oauth2

package
v0.1.17 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 1, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessTokenJWTToRequest 

func AccessTokenJWTToRequest(token *jwt.Token) oauth2.Requester

AccessTokenJWTToRequest tries to reconstruct oauth2.Request from a JWT.

func IsJWTProfileAccessToken 

func IsJWTProfileAccessToken(token *jwt.Token) bool

IsJWTProfileAccessToken validates a *jwt.Token is actually a RFC9068 JWT Profile Access Token by checking the relevant header as per https://datatracker.ietf.org/doc/html/rfc9068#section-2.1 which explicitly states that the header MUST include a typ of 'at+jwt' or 'application/at+jwt' with a preference of 'at+jwt'.

Types

type AccessTokenStorage 

type AccessTokenStorage interface {
	CreateAccessTokenSession(ctx context.Context, signature string, request oauth2.Requester) (err error)

	GetAccessTokenSession(ctx context.Context, signature string, session oauth2.Session) (request oauth2.Requester, err error)

	DeleteAccessTokenSession(ctx context.Context, signature string) (err error)
}

type AccessTokenStrategy 

type AccessTokenStrategy interface {
	AccessTokenSignature(ctx context.Context, token string) string
	GenerateAccessToken(ctx context.Context, requester oauth2.Requester) (token string, signature string, err error)
	ValidateAccessToken(ctx context.Context, requester oauth2.Requester, token string) (err error)
}

type AuthorizeCodeStorage 

type AuthorizeCodeStorage interface {
	// CreateAuthorizeCodeSession stores the authorization request for a given authorization code.
	CreateAuthorizeCodeSession(ctx context.Context, code string, request oauth2.Requester) (err error)

	// GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request.
	// If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this
	// method should return the ErrInvalidatedAuthorizeCode error.
	//
	// Make sure to also return the oauth2.Requester value when returning the oauth2.ErrInvalidatedAuthorizeCode error!
	GetAuthorizeCodeSession(ctx context.Context, code string, session oauth2.Session) (request oauth2.Requester, err error)

	// InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization
	// code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the
	// ErrInvalidatedAuthorizeCode error.
	InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error)
}

AuthorizeCodeStorage handles storage requests related to authorization codes.

type AuthorizeCodeStrategy 

type AuthorizeCodeStrategy interface {
	AuthorizeCodeSignature(ctx context.Context, token string) string
	GenerateAuthorizeCode(ctx context.Context, requester oauth2.Requester) (token string, signature string, err error)
	ValidateAuthorizeCode(ctx context.Context, requester oauth2.Requester, token string) (err error)
}

type AuthorizeExplicitGrantHandler 

type AuthorizeExplicitGrantHandler struct {
	AccessTokenStrategy    AccessTokenStrategy
	RefreshTokenStrategy   RefreshTokenStrategy
	AuthorizeCodeStrategy  AuthorizeCodeStrategy
	CoreStorage            CoreStorage
	TokenRevocationStorage TokenRevocationStorage
	Config                 interface {
		oauth2.AuthorizeCodeLifespanProvider
		oauth2.AccessTokenLifespanProvider
		oauth2.RefreshTokenLifespanProvider
		oauth2.ScopeStrategyProvider
		oauth2.AudienceStrategyProvider
		oauth2.RedirectSecureCheckerProvider
		oauth2.RefreshTokenScopesProvider
		oauth2.OmitRedirectScopeParamProvider
		oauth2.SanitationAllowedProvider
	}
}

AuthorizeExplicitGrantHandler is a response handler for the Authorize Code grant using the explicit grant type as defined in https://datatracker.ietf.org/doc/html/rfc6749#section-4.1

func (*AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest 

func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool

func (*AuthorizeExplicitGrantHandler) CanSkipClientAuth 

func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool

func (*AuthorizeExplicitGrantHandler) GetSanitationWhiteList 

func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList(ctx context.Context) []string

func (*AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest 

func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest 

func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error

HandleTokenEndpointRequest implements * https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3 (everything)

func (*AuthorizeExplicitGrantHandler) IssueAuthorizeCode 

func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse 

func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) (err error)

PopulateTokenEndpointResponse implements oauth2.TokenEndpointHandler.

