当前位置: 首页>>代码示例>>Golang>>正文


Golang oidc.NewClient函数代码示例

本文整理汇总了Golang中github.com/coreos/go-oidc/oidc.NewClient函数的典型用法代码示例。如果您正苦于以下问题:Golang NewClient函数的具体用法?Golang NewClient怎么用?Golang NewClient使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。


在下文中一共展示了NewClient函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。

示例1: Connector

func (cfg *OIDCConnectorConfig) Connector(ns url.URL, lf oidc.LoginFunc, tpls *template.Template) (Connector, error) {
	ns.Path = path.Join(ns.Path, httpPathCallback)

	ccfg := oidc.ClientConfig{
		RedirectURL: ns.String(),
		Credentials: oidc.ClientCredentials{
			ID:     cfg.ClientID,
			Secret: cfg.ClientSecret,
		},
	}

	cl, err := oidc.NewClient(ccfg)
	if err != nil {
		return nil, err
	}

	idpc := &OIDCConnector{
		id:                   cfg.ID,
		issuerURL:            cfg.IssuerURL,
		cbURL:                ns,
		loginFunc:            lf,
		client:               cl,
		trustedEmailProvider: cfg.TrustedEmailProvider,
		emailClaim:           cfg.EmailClaim,
	}
	return idpc, nil
}
开发者ID:Tecsisa,项目名称:dex,代码行数:27,代码来源:connector_oidc.go

示例2: newAPIDriver

func newAPIDriver(pcfg oidc.ProviderConfig, creds oidc.ClientCredentials) (driver, error) {
	ccfg := oidc.ClientConfig{
		ProviderConfig: pcfg,
		Credentials:    creds,
	}
	oc, err := oidc.NewClient(ccfg)
	if err != nil {
		return nil, err
	}

	trans := &oidc.AuthenticatedTransport{
		TokenRefresher: &oidc.ClientCredsTokenRefresher{
			Issuer:     pcfg.Issuer,
			OIDCClient: oc,
		},
		RoundTripper: http.DefaultTransport,
	}
	hc := &http.Client{Transport: trans}
	svc, err := schema.NewWithBasePath(hc, pcfg.Issuer)
	if err != nil {
		return nil, err
	}

	return &apiDriver{svc: svc}, nil
}
开发者ID:adrianlop,项目名称:dex,代码行数:25,代码来源:driver_api.go

示例3: Redeem

func (p *OIDCProvider) Redeem(redirectURL, code string) (s *SessionState, err error) {
	c, err := oidc.NewClient(p.clientConfig)
	if err != nil {
		log.Fatalf("Unable to create Client: %v", err)
	}

	tok, err := c.ExchangeAuthCode(code)
	if err != nil {
		log.Printf("exchange auth error: %v\n", err)
		return nil, err
	}

	claims, err := tok.Claims()
	if err != nil {
		log.Printf("token claims error: %v", err)
		return nil, err
	}

	s = &SessionState{
		AccessToken:  tok.Data(),
		RefreshToken: tok.Data(),
		ExpiresOn:    time.Now().Add(time.Duration(claims["exp"].(float64)) * time.Second).Truncate(time.Second),
		Email:        claims["email"].(string),
	}

	return
}
开发者ID:coreos,项目名称:oauth2_proxy,代码行数:27,代码来源:oidc.go

示例4: InitOIDCClient

func (op *OIDCProvider) InitOIDCClient() error {

	if op.Issuer == "" {
		return fmt.Errorf("Issuer not defined for OpenID Connect provider %+v", op)
	}

	config, shouldSyncConfig, err := op.DiscoverConfig()
	if err != nil || config == nil {
		base.Warn("Error during OIDC discovery - unable to initialize client: %v", err)
		return err
	}

	clientCredentials := oidc.ClientCredentials{
		ID: *op.ClientID,
	}
	if op.ValidationKey != nil {
		clientCredentials.Secret = *op.ValidationKey
	}

	clientConfig := oidc.ClientConfig{
		ProviderConfig: *config,
		Credentials:    clientCredentials,
		RedirectURL:    *op.CallbackURL,
	}

	if op.Scope != nil || len(op.Scope) > 0 {
		clientConfig.Scope = op.Scope
	} else {
		clientConfig.Scope = []string{"openid", "email"}
	}

	op.OIDCClient, err = oidc.NewClient(clientConfig)
	if err != nil {
		return err
	}

