staticclients

package

v1.0.0-alpha.1 Latest Latest Go to latest Published: Nov 25, 2024 License: BSD-3-Clause Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/lstoll/oidcop

Links

Open Source Insights

Documentation ¶

Index ¶

type Client
type Clients
- func ExpandUnmarshal(jsonBytes []byte) (*Clients, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	// ID is the identifier for this client, corresponds to the client ID.
	ID string `json:"id" yaml:"id"`
	// Secrets is a list of valid client secrets for this client. At least
	// one secret is required, unless the client is Public and uses PKCE.
	Secrets []string `json:"clientSecrets" yaml:"clientSecrets"`
	// RedirectURLS is a list of valid redirect URLs for this client. At least
	// one is required, unless the client is public a PermitLocalhostRedirect is
	// true. These are an exact match
	RedirectURLs []string `json:"redirectURLs" yaml:"redirectURLs"`
	// Public indicates that this client is public. A "public" client is one who
	// can't keep their credentials confidential.
	// https://datatracker.ietf.org/doc/html/rfc6749#section-2.1
	Public bool `json:"public" yaml:"public"`
	// PermitLocalhostRedirect allows redirects to localhost, if this is a
	// public client
	PermitLocalhostRedirect bool `json:"permitLocalhostRedirect" yaml:"permitLocalhostRedirect"`
	// RequiresPKCE indicates that this client should be required to use PKCE
	// for the token exchange. This defaults to true for public clients, and
	// false for non-public clients.
	RequiresPKCE *bool `json:"requiresPKCE" yaml:"requiresPKCE"`
}

Client represents an individual oauth2/oidc client.

type Clients ¶

type Clients struct {
	// Clients is the list of clients
	Clients []Client `json:"clients" yaml:"client"`
}

Clients implements the oidcop.ClientSource against a static list of clients. The type is tagged, to enable loading from JSON/YAML. This can be created directly, or via unserializing / using the ExpandUnmarshal function

func ExpandUnmarshal ¶

func ExpandUnmarshal(jsonBytes []byte) (*Clients, error)

ExpandUnmarshal will take the given JSON, and expand variables inside it from the environment using os.Expand (https://pkg.go.dev/os#Expand). This supports expansion with defaults, e.g

`{"secret": "${MY_SECRET_VAR:-defaultSecret}"}`

will return a secret of the contents of the MY_SECRET_VAR environment variable if it is set, otherwise it will be `defaultSecret`.

The JSON unmarshaling is strict, and will error if it contains unknown fields.

If the input is YAML, it should be converted with https://pkg.go.dev/sigs.k8s.io/yaml#YAMLToJSON first.

func (*Clients) IsValidClientID ¶

func (c *Clients) IsValidClientID(clientID string) (ok bool, err error)

func (*Clients) RequiresPKCE ¶

func (c *Clients) RequiresPKCE(clientID string) (ok bool, err error)

func (*Clients) ValidateClientRedirectURI ¶

func (c *Clients) ValidateClientRedirectURI(clientID, redirectURI string) (ok bool, err error)

func (*Clients) ValidateClientSecret ¶

func (c *Clients) ValidateClientSecret(clientID, clientSecret string) (ok bool, err error)

Source Files ¶

View all Source files

staticclients.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL