36 lines
908 B
Go
36 lines
908 B
Go
package oidc
|
|
|
|
import (
|
|
"errors"
|
|
|
|
"golang.org/x/oauth2"
|
|
)
|
|
|
|
// Nonce returns an auth code option which requires the ID Token created by the
|
|
// OpenID Connect provider to contain the specified nonce.
|
|
func Nonce(nonce string) oauth2.AuthCodeOption {
|
|
return oauth2.SetAuthURLParam("nonce", nonce)
|
|
}
|
|
|
|
// NonceSource represents a source which can verify a nonce is valid and has not
|
|
// been claimed before.
|
|
type NonceSource interface {
|
|
ClaimNonce(nonce string) error
|
|
}
|
|
|
|
// VerifyNonce ensures that the ID Token contains a nonce which can be claimed by the nonce source.
|
|
func VerifyNonce(source NonceSource) VerificationOption {
|
|
return nonceVerifier{source}
|
|
}
|
|
|
|
type nonceVerifier struct {
|
|
nonceSource NonceSource
|
|
}
|
|
|
|
func (n nonceVerifier) verifyIDToken(token *IDToken) error {
|
|
if token.Nonce == "" {
|
|
return errors.New("oidc: no nonce present in ID Token")
|
|
}
|
|
return n.nonceSource.ClaimNonce(token.Nonce)
|
|
}
|