Documentation ¶
Index ¶
- Constants
- Variables
- func IsConsentRequiredError(err error) bool
- type AccessTokenIssuer
- type AnonymousIdentityProvider
- type AnonymousUserHandler
- func (h *AnonymousUserHandler) IssuePromotionCode(ctx context.Context, req *http.Request, sessionType WebSessionType, ...) (code string, codeObj *anonymous.PromotionCode, err error)
- func (h *AnonymousUserHandler) SignupAnonymousUser(ctx context.Context, req *http.Request, clientID string, ...) (*SignupAnonymousUserResult, error)
- type AnonymousUserHandlerLogger
- type App2AppService
- type AppSessionTokenService
- type AuthenticationInfoResolver
- type AuthenticationInfoService
- type AuthorizationHandler
- func (h *AuthorizationHandler) Handle(ctx context.Context, r protocol.AuthorizationRequest) httputil.Result
- func (h *AuthorizationHandler) HandleConsentWithUserCancel(ctx context.Context, req *http.Request) httputil.Result
- func (h *AuthorizationHandler) HandleConsentWithUserConsent(ctx context.Context, req *http.Request) httputil.Result
- func (h *AuthorizationHandler) HandleConsentWithoutUserConsent(ctx context.Context, req *http.Request) (httputil.Result, *ConsentRequired)
- type AuthorizationHandlerLogger
- type AuthorizationService
- type ChallengeProvider
- type CodeGrantService
- type ConsentRequired
- type CookieManager
- type CookiesGetter
- type CreateCodeGrantOptions
- type CreateSettingsActionGrantOptions
- type EventService
- type GraphService
- type IDTokenIssuer
- type IssueOfflineGrantOptions
- type IssueOfflineGrantRefreshTokenOptions
- type IssuePreAuthenticatedURLTokenOptions
- type IssuePreAuthenticatedURLTokenResult
- type OAuthClientResolver
- type OAuthSessionService
- type PreAuthenticatedURLTokenService
- type PreAuthenticatedURLTokenServiceImpl
- func (s *PreAuthenticatedURLTokenServiceImpl) ExchangeForAccessToken(ctx context.Context, client *config.OAuthClientConfig, sessionID string, ...) (string, error)
- func (s *PreAuthenticatedURLTokenServiceImpl) IssuePreAuthenticatedURLToken(ctx context.Context, options *IssuePreAuthenticatedURLTokenOptions) (*IssuePreAuthenticatedURLTokenResult, error)
- type PromotionCodeStore
- type ProxyRedirectHandler
- type RevokeHandler
- type RevokeHandlerAccessGrantStore
- type RevokeHandlerOfflineGrantService
- type SessionManager
- type SettingsActionGrantService
- type SignupAnonymousUserResult
- type SimpleSessionLike
- type TokenGenerator
- type TokenHandler
- func (h *TokenHandler) Handle(ctx context.Context, rw http.ResponseWriter, req *http.Request, ...) httputil.Result
- func (h *TokenHandler) IssueAppSessionToken(ctx context.Context, refreshToken string) (string, *oauth.AppSessionToken, error)
- func (h *TokenHandler) IssueTokensForAuthorizationCode(ctx context.Context, client *config.OAuthClientConfig, r protocol.TokenRequest) (protocol.TokenResponse, error)
- func (h *TokenHandler) IssueTokensForSettingsActionCode(ctx context.Context, client *config.OAuthClientConfig, r protocol.TokenRequest) (protocol.TokenResponse, error)
- type TokenHandlerAppSessionTokenStore
- type TokenHandlerCodeGrantStore
- type TokenHandlerIDPSessionProvider
- type TokenHandlerLogger
- type TokenHandlerOfflineGrantService
- type TokenHandlerOfflineGrantStore
- type TokenHandlerSettingsActionGrantStore
- type TokenHandlerTokenService
- type TokenHandlerUserFacade
- type TokenService
- func (s *TokenService) IssueAccessGrant(ctx context.Context, options oauth.IssueAccessGrantOptions, ...) error
- func (s *TokenService) IssueDeviceSecret(ctx context.Context, resp protocol.TokenResponse) (deviceSecretHash string)
- func (s *TokenService) IssueOfflineGrant(ctx context.Context, client *config.OAuthClientConfig, ...) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
- func (s *TokenService) IssueRefreshTokenForOfflineGrant(ctx context.Context, offlineGrantID string, client *config.OAuthClientConfig, ...) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
- func (s *TokenService) ParseRefreshToken(ctx context.Context, token string) (authz *oauth.Authorization, offlineGrant *oauth.OfflineGrant, tokenHash string, ...)
- type UIInfoResolver
- type UIURLBuilder
- type UserProvider
- type WebSessionType
Constants ¶
View Source
const ( CodeResponseTypeElement = "code" NoneResponseTypeElement = "none" TokenResponseTypeElement = "token" SettingsActonResponseTypeElement = "urn:authgear:params:oauth:response-type:settings-action" // nolint:gosec PreAuthenticatedURLResponseTypeElement = "urn:authgear:params:oauth:response-type:pre-authenticated-url" )
View Source
const ( // nolint:gosec PreAuthenticatedURLTokenTokenType = "urn:authgear:params:oauth:token-type:pre-authenticated-url-token" // nolint:gosec IDTokenTokenType = "urn:ietf:params:oauth:token-type:id_token" // nolint:gosec DeviceSecretTokenType = "urn:x-oath:params:oauth:token-type:device-secret" )
View Source
const AppSessionTokenDuration = duration.Short
View Source
const CodeGrantValidDuration = duration.Short
View Source
const PromotionCodeDuration = duration.Short
View Source
const SettingsActionGrantValidDuration = duration.Short
Variables ¶
View Source
var ( CodeResponseType = protocol.NewResponseType([]string{CodeResponseTypeElement}) NoneResponseType = protocol.NewResponseType([]string{NoneResponseTypeElement}) TokenResponseType = protocol.NewResponseType([]string{TokenResponseTypeElement}) SettingsActonResponseType = protocol.NewResponseType([]string{SettingsActonResponseTypeElement}) PreAuthenticatedURLTokenResponseType = protocol.NewResponseType([]string{PreAuthenticatedURLResponseTypeElement, TokenResponseTypeElement}) )
View Source
var DependencySet = wire.NewSet( NewAuthorizationHandlerLogger, wire.Struct(new(AuthorizationHandler), "*"), NewTokenHandlerLogger, wire.Struct(new(TokenHandler), "*"), wire.Struct(new(RevokeHandler), "*"), NewAnonymousUserHandlerLogger, wire.Struct(new(AnonymousUserHandler), "*"), wire.Struct(new(TokenService), "*"), wire.Struct(new(CodeGrantService), "*"), wire.Struct(new(SettingsActionGrantService), "*"), wire.Struct(new(PreAuthenticatedURLTokenServiceImpl), "*"), wire.Bind(new(PreAuthenticatedURLTokenService), new(*PreAuthenticatedURLTokenServiceImpl)), wire.Struct(new(ProxyRedirectHandler), "*"), wire.Bind(new(TokenHandlerTokenService), new(*TokenService)), )
View Source
var ErrInvalidDPoPKeyBinding = protocol.NewError(dpop.InvalidDPoPProof, "Invalid DPoP key binding")
View Source
var ErrInvalidRefreshToken = protocol.NewError("invalid_grant", "invalid refresh token")
View Source
var ErrLoggedInAsNormalUser = apierrors.NewInvalid("user logged in as normal user")
View Source
var ErrUnauthenticated = apierrors.NewUnauthorized("authentication required")
Functions ¶
func IsConsentRequiredError ¶
Types ¶
type AccessTokenIssuer ¶
type AnonymousUserHandler ¶
type AnonymousUserHandler struct { AppID config.AppID OAuthConfig *config.OAuthConfig Logger AnonymousUserHandlerLogger Graphs GraphService Authorizations AuthorizationService Clock clock.Clock TokenService TokenService UserProvider UserProvider AnonymousIdentities AnonymousIdentityProvider PromotionCodes PromotionCodeStore OAuthClientResolver OAuthClientResolver }
func (*AnonymousUserHandler) IssuePromotionCode ¶
func (h *AnonymousUserHandler) IssuePromotionCode( ctx context.Context, req *http.Request, sessionType WebSessionType, refreshToken string, ) (code string, codeObj *anonymous.PromotionCode, err error)
func (*AnonymousUserHandler) SignupAnonymousUser ¶
