Documentation
¶
Index ¶
- type Handler
- func (c *Handler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *Handler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *Handler) CheckRequest(request fosite.AccessRequester) error
- func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *Handler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, ...) error
- type RFC7523KeyStorage
- type Session
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct {
Storage RFC7523KeyStorage
ScopeStrategy fosite.ScopeStrategy
AudienceMatchingStrategy fosite.AudienceMatchingStrategy
// TokenURL is the the URL of the Authorization Server's Token Endpoint.
TokenURL string
// SkipClientAuth indicates, if client authentication can be skipped.
SkipClientAuth bool
// JWTIDOptional indicates, if jti (JWT ID) claim required or not.
JWTIDOptional bool
// JWTIssuedDateOptional indicates, if "iat" (issued at) claim required or not.
JWTIssuedDateOptional bool
// JWTMaxDuration sets the maximum time after token issued date (if present), during which the token is
// considered valid. If "iat" claim is not present, then current time will be used as issued date.
JWTMaxDuration time.Duration
*oauth2.HandleHelper
}
func (*Handler) CanHandleTokenEndpointRequest ¶
func (c *Handler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*Handler) CanSkipClientAuth ¶
func (c *Handler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*Handler) CheckRequest ¶
func (c *Handler) CheckRequest(request fosite.AccessRequester) error
func (*Handler) HandleTokenEndpointRequest ¶
func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything) and https://tools.ietf.org/html/rfc7523#section-2.1 (everything)
func (*Handler) PopulateTokenEndpointResponse ¶
func (c *Handler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error
type RFC7523KeyStorage ¶
type RFC7523KeyStorage interface {
// GetPublicKey returns public key, issued by 'issuer', and assigned for subject. Public key is used to check
// signature of jwt assertion in authorization grants.
GetPublicKey(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error)
// GetPublicKeys returns public key, set issued by 'issuer', and assigned for subject.
GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)
// GetPublicKeyScopes returns assigned scope for assertion, identified by public key, issued by 'issuer'.
GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) ([]string, error)
// IsJWTUsed returns true, if JWT is not known yet or it can not be considered valid, because it must be already
// expired.
IsJWTUsed(ctx context.Context, jti string) (bool, error)
// MarkJWTUsedForTime marks JWT as used for a time passed in exp parameter. This helps ensure that JWTs are not
// replayed by maintaining the set of used "jti" values for the length of time for which the JWT would be
// considered valid based on the applicable "exp" instant. (https://tools.ietf.org/html/rfc7523#section-3)
MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error
}
RFC7523KeyStorage holds information needed to validate jwt assertion in authorization grants.
Source Files
Click to show internal directories.
Click to hide internal directories.