Documentation
¶
Overview ¶
Package upstreamoidc implements an abstraction of upstream OIDC provider interactions.
Index ¶
- func New(config *oauth2.Config, provider *coreosoidc.Provider, client *http.Client) upstreamprovider.UpstreamOIDCIdentityProviderI
- type ProviderConfig
- func (p *ProviderConfig) AllowsPasswordGrant() bool
- func (p *ProviderConfig) ExchangeAuthcodeAndValidateTokens(ctx context.Context, authcode string, pkceCodeVerifier pkce.Code, ...) (*oidctypes.Token, error)
- func (p *ProviderConfig) GetAdditionalAuthcodeParams() map[string]string
- func (p *ProviderConfig) GetAdditionalClaimMappings() map[string]string
- func (p *ProviderConfig) GetAuthorizationURL() *url.URL
- func (p *ProviderConfig) GetClientID() string
- func (p *ProviderConfig) GetGroupsClaim() string
- func (p *ProviderConfig) GetResourceName() string
- func (p *ProviderConfig) GetResourceUID() types.UID
- func (p *ProviderConfig) GetRevocationURL() *url.URL
- func (p *ProviderConfig) GetScopes() []string
- func (p *ProviderConfig) GetUsernameClaim() string
- func (p *ProviderConfig) HasUserInfoURL() bool
- func (p *ProviderConfig) PasswordCredentialsGrantAndValidateTokens(ctx context.Context, username, password string) (*oidctypes.Token, error)
- func (p *ProviderConfig) PerformRefresh(ctx context.Context, refreshToken string) (*oauth2.Token, error)
- func (p *ProviderConfig) RevokeToken(ctx context.Context, token string, ...) error
- func (p *ProviderConfig) ValidateTokenAndMergeWithUserInfo(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce, ...) (*oidctypes.Token, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func New ¶
func New(config *oauth2.Config, provider *coreosoidc.Provider, client *http.Client) upstreamprovider.UpstreamOIDCIdentityProviderI
Types ¶
type ProviderConfig ¶
type ProviderConfig struct {
Name string
ResourceUID types.UID
UsernameClaim string
GroupsClaim string
Config *oauth2.Config
Client *http.Client
AllowPasswordGrant bool
AdditionalAuthcodeParams map[string]string
AdditionalClaimMappings map[string]string
RevocationURL *url.URL // will commonly be nil: many providers do not offer this
Provider interface {
Verifier(*coreosoidc.Config) *coreosoidc.IDTokenVerifier
Claims(v any) error
UserInfo(ctx context.Context, tokenSource oauth2.TokenSource) (*coreosoidc.UserInfo, error)
}
}
ProviderConfig holds the active configuration of an upstream OIDC provider.
func (*ProviderConfig) AllowsPasswordGrant ¶ added in v0.11.0
func (p *ProviderConfig) AllowsPasswordGrant() bool
func (*ProviderConfig) ExchangeAuthcodeAndValidateTokens ¶
func (*ProviderConfig) GetAdditionalAuthcodeParams ¶ added in v0.13.0
func (p *ProviderConfig) GetAdditionalAuthcodeParams() map[string]string
func (*ProviderConfig) GetAdditionalClaimMappings ¶ added in v0.22.0
func (p *ProviderConfig) GetAdditionalClaimMappings() map[string]string
func (*ProviderConfig) GetAuthorizationURL ¶
func (p *ProviderConfig) GetAuthorizationURL() *url.URL
func (*ProviderConfig) GetClientID ¶
func (p *ProviderConfig) GetClientID() string
func (*ProviderConfig) GetGroupsClaim ¶
func (p *ProviderConfig) GetGroupsClaim() string
func (*ProviderConfig) GetResourceName ¶ added in v0.31.0
func (p *ProviderConfig) GetResourceName() string
func (*ProviderConfig) GetResourceUID ¶ added in v0.13.0
func (p *ProviderConfig) GetResourceUID() types.UID
func (*ProviderConfig) GetRevocationURL ¶ added in v0.13.0
func (p *ProviderConfig) GetRevocationURL() *url.URL
func (*ProviderConfig) GetScopes ¶
func (p *ProviderConfig) GetScopes() []string
func (*ProviderConfig) GetUsernameClaim ¶
func (p *ProviderConfig) GetUsernameClaim() string
func (*ProviderConfig) HasUserInfoURL ¶ added in v0.13.0
func (p *ProviderConfig) HasUserInfoURL() bool
func (*ProviderConfig) PasswordCredentialsGrantAndValidateTokens ¶ added in v0.11.0
func (*ProviderConfig) PerformRefresh ¶ added in v0.13.0
func (*ProviderConfig) RevokeToken ¶ added in v0.13.0
func (p *ProviderConfig) RevokeToken(ctx context.Context, token string, tokenType upstreamprovider.RevocableTokenType) error
RevokeToken will attempt to revoke the given token, if the provider has a revocation endpoint. It may return an error wrapped by a RetryableRevocationError, which is an error indicating that it may be worth trying to revoke the same token again later. Any other error returned should be assumed to represent an error such that it is not worth retrying revocation later, even though revocation failed.
func (*ProviderConfig) ValidateTokenAndMergeWithUserInfo ¶ added in v0.13.0
func (p *ProviderConfig) ValidateTokenAndMergeWithUserInfo(ctx context.Context, tok *oauth2.Token, expectedIDTokenNonce nonce.Nonce, requireIDToken bool, requireUserInfo bool) (*oidctypes.Token, error)
ValidateTokenAndMergeWithUserInfo will validate the ID token. It will also merge the claims from the userinfo endpoint response, if the provider offers the userinfo endpoint.
Source Files
Click to show internal directories.
Click to hide internal directories.