func (h *AnonymousUserHandler) SignupAnonymousUser( ctx context.Context, req *http.Request, clientID string, sessionType WebSessionType, refreshToken string, ) (*SignupAnonymousUserResult, error)
SignupAnonymousUser return token response or api errors
type AnonymousUserHandlerLogger ¶
func NewAnonymousUserHandlerLogger ¶
func NewAnonymousUserHandlerLogger(lf *log.Factory) AnonymousUserHandlerLogger
type App2AppService ¶
type AppSessionTokenService ¶
type AuthorizationHandler ¶
type AuthorizationHandler struct { AppID config.AppID Config *config.OAuthConfig AccountDeletionConfig *config.AccountDeletionConfig HTTPConfig *config.HTTPConfig HTTPProto httputil.HTTPProto HTTPOrigin httputil.HTTPOrigin AppDomains config.AppDomains Logger AuthorizationHandlerLogger UIURLBuilder UIURLBuilder UIInfoResolver UIInfoResolver AuthenticationInfoResolver AuthenticationInfoResolver Authorizations AuthorizationService AppSessionTokenService AppSessionTokenService AuthenticationInfoService AuthenticationInfoService Clock clock.Clock Cookies CookieManager OAuthSessionService OAuthSessionService CodeGrantService CodeGrantService SettingsActionGrantService SettingsActionGrantService ClientResolver OAuthClientResolver PreAuthenticatedURLTokenService PreAuthenticatedURLTokenService IDTokenIssuer IDTokenIssuer }
func (*AuthorizationHandler) Handle ¶
func (h *AuthorizationHandler) Handle(ctx context.Context, r protocol.AuthorizationRequest) httputil.Result
func (*AuthorizationHandler) HandleConsentWithUserCancel ¶
func (*AuthorizationHandler) HandleConsentWithUserConsent ¶
func (*AuthorizationHandler) HandleConsentWithoutUserConsent ¶
func (h *AuthorizationHandler) HandleConsentWithoutUserConsent(ctx context.Context, req *http.Request) (httputil.Result, *ConsentRequired)
type AuthorizationHandlerLogger ¶
func NewAuthorizationHandlerLogger ¶
func NewAuthorizationHandlerLogger(lf *log.Factory) AuthorizationHandlerLogger
type AuthorizationService ¶
type AuthorizationService interface { GetByID(ctx context.Context, id string) (*oauth.Authorization, error) CheckAndGrant( ctx context.Context, clientID string, userID string, scopes []string, ) (*oauth.Authorization, error) Check( ctx context.Context, clientID string, userID string, scopes []string, ) (*oauth.Authorization, error) }
type ChallengeProvider ¶
type CodeGrantService ¶
type CodeGrantService struct { AppID config.AppID CodeGenerator TokenGenerator Clock clock.Clock CodeGrants oauth.CodeGrantStore }
func (*CodeGrantService) CreateCodeGrant ¶
func (s *CodeGrantService) CreateCodeGrant(ctx context.Context, opts *CreateCodeGrantOptions) (code string, grant *oauth.CodeGrant, err error)
type ConsentRequired ¶
type ConsentRequired struct { UserID string Scopes []string Client *config.OAuthClientConfig }
type CookieManager ¶
type CookiesGetter ¶
type CreateCodeGrantOptions ¶
type CreateCodeGrantOptions struct { Authorization *oauth.Authorization SessionType session.Type SessionID string AuthenticationInfo authenticationinfo.T IDTokenHintSID string RedirectURI string AuthorizationRequest protocol.AuthorizationRequest DPoPJKT string }
type CreateSettingsActionGrantOptions ¶
type CreateSettingsActionGrantOptions struct { RedirectURI string AuthorizationRequest protocol.AuthorizationRequest }
type EventService ¶
type GraphService ¶