TODO: Refactor time permitting.

type AuthorizeImplicitGrantTypeHandler 

type AuthorizeImplicitGrantTypeHandler struct {
	AccessTokenStrategy AccessTokenStrategy
	// AccessTokenStorage is used to persist session data across requests.
	AccessTokenStorage AccessTokenStorage

	Config interface {
		oauth2.AccessTokenLifespanProvider
		oauth2.ScopeStrategyProvider
		oauth2.AudienceStrategyProvider
	}
}

AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type as defined in https://datatracker.ietf.org/doc/html/rfc6749#section-4.2

func (*AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest 

func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error

func (*AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken 

func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error

type ClientCredentialsGrantHandler 

type ClientCredentialsGrantHandler struct {
	*HandleHelper
	Config interface {
		oauth2.ScopeStrategyProvider
		oauth2.AudienceStrategyProvider
		oauth2.AccessTokenLifespanProvider
		oauth2.ClientCredentialsImplicitProvider
	}
}

func (*ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest 

func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool

func (*ClientCredentialsGrantHandler) CanSkipClientAuth 

func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool

func (*ClientCredentialsGrantHandler) HandleTokenEndpointRequest 

func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error

HandleTokenEndpointRequest implements https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.2

func (*ClientCredentialsGrantHandler) PopulateTokenEndpointResponse 

func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request oauth2.AccessRequester, response oauth2.AccessResponder) error

PopulateTokenEndpointResponse implements https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.3

type ClientCredentialsGrantStorage 

type ClientCredentialsGrantStorage interface {
	AccessTokenStorage
}

type CodeTokenEndpointHandler 

type CodeTokenEndpointHandler interface {
	ValidateGrantTypes(ctx context.Context, requester oauth2.AccessRequester) error
	ValidateCodeAndSession(ctx context.Context, request oauth2.AccessRequester, authorizeRequest oauth2.Requester, code string) error
	GetCodeAndSession(ctx context.Context, request oauth2.AccessRequester) (string, string, oauth2.Requester, error)
	UpdateLastChecked(ctx context.Context, request oauth2.AccessRequester, authorizeRequest oauth2.Requester) error
	InvalidateSession(ctx context.Context, signature string, authorizeRequest oauth2.Requester) error
	CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool
	CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool
	DeviceCodeSignature(ctx context.Context, code string) (string, error)
}

type CoreStorage 

type CoreStorage interface {
	AuthorizeCodeStorage
	AccessTokenStorage
	RefreshTokenStorage
}

type CoreStrategy 

type CoreStrategy interface {
	AccessTokenStrategy
	RefreshTokenStrategy
	AuthorizeCodeStrategy
	DeviceCodeStrategy
	UserCodeStrategy
}

CoreStrategy performs the major elements of token generation and validation.

func NewCoreStrategy 

func NewCoreStrategy(config CoreStrategyConfigurator, prefix string, signer jwt.Signer) (strategy CoreStrategy)

NewCoreStrategy is a special constructor that if provided a signer will automatically decorate the HMACCoreStrategy with a JWTProfileCoreStrategy, otherwise it just returns the HMACCoreStrategy.

type CoreStrategyConfigurator 

type CoreStrategyConfigurator interface {
	HMACCoreStrategyConfigurator

	oauth2.AccessTokenIssuerProvider
	oauth2.JWTScopeFieldProvider
	oauth2.JWTProfileAccessTokensProvider
}

type CoreValidator 

type CoreValidator struct {
	CoreStrategy
	CoreStorage
	Config coreValidatorConfigProvider
}

func (*CoreValidator) IntrospectToken 

func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenUse oauth2.TokenUse, accessRequest oauth2.AccessRequester, scopes []string) (oauth2.TokenUse, error)

type DeviceCodeStrategy 

type DeviceCodeStrategy interface {
	RFC8628DeviceCodeSignature(ctx context.Context, code string) (signature string, err error)
	GenerateRFC8628DeviceCode(ctx context.Context) (code string, signature string, err error)
	ValidateRFC8628DeviceCode(ctx context.Context, r oauth2.Requester, code string) (err error)
}

