mirror of
https://github.com/lukaszraczylo/traefikoidc.git
synced 2026-06-05 22:44:17 +00:00
lukaszraczylo
e64fc7f730
* Add redis support for distributed caching * Move towards the self-provided Redis connection pool and RESP protocol implementation. Official redis client library won't work with yaegi. * fixup! Move towards the self-provided Redis connection pool and RESP protocol implementation. Official redis client library won't work with yaegi. * fixup! fixup! Move towards the self-provided Redis connection pool and RESP protocol implementation. Official redis client library won't work with yaegi. * fixup! fixup! fixup! Move towards the self-provided Redis connection pool and RESP protocol implementation. Official redis client library won't work with yaegi. * fixup! fixup! fixup! fixup! Move towards the self-provided Redis connection pool and RESP protocol implementation. Official redis client library won't work with yaegi. * fixup! fixup! fixup! fixup! fixup! Move towards the self-provided Redis connection pool and RESP protocol implementation. Official redis client library won't work with yaegi. * ... and another all nighter. * fixup! ... and another all nighter. * fixup! fixup! ... and another all nighter. * fixup! fixup! fixup! ... and another all nighter. * Resolve issue #85 by adding ability to set custom claims in JWT tokens * Remove redundant validation in auth middleware ( issue #89 ) * Add ability to set cookie prefix for session cookies ( #87 ) * fixup! Add ability to set cookie prefix for session cookies ( #87 ) * Add ability to set cookie max age - issue #91 * Potential fix for code scanning alert no. 10: Size computation for allocation may overflow Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * fixup! Merge main into 0.8.0-redis: resolve conflicts --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
94 lines
2.4 KiB
Go
94 lines
2.4 KiB
Go
// Package providers implements a universal OIDC provider abstraction system.
|
|
// It provides a clean interface for different OIDC providers (Google, Azure, Generic)
|
|
// with provider-specific logic encapsulated in separate implementations.
|
|
package providers
|
|
|
|
import (
|
|
"net/url"
|
|
"time"
|
|
)
|
|
|
|
// TokenVerifier defines the interface for token verification.
|
|
type TokenVerifier interface {
|
|
VerifyToken(token string) error
|
|
}
|
|
|
|
// TokenCache defines the interface for a token cache.
|
|
type TokenCache interface {
|
|
Get(key string) (map[string]interface{}, bool)
|
|
}
|
|
|
|
// ProviderType is an enumeration for identifying different OIDC providers.
|
|
type ProviderType int
|
|
|
|
const (
|
|
ProviderTypeGeneric ProviderType = iota
|
|
ProviderTypeGoogle
|
|
ProviderTypeAzure
|
|
ProviderTypeGitHub
|
|
ProviderTypeAuth0
|
|
ProviderTypeOkta
|
|
ProviderTypeKeycloak
|
|
ProviderTypeAWSCognito
|
|
ProviderTypeGitLab
|
|
)
|
|
|
|
// Standard OAuth2/OIDC scope constants
|
|
const (
|
|
ScopeOfflineAccess = "offline_access"
|
|
ScopeOpenID = "openid"
|
|
ScopeProfile = "profile"
|
|
ScopeEmail = "email"
|
|
)
|
|
|
|
// ProviderCapabilities defines the specific features and behaviors of an OIDC provider.
|
|
type ProviderCapabilities struct {
|
|
PreferredTokenValidation string
|
|
SupportsRefreshTokens bool
|
|
RequiresOfflineAccessScope bool
|
|
RequiresPromptConsent bool
|
|
}
|
|
|
|
// ValidationResult holds the outcome of a token validation check.
|
|
type ValidationResult struct {
|
|
Authenticated bool
|
|
NeedsRefresh bool
|
|
IsExpired bool
|
|
}
|
|
|
|
// AuthParams contains the provider-specific parameters for building the authorization URL.
|
|
type AuthParams struct {
|
|
URLValues url.Values
|
|
Scopes []string
|
|
}
|
|
|
|
// TokenResult holds the tokens returned by the provider.
|
|
type TokenResult struct {
|
|
IDToken string
|
|
AccessToken string
|
|
RefreshToken string
|
|
}
|
|
|
|
// This abstraction allows for provider-specific logic to be encapsulated.
|
|
type OIDCProvider interface {
|
|
GetType() ProviderType
|
|
|
|
GetCapabilities() ProviderCapabilities
|
|
|
|
ValidateTokens(session Session, verifier TokenVerifier, tokenCache TokenCache, refreshGracePeriod time.Duration) (*ValidationResult, error)
|
|
|
|
BuildAuthParams(baseParams url.Values, scopes []string) (*AuthParams, error)
|
|
|
|
HandleTokenRefresh(tokenData *TokenResult) error
|
|
|
|
ValidateConfig() error
|
|
}
|
|
|
|
// This interface decouples the providers from the main session management implementation.
|
|
type Session interface {
|
|
GetIDToken() string
|
|
GetAccessToken() string
|
|
GetRefreshToken() string
|
|
GetAuthenticated() bool
|
|
}
|