op

package
v0.0.0-...-528b95b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 19, 2026 License: GPL-3.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const AuthRequestLifetime = 5 * time.Minute
View Source 
const ClaimCondition = "condition"
View Source 
const ClaimOrganizationIdentifier = "orgid"
View Source 
const ClaimPatient = "patient"
View Source 
const ClaimRoles = "roles"
View Source 
const ScopePatient = "patient"
View Source 
const TokenLifetime = 5 * time.Minute

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthRequest 

type AuthRequest struct {
	oidc.AuthRequest
	ID string

	User          *UserDetails
	AuthTime      time.Time
	AuthDone      bool
	Code          string
	ApplicationID string

	ExpirationTime time.Time
}

func (*AuthRequest) Authenticate 

func (a *AuthRequest) Authenticate(details UserDetails) error

func (AuthRequest) Done 

func (a AuthRequest) Done() bool

func (AuthRequest) GetACR 

func (a AuthRequest) GetACR() string

func (AuthRequest) GetAMR 

func (a AuthRequest) GetAMR() []string

func (AuthRequest) GetAudience 

func (a AuthRequest) GetAudience() []string

func (AuthRequest) GetAuthTime 

func (a AuthRequest) GetAuthTime() time.Time

func (AuthRequest) GetClientID 

func (a AuthRequest) GetClientID() string

func (AuthRequest) GetCodeChallenge 

func (a AuthRequest) GetCodeChallenge() *oidc.CodeChallenge

func (AuthRequest) GetID 

func (a AuthRequest) GetID() string

func (AuthRequest) GetNonce 

func (a AuthRequest) GetNonce() string

func (AuthRequest) GetScopes 

func (a AuthRequest) GetScopes() []string

func (AuthRequest) GetSubject 

func (a AuthRequest) GetSubject() string

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func (Client) AccessTokenType 

func (c Client) AccessTokenType() op.AccessTokenType

func (Client) ApplicationType 

func (c Client) ApplicationType() op.ApplicationType

func (Client) AuthMethod 

func (c Client) AuthMethod() oidc.AuthMethod

func (Client) ClockSkew 

func (c Client) ClockSkew() time.Duration

func (Client) DevMode 

func (c Client) DevMode() bool

func (Client) GetID 

func (c Client) GetID() string

func (Client) GrantTypes 

func (c Client) GrantTypes() []oidc.GrantType

func (Client) IDTokenLifetime 

func (c Client) IDTokenLifetime() time.Duration

func (Client) IDTokenUserinfoClaimsAssertion 

func (c Client) IDTokenUserinfoClaimsAssertion() bool

func (Client) IsScopeAllowed 

func (c Client) IsScopeAllowed(scope string) bool

func (Client) LoginURL 

func (c Client) LoginURL(authRequestID string) string

func (Client) PostLogoutRedirectURIs 

func (c Client) PostLogoutRedirectURIs() []string

func (Client) RedirectURIs 

func (c Client) RedirectURIs() []string

func (Client) ResponseTypes 

func (c Client) ResponseTypes() []oidc.ResponseType

func (Client) RestrictAdditionalAccessTokenScopes 

func (c Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string

func (Client) RestrictAdditionalIdTokenScopes 

func (c Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string

type ClientConfig 

type ClientConfig struct {
	// ID holds the OAuth2 client_id of the registered client.
	ID string `koanf:"id"`
	// RedirectURI holds the URIs of the client to which the authorization server will redirect after authorization.
	RedirectURI []string `koanf:"redirecturi"`
	// Secret is the hex-encoded, SHA-256 hash of the client secret, salted with the client_id and concatenated with a pipe (|).
	Secret string `koanf:"secret"`
}

type Config 

type Config struct {
	Enabled bool                    `koanf:"enabled"`
	Clients map[string]ClientConfig `koanf:"clients"`
}

type PublicKey 

type PublicKey struct {
	// contains filtered or unexported fields
}

func (PublicKey) Algorithm 

func (p PublicKey) Algorithm() jose.SignatureAlgorithm

func (PublicKey) ID 

func (p PublicKey) ID() string

func (PublicKey) Key 

func (p PublicKey) Key() any

func (PublicKey) Use 

func (p PublicKey) Use() string

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func New 

func New(strictMode bool, issuer *url.URL, config Config) (*Service, error)

func (*Service) HandleLogin 

func (s *Service) HandleLogin(httpResponse http.ResponseWriter, httpRequest *http.Request, sessionData *session.Data)

func (*Service) ServeHTTP 

func (s *Service) ServeHTTP(httpResponse http.ResponseWriter, httpRequest *http.Request)

