osin

package module
v0.0.0-...-5beb5a4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 24, 2018 License: BSD-3-Clause Imports: 9 Imported by: 2

README

OSIN

Golang OAuth2 server library

OSIN is an OAuth2 server library for the Go language, as specified at http://tools.ietf.org/html/rfc6749 and http://tools.ietf.org/html/draft-ietf-oauth-v2-10.

Using it, you can build your own OAuth2 authentication service.

The library implements the majority of the specification, like authorization and token endpoints, and authorization code, implicit, resource owner and client credentials grant types.

Dependencies
Example Server
import "github.com/RangelReale/osin"

// TestStorage implements the "osin.Storage" interface
server := osin.NewServer(osin.NewServerConfig(), &TestStorage{})

// Authorization code endpoint
http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
	resp := server.NewResponse()
	if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {

		// HANDLE LOGIN PAGE HERE

		ar.Authorized = true
		server.FinishAuthorizeRequest(resp, r, ar)
	}
	osin.OutputJSON(resp, w, r)
})

// Access token endpoint
http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
	resp := server.NewResponse()
	if ar := server.HandleAccessRequest(resp, r); ar != nil {
		ar.Authorized = true
		server.FinishAccessRequest(resp, r, ar)
	}
	osin.OutputJSON(resp, w, r)
})

http.ListenAndServe(":14000", nil)
Example Access

Open in your web browser:

http://localhost:14000/authorize?response_type=code&client_id=1234&redirect_url=http%3A%2F%2Flocalhost%3A14000%2Fappauth%2Fcode
License

The code is licensed using "New BSD" license.

Author

Rangel Reale

Documentation

Index

Constants

View Source
const (
	AUTHORIZATION_CODE AccessRequestType = "authorization_code"
	REFRESH_TOKEN                        = "refresh_token"
	PASSWORD                             = "password"
	CLIENT_CREDENTIALS                   = "client_credentials"
	ASSERTION                            = "assertion"
	IMPLICIT                             = "__implicit"
)
View Source
const (
	E_INVALID_REQUEST           string = "invalid_request"
	E_UNAUTHORIZED_CLIENT              = "unauthorized_client"
	E_ACCESS_DENIED                    = "access_denied"
	E_UNSUPPORTED_RESPONSE_TYPE        = "unsupported_response_type"
	E_INVALID_SCOPE                    = "invalid_scope"
	E_SERVER_ERROR                     = "server_error"
	E_TEMPORARILY_UNAVAILABLE          = "temporarily_unavailable"
	E_UNSUPPORTED_GRANT_TYPE           = "unsupported_grant_type"
	E_INVALID_GRANT                    = "invalid_grant"
	E_INVALID_CLIENT                   = "invalid_client"
)

Variables

This section is empty.

Functions

func OutputJSON

func OutputJSON(rs *Response, w http.ResponseWriter, r *http.Request) error

OutputJSON encodes the Response to JSON and writes to the http.ResponseWriter

func ValidateUri

func ValidateUri(baseUri string, redirectUri string) error

ValidateUri validates that redirectUri is contained in baseUri

Types

type AccessData

type AccessData struct {
	// Client information
	Client *Client

	// Authorize data, for authorization code
	AuthorizeData *AuthorizeData

	// Previous access data, for refresh token
	AccessData *AccessData

	// Access token
	AccessToken string

	// Refresh Token. Can be blank
	RefreshToken string

	// Token expiration in seconds
	ExpiresIn int32

	// Requested scope
	Scope string

	// Redirect Uri from request
	RedirectUri string

	// Date created
	CreatedAt time.Time

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

AccessData represents an access grant (tokens, expiration, client, etc)

func (*AccessData) ExpireAt

func (d *AccessData) ExpireAt() time.Time

ExpireAt returns the expiration date

func (*AccessData) IsExpired

func (d *AccessData) IsExpired() bool

IsExpired returns true if access expired

type AccessRequest

type AccessRequest struct {
	Type          AccessRequestType
	Code          string
	Client        *Client
	AuthorizeData *AuthorizeData
	AccessData    *AccessData
	RedirectUri   string
	Scope         string
	Username      string
	Password      string
	AssertionType string
	Assertion     string

	// Set if request is authorized
	Authorized bool

	// Token expiration in seconds. Change if different from default
	Expiration int32

	// Set if a refresh token should be generated
	GenerateRefresh bool

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

AccessRequest is a request for access tokens

type AccessRequestType

type AccessRequestType string

AccessRequestType is the type for OAuth param `grant_type`

type AccessTokenGen

type AccessTokenGen interface {
	GenerateAccessToken(data *AccessData, generaterefresh bool) (accesstoken string, refreshtoken string, err error)
}

