Versions in this module Expand all Collapse all v0 v0.1.5 Feb 13, 2022 v0.1.4 Nov 11, 2021 v0.1.3 Nov 11, 2021 v0.1.2 Aug 18, 2021 Changes in this version + var ErrForbidden = api.ErrForbidden.WithCode("access_denied") + var ErrInvalidClient = ErrUnauthorized.WithCode("invalid_client") + var ErrInvalidGrant = api.ErrBadRequest.WithCode("invalid_grant") + var ErrInvalidRequest = api.ErrBadRequest.WithCode("invalid_request") + var ErrInvalidScope = api.ErrBadRequest.WithCode("invalid_code") + var ErrUnauthorized = api.ErrUnauthorized.WithCode("access_denied") + var ErrUnauthorizedClient = api.ErrUnauthorized.WithCode("unauthorized_client") + var IsValidScope = validation.NewStringRuleWithError(IsScope, ...) + var PasscodeLength = 6 + var SessionPrefix = "hiro-session#" + func EnsureURI(ctx context.Context, uri string, search []string) (*url.URL, error) + func IsScope(s string) bool + type AudienceGetInput struct + Audience string + func (i AudienceGetInput) Validate() error + type AuthorizeClientInput struct + AppURI *string + GrantType GrantType + RedirectURI *string + Request *http.Request + Scope Scope type Client + ApplicationEndpoints func() []string + AuthorizedGrants func() GrantList + RedirectEndpoints func() []string + TokenSecret func() TokenSecret + type ClientGetInput struct + Audience string + ClientID string + ClientSecret *string + func (i ClientGetInput) Validate() error type Notification + Audience func() string + Context func() map[string]interface{} + type Principal interface + Audience func() string + ID func() string + Permissions func() Scope type RequestToken + func (r RequestToken) Expired() bool + type RequestTokenDeleteInput struct + TokenID string + func (i RequestTokenDeleteInput) Validate() error + type RequestTokenGetInput struct + TokenID string + TokenType *RequestTokenType + func (i RequestTokenGetInput) Validate() error type RequestTokenType + func RequestTokenTypePtr(t RequestTokenType) *RequestTokenType + func (t RequestTokenType) Validate() error type SignupParams + Profile *openid.Profile type Token + Persistent bool + func (t Token) Expired() bool + type TokenGetInput struct + TokenID string + TokenUse *TokenUse + func (i TokenGetInput) Validate() error + type TokenRevokeInput struct + Subject *string + TokenID *string + TokenUse *TokenUse + func (i TokenRevokeInput) Validate() error type TokenUse + func (u TokenUse) Ptr() *TokenUse + func (u TokenUse) Validate() error + type UserCreateInput struct + Audience string + Invite *RequestToken + Login string + Password *string + Profile *openid.Profile + func (i UserCreateInput) Validate() error + type UserGetInput struct + Audience string + Login *string + Password *string + Subject *string + func (i UserGetInput) Validate() error + type UserUpdateInput struct + Audience string + LockUntil *time.Time + Lockout *bool + Login *string + Password *string + Profile *openid.Profile + Subject *string + func (i UserUpdateInput) Validate() error v0.1.1 Mar 15, 2021 Changes in this version + type ControllerProxy interface + OAuthController func() Controller type LogoutParams + PostLogoutRedirectURI *URI type Scope + func (s *Scope) String() string type ScopeList + func (s ScopeList) Check(scope Scope) bool + func (s ScopeList) String() string v0.1.0 Dec 28, 2020 Changes in this version + const NotificationChannelEmail + const NotificationChannelPhone + const NotificationTypeInvite + const NotificationTypePassword + const NotificationTypeVerify + const RequestTokenParam + const ScopeAddress + const ScopeEmail + const ScopeEmailVerify + const ScopeOfflineAccess + const ScopeOpenID + const ScopePassword + const ScopePhone + const ScopePhoneVerify + const ScopeProfile + const ScopeProfileWrite + const ScopeSession + const ScopeTokenRead + const ScopeTokenRevoke + var DefaultCodeChallengeMethod = "S256" + var ErrAccessDenied = api.ErrUnauthorized + var ErrAudienceNotFound = api.ErrNotFound.WithMessage("audience not found") + var ErrClientNotFound = api.ErrNotFound.WithMessage("client not found") + var ErrExpiredToken = ErrAccessDenied.WithDetail("expired