type GenericCodeTokenEndpointHandler 

type GenericCodeTokenEndpointHandler struct {
	CodeTokenEndpointHandler

	AccessTokenStrategy    AccessTokenStrategy
	RefreshTokenStrategy   RefreshTokenStrategy
	CoreStorage            CoreStorage
	TokenRevocationStorage TokenRevocationStorage
	Config                 interface {
		oauth2.AccessTokenLifespanProvider
		oauth2.RefreshTokenLifespanProvider
		oauth2.RefreshTokenScopesProvider
	}
}

func (*GenericCodeTokenEndpointHandler) CanHandleTokenEndpointRequest 

func (c *GenericCodeTokenEndpointHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool

func (*GenericCodeTokenEndpointHandler) CanSkipClientAuth 

func (c *GenericCodeTokenEndpointHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool

func (*GenericCodeTokenEndpointHandler) HandleTokenEndpointRequest 

func (c *GenericCodeTokenEndpointHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error

func (*GenericCodeTokenEndpointHandler) PopulateTokenEndpointResponse 

func (c *GenericCodeTokenEndpointHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) (err error)

type HMACCoreStrategy 

type HMACCoreStrategy struct {
	Enigma *hmac.HMACStrategy
	Config interface {
		oauth2.AccessTokenLifespanProvider
		oauth2.RefreshTokenLifespanProvider
		oauth2.AuthorizeCodeLifespanProvider
		oauth2.RFC9628DeviceAuthorizeConfigProvider
	}
	// contains filtered or unexported fields
}

func NewHMACCoreStrategy 

func NewHMACCoreStrategy(config HMACCoreStrategyConfigurator, prefix string) (strategy *HMACCoreStrategy)

NewHMACCoreStrategy creates a new HMACCoreStrategy with the potential to include the prefix format. The prefix must include a single '%s' for the purpose of adding the token part (ac, at, and rt; for the Authorize Code, Access Token, and Refresh Token; respectively.

func (*HMACCoreStrategy) AccessTokenSignature 

func (s *HMACCoreStrategy) AccessTokenSignature(ctx context.Context, tokenString string) (signature string)

AccessTokenSignature implements oauth2.AccessTokenStrategy.

func (*HMACCoreStrategy) AuthorizeCodeSignature 

func (s *HMACCoreStrategy) AuthorizeCodeSignature(ctx context.Context, token string) string

AuthorizeCodeSignature implements oauth2.AuthorizeCodeStrategy.

func (*HMACCoreStrategy) GenerateAccessToken 

func (s *HMACCoreStrategy) GenerateAccessToken(ctx context.Context, _ oauth2.Requester) (tokenString string, signature string, err error)

GenerateAccessToken implements oauth2.AccessTokenStrategy.

func (*HMACCoreStrategy) GenerateAuthorizeCode 

func (s *HMACCoreStrategy) GenerateAuthorizeCode(ctx context.Context, _ oauth2.Requester) (tokenString string, signature string, err error)

GenerateAuthorizeCode implements oauth2.AuthorizeCodeStrategy.

func (*HMACCoreStrategy) GenerateRFC8628DeviceCode 

func (s *HMACCoreStrategy) GenerateRFC8628DeviceCode(ctx context.Context) (tokenString string, signature string, err error)

GenerateRFC8628DeviceCode implements rfc8628.DeviceCodeStrategy.

func (*HMACCoreStrategy) GenerateRFC8628UserCode 

func (s *HMACCoreStrategy) GenerateRFC8628UserCode(ctx context.Context) (tokenString string, signature string, err error)

GenerateRFC8628UserCode implements rfc8628.UserCodeStrategy.

func (*HMACCoreStrategy) GenerateRefreshToken 

func (s *HMACCoreStrategy) GenerateRefreshToken(ctx context.Context, _ oauth2.Requester) (tokenString string, signature string, err error)

GenerateRefreshToken implements oauth2.RefreshTokenStrategy.

func (*HMACCoreStrategy) RFC8628DeviceCodeSignature 

func (s *HMACCoreStrategy) RFC8628DeviceCodeSignature(ctx context.Context, tokenString string) (signature string, err error)

