api

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 25, 2023 License: CC0-1.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// ResponseTypeAuthorizationCode must be passed as a query parameter during a call to the authorization endpoint.
	ResponseTypeAuthorizationCode = "code"
	ResponseTypeIDToken           = "id_token"
	ResponseTypeCodeIDToken       = "code id_token"
	SessionAuthenticate           = "authenticate"
)
View Source
const (
	AccessTokenOnly = iota
	AccessTokenAndIDToken
	AccessTokenAndRefreshToken
	AccessTokenAndIDTokenAndRefreshToken
)
View Source
const (
	AuthMethodClientSecretBasic = "client_secret_basic"
	AuthMethodClientSecretPost  = "client_secret_post"
	ResponseModeFragment        = "fragment"
	ResponseModeQuery           = "query"
	SubjectTypePairwise         = "pairwise"
)
View Source
const (
	ErrInvalidClient           = "invalid_client"
	ErrInvalidGrant            = "invalid_grant"
	ErrInvalidRequest          = "invalid_request"
	ErrInvalidScope            = "invalid_scope"
	ErrServerError             = "server_error"
	ErrUnauthorizedClient      = "unauthorized_client"
	ErrUnsupportedGrantType    = "unsupported_grant_type"
	ErrUnsupportedResponseType = "unsupported_response_type"
)

https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 documents the below error codes for the client credentials flow. Note that the `server_error` is absent from the spec but has been added in the errata https://www.rfc-editor.org/errata/eid4745

View Source
const (
	AlphaNumericCharset = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
)
View Source
const DefaultWatchTime = 30 * time.Second
View Source
const (
	// ErrInvalidToken is an OIDC error code
	ErrInvalidToken = "invalid_token"
)
View Source
const (
	// HintAccessToken is the token type hint for access tokens.
	// Revoking access tokens is not supported.
	HintAccessToken = "access_token"
)
View Source
const (
	PKCECodeVerifierLength = 128
)
View Source
const (
	SessionIDQueryParameter = "s"
)
View Source
const (
	TokenTypeBearer = "Bearer"
)

Variables

This section is empty.

Functions

func GeneratePKCECodeChallenge

func GeneratePKCECodeChallenge(codeVerifier string) string

GeneratePKCECodeChallenge generates a PKCE code challenge.

func GeneratePKCECodeVerifier

func GeneratePKCECodeVerifier() (string, error)

GeneratePKCECodeVerifier generates a PKCE code verifier (RFC 7636).

func ReusableReader

func ReusableReader(r io.Reader) (io.Reader, error)

ReusableReader takes the given reader and instantiates a new reusable reader.

Types

type API

type API struct {
	Config *config.Config

	Echo *echo.Echo

	Prometheus *Prometheus
	// contains filtered or unexported fields
}

API acts as the control plane of the project. It starts the raft backend, initialises the API and runs it.

func NewAPI

func NewAPI(appName string, opts ...Option) (*API, error)

NewAPI instantiates a new API data structure.

func NewFromFile

func NewFromFile(appName string, fileName string, logger hclog.Logger) (*API, error)

NewFromFile reads the configuration from the given filename and instantiates the API data structure.

func (*API) AuthorizationCodeTokenFlow

func (a *API) AuthorizationCodeTokenFlow(c echo.Context, payload TokenPayload) error

AuthorizationCodeTokenFlow returns the OAuth 2.0 `authorization_code` flow described in RFC6749 https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3

func (*API) AuthorizationHandler

func (a *API) AuthorizationHandler() func(echo.Context) error

func (*API) ClientCredentialsTokenFlow

func (a *API) ClientCredentialsTokenFlow(c echo.Context, payload TokenPayload) error