	// Start process for ongoing sync of the provider config
	if shouldSyncConfig {
		base.LogTo("OIDC", "Not synchronizing provider config for issuer %s...", op.Issuer)
		op.OIDCClient.SyncProviderConfig(op.Issuer)
	}

	// Initialize the prefix for users created for this provider
	if err = op.InitUserPrefix(); err != nil {
		return err
	}

	return nil
}
开发者ID:paulharter,项目名称:sync_gateway,代码行数:49,代码来源:oidc.go

示例5: client

func (a *OIDCAuthenticator) client() (*oidc.Client, error) {
	// Fast check to see if client has already been initialized.
	if client := a.oidcClient.Load(); client != nil {
		return client.(*oidc.Client), nil
	}

	// Acquire lock, then recheck initialization.
	a.mu.Lock()
	defer a.mu.Unlock()
	if client := a.oidcClient.Load(); client != nil {
		return client.(*oidc.Client), nil
	}

	// Try to initialize client.
	providerConfig, err := oidc.FetchProviderConfig(a.httpClient, strings.TrimSuffix(a.issuerURL, "/"))
	if err != nil {
		glog.Errorf("oidc authenticator: failed to fetch provider discovery data: %v", err)
		return nil, fmt.Errorf("fetch provider config: %v", err)
	}

	clientConfig := oidc.ClientConfig{
		HTTPClient:     a.httpClient,
		Credentials:    oidc.ClientCredentials{ID: a.trustedClientID},
		ProviderConfig: providerConfig,
	}

	client, err := oidc.NewClient(clientConfig)
	if err != nil {
		glog.Errorf("oidc authenticator: failed to create client: %v", err)
		return nil, fmt.Errorf("create client: %v", err)
	}

	// SyncProviderConfig will start a goroutine to periodically synchronize the provider config.
	// The synchronization interval is set by the expiration length of the config, and has a mininum
	// and maximum threshold.
	stop := client.SyncProviderConfig(a.issuerURL)
	a.oidcClient.Store(client)
	a.close = func() {
		// This assumes the stop is an unbuffered channel.
		// So instead of closing the channel, we send am empty struct here.
		// This guarantees that when this function returns, there is no flying requests,
		// because a send to an unbuffered channel happens after the receive from the channel.
		stop <- struct{}{}
	}
	return client, nil
}
开发者ID:XbinZh,项目名称:kubernetes,代码行数:46,代码来源:oidc.go

示例6: GetOIDCClient

// Helper to get an OIDC client. Blocks until successful.
func GetOIDCClient(clientID, clientSecret, discoveryURL, redirectURL string) (*oidc.Client, error) {
	cc := oidc.ClientCredentials{
		ID:     clientID,
		Secret: clientSecret,
	}
	var cfg oidc.ProviderConfig
	var err error
	cfg = oidc.WaitForProviderConfig(http.DefaultClient, discoveryURL)
	ccfg := oidc.ClientConfig{
		ProviderConfig: cfg,
		Credentials:    cc,
		RedirectURL:    redirectURL,
		Scope:          []string{"offline_access", "openid", "email", "profile"},
	}
	oidcClient, err := oidc.NewClient(ccfg)
	if err != nil {
		return nil, err
	}
	oidcClient.SyncProviderConfig(discoveryURL)
	return oidcClient, nil
}
开发者ID:polvi,项目名称:oidccli,代码行数:22,代码来源:oidccli.go

示例7: mockClient

func mockClient(srv *server.Server, ci client.Client) (*oidc.Client, error) {
	hdlr := srv.HTTPHandler()
	sClient := &phttp.HandlerClient{Handler: hdlr}

	cfg, err := oidc.FetchProviderConfig(sClient, srv.IssuerURL.String())
	if err != nil {
		return nil, fmt.Errorf("failed to fetch provider config: %v", err)
	}

	jwks, err := srv.KeyManager.JWKs()
	if err != nil {
		return nil, fmt.Errorf("failed to generate JWKs: %v", err)
	}

	ks := key.NewPublicKeySet(jwks, time.Now().Add(1*time.Hour))
	ccfg := oidc.ClientConfig{
		HTTPClient:     sClient,
		ProviderConfig: cfg,
		Credentials:    ci.Credentials,
		KeySet:         *ks,
	}

	return oidc.NewClient(ccfg)
}
开发者ID:Tecsisa,项目名称:dex,代码行数:24,代码来源:oidc_test.go

示例8: newOIDCAuthProvider

func newOIDCAuthProvider(_ string, cfg map[string]string, persister rest.AuthProviderConfigPersister) (rest.AuthProvider, error) {
	issuer := cfg[cfgIssuerUrl]
	if issuer == "" {
		return nil, fmt.Errorf("Must provide %s", cfgIssuerUrl)
	}

	clientID := cfg[cfgClientID]
	if clientID == "" {
		return nil, fmt.Errorf("Must provide %s", cfgClientID)
	}

	clientSecret := cfg[cfgClientSecret]
	if clientSecret == "" {
		return nil, fmt.Errorf("Must provide %s", cfgClientSecret)
	}

	var certAuthData []byte
	var err error
	if cfg[cfgCertificateAuthorityData] != "" {
		certAuthData, err = base64.StdEncoding.DecodeString(cfg[cfgCertificateAuthorityData])
		if err != nil {
			return nil, err
		}
	}

	clientConfig := rest.Config{
		TLSClientConfig: rest.TLSClientConfig{
			CAFile: cfg[cfgCertificateAuthority],
			CAData: certAuthData,
		},
	}

	trans, err := rest.TransportFor(&clientConfig)
	if err != nil {
		return nil, err
	}
	hc := &http.Client{Transport: trans}

	providerCfg, err := oidc.FetchProviderConfig(hc, issuer)
	if err != nil {
		return nil, fmt.Errorf("error fetching provider config: %v", err)
	}

	scopes := strings.Split(cfg[cfgExtraScopes], ",")
	oidcCfg := oidc.ClientConfig{
		HTTPClient: hc,
		Credentials: oidc.ClientCredentials{
			ID:     clientID,
			Secret: clientSecret,
		},
		ProviderConfig: providerCfg,
		Scope:          append(scopes, oidc.DefaultScope...),
	}

	client, err := oidc.NewClient(oidcCfg)
	if err != nil {
		return nil, fmt.Errorf("error creating OIDC Client: %v", err)
	}

	oClient := &oidcClient{client}

	var initialIDToken jose.JWT
	if cfg[cfgIDToken] != "" {
		initialIDToken, err = jose.ParseJWT(cfg[cfgIDToken])
		if err != nil {
			return nil, err
		}
	}

	return &oidcAuthProvider{
		initialIDToken: initialIDToken,
		refresher: &idTokenRefresher{
			client:    oClient,
			cfg:       cfg,
			persister: persister,
		},
	}, nil
}
开发者ID:Q-Lee,项目名称:kubernetes,代码行数:78,代码来源:oidc.go

示例9: TestLoginURL

func TestLoginURL(t *testing.T) {
	lf := func(ident oidc.Identity, sessionKey string) (redirectURL string, err error) { return }

	tests := []struct {
		cid    string
		redir  string
		state  string
		scope  []string
		prompt string
		v      url.Values
	}{
		// Standard example
		{
			cid:    "fake-client-id",
			redir:  "http://example.com/oauth-redirect",
			state:  "fake-session-id",
			scope:  []string{"openid", "email", "profile"},
			prompt: "",
			v: url.Values{
				"response_type": {"code"},
				"state":         {"fake-session-id"},
				"redirect_uri":  {"http://example.com/oauth-redirect"},
				"scope":         {"openid email profile"},
				"client_id":     {"fake-client-id"},
			},
		},
		// No scope
		{
			cid:    "fake-client-id",
			redir:  "http://example.com/oauth-redirect",
			state:  "fake-session-id",
			scope:  []string{},
			prompt: "",
			v: url.Values{
				"response_type": {"code"},
				"state":         {"fake-session-id"},
				"redirect_uri":  {"http://example.com/oauth-redirect"},
				"scope":         {""},
				"client_id":     {"fake-client-id"},
			},
		},
		// No state
		{
			cid:    "fake-client-id",
			redir:  "http://example.com/oauth-redirect",
			state:  "",
			scope:  []string{},
			prompt: "",
			v: url.Values{
				"response_type": {"code"},
				"state":         {""},
				"redirect_uri":  {"http://example.com/oauth-redirect"},
				"scope":         {""},
				"client_id":     {"fake-client-id"},
			},
		},
		// Force prompt
		{
			cid:    "fake-client-id",
			redir:  "http://example.com/oauth-redirect",
			state:  "fake-session-id",
			scope:  []string{"openid", "email", "profile"},
			prompt: "select_account",
			v: url.Values{
				"response_type": {"code"},
				"prompt":        {"select_account"},
				"state":         {"fake-session-id"},
				"redirect_uri":  {"http://example.com/oauth-redirect"},
				"scope":         {"openid email profile"},
				"client_id":     {"fake-client-id"},
			},
		},
	}

