Documentation ¶
Index ¶
- Variables
- func BearerToken(r *http.Request) string
- func CodeChallenge(verifier string) string
- func CodeVerifier() string
- func FacebookCallBack(ctx *gin.Context, endpoint string, verbose int)
- func FacebookOauthLogin(ctx *gin.Context, verbose int)
- func GithubCallBack(ctx *gin.Context, endpoint string, verbose int)
- func GithubOauthLogin(ctx *gin.Context, verbose int)
- func GoogleCallBack(ctx *gin.Context, endpoint string, verbose int)
- func GoogleOauthLogin(ctx *gin.Context, verbose int)
- func Init(providers []string, verbose int)
- func JWTAccessToken(secretKey string, expiresAt int64, customClaims CustomClaims) (string, error)
- func RandomBytes(size int, seed int64) []byte
- func RandomString(size int, seed int64) string
- func ReadSecret(r string) string
- func RequestToken(r *http.Request) string
- func ScopeTokenMiddleware(scope, clientId string, verbose int) gin.HandlerFunc
- func TokenMiddleware(clientId string, verbose int) gin.HandlerFunc
- func UserCredentials(r *http.Request) (string, error)
- type Certs
- type Claims
- type CustomClaims
- type Kerberos
- type Keys
- type OpenIDConfiguration
- type Provider
- type Token
- type TokenAttributes
- type TokenInfo
Constants ¶
This section is empty.
Variables ¶
var OAuthProviders map[string]Provider
OAuthProviders contains maps of all participated providers
Functions ¶
func BearerToken ¶ added in v0.1.0
Helper function to extract bearer token from http request
func CodeChallenge ¶ added in v0.3.9
CodeChallenge generates code challenge from the code verifier (SHA256 + base64 URL encoding)
func CodeVerifier ¶ added in v0.3.9
func CodeVerifier() string
CodeVerifier generates a random code verifier of 43-128 characters
func FacebookCallBack ¶ added in v0.0.3
FacebookCallBack provides gin handler for facebook callback to given endpoint
func FacebookOauthLogin ¶ added in v0.0.3
FacebookOauthLogin provides gin handler for facebook oauth login
func GithubCallBack ¶ added in v0.0.3
GithubCallBack provides gin handler for github callback to given endpoint
func GithubOauthLogin ¶ added in v0.0.3
GithubOauthLogin provides gin handler for github oauth login
func GoogleCallBack ¶ added in v0.0.3
GoogleCallBack provides gin handler for google callback to given endpoint
func GoogleOauthLogin ¶ added in v0.0.3
GoogleOauthLogin provides gin handler for google oauth login
func JWTAccessToken ¶ added in v0.0.2
func JWTAccessToken(secretKey string, expiresAt int64, customClaims CustomClaims) (string, error)
JWTAccessToken generates JWT access token with custom claims https://blog.canopas.com/jwt-in-golang-how-to-implement-token-based-authentication-298c89a26ffd
func RandomBytes ¶ added in v0.3.6
RandomBytes generates random bytes from given size and seed
func RandomString ¶ added in v0.3.6
RandomString generates random string using given seed and size
func ReadSecret ¶ added in v0.3.6
ReadSecret provides unified way to read secret either from provided file or a string, and fall back to a default value if string is empty
func RequestToken ¶ added in v0.0.1
RequestToken gets token from http request
func ScopeTokenMiddleware ¶ added in v0.0.2
func ScopeTokenMiddleware(scope, clientId string, verbose int) gin.HandlerFunc
ScopeTokenMiddleware provides token validation with specific scope
func TokenMiddleware ¶
func TokenMiddleware(clientId string, verbose int) gin.HandlerFunc
gin cookies https://gin-gonic.com/docs/examples/cookie/ more advanced use-case: https://stackoverflow.com/questions/66289603/use-existing-session-cookie-in-gin-router
Types ¶
type Claims ¶
type Claims struct { jwt.RegisteredClaims CustomClaims CustomClaims `json:"custom_claims"` }
Claims defines our JWT claims
func TokenClaims ¶ added in v0.0.1
TokenClaims returns token claims
type CustomClaims ¶ added in v0.0.2
type CustomClaims struct { User string `json:"user"` Scope string `json:"scope"` Kind string `json:"kind"` Roles []string `json:"roles"` Application string `json:"application"` }
CustomClaims defines application specific claims
func (*CustomClaims) String ¶ added in v0.0.2
func (c *CustomClaims) String() string
String provides string representations of Custom claims
type Kerberos ¶ added in v0.0.1
Kerberos defines kerberos structure we use
func (*Kerberos) Credentials ¶ added in v0.0.1
func (k *Kerberos) Credentials() (*credentials.Credentials, error)
helper function to check user credentials for POST requests
type Keys ¶
type Keys struct { Kid string `json:"kid"` Kty string `json:"kty"` Alg string `json:"alg"` Use string `json:"use"` N string `json:"n"` E string `json:"e"` X5c []string `json:"x5c"` X5y string `json:"x5y"` Xt5S256 string `json:"x5t#S256"` }
JWKSKeys struct represent structure of JWKS Keys
type OpenIDConfiguration ¶
type OpenIDConfiguration struct { Issuer string `json:"issuer"` AuthorizationEndpoint string `json:"authorization_endpoint"` TokenEndpoint string `json:"token_endpoint"` IntrospectionEndpoint string `json:"introspection_endpoint"` UserInfoEndpoint string `json:"userinfo_endpoint"` EndSessionEndpoint string `json:"end_session_endpoint"` JWKSUri string `json:"jwks_uri"` ClaimsSupported []string `json:"claims_supported"` ScopeSupported []string `json:"scopes_supported"` RevocationEndpoint string `json:"revocation_endpoint"` }
OpenIDConfiguration holds configuration for OpenID Provider
type Provider ¶
type Provider struct { URL string // provider url Configuration OpenIDConfiguration // provider OpenID configuration PublicKeys []publicKey // Public keys of the provider JWKSBody []byte // jwks body content of the provider }
Provider holds all information about given provider
type Token ¶
type Token struct { AccessToken string `json:"access_token"` Expires int64 `json:"expires_in"` Scope string `json:"scope"` TokenType string `json:"token_type"` }
Token represents access token structure
type TokenAttributes ¶
type TokenAttributes struct { Subject string `json:"sub"` // token subject Audiences string `json:"aud"` // token audience Issuer string `json:"iss"` // token issuer UserName string `json:"username"` // user name Active bool `json:"active"` // is token active or not SessionState string `json:"session_state"` // session state fields ClientID string `json:"clientId"` // client id Email string `json:"email"` // client email address Scope string `json:"scope"` // scope of the token Expiration int64 `json:"exp"` // token expiration ClientHost string `json:"clientHost"` // client host }
TokenAttributes contains structure of access token attributes
func InspectToken ¶
func InspectToken(provider Provider, token string, verbose int) (TokenAttributes, error)
InspectToken extracts token attributes
func InspectTokenProviders ¶
func InspectTokenProviders(token string, providers []string, verbose int) (TokenAttributes, error)
InspectTokenProviders inspects token against all participated providers and return TokenAttributes
type TokenInfo ¶
type TokenInfo struct { AccessToken string `json:"access_token"` // access token AccessExpire int64 `json:"expires_in"` // access token expiration RefreshToken string `json:"refresh_token"` // refresh token RefreshExpire int64 `json:"refresh_expires_in"` // refresh token expireation IDToken string `json:"id_token"` // id token }
TokenInfo contains information about all tokens