token") + var ErrInvalidInviteCode = api.ErrBadRequest.WithDetail("invite code is invalid") + var ErrInvalidToken = ErrAccessDenied.WithDetail("invalid token") + var ErrKeyNotFound = ErrAccessDenied.WithDetail("suitable verification key not found") + var ErrPasswordComplexity = api.ErrBadRequest.WithDetail("password does not meet complexity requirements") + var ErrPasswordExpired = api.ErrBadRequest.WithDetail("password has expired") + var ErrPasswordLen = api.ErrBadRequest.WithDetail("invalid password length") + var ErrPasswordResuse = api.ErrBadRequest.WithDetail("password has been used before") + var ErrRevokedToken = ErrAccessDenied.WithDetail("revoked token") + var ErrSessionNotFound = api.ErrNotFound.WithMessage("session not found") + var ErrUnsupportedAlogrithm = api.ErrBadRequest.WithDetail("unsupported signing algorithm") + var ErrUserNotFound = api.ErrNotFound.WithMessage("user not found") + var Scopes = Scope + func ApiSwaggerV1OauthSwaggerYaml() (*asset, error) + func ApiSwaggerV1OauthSwaggerYamlBytes() ([]byte, error) + func Asset(name string) ([]byte, error) + func AssetDir(name string) ([]string, error) + func AssetInfo(name string) (os.FileInfo, error) + func AssetNames() []string + func Authorizer(opts ...AuthorizerOption) api.Authorizer + func ClientCredentials(config clientcredentials.Config, secure bool) (credentials.PerRPCCredentials, error) + func MustAsset(name string) []byte + func RestoreAsset(dir, name string) error + func RestoreAssets(dir, name string) error + func Routes() []api.Route + type Audience interface + ID func() string + Name func() string + Permissions func() Scope + RefreshTokenLifetime func() time.Duration + Secrets func() []TokenSecret + type AuthorizeParams struct + AppURI URI + Audience string + ClientID string + CodeChallenge PKCEChallenge + CodeChallengeMethod *PKCEChallengeMethod + RedirectURI *URI + ResponseType string + Scope Scope + State *string + func (p AuthorizeParams) Validate() error + type AuthorizeRoute func(ctx context.Context, params *AuthorizeParams) api.Responder + func (AuthorizeRoute) Methods() []string + func (AuthorizeRoute) Name() string + func (AuthorizeRoute) Path() string + func (AuthorizeRoute) Validate(params validation.Validatable) error + type AuthorizerOption func(a *authorizer) + func WithPermitQueryBearer(permit bool) AuthorizerOption + func WithPermitQueryToken(permit bool) AuthorizerOption + type BearerToken struct + AccessToken string + ExpiresIn int64 + IdentityToken string + RefreshToken *string + TokenType string + func NewBearer(secret TokenSecret, tokens ...Token) (*BearerToken, error) + type Claims map[string]interface + func (c *Claims) Encode(v interface{}) Claims + func (c Claims) All() map[string]interface{} + func (c Claims) Audience() string + func (c Claims) ClientID() string + func (c Claims) Delete(keys ...string) Claims + func (c Claims) ExpiresAt() time.Time + func (c Claims) Get(key string) interface{} + func (c Claims) ID() string + func (c Claims) IssuedAt() time.Time + func (c Claims) Merge(claims Claims) Claims + func (c Claims) Scan(value interface{}) error + func (c Claims) Scope() Scope + func (c Claims) Set(key string, value interface{}) + func (c Claims) Sign(s TokenSecret) (string, error) + func (c Claims) Subject() string + func (c Claims) Use() string + func (c Claims) Valid() error + func (c Claims) Value() (driver.Value, error) + type Client interface + Authorize func(ctx context.Context, aud Audience, grant GrantType, uris []URI, ...) error + ClientID func() string + Type func() ClientType + type ClientType string + const ClientTypeMachine + const ClientTypeNative + const ClientTypeWeb + func (c ClientType) Validate() error + type Controller interface + AudienceGet func(ctx context.Context, id string) (Audience, error) + ClientGet func(ctx context.Context, id string, secret ...string) (Client, error) + RequestTokenCreate func(ctx context.Context, req RequestToken) (string, error) + RequestTokenDelete func(ctx context.Context, id string) error + RequestTokenGet func(ctx context.Context, id string, t ...RequestTokenType) (RequestToken, error) + TokenCleanup func(ctx context.Context) error + TokenCreate func(ctx context.Context, token Token) (Token, error) + TokenGet func(ctx context.Context, id string, use ...TokenUse) (Token, error) + TokenRevoke func(ctx context.Context, id string) error + TokenRevokeAll func(ctx context.Context, sub string, uses ...TokenUse) error + UserAuthenticate func(ctx context.Context, login, password string) (User, error) + UserCreate func(ctx context.Context, login string, password *string, req RequestToken) (User, error) + UserGet func(ctx context.Context, sub string) (User, error) + UserLockout func(ctx context.Context, sub string, until ...time.Time) (time.Time, error) + UserNotify func(ctx context.Context, note Notification) error + UserSetPassword func(ctx context.Context, sub, password string) error + UserUpdate func(ctx context.Context, sub string, profile *openid.Profile) error + type ErrTooManyLoginAttempts struct + Attempts int + func NewErrTooManyLoginAttempts(attempts int) *ErrTooManyLoginAttempts + func (e ErrTooManyLoginAttempts) WithError(err error) api.ErrorResponse + type GrantList []GrantType + func (g GrantList) Contains(value GrantType) bool + func (g GrantList) Unique() GrantList + type GrantType string + const GrantTypeAuthCode + const GrantTypeClientCredentials + const GrantTypeNone + const GrantTypePassword + const GrantTypeRefreshToken + func (g GrantType) Validate() error + type Grants map[string]GrantList + func (g Grants) Append(a string, t ...GrantType) + func (g Grants) Get(a string) GrantList + func (g Grants) Scan(value interface{}) error + func (g Grants) Set(a string, t ...GrantType) + func (g Grants) Validate() error + func (g Grants) Value() (driver.Value, error) + type ID interface + String func() string + type JWKSInput struct + Audience string + func (j JWKSInput) Validate() error + type JWKSRoute func(ctx context.Context, params *JWKSInput) api.Responder + func (JWKSRoute) Methods() []string + func (JWKSRoute) Name() string + func (JWKSRoute) Path() string + type LoginParams struct + CodeVerifier string + Login string + Password string + RequestToken string + func (p LoginParams) Validate() error + type LoginRoute func(ctx context.Context, params *LoginParams) api.Responder + func (LoginRoute) Methods() []string + func (LoginRoute) Name() string + func (LoginRoute) Path() string + type LogoutParams struct + Audience string + ClientID string + RedirectURI *URI + State *string + func (p LogoutParams) Validate() error + type LogoutRoute func(ctx context.Context, params *LogoutParams) api.Responder + func (LogoutRoute) Methods() []string + func (LogoutRoute) Name() string + func (LogoutRoute) Path() string + type Notification interface + Channels func() []NotificationChannel + Subject func() string + Type func() NotificationType + URI func() *URI + type NotificationChannel string + type NotificationType string + type OIDConfigInput struct + Audience string + type OpenIDConfigRoute func(ctx context.Context, params *OIDConfigInput) api.Responder + func (OpenIDConfigRoute) Methods() []string + func (OpenIDConfigRoute) Name() string + func (OpenIDConfigRoute) Path() string + type PKCEChallenge string + func (c PKCEChallenge) Verify(v string) error + type PKCEChallengeMethod string + const PKCEChallengeMethodNone + const PKCEChallengeMethodS256 + func (c PKCEChallengeMethod) String() string + func (c PKCEChallengeMethod) Validate() error + type PasswordCreateParams struct + CodeVerifier string + Login string + Notify []NotificationChannel + RedirectURI *URI + RequestToken string + Type PasswordType + func (p PasswordCreateParams) Validate() error + type PasswordCreateRoute func(ctx context.Context, params *PasswordCreateParams) api.Responder + func (PasswordCreateRoute) Methods() []string + func (PasswordCreateRoute) Name() string + func (PasswordCreateRoute) Path() string + type PasswordNotification interface + Code func() string + PasswordType func() PasswordType + type PasswordType string + const PasswordTypeCode + const PasswordTypeLink + const