RFC8628DeviceCodeSignature implements rfc8628.DeviceCodeStrategy.

func (*HMACCoreStrategy) RFC8628UserCodeSignature 

func (s *HMACCoreStrategy) RFC8628UserCodeSignature(ctx context.Context, tokenString string) (signature string, err error)

func (*HMACCoreStrategy) RefreshTokenSignature 

func (s *HMACCoreStrategy) RefreshTokenSignature(ctx context.Context, tokenString string) string

RefreshTokenSignature implements oauth2.RefreshTokenStrategy.

func (*HMACCoreStrategy) ValidateAccessToken 

func (s *HMACCoreStrategy) ValidateAccessToken(ctx context.Context, r oauth2.Requester, tokenString string) (err error)

ValidateAccessToken implements oauth2.AccessTokenStrategy.

func (*HMACCoreStrategy) ValidateAuthorizeCode 

func (s *HMACCoreStrategy) ValidateAuthorizeCode(ctx context.Context, r oauth2.Requester, tokenString string) (err error)

ValidateAuthorizeCode implements oauth2.AuthorizeCodeStrategy.

func (*HMACCoreStrategy) ValidateRFC8628DeviceCode 

func (s *HMACCoreStrategy) ValidateRFC8628DeviceCode(ctx context.Context, r oauth2.Requester, code string) (err error)

ValidateRFC8628DeviceCode implements rfc8628.DeviceCodeStrategy.

func (*HMACCoreStrategy) ValidateRFC8628UserCode 

func (s *HMACCoreStrategy) ValidateRFC8628UserCode(ctx context.Context, r oauth2.Requester, code string) (err error)

ValidateRFC8628UserCode implements rfc8628.UserCodeStrategy.

func (*HMACCoreStrategy) ValidateRefreshToken 

func (s *HMACCoreStrategy) ValidateRefreshToken(ctx context.Context, r oauth2.Requester, tokenString string) (err error)

ValidateRefreshToken implements oauth2.RefreshTokenStrategy.

type HMACCoreStrategyConfigurator 

type HMACCoreStrategyConfigurator interface {
	oauth2.AccessTokenLifespanProvider
	oauth2.RefreshTokenLifespanProvider
	oauth2.AuthorizeCodeLifespanProvider
	oauth2.TokenEntropyProvider
	oauth2.GlobalSecretProvider
	oauth2.RotatedGlobalSecretsProvider
	oauth2.HMACHashingProvider
	oauth2.RFC9628DeviceAuthorizeConfigProvider
}

type HandleHelper 

type HandleHelper struct {
	AccessTokenStrategy AccessTokenStrategy
	AccessTokenStorage  AccessTokenStorage
	Config              HandleHelperConfigProvider
}

func (*HandleHelper) IssueAccessToken 

func (h *HandleHelper) IssueAccessToken(ctx context.Context, defaultLifespan time.Duration, requester oauth2.AccessRequester, responder oauth2.AccessResponder) (err error)

type HandleHelperConfigProvider 

type HandleHelperConfigProvider interface {
	oauth2.AccessTokenLifespanProvider
	oauth2.RefreshTokenLifespanProvider
}

type JWTProfileCoreStrategy 

type JWTProfileCoreStrategy struct {
	jwt.Signer
	HMACCoreStrategy *HMACCoreStrategy
	Config           interface {
		oauth2.AccessTokenIssuerProvider
		oauth2.JWTScopeFieldProvider
		oauth2.JWTProfileAccessTokensProvider
	}
}

JWTProfileCoreStrategy is a JWT RS256 strategy.

func (*JWTProfileCoreStrategy) AccessTokenSignature 

func (s *JWTProfileCoreStrategy) AccessTokenSignature(ctx context.Context, tokenString string) (signature string)

func (*JWTProfileCoreStrategy) AuthorizeCodeSignature 

func (s *JWTProfileCoreStrategy) AuthorizeCodeSignature(ctx context.Context, tokenString string) string

func (*JWTProfileCoreStrategy) GenerateAccessToken 

func (s *JWTProfileCoreStrategy) GenerateAccessToken(ctx context.Context, requester oauth2.Requester) (token string, signature string, err error)

func (*JWTProfileCoreStrategy) GenerateAuthorizeCode 

func (s *JWTProfileCoreStrategy) GenerateAuthorizeCode(ctx context.Context, req oauth2.Requester) (tokenString string, signature string, err error)

func (*JWTProfileCoreStrategy) GenerateJWT 

func (s *JWTProfileCoreStrategy) GenerateJWT(ctx context.Context, tokenType oauth2.TokenType, requester oauth2.Requester, client oauth2.JWTProfileClient) (tokenString string, signature string, err error)

func (*JWTProfileCoreStrategy) GenerateRFC8628DeviceCode 

func (s *JWTProfileCoreStrategy) GenerateRFC8628DeviceCode(ctx context.Context) (tokenString string, signature string, err error)

func (*JWTProfileCoreStrategy) GenerateRFC8628UserCode 

func (s *JWTProfileCoreStrategy) GenerateRFC8628UserCode(ctx context.Context) (tokenString string, signature string, err error)

func (*JWTProfileCoreStrategy) GenerateRefreshToken 

func (s *JWTProfileCoreStrategy) GenerateRefreshToken(ctx context.Context, req oauth2.Requester) (tokenString string, signature string, err error)

func (*JWTProfileCoreStrategy) IsPossiblyJWTProfileAccessToken 

func (s *JWTProfileCoreStrategy) IsPossiblyJWTProfileAccessToken(ctx context.Context, tokenString string) (jwt bool, signature string)

func (*JWTProfileCoreStrategy) RFC8628DeviceCodeSignature 

func (s *JWTProfileCoreStrategy) RFC8628DeviceCodeSignature(ctx context.Context, tokenString string) (signature string, err error)

func (*JWTProfileCoreStrategy) RFC8628UserCodeSignature 

func (s *JWTProfileCoreStrategy) RFC8628UserCodeSignature(ctx context.Context, tokenString string) (signature string, err error)

func (*JWTProfileCoreStrategy) RefreshTokenSignature 

func (s *JWTProfileCoreStrategy) RefreshTokenSignature(ctx context.Context, tokenString string) string

func (*JWTProfileCoreStrategy) ValidateAccessToken 

func (s *JWTProfileCoreStrategy) ValidateAccessToken(ctx context.Context, requester oauth2.Requester, tokenString string) (err error)

func (*JWTProfileCoreStrategy) ValidateAuthorizeCode 

func (s *JWTProfileCoreStrategy) ValidateAuthorizeCode(ctx context.Context, req oauth2.Requester, tokenString string) error

func (*JWTProfileCoreStrategy) ValidateRFC8628DeviceCode 

func (s *JWTProfileCoreStrategy) ValidateRFC8628DeviceCode(ctx context.Context, r oauth2.Requester, tokenString string) (err error)

func (*JWTProfileCoreStrategy) ValidateRFC8628UserCode 

func (s *JWTProfileCoreStrategy) ValidateRFC8628UserCode(ctx context.Context, r oauth2.Requester, tokenString string) (err error)

func (*JWTProfileCoreStrategy) ValidateRefreshToken 

func (s *JWTProfileCoreStrategy) ValidateRefreshToken(ctx context.Context, req oauth2.Requester, tokenString string) (err error)

type JWTSession 

type JWTSession struct {
	JWTClaims *jwt.JWTClaims
	JWTHeader *jwt.Headers
	ExpiresAt map[oauth2.TokenType]time.Time
	Username  string
	Subject   string
}

JWTSession Container for the JWT session.

func (*JWTSession) Clone 

func (j *JWTSession) Clone() oauth2.Session

func (*JWTSession) GetExpiresAt 

func (j *JWTSession) GetExpiresAt(key oauth2.TokenType) time.Time

func (*JWTSession) GetExtraClaims 

func (j *JWTSession) GetExtraClaims() map[string]any

GetExtraClaims implements ExtraClaimsSession for JWTSession. The returned value is a copy of JWTSession claims.

func (*JWTSession) GetJWTClaims 

func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer

func (*JWTSession) GetJWTHeader 

func (j *JWTSession) GetJWTHeader() *jwt.Headers

func (*JWTSession) GetSubject 

func (j *JWTSession) GetSubject() string

func (*JWTSession) GetUsername 

func (j *JWTSession) GetUsername() string

func (*JWTSession) SetExpiresAt 

func (j *JWTSession) SetExpiresAt(key oauth2.TokenType, exp time.Time)

func (*JWTSession) SetSubject 

func (j *JWTSession) SetSubject(subject string)

type JWTSessionContainer 

type JWTSessionContainer interface {
	// GetJWTClaims returns the claims.
	GetJWTClaims() jwt.JWTClaimsContainer

	// GetJWTHeader returns the header.
	GetJWTHeader() *jwt.Headers

	oauth2.Session
}

type NoneResponseTypeHandler 

type NoneResponseTypeHandler struct {
	Config interface {
		oauth2.ScopeStrategyProvider
		oauth2.AudienceStrategyProvider
		oauth2.RedirectSecureCheckerProvider
		oauth2.OmitRedirectScopeParamProvider
	}
}

NoneResponseTypeHandler is a response handler for when the None response type is requested as defined in https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#none

func (*NoneResponseTypeHandler) GetRedirectSecureChecker 

func (c *NoneResponseTypeHandler) GetRedirectSecureChecker(ctx context.Context) func(context.Context, *url.URL) bool

func (*NoneResponseTypeHandler) HandleAuthorizeEndpointRequest 

func (c *NoneResponseTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, requester oauth2.AuthorizeRequester, responder oauth2.AuthorizeResponder) error

type RefreshTokenGrantHandler 

type RefreshTokenGrantHandler struct {
	AccessTokenStrategy    AccessTokenStrategy
	RefreshTokenStrategy   RefreshTokenStrategy
	TokenRevocationStorage TokenRevocationStorage
	Config                 interface {
		oauth2.AccessTokenLifespanProvider
		oauth2.RefreshTokenLifespanProvider
		oauth2.ScopeStrategyProvider
		oauth2.AudienceStrategyProvider
		oauth2.RefreshTokenScopesProvider
	}
}

RefreshTokenGrantHandler handles access requests for the Refresh Token Flow.

func (*RefreshTokenGrantHandler) CanHandleTokenEndpointRequest 

func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool

func (*RefreshTokenGrantHandler) CanSkipClientAuth 

func (c *RefreshTokenGrantHandler) CanSkipClientAuth(ctx context.Context, requester oauth2.AccessRequester) bool

func (*RefreshTokenGrantHandler) HandleTokenEndpointRequest 

func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error

HandleTokenEndpointRequest implements https://datatracker.ietf.org/doc/html/rfc6749#section-6

TODO: Refactor time permitting.

func (*RefreshTokenGrantHandler) PopulateTokenEndpointResponse 

func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) (err error)

PopulateTokenEndpointResponse implements https://datatracker.ietf.org/doc/html/rfc6749#section-6

type RefreshTokenStorage 

type RefreshTokenStorage interface {
	CreateRefreshTokenSession(ctx context.Context, signature string, request oauth2.Requester) (err error)

	GetRefreshTokenSession(ctx context.Context, signature string, session oauth2.Session) (request oauth2.Requester, err error)

	DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)
}

type RefreshTokenStrategy 

type RefreshTokenStrategy interface {
	RefreshTokenSignature(ctx context.Context, token string) string
	GenerateRefreshToken(ctx context.Context, requester oauth2.Requester) (token string, signature string, err error)
	ValidateRefreshToken(ctx context.Context, requester oauth2.Requester, token string) (err error)
}

type ResourceOwnerPasswordCredentialsGrantHandler deprecated 

type ResourceOwnerPasswordCredentialsGrantHandler struct {
	*HandleHelper
	// ResourceOwnerPasswordCredentialsGrantStorage is used to persist session data across requests.
	ResourceOwnerPasswordCredentialsGrantStorage ResourceOwnerPasswordCredentialsGrantStorage
	RefreshTokenStrategy                         RefreshTokenStrategy
	Config                                       interface {
		oauth2.ScopeStrategyProvider
		oauth2.AudienceStrategyProvider
		oauth2.RefreshTokenScopesProvider
		oauth2.RefreshTokenLifespanProvider
		oauth2.AccessTokenLifespanProvider
	}
}

