Documentation ¶
Index ¶
- func AccessTokenJWTToRequest(token *jwtx.Token) fosite.Requester
- type AccessTokenStorage
- type AccessTokenStrategy
- type AuthorizeCodeStorage
- type AuthorizeCodeStrategy
- type AuthorizeExplicitGrantHandler
- func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string
- func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, ...) error
- func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, ...) error
- func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, ...) error
- type AuthorizeImplicitGrantTypeHandler
- type ClientCredentialsGrantHandler
- func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error
- func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, ...) error
- type ClientCredentialsGrantStorage
- type CoreStorage
- type CoreStrategy
- type CoreValidator
- type DefaultJWTStrategy
- func (h DefaultJWTStrategy) AccessTokenSignature(token string) string
- func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string
- func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
- func (h *DefaultJWTStrategy) GenerateAuthorizeCode(ctx context.Context, req fosite.Requester) (token string, signature string, err error)
- func (h *DefaultJWTStrategy) GenerateRefreshToken(ctx context.Context, req fosite.Requester) (token string, signature string, err error)
- func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string
- func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error
- func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosite.Requester, token string) error
- func (h *DefaultJWTStrategy) ValidateRefreshToken(ctx context.Context, req fosite.Requester, token string) error
- func (h *DefaultJWTStrategy) WithIssuer(issuer string) *DefaultJWTStrategy
- func (h *DefaultJWTStrategy) WithScopeField(scopeField jwt.JWTScopeFieldEnum) *DefaultJWTStrategy
- type HMACSHAStrategy
- func (h HMACSHAStrategy) AccessTokenSignature(token string) string
- func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string
- func (h HMACSHAStrategy) GenerateAccessToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
- func (h HMACSHAStrategy) GenerateAuthorizeCode(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
- func (h HMACSHAStrategy) GenerateRefreshToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
- func (h HMACSHAStrategy) RefreshTokenSignature(token string) string
- func (h HMACSHAStrategy) ValidateAccessToken(_ context.Context, r fosite.Requester, token string) (err error)
- func (h HMACSHAStrategy) ValidateAuthorizeCode(_ context.Context, r fosite.Requester, token string) (err error)
- func (h HMACSHAStrategy) ValidateRefreshToken(_ context.Context, r fosite.Requester, token string) (err error)
- type HandleHelper
- type JWTSession
- func (j *JWTSession) Clone() fosite.Session
- func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time
- func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer
- func (j *JWTSession) GetJWTHeader() *jwt.Headers
- func (j *JWTSession) GetSubject() string
- func (j *JWTSession) GetUsername() string
- func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)
- func (j *JWTSession) SetSubject(subject string)
- type JWTSessionContainer
- type RefreshTokenGrantHandler
- func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *RefreshTokenGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, ...) error
- type RefreshTokenStorage
- type RefreshTokenStrategy
- type ResourceOwnerPasswordCredentialsGrantHandler
- func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, ...) error
- type ResourceOwnerPasswordCredentialsGrantStorage
- type StatelessJWTValidator
- type TokenRevocationHandler
- type TokenRevocationStorage
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AccessTokenStorage ¶
type AccessTokenStorage interface { CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) DeleteAccessTokenSession(ctx context.Context, signature string) (err error) }
type AccessTokenStrategy ¶
type AuthorizeCodeStorage ¶
type AuthorizeCodeStorage interface { // GetAuthorizeCodeSession stores the authorization request for a given authorization code. CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error) // GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request. // If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this // method should return the ErrInvalidatedAuthorizeCode error. // // Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error! GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error) // InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization // code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the // ErrInvalidatedAuthorizeCode error. InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error) }
AuthorizeCodeStorage handles storage requests related to authorization codes.
type AuthorizeCodeStrategy ¶
type AuthorizeExplicitGrantHandler ¶
type AuthorizeExplicitGrantHandler struct { AccessTokenStrategy AccessTokenStrategy RefreshTokenStrategy RefreshTokenStrategy AuthorizeCodeStrategy AuthorizeCodeStrategy CoreStorage CoreStorage // AuthCodeLifespan defines the lifetime of an authorize code. AuthCodeLifespan time.Duration // AccessTokenLifespan defines the lifetime of an access token. AccessTokenLifespan time.Duration // RefreshTokenLifespan defines the lifetime of a refresh token. Leave to 0 for unlimited lifetime. RefreshTokenLifespan time.Duration ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy // SanitationWhiteList is a whitelist of form values that are required by the token endpoint. These values // are safe for storage in a database (cleartext). SanitationWhiteList []string TokenRevocationStorage TokenRevocationStorage IsRedirectURISecure func(*url.URL) bool RefreshTokenScopes []string }
AuthorizeExplicitGrantTypeHandler is a response handler for the Authorize Code grant using the explicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.1
func (*AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest ¶
func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*AuthorizeExplicitGrantHandler) CanSkipClientAuth ¶
func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*AuthorizeExplicitGrantHandler) GetSanitationWhiteList ¶
func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string
func (*AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest ¶
func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
func (*AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest ¶
func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
HandleTokenEndpointRequest implements * https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything)
func (*AuthorizeExplicitGrantHandler) IssueAuthorizeCode ¶
func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
func (*AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse ¶
func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
type AuthorizeImplicitGrantTypeHandler ¶
type AuthorizeImplicitGrantTypeHandler struct { AccessTokenStrategy AccessTokenStrategy // AccessTokenStorage is used to persist session data across requests. AccessTokenStorage AccessTokenStorage // AccessTokenLifespan defines the lifetime of an access token. AccessTokenLifespan time.Duration ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy }
AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.2
func (*AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest ¶
func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
func (*AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken ¶
func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
type ClientCredentialsGrantHandler ¶
type ClientCredentialsGrantHandler struct { *HandleHelper ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy }
func (*ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest ¶
func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*ClientCredentialsGrantHandler) CanSkipClientAuth ¶
func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*ClientCredentialsGrantHandler) HandleTokenEndpointRequest ¶
func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error
IntrospectTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.4.2
func (*ClientCredentialsGrantHandler) PopulateTokenEndpointResponse ¶
func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error
PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.4.3
type ClientCredentialsGrantStorage ¶
type ClientCredentialsGrantStorage interface { AccessTokenStorage }
type CoreStorage ¶
type CoreStorage interface { AuthorizeCodeStorage AccessTokenStorage RefreshTokenStorage }
type CoreStrategy ¶
type CoreStrategy interface { AccessTokenStrategy RefreshTokenStrategy AuthorizeCodeStrategy }
type CoreValidator ¶
type CoreValidator struct { CoreStrategy CoreStorage ScopeStrategy fosite.ScopeStrategy DisableRefreshTokenValidation bool }
func (*CoreValidator) IntrospectToken ¶
type DefaultJWTStrategy ¶
type DefaultJWTStrategy struct { jwt.JWTStrategy HMACSHAStrategy *HMACSHAStrategy Issuer string ScopeField jwt.JWTScopeFieldEnum }
DefaultJWTStrategy is a JWT RS256 strategy.
func (DefaultJWTStrategy) AccessTokenSignature ¶
func (h DefaultJWTStrategy) AccessTokenSignature(token string) string
func (DefaultJWTStrategy) AuthorizeCodeSignature ¶
func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string
func (*DefaultJWTStrategy) GenerateAccessToken ¶
func (*DefaultJWTStrategy) GenerateAuthorizeCode ¶
func (*DefaultJWTStrategy) GenerateRefreshToken ¶
func (DefaultJWTStrategy) RefreshTokenSignature ¶
func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string
func (*DefaultJWTStrategy) ValidateAccessToken ¶
func (*DefaultJWTStrategy) ValidateAuthorizeCode ¶
func (*DefaultJWTStrategy) ValidateRefreshToken ¶
func (*DefaultJWTStrategy) WithIssuer ¶
func (h *DefaultJWTStrategy) WithIssuer(issuer string) *DefaultJWTStrategy
func (*DefaultJWTStrategy) WithScopeField ¶
func (h *DefaultJWTStrategy) WithScopeField(scopeField jwt.JWTScopeFieldEnum) *DefaultJWTStrategy
type HMACSHAStrategy ¶
type HMACSHAStrategy struct { Enigma *enigma.HMACStrategy AccessTokenLifespan time.Duration RefreshTokenLifespan time.Duration AuthorizeCodeLifespan time.Duration }
func (HMACSHAStrategy) AccessTokenSignature ¶
func (h HMACSHAStrategy) AccessTokenSignature(token string) string
func (HMACSHAStrategy) AuthorizeCodeSignature ¶
func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string
func (HMACSHAStrategy) GenerateAccessToken ¶
func (HMACSHAStrategy) GenerateAuthorizeCode ¶
func (HMACSHAStrategy) GenerateRefreshToken ¶
func (HMACSHAStrategy) RefreshTokenSignature ¶
func (h HMACSHAStrategy) RefreshTokenSignature(token string) string
func (HMACSHAStrategy) ValidateAccessToken ¶
func (HMACSHAStrategy) ValidateAuthorizeCode ¶
func (HMACSHAStrategy) ValidateRefreshToken ¶
type HandleHelper ¶
type HandleHelper struct { AccessTokenStrategy AccessTokenStrategy AccessTokenStorage AccessTokenStorage AccessTokenLifespan time.Duration RefreshTokenLifespan time.Duration }
func (*HandleHelper) IssueAccessToken ¶
func (h *HandleHelper) IssueAccessToken(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
type JWTSession ¶
type JWTSession struct { JWTClaims *jwt.JWTClaims JWTHeader *jwt.Headers ExpiresAt map[fosite.TokenType]time.Time Username string Subject string }
JWTSession Container for the JWT session.
func (*JWTSession) Clone ¶
func (j *JWTSession) Clone() fosite.Session
func (*JWTSession) GetExpiresAt ¶
func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time
func (*JWTSession) GetJWTClaims ¶
func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer
func (*JWTSession) GetJWTHeader ¶
func (j *JWTSession) GetJWTHeader() *jwt.Headers
func (*JWTSession) GetSubject ¶
func (j *JWTSession) GetSubject() string
func (*JWTSession) GetUsername ¶
func (j *JWTSession) GetUsername() string
func (*JWTSession) SetExpiresAt ¶
func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)
func (*JWTSession) SetSubject ¶
func (j *JWTSession) SetSubject(subject string)
type JWTSessionContainer ¶
type RefreshTokenGrantHandler ¶
type RefreshTokenGrantHandler struct { AccessTokenStrategy AccessTokenStrategy RefreshTokenStrategy RefreshTokenStrategy TokenRevocationStorage TokenRevocationStorage // AccessTokenLifespan defines the lifetime of an access token. AccessTokenLifespan time.Duration // RefreshTokenLifespan defines the lifetime of a refresh token. RefreshTokenLifespan time.Duration ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy RefreshTokenScopes []string }
func (*RefreshTokenGrantHandler) CanHandleTokenEndpointRequest ¶
func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*RefreshTokenGrantHandler) CanSkipClientAuth ¶
func (c *RefreshTokenGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*RefreshTokenGrantHandler) HandleTokenEndpointRequest ¶
func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-6
func (*RefreshTokenGrantHandler) PopulateTokenEndpointResponse ¶
func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-6
type RefreshTokenStorage ¶
type RefreshTokenStorage interface { CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) DeleteRefreshTokenSession(ctx context.Context, signature string) (err error) }
type RefreshTokenStrategy ¶
type ResourceOwnerPasswordCredentialsGrantHandler ¶
type ResourceOwnerPasswordCredentialsGrantHandler struct { // ResourceOwnerPasswordCredentialsGrantStorage is used to persist session data across requests. ResourceOwnerPasswordCredentialsGrantStorage ResourceOwnerPasswordCredentialsGrantStorage RefreshTokenStrategy RefreshTokenStrategy ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy RefreshTokenScopes []string *HandleHelper }
func (*ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest ¶
func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth ¶
func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest ¶
func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.3.2
func (*ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse ¶
func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.3.3
type ResourceOwnerPasswordCredentialsGrantStorage ¶
type ResourceOwnerPasswordCredentialsGrantStorage interface { Authenticate(ctx context.Context, name string, secret string) error AccessTokenStorage RefreshTokenStorage }
type StatelessJWTValidator ¶
type StatelessJWTValidator struct { jwt.JWTStrategy ScopeStrategy fosite.ScopeStrategy }
func (*StatelessJWTValidator) IntrospectToken ¶
type TokenRevocationHandler ¶
type TokenRevocationHandler struct { TokenRevocationStorage TokenRevocationStorage RefreshTokenStrategy RefreshTokenStrategy AccessTokenStrategy AccessTokenStrategy }
func (*TokenRevocationHandler) RevokeToken ¶
func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error
RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.
type TokenRevocationStorage ¶
type TokenRevocationStorage interface { RefreshTokenStorage AccessTokenStorage // RevokeRefreshToken revokes a refresh token as specified in: // https://tools.ietf.org/html/rfc7009#section-2.1 // If the particular // token is a refresh token and the authorization server supports the // revocation of access tokens, then the authorization server SHOULD // also invalidate all access tokens based on the same authorization // grant (see Implementation Note). RevokeRefreshToken(ctx context.Context, requestID string) error // RevokeAccessToken revokes an access token as specified in: // https://tools.ietf.org/html/rfc7009#section-2.1 // If the token passed to the request // is an access token, the server MAY revoke the respective refresh // token as well. RevokeAccessToken(ctx context.Context, requestID string) error }
TokenRevocationStorage provides the storage implementation as specified in: https://tools.ietf.org/html/rfc7009
Source Files ¶
- flow_authorize_code_auth.go
- flow_authorize_code_token.go
- flow_authorize_implicit.go
- flow_client_credentials.go
- flow_client_credentials_storage.go
- flow_refresh.go
- flow_resource_owner.go
- flow_resource_owner_storage.go
- helper.go
- introspector.go
- introspector_jwt.go
- revocation.go
- revocation_storage.go
- storage.go
- strategy.go
- strategy_hmacsha.go
- strategy_jwt.go
- strategy_jwt_session.go