	for i, tt := range tests {
		cfg := oidc.ClientConfig{
			Credentials: oidc.ClientCredentials{ID: tt.cid, Secret: "fake-client-secret"},
			RedirectURL: tt.redir,
			ProviderConfig: oidc.ProviderConfig{
				AuthEndpoint:  "http://example.com/authorize",
				TokenEndpoint: "http://example.com/token",
			},
			Scope: tt.scope,
		}
		cl, err := oidc.NewClient(cfg)
		if err != nil {
			t.Errorf("test: %d. unexpected error: %v", i, err)
		}
		cn := &OIDCConnector{
			loginFunc: lf,
			client:    cl,
		}

		lu, err := cn.LoginURL(tt.state, tt.prompt)
		if err != nil {
			t.Errorf("test: %d. want: no url error, got: error, error: %v", i, err)
		}

		u, err := url.Parse(lu)
		if err != nil {
//.........这里部分代码省略.........
开发者ID:adrianlop,项目名称:dex,代码行数:101,代码来源:connector_oidc_test.go

示例10: TestHTTPExchangeTokenRefreshToken


//.........这里部分代码省略.........
	srv := &server.Server{
		IssuerURL:        issuerURL,
		KeyManager:       km,
		SessionManager:   sm,
		ClientRepo:       clientRepo,
		ClientManager:    clientManager,
		Templates:        template.New(connector.LoginPageTemplateName),
		Connectors:       []connector.Connector{},
		UserRepo:         userRepo,
		PasswordInfoRepo: passwordInfoRepo,
		RefreshTokenRepo: refreshTokenRepo,
	}

	if err = srv.AddConnector(cfg); err != nil {
		t.Fatalf("Unexpected error: %v", err)
	}

	sClient := &phttp.HandlerClient{Handler: srv.HTTPHandler()}
	pcfg, err := oidc.FetchProviderConfig(sClient, issuerURL.String())
	if err != nil {
		t.Fatalf("Failed to fetch provider config: %v", err)
	}

	ks := key.NewPublicKeySet([]jose.JWK{k.JWK()}, time.Now().Add(1*time.Hour))

	ccfg := oidc.ClientConfig{
		HTTPClient:     sClient,
		ProviderConfig: pcfg,
		Credentials:    ci.Credentials,
		RedirectURL:    validRedirURL.String(),
		KeySet:         *ks,
	}

	cl, err := oidc.NewClient(ccfg)
	if err != nil {
		t.Fatalf("Failed creating oidc.Client: %v", err)
	}

	m := http.NewServeMux()

	var claims jose.Claims
	var refresh string

	m.HandleFunc("/callback", handleCallbackFunc(cl, &claims, &refresh))
	cClient := &phttp.HandlerClient{Handler: m}

	// this will actually happen due to some interaction between the
	// end-user and a remote identity provider
	sessionID, err := sm.NewSession("bogus_idpc", ci.Credentials.ID, "bogus", url.URL{}, "", false, []string{"openid", "offline_access", "email", "profile"})
	if err != nil {
		t.Fatalf("Unexpected error: %v", err)
	}
	if _, err = sm.AttachRemoteIdentity(sessionID, passwordInfo.Identity()); err != nil {
		t.Fatalf("Unexpected error: %v", err)
	}

	if _, err = sm.AttachUser(sessionID, usr.ID); err != nil {
		t.Fatalf("Unexpected error: %v", err)
	}

	key, err := sm.NewSessionKey(sessionID)
	if err != nil {
		t.Fatalf("Unexpected error: %v", err)
	}

	req, err := http.NewRequest("GET", fmt.Sprintf("http://client.example.com/callback?code=%s", key), nil)
开发者ID:Tecsisa,项目名称:dex,代码行数:67,代码来源:oidc_test.go

