Categorygithub.com/deepzz0/oidc
modulepackage
0.0.1
Repository: https://github.com/deepzz0/oidc.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
17
Dependents
1
Files
1.3k SLOC

# README

oidc

Golang OAuth2/OIDC Server Library.

OpenIDConnect-Map-4Feb2014.png

Our goals:

  • Security.
  • KISS.
  • Simple API.

Features

  • Grant Types Support:
    • Authorization Code
    • Refresh Token
    • Client Credentials
    • Password Legacy
    • Implicit Flow Legacy
    • Assertion:
      • JWT Bearer
      • Token Exchange
      • SAML2 Bearer
      • Device Code
  • PKCE For Public Cilents: plain, S256
  • Session Management:
    • Check Session
    • End Session: Front Channel, Back Channel
  • Token Revocation
  • Request Object
  • Dynamic Client Registration
  • Self Issued OP
  • Known Scopes: openid, email, profile, phone, address, offline_access
  • Token Type Support: Bearer, JWT
  • ID Token Signing Algo: HS256, RS256, ES256
  • Client Auth Method: client_secret_basic, client_secret_post
  • Hybrid Response Type: code, token, id_token
  • Response Mode Support: query, fragment, form_post

Have fun!

Building

This library uses Go modules and uses semantic versioning. Building is done with the go tool, so the following should work:

go get github.com/deepzz0/oidc

Examples

A short "how to use the API" is at the beginning of doc.go (this also will show when you call godoc github.com/deepzz0/oidc).

Example programs can be found in the Examples repository.

RFCs

Try our best, see https://oauth.net/specs/ and https://openid.net/developers/specs/.

OAuth2:

  • 6749 - OAuth 2.0 Authorization Framework

  • 6750 - OAuth 2.0 Authorization Framework: Bearer Token Usage

  • 6755 - An IETF URN Sub-Namespace for OAuth

  • 6819 - OAuth 2.0 Threat Model and Security Considerations

  • 7009 - OAuth 2.0 Token Revocation

  • 7519 - JSON Web Token (JWT)

  • 7521 - Assertion Framework for OAuth 2.0 Client Authentication and Authorization Grants

  • 7522 - SAML 2.0 Profile for OAuth 2.0 Client Authentication and Authorization Grants

  • 7523 - JWT Profile for OAuth 2.0 Client Authentication and Authorization Grants

  • 7591 - OAuth 2.0 Dynamic Client Registration Protocol

  • 7592 - OAuth 2.0 Dynamic Client Registration Management Protocol

  • 7636 - Proof Key for Code Exchange by OAuth Public Clients PKCE

  • 7662 - OAuth 2.0 Token Introspection

  • 7800 - Proof-of-Possession Key Semantics for JSON Web Tokens (JWTs)

  • 8176 - Authentication Method Reference Values

  • 8252 - OAuth 2.0 for Native Apps

  • 8414 - OAuth 2.0 Authorization Server Metadata

  • 8628 - OAuth 2.0 Device Authorization Grant

  • 8693 - OAuth 2.0 Token Exchange

  • 8705 - OAuth 2.0 Mutual-TLS Client Authentication and Certificate-Bound Access Tokens

  • 8707 - Resource Indicators for OAuth 2.0

  • 8725 - JSON Web Token Best Current Practices

  • 9101 - The OAuth 2.0 Authorization Framework: JWT-Secured Authorization Request (JAR)

  • 9126 - OAuth 2.0 Pushed Authorization Requests

  • 9207 - OAuth 2.0 Authorization Server Issuer Identification

  • 9278 - JWK Thumbprint URI

  • 9608 - JWT Profile for OAuth 2.0 Access Tokens

  • OAuth Parameters

  • WebAuthn

OIDC:

FAPI

MODRNA

Optional follow experimental and draft Specs:

OAuth 2.1?

See https://oauth.net/2.1/.

# Packages

Package examples provides ...
No description provided by the author
Package protocol provides ...

# Functions

NewServer new OAuth/OIDC server.
ParseMatchURL resolving uri references to base url.
ValidateClientSecret determines whether the given secret matches a secret held by the client.
ValidateCodeChallenge validates the code challenge https://tools.ietf.org/html/rfc7636.
ValidateGrantType validates the client grant type support.
ValidateIDTokenHint validates the id_token_hint (if passed as parameter in the request) and returns the `sub` claim.
ValidateOfflineAccess validate offline_access.
ValidatePrompt validate prompt, set max_age=0 if prompt login is present.
ValidateResponseType validates the response type.
ValidateScopes validates the scopes & remove invalid scope.
ValidateTokenHint only support access_token & refresh_token.
ValidateURI validates that redirectURI is contained in baseURI.
ValidateURIList validates that redirectURI is contained in baseURIList.
WithAllowClientSecretInParams whether client secret also in params.
WithAllowGetAccessRequest whether access request using GET.
WithDefaultScopes set default scopes.
WithForcePKCEForPublicClients PKCE for public clients.
WithRedirectURISeparator separator to support multiple URIs.
WithRetainTokenAfterRefresh retain token afrer refresh until expired.
WithSession session management for check_session_iframe/end_session_endpoint.
WithStorage implements protocol.Storage object.
WithSupportedRequestObject the authorize request obj.
WithTokenType change default: Bearer to anothor.

# Constants

token type list.
token type list.

# Structs

BasicAuth http basic auth.
Options oidc server options.
ResponseTypeOK response type ok.
Server OAuth2/OIDC.

# Type aliases

Option custon option.
TokenType access token type.
URIValidationError error returned when validation don't match.