Documentation ¶
Index ¶
- Constants
- func OutputJSON(rs *Response, w http.ResponseWriter, r *http.Request) error
- func ValidateUri(baseUri string, redirectUri string) error
- type AccessData
- type AccessRequest
- type AccessRequestType
- type AccessTokenGen
- type AccessTokenGenDefault
- type AllowedAccessType
- type AllowedAuthorizeType
- type AuthorizeData
- type AuthorizeRequest
- type AuthorizeRequestType
- type AuthorizeTokenGen
- type AuthorizeTokenGenDefault
- type BasicAuth
- type Client
- type DefaultErrorId
- type DefaultErrors
- type InfoRequest
- type Response
- func (r *Response) GetRedirectUrl() (string, error)
- func (r *Response) SetError(id string, description string)
- func (r *Response) SetErrorState(id string, description string, state string)
- func (r *Response) SetErrorUri(id string, description string, uri string, state string)
- func (r *Response) SetRedirect(url string)
- func (r *Response) SetRedirectFragment(f bool)
- type ResponseData
- type ResponseType
- type Server
- func (s *Server) FinishAccessRequest(w *Response, r *http.Request, ar *AccessRequest)
- func (s *Server) FinishAuthorizeRequest(w *Response, r *http.Request, ar *AuthorizeRequest)
- func (s *Server) FinishInfoRequest(w *Response, r *http.Request, ir *InfoRequest)
- func (s *Server) HandleAccessRequest(w *Response, r *http.Request) *AccessRequest
- func (s *Server) HandleAuthorizeRequest(w *Response, r *http.Request) *AuthorizeRequest
- func (s *Server) HandleInfoRequest(w *Response, r *http.Request) *InfoRequest
- func (s *Server) NewResponse() *Response
- type ServerConfig
- type Storage
Constants ¶
const ( AUTHORIZATION_CODE AccessRequestType = "authorization_code" REFRESH_TOKEN = "refresh_token" PASSWORD = "password" CLIENT_CREDENTIALS = "client_credentials" ASSERTION = "assertion" IMPLICIT = "__implicit" )
const ( E_INVALID_REQUEST string = "invalid_request" E_UNAUTHORIZED_CLIENT = "unauthorized_client" E_ACCESS_DENIED = "access_denied" E_UNSUPPORTED_RESPONSE_TYPE = "unsupported_response_type" E_INVALID_SCOPE = "invalid_scope" E_SERVER_ERROR = "server_error" E_TEMPORARILY_UNAVAILABLE = "temporarily_unavailable" E_UNSUPPORTED_GRANT_TYPE = "unsupported_grant_type" E_INVALID_GRANT = "invalid_grant" E_INVALID_CLIENT = "invalid_client" )
Variables ¶
This section is empty.
Functions ¶
func OutputJSON ¶
OutputJSON encodes the Response to JSON and writes to the http.ResponseWriter
func ValidateUri ¶
ValidateUri validates that redirectUri is contained in baseUri
Types ¶
type AccessData ¶
type AccessData struct { // Client information Client *Client // Authorize data, for authorization code AuthorizeData *AuthorizeData // Previous access data, for refresh token AccessData *AccessData // Access token AccessToken string // Refresh Token. Can be blank RefreshToken string // Token expiration in seconds ExpiresIn int32 // Requested scope Scope string // Redirect Uri from request RedirectUri string // Date created CreatedAt time.Time // Data to be passed to storage. Not used by the library. UserData interface{} }
AccessData represents an access grant (tokens, expiration, client, etc)
func (*AccessData) ExpireAt ¶
func (d *AccessData) ExpireAt() time.Time
ExpireAt returns the expiration date
func (*AccessData) IsExpired ¶
func (d *AccessData) IsExpired() bool
IsExpired returns true if access expired
type AccessRequest ¶
type AccessRequest struct { Type AccessRequestType Code string Client *Client AuthorizeData *AuthorizeData AccessData *AccessData RedirectUri string Scope string Username string Password string AssertionType string Assertion string // Set if request is authorized Authorized bool // Token expiration in seconds. Change if different from default Expiration int32 // Set if a refresh token should be generated GenerateRefresh bool // Data to be passed to storage. Not used by the library. UserData interface{} }
AccessRequest is a request for access tokens
type AccessRequestType ¶
type AccessRequestType string
AccessRequestType is the type for OAuth param `grant_type`
type AccessTokenGen ¶
type AccessTokenGen interface {
GenerateAccessToken(data *AccessData, generaterefresh bool) (accesstoken string, refreshtoken string, err error)
}
AccessTokenGen generates access tokens
type AccessTokenGenDefault ¶
type AccessTokenGenDefault struct { }
AccessTokenGenDefault is the default authorization token generator
func (*AccessTokenGenDefault) GenerateAccessToken ¶
func (a *AccessTokenGenDefault) GenerateAccessToken(data *AccessData, generaterefresh bool) (accesstoken string, refreshtoken string, err error)
GenerateAccessToken generates base64-encoded UUID access and refresh tokens
type AllowedAccessType ¶
type AllowedAccessType []AccessRequestType
AllowedAccessType is a collection of allowed access request types
func (AllowedAccessType) Exists ¶
func (t AllowedAccessType) Exists(rt AccessRequestType) bool
Exists returns true if the access type exists in the list
type AllowedAuthorizeType ¶
type AllowedAuthorizeType []AuthorizeRequestType
AllowedAuthorizeType is a collection of allowed auth request types
func (AllowedAuthorizeType) Exists ¶
func (t AllowedAuthorizeType) Exists(rt AuthorizeRequestType) bool
Exists returns true if the auth type exists in the list
type AuthorizeData ¶
type AuthorizeData struct { // Client information Client *Client // Authorization code Code string // Token expiration in seconds ExpiresIn int32 // Requested scope Scope string // Redirect Uri from request RedirectUri string // State data from request State string // Date created CreatedAt time.Time // Data to be passed to storage. Not used by the library. UserData interface{} }
Authorization data
func (*AuthorizeData) ExpireAt ¶
func (d *AuthorizeData) ExpireAt() time.Time
ExpireAt returns the expiration date
func (*AuthorizeData) IsExpired ¶
func (d *AuthorizeData) IsExpired() bool
IsExpired is true if authorization expired
type AuthorizeRequest ¶
type AuthorizeRequest struct { Type AuthorizeRequestType Client *Client Scope string RedirectUri string State string // Set if request is authorized Authorized bool // Token expiration in seconds. Change if different from default. // If type = TOKEN, this expiration will be for the ACCESS token. Expiration int32 // Data to be passed to storage. Not used by the library. UserData interface{} }
Authorize request information
type AuthorizeRequestType ¶
type AuthorizeRequestType string
AuthorizeRequestType is the type for OAuth param `response_type`
const ( CODE AuthorizeRequestType = "code" TOKEN = "token" )
type AuthorizeTokenGen ¶
type AuthorizeTokenGen interface {
GenerateAuthorizeToken(data *AuthorizeData) (string, error)
}
AuthorizeTokenGen is the token generator interface
type AuthorizeTokenGenDefault ¶
type AuthorizeTokenGenDefault struct { }
AuthorizeTokenGenDefault is the default authorization token generator
func (*AuthorizeTokenGenDefault) GenerateAuthorizeToken ¶
func (a *AuthorizeTokenGenDefault) GenerateAuthorizeToken(data *AuthorizeData) (ret string, err error)
GenerateAuthorizeToken generates a base64-encoded UUID code
type Client ¶
type Client struct { // Client id Id string // Client secret Secret string // Base client uri RedirectUri string // Data to be passed to storage. Not used by the library. UserData interface{} }
Client information
type DefaultErrorId ¶
type DefaultErrorId string
type DefaultErrors ¶
type DefaultErrors struct {
// contains filtered or unexported fields
}
Default errors and messages
func NewDefaultErrors ¶
func NewDefaultErrors() *DefaultErrors
NewDefaultErrors initializes OAuth2 error codes and descriptions. http://tools.ietf.org/html/rfc6749#section-4.1.2.1 http://tools.ietf.org/html/rfc6749#section-4.2.2.1 http://tools.ietf.org/html/rfc6749#section-5.2 http://tools.ietf.org/html/rfc6749#section-7.2
func (*DefaultErrors) Get ¶
func (e *DefaultErrors) Get(id string) string
type InfoRequest ¶
type InfoRequest struct { Code string // Code to look up AccessData *AccessData // AccessData associated with Code }
InfoRequest is a request for information about some AccessData
type Response ¶
type Response struct { Type ResponseType StatusCode int StatusText string ErrorStatusCode int URL string Output ResponseData Headers http.Header IsError bool InternalError error RedirectInFragment bool }
Server response
func NewResponse ¶
func NewResponse() *Response
func (*Response) GetRedirectUrl ¶
GetRedirectUrl returns the redirect url with all query string parameters
func (*Response) SetError ¶
SetError sets an error id and description on the Response state and uri are left blank
func (*Response) SetErrorState ¶
SetErrorState sets an error id, description, and state on the Response uri is left blank
func (*Response) SetErrorUri ¶