AccessTokenGen generates access tokens

type AccessTokenGenDefault

type AccessTokenGenDefault struct {
}

AccessTokenGenDefault is the default authorization token generator

func (*AccessTokenGenDefault) GenerateAccessToken

func (a *AccessTokenGenDefault) GenerateAccessToken(data *AccessData, generaterefresh bool) (accesstoken string, refreshtoken string, err error)

GenerateAccessToken generates base64-encoded UUID access and refresh tokens

type AllowedAccessType

type AllowedAccessType []AccessRequestType

AllowedAccessType is a collection of allowed access request types

func (AllowedAccessType) Exists

Exists returns true if the access type exists in the list

type AllowedAuthorizeType

type AllowedAuthorizeType []AuthorizeRequestType

AllowedAuthorizeType is a collection of allowed auth request types

func (AllowedAuthorizeType) Exists

Exists returns true if the auth type exists in the list

type AuthorizeData

type AuthorizeData struct {
	// Client information
	Client *Client

	// Authorization code
	Code string

	// Token expiration in seconds
	ExpiresIn int32

	// Requested scope
	Scope string

	// Redirect Uri from request
	RedirectUri string

	// State data from request
	State string

	// Date created
	CreatedAt time.Time

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

Authorization data

func (*AuthorizeData) ExpireAt

func (d *AuthorizeData) ExpireAt() time.Time

ExpireAt returns the expiration date

func (*AuthorizeData) IsExpired

func (d *AuthorizeData) IsExpired() bool

IsExpired is true if authorization expired

type AuthorizeRequest

type AuthorizeRequest struct {
	Type        AuthorizeRequestType
	Client      *Client
	Scope       string
	RedirectUri string
	State       string

	// Set if request is authorized
	Authorized bool

	// Token expiration in seconds. Change if different from default.
	// If type = TOKEN, this expiration will be for the ACCESS token.
	Expiration int32

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

Authorize request information

type AuthorizeRequestType

type AuthorizeRequestType string

AuthorizeRequestType is the type for OAuth param `response_type`

const (
	CODE  AuthorizeRequestType = "code"
	TOKEN                      = "token"
)

type AuthorizeTokenGen

type AuthorizeTokenGen interface {
	GenerateAuthorizeToken(data *AuthorizeData) (string, error)
}

AuthorizeTokenGen is the token generator interface

type AuthorizeTokenGenDefault

type AuthorizeTokenGenDefault struct {
}

AuthorizeTokenGenDefault is the default authorization token generator

func (*AuthorizeTokenGenDefault) GenerateAuthorizeToken

func (a *AuthorizeTokenGenDefault) GenerateAuthorizeToken(data *AuthorizeData) (ret string, err error)

GenerateAuthorizeToken generates a base64-encoded UUID code

type BasicAuth

type BasicAuth struct {
	Username string
	Password string
}

Parse basic authentication header

func CheckBasicAuth

func CheckBasicAuth(r *http.Request) (*BasicAuth, error)

Return authorization header data

type Client

type Client struct {
	// Client id
	Id string

	// Client secret
	Secret string

	// Base client uri
	RedirectUri string

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

Client information

type DefaultErrorId

type DefaultErrorId string

type DefaultErrors

type DefaultErrors struct {
	// contains filtered or unexported fields
}

Default errors and messages

func (*DefaultErrors) Get

func (e *DefaultErrors) Get(id string) string

type InfoRequest

type InfoRequest struct {
	Code       string      // Code to look up
	AccessData *AccessData // AccessData associated with Code
}

InfoRequest is a request for information about some AccessData

type Response

type Response struct {
	Type               ResponseType
	StatusCode         int
	StatusText         string
	ErrorStatusCode    int
	URL                string
	Output             ResponseData
	Headers            http.Header
	IsError            bool
	InternalError      error
	RedirectInFragment bool
}

Server response

func NewResponse

func NewResponse() *Response

func (*Response) GetRedirectUrl

func (r *Response) GetRedirectUrl() (string, error)

GetRedirectUrl returns the redirect url with all query string parameters

func (*Response) SetError

func (r *Response) SetError(id string, description string)

SetError sets an error id and description on the Response state and uri are left blank

func (*Response) SetErrorState

func (r *Response) SetErrorState(id string, description string, state string)

SetErrorState sets an error id, description, and state on the Response uri is left blank

func (*Response) SetErrorUri

func (r *Response) SetErrorUri(id string, description string, uri string, state string)

SetErrorUri sets an error id, description, state, and uri on the Response

func (*Response) SetRedirect

func (r *Response) SetRedirect(url string)

