oauth

package module

v0.5.1 Latest Latest Go to latest Published: Jul 5, 2022 License: Apache-2.0 Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/EikaGruppen/go-oauth-cli-client

Links

Open Source Insights

README ¶

go-oauth-cli-client

Add MFA/2FA support in your CLI for IDPs that support OAuth 2.0 Authorization Code Flow

Features

MFA/2FA with minimal user interaction
- If eg. Active Directory is used for other services as well, the user is often logged in in the browser already, and can close the browser after the token exchange is done in the background
Starts temporary local server with callback endpoint to receive the code, and exchange it with a token
State verification
Includes the recommended PKCE - Proof Key for Code Exchange extension
Cross platform default browser invocation
Zero dependencies

Usage

Configure OAuth Client in the OAuth server

client_id: "my_cli"
redirect_uris: ["http://localhost"]

Get this library

go get github.com/EikaGruppen/go-oauth-cli-client

Use it

opts := oauth.Options{
  AuthorizationEndpoint: "https://the.oauth.server.com/authorize",
  TokenEndpoint: "https://the.oauth.server.com/token",
  ClientId: "my_cli",
  ClientSecret: "my_cli_secret", // optional
  AuthorizationExtParams: map[string]string{"scope": "openid"}, // optional
}

tokenResponse, err := oauth.AuthorizationCodeFlow(opts) // will open browser for user to do MFA, and show callback page there when done
if err != nil {
  // handle
}

fmt.Println(tokenResponse.AccessToken)
fmt.Println(tokenResponse.IdToken) // optional
fmt.Println(tokenResponse.RefreshToken) // optional
fmt.Println(tokenResponse.ExpiresIn)

// store tokens safely, and use them to authorize towards the service

Callback page will let the user know whether the auth was successful or not, and that they may close the page and go back to the terminal:

+----------------------------------------------------------------+
|   +---------------------------------------------------+        |
|   | 🔍️ |  http://localhost:8080/oauth/callback        |        |
|   +---------------------------------------------------+        |
|                                                                |
|                  Logged in successfully!                       |
|                                                                |
|           _You may now close this browser window_              |
|                                                                |
|                        [ close ]                               |
|                                                                |
+----------------------------------------------------------------+

Redirect URI

By default, http://localhost:<choosen port>/oauth/callback will be used. This can be overridden by setting redirectUri:

redirectUri, err := url.Parse("https://my-url.com/the/callback")
// handle err

opts := oauth.Options{
  // ...
  redirectUri: redirectUri,
  // ...
}

Documentation ¶

Index ¶

Constants
func Revoke(opts Options, tokenType TokenType, token string) error
type CallbackPage
type Options
type PortRange
type TokenResponse
- func AuthorizationCodeFlow(opts Options) (tokenResponse *TokenResponse, err error)
- func Refresh(opts Options, refreshToken string) (*TokenResponse, error)
type TokenType
- func (t TokenType) String() string

Constants ¶

View Source

const (
	ACCESS_TOKEN = iota
	REFRESH_TOKEN
)

View Source

const (
	DefaultLength = 32
)

Variables ¶

This section is empty.

Functions ¶

func Revoke ¶ added in v0.5.0

func Revoke(opts Options, tokenType TokenType, token string) error

Types ¶

type CallbackPage ¶

type CallbackPage struct {
	Title   string
	Heading string
	Message string
}

type Options ¶

type Options struct {
	AuthorizationEndpoint string
	Scopes                []string
	// Extensions to the standard OAuth Parameters for the authorizaion endpoint
	AuthorizationExtParams map[string]string
	TokenEndpoint          string
	RevokeEndpoint         string

	ClientId     string
	ClientSecret string

	RedirectUri *url.URL

	PortRange PortRange

	// Command used to open browser for auth
	// An interrupt signal (SIGINT) is sent to the command when the callback has received a code
	//
	// If nil, system default browser will be used
	OpenBrowser func(url *url.URL) *exec.Cmd
}

type PortRange ¶

type PortRange struct {
	Start int
	End   int
}

type TokenResponse ¶

type TokenResponse struct {
	IdToken          string `json:"id_token"`
	AccessToken      string `json:"access_token"`
	ExpiresIn        int64  `json:"expires_in"`
	RefreshToken     string `json:"refresh_token"`
	RefreshExpiresIn int64  `json:"refresh_expires_in"`
}

func AuthorizationCodeFlow ¶

func AuthorizationCodeFlow(opts Options) (tokenResponse *TokenResponse, err error)

func Refresh ¶ added in v0.5.0

func Refresh(opts Options, refreshToken string) (*TokenResponse, error)

type TokenType ¶ added in v0.5.0

type TokenType int

func (TokenType) String ¶ added in v0.5.0

func (t TokenType) String() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL