oauth2

package
v0.39.0-nucleate-test Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 28, 2021 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessTokenJWTToRequest

func AccessTokenJWTToRequest(token *jwtx.Token) fosite.Requester

AccessTokenJWTToRequest tries to reconstruct fosite.Request from a JWT.

Types

type AccessTokenStorage

type AccessTokenStorage interface {
	CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

	GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

	DeleteAccessTokenSession(ctx context.Context, signature string) (err error)
}

type AccessTokenStrategy

type AccessTokenStrategy interface {
	AccessTokenSignature(token string) string
	GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
	ValidateAccessToken(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type AuthorizeCodeStorage

type AuthorizeCodeStorage interface {
	// GetAuthorizeCodeSession stores the authorization request for a given authorization code.
	CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error)

	// GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request.
	// If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this
	// method should return the ErrInvalidatedAuthorizeCode error.
	//
	// Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error!
	GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error)

	// InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization
	// code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the
	// ErrInvalidatedAuthorizeCode error.
	InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error)
}

AuthorizeCodeStorage handles storage requests related to authorization codes.

type AuthorizeCodeStrategy

type AuthorizeCodeStrategy interface {
	AuthorizeCodeSignature(token string) string
	GenerateAuthorizeCode(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
	ValidateAuthorizeCode(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type AuthorizeExplicitGrantHandler

type AuthorizeExplicitGrantHandler struct {
	AccessTokenStrategy   AccessTokenStrategy
	RefreshTokenStrategy  RefreshTokenStrategy
	AuthorizeCodeStrategy AuthorizeCodeStrategy
	CoreStorage           CoreStorage

	// AuthCodeLifespan defines the lifetime of an authorize code.
	AuthCodeLifespan time.Duration

	// AccessTokenLifespan defines the lifetime of an access token.
	AccessTokenLifespan time.Duration

	// RefreshTokenLifespan defines the lifetime of a refresh token. Leave to 0 for unlimited lifetime.
	RefreshTokenLifespan time.Duration

	ScopeStrategy            fosite.ScopeStrategy
	AudienceMatchingStrategy fosite.AudienceMatchingStrategy

	// SanitationWhiteList is a whitelist of form values that are required by the token endpoint. These values
	// are safe for storage in a database (cleartext).
	SanitationWhiteList []string

	TokenRevocationStorage TokenRevocationStorage

	IsRedirectURISecure func(*url.URL) bool

	RefreshTokenScopes []string
}

AuthorizeExplicitGrantTypeHandler is a response handler for the Authorize Code grant using the explicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.1

func (*AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest

func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*AuthorizeExplicitGrantHandler) CanSkipClientAuth

func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*AuthorizeExplicitGrantHandler) GetSanitationWhiteList

func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string

func (*AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest

func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest

func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements * https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything)

func (*AuthorizeExplicitGrantHandler) IssueAuthorizeCode

func (*AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse

func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type AuthorizeImplicitGrantTypeHandler

type AuthorizeImplicitGrantTypeHandler struct {
	AccessTokenStrategy AccessTokenStrategy

	// AccessTokenStorage is used to persist session data across requests.
	AccessTokenStorage AccessTokenStorage

	// AccessTokenLifespan defines the lifetime of an access token.
	AccessTokenLifespan time.Duration

	ScopeStrategy            fosite.ScopeStrategy
	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
}

AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.2

func (*AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest

func (*AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken

type ClientCredentialsGrantHandler

type ClientCredentialsGrantHandler struct {
	*HandleHelper
	ScopeStrategy            fosite.ScopeStrategy
	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
}

func (*ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest

func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*ClientCredentialsGrantHandler) CanSkipClientAuth

func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*ClientCredentialsGrantHandler) HandleTokenEndpointRequest

func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error

IntrospectTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.4.2

func (*ClientCredentialsGrantHandler) PopulateTokenEndpointResponse

func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.4.3

type ClientCredentialsGrantStorage

type ClientCredentialsGrantStorage interface {
	AccessTokenStorage
}

type CoreValidator

type CoreValidator struct {
	CoreStrategy
	CoreStorage
	ScopeStrategy                 fosite.ScopeStrategy
	DisableRefreshTokenValidation bool
}

func (*CoreValidator) IntrospectToken

func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)

type DefaultJWTStrategy

type DefaultJWTStrategy struct {
	jwt.JWTStrategy
	HMACSHAStrategy *HMACSHAStrategy
	Issuer          string
	ScopeField      jwt.JWTScopeFieldEnum
}