ClientCredentialsTokenFlow returns the OAuth 2.0 `client credentials` flow described in the RFC6749 https://datatracker.ietf.org/doc/html/rfc6749#section-4.4

func (*API) DiscoveryHandler

func (a *API) DiscoveryHandler() func(ctx echo.Context) error

func (*API) GetCredentialsHandler

func (a *API) GetCredentialsHandler() func(echo.Context) error

func (*API) GetLoginHandler

func (a *API) GetLoginHandler() func(ctx echo.Context) error

func (*API) HTTPAddress

func (a *API) HTTPAddress() (string, error)

func (*API) HealthHandler

func (a *API) HealthHandler() func(echo.Context) error

func (*API) Initialise

func (a *API) Initialise() error

Initialise initialises the API.

func (*API) JWKSHandler

func (a *API) JWKSHandler() func(c echo.Context) error

func (*API) LoginSuccessHandler

func (a *API) LoginSuccessHandler() func(echo.Context) error

func (*API) MetricsHandler

func (a *API) MetricsHandler() func(c echo.Context) error

MetricsHandler is the handler that serves the Prometheus handler.

func (*API) PostLoginHandler

func (a *API) PostLoginHandler() func(echo.Context) error

func (*API) RaftStateHandler

func (a *API) RaftStateHandler() func(c echo.Context) error

RaftStateHandler returns the current raft state.

func (*API) RefreshTokenFlow

func (a *API) RefreshTokenFlow(c echo.Context, payload TokenPayload) error

func (*API) ResumeAuthorizationHandler

func (a *API) ResumeAuthorizationHandler() func(echo.Context) error

func (*API) RotateCredentialsHandler

func (a *API) RotateCredentialsHandler() func(echo.Context) error

func (*API) Run

func (a *API) Run(address string) error

Run runs the API over the given address.

func (*API) Shutdown

func (a *API) Shutdown(ctx context.Context) error

Shutdown shuts down the API.

func (*API) TokenHandler

func (a *API) TokenHandler() func(echo.Context) error

func (*API) TokenRevocationHandler

func (a *API) TokenRevocationHandler() func(ctx echo.Context) error

func (*API) UserInfoHandler

func (a *API) UserInfoHandler() func(ctx echo.Context) error

func (*API) Validate

func (a *API) Validate() error

Validate validates the API.

func (*API) Watch

func (a *API) Watch()

Watch watches the configuration file for changes and attempts to apply the configuration.

type AuthorizationContext

type AuthorizationContext struct {
	Client              *model.OAuthClient
	CodeChallenge       string
	CodeChallengeMethod string
	Grant               *model.CodeGrant
	GrantedScopes       string
	Nonce               string
	RedirectURI         *url.URL
	Server              *model.OAuthServer
}

AuthorizationContext is the context of the authorization request.

type AuthorizationErrorResponse

type AuthorizationErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
	ErrorURI         string `json:"error_uri,omitempty"`
}

type AuthorizationFailedData

type AuthorizationFailedData struct {
	ErrorTitle       string
	ErrorDescription string
}

type CredentialsErrorResponse

type CredentialsErrorResponse struct {
	Error string `json:"error"`
}

CredentialsErrorResponse is the response returned by the credentials handler when an error occurs.

type CredentialsSuccessResponse

type CredentialsSuccessResponse struct {
	ID     string `json:"client_id"`
	Name   string `json:"client_name"`
	Secret string `json:"client_secret,omitempty"`
}

CredentialsSuccessResponse is the response returned by the credentials handler when successful.

type DiscoveryErrorResponse

type DiscoveryErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description,omitempty"`
}

DiscoveryErrorResponse is the response of the OpenID Connect discovery endpoint when an error occurs.

type DiscoveryResponse

type DiscoveryResponse struct {
	Issuer                            string   `json:"issuer"`
	AuthorizationEndpoint             string   `json:"authorization_endpoint"`
	TokenEndpoint                     string   `json:"token_endpoint"`
	UserInfoEndpoint                  string   `json:"userinfo_endpoint"`
	RevocationEndpoint                string   `json:"revocation_endpoint"`
	JwksURI                           string   `json:"jwks_uri"`
	ScopesSupported                   []string `json:"scopes_supported"`
	ResponseTypesSupported            []string `json:"response_types_supported"`
	ResponseModesSupported            []string `json:"response_modes_supported"`
	GrantTypesSupported               []string `json:"grant_types_supported"`
	SubjectTypesSupported             []string `json:"subject_types_supported"`
	IDTokenSigningAlgValuesSupported  []string `json:"id_token_signing_alg_values_supported"`
	UserInfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"`
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
	ClaimsSupported                   []string `json:"claims_supported"`
}

