auth

package

v0.0.0-...-677a216 Latest Latest Go to latest Published: Jun 15, 2022 License: MIT Imports: 11 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/Azuka/keycloak-admin-go

Links

Open Source Insights

Documentation ¶

Overview ¶

Package auth is copied almost verbatim from golang.org/x/oauth2/clientcredentials

This is because the package above doesn't allow overwriting the grant_type key TODO: Clean up and implement/reuse a true keycloak auth

Index ¶

Constants
type Config
type Token
- func Extract(o *oauth2.Token) *Token
- func (t *Token) Oauth2Token() *oauth2.Token
type TokenSource

Constants ¶

View Source

const (
	// ClientCredentialsGrant applies to client credentials
	ClientCredentialsGrant = "client_credentials"

	// PasswordGrant is for the password grant
	PasswordGrant = "password"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Config ¶

type Config struct {
	// ClientID is the application's ID. This should be set for both
	// password and client credentials grants
	ClientID string

	// ClientSecret is the application's secret.
	ClientSecret string

	// Username is the username (if using the password grant).
	Username string

	// Password is user's password (if using the password grant).
	Password string

	// GrantType is the auth grant type
	GrantType string

	// TokenURL is the resource server's token endpoint
	// URL. This is a constant specific to each server.
	TokenURL string

	// Scope specifies optional requested permissions.
	Scopes []string

	// EndpointParams specifies additional parameters for requests to the token endpoint.
	EndpointParams url.Values

	HTTPClient *http.Client
}

Config describes a 2-legged OAuth2 flow, with both the client application information and the server's endpoint URLs.

func (*Config) Client ¶

func (c *Config) Client(ctx context.Context) *http.Client

Client returns an HTTP client using the provided token. The token will auto-refresh as necessary. The underlying HTTP transport will be obtained using the provided context. The returned client and its Transport should not be modified.

Example ¶

package main

import (
	"context"

	"github.com/Azuka/keycloak-admin-go/keycloak/auth"
)

func main() {
	config := auth.Config{
		ClientID:  "admin-cli",
		TokenURL:  "https://keycloak.local/auth/realms/master/protocol/openid-connect/token",
		Username:  "keycloak",
		Password:  "password",
		GrantType: auth.PasswordGrant,
	}

	client := config.Client(context.Background())

	// This will make an authenticated request
	_, _ = client.Get("https://keycloak.local/auth/admin/realms/master/users?username=keycloak-admin")
}

Output:

Example (Client_credentials) ¶

package main

import (
	"context"

	"github.com/Azuka/keycloak-admin-go/keycloak/auth"
)

func main() {
	config := auth.Config{
		ClientID:     "admin-cli",
		TokenURL:     "https://keycloak.local/auth/realms/master/protocol/openid-connect/token",
		ClientSecret: "my-secret",
		GrantType:    auth.ClientCredentialsGrant,
	}

	client := config.Client(context.Background())

	// This will make an authenticated request
	_, _ = client.Get("https://keycloak.local/auth/admin/realms/master/users?username=keycloak-admin")
}

Output:

func (*Config) Token ¶

func (c *Config) Token(ctx context.Context) (*oauth2.Token, error)

Token uses client credentials to retrieve a token. The HTTP client to use is derived from the context. If nil, http.DefaultClient is used.

func (*Config) TokenSource ¶

func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource

TokenSource returns a TokenSource that returns t until t expires, automatically refreshing it as necessary using the provided context and the client ID and client secret.

Most users will use Config.Client instead.

type Token ¶

type Token struct {
	// AccessToken is the token that authorizes and authenticates
	// the requests.
	AccessToken string `json:"access_token"`

	// TokenType is the type of token.
	// The Type method returns either this or "Bearer", the default.
	TokenType string `json:"token_type,omitempty"`

	// RefreshToken is a token that's used by the application
	// (as opposed to the user) to refresh the access token
	// if it expires.
	RefreshToken string `json:"refresh_token,omitempty"`

	// Expiry is the optional expiration time of the access token.
	//
	// If zero, TokenSource implementations will reuse the same
	// token forever and RefreshToken or equivalent
	// mechanisms for that TokenSource will not be used.
	Expiry time.Time `json:"expiry,omitempty"`

	// ExpiresIn is the time this token is valid for, per Keycloak
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// RefreshExpiresIn is the time the refresh token expires
	RefreshExpiresIn int64 `json:"refresh_expires_in,omitempty"`

	// NotBeforePolicy is likely the Keycloak clock skew
	NotBeforePolicy int64 `json:"not_before_policy,,omitempty"`

	// SessionState means something in keycloak
	SessionState string `json:"session_state,omitempty"`

	// Scope is the token scope
	Scope string `json:"scope,omitempty"`
}

Token is the token as received from keycloak

func Extract ¶

func Extract(o *oauth2.Token) *Token

Extract extracts a keycloak token from an oauth one

func (*Token) Oauth2Token ¶

func (t *Token) Oauth2Token() *oauth2.Token

Oauth2Token returns an oauth2 token with the underlying original keycloak token

type TokenSource ¶

type TokenSource interface {
	oauth2.TokenSource

	// KeycloakToken returns a keycloak token
	KeycloakToken() (*Token, error)
}

TokenSource builds on the existing oauth.TokenSource with an additional method for fetching a raw keycloak token

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL