goauth

package module
v0.18.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 9, 2023 License: MIT Imports: 26 Imported by: 0

README

GoAuth

Build Status Go Report Card Docs License

GoAuth provides helper libraries for authentication in Go, with a focus on API services. It covers OAuth 2.0, JWT, TLS client authentication and Basic Auth. A primary goal is to be able to create a *http.Client from a single JSON application definition.

Major features include:

  1. The base goauth package is designed to provide a single file format for handling configuration of all methods of authentication, including BasicAuth, OAuth 2.0, and JWT credentials. The primary use case is to have a single JSON definition of multiple applications for multiple services which can be used to generate token and API requests. It works with goauth/endpoints to add endpoints for known services.
  2. Create *http.Client for multiple API services. Use NewClient() functions to create *http.Client structs for services not supported in oauth2 like aha, metabase, ringcentral, salesforce, visa, etc. Generating *http.Client structs is especially useful for using with Swagger Codegen auto-generated SDKs to support different auth models.
  3. Create OAuth 2.0 authorization code token from the command line (for test purposes). No website is needed.
  4. Retrieve canonical user information via helper libraries to retrieve canonical user information from services. The SCIM user schema is used for a canonical user model. This may be replaced/augmented by OIDC userinfo in the future.
  5. Transparently handle OAuth 2 for multiple services, e.g. a website that supports Google and Facebook auth. This is demoed in grokify/beego-oauth2-demo

Installation

$ go get github.com/grokify/goauth

Usage

Canonical User Information

ClientUtil structs satisfy the interface having SetClient() and GetSCIMUser() functions.

Google
import(
	"github.com/grokify/goauth/google"
)

// googleOAuth2HTTPClient is *http.Client from Golang OAuth2
googleClientUtil := google.NewClientUtil(googleOAuth2HTTPClient)
scimuser, err := googleClientUtil.GetSCIMUser()
Facebook
import(
	"github.com/grokify/goauth/facebook"
)

// fbOAuth2HTTPClient is *http.Client from Golang OAuth2
fbClientUtil := facebook.NewClientUtil(fbOAuth2HTTPClient)
scimuser, err := fbClientUtil.GetSCIMUser()
RingCentral
import(
	"github.com/grokify/goauth/ringcentral"
)

// rcOAuth2HTTPClient is *http.Client from Golang OAuth2
rcClientUtil := ringcentral.NewClientUtil(rcOAuth2HTTPClient)
scimuser, err := rcClientUtil.GetSCIMUser()

Test Redirect URL

This repo comes with a generic test OAuth 2 redirect page which can be used with headless (no-UI) apps. To use this test URL, configure the following URL to be your OAuth 2 redirect URI. This will write the Authorization Code in the HTMl which you can then copy and paste into your own app.

The URL is located here:

Example App

See the following repo for a Beego-based demo app:

Documentation

Index

Constants

View Source 
const (
	TypeBasic       = "basic"
	TypeHeaderQuery = "headerquery"
	TypeOAuth2      = "oauth2"
	TypeJWT         = "jwt"
)
View Source 
const (
	SigningMethodES256 = "ES256"
	SigningMethodES384 = "ES384"
	SigningMethodES512 = "ES512"
	SigningMethodHS256 = "HS256"
	SigningMethodHS384 = "HS384"
	SigningMethodHS512 = "HS512"
)

Variables

View Source 
var (
	ErrJWTNotSupported       = errors.New("jwt is not supported for function")
	ErrBasicAuthNotPopulated = errors.New("basic auth is not populated")
	ErrJWTNotPopulated       = errors.New("jwt is not populated")
	ErrOAuth2NotPopulated    = errors.New("oauth2 is not populated")
	ErrTypeNotSupported      = errors.New("credentials type not supported")
)

Functions

func NewTokenCLI 

func NewTokenCLI(creds Credentials, state string) (token *oauth2.Token, err error)

Types

type AuthCodeOptions 

type AuthCodeOptions []oauth2.AuthCodeOption

func (*AuthCodeOptions) Add 

func (opts *AuthCodeOptions) Add(k, v string)

func (*AuthCodeOptions) AddMap 

func (opts *AuthCodeOptions) AddMap(m map[string][]string)

type Credentials 

type Credentials struct {
	Service     string                 `json:"service,omitempty"`
	Type        string                 `json:"type,omitempty"`
	Subdomain   string                 `json:"subdomain,omitempty"`
	Basic       CredentialsBasicAuth   `json:"basic,omitempty"`
	OAuth2      CredentialsOAuth2      `json:"oauth2,omitempty"`
	JWT         CredentialsJWT         `json:"jwt,omitempty"`
	Token       *oauth2.Token          `json:"token,omitempty"`
	HeaderQuery CredentialsHeaderQuery `json:"headerquery,omitempty"`
	Additional  url.Values             `json:"additional,omitempty"`
}

func NewCredentialsJSON 

func NewCredentialsJSON(credsData, accessToken []byte) (Credentials, error)

func ReadCredentialsFromFile 

func ReadCredentialsFromFile(credentialsSetFilename, accountKey string, inclAccountsOnError bool) (Credentials, error)

func (*Credentials) Inflate 

func (creds *Credentials) Inflate() error

func (*Credentials) NewClient 

func (creds *Credentials) NewClient(ctx context.Context) (*http.Client, error)

func (*Credentials) NewClientCLI 

func (creds *Credentials) NewClientCLI(oauth2State string) (*http.Client, error)

func (*Credentials) NewSimpleClient 

func (creds *Credentials) NewSimpleClient(ctx context.Context) (*httpsimple.SimpleClient, error)

func (*Credentials) NewSimpleClientHTTP 

func (creds *Credentials) NewSimpleClientHTTP(httpClient *http.Client) (*httpsimple.SimpleClient, error)

func (*Credentials) NewToken 

func (creds *Credentials) NewToken() (*oauth2.Token, error)

func (*Credentials) NewTokenCLI 

func (creds *Credentials) NewTokenCLI(oauth2State string) (*oauth2.Token, error)

NewTokenCLI retrieves a token using CLI approach for OAuth 2.0 authorization code or password grant.

type CredentialsBasicAuth 

type CredentialsBasicAuth struct {
	Username      string            `json:"username,omitempty"`
	Password      string            `json:"password,omitempty"`
	Encoded       string            `json:"encoded,omitempty"`
	ServerURL     string            `json:"serverURL,omitempty"`
	AllowInsecure bool              `json:"allowInsecure,omitempty"`
	Metadata      map[string]string `json:"metadata,omitempty"`
}

func (*CredentialsBasicAuth) NewClient 

func (c *CredentialsBasicAuth) NewClient() (*http.Client, error)

func (*CredentialsBasicAuth) NewSimpleClient 

func (c *CredentialsBasicAuth) NewSimpleClient() (httpsimple.SimpleClient, error)

type CredentialsHeaderQuery 

type CredentialsHeaderQuery struct {
	ServerURL     string      `json:"serverURL,omitempty"`
	Header        http.Header `json:"header,omitempty"`
	Query         url.Values  `json:"query,omitempty"`
	AllowInsecure bool        `json:"allowInsecure,omitempty"`
}

func (*CredentialsHeaderQuery) NewClient 

func (c *CredentialsHeaderQuery) NewClient() *http.Client

func (*CredentialsHeaderQuery) NewSimpleClient 

func (c *CredentialsHeaderQuery) NewSimpleClient() httpsimple.SimpleClient

type CredentialsJWT 

type CredentialsJWT struct {
	Issuer        string `json:"issuer,omitempty"`
	PrivateKey    string `json:"privateKey,omitempty"`
	SigningMethod string `json:"signingMethod,omitempty"`
}

func (*CredentialsJWT) StandardToken 

func (jc *CredentialsJWT) StandardToken(tokenDuration time.Duration) (*jwt.Token, string, error)

type CredentialsOAuth2 

type CredentialsOAuth2 struct {
	ServerURL            string              `json:"serverURL,omitempty"`
	ApplicationID        string              `json:"applicationID,omitempty"`
	ClientID             string              `json:"clientID,omitempty"`
	ClientSecret         string              `json:"clientSecret,omitempty"`
	Endpoint             oauth2.Endpoint     `json:"endpoint,omitempty"`
	RedirectURL          string              `json:"redirectURL,omitempty"`
	AppName              string              `json:"applicationName,omitempty"`
	AppVersion           string              `json:"applicationVersion,omitempty"`
	OAuthEndpointID      string              `json:"oauthEndpointID,omitempty"`
	AccessTokenTTL       int64               `json:"accessTokenTTL,omitempty"`
	RefreshTokenTTL      int64               `json:"refreshTokenTTL,omitempty"`
	GrantType            string              `json:"grantType,omitempty"`
	PKCE                 bool                `json:"pkce"`
	Username             string              `json:"username,omitempty"`
	Password             string              `json:"password,omitempty"`
	JWT                  string              `json:"jwt,omitempty"`
	Token                *oauth2.Token       `json:"token,omitempty"`
	Scopes               []string            `json:"scopes,omitempty"`
	AuthCodeOpts         map[string][]string `json:"authCodeOpts,omitempty"`
	AuthCodeExchangeOpts map[string][]string `json:"authCodeExchangeOpts,omitempty"`
	PasswordOpts         map[string][]string `json:"passwordOpts,omitempty"`
	Metadata             map[string]string   `json:"metadata,omitempty"`
}

CredentialsOAuth2 supports OAuth 2.0 authorization_code, password, and client_credentials grant flows.

