var (
ErrInvalidSession = errors.New("Session type mismatch")
)
var ErrNoSessionFound = fosite.ErrNotFound
IDTokenSession is a session container for the id token
type DefaultSession struct {
Claims *jwt.IDTokenClaims
Headers *jwt.Headers
ExpiresAt map[fosite.TokenType]time.Time
Username string
Subject string
}
func NewDefaultSession() *DefaultSession
func (s *DefaultSession) Clone() fosite.Session
func (s *DefaultSession) GetExpiresAt(key fosite.TokenType) time.Time
func (s *DefaultSession) GetSubject() string
func (s *DefaultSession) GetUsername() string
func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims
func (s *DefaultSession) IDTokenHeaders() *jwt.Headers
func (s *DefaultSession) SetExpiresAt(key fosite.TokenType, exp time.Time)
func (s *DefaultSession) SetSubject(subject string)
type DefaultStrategy struct {
jwt.JWTStrategy
Expiry time.Duration
Issuer string
MinParameterEntropy int
}
func (h DefaultStrategy) GenerateIDToken(ctx context.Context, requester fosite.Requester) (token string, err error)
type IDTokenHandleHelper struct {
IDTokenStrategy OpenIDConnectTokenStrategy
}
func (i *IDTokenHandleHelper) ComputeHash(ctx context.Context, sess Session, token string) (string, error)
ComputeHash computes the hash using the alg defined in the id_token header
func (i *IDTokenHandleHelper) GetAccessTokenHash(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) string
func (i *IDTokenHandleHelper) IssueExplicitIDToken(ctx context.Context, ar fosite.Requester, resp fosite.AccessResponder) error
func (i *IDTokenHandleHelper) IssueImplicitIDToken(ctx context.Context, ar fosite.Requester, resp fosite.AuthorizeResponder) error
type OpenIDConnectExplicitHandler struct {
// OpenIDConnectRequestStorage is the storage for open id connect sessions.
OpenIDConnectRequestStorage OpenIDConnectRequestStorage
OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
*IDTokenHandleHelper
}
func (c *OpenIDConnectExplicitHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (c *OpenIDConnectExplicitHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (c *OpenIDConnectExplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
func (c *OpenIDConnectExplicitHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
func (c *OpenIDConnectExplicitHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
type OpenIDConnectHybridHandler struct {
AuthorizeImplicitGrantTypeHandler *oauth2.AuthorizeImplicitGrantTypeHandler
AuthorizeExplicitGrantHandler *oauth2.AuthorizeExplicitGrantHandler
IDTokenHandleHelper *IDTokenHandleHelper
ScopeStrategy fosite.ScopeStrategy
OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
OpenIDConnectRequestStorage OpenIDConnectRequestStorage
Enigma *jwt.RS256JWTStrategy
MinParameterEntropy int
}
func (c *OpenIDConnectHybridHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
type OpenIDConnectImplicitHandler struct {
AuthorizeImplicitGrantTypeHandler *oauth2.AuthorizeImplicitGrantTypeHandler
*IDTokenHandleHelper
ScopeStrategy fosite.ScopeStrategy
OpenIDConnectRequestValidator *OpenIDConnectRequestValidator
RS256JWTStrategy *jwt.RS256JWTStrategy
MinParameterEntropy int
}
func (c *OpenIDConnectImplicitHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
type OpenIDConnectRefreshHandler struct {
*IDTokenHandleHelper
}
func (c *OpenIDConnectRefreshHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (c *OpenIDConnectRefreshHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (c *OpenIDConnectRefreshHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
func (c *OpenIDConnectRefreshHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
type OpenIDConnectRequestStorage interface {
// CreateOpenIDConnectSession creates an open id connect session
// for a given authorize code. This is relevant for explicit open id connect flow.
CreateOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) error
// IsOpenIDConnectSession returns error
// - nil if a session was found,
// - ErrNoSessionFound if no session was found
// - or an arbitrary error if an error occurred.
GetOpenIDConnectSession(ctx context.Context, authorizeCode string, requester fosite.Requester) (fosite.Requester, error)
// Deprecated: DeleteOpenIDConnectSession is not called from anywhere.
// Originally, it should remove an open id connect session from the store.
DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
}
type OpenIDConnectRequestValidator struct {
AllowedPrompt []string
Strategy jwt.JWTStrategy
IsRedirectURISecure func(*url.URL) bool
}
func NewOpenIDConnectRequestValidator(prompt []string, strategy jwt.JWTStrategy) *OpenIDConnectRequestValidator
func (v *OpenIDConnectRequestValidator) ValidatePrompt(ctx context.Context, req fosite.AuthorizeRequester) error
func (v *OpenIDConnectRequestValidator) WithRedirectSecureChecker(checker func(*url.URL) bool) *OpenIDConnectRequestValidator
type OpenIDConnectTokenStrategy interface {
GenerateIDToken(ctx context.Context, requester fosite.Requester) (token string, err error)
}
type Session interface {
// IDTokenClaims returns a pointer to claims which will be modified in-place by handlers.
// Session should store this pointer and return always the same pointer.
IDTokenClaims() *jwt.IDTokenClaims
// IDTokenHeaders returns a pointer to header values which will be modified in-place by handlers.
// Session should store this pointer and return always the same pointer.
IDTokenHeaders() *jwt.Headers
fosite.Session
}