示例11: main

func main() {
	fs := flag.NewFlagSet("oidc-example-cli", flag.ExitOnError)
	clientID := fs.String("client-id", "", "")
	clientSecret := fs.String("client-secret", "", "")
	discovery := fs.String("discovery", "https://accounts.google.com", "")

	if err := fs.Parse(os.Args[1:]); err != nil {
		fmt.Fprintln(os.Stderr, err.Error())
		os.Exit(1)
	}

	if *clientID == "" {
		fmt.Println("--client-id must be set")
		os.Exit(2)
	}

	if *clientSecret == "" {
		fmt.Println("--client-secret must be set")
		os.Exit(2)
	}

	cc := oidc.ClientCredentials{
		ID:     *clientID,
		Secret: *clientSecret,
	}

	fmt.Printf("fetching provider config from %s...", *discovery)

	// NOTE: A real CLI would cache this config, or provide it via flags/config file.
	var cfg oidc.ProviderConfig
	var err error
	for {
		cfg, err = oidc.FetchProviderConfig(http.DefaultClient, *discovery)
		if err == nil {
			break
		}

		sleep := 1 * time.Second
		fmt.Printf("failed fetching provider config, trying again in %v: %v\n", sleep, err)
		time.Sleep(sleep)
	}

	fmt.Printf("fetched provider config from %s: %#v\n\n", *discovery, cfg)

	ccfg := oidc.ClientConfig{
		ProviderConfig: cfg,
		Credentials:    cc,
	}

	client, err := oidc.NewClient(ccfg)
	if err != nil {
		fmt.Printf("unable to create Client: %v\n", err)
		os.Exit(1)
	}

	tok, err := client.ClientCredsToken([]string{"openid"})
	if err != nil {
		fmt.Printf("unable to verify auth code with issuer: %v\n", err)
		os.Exit(1)
	}

	fmt.Printf("got jwt: %v\n\n", tok.Encode())

	claims, err := tok.Claims()
	if err != nil {
		fmt.Printf("unable to construct claims: %v\n", err)
		os.Exit(1)
	}

	fmt.Printf("got claims %#v...\n", claims)
}
开发者ID:GamerockSA,项目名称:dex,代码行数:71,代码来源:main.go

示例12: main

func main() {
	fs := flag.NewFlagSet("example-cli", flag.ExitOnError)
	clientID := fs.String("client-id", "", "")
	clientSecret := fs.String("client-secret", "", "")
	discovery := fs.String("discovery", "http://localhost:5556", "")
	logDebug := fs.Bool("log-debug", false, "log debug-level information")
	logTimestamps := fs.Bool("log-timestamps", false, "prefix log lines with timestamps")

	if err := fs.Parse(os.Args[1:]); err != nil {
		fmt.Fprintln(os.Stderr, err.Error())
		os.Exit(1)
	}

	if err := pflag.SetFlagsFromEnv(fs, "EXAMPLE_CLI"); err != nil {
		fmt.Fprintln(os.Stderr, err.Error())
		os.Exit(1)
	}

	if *logDebug {
		log.EnableDebug()
	}
	if *logTimestamps {
		log.EnableTimestamps()
	}

	if *clientID == "" {
		fmt.Println("--client-id must be set")
		os.Exit(2)
	}

	if *clientSecret == "" {
		fmt.Println("--client-secret must be set")
		os.Exit(2)
	}

	cc := oidc.ClientCredentials{
		ID:     *clientID,
		Secret: *clientSecret,
	}

	// NOTE: A real CLI would cache this config, or provide it via flags/config file.
	var cfg oidc.ProviderConfig
	var err error
	for {
		cfg, err = oidc.FetchProviderConfig(http.DefaultClient, *discovery)
		if err == nil {
			break
		}

		sleep := 1 * time.Second
		fmt.Printf("Failed fetching provider config, trying again in %v: %v\n", sleep, err)
		time.Sleep(sleep)
	}

