mirror of
https://github.com/pomerium/pomerium.git
synced 2025-04-29 10:26:29 +02:00
b9fd926618
* identity: add support for verifying access and identity tokens * allow overriding with policy option * authenticate: add verify endpoints * wip * implement session creation * add verify test * implement idp token login * fix tests * add pr permission * make session ids route-specific * rename method * add test * add access token test * test for newUserFromIDPClaims * more tests * make the session id per-idp * use type for * add test * remove nil checks
37 lines
1.2 KiB
Go
37 lines
1.2 KiB
Go
// Package oauth provides support for making OAuth2 authorized and authenticated
|
|
// HTTP requests, as specified in RFC 6749. It can additionally grant
|
|
// authorization with Bearer JWT.
|
|
package oauth
|
|
|
|
import (
|
|
"net/url"
|
|
)
|
|
|
|
// Options contains the fields required for an OAuth 2.0 (inc. OIDC) auth flow.
|
|
//
|
|
// https://tools.ietf.org/html/rfc6749
|
|
// https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
|
|
type Options struct {
|
|
ProviderName string
|
|
|
|
// ProviderURL is the endpoint to look for .well-known/openid-configuration
|
|
// OAuth2 related endpoints and will be autoconfigured based off this URL
|
|
ProviderURL string
|
|
|
|
// ClientID is the application's ID.
|
|
ClientID string
|
|
// ClientSecret is the application's secret.
|
|
ClientSecret string
|
|
// RedirectURL is the URL to redirect users going through
|
|
// the OAuth flow, after the resource owner's URLs.
|
|
RedirectURL *url.URL
|
|
// Scope specifies optional requested permissions.
|
|
Scopes []string
|
|
|
|
// AuthCodeOptions specifies additional key value pairs query params to add
|
|
// to the request flow signin url.
|
|
AuthCodeOptions map[string]string
|
|
|
|
// When set validates the audience in access tokens.
|
|
AccessTokenAllowedAudiences *[]string
|
|
}
|