mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2025-12-31 18:19:32 -05:00
118 lines
2.9 KiB
Go
118 lines
2.9 KiB
Go
package oidc
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/MicahParks/keyfunc/v2"
|
|
"github.com/opencloud-eu/opencloud/pkg/log"
|
|
"github.com/opencloud-eu/opencloud/services/proxy/pkg/config"
|
|
|
|
goidc "github.com/coreos/go-oidc/v3/oidc"
|
|
)
|
|
|
|
// Option defines a single option function.
|
|
type Option func(o *Options)
|
|
|
|
// Options defines the available options for this package.
|
|
type Options struct {
|
|
// HTTPClient to use for requests
|
|
HTTPClient *http.Client
|
|
// Logger to use for logging, must be set
|
|
Logger log.Logger
|
|
// The OpenID Connect Issuer URL
|
|
OIDCIssuer string
|
|
// JWKSOptions to use when retrieving keys
|
|
JWKSOptions config.JWKS
|
|
// the JWKS keyset to use for verifying signatures of Access- and
|
|
// Logout-Tokens
|
|
// this option is mostly needed for unit test. To avoid fetching the keys
|
|
// from the issuer
|
|
JWKS *keyfunc.JWKS
|
|
// KeySet to use when verifiing signatures of jwt encoded
|
|
// user info responses
|
|
// TODO move userinfo verification to use jwt/keyfunc as well
|
|
KeySet KeySet
|
|
// AccessTokenVerifyMethod to use when verifying access tokens
|
|
// TODO pass a function or interface to verify? an AccessTokenVerifier?
|
|
AccessTokenVerifyMethod string
|
|
// Config to use
|
|
Config *goidc.Config
|
|
|
|
// ProviderMetadata to use
|
|
ProviderMetadata *ProviderMetadata
|
|
}
|
|
|
|
// newOptions initializes the available default options.
|
|
func newOptions(opts ...Option) Options {
|
|
opt := Options{}
|
|
|
|
for _, o := range opts {
|
|
o(&opt)
|
|
}
|
|
|
|
return opt
|
|
}
|
|
|
|
// WithOidcIssuer provides a function to set the openid connect issuer option.
|
|
func WithOidcIssuer(val string) Option {
|
|
return func(o *Options) {
|
|
o.OIDCIssuer = val
|
|
}
|
|
}
|
|
|
|
// WithLogger provides a function to set the logger option.
|
|
func WithLogger(val log.Logger) Option {
|
|
return func(o *Options) {
|
|
o.Logger = val
|
|
}
|
|
}
|
|
|
|
// WithAccessTokenVerifyMethod provides a function to set the accessTokenVerifyMethod option.
|
|
func WithAccessTokenVerifyMethod(val string) Option {
|
|
return func(o *Options) {
|
|
o.AccessTokenVerifyMethod = val
|
|
}
|
|
}
|
|
|
|
// WithHTTPClient provides a function to set the httpClient option.
|
|
func WithHTTPClient(val *http.Client) Option {
|
|
return func(o *Options) {
|
|
o.HTTPClient = val
|
|
}
|
|
}
|
|
|
|
// WithJWKSOptions provides a function to set the jwksOptions option.
|
|
func WithJWKSOptions(val config.JWKS) Option {
|
|
return func(o *Options) {
|
|
o.JWKSOptions = val
|
|
}
|
|
}
|
|
|
|
// WithJWKS provides a function to set the JWKS option (mainly useful for testing).
|
|
func WithJWKS(val *keyfunc.JWKS) Option {
|
|
return func(o *Options) {
|
|
o.JWKS = val
|
|
}
|
|
}
|
|
|
|
// WithKeySet provides a function to set the KeySet option.
|
|
func WithKeySet(val KeySet) Option {
|
|
return func(o *Options) {
|
|
o.KeySet = val
|
|
}
|
|
}
|
|
|
|
// WithConfig provides a function to set the Config option.
|
|
func WithConfig(val *goidc.Config) Option {
|
|
return func(o *Options) {
|
|
o.Config = val
|
|
}
|
|
}
|
|
|
|
// WithProviderMetadata provides a function to set the provider option.
|
|
func WithProviderMetadata(val *ProviderMetadata) Option {
|
|
return func(o *Options) {
|
|
o.ProviderMetadata = val
|
|
}
|
|
}
|