	fmt.Printf("Fetched provider config from %s: %#v\n\n", *discovery, cfg)

	ccfg := oidc.ClientConfig{
		ProviderConfig: cfg,
		Credentials:    cc,
	}

	client, err := oidc.NewClient(ccfg)
	if err != nil {
		log.Fatalf("Unable to create Client: %v", err)
	}

	tok, err := client.ClientCredsToken([]string{"openid"})
	if err != nil {
		fmt.Printf("unable to verify auth code with issuer: %v\n", err)
		os.Exit(1)
	}

	fmt.Printf("got jwt: %v\n\n", tok.Encode())

	claims, err := tok.Claims()
	if err != nil {
		fmt.Printf("unable to construct claims: %v\n", err)
		os.Exit(1)
	}

	fmt.Printf("got claims %#v...\n", claims)
}
开发者ID:Tecsisa,项目名称:dex,代码行数:82,代码来源:main.go

示例13: main

func main() {
	log.SetOutput(os.Stderr)

	fs := flag.NewFlagSet("oidc-example-app", flag.ExitOnError)
	listen := fs.String("listen", defaultListenHost, "serve traffic on this address (<host>:<port>)")
	redirectURL := fs.String("redirect-url", fmt.Sprintf("http://%s%s", defaultListenHost, pathCallback), "")
	clientID := fs.String("client-id", "", "")
	clientSecret := fs.String("client-secret", "", "")
	discovery := fs.String("discovery", "https://accounts.google.com", "")

	if err := fs.Parse(os.Args[1:]); err != nil {
		log.Fatalf("failed parsing flags: %v", err)
	}

	if *clientID == "" {
		log.Fatal("--client-id must be set")
	}

	if *clientSecret == "" {
		log.Fatal("--client-secret must be set")
	}

	_, _, err := net.SplitHostPort(*listen)
	if err != nil {
		log.Fatalf("unable to parse host:port from --listen flag: %v", err)
	}

	cc := oidc.ClientCredentials{
		ID:     *clientID,
		Secret: *clientSecret,
	}

	log.Printf("fetching provider config from %s...", *discovery)

	var cfg oidc.ProviderConfig
	for {
		cfg, err = oidc.FetchProviderConfig(http.DefaultClient, *discovery)
		if err == nil {
			break
		}

		sleep := 3 * time.Second
		log.Printf("failed fetching provider config, trying again in %v: %v", sleep, err)
		time.Sleep(sleep)
	}

	log.Printf("fetched provider config from %s: %#v", *discovery, cfg)

	ccfg := oidc.ClientConfig{
		ProviderConfig: cfg,
		Credentials:    cc,
		RedirectURL:    *redirectURL,
	}

	client, err := oidc.NewClient(ccfg)
	if err != nil {
		log.Fatalf("unable to create Client: %v", err)
	}

	client.SyncProviderConfig(*discovery)

	redirectURLParsed, err := url.Parse(*redirectURL)
	if err != nil {
		log.Fatalf("unable to parse url from --redirect-url flag: %v", err)
	}
	hdlr := NewClientHandler(client, *redirectURLParsed)
	httpsrv := &http.Server{
		Addr:    fmt.Sprintf(*listen),
		Handler: hdlr,
	}

	log.Printf("binding to %s...", httpsrv.Addr)
	log.Fatal(httpsrv.ListenAndServe())
}
开发者ID:otsimo,项目名称:watch,代码行数:74,代码来源:main.go

示例14: New

// New creates a new OpenID Connect client with the given issuerURL and clientID.
// NOTE(yifan): For now we assume the server provides the "jwks_uri" so we don't
// need to manager the key sets by ourselves.
func New(opts OIDCOptions) (*OIDCAuthenticator, error) {
	var cfg oidc.ProviderConfig
	var err error
	var roots *x509.CertPool

	url, err := url.Parse(opts.IssuerURL)
	if err != nil {
		return nil, err
	}

	if url.Scheme != "https" {
		return nil, fmt.Errorf("'oidc-issuer-url' (%q) has invalid scheme (%q), require 'https'", opts.IssuerURL, url.Scheme)
	}

	if opts.CAFile != "" {
		roots, err = crypto.CertPoolFromFile(opts.CAFile)
		if err != nil {
			glog.Errorf("Failed to read the CA file: %v", err)
		}
	}
	if roots == nil {
		glog.Info("No x509 certificates provided, will use host's root CA set")
	}

	// Copied from http.DefaultTransport.
	tr := net.SetTransportDefaults(&http.Transport{
		// According to golang's doc, if RootCAs is nil,
		// TLS uses the host's root CA set.
		TLSClientConfig: &tls.Config{RootCAs: roots},
	})

	hc := &http.Client{}
	hc.Transport = tr

	maxRetries := opts.MaxRetries
	if maxRetries < 0 {
		maxRetries = DefaultRetries
	}
	retryBackoff := opts.RetryBackoff
	if retryBackoff < 0 {
		retryBackoff = DefaultBackoff
	}

	for i := 0; i <= maxRetries; i++ {
		if i == maxRetries {
			return nil, fmt.Errorf("failed to fetch provider config after %v retries", maxRetries)
		}

		cfg, err = oidc.FetchProviderConfig(hc, strings.TrimSuffix(opts.IssuerURL, "/"))
		if err == nil {
			break
		}
		glog.Errorf("Failed to fetch provider config, trying again in %v: %v", retryBackoff, err)
		time.Sleep(retryBackoff)
	}

	glog.Infof("Fetched provider config from %s: %#v", opts.IssuerURL, cfg)

	ccfg := oidc.ClientConfig{
		HTTPClient:     hc,
		Credentials:    oidc.ClientCredentials{ID: opts.ClientID},
		ProviderConfig: cfg,
	}

	client, err := oidc.NewClient(ccfg)
	if err != nil {
		return nil, err
	}

	// SyncProviderConfig will start a goroutine to periodically synchronize the provider config.
	// The synchronization interval is set by the expiration length of the config, and has a mininum
	// and maximum threshold.
	stop := client.SyncProviderConfig(opts.IssuerURL)

	return &OIDCAuthenticator{
		ccfg,
		client,
		opts.UsernameClaim,
		opts.GroupsClaim,
		stop,
		maxRetries,
		retryBackoff,
	}, nil
}
开发者ID:40a,项目名称:bootkube,代码行数:87,代码来源:oidc.go

示例15: NewOIDCProvider

func NewOIDCProvider(p *ProviderData) *OIDCProvider {
	var err error

	p.ProviderName = "OpenID Connect"

	cc := oidc.ClientCredentials{
		ID:     p.ClientID,
		Secret: p.ClientSecret,
	}

	var tlsConfig tls.Config
	// TODO: do handling of custom certs
	httpClient := &http.Client{Transport: &http.Transport{TLSClientConfig: &tlsConfig}}

	var cfg oidc.ProviderConfig
	for {
		cfg, err = oidc.FetchProviderConfig(httpClient, p.DiscoveryURL.String())
		if err == nil {
			break
		}

		sleep := 3 * time.Second
		log.Printf("Failed fetching provider config, trying again in %v: %v", sleep, err)
		time.Sleep(sleep)
	}

	u, err := url.Parse(cfg.TokenEndpoint)
	if err != nil {
		panic(err)
	}
	p.ValidateURL = u
	u, err = url.Parse(cfg.AuthEndpoint)
	if err != nil {
		panic(err)
	}
	p.RedeemURL = u
	p.Scope = "email"

	ccfg := oidc.ClientConfig{
		HTTPClient:     httpClient,
		ProviderConfig: cfg,
		Credentials:    cc,
	}

	client, err := oidc.NewClient(ccfg)
	if err != nil {
		log.Fatalf("Unable to create Client: %v", err)
	}

	client.SyncProviderConfig(p.DiscoveryURL.String())

	oac, err := client.OAuthClient()
	if err != nil {
		panic("unable to proceed")
	}

	login, err := url.Parse(oac.AuthCodeURL("", "", ""))
	if err != nil {
		panic("unable to proceed")
	}

	p.LoginURL = login

	return &OIDCProvider{
		ProviderData: p,
		clientConfig: ccfg,
	}
}
开发者ID:coreos,项目名称:oauth2_proxy,代码行数:68,代码来源:oidc.go


注:本文中的github.com/coreos/go-oidc/oidc.NewClient函数示例由纯净天空整理自Github/MSDocs等开源代码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。