oauth

package
v0.0.0-...-ee57881 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 20, 2024 License: Apache-2.0 Imports: 40 Imported by: 1

Documentation

Index

Constants

View Source 
const DeviceSSOScope = "device_sso"
View Source 
const FullAccessScope = "https://authgear.com/scopes/full-access"
View Source 
const FullUserInfoScope = "https://authgear.com/scopes/full-userinfo"
View Source 
const OfflineAccess = "offline_access"
View Source 
const PreAuthenticatedURLScope = "https://authgear.com/scopes/pre-authenticated-url"
View Source 
const (
	PreAuthenticatedURLTokenLifetime = duration.Short
)

Variables

View Source 
var ClientLikeNotFound = &ClientLike{
	IsFirstParty:        false,
	PIIAllowedInIDToken: false,
}
View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(MetadataProvider), "*"),
	wire.Struct(new(Resolver), "*"),
	wire.Struct(new(SessionManager), "*"),
	wire.Struct(new(OfflineGrantService), "*"),
	wire.Struct(new(PromptResolver), "*"),

	wire.Struct(new(AccessTokenEncoding), "*"),
	wire.Bind(new(AccessTokenDecoder), new(*AccessTokenEncoding)),
	wire.Struct(new(AuthorizationService), "*"),
	wire.Bind(new(OfflineGrantSessionManager), new(*SessionManager)),

	wire.Struct(new(AppSessionTokenService), "*"),
	wire.Bind(new(AppSessionTokenServiceOfflineGrantService), new(*OfflineGrantService)),

	wire.Struct(new(AccessGrantService), "*"),

	wire.Bind(new(PreAuthenticatedURLTokenAccessGrantService), new(*AccessGrantService)),
	wire.Bind(new(PreAuthenticatedURLTokenOfflineGrantService), new(*OfflineGrantService)),
)
View Source 
var ErrAuthorizationNotFound = errors.New("oauth authorization not found")
View Source 
var ErrAuthorizationScopesNotGranted = errors.New("oauth authorization scopes not granted")
View Source 
var ErrGrantNotFound = errors.New("oauth grant not found")
View Source 
var ErrUnmatchedClient = errors.New("unmatched client ID")
View Source 
var ErrUnmatchedSession = errors.New("unmatched session ID")

Functions

func ContainsAllScopes 

func ContainsAllScopes(scopes []string, shouldContainsScopes []string) bool

func DecodeRefreshToken 

func DecodeRefreshToken(encodedToken string) (token string, grantID string, err error)

func EncodeRefreshToken 

func EncodeRefreshToken(token string, grantID string) string

func FormPost 

func FormPost(w http.ResponseWriter, r *http.Request, redirectURI *url.URL, response map[string]string)

func GenerateToken 

func GenerateToken() string

func HTMLRedirect 

func HTMLRedirect(rw http.ResponseWriter, r *http.Request, redirectURI string)

func HashToken 

func HashToken(token string) string

func RequireScope 

func RequireScope(scopes ...string) func(http.Handler) http.Handler

RequireScope allow request to pass if session contains one of the required scopes. If there is no required scopes, only validity of session is checked.

func SessionScopes 

func SessionScopes(s session.ResolvedSession) []string

func WriteResponse 

func WriteResponse(w http.ResponseWriter, r *http.Request, redirectURI *url.URL, responseMode string, response map[string]string)

Types

type AccessGrant 

type AccessGrant struct {
	AppID           string           `json:"app_id"`
	AuthorizationID string           `json:"authz_id"`
	SessionID       string           `json:"session_id"`
	SessionKind     GrantSessionKind `json:"session_kind"`