DiscoveryResponse is the response of the OpenID Connect discovery endpoint.

type GetLoginErrorResponse

type GetLoginErrorResponse struct {
	Error string `json:"error"`
}

type HealthSuccessResponse

type HealthSuccessResponse struct {
	Status string `json:"status"`
}

type JWKSErrorResponse

type JWKSErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
}

type LoginSuccessErrorResponse

type LoginSuccessErrorResponse struct {
	Error string `json:"error"`
}

type Option

type Option func(*API)

Option is used to configure the API.

func BackendStarted

func BackendStarted(started bool) Option

BackendStarted is used to tell the API if the raft backend already started. It is usually not required to configure it and is used for testing purposes.

func ShouldWatchConfig

func ShouldWatchConfig(watch bool) Option

ShouldWatchConfig tells the API whether it should watch the config for file changes. It is usually not required to configure it.

func WithBackend

func WithBackend(b *raft.Backend) Option

WithBackend sets the given raft backend on the API.

func WithConfig

func WithConfig(cfg *config.Config) Option

WithConfig sets the given config on the API.

func WithLogger

func WithLogger(logger hclog.Logger) Option

WithLogger sets the given logger on the API.

type PostLoginErrorResponse

type PostLoginErrorResponse struct {
	Error string `json:"error"`
}

type Prometheus

type Prometheus struct {
	// contains filtered or unexported fields
}

Prometheus is the data structure that holds the sink and the registry.

func InitGlobalPrometheus

func InitGlobalPrometheus(appName string) (*Prometheus, error)

InitGlobalPrometheus initialises the prometheus configuration so that metrics can be created globally across the packages.

type RaftStateResponse

type RaftStateResponse struct {
	State string `json:"state"`
}

type TokenErrorResponse

type TokenErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description,omitempty"`
	ErrorURI         string `json:"error_uri,omitempty"`
}

TokenErrorResponse is the response given by the API server when an error occurs.

type TokenPayload

type TokenPayload struct {
	Scope        string `json:"scope,omitempty"`
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret,omitempty"`
	Audience     string `json:"audience"`
	GrantType    string `json:"grant_type"`
	RedirectURI  string `json:"redirect_uri"`
	Code         string `json:"code"`
	State        string `json:"state"`
	CodeVerifier string `json:"code_verifier,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
}

TokenPayload is the payload passed to the token endpoint.

type TokenRevocationErrorResponse

type TokenRevocationErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description,omitempty"`
}

TokenRevocationErrorResponse is the response of a token revocation request when an error occurs.

type TokenRevocationPayload

type TokenRevocationPayload struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	Token        string `json:"token"`
	Hint         string `json:"token_type_hint"`
}

TokenRevocationPayload is the payload of a token revocation request.

func (TokenRevocationPayload) Validate

func (payload TokenRevocationPayload) Validate() error

Validate validates the token revocation payload.

type TokenSuccessResponse

type TokenSuccessResponse struct {
	AccessToken  string `json:"access_token"`
	IDToken      string `json:"id_token,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int    `json:"expires_in"`
	Scope        string `json:"scope"`
	TokenType    string `json:"token_type"`
}

TokenSuccessResponse is the response given by the API server when successful.

type Unmarshaler

type Unmarshaler[T any] struct {
	// contains filtered or unexported fields
}

Unmarshaler is a generic type to unmarshal a io.Reader.

func NewUnmarshaler

func NewUnmarshaler[T any](reader io.Reader) *Unmarshaler[T]

NewUnmarshaler instantiates a new Unmarshaler.

func (*Unmarshaler[T]) Unmarshal

func (u *Unmarshaler[T]) Unmarshal() (T, error)

Unmarshal takes care of unmarshaling the data into the given type T.

type UserInfoErrorResponse

type UserInfoErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL