Categorygithub.com/emanoelxavier/openid2goopenid

package

0.0.0-20190718021401-6345b638bfc9

Repository: https://github.com/emanoelxavier/openid2go.git

Documentation: pkg.go.dev

# README

Go OpenId

Summary

A Go package that implements web service middlewares for authenticating identities represented by OpenID Connect (OIDC) ID Tokens.

"OpenID Connect 1.0 is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server" - OpenID Connect

Installation

go get github.com/emanoelxavier/openid2go/openid

Example

This example demonstrates how to use this package to validate incoming ID Tokens. It initializes the Configuration with the desired providers (OPs) and registers two middlewares: openid.Authenticate and openid.AuthenticateUser. The former performs the token validation while the latter, in addition to that, will forward the user information to the next handler.

import (
	"fmt"
	"net/http"

	"github.com/emanoelxavier/openid2go/openid"
)

func AuthenticatedHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintln(w, "The user was authenticated!")
}

func AuthenticatedHandlerWithUser(u *openid.User, w http.ResponseWriter, r *http.Request) {
	fmt.Fprintf(w, "The user was authenticated! The token was issued by %v and the user is %+v.", u.Issuer, u)
}

func Example() {
	configuration, err := openid.NewConfiguration(openid.ProvidersGetter(myGetProviders))

	if err != nil {
		panic(err)
	}
	
	http.Handle("/user", openid.AuthenticateUser(configuration, openid.UserHandlerFunc(AuthenticatedHandlerWithUser)))
	http.Handle("/authn", openid.Authenticate(configuration, http.HandlerFunc(AuthenticatedHandler)))
	
	http.ListenAndServe(":5100", nil)
}

func myGetProviders() ([]openid.Provider, error) {
	provider, err := openid.NewProvider("https://providerissuer", []string{"myClientID"})

	if err != nil {
		return nil, err
	}

	return []openid.Provider{provider}, nil
}

This example is also available in the documentation of this package, for more details see GoDoc.

Additional examples:

Tests

Unit Tests

go test github.com/emanoelxavier/openid2go/openid

Integration Tests

In addition to to unit tests, this package also comes with integration tests that will validate real ID Tokens issued by real OIDC providers. The following command will run those tests:

go test -tags integration github.com/emanoelxavier/openid2go/openid -issuer=[issuer] -clientID=[clientID] -idToken=[idToken]

Replace [issuer], [clientID] and [idToken] with the information from an identity provider of your choice.

For a quick spin you can use it with tokens issued by Google for the Google OAuth PlayGround entering "openid" (without quotes) within the scope field and copying the issued ID Token. For this provider and client the values will be:

go test -tags integration github.com/emanoelxavier/openid2go/openid -issuer=https://accounts.google.com -clientID=407408718192.apps.googleusercontent.com -idToken=copiedIDToken

Contributing

Open an issue if found a bug or have a functional request.
Disccuss.
Branch off, write the fix with test(s) and commit attaching to the issue.
Make a pull request.

# Functions

Authenticate

Authenticate middleware performs the validation of the OIDC ID Token.

AuthenticateUser

AuthenticateUser middleware performs the validation of the OIDC ID Token and forwards the authenticated user's information to the next handler in the pipeline.

ErrorHandler

ErrorHandler option registers the function responsible for handling the errors returned during token validation.

HTTPGetter

HTTPGetter option registers the function responsible for returning the providers containing the valid issuer and client IDs used to validate the ID Token.

NewConfiguration

NewConfiguration creates a new instance of Configuration and returns a pointer to it.

NewProvider

NewProvider returns a new instance of a Provider created with the given issuer and clientIDs.

ProvidersGetter

ProvidersGetter option registers the function responsible for returning the providers containing the valid issuer and client IDs used to validate the ID Token.

# Constants

SetupErrorEmptyProviderCollection

Empty collection of providers provided during setup.

SetupErrorInvalidClientIDs

Invalid client id collection provided during setup.

SetupErrorInvalidIssuer

Invalid issuer provided during setup.

ValidationErrorAudienceNotFound

Unexpected token audience value.

ValidationErrorAuthorizationHeaderNotFound

Authorization header not found on request.

ValidationErrorAuthorizationHeaderWrongFormat

Authorization header unexpected format.

ValidationErrorAuthorizationHeaderWrongSchemeName

Authorization header unexpected scheme.

ValidationErrorDecodeJwksFailure

Failure while decoding the jwk set.

ValidationErrorDecodeOpenIdConfigurationFailure

Failure while decoding the OIDC configuration.

ValidationErrorEmptyJwk

Empty jwk returned.

ValidationErrorEmptyJwkKey

Empty jwk key set returned.

ValidationErrorEmptyProviders

Empty collection of providers.

ValidationErrorGetJwksFailure

Failure while retrieving jwk set.

ValidationErrorGetOpenIdConfigurationFailure

Failure while retrieving the OIDC configuration.

ValidationErrorIdTokenEmpty

Empty ID token.

ValidationErrorInvalidAudience

Unexpected token audience content.

ValidationErrorInvalidAudienceType

Unexpected token audience type.

ValidationErrorInvalidIssuer

Unexpected token issuer content.

ValidationErrorInvalidIssuerType

Unexpected token issuer type.

ValidationErrorInvalidSubject

Unexpected token subject content.

ValidationErrorInvalidSubjectType

Unexpected token subject type.

ValidationErrorIssuerNotFound

Unexpected token value.

ValidationErrorJwtValidationFailure

Jwt token validation failed with a known error.

ValidationErrorJwtValidationUnknownFailure

Jwt token validation failed with an unknown error.

ValidationErrorKidNotFound

Key identifier not found.

ValidationErrorMarshallingKey

Error while marshalling the signing key.

ValidationErrorSubjectNotFound

Token missing the 'sub' claim.

# Structs

Configuration

The Configuration contains the entities needed to perform ID token validation.

Provider

Provider represents an OpenId Identity Provider (OP) and contains the information needed to perform validation of ID Token.

SetupError

SetupError represents the error returned by operations called during middleware setup.

User

User represents the authenticated user encapsulating information obtained from the validated ID token.

ValidationError

ValidationError represents the error returned by operations called during token validation.

# Interfaces

UserHandler

The UserHandler represents a handler to be registered by the middleware AuthenticateUser.

# Type aliases

ErrorHandlerFunc

The ErrorHandlerFunc represents the function used to handle errors during token validation.

GetIDTokenFunc

GetIDTokenFunc represents the function used to provide the OIDC idToken.

GetProvidersFunc

The GetProvidersFunc defines the function type used to retrieve the collection of allowed OP(s) along with the respective client IDs registered with those providers that can access the backend service using this package.

HTTPGetFunc

HTTPGetFunc is a function that gets a URL based on a contextual request and a target URL.

SetupErrorCode

SetupErrorCode is the type of error code that can be returned by the operations done during middleware setup.

UserHandlerFunc

The UserHandlerFunc is an adapter to allow the use of functions as UserHandler.

ValidationErrorCode

ValidationErrorCode is the type of error code that can be returned by the operations done during token validation.