	CreatedAt time.Time `json:"created_at"`
	ExpireAt  time.Time `json:"expire_at"`
	Scopes    []string  `json:"scopes"`
	TokenHash string    `json:"token_hash"`
	// Only exist when session_kind is offline_grant
	RefreshTokenHash string `json:"refresh_token_hash"`
}

type AccessGrantService 

type AccessGrantService struct {
	AppID config.AppID

	AccessGrants      AccessGrantStore
	AccessTokenIssuer AccessTokenEncoding
	Clock             clock.Clock
}

func (*AccessGrantService) IssueAccessGrant 

func (s *AccessGrantService) IssueAccessGrant(
	ctx context.Context,
	client *config.OAuthClientConfig,
	scopes []string,
	authzID string,
	userID string,
	sessionID string,
	sessionKind GrantSessionKind,
	refreshTokenHash string,
) (*IssueAccessGrantResult, error)

type AccessGrantStore 

type AccessGrantStore interface {
	GetAccessGrant(ctx context.Context, tokenHash string) (*AccessGrant, error)
	CreateAccessGrant(ctx context.Context, g *AccessGrant) error
	DeleteAccessGrant(ctx context.Context, g *AccessGrant) error
}

type AccessTokenDecoder 

type AccessTokenDecoder interface {
	DecodeAccessToken(encodedToken string) (tok string, isHash bool, err error)
}

type AccessTokenEncoding 

type AccessTokenEncoding struct {
	Secrets       *config.OAuthKeyMaterials
	Clock         clock.Clock
	IDTokenIssuer IDTokenIssuer
	BaseURL       BaseURLProvider
	Events        EventService
	Identities    AccessTokenEncodingIdentityService
}

func (*AccessTokenEncoding) DecodeAccessToken 

func (e *AccessTokenEncoding) DecodeAccessToken(encodedToken string) (tok string, isHash bool, err error)

func (*AccessTokenEncoding) EncodeAccessToken 

func (e *AccessTokenEncoding) EncodeAccessToken(ctx context.Context, client *config.OAuthClientConfig, clientLike *ClientLike, grant *AccessGrant, userID string, token string) (string, error)

type AccessTokenEncodingIdentityService 

type AccessTokenEncodingIdentityService interface {
	ListIdentitiesThatHaveStandardAttributes(ctx context.Context, userID string) ([]*identity.Info, error)
}

type AppSession 

type AppSession struct {
	AppID          string `json:"app_id"`
	OfflineGrantID string `json:"offline_grant_id"`

	CreatedAt        time.Time `json:"created_at"`
	ExpireAt         time.Time `json:"expire_at"`
	TokenHash        string    `json:"token_hash"`
	RefreshTokenHash string    `json:"refresh_token_hash"`
}

type AppSessionStore 

type AppSessionStore interface {
	GetAppSession(ctx context.Context, tokenHash string) (*AppSession, error)
	CreateAppSession(ctx context.Context, s *AppSession) error
	DeleteAppSession(ctx context.Context, s *AppSession) error
}

type AppSessionToken 

type AppSessionToken struct {
	AppID          string `json:"app_id"`
	OfflineGrantID string `json:"offline_grant_id"`

	CreatedAt        time.Time `json:"created_at"`
	ExpireAt         time.Time `json:"expire_at"`
	TokenHash        string    `json:"token_hash"`
	RefreshTokenHash string    `json:"refresh_token_hash"`
}

type AppSessionTokenInput 

type AppSessionTokenInput struct {
	AppSessionToken string
	RedirectURI     string
}

type AppSessionTokenService 

type AppSessionTokenService struct {
	AppSessions         AppSessionStore
	AppSessionTokens    AppSessionTokenStore
	OfflineGrantService AppSessionTokenServiceOfflineGrantService
	Cookies             AppSessionTokenServiceCookieManager
	Clock               clock.Clock
}

func (*AppSessionTokenService) Exchange 

func (s *AppSessionTokenService) Exchange(ctx context.Context, appSessionToken string) (string, error)

func (*AppSessionTokenService) Handle 

func (s *AppSessionTokenService) Handle(ctx context.Context, input AppSessionTokenInput) (httputil.Result, error)

type AppSessionTokenServiceCookieManager 

type AppSessionTokenServiceCookieManager interface {
	ValueCookie(def *httputil.CookieDef, value string) *http.Cookie
}