type SigningKey 

type SigningKey struct {
	// contains filtered or unexported fields
}

func (SigningKey) ID 

func (s SigningKey) ID() string

func (SigningKey) Key 

func (s SigningKey) Key() any

func (SigningKey) Public 

func (p SigningKey) Public() PublicKey

func (SigningKey) SignatureAlgorithm 

func (s SigningKey) SignatureAlgorithm() jose.SignatureAlgorithm

type Storage 

type Storage struct {
	// contains filtered or unexported fields
}

func (Storage) AuthRequestByCode 

func (o Storage) AuthRequestByCode(ctx context.Context, code string) (op.AuthRequest, error)

func (Storage) AuthRequestByID 

func (o Storage) AuthRequestByID(ctx context.Context, id string) (op.AuthRequest, error)

func (Storage) AuthenticateUser 

func (o Storage) AuthenticateUser(ctx context.Context, authRequestID string, user UserDetails) error

func (Storage) AuthorizeClientIDSecret 

func (o Storage) AuthorizeClientIDSecret(ctx context.Context, clientID, clientSecret string) error

func (Storage) CreateAccessAndRefreshTokens 

func (o Storage) CreateAccessAndRefreshTokens(ctx context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshTokenID string, expiration time.Time, err error)

func (Storage) CreateAccessToken 

func (o Storage) CreateAccessToken(ctx context.Context, request op.TokenRequest) (accessTokenID string, expiration time.Time, err error)

func (Storage) CreateAuthRequest 

func (o Storage) CreateAuthRequest(ctx context.Context, request *oidc.AuthRequest, _ string) (op.AuthRequest, error)

func (Storage) DeleteAuthRequest 

func (o Storage) DeleteAuthRequest(ctx context.Context, id string) error

func (Storage) GetClientByClientID 

func (o Storage) GetClientByClientID(ctx context.Context, clientID string) (op.Client, error)

func (Storage) GetKeyByIDAndClientID 

func (o Storage) GetKeyByIDAndClientID(ctx context.Context, keyID, clientID string) (*jose.JSONWebKey, error)

func (Storage) GetPrivateClaimsFromScopes 

func (o Storage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (map[string]any, error)

func (Storage) GetRefreshTokenInfo 

func (o Storage) GetRefreshTokenInfo(ctx context.Context, clientID string, token string) (userID string, tokenID string, err error)

func (Storage) Health 

func (o Storage) Health(ctx context.Context) error

func (Storage) KeySet 

func (o Storage) KeySet(ctx context.Context) ([]op.Key, error)

func (Storage) RevokeToken 

func (o Storage) RevokeToken(ctx context.Context, tokenOrTokenID string, userID string, clientID string) *oidc.Error

func (Storage) SaveAuthCode 

func (o Storage) SaveAuthCode(ctx context.Context, id string, code string) error

func (Storage) SetIntrospectionFromToken 

func (o Storage) SetIntrospectionFromToken(ctx context.Context, userinfo *oidc.IntrospectionResponse, tokenID, subject, clientID string) error

func (Storage) SetUserinfoFromRequest 

func (o Storage) SetUserinfoFromRequest(ctx context.Context, userinfo *oidc.UserInfo, request op.IDTokenRequest, scopes []string) error

func (Storage) SetUserinfoFromScopes 

func (o Storage) SetUserinfoFromScopes(ctx context.Context, userinfo *oidc.UserInfo, userID, clientID string, scopes []string) error

SetUserinfoFromScopes sets the userinfo claims based on the requested scopes and user ID. Since we don't want to store the userinfo in the database, we just return nil here. User info should then be set through SetUserinfoFromRequest

func (Storage) SetUserinfoFromToken 

func (o Storage) SetUserinfoFromToken(ctx context.Context, userInfo *oidc.UserInfo, tokenID, subject, origin string) error

func (Storage) SignatureAlgorithms 

func (o Storage) SignatureAlgorithms(ctx context.Context) ([]jose.SignatureAlgorithm, error)

func (Storage) SigningKey 

func (o Storage) SigningKey(ctx context.Context) (op.SigningKey, error)

func (Storage) TerminateSession 

func (o Storage) TerminateSession(ctx context.Context, userID string, clientID string) error

func (Storage) TokenRequestByRefreshToken 

func (o Storage) TokenRequestByRefreshToken(ctx context.Context, refreshTokenID string) (op.RefreshTokenRequest, error)

func (Storage) ValidateJWTProfileScopes 

func (o Storage) ValidateJWTProfileScopes(ctx context.Context, userID string, scopes []string) ([]string, error)

type Token 

type Token struct {
	ID       string
	Audience []string
	Scopes   []string
	User     UserDetails

	ExpirationTime time.Time
}

type UserDetails 

type UserDetails struct {
	ID           string
	Name         string
	Email        string
	Roles        []string
	Organization fhir.Organization
	Condition    fhir.Condition

	PatientIdentifiers []fhir.Identifier
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.