Deprecated: This handler is deprecated as a means to communicate that the ROPC grant type is widely discouraged and is at the time of this writing going to be omitted in the OAuth 2.1 spec. For more information on why this grant type is discouraged see: https://www.scottbrady91.com/oauth/why-the-resource-owner-password-credentials-grant-type-is-not-authentication-nor-suitable-for-modern-applications

func (*ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester oauth2.AccessRequester) bool

func (*ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth(ctx context.Context, _ oauth2.AccessRequester) bool

func (*ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request oauth2.AccessRequester) error

HandleTokenEndpointRequest implements https://datatracker.ietf.org/doc/html/rfc6749#section-4.3.2

func (*ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester oauth2.AccessRequester, responder oauth2.AccessResponder) error

PopulateTokenEndpointResponse implements https://datatracker.ietf.org/doc/html/rfc6749#section-4.3.3

type ResourceOwnerPasswordCredentialsGrantStorage 

type ResourceOwnerPasswordCredentialsGrantStorage interface {
	Authenticate(ctx context.Context, name string, secret string) error
	AccessTokenStorage
	RefreshTokenStorage
}

type RevocationTokenLookupFunc 

type RevocationTokenLookupFunc func(ctx context.Context, token string) (requester oauth2.Requester, tokenType oauth2.TokenType, err error)

type StatelessJWTValidator 

type StatelessJWTValidator struct {
	jwt.Signer
	Config interface {
		oauth2.ScopeStrategyProvider
	}
}

func (*StatelessJWTValidator) IntrospectToken 

func (v *StatelessJWTValidator) IntrospectToken(ctx context.Context, token string, tokenUse oauth2.TokenUse, accessRequest oauth2.AccessRequester, scopes []string) (oauth2.TokenUse, error)

type TokenRevocationHandler 

type TokenRevocationHandler struct {
	TokenRevocationStorage TokenRevocationStorage
	RefreshTokenStrategy   RefreshTokenStrategy
	AccessTokenStrategy    AccessTokenStrategy
	Config                 interface {
		oauth2.RevokeRefreshTokensExplicitlyProvider
	}
}

func (*TokenRevocationHandler) RevokeToken 

func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType oauth2.TokenType, client oauth2.Client) error

RevokeToken implements https://datatracker.ietf.org/doc/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.

type TokenRevocationStorage 

type TokenRevocationStorage interface {
	RefreshTokenStorage
	AccessTokenStorage

	// RevokeRefreshToken revokes a refresh token as specified in:
	// https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
	// If the particular
	// token is a refresh token and the authorization server supports the
	// revocation of access tokens, then the authorization server SHOULD
	// also invalidate all access tokens based on the same authorization
	// grant (see Implementation Note).
	RevokeRefreshToken(ctx context.Context, requestID string) error

	// RevokeRefreshTokenMaybeGracePeriod revokes a refresh token as specified in:
	// https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
	// If the particular
	// token is a refresh token and the authorization server supports the
	// revocation of access tokens, then the authorization server SHOULD
	// also invalidate all access tokens based on the same authorization
	// grant (see Implementation Note).
	//
	// If the Refresh Token grace period is greater than zero in configuration the token
	// will have its expiration time set as UTCNow + GracePeriod.
	RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) error

	// RevokeAccessToken revokes an access token as specified in:
	// https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
	// If the token passed to the request
	// is an access token, the server MAY revoke the respective refresh
	// token as well.
	RevokeAccessToken(ctx context.Context, requestID string) error
}

TokenRevocationStorage provides the storage implementation as specified in: https://datatracker.ietf.org/doc/html/rfc7009

type UserCodeStrategy 

type UserCodeStrategy interface {
	RFC8628UserCodeSignature(ctx context.Context, code string) (signature string, err error)
	GenerateRFC8628UserCode(ctx context.Context) (code string, signature string, err error)
	ValidateRFC8628UserCode(ctx context.Context, r oauth2.Requester, code string) (err error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.