type AppSessionTokenServiceOfflineGrantService 

type AppSessionTokenServiceOfflineGrantService interface {
	GetOfflineGrant(ctx context.Context, id string) (*OfflineGrant, error)
}

type AppSessionTokenStore 

type AppSessionTokenStore interface {
	GetAppSessionToken(ctx context.Context, tokenHash string) (*AppSessionToken, error)
	CreateAppSessionToken(ctx context.Context, t *AppSessionToken) error
	DeleteAppSessionToken(ctx context.Context, t *AppSessionToken) error
}

type Authorization 

type Authorization struct {
	ID        string
	AppID     string
	ClientID  string
	UserID    string
	CreatedAt time.Time
	UpdatedAt time.Time
	Scopes    []string
}

func ApplyAuthorizationFilters 

func ApplyAuthorizationFilters(authzs []*Authorization, filters ...AuthorizationFilter) (out []*Authorization)

func (Authorization) IsAuthorized 

func (z Authorization) IsAuthorized(scopes []string) bool

func (Authorization) ToAPIModel 

func (z Authorization) ToAPIModel() *model.Authorization

func (Authorization) WithScopesAdded 

func (z Authorization) WithScopesAdded(scopes []string) *Authorization

type AuthorizationFilter 

type AuthorizationFilter interface {
	Keep(authz *Authorization) bool
}

type AuthorizationFilterFunc 

type AuthorizationFilterFunc func(a *Authorization) bool

func (AuthorizationFilterFunc) Keep 

func (f AuthorizationFilterFunc) Keep(a *Authorization) bool

type AuthorizationService 

type AuthorizationService struct {
	AppID               config.AppID
	Store               AuthorizationStore
	Clock               clock.Clock
	OAuthSessionManager OfflineGrantSessionManager
	OfflineGrantService *OfflineGrantService
	OfflineGrantStore   OfflineGrantStore
}

func (*AuthorizationService) Check 

func (s *AuthorizationService) Check(
	ctx context.Context,
	clientID string,
	userID string,
	scopes []string,
) (*Authorization, error)

func (*AuthorizationService) CheckAndGrant 

func (s *AuthorizationService) CheckAndGrant(
	ctx context.Context,
	clientID string,
	userID string,
	scopes []string,
) (*Authorization, error)

func (*AuthorizationService) Delete 

func (s *AuthorizationService) Delete(ctx context.Context, a *Authorization) error

func (*AuthorizationService) GetByID 

func (s *AuthorizationService) GetByID(ctx context.Context, id string) (*Authorization, error)

func (*AuthorizationService) ListByUser 

func (s *AuthorizationService) ListByUser(ctx context.Context, userID string, filters ...AuthorizationFilter) ([]*Authorization, error)

type AuthorizationStore 

type AuthorizationStore interface {
	Get(ctx context.Context, userID, clientID string) (*Authorization, error)
	GetByID(ctx context.Context, id string) (*Authorization, error)
	ListByUserID(ctx context.Context, userID string) ([]*Authorization, error)
	Create(ctx context.Context, a *Authorization) error
	Delete(ctx context.Context, a *Authorization) error
	ResetAll(ctx context.Context, userID string) error
	UpdateScopes(ctx context.Context, a *Authorization) error
}

type BaseURLProvider 

type BaseURLProvider interface {
	Origin() *url.URL
}

type ClientLike 

type ClientLike struct {
	IsFirstParty        bool
	PIIAllowedInIDToken bool
	Scopes              []string
}

func ClientClientLike 

func ClientClientLike(client *config.OAuthClientConfig, scopes []string) *ClientLike

func SessionClientLike 

func SessionClientLike(s session.ResolvedSession, clientResolver OAuthClientResolver) *ClientLike

type CodeGrant 

type CodeGrant struct {
	AppID              string               `json:"app_id"`
	AuthorizationID    string               `json:"authz_id"`
	AuthenticationInfo authenticationinfo.T `json:"authentication_info"`
	IDTokenHintSID     string               `json:"id_token_hint_sid"`

