Documentation ¶
Index ¶
- type Handler
- func (c *Handler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool
- func (c *Handler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool
- func (c *Handler) CheckRequest(ctx context.Context, request oauth2.AccessRequester) error
- func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error
- func (c *Handler) PopulateTokenEndpointResponse(ctx context.Context, request oauth2.AccessRequester, ...) error
- type RFC7523KeyStorage
- type Session
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct { Storage RFC7523KeyStorage Config interface { oauth2.AccessTokenLifespanProvider oauth2.TokenURLProvider oauth2.GrantTypeJWTBearerCanSkipClientAuthProvider oauth2.GrantTypeJWTBearerIDOptionalProvider oauth2.GrantTypeJWTBearerIssuedDateOptionalProvider oauth2.GetJWTMaxDurationProvider oauth2.AudienceStrategyProvider oauth2.ScopeStrategyProvider } *hoauth2.HandleHelper }
func (*Handler) CanHandleTokenEndpointRequest ¶
func (*Handler) CanSkipClientAuth ¶
func (*Handler) CheckRequest ¶
func (*Handler) HandleTokenEndpointRequest ¶
func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error
HandleTokenEndpointRequest implements https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3 (everything) and https://datatracker.ietf.org/doc/html/rfc7523#section-2.1 (everything)
TODO: Refactor time permitting.
func (*Handler) PopulateTokenEndpointResponse ¶
func (c *Handler) PopulateTokenEndpointResponse(ctx context.Context, request oauth2.AccessRequester, response oauth2.AccessResponder) error
type RFC7523KeyStorage ¶
type RFC7523KeyStorage interface { // GetPublicKey returns public key, issued by 'issuer', and assigned for subject. Public key is used to check // signature of jwt assertion in authorization grants. GetPublicKey(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error) // GetPublicKeys returns public key, set issued by 'issuer', and assigned for subject. GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error) // GetPublicKeyScopes returns assigned scope for assertion, identified by public key, issued by 'issuer'. GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) ([]string, error) // IsJWTUsed returns true, if JWT is not known yet or it can not be considered valid, because it must be already // expired. IsJWTUsed(ctx context.Context, jti string) (bool, error) // MarkJWTUsedForTime marks JWT as used for a time passed in exp parameter. This helps ensure that JWTs are not // replayed by maintaining the set of used "jti" values for the length of time for which the JWT would be // considered valid based on the applicable "exp" instant. (https://datatracker.ietf.org/doc/html/rfc7523#section-3) MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error }
RFC7523KeyStorage holds information needed to validate jwt assertion in authorization grants.
Click to show internal directories.
Click to hide internal directories.