type GraphService interface { NewGraph(ctx context.Context, interactionCtx *interaction.Context, intent interaction.Intent) (*interaction.Graph, error) DryRun(ctx context.Context, contextValue interaction.ContextValues, fn func(ctx context.Context, interactionCtx *interaction.Context) (*interaction.Graph, error)) error Run(ctx context.Context, contextValue interaction.ContextValues, graph *interaction.Graph) error Accept(ctx context.Context, interactionCtx *interaction.Context, graph *interaction.Graph, input interface{}) (*interaction.Graph, []interaction.Edge, error) }
type IDTokenIssuer ¶
type OAuthClientResolver ¶
type OAuthClientResolver interface {
ResolveClient(clientID string) *config.OAuthClientConfig
}
type OAuthSessionService ¶
type PreAuthenticatedURLTokenService ¶
type PreAuthenticatedURLTokenService interface { IssuePreAuthenticatedURLToken( ctx context.Context, options *IssuePreAuthenticatedURLTokenOptions, ) (*IssuePreAuthenticatedURLTokenResult, error) ExchangeForAccessToken( ctx context.Context, client *config.OAuthClientConfig, sessionID string, token string, ) (string, error) }
type PreAuthenticatedURLTokenServiceImpl ¶
type PreAuthenticatedURLTokenServiceImpl struct { Clock clock.Clock PreAuthenticatedURLTokens oauth.PreAuthenticatedURLTokenStore AccessGrantService oauth.PreAuthenticatedURLTokenAccessGrantService OfflineGrantService oauth.PreAuthenticatedURLTokenOfflineGrantService }
func (*PreAuthenticatedURLTokenServiceImpl) ExchangeForAccessToken ¶
func (s *PreAuthenticatedURLTokenServiceImpl) ExchangeForAccessToken( ctx context.Context, client *config.OAuthClientConfig, sessionID string, token string, ) (string, error)
func (*PreAuthenticatedURLTokenServiceImpl) IssuePreAuthenticatedURLToken ¶
func (s *PreAuthenticatedURLTokenServiceImpl) IssuePreAuthenticatedURLToken( ctx context.Context, options *IssuePreAuthenticatedURLTokenOptions, ) (*IssuePreAuthenticatedURLTokenResult, error)
type PromotionCodeStore ¶
type PromotionCodeStore interface {
CreatePromotionCode(ctx context.Context, code *anonymous.PromotionCode) error
}
type ProxyRedirectHandler ¶
type ProxyRedirectHandler struct { OAuthConfig *config.OAuthConfig HTTPOrigin httputil.HTTPOrigin HTTPProto httputil.HTTPProto AppDomains config.AppDomains }
func (*ProxyRedirectHandler) Validate ¶
func (h *ProxyRedirectHandler) Validate(redirectURIWithQuery string) error
type RevokeHandler ¶
type RevokeHandler struct { SessionManager SessionManager OfflineGrantService RevokeHandlerOfflineGrantService AccessGrants RevokeHandlerAccessGrantStore }
func (*RevokeHandler) Handle ¶
func (h *RevokeHandler) Handle(ctx context.Context, r protocol.RevokeRequest) error
type SessionManager ¶
type SettingsActionGrantService ¶
type SettingsActionGrantService struct { AppID config.AppID CodeGenerator TokenGenerator Clock clock.Clock SettingsActionGrants oauth.SettingsActionGrantStore }
func (*SettingsActionGrantService) CreateSettingsActionGrant ¶
func (s *SettingsActionGrantService) CreateSettingsActionGrant(ctx context.Context, opts *CreateSettingsActionGrantOptions) (code string, grant *oauth.SettingsActionGrant, err error)
type SimpleSessionLike ¶
type SimpleSessionLike struct { ID string GrantSessionKind oauth.GrantSessionKind }
func (SimpleSessionLike) SessionID ¶
func (s SimpleSessionLike) SessionID() string
func (SimpleSessionLike) SessionType ¶
func (s SimpleSessionLike) SessionType() session.Type
type TokenGenerator ¶
type TokenGenerator func() string
type TokenHandler ¶
type TokenHandler struct { AppID config.AppID AppDomains config.AppDomains HTTPProto httputil.HTTPProto HTTPOrigin httputil.HTTPOrigin OAuthFeatureConfig *config.OAuthFeatureConfig IdentityFeatureConfig *config.IdentityFeatureConfig OAuthClientCredentials *config.OAuthClientCredentials Logger TokenHandlerLogger Authorizations AuthorizationService CodeGrants TokenHandlerCodeGrantStore SettingsActionGrantStore TokenHandlerSettingsActionGrantStore IDPSessions TokenHandlerIDPSessionProvider OfflineGrants TokenHandlerOfflineGrantStore AppSessionTokens TokenHandlerAppSessionTokenStore OfflineGrantService TokenHandlerOfflineGrantService PreAuthenticatedURLTokenService PreAuthenticatedURLTokenService Graphs GraphService IDTokenIssuer IDTokenIssuer Clock clock.Clock TokenService TokenHandlerTokenService Events EventService SessionManager SessionManager App2App App2AppService Challenges ChallengeProvider CodeGrantService CodeGrantService ClientResolver OAuthClientResolver UIInfoResolver UIInfoResolver RemoteIP httputil.RemoteIP UserAgentString httputil.UserAgentString }
func (*TokenHandler) Handle ¶
func (h *TokenHandler) Handle(ctx context.Context, rw http.ResponseWriter, req *http.Request, r protocol.TokenRequest) httputil.Result
func (*TokenHandler) IssueAppSessionToken ¶
func (h *TokenHandler) IssueAppSessionToken(ctx context.Context, refreshToken string) (string, *oauth.AppSessionToken, error)
func (*TokenHandler) IssueTokensForAuthorizationCode ¶
func (h *TokenHandler) IssueTokensForAuthorizationCode( ctx context.Context, client *config.OAuthClientConfig, r protocol.TokenRequest, ) (protocol.TokenResponse, error)
nolint:gocognit
func (*TokenHandler) IssueTokensForSettingsActionCode ¶
func (h *TokenHandler) IssueTokensForSettingsActionCode( ctx context.Context, client *config.OAuthClientConfig, r protocol.TokenRequest, ) (protocol.TokenResponse, error)
nolint:gocognit
type TokenHandlerAppSessionTokenStore ¶
type TokenHandlerAppSessionTokenStore interface {
CreateAppSessionToken(ctx context.Context, t *oauth.AppSessionToken) error
}
type TokenHandlerIDPSessionProvider ¶
type TokenHandlerIDPSessionProvider interface {
Get(ctx context.Context, id string) (*idpsession.IDPSession, error)
}
type TokenHandlerLogger ¶
func NewTokenHandlerLogger ¶
func NewTokenHandlerLogger(lf *log.Factory) TokenHandlerLogger
type TokenHandlerOfflineGrantStore ¶
type TokenHandlerOfflineGrantStore interface { DeleteOfflineGrant(ctx context.Context, g *oauth.OfflineGrant) error UpdateOfflineGrantDeviceInfo(ctx context.Context, id string, deviceInfo map[string]interface{}, expireAt time.Time) (*oauth.OfflineGrant, error) UpdateOfflineGrantAuthenticatedAt(ctx context.Context, id string, authenticatedAt time.Time, expireAt time.Time) (*oauth.OfflineGrant, error) UpdateOfflineGrantApp2AppDeviceKey(ctx context.Context, id string, newKey string, expireAt time.Time) (*oauth.OfflineGrant, error) UpdateOfflineGrantDeviceSecretHash( ctx context.Context, grantID string, newDeviceSecretHash string, dpopJKT string, expireAt time.Time) (*oauth.OfflineGrant, error) ListOfflineGrants(ctx context.Context, userID string) ([]*oauth.OfflineGrant, error) ListClientOfflineGrants(ctx context.Context, clientID string, userID string) ([]*oauth.OfflineGrant, error) }
type TokenHandlerTokenService ¶