SetErrorUri sets an error id, description, state, and uri on the Response
func (*Response) SetRedirect ¶
SetErrorUri changes the response to redirect to the given url
func (*Response) SetRedirectFragment ¶
SetRedirectFragment sets redirect values to be passed in fragment instead of as query parameters
type ResponseType ¶
type ResponseType int
Response type enum
const ( DATA ResponseType = iota REDIRECT )
type Server ¶
type Server struct { Config *ServerConfig Storage Storage AuthorizeTokenGen AuthorizeTokenGen AccessTokenGen AccessTokenGen }
Server is an OAuth2 implementation
func NewServer ¶
func NewServer(config *ServerConfig, storage Storage) *Server
NewServer creates a new server instance
func (*Server) FinishAccessRequest ¶
func (s *Server) FinishAccessRequest(w *Response, r *http.Request, ar *AccessRequest)
func (*Server) FinishAuthorizeRequest ¶
func (s *Server) FinishAuthorizeRequest(w *Response, r *http.Request, ar *AuthorizeRequest)
func (*Server) FinishInfoRequest ¶
func (s *Server) FinishInfoRequest(w *Response, r *http.Request, ir *InfoRequest)
FinishInfoRequest finalizes the request handled by HandleInfoRequest
func (*Server) HandleAccessRequest ¶
func (s *Server) HandleAccessRequest(w *Response, r *http.Request) *AccessRequest
HandleAccessRequest is the http.HandlerFunc for handling access token requests
func (*Server) HandleAuthorizeRequest ¶
func (s *Server) HandleAuthorizeRequest(w *Response, r *http.Request) *AuthorizeRequest
HandleAuthorizeRequest is the main http.HandlerFunc for handling authorization requests
func (*Server) HandleInfoRequest ¶
func (s *Server) HandleInfoRequest(w *Response, r *http.Request) *InfoRequest
HandleInfoRequest is an http.HandlerFunc for server information NOT an RFC specification.
func (*Server) NewResponse ¶
NewResponse creates a new response for the server
type ServerConfig ¶
type ServerConfig struct { // Authorization token expiration in seconds (default 5 minutes) AuthorizationExpiration int32 // Access token expiration in seconds (default 1 hour) AccessExpiration int32 // Token type to return TokenType string // List of allowed authorize types (only CODE by default) AllowedAuthorizeTypes AllowedAuthorizeType // List of allowed access types (only AUTHORIZATION_CODE by default) AllowedAccessTypes AllowedAccessType // HTTP status code to return for errors - default 200 // Only used if response was created from server ErrorStatusCode int // If true allows client secret also in params, else only in // Authorization header - default false AllowClientSecretInParams bool // If true allows access request using GET, else only POST - default false AllowGetAccessRequest bool }
ServerConfig contains server configuration information
func NewServerConfig ¶
func NewServerConfig() *ServerConfig
NewServerConfig returns a new ServerConfig with default configuration
type Storage ¶
type Storage interface { // GetClient loads the client by id (client_id) GetClient(id string, r *http.Request) (*Client, error) // SaveAuthorize saves authorize data. SaveAuthorize(d *AuthorizeData, r *http.Request) error // LoadAuthorize looks up AuthorizeData by a code. // Client information MUST be loaded together. // Optionally can return error if expired. LoadAuthorize(code string, r *http.Request) (*AuthorizeData, error) // RemoveAuthorize revokes or deletes the authorization code. RemoveAuthorize(code string, r *http.Request) error // SaveAccess writes AccessData. // If RefreshToken is not blank, it must save in a way that can be loaded using LoadRefresh. SaveAccess(d *AccessData, r *http.Request) error // LoadAccess retrieves access data by token. Client information MUST be loaded together. // AuthorizeData and AccessData DON'T NEED to be loaded if not easily available. // Optionally can return error if expired. LoadAccess(token string, r *http.Request) (*AccessData, error) // RemoveAccess revokes or deletes an AccessData. RemoveAccess(token string, r *http.Request) error // LoadRefresh retrieves refresh AccessData. Client information MUST be loaded together. // AuthorizeData and AccessData DON'T NEED to be loaded if not easily available. // Optionally can return error if expired. LoadRefresh(token string, r *http.Request) (*AccessData, error) // RemoveRefresh revokes or deletes refresh AccessData. RemoveRefresh(token string, r *http.Request) error }
Storage interface