	CreatedAt time.Time `json:"created_at"`
	ExpireAt  time.Time `json:"expire_at"`
	CodeHash  string    `json:"code_hash"`
	DPoPJKT   string    `json:"dpop_jkt"`

	RedirectURI          string                        `json:"redirect_uri"`
	AuthorizationRequest protocol.AuthorizationRequest `json:"authorization_request"`
}

func (*CodeGrant) MatchDPoPJKT 

func (g *CodeGrant) MatchDPoPJKT(proof *dpop.DPoPProof) bool

type CodeGrantStore 

type CodeGrantStore interface {
	GetCodeGrant(ctx context.Context, codeHash string) (*CodeGrant, error)
	CreateCodeGrant(ctx context.Context, g *CodeGrant) error
	DeleteCodeGrant(ctx context.Context, g *CodeGrant) error
}

type CreateNewRefreshTokenResult 

type CreateNewRefreshTokenResult struct {
	Token     string
	TokenHash string
}

type EndpointsProvider 

type EndpointsProvider interface {
	AuthorizeEndpointURL() *url.URL
	ConsentEndpointURL() *url.URL
	TokenEndpointURL() *url.URL
	RevokeEndpointURL() *url.URL
}

type EventService 

type EventService interface {
	DispatchEventOnCommit(ctx context.Context, payload event.Payload) error
}

type GrantSessionKind 

type GrantSessionKind string
const (
	GrantSessionKindOffline GrantSessionKind = "offline_grant"
	GrantSessionKindSession GrantSessionKind = "idp_session"
)

type IDTokenIssuer 

type IDTokenIssuer interface {
	Iss() string
	PopulateUserClaimsInIDToken(ctx context.Context, token jwt.Token, userID string, clientLike *ClientLike) error
}

type IssueAccessGrantResult 

type IssueAccessGrantResult struct {
	Token     string
	TokenType string
	ExpiresIn int
}

type KeepThirdPartyAuthorizationFilter 

type KeepThirdPartyAuthorizationFilter struct {
	ThirdPartyClientIDSet setutil.Set[string]
}

func NewKeepThirdPartyAuthorizationFilter 

func NewKeepThirdPartyAuthorizationFilter(oauthConfig *config.OAuthConfig) *KeepThirdPartyAuthorizationFilter

func (*KeepThirdPartyAuthorizationFilter) Keep 

func (f *KeepThirdPartyAuthorizationFilter) Keep(authz *Authorization) bool

type LoginHint 

type LoginHint struct {
	Type    LoginHintType
	Enforce bool

	// Specific to LoginHintTypeAnonymous
	PromotionCode string
	JWT           string

	// Specific to LoginHintTypeAppSessionToken
	AppSessionToken string

	// Specific to LoginHintTypeLoginID
	LoginIDEmail    string
	LoginIDUsername string
	LoginIDPhone    string
}

func ParseLoginHint 

func ParseLoginHint(s string) (*LoginHint, error)

func (*LoginHint) String 

func (h *LoginHint) String() string

type LoginHintType 

type LoginHintType string
const (
	LoginHintTypeAnonymous LoginHintType = "anonymous"
	// nolint: gosec
	LoginHintTypeAppSessionToken LoginHintType = "app_session_token"
	LoginHintTypeLoginID         LoginHintType = "login_id"
)

type MetadataProvider 

type MetadataProvider struct {
	Endpoints EndpointsProvider
}

func (*MetadataProvider) PopulateMetadata 

func (p *MetadataProvider) PopulateMetadata(meta map[string]interface{})

type OAuthClientResolver 

type OAuthClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type OfflineGrant 

type OfflineGrant struct {
	AppID           string `json:"app_id"`
	ID              string `json:"id"`
	InitialClientID string `json:"client_id"`
	// IDPSessionID refers to the IDP session.
	IDPSessionID string `json:"idp_session_id,omitempty"`
	// IdentityID refers to the identity.
	// It is only set for biometric authentication.
	IdentityID string `json:"identity_id,omitempty"`