SetErrorUri changes the response to redirect to the given url

func (*Response) SetRedirectFragment

func (r *Response) SetRedirectFragment(f bool)

SetRedirectFragment sets redirect values to be passed in fragment instead of as query parameters

type ResponseData

type ResponseData map[string]interface{}

Data for response output

type ResponseType

type ResponseType int

Response type enum

const (
	DATA ResponseType = iota
	REDIRECT
)

type Server

type Server struct {
	Config            *ServerConfig
	Storage           Storage
	AuthorizeTokenGen AuthorizeTokenGen
	AccessTokenGen    AccessTokenGen
}

Server is an OAuth2 implementation

func NewServer

func NewServer(config *ServerConfig, storage Storage) *Server

NewServer creates a new server instance

func (*Server) FinishAccessRequest

func (s *Server) FinishAccessRequest(w *Response, r *http.Request, ar *AccessRequest)

func (*Server) FinishAuthorizeRequest

func (s *Server) FinishAuthorizeRequest(w *Response, r *http.Request, ar *AuthorizeRequest)

func (*Server) FinishInfoRequest

func (s *Server) FinishInfoRequest(w *Response, r *http.Request, ir *InfoRequest)

FinishInfoRequest finalizes the request handled by HandleInfoRequest

func (*Server) HandleAccessRequest

func (s *Server) HandleAccessRequest(w *Response, r *http.Request) *AccessRequest

HandleAccessRequest is the http.HandlerFunc for handling access token requests

func (*Server) HandleAuthorizeRequest

func (s *Server) HandleAuthorizeRequest(w *Response, r *http.Request) *AuthorizeRequest

HandleAuthorizeRequest is the main http.HandlerFunc for handling authorization requests

func (*Server) HandleInfoRequest

func (s *Server) HandleInfoRequest(w *Response, r *http.Request) *InfoRequest

HandleInfoRequest is an http.HandlerFunc for server information NOT an RFC specification.

func (*Server) NewResponse

func (s *Server) NewResponse() *Response

NewResponse creates a new response for the server

type ServerConfig

type ServerConfig struct {
	// Authorization token expiration in seconds (default 5 minutes)
	AuthorizationExpiration int32

	// Access token expiration in seconds (default 1 hour)
	AccessExpiration int32

	// Token type to return
	TokenType string

	// List of allowed authorize types (only CODE by default)
	AllowedAuthorizeTypes AllowedAuthorizeType

	// List of allowed access types (only AUTHORIZATION_CODE by default)
	AllowedAccessTypes AllowedAccessType

	// HTTP status code to return for errors - default 200
	// Only used if response was created from server
	ErrorStatusCode int

	// If true allows client secret also in params, else only in
	// Authorization header - default false
	AllowClientSecretInParams bool

	// If true allows access request using GET, else only POST - default false
	AllowGetAccessRequest bool
}

ServerConfig contains server configuration information

func NewServerConfig

func NewServerConfig() *ServerConfig

NewServerConfig returns a new ServerConfig with default configuration

type Storage

type Storage interface {

	// GetClient loads the client by id (client_id)
	GetClient(id string, r *http.Request) (*Client, error)

	// SaveAuthorize saves authorize data.
	SaveAuthorize(d *AuthorizeData, r *http.Request) error

	// LoadAuthorize looks up AuthorizeData by a code.
	// Client information MUST be loaded together.
	// Optionally can return error if expired.
	LoadAuthorize(code string, r *http.Request) (*AuthorizeData, error)

	// RemoveAuthorize revokes or deletes the authorization code.
	RemoveAuthorize(code string, r *http.Request) error

	// SaveAccess writes AccessData.
	// If RefreshToken is not blank, it must save in a way that can be loaded using LoadRefresh.
	SaveAccess(d *AccessData, r *http.Request) error

	// LoadAccess retrieves access data by token. Client information MUST be loaded together.
	// AuthorizeData and AccessData DON'T NEED to be loaded if not easily available.
	// Optionally can return error if expired.
	LoadAccess(token string, r *http.Request) (*AccessData, error)

	// RemoveAccess revokes or deletes an AccessData.
	RemoveAccess(token string, r *http.Request) error

	// LoadRefresh retrieves refresh AccessData. Client information MUST be loaded together.
	// AuthorizeData and AccessData DON'T NEED to be loaded if not easily available.
	// Optionally can return error if expired.
	LoadRefresh(token string, r *http.Request) (*AccessData, error)

	// RemoveRefresh revokes or deletes refresh AccessData.
	RemoveRefresh(token string, r *http.Request) error
}

Storage interface

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL