params url.Values, serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider
type ClientConfig ¶
type ClientConfig struct {
IssuerURL string `validate:"url"`
RedirectURL string `validate:"url"`
GrantType string `` /* 223-byte string literal not displayed */
ClientID string
ClientSecret string
Scopes []string
ACRValues []string
Audience []string
AuthMethod string `` /* 148-byte string literal not displayed */
PKCE bool
PAR bool
RequestObject bool
EncryptedRequestObject bool
Insecure bool
ResponseType []string `validate:"dive,omitempty,oneof=code id_token token"`
ResponseMode string `validate:"omitempty,oneof=query form_post query.jwt form_post.jwt jwt"`
Username string
Password string
RefreshToken string
Assertion string `validate:"omitempty,json"`
SigningKey string `validate:"omitempty,uri|file"`
EncryptionKey string `validate:"omitempty,uri|file"`
SubjectToken string
SubjectTokenType string `validate:"omitempty,oneof=urn:ietf:params:oauth:token-type:access_token"`
ActorToken string
ActorTokenType string `validate:"omitempty,oneof=urn:ietf:params:oauth:token-type:access_token"`
IDTokenHint string
LoginHint string
IDPHint string
TLSCert string `validate:"omitempty,uri|file"`
TLSKey string `validate:"omitempty,uri|file"`
TLSRootCA string `validate:"omitempty,uri|file"`
CallbackTLSCert string `validate:"omitempty,uri|file"`
CallbackTLSKey string `validate:"omitempty,uri|file"`
HTTPTimeout time.Duration
BrowserTimeout time.Duration
NoBrowser bool
DPoP bool
Claims string `validate:"omitempty,json"`
RAR string `validate:"omitempty,json"`
Purpose string
Prompt []string
MaxAge string
AuthenticationCode string
}
type DPoPClaims ¶ added in v1.6.0
type DeviceAuthorizationResponse ¶ added in v1.4.0
type DeviceAuthorizationResponse struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
VerificationURIComplete string `json:"verification_uri_complete"`
ExpiresIn int64 `json:"expires_in"`
Interval int64 `json:"interval"`
}
type EncrypterProvider ¶ added in v1.5.0
type EncrypterProvider func() (jose.Encrypter, interface{}, error)
func JWEEncrypter ¶ added in v1.5.0
func JWEEncrypter(keyPath string, hc *http.Client) EncrypterProvider
type Error ¶
type FlexibleInt64 ¶ added in v1.17.1
type FlexibleInt64 int64
FlexibleInt64 is a type that can be unmarshaled from a JSON number or string. This was added to support the `expires_in` field in the token response. Typically it is expressed as a JSON number, but at least login.microsoft.com returns the number as a string.
func (*FlexibleInt64) UnmarshalJSON ¶ added in v1.17.1
func (f *FlexibleInt64) UnmarshalJSON(b []byte) error
type PARResponse ¶ added in v1.4.0
type Request ¶
type Request struct {
Method string
URL *url.URL
Headers map[string][]string
Form url.Values
JARM map[string]interface{}
RequestObject string
SigningKey interface{}
EncryptionKey interface{}
Cert *x509.Certificate
}
func RequestAuthorization ¶
func RequestAuthorization(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (r Request, codeVerifier string, err error)
func WaitForCallback ¶
func WaitForCallback(clientConfig ClientConfig, serverConfig ServerConfig, hc *http.Client) (request Request, err error)
func (*Request) AuthenticateClient ¶ added in v1.4.0
func (r *Request) AuthenticateClient( endpoint string, mtlsEndpoint string, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client, ) (string, error)
func (*Request) AuthorizeRequest ¶ added in v1.5.0
func (r *Request) AuthorizeRequest( cconfig ClientConfig, sconfig ServerConfig, hc *http.Client, ) (codeVerifier string, err error)
type RequestTokenOption ¶
type RequestTokenOption func(*RequestTokenParams)
type RequestTokenParams ¶
type ServerConfig ¶
type ServerConfig struct {
SupportedGrantTypes []string `json:"grant_types_supported"`
SupportedResponseTypes []string `json:"response_types_supported"`
SupportedTokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported"`
SupportedScopes []string `json:"scopes_supported"`
SupportedResponseModes []string `json:"response_modes_supported"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
MTLsEndpointAliases struct {
TokenEndpoint string `json:"token_endpoint"`
PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
} `json:"mtls_endpoint_aliases"`
JWKsURI string `json:"jwks_uri"`
}
func (ServerConfig) IsConfigured ¶ added in v1.15.0
func (c ServerConfig) IsConfigured() bool
type SignerProvider ¶ added in v1.1.0
type SignerProvider func() (jose.Signer, interface{}, error)
func SecretSigner ¶ added in v1.1.0
func SecretSigner(secret []byte) SignerProvider
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token,omitempty"`
ExpiresIn FlexibleInt64 `json:"expires_in,omitempty"`
IDToken string `json:"id_token,omitempty"`
IssuedTokenType string `json:"issued_token_type,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
TokenType string `json:"token_type,omitempty"`
AuthorizationDetails []map[string]interface{} `json:"authorization_details,omitempty"`
}
func NewTokenResponseFromForm ¶
func NewTokenResponseFromForm(f url.Values) TokenResponse
Source Files
Click to show internal directories.
Click to hide internal directories.