oauth2

package
v1.19.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 3, 2023 License: MIT Imports: 53 Imported by: 6

Documentation

Index

Constants

View Source 
const ProviderHeaderKey = "gitea-oauth2-provider"

ProviderHeaderKey is the HTTP header key

View Source 
const UsersStoreKey = "gitea-oauth2-sessions"

UsersStoreKey is the key for the store

Variables

View Source 
var ErrAuthSourceNotActived = errors.New("auth source is not actived")

ErrAuthSourceNotActived login source is not actived error

Functions

func ClearProviders 

func ClearProviders()

ClearProviders clears all OAuth2 providers from the goth lib

func GetActiveOAuth2Providers 

func GetActiveOAuth2Providers() ([]string, map[string]Provider, error)

GetActiveOAuth2Providers returns the map of configured active OAuth2 providers key is used as technical name (like in the callbackURL) values to display

func Init 

func Init() error

Init initializes the oauth source

func InitSigningKey 

func InitSigningKey() error

InitSigningKey creates the default signing key from settings or creates a random key.

func IsErrOpenIDConnectInitialize 

func IsErrOpenIDConnectInitialize(err error) bool

IsErrOpenIDConnectInitialize checks if an error is a ExternalLoginUserAlreadyExist.

func RegisterGothProvider 

func RegisterGothProvider(provider GothProvider)

RegisterGothProvider registers a GothProvider

func RegisterProviderWithGothic 

func RegisterProviderWithGothic(providerName string, source *Source) error

RegisterProviderWithGothic register a OAuth2 provider in goth lib

func RemoveProviderFromGothic 

func RemoveProviderFromGothic(providerName string)

RemoveProviderFromGothic removes the given OAuth2 provider from the goth lib

func ResetOAuth2 

func ResetOAuth2() error

ResetOAuth2 clears existing OAuth2 providers and loads them from DB

Types

type Attribute 

type Attribute struct {
	Value     string
	Available bool
	Required  bool
}

Attribute describes the availability, and required status for a custom url configuration

type BaseProvider 

type BaseProvider struct {
	// contains filtered or unexported fields
}

BaseProvider represents a common base for Provider

func (*BaseProvider) CustomURLSettings 

func (b *BaseProvider) CustomURLSettings() *CustomURLSettings

CustomURLSettings returns the custom url settings for this provider

func (*BaseProvider) DisplayName 

func (b *BaseProvider) DisplayName() string

DisplayName returns the friendly name for this provider

func (*BaseProvider) Image 

func (b *BaseProvider) Image() string

Image returns an image path for this provider

func (*BaseProvider) Name 

func (b *BaseProvider) Name() string

Name provides the technical name for this provider

type CustomProvider 

type CustomProvider struct {
	BaseProvider
	// contains filtered or unexported fields
}

CustomProvider is a GothProvider that has CustomURL features

func NewCustomProvider 

func NewCustomProvider(name, displayName string, customURLSetting *CustomURLSettings, newFn CustomProviderNewFn) *CustomProvider

NewCustomProvider is a constructor function for custom providers

func (*CustomProvider) CreateGothProvider 

func (c *CustomProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)

CreateGothProvider creates a GothProvider from this Provider

func (*CustomProvider) CustomURLSettings 

func (c *CustomProvider) CustomURLSettings() *CustomURLSettings

CustomURLSettings returns the CustomURLSettings for this provider

type CustomProviderNewFn 

type CustomProviderNewFn func(clientID, secret, callbackURL string, custom *CustomURLMapping, scopes []string) (goth.Provider, error)

CustomProviderNewFn creates a goth.Provider using a custom url mapping

type CustomURLMapping 

type CustomURLMapping struct {
	AuthURL    string `json:",omitempty"`
	TokenURL   string `json:",omitempty"`
	ProfileURL string `json:",omitempty"`
	EmailURL   string `json:",omitempty"`
	Tenant     string `json:",omitempty"`
}

CustomURLMapping describes the urls values to use when customizing OAuth2 provider URLs

type CustomURLSettings 

type CustomURLSettings struct {
	AuthURL    Attribute `json:",omitempty"`
	TokenURL   Attribute `json:",omitempty"`
	ProfileURL Attribute `json:",omitempty"`
	EmailURL   Attribute `json:",omitempty"`
	Tenant     Attribute `json:",omitempty"`
}

CustomURLSettings describes the urls values and availability to use when customizing OAuth2 provider URLs

func (*CustomURLSettings) OverrideWith 

func (c *CustomURLSettings) OverrideWith(override *CustomURLMapping) *CustomURLMapping

