Documentation
¶
Index ¶
- Constants
- Variables
- func AddContextTokenToRequest(ctx context.Context, r *http.Request) (*http.Request, bool)
- func AddToContext(ctx context.Context, s string) context.Context
- func FromCtx(ctx context.Context) string
- func NewPrivKeyAuthToken(pk crypto.PrivKey, profileID string, ttl time.Duration) (string, error)
- func OAuthTokenMiddleware(next http.Handler) http.Handler
- type Claims
- type ClientType
- type CtxKey
- type GrantType
- type LocalProvider
- type Provider
- type RawToken
- type RawTokens
- type Request
- type Response
- type ResponseType
- type Source
- type Store
- type Token
Constants ¶
const ( // RTCode signals the token response type is 'code' RTCode ResponseType = "code" // RTToken signals the token response type is 'token' RTToken ResponseType = "token" // AccessTokenTTL is the lifespan of an access token AccessTokenTTL = time.Hour * 2 // RefreshTokenTTL is the lifespan of a refresh token RefreshTokenTTL = time.Hour * 24 * 30 // AccessCodeTTL is the lifespan of an access code AccessCodeTTL = time.Minute * 2 )
Variables ¶
var ( // Timestamp is a replacable function for getting the current time, // can be overridden for tests Timestamp = func() time.Time { return time.Now() } // ErrTokenNotFound is returned by stores that cannot find an access token // for a given key ErrTokenNotFound = errors.New("access token not found") // ErrInvalidToken indicates an access token is invalid ErrInvalidToken = errors.New("invalid access token") // DefaultTokenTTL is the default DefaultTokenTTL = time.Hour * 24 * 14 )
var ( // ErrInvalidRequest is returned on any parse or void output error ErrInvalidRequest = fmt.Errorf("invalid request") // ErrInvalidCredentials signals a bad username/password/key error ErrInvalidCredentials = fmt.Errorf("invalid user credentials") // ErrNotFound is returned when no matching results exist for the provided credentials ErrNotFound = fmt.Errorf("user not found") // ErrServerError is returned on unexpected errors ErrServerError = fmt.Errorf("server error") // ErrInvalidAuthorizeCode is returned on parsing an invalid authorization code ErrInvalidAuthorizeCode = fmt.Errorf("invalid authorize code") // ErrInvalidAccessToken is returned on parsing an invalid access token ErrInvalidAccessToken = fmt.Errorf("invalid access token") // ErrCodeExpired is returned for expired authorization codes ErrCodeExpired = fmt.Errorf("code expired") // ErrTokenExpired is returned for expired tokens ErrTokenExpired = fmt.Errorf("token expired") // ErrInvalidRefreshToken is returned on parsing invalid refresh tokens ErrInvalidRefreshToken = fmt.Errorf("invalid refresh token") )
Functions ¶
func AddContextTokenToRequest ¶
AddContextTokenToRequest checks the supplied context for an auth token and adds it to an http request, returns true if a token is added
func AddToContext ¶
AddToContext adds a token string to a context
func NewPrivKeyAuthToken ¶
NewPrivKeyAuthToken creates a JWT token string suitable for making requests authenticated as the given private key
Types ¶
type Claims ¶
type Claims struct {
*jwt.StandardClaims
ClientType ClientType `json:"clientType"`
}
Claims is a JWT Claims object
type ClientType ¶
type ClientType string
ClientType is used to enumerate the user types to distingish them later from the token
const ( // UserClient represents a human user that's authenticated with his own credentials UserClient ClientType = "user" // NodeClient represents a machine client that's authenticated with api client credentials NodeClient ClientType = "node" )
func (ClientType) String ¶
func (ct ClientType) String() string
type CtxKey ¶
type CtxKey string
CtxKey defines a distinct type for context keys used by the access package
type GrantType ¶
type GrantType string
GrantType authorization model
type LocalProvider ¶
type LocalProvider struct {
// contains filtered or unexported fields
}
LocalProvider implements the Provider interface and provides mechanics for generating tokens for a selected profile
func NewProvider ¶
NewProvider instantiates a new LocalProvider
type Provider ¶
type Provider interface {
// Token handles the auth token flow
Token(ctx context.Context, req *Request) (*Response, error)
}
Provider is a service that generates access & refresh tokens
type RawTokens ¶
type RawTokens []RawToken
RawTokens is a list of tokens that implements sorting by keys
type Request ¶
type Request struct {
GrantType GrantType `json:"grant_type"`
Code string `json:"code"`
Username string `json:"username"`
Password string `json:"password"`
RefreshToken string `json:"refresh_token"`
RedirectURI string `json:"redirect_uri"`
}
Request is a wrapper for incoming token requests
type Response ¶
type Response struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"`
RefreshToken string `json:"refresh_token,omitempty"`
}
Response wraps the token response object
type ResponseType ¶
type ResponseType string
ResponseType the type of authorization request
func (ResponseType) String ¶
func (rt ResponseType) String() string
type Source ¶
type Source interface {
CreateToken(pro *profile.Profile, ttl time.Duration) (string, error)
CreateTokenWithClaims(claims *Claims, ttl time.Duration) (string, error)
// VerifyKey returns the verification key for a given token
VerificationKey(t *Token) (interface{}, error)
}
Source creates tokens, and provides a verification key for all tokens it creates
implementations of Source must conform to the assertion test defined in the spec subpackage
type Store ¶
type Store interface {
PutToken(ctx context.Context, key, rawToken string) error
RawToken(ctx context.Context, key string) (rawToken string, err error)
DeleteToken(ctx context.Context, key string) (err error)
ListTokens(ctx context.Context, offset, limit int) (results []RawToken, err error)
}
Store is a store intended for clients, who need to persist secret jwts given to them by other remotes for API access. It deals in raw, string-formatted json web tokens, which are more useful when working with APIs, but validates the tokens are well-formed when placed in the store
implementations of Store must conform to the assertion test defined in the spec subpackage
Source Files
Directories