type TokenHandlerTokenService interface { ParseRefreshToken(ctx context.Context, token string) (authz *oauth.Authorization, offlineGrant *oauth.OfflineGrant, tokenHash string, err error) IssueAccessGrant( ctx context.Context, options oauth.IssueAccessGrantOptions, resp protocol.TokenResponse, ) error IssueOfflineGrant( ctx context.Context, client *config.OAuthClientConfig, opts IssueOfflineGrantOptions, resp protocol.TokenResponse, ) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error) IssueRefreshTokenForOfflineGrant( ctx context.Context, offlineGrantID string, client *config.OAuthClientConfig, opts IssueOfflineGrantRefreshTokenOptions, resp protocol.TokenResponse, ) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error) IssueDeviceSecret(ctx context.Context, resp protocol.TokenResponse) (deviceSecretHash string) }
type TokenHandlerUserFacade ¶
type TokenService ¶
type TokenService struct { RemoteIP httputil.RemoteIP UserAgentString httputil.UserAgentString AppID config.AppID Config *config.OAuthConfig Authorizations oauth.AuthorizationStore OfflineGrants oauth.OfflineGrantStore AccessGrants oauth.AccessGrantStore OfflineGrantService oauth.OfflineGrantService AccessEvents *access.EventProvider AccessTokenIssuer AccessTokenIssuer GenerateToken TokenGenerator Clock clock.Clock Users TokenHandlerUserFacade AccessGrantService oauth.AccessGrantService }
func (*TokenService) IssueAccessGrant ¶
func (s *TokenService) IssueAccessGrant( ctx context.Context, options oauth.IssueAccessGrantOptions, resp protocol.TokenResponse, ) error
func (*TokenService) IssueDeviceSecret ¶
func (s *TokenService) IssueDeviceSecret(ctx context.Context, resp protocol.TokenResponse) (deviceSecretHash string)
func (*TokenService) IssueOfflineGrant ¶
func (s *TokenService) IssueOfflineGrant( ctx context.Context, client *config.OAuthClientConfig, opts IssueOfflineGrantOptions, resp protocol.TokenResponse, ) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
func (*TokenService) IssueRefreshTokenForOfflineGrant ¶
func (s *TokenService) IssueRefreshTokenForOfflineGrant( ctx context.Context, offlineGrantID string, client *config.OAuthClientConfig, opts IssueOfflineGrantRefreshTokenOptions, resp protocol.TokenResponse, ) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
func (*TokenService) ParseRefreshToken ¶
func (s *TokenService) ParseRefreshToken(ctx context.Context, token string) ( authz *oauth.Authorization, offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
type UIInfoResolver ¶
type UIInfoResolver interface {
ResolveForAuthorizationEndpoint(ctx context.Context, client *config.OAuthClientConfig, req protocol.AuthorizationRequest) (*oidc.UIInfo, *oidc.UIInfoByProduct, error)
}
type UIURLBuilder ¶
type UIURLBuilder interface { BuildAuthenticationURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error) BuildSettingsActionURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error) }
type UserProvider ¶
type WebSessionType ¶
type WebSessionType string
const ( WebSessionTypeCookie WebSessionType = "cookie" WebSessionTypeRefreshToken WebSessionType = "refresh_token" )
Source Files ¶
- authz.go
- deps.go
- funcs.go
- handler_anonymous_user.go
- handler_authz.go
- handler_proxy_redirect.go
- handler_revoke.go
- handler_token.go
- interaction.go
- resolve.go
- result_authz.go
- result_token.go
- service_app_initiated_sso_to_web.go
- service_code_grant.go
- service_settings_action_grant.go
- service_token.go
- web_session_type.go
Click to show internal directories.
Click to hide internal directories.