OverrideWith copies the current customURLMapping and overrides it with values from the provided mapping

func (*CustomURLSettings) Required 

func (c *CustomURLSettings) Required() bool

Required is true if any attribute is required

type ErrInvalidAlgorithmType 

type ErrInvalidAlgorithmType struct {
	Algorithm string
}

ErrInvalidAlgorithmType represents an invalid algorithm error.

func (ErrInvalidAlgorithmType) Error 

func (err ErrInvalidAlgorithmType) Error() string

type ErrOpenIDConnectInitialize 

type ErrOpenIDConnectInitialize struct {
	OpenIDConnectAutoDiscoveryURL string
	ProviderName                  string
	Cause                         error
}

ErrOpenIDConnectInitialize represents a "OpenIDConnectInitialize" kind of error.

func (ErrOpenIDConnectInitialize) Error 

func (err ErrOpenIDConnectInitialize) Error() string

func (ErrOpenIDConnectInitialize) Unwrap added in v1.19.0 

func (err ErrOpenIDConnectInitialize) Unwrap() error

type GothProvider 

type GothProvider interface {
	Provider
	GothProviderCreator
}

GothProvider is an interface for describing a single OAuth2 provider

type GothProviderCreator 

type GothProviderCreator interface {
	CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)
}

GothProviderCreator provides a function to create a goth.Provider

type ImagedProvider 

type ImagedProvider struct {
	GothProvider
	// contains filtered or unexported fields
}

ImagedProvider provide an overridden image setting for the provider

func NewImagedProvider 

func NewImagedProvider(image string, provider GothProvider) *ImagedProvider

NewImagedProvider is a constructor function for the ImagedProvider

func (*ImagedProvider) Image 

func (i *ImagedProvider) Image() string

Image returns the image path for this provider

type JWTSigningKey 

type JWTSigningKey interface {
	IsSymmetric() bool
	SigningMethod() jwt.SigningMethod
	SignKey() interface{}
	VerifyKey() interface{}
	ToJWK() (map[string]string, error)
	PreProcessToken(*jwt.Token)
}

JWTSigningKey represents a algorithm/key pair to sign JWTs 

var DefaultSigningKey JWTSigningKey

DefaultSigningKey is the default signing key for JWTs.

func CreateJWTSigningKey 

func CreateJWTSigningKey(algorithm string, key interface{}) (JWTSigningKey, error)

CreateJWTSigningKey creates a signing key from an algorithm / key pair.

type OIDCToken 

type OIDCToken struct {
	jwt.RegisteredClaims
	Nonce string `json:"nonce,omitempty"`

	// Scope profile
	Name              string             `json:"name,omitempty"`
	PreferredUsername string             `json:"preferred_username,omitempty"`
	Profile           string             `json:"profile,omitempty"`
	Picture           string             `json:"picture,omitempty"`
	Website           string             `json:"website,omitempty"`
	Locale            string             `json:"locale,omitempty"`
	UpdatedAt         timeutil.TimeStamp `json:"updated_at,omitempty"`

	// Scope email
	Email         string `json:"email,omitempty"`
	EmailVerified bool   `json:"email_verified,omitempty"`

	// Groups are generated by organization and team names
	Groups []string `json:"groups,omitempty"`
}

OIDCToken represents an OpenID Connect id_token

func (*OIDCToken) SignToken 

func (token *OIDCToken) SignToken(signingKey JWTSigningKey) (string, error)

SignToken signs an id_token with the (symmetric) client secret key

type OpenIDProvider 

type OpenIDProvider struct{}

OpenIDProvider is a GothProvider for OpenID

func (*OpenIDProvider) CreateGothProvider 

func (o *OpenIDProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)

CreateGothProvider creates a GothProvider from this Provider

func (*OpenIDProvider) CustomURLSettings 

func (o *OpenIDProvider) CustomURLSettings() *CustomURLSettings

CustomURLSettings returns the custom url settings for this provider

func (*OpenIDProvider) DisplayName 

func (o *OpenIDProvider) DisplayName() string

DisplayName returns the friendly name for this provider

func (*OpenIDProvider) Image 

func (o *OpenIDProvider) Image() string

Image returns an image path for this provider

func (*OpenIDProvider) Name 

func (o *OpenIDProvider) Name() string

Name provides the technical name for this provider

type Provider 

type Provider interface {
	Name() string
	DisplayName() string
	Image() string
	CustomURLSettings() *CustomURLSettings
}

Provider is an interface for describing a single OAuth2 provider

func GetOAuth2Providers 

func GetOAuth2Providers() []Provider

GetOAuth2Providers returns the map of unconfigured OAuth2 providers key is used as technical name (like in the callbackURL) values to display

type SessionsStore 

type SessionsStore struct {
	// contains filtered or unexported fields
}

SessionsStore creates a gothic store from our session

func (*SessionsStore) Get 

func (st *SessionsStore) Get(r *http.Request, name string) (*sessions.Session, error)

Get should return a cached session.

func (*SessionsStore) New 

func (st *SessionsStore) New(r *http.Request, name string) (*sessions.Session, error)

New should create and return a new session.