DefaultJWTStrategy is a JWT RS256 strategy.

func (DefaultJWTStrategy) AccessTokenSignature

func (h DefaultJWTStrategy) AccessTokenSignature(token string) string

func (DefaultJWTStrategy) AuthorizeCodeSignature

func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string

func (*DefaultJWTStrategy) GenerateAccessToken

func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)

func (*DefaultJWTStrategy) GenerateAuthorizeCode

func (h *DefaultJWTStrategy) GenerateAuthorizeCode(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

func (*DefaultJWTStrategy) GenerateRefreshToken

func (h *DefaultJWTStrategy) GenerateRefreshToken(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

func (DefaultJWTStrategy) RefreshTokenSignature

func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string

func (*DefaultJWTStrategy) ValidateAccessToken

func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error

func (*DefaultJWTStrategy) ValidateAuthorizeCode

func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosite.Requester, token string) error

func (*DefaultJWTStrategy) ValidateRefreshToken

func (h *DefaultJWTStrategy) ValidateRefreshToken(ctx context.Context, req fosite.Requester, token string) error

func (*DefaultJWTStrategy) WithIssuer

func (h *DefaultJWTStrategy) WithIssuer(issuer string) *DefaultJWTStrategy

func (*DefaultJWTStrategy) WithScopeField

func (h *DefaultJWTStrategy) WithScopeField(scopeField jwt.JWTScopeFieldEnum) *DefaultJWTStrategy

type HMACSHAStrategy

type HMACSHAStrategy struct {
	Enigma                *enigma.HMACStrategy
	AccessTokenLifespan   time.Duration
	RefreshTokenLifespan  time.Duration
	AuthorizeCodeLifespan time.Duration
}

func (HMACSHAStrategy) AccessTokenSignature

func (h HMACSHAStrategy) AccessTokenSignature(token string) string

func (HMACSHAStrategy) AuthorizeCodeSignature

func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string

func (HMACSHAStrategy) GenerateAccessToken

func (h HMACSHAStrategy) GenerateAccessToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) GenerateAuthorizeCode

func (h HMACSHAStrategy) GenerateAuthorizeCode(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) GenerateRefreshToken

func (h HMACSHAStrategy) GenerateRefreshToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) RefreshTokenSignature

func (h HMACSHAStrategy) RefreshTokenSignature(token string) string

func (HMACSHAStrategy) ValidateAccessToken

func (h HMACSHAStrategy) ValidateAccessToken(_ context.Context, r fosite.Requester, token string) (err error)

func (HMACSHAStrategy) ValidateAuthorizeCode

func (h HMACSHAStrategy) ValidateAuthorizeCode(_ context.Context, r fosite.Requester, token string) (err error)

func (HMACSHAStrategy) ValidateRefreshToken

func (h HMACSHAStrategy) ValidateRefreshToken(_ context.Context, r fosite.Requester, token string) (err error)

type HandleHelper

type HandleHelper struct {
	AccessTokenStrategy  AccessTokenStrategy
	AccessTokenStorage   AccessTokenStorage
	AccessTokenLifespan  time.Duration
	RefreshTokenLifespan time.Duration
}

func (*HandleHelper) IssueAccessToken

func (h *HandleHelper) IssueAccessToken(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type JWTSession

type JWTSession struct {
	JWTClaims *jwt.JWTClaims
	JWTHeader *jwt.Headers
	ExpiresAt map[fosite.TokenType]time.Time
	Username  string
	Subject   string
}

JWTSession Container for the JWT session.

