import "code.pfad.fr/gopenidclient"
package gopenidclient is an attempt to provide nice OAuth2 / OpenID Connect (OIDC) interface.
OAuth2 integration is provided in the "static" package. An OpenID Connect (OIDC) provider backed by github.com/coreos/go-oidc/v3/oidc is available under code.pfad.fr/gopenidclient/coreos.
Assertion allows the usage of client_assertion instead of client_secret for better security. The code.pfad.fr/gopenidclient/coreos provider supports it. See code.pfad.fr/gopenidclient/assertion.RS256 for an implementation based on RSA+SHA256.
type CallbackResult struct {
// UnmarshalUser will unmarshal the JSON user returned by the provider
// var user struct {
// ID string `json:"sub"`
// Email string `json:"email"`
// Name string `json:"name"`
// }
// err = UnmarshalUser(&user)
UnmarshalUser func(interface{}) error
Token *oauth2.Token
// IntendedPath contains the URL before the login flow took place
IntendedPath string
}
CallbackResult is returned at the end of the login flow
type CookieManager struct {
Prefix string
Encrypter interface {
Seal(name, cleartext string) string
Open(name, cyphertext string) (string, error)
}
}
func (cm CookieManager) Clear(w http.ResponseWriter)
GetState gets the state cookie (which stores the intended URL of the user before authentication).
func (cm CookieManager) SetState(w http.ResponseWriter, state string)
SetState sets the state cookie (which stores the intended URL of the user before authentication).
type ExchangeHandler struct {
CookieManager CookieManager
}
ExchangeHandler implements the exchange-code flow (including PKCE challenge).
func (s ExchangeHandler) HandleCallback(w http.ResponseWriter, r *http.Request, provider Provider) (cr CallbackResult, clearCookies func(), err error)
HandleCallback should be called after the user logged in at the provider.
func (s ExchangeHandler) RedirectToAuthCodeURL(w http.ResponseWriter, r *http.Request, provider Provider) error
RedirectToAuthCodeURL should be called to redirect the user to the provider for login.
type Provider interface {
// SetRedirectURL sets the local callback URL.
SetRedirectURL(url string)
// AuthCodeURL returns the Provider URL to redirect the user to.
AuthCodeURL(state string) (url, pkceVerifier string, err error)
// Exchange exchanges the code and provides a way to unmarshal the user info.
//
// var user struct {
// ID string `json:"sub"`
// Email string `json:"email"`
// Name string `json:"name"`
// }
// err = unmarshalUser(&user)
Exchange(code, pkceVerifier string) (token *oauth2.Token, unmarshalUser func(interface{}) error, err error)
// EndSessionURL is a URL where the RP can perform a redirect to request that the End-User be logged out at the OP.
EndSessionURL() (*url.URL, error)
}
Provider is an interface suitable for OAuth2 and OIDC flows.
cookie.go exchange.go provider.go
| Path | Synopsis |
|---|---|
| assertion | package assertion authenticate OpenID Connect clients using [private_key_jwt] (private/public certificates instead of a shared secret), via OAuth 2.0 assertions specified in [RFC 7521]. |
| common | package common gather methods used by the provider implementation |
| coreos | package coreos provides a Provider for OpenID Connect (code.pfad.fr/gopenidclient), backed by the github.com/coreos/go-oidc/v3/oidc package. |
| refresh | package refresh uses the refresh-token as a remember token (stored encrypted in a dedicated cookie). |
| static | package static uses golang.org/x/oauth2 to implement a Provider for the OAuth2 flow with a static config. |
https://codeberg.org/pfad.fr/gopenidclient
git clone
https://codeberg.org/pfad.fr/gopenidclient.git git@codeberg.org:pfad.fr/gopenidclient.git