Note that New should never return a nil session, even in the case of an error if using the Registry infrastructure to cache the session.

func (*SessionsStore) Save 

func (st *SessionsStore) Save(r *http.Request, w http.ResponseWriter, session *sessions.Session) error

Save should persist session to the underlying store implementation.

type SimpleProvider 

type SimpleProvider struct {
	BaseProvider
	// contains filtered or unexported fields
}

SimpleProvider is a GothProvider which does not have custom url features

func NewSimpleProvider 

func NewSimpleProvider(name, displayName string, scopes []string, newFn SimpleProviderNewFn) *SimpleProvider

NewSimpleProvider is a constructor function for simple providers

func (*SimpleProvider) CreateGothProvider 

func (c *SimpleProvider) CreateGothProvider(providerName, callbackURL string, source *Source) (goth.Provider, error)

CreateGothProvider creates a GothProvider from this Provider

type SimpleProviderNewFn 

type SimpleProviderNewFn func(clientKey, secret, callbackURL string, scopes ...string) goth.Provider

SimpleProviderNewFn create goth.Providers without custom url features

type Source 

type Source struct {
	Provider                      string
	ClientID                      string
	ClientSecret                  string
	OpenIDConnectAutoDiscoveryURL string
	CustomURLMapping              *CustomURLMapping
	IconURL                       string

	Scopes              []string
	RequiredClaimName   string
	RequiredClaimValue  string
	GroupClaimName      string
	AdminGroup          string
	GroupTeamMap        string
	GroupTeamMapRemoval bool
	RestrictedGroup     string
	SkipLocalTwoFA      bool `json:",omitempty"`
	// contains filtered or unexported fields
}

Source holds configuration for the OAuth2 login source.

func (*Source) Authenticate 

func (source *Source) Authenticate(user *user_model.User, login, password string) (*user_model.User, error)

Authenticate falls back to the db authenticator

func (*Source) Callback 

func (source *Source) Callback(request *http.Request, response http.ResponseWriter) (goth.User, error)

Callback handles OAuth callback, resolve to a goth user and send back to original url this will trigger a new authentication request, but because we save it in the session we can use that

func (*Source) Callout 

func (source *Source) Callout(request *http.Request, response http.ResponseWriter) error

Callout redirects request/response pair to authenticate against the provider

func (*Source) DisplayName 

func (source *Source) DisplayName() string

DisplayName returns the display name of this source

func (*Source) FromDB 

func (source *Source) FromDB(bs []byte) error

FromDB fills up an OAuth2Config from serialized format.

func (*Source) Name 

func (source *Source) Name() string

Name returns the provider name of this source

func (*Source) RegisterSource 

func (source *Source) RegisterSource() error

RegisterSource causes an OAuth2 configuration to be registered

func (*Source) SetAuthSource 

func (source *Source) SetAuthSource(authSource *auth.Source)

SetAuthSource sets the related AuthSource

func (*Source) ToDB 

func (source *Source) ToDB() ([]byte, error)

ToDB exports an SMTPConfig to a serialized format.

func (*Source) UnregisterSource 

func (source *Source) UnregisterSource() error

UnregisterSource causes an OAuth2 configuration to be unregistered

type Token 

type Token struct {
	GrantID int64     `json:"gnt"`
	Type    TokenType `json:"tt"`
	Counter int64     `json:"cnt,omitempty"`
	jwt.RegisteredClaims
}

Token represents a JWT token used to authenticate a client

func ParseToken 

func ParseToken(jwtToken string, signingKey JWTSigningKey) (*Token, error)

ParseToken parses a signed jwt string

func (*Token) SignToken 

func (token *Token) SignToken(signingKey JWTSigningKey) (string, error)

SignToken signs the token with the JWT secret

type TokenType 

type TokenType int

TokenType represents the type of token for an oauth application 

const (
	// TypeAccessToken is a token with short lifetime to access the api
	TypeAccessToken TokenType = 0
	// TypeRefreshToken is token with long lifetime to refresh access tokens obtained by the client
	TypeRefreshToken = iota
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.