func NewCredentialsOAuth2Env 

func NewCredentialsOAuth2Env(envPrefix string) CredentialsOAuth2

func ParseCredentialsOAuth2 

func ParseCredentialsOAuth2(b []byte) (CredentialsOAuth2, error)

func (*CredentialsOAuth2) AppNameAndVersion 

func (oc *CredentialsOAuth2) AppNameAndVersion() string

func (*CredentialsOAuth2) AuthCodeURL 

func (oc *CredentialsOAuth2) AuthCodeURL(state string, opts map[string][]string) string

func (*CredentialsOAuth2) BasicAuthHeader 

func (oc *CredentialsOAuth2) BasicAuthHeader() (string, error)

func (*CredentialsOAuth2) Config 

func (oc *CredentialsOAuth2) Config() oauth2.Config

func (*CredentialsOAuth2) ConfigClientCredentials 

func (oc *CredentialsOAuth2) ConfigClientCredentials() clientcredentials.Config

func (*CredentialsOAuth2) Exchange 

func (oc *CredentialsOAuth2) Exchange(ctx context.Context, code string, opts map[string][]string) (*oauth2.Token, error)

func (*CredentialsOAuth2) InflateURL 

func (oc *CredentialsOAuth2) InflateURL(apiURLPath string) string

func (*CredentialsOAuth2) IsGrantType 

func (oc *CredentialsOAuth2) IsGrantType(grantType string) bool

func (*CredentialsOAuth2) MarshalJSON 

func (oc *CredentialsOAuth2) MarshalJSON(prefix, indent string) ([]byte, error)

MarshalJSON returns JSON. It is useful for exporting creating configs to be parsed.

func (*CredentialsOAuth2) NewClient 

func (oc *CredentialsOAuth2) NewClient(ctx context.Context) (*http.Client, *oauth2.Token, error)

func (*CredentialsOAuth2) NewToken 

func (oc *CredentialsOAuth2) NewToken(ctx context.Context) (*oauth2.Token, error)

NewToken retrieves an `*oauth2.Token` when the requisite information is available. Note this uses `clientcredentials.Config.Token()` which doesn't always work. In This situation, use `authutil.TokenClientCredentials()` as an alternative. Note: authorization code is only supported for CLI testing purposes. In a production application, it should be done in a multi-step process to redirect the user to the authorization URL, retrieve the auth code and then `Exchange` it for a token. The `state` value is currently a randomly generated string as this should be used for testing purposes only.

func (*CredentialsOAuth2) PasswordRequestBody 

func (oc *CredentialsOAuth2) PasswordRequestBody() url.Values

func (*CredentialsOAuth2) RefreshToken 

func (oc *CredentialsOAuth2) RefreshToken(tok *oauth2.Token) (*oauth2.Token, []byte, error)

func (*CredentialsOAuth2) RefreshTokenSimple 

func (oc *CredentialsOAuth2) RefreshTokenSimple(refreshToken string) (*oauth2.Token, []byte, error)

type CredentialsSet 

type CredentialsSet struct {
	Credentials map[string]Credentials `json:"credentials,omitempty"`
}

func ReadFileCredentialsSet 

func ReadFileCredentialsSet(credentialsSetFilename string, inflateEndpoints bool) (CredentialsSet, error)

func (*CredentialsSet) Accounts 

func (set *CredentialsSet) Accounts() []string

func (CredentialsSet) Get 

func (set CredentialsSet) Get(key string) (Credentials, error)

func (*CredentialsSet) GetClient 

func (set *CredentialsSet) GetClient(ctx context.Context, key string) (*http.Client, error)

func (*CredentialsSet) Inflate 

func (set *CredentialsSet) Inflate() error

func (*CredentialsSet) Keys 

func (set *CredentialsSet) Keys() []string

func (*CredentialsSet) WriteFile 

func (set *CredentialsSet) WriteFile(filename, prefix, indent string, perm fs.FileMode) error

type Options 

type Options struct {
	CredsPath string `long:"creds" description:"Environment File Path" required:"true"`
	Account   string `long:"account" description:"Environment Variable Name"`
	Token     string `long:"token" description:"Token"`
	CLI       []bool `long:"cli" description:"CLI"`
}

Options is a struct to be used with `github.com/jessevdk/go-flags`. It can be embedded in another struct.

func (*Options) UseCLI 

func (opts *Options) UseCLI() bool

Source Files

View all Source files

Directories

Path Synopsis
aha
examples/scim_user
auth0 contains a Go implementation of Auth0's PKCE support: https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce
 auth0 contains a Go implementation of Auth0's PKCE support: https://auth0.com/docs/api-auth/tutorials/authorization-code-grant-pkce
examples/auth-code-pkce
cmd
get_token
goauth
interface_function
jwt
examples
jwt
cmd/get_contacts
examples/get_token
examples/query_card
tokens
tokens/tokensetmemory
tokens/tokensetredis
cmd/get_account
cmd/glipbot_auth
examples/salesforce_versions
examples/send_ics
This package posts an ICS file to Gmail.
 This package posts an ICS file to Gmail.
examples/send_one
util
titles
examples/get_me
cmd/jwt_zoom

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.