Documentation
¶
Index ¶
- Variables
- func AccessToken(c echo.Context) error
- func AdminRoutes(router *echo.Group)
- func ChooseKeyForIDToken(keys []*jwKey, token *jwt.Token) (interface{}, error)
- func FindLoginDomain(host string) (string, bool)
- func GetDelegatedCode(c echo.Context) error
- func GetIDTokenKeys(keyURL string) ([]*jwKey, error)
- func Login(c echo.Context) error
- func LoginDomainHandler(c echo.Context, contextName string) error
- func Logout(c echo.Context) error
- func Redirect(c echo.Context) error
- func Routes(router *echo.Group)
- func Start(c echo.Context) error
- func StartFranceConnect(c echo.Context) error
- func TwoFactor(c echo.Context) error
- type Config
- type ProviderOIDC
Constants ¶
This section is empty.
Variables ¶
var ( ErrInvalidToken = errors.New("invalid token") ErrInvalidConfiguration = errors.New("invalid configuration") ErrAuthenticationFailed = errors.New("the authentication has failed") ErrFranceConnectFailed = errors.New("the FranceConnect authentication has failed") ErrIdentityProvider = errors.New("error from the identity provider") )
Functions ¶
func AccessToken ¶
func AccessToken(c echo.Context) error
AccessToken delivers an access_token and a refresh_token if the client gives a valid token for OIDC.
func AdminRoutes ¶
func AdminRoutes(router *echo.Group)
AdminRoutes setup the routing for OpenID Connect on the admin port. It is mostly used by the cloudery.
func ChooseKeyForIDToken ¶
ChooseKeyForIDToken can be used to check an id_token as a JWT.
func FindLoginDomain ¶
FindLoginDomain returns the context name for which the login domain matches the host.
func GetDelegatedCode ¶
func GetDelegatedCode(c echo.Context) error
GetDelegatedCode is mostly a proxy for the userinfo request made by the cloudery to the OIDC provider. It adds a delegated code in the response associated to the sub.
func GetIDTokenKeys ¶
GetIDTokenKeys returns the keys that can be used to verify that an OIDC id_token is valid.
func Login ¶
func Login(c echo.Context) error
Login checks that the OpenID Connect has been successful and logs in the user.
func LoginDomainHandler ¶
LoginDomainHandler is the handler for the requests on the login domain. It shows a page with a login button (that can start the OIDC dance).
func Logout ¶
func Logout(c echo.Context) error
Logout is the handler for the OpenID back-channel logout endpoint.
func Redirect ¶
func Redirect(c echo.Context) error
Redirect is the route after the Identity Provider has redirected the user to the stack. The redirection is made to a generic domain, like oauthcallback.cozy.localhost and the association with an instance is made via a call to the UserInfo endpoint. It redirects to the cozy instance to login the user.
func Routes ¶
func Routes(router *echo.Group)
Routes setup routing for OpenID Connect routes. Careful, the normal middlewares NeedInstance and LoadSession are not applied to this group in web/routing
func StartFranceConnect ¶
func StartFranceConnect(c echo.Context) error
StartFranceConnect is the route to start the FranceConnect dance.
Types ¶
type Config ¶
type Config struct {
Provider ProviderOIDC
AllowOAuthToken bool
AllowCustomInstance bool
ClientID string
ClientSecret string
Scope string
RedirectURI string
AuthorizeURL string
TokenURL string
UserInfoURL string
UserInfoField string
UserInfoPrefix string
UserInfoSuffix string
IDTokenKeyURL string
}
Config is the config to log in a user with an OpenID Connect identity provider.
type ProviderOIDC ¶
type ProviderOIDC int
const ( GenericProvider ProviderOIDC = iota FranceConnectProvider )
Source Files