Skip to content

Latest commit

 

History

History
57 lines (44 loc) · 1.61 KB

README.md

File metadata and controls

57 lines (44 loc) · 1.61 KB
Raw

Login

Login package provides tokenSource that is able to cache, reuse and obtain OIDC token.

Usage:

package main

import (
    "context"
    "log"
    "os"
    
    "github.com/bwplotka/oidc/login"
    "github.com/bwplotka/oidc/login/diskcache"
)

func main() {
    oidcConfig := login.OIDCConfig{
        ClientID: "client1",
        ClientSecret: "secret1",
        Provider: "https://issuer-oidc.org",
        // Make sure you ask for offline_access if you want to use refresh tokens!
        Scopes: []string{"openid", "email", "profile", "offline_access"},
    }
    
    sourceConfig := login.Config{
        BindAddress: "http://127.0.0.1:8883",
        NonceCheck: true,
        DisableLogin: false,
    }

    cache := disk.NewCache(".super_cache", oidcConfig) // see also other caches e.g k8s.NewCache.

	source, err := login.NewOIDCTokenSource(context.Background(), log.New(os.Stdout, "", 0), sourceConfig, cache)
	if err != nil {
		// handle err...
	}

	token, err := source.OIDCToken(context.Background())
	if err != nil {
	 // handle err...
	}
	
	// Use your token!
	token.AccessToken
	token.IDToken,
	token.RefreshToken
	
}

OIDCToken method will make sure you retrieve valid token. If token is in cache but expired it will try to refresh it using refresh token (if present). If cache is empty, or refresh token is wrong it will perform full OIDC login to obtain token.

NOTE: For login purposes and since it implements code OIDC flow, it requires browser to be available - it will not work on headless systems. If you wish to fail on expired/not valid refresh token - set login.Config.DisableLogin to true.