func (*JWTSession) Clone

func (j *JWTSession) Clone() fosite.Session

func (*JWTSession) GetExpiresAt

func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time

func (*JWTSession) GetJWTClaims

func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer

func (*JWTSession) GetJWTHeader

func (j *JWTSession) GetJWTHeader() *jwt.Headers

func (*JWTSession) GetSubject

func (j *JWTSession) GetSubject() string

func (*JWTSession) GetUsername

func (j *JWTSession) GetUsername() string

func (*JWTSession) SetExpiresAt

func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)

func (*JWTSession) SetSubject

func (j *JWTSession) SetSubject(subject string)

type JWTSessionContainer

type JWTSessionContainer interface {
	// GetJWTClaims returns the claims.
	GetJWTClaims() jwt.JWTClaimsContainer

	// GetJWTHeader returns the header.
	GetJWTHeader() *jwt.Headers

	fosite.Session
}

type RefreshTokenGrantHandler

type RefreshTokenGrantHandler struct {
	AccessTokenStrategy    AccessTokenStrategy
	RefreshTokenStrategy   RefreshTokenStrategy
	TokenRevocationStorage TokenRevocationStorage

	// AccessTokenLifespan defines the lifetime of an access token.
	AccessTokenLifespan time.Duration

	// RefreshTokenLifespan defines the lifetime of a refresh token.
	RefreshTokenLifespan time.Duration

	ScopeStrategy            fosite.ScopeStrategy
	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
	RefreshTokenScopes       []string
}

func (*RefreshTokenGrantHandler) CanHandleTokenEndpointRequest

func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*RefreshTokenGrantHandler) CanSkipClientAuth

func (c *RefreshTokenGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*RefreshTokenGrantHandler) HandleTokenEndpointRequest

func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-6

func (*RefreshTokenGrantHandler) PopulateTokenEndpointResponse

func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-6

type RefreshTokenStorage

type RefreshTokenStorage interface {
	CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

	GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

	DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)
}

type RefreshTokenStrategy

type RefreshTokenStrategy interface {
	RefreshTokenSignature(token string) string
	GenerateRefreshToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
	ValidateRefreshToken(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type ResourceOwnerPasswordCredentialsGrantHandler

type ResourceOwnerPasswordCredentialsGrantHandler struct {
	// ResourceOwnerPasswordCredentialsGrantStorage is used to persist session data across requests.
	ResourceOwnerPasswordCredentialsGrantStorage ResourceOwnerPasswordCredentialsGrantStorage

	RefreshTokenStrategy     RefreshTokenStrategy
	ScopeStrategy            fosite.ScopeStrategy
	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
	RefreshTokenScopes       []string

	*HandleHelper
}

func (*ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest

func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth

func (*ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest

func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.3.2

func (*ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse

func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.3.3

type ResourceOwnerPasswordCredentialsGrantStorage

type ResourceOwnerPasswordCredentialsGrantStorage interface {
	Authenticate(ctx context.Context, name string, secret string) error
	AccessTokenStorage
	RefreshTokenStorage
}

type StatelessJWTValidator

type StatelessJWTValidator struct {
	jwt.JWTStrategy
	ScopeStrategy fosite.ScopeStrategy
}

func (*StatelessJWTValidator) IntrospectToken

func (v *StatelessJWTValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)

type TokenRevocationHandler

type TokenRevocationHandler struct {
	TokenRevocationStorage TokenRevocationStorage
	RefreshTokenStrategy   RefreshTokenStrategy
	AccessTokenStrategy    AccessTokenStrategy
}

func (*TokenRevocationHandler) RevokeToken

func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error

RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.

type TokenRevocationStorage

type TokenRevocationStorage interface {
	RefreshTokenStorage
	AccessTokenStorage

	// RevokeRefreshToken revokes a refresh token as specified in:
	// https://tools.ietf.org/html/rfc7009#section-2.1
	// If the particular
	// token is a refresh token and the authorization server supports the
	// revocation of access tokens, then the authorization server SHOULD
	// also invalidate all access tokens based on the same authorization
	// grant (see Implementation Note).
	RevokeRefreshToken(ctx context.Context, requestID string) error

	// RevokeAccessToken revokes an access token as specified in:
	// https://tools.ietf.org/html/rfc7009#section-2.1
	// If the token passed to the request
	// is an access token, the server MAY revoke the respective refresh
	// token as well.
	RevokeAccessToken(ctx context.Context, requestID string) error
}

TokenRevocationStorage provides the storage implementation as specified in: https://tools.ietf.org/html/rfc7009

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL