Initial QSfera import
This commit is contained in:
@@ -0,0 +1,117 @@
|
||||
package oidc
|
||||
|
||||
import (
|
||||
"net/http"
|
||||
|
||||
"github.com/MicahParks/keyfunc/v2"
|
||||
"github.com/qsfera/server/pkg/log"
|
||||
"github.com/qsfera/server/services/proxy/pkg/config"
|
||||
|
||||
goidc "github.com/coreos/go-oidc/v3/oidc"
|
||||
)
|
||||
|
||||
// Option defines a single option function.
|
||||
type Option func(o *Options)
|
||||
|
||||
// Options defines the available options for this package.
|
||||
type Options struct {
|
||||
// HTTPClient to use for requests
|
||||
HTTPClient *http.Client
|
||||
// Logger to use for logging, must be set
|
||||
Logger log.Logger
|
||||
// The OpenID Connect Issuer URL
|
||||
OIDCIssuer string
|
||||
// JWKSOptions to use when retrieving keys
|
||||
JWKSOptions config.JWKS
|
||||
// the JWKS keyset to use for verifying signatures of Access- and
|
||||
// Logout-Tokens
|
||||
// this option is mostly needed for unit test. To avoid fetching the keys
|
||||
// from the issuer
|
||||
JWKS *keyfunc.JWKS
|
||||
// KeySet to use when verifiing signatures of jwt encoded
|
||||
// user info responses
|
||||
// TODO move userinfo verification to use jwt/keyfunc as well
|
||||
KeySet KeySet
|
||||
// AccessTokenVerifyMethod to use when verifying access tokens
|
||||
// TODO pass a function or interface to verify? an AccessTokenVerifier?
|
||||
AccessTokenVerifyMethod string
|
||||
// Config to use
|
||||
Config *goidc.Config
|
||||
|
||||
// ProviderMetadata to use
|
||||
ProviderMetadata *ProviderMetadata
|
||||
}
|
||||
|
||||
// newOptions initializes the available default options.
|
||||
func newOptions(opts ...Option) Options {
|
||||
opt := Options{}
|
||||
|
||||
for _, o := range opts {
|
||||
o(&opt)
|
||||
}
|
||||
|
||||
return opt
|
||||
}
|
||||
|
||||
// WithOidcIssuer provides a function to set the openid connect issuer option.
|
||||
func WithOidcIssuer(val string) Option {
|
||||
return func(o *Options) {
|
||||
o.OIDCIssuer = val
|
||||
}
|
||||
}
|
||||
|
||||
// WithLogger provides a function to set the logger option.
|
||||
func WithLogger(val log.Logger) Option {
|
||||
return func(o *Options) {
|
||||
o.Logger = val
|
||||
}
|
||||
}
|
||||
|
||||
// WithAccessTokenVerifyMethod provides a function to set the accessTokenVerifyMethod option.
|
||||
func WithAccessTokenVerifyMethod(val string) Option {
|
||||
return func(o *Options) {
|
||||
o.AccessTokenVerifyMethod = val
|
||||
}
|
||||
}
|
||||
|
||||
// WithHTTPClient provides a function to set the httpClient option.
|
||||
func WithHTTPClient(val *http.Client) Option {
|
||||
return func(o *Options) {
|
||||
o.HTTPClient = val
|
||||
}
|
||||
}
|
||||
|
||||
// WithJWKSOptions provides a function to set the jwksOptions option.
|
||||
func WithJWKSOptions(val config.JWKS) Option {
|
||||
return func(o *Options) {
|
||||
o.JWKSOptions = val
|
||||
}
|
||||
}
|
||||
|
||||
// WithJWKS provides a function to set the JWKS option (mainly useful for testing).
|
||||
func WithJWKS(val *keyfunc.JWKS) Option {
|
||||
return func(o *Options) {
|
||||
o.JWKS = val
|
||||
}
|
||||
}
|
||||
|
||||
// WithKeySet provides a function to set the KeySet option.
|
||||
func WithKeySet(val KeySet) Option {
|
||||
return func(o *Options) {
|
||||
o.KeySet = val
|
||||
}
|
||||
}
|
||||
|
||||
// WithConfig provides a function to set the Config option.
|
||||
func WithConfig(val *goidc.Config) Option {
|
||||
return func(o *Options) {
|
||||
o.Config = val
|
||||
}
|
||||
}
|
||||
|
||||
// WithProviderMetadata provides a function to set the provider option.
|
||||
func WithProviderMetadata(val *ProviderMetadata) Option {
|
||||
return func(o *Options) {
|
||||
o.ProviderMetadata = val
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user