CreateTestJWT creates and signs a valid JWT with the given headers and claims.

GetOIDCClientContext returns a new Context that carries the provided HTTP client with TLS certificate verification disabled when insecureSkipVerify is true and enabled otherwise.

GetStandardDiscoveryEndpoint returns the standard issuer based provider metadata discovery endpoint by concatenating the string /.well-known/openid-configuration to the issuer.

IsValidPrincipalName checks if the given user/role name would be valid.

Creates a new Authenticator that stores user info in the given Bucket.

Returns a new random replacement key-only cache that can potentially grow upto the provided size.

UnmarshalIdentityJSON raw claim bytes as IdentityJson.

ValidatePrincipalName performs the same checks as IsValidPrincipalName, but adds length check and returns a more verbose error message.

VerifyClaims parses a raw ID Token and verifies the claim.

The default bcrypt cost to use for hashing passwords.

Error message returned by failures to initialize OIDCClient due to nil provider reference.

Error message returned by failures to initialize OIDCClient due provider discovery error.

Error message returned by failures to initialize OIDCClient due error generating ID token verifier.

MaxProviderConfigSyncInterval is used as the duration between now and next provider metadata sync time when the metadata expiry is zero or half of the duration between provider metadata expiry and now is grater than 24 hours.

MinProviderConfigSyncInterval is used as the duration between now and next provider metadata sync time when half of the duration between provider metadata expiry and now is grater than 1 minute.

Request parameter to specify the OpenID Connect provider to be used for authentication, from the list of providers defined in the Sync Gateway configuration.

OIDCDiscoveryConfigPath represents a predefined string value to be used to construct the well-known endpoint.

Maximum number of attempted retries on cas failure updating principal.

ErrEmptyDiscoveryURL error is returned if the discovery URL is empty during non-standard discovery.

Error code returned by failures to set parameters to URL query string.

OIDCDiscoveryRetryWait represents the wait time between provider discovery retries.

SupportedAlgorithms is list of signing algorithms explicitly supported by github.com/coreos/go-oidc package.

Full list of supported algorithms is used to initially parse the JWT.

Defines channel grants and history for a single collection.

Configuration for Cross-Origin Resource Sharing <https://en.wikipedia.org/wiki/Cross-origin_resource_sharing>.

Struct is for ease of internal use Bucket store has each entry as a string "seq-endSeq".

Identity claims required for claims verification.

JWTConfigCommon groups together configuration options common to both OIDC and local JWT authentication.

A user login session (used with cookie-based auth.).

OIDCClient represents client configurations to authenticate end-users with an OpenID Connect provider.

Options for OpenID Connect.

PrincipalConfig represents a user/role as a JSON object.

ProviderMetadata describes the configuration of an OpenID Connect Provider.

RandReplKeyCache represents a random replacement cache.

SigningAlgorithms contains the signing algorithms which are supported and not supported by the underlying github.com/coreos/go-oidc package.

Cache is an interface to a key only cache.

Interface for deriving the set of channels and roles a User/Role has access to.

CollectionChannelAPI defines helper functions for interacting with a principal's CollectionAccess set using scope and collection name.

A Principal is an abstract object that can have access to channels.

PrincipalCollectionAccess defines a common interface for principal access control.

Role is basically the same as Principal, just concrete.

A User is a Principal that can log in and have multiple Roles.

UserCollectionAccess functions the same as PrincipalCollectionAccess, but for user-specific properties.

UserCollectionChannelAPI defines the interface for managing channel access that is supported by users but not roles.

JSONWebKeys implements oidc.KeySet for an in-memory JSONWebKey array.

Type is used to store a pair of channel names to triggered by sequences If there already exists the channel in the map it'll only update its sequence if the sequence being added is greater.