Documentation
¶
Index ¶
- Variables
- type OIDCClientConfig
- type Options
- type Service
- func (s *Service) Callback(w http.ResponseWriter, r *http.Request) error
- func (s *Service) Index(w http.ResponseWriter, r *http.Request) error
- func (s *Service) Login(w http.ResponseWriter, r *http.Request) error
- func (s *Service) Logout(w http.ResponseWriter, r *http.Request) error
- func (s *Service) RegisterHandlers(mux *ihttp.ServeMux)
- func (s *Service) Style(w http.ResponseWriter, r *http.Request) error
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrCannotDetermineUser = ihttp.NewError("cannot determine user", http.StatusInternalServerError) ErrRenderFailure = ihttp.NewError("failed to render page", http.StatusInternalServerError) )
Functions ¶
This section is empty.
Types ¶
type OIDCClientConfig ¶
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func (*Service) Callback ¶
Callback handles the OIDC provider's redirect after authentication. It verifies the state parameter (CSRF protection), exchanges the authorization code for tokens using the PKCE verifier, validates the ID token, and creates a session.
func (*Service) Login ¶
Login initiates the OIDC authentication flow with PKCE S256. PKCE (Proof Key for Code Exchange) protects against authorization code interception attacks by using a cryptographically random verifier and its SHA256 hash challenge. See: https://www.rfc-editor.org/rfc/rfc7636
func (*Service) RegisterHandlers ¶
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.