PasswordTypeReset + func (p PasswordType) IsLink() bool + func (p PasswordType) String() string + func (p PasswordType) Validate() error + type PasswordUpdateParams struct + Password string + RedirectURI *URI + ResetToken string + func (p PasswordUpdateParams) Validate() error + type PasswordUpdateRoute func(ctx context.Context, params *PasswordUpdateParams) api.Responder + func (PasswordUpdateRoute) Methods() []string + func (PasswordUpdateRoute) Name() string + func (PasswordUpdateRoute) Path() string + func (PasswordUpdateRoute) RequireAuth() []api.CredentialType + func (PasswordUpdateRoute) Scopes() ScopeList + type RequestToken struct + AppURI *URI + Audience string + ClientID string + CodeChallenge PKCEChallenge + CodeChallengeMethod PKCEChallengeMethod + CreatedAt Time + ExpiresAt Time + ID ID + Passcode *string + RedirectURI *URI + Scope Scope + State *string + Subject *string + Type RequestTokenType + Uses int + func (r RequestToken) Validate() error + type RequestTokenType string + const RequestTokenTypeAuthCode + const RequestTokenTypeInvite + const RequestTokenTypeLogin + const RequestTokenTypeRefreshToken + const RequestTokenTypeSession + const RequestTokenTypeVerify + type Route interface + Scopes func() ScopeList + type Scope []string + func (s *Scope) Scan(value interface{}) error + func (s *Scope) UnmarshalText(v []byte) error + func (s Scope) Append(e ...string) Scope + func (s Scope) Contains(value string) bool + func (s Scope) Every(elements ...string) bool + func (s Scope) MarshalJSON() ([]byte, error) + func (s Scope) Some(elements ...string) bool + func (s Scope) Unique() Scope + func (s Scope) Value() (driver.Value, error) + func (s Scope) Without(elements ...string) Scope + type ScopeList struct + func BuildScope(scopes ...string) ScopeList + func (s ScopeList) And(scopes ...string) ScopeList + func (s ScopeList) Every(scopes ...string) bool + func (s ScopeList) Or(scopes ...string) ScopeList + func (s ScopeList) Some(scopes ...string) bool + type ScopeSet map[string]Scope + func (p ScopeSet) Append(a string, s ...string) + func (p ScopeSet) Get(a string) Scope + func (p ScopeSet) Scan(value interface{}) error + func (p ScopeSet) Set(a string, s ...string) + func (p ScopeSet) String() string + func (p ScopeSet) Value() (driver.Value, error) + type SessionParams struct + RedirectURI *URI + RequestToken string + State *string + func (p SessionParams) Validate() error + type SessionRoute func(ctx context.Context, params *SessionParams) api.Responder + func (SessionRoute) Methods() []string + func (SessionRoute) Name() string + func (SessionRoute) Path() string + func (SessionRoute) RequireAuth() []api.CredentialType + func (SessionRoute) Scopes() ScopeList + type SignupParams struct + CodeVerifier string + InviteToken *string + Login string + Password *string + RequestToken string + func (p SignupParams) Validate() error + type SignupRoute func(ctx context.Context, params *SignupParams) api.Responder + func (SignupRoute) Methods() []string + func (SignupRoute) Name() string + func (SignupRoute) Path() string + type SpecGetInput struct + Format string + Pretty bool + type SpecRoute func(ctx context.Context, params *SpecGetInput) api.Responder + func (SpecRoute) Methods() []string + func (SpecRoute) Name() string + func (SpecRoute) Path() string + type Time time.Time + func (t Time) MarshalJSON() ([]byte, error) + func (t Time) Ptr() *Time + func (t Time) Time() time.Time + type Token struct + Audience string + AuthTime *Time + Bearer *string + Claims Claims + ClientID string + ExpiresAt *Time + ID string + IssuedAt Time + Issuer *URI + Revokable bool + RevokedAt *Time + Scope Scope + Subject *string + Use TokenUse + func NewToken(use TokenUse) Token + func ParseBearer(bearer string, keyFn func(kid string, c Claims) (TokenSecret, error)) (Token, error) + func TokenFromClaims(c Claims) (Token, error) + func (t Token) AuthClaims() api.Claims + func (t Token) CredentialType() api.CredentialType + func (t Token) Credentials() string + func (t Token) Sign(s TokenSecret) (string, error) + func (t Token) Type() api.PrincipalType + func (t Token) Validate() error + type TokenAlgorithm string + const TokenAlgorithmHS256 + const TokenAlgorithmNone + const TokenAlgorithmRS256 + const TokenLifetimeMinimum + func (a TokenAlgorithm) Ptr() *TokenAlgorithm + func (a TokenAlgorithm) String() string + func (a TokenAlgorithm) Validate() error + type TokenIntrospectParams struct + Token string + func (p TokenIntrospectParams) Validate() error + type TokenIntrospectRoute func(ctx context.Context, params *TokenIntrospectParams) api.Responder + func (TokenIntrospectRoute) Methods() []string + func (TokenIntrospectRoute) Name() string + func (TokenIntrospectRoute) Path() string + func (TokenIntrospectRoute) RequireAuth() []api.CredentialType + func (TokenIntrospectRoute) Scopes() ScopeList + type TokenParams struct + Audience *string + ClientID string + ClientSecret *string + Code *string + CodeVerifier *string + GrantType GrantType + RedirectURI *URI + RefreshToken *string + Scope Scope + func (p TokenParams) Validate() error + type TokenRevokeParams struct + Token string + func (p TokenRevokeParams) Validate() error + type TokenRevokeRoute func(ctx context.Context, params *TokenRevokeParams) api.Responder + func (TokenRevokeRoute) Methods() []string + func (TokenRevokeRoute) Name() string + func (TokenRevokeRoute) Path() string + func (TokenRevokeRoute) RequireAuth() []api.CredentialType + func (TokenRevokeRoute) Scopes() ScopeList + type TokenRoute func(ctx context.Context, params *TokenParams) api.Responder + func (TokenRoute) Methods() []string + func (TokenRoute) Name() string + func (TokenRoute) Path() string + type TokenSecret interface + Algorithm func() TokenAlgorithm + ExpiresAt func() *time.Time + ID func() string + Key func() interface{} + VerifyKey func() interface{} + type TokenUse string + const TokenUseAccess + const TokenUseIdentity + const TokenUseVerify + type URI string + func (u URI) Append(paths ...string) URI + func (u URI) Parse() (*url.URL, error) + func (u URI) Ptr() *URI + func (u URI) String() string + func (u URI) Validate() error + type URIList []URI + func MakeURIList(uris ...string) URIList + func (u *URIList) Scan(value interface{}) error + func (u URIList) MarshalJSON() ([]byte, error) + func (u URIList) Unique() URIList + func (u URIList) Value() (driver.Value, error) + type User interface + Permissions func(aud Audience) Scope + Profile func() *openid.Profile + Subject func() string + type UserInfoParams struct + func (p UserInfoParams) Validate() error + type UserInfoRoute func(ctx context.Context, params *UserInfoParams) api.Responder + func (UserInfoRoute) Methods() []string + func (UserInfoRoute) Name() string + func (UserInfoRoute) Path() string + func (UserInfoRoute) RequireAuth() []api.CredentialType + func (UserInfoRoute) Scopes() ScopeList + type UserInfoUpdateParams struct + func (p UserInfoUpdateParams) Validate() error + type UserInfoUpdateRoute func(ctx context.Context, params *UserInfoUpdateParams) api.Responder + func (UserInfoUpdateRoute) Methods() []string + func (UserInfoUpdateRoute) Name() string + func (UserInfoUpdateRoute) Path() string + func (UserInfoUpdateRoute) RequireAuth() []api.CredentialType + func (UserInfoUpdateRoute) Scopes() ScopeList + type VerificationNotification interface + type VerifyParams struct + RedirectURI *URI + State *string + func (p VerifyParams) Validate() error + type VerifyRoute func(ctx context.Context, params *VerifyParams) api.Responder + func (VerifyRoute) Methods() []string + func (VerifyRoute) Name() string + func (VerifyRoute) Path() string + func (VerifyRoute) RequireAuth() []api.CredentialType + func (VerifyRoute) Scopes() ScopeList + type VerifySendParams struct + Method NotificationChannel + func (p VerifySendParams) Validate() error + type VerifySendRoute func(ctx context.Context, params *VerifySendParams) api.Responder + func (VerifySendRoute) Methods() []string + func (VerifySendRoute) Name() string + func (VerifySendRoute) Path() string + func (VerifySendRoute) RequireAuth() []api.CredentialType + func (VerifySendRoute) Scopes() ScopeList