	CreatedAt       time.Time `json:"created_at"`
	AuthenticatedAt time.Time `json:"authenticated_at"`

	Attrs      session.Attrs `json:"attrs"`
	AccessInfo access.Info   `json:"access_info"`

	DeviceInfo map[string]interface{} `json:"device_info,omitempty"`

	SSOEnabled bool `json:"sso_enabled,omitempty"`

	App2AppDeviceKeyJWKJSON string `json:"app2app_device_key_jwk_json"`
	DeviceSecretHash        string `json:"device_secret_hash"`
	DeviceSecretDPoPJKT     string `json:"device_secret_dpop_jkt"`

	RefreshTokens []OfflineGrantRefreshToken `json:"refresh_tokens,omitempty"`

	ParticipatedSAMLServiceProviderIDs []string `json:"participated_saml_service_provider_ids,omitempty"`

	// Readonly fields for backward compatibility.
	// Write these fields in OfflineGrantRefreshToken
	Deprecated_AuthorizationID string   `json:"authz_id"`
	Deprecated_Scopes          []string `json:"scopes"`
	Deprecated_TokenHash       string   `json:"token_hash"`

	// ExpireAtForResolvedSession is a transient field that tells when the session will exire at, computed now.
	// Note that ExpireAtForResolvedSession will keep changing if idle timeout is enabled.
	// This is NOT supposed to be stored, hence it is json-ignored.
	ExpireAtForResolvedSession time.Time `json:"-"`
}

func (*OfflineGrant) EqualSession 

func (g *OfflineGrant) EqualSession(ss session.SessionBase) bool

func (*OfflineGrant) GetAccessInfo 

func (g *OfflineGrant) GetAccessInfo() *access.Info

func (*OfflineGrant) GetAllRemovableTokenHashesExcludeClientIDs 

func (g *OfflineGrant) GetAllRemovableTokenHashesExcludeClientIDs(
	clientIDs []string) (tokenHashes []string, shouldRemoveOfflinegrant bool)

func (*OfflineGrant) GetAuthenticatedAt 

func (g *OfflineGrant) GetAuthenticatedAt() time.Time

func (*OfflineGrant) GetAuthenticationInfo 

func (g *OfflineGrant) GetAuthenticationInfo() authenticationinfo.T

func (*OfflineGrant) GetCreatedAt 

func (g *OfflineGrant) GetCreatedAt() time.Time

func (*OfflineGrant) GetDeviceInfo 

func (g *OfflineGrant) GetDeviceInfo() (map[string]interface{}, bool)

func (*OfflineGrant) GetOIDCAMR 

func (g *OfflineGrant) GetOIDCAMR() ([]string, bool)

func (*OfflineGrant) GetParticipatedSAMLServiceProviderIDsSet 

func (s *OfflineGrant) GetParticipatedSAMLServiceProviderIDsSet() setutil.Set[string]

func (*OfflineGrant) GetRemovableTokenHashesByAuthorizationID 

func (g *OfflineGrant) GetRemovableTokenHashesByAuthorizationID(
	authorizationID string) (tokenHashes []string, shouldRemoveOfflinegrant bool)

func (*OfflineGrant) GetScopes 

func (g *OfflineGrant) GetScopes(clientID string) []string

func (*OfflineGrant) GetUserID 

func (g *OfflineGrant) GetUserID() string

func (*OfflineGrant) HasAllScopes 

func (g *OfflineGrant) HasAllScopes(clientID string, requiredScopes []string) bool

func (*OfflineGrant) HasClientID 

func (g *OfflineGrant) HasClientID(clientID string) bool

func (*OfflineGrant) HasValidTokens 

func (g *OfflineGrant) HasValidTokens() bool

func (*OfflineGrant) IsOnlyUsedInClientIDs 

func (g *OfflineGrant) IsOnlyUsedInClientIDs(clientIDs []string) bool

func (*OfflineGrant) IsSameSSOGroup 

func (g *OfflineGrant) IsSameSSOGroup(ss session.SessionBase) bool

IsSameSSOGroup returns true when the session argument - is the same offline grant - is idp session in the same sso group (current offline grant needs to be sso enabled) - is offline grant in the same sso group (current offline grant needs to be sso enabled)

func (*OfflineGrant) ListableSession 

func (g *OfflineGrant) ListableSession()

func (*OfflineGrant) MatchDeviceSecretDPoPJKT 

func (g *OfflineGrant) MatchDeviceSecretDPoPJKT(proof *dpop.DPoPProof) bool

func (*OfflineGrant) MatchHash 

func (g *OfflineGrant) MatchHash(refreshTokenHash string) bool

func (*OfflineGrant) SSOGroupIDPSessionID 

func (g *OfflineGrant) SSOGroupIDPSessionID() string

func (*OfflineGrant) SessionID 

func (g *OfflineGrant) SessionID() string

func (*OfflineGrant) SessionType 

func (g *OfflineGrant) SessionType() session.Type

func (*OfflineGrant) ToAPIModel 

func (g *OfflineGrant) ToAPIModel() *model.Session

func (*OfflineGrant) ToSession 

func (g *OfflineGrant) ToSession(refreshTokenHash string) (*OfflineGrantSession, bool)

type OfflineGrantRefreshToken 

type OfflineGrantRefreshToken struct {
	TokenHash       string    `json:"token_hash"`
	ClientID        string    `json:"client_id"`
	CreatedAt       time.Time `json:"created_at"`
	Scopes          []string  `json:"scopes"`
	AuthorizationID string    `json:"authz_id"`
	DPoPJKT         string    `json:"dpop_jkt"`
}

type OfflineGrantService 

type OfflineGrantService struct {
	OAuthConfig    *config.OAuthConfig
	Clock          clock.Clock
	IDPSessions    ServiceIDPSessionProvider
	ClientResolver OAuthClientResolver
	AccessEvents   OfflineGrantServiceAccessEventProvider
	MeterService   OfflineGrantServiceMeterService

	OfflineGrants OfflineGrantStore
}

func (*OfflineGrantService) AccessOfflineGrant 

func (s *OfflineGrantService) AccessOfflineGrant(ctx context.Context, grantID string, accessEvent *access.Event, expireAt time.Time) (*OfflineGrant, error)

AccessOfflineGrant accesses oauth offline grant with 3 targeted side effects 1. set grant.AccessInfo.LastAccess to new accessEvent (inside UpdateOfflineGrantLastAccess) 2. call RecordAccess 3. call TrackActiveUser

func (*OfflineGrantService) AddSAMLServiceProviderParticipant 

func (s *OfflineGrantService) AddSAMLServiceProviderParticipant(
	ctx context.Context,
	grant *OfflineGrant,
	serviceProviderID string,
) (*OfflineGrant, error)

func (*OfflineGrantService) CheckSessionExpired 

func (s *OfflineGrantService) CheckSessionExpired(session *OfflineGrant) (bool, time.Time, error)

func (*OfflineGrantService) ComputeOfflineGrantExpiry 

func (s *OfflineGrantService) ComputeOfflineGrantExpiry(session *OfflineGrant) (expiry time.Time, err error)

func (*OfflineGrantService) CreateNewRefreshToken 

func (s *OfflineGrantService) CreateNewRefreshToken(
	ctx context.Context,
	grant *OfflineGrant,
	clientID string,
	scopes []string,
	authorizationID string,
	dpopJKT string,
) (*CreateNewRefreshTokenResult, *OfflineGrant, error)

func (*OfflineGrantService) GetOfflineGrant 

func (s *OfflineGrantService) GetOfflineGrant(ctx context.Context, id string) (*OfflineGrant, error)

type OfflineGrantServiceAccessEventProvider 

type OfflineGrantServiceAccessEventProvider interface {
	RecordAccess(ctx context.Context, sessionID string, expiry time.Time, event *access.Event) error
}

type OfflineGrantServiceMeterService 

type OfflineGrantServiceMeterService interface {
	TrackActiveUser(ctx context.Context, userID string) error
}

type OfflineGrantSession 

type OfflineGrantSession struct {
	OfflineGrant    *OfflineGrant
	CreatedAt       time.Time
	TokenHash       string
	ClientID        string
	Scopes          []string
	AuthorizationID string
	DPoPJKT         string
}

func (*OfflineGrantSession) CreateNewAuthenticationInfoByThisSession 

func (o *OfflineGrantSession) CreateNewAuthenticationInfoByThisSession() authenticationinfo.T

func (*OfflineGrantSession) GetAccessInfo 

func (o *OfflineGrantSession) GetAccessInfo() *access.Info

func (*OfflineGrantSession) GetAuthenticationInfo 

func (o *OfflineGrantSession) GetAuthenticationInfo() authenticationinfo.T

func (*OfflineGrantSession) GetCreatedAt 

func (o *OfflineGrantSession) GetCreatedAt() time.Time

func (*OfflineGrantSession) GetExpireAt 

func (o *OfflineGrantSession) GetExpireAt() time.Time

func (*OfflineGrantSession) MatchDPoPJKT 

func (g *OfflineGrantSession) MatchDPoPJKT(proof *dpop.DPoPProof) bool

func (*OfflineGrantSession) SSOGroupIDPSessionID 

func (o *OfflineGrantSession) SSOGroupIDPSessionID() string

func (*OfflineGrantSession) Session 

func (o *OfflineGrantSession) Session()

func (*OfflineGrantSession) SessionID 

func (o *OfflineGrantSession) SessionID() string

func (*OfflineGrantSession) SessionType 

func (o *OfflineGrantSession) SessionType() session.Type

type OfflineGrantSessionManager 

type OfflineGrantSessionManager interface {
	List(ctx context.Context, userID string) ([]session.ListableSession, error)
	Delete(ctx context.Context, session session.ListableSession) error
}

type OfflineGrantStore 

type OfflineGrantStore interface {
	GetOfflineGrantWithoutExpireAt(ctx context.Context, id string) (*OfflineGrant, error)
	CreateOfflineGrant(ctx context.Context, offlineGrant *OfflineGrant) error
	DeleteOfflineGrant(ctx context.Context, g *OfflineGrant) error

	UpdateOfflineGrantLastAccess(ctx context.Context, id string, accessEvent access.Event, expireAt time.Time) (*OfflineGrant, error)
	UpdateOfflineGrantDeviceInfo(ctx context.Context, id string, deviceInfo map[string]interface{}, expireAt time.Time) (*OfflineGrant, error)
	UpdateOfflineGrantAuthenticatedAt(ctx context.Context, id string, authenticatedAt time.Time, expireAt time.Time) (*OfflineGrant, error)
	UpdateOfflineGrantApp2AppDeviceKey(ctx context.Context, id string, newKey string, expireAt time.Time) (*OfflineGrant, error)
	UpdateOfflineGrantDeviceSecretHash(
		ctx context.Context,
		grantID string,
		newDeviceSecretHash string,
		dpopJKT string,
		expireAt time.Time) (*OfflineGrant, error)
	RemoveOfflineGrantRefreshTokens(ctx context.Context, grantID string, tokenHashes []string, expireAt time.Time) (*OfflineGrant, error)
	AddOfflineGrantRefreshToken(
		ctx context.Context,
		grantID string,
		expireAt time.Time,
		tokenHash string,
		clientID string,
		scopes []string,
		authorizationID string,
		dpopJKT string,
	) (*OfflineGrant, error)
	AddOfflineGrantSAMLServiceProviderParticipant(
		ctx context.Context,
		grantID string,
		newServiceProviderID string,
		expireAt time.Time,
	) (*OfflineGrant, error)

	ListOfflineGrants(ctx context.Context, userID string) ([]*OfflineGrant, error)
	ListClientOfflineGrants(ctx context.Context, clientID string, userID string) ([]*OfflineGrant, error)

	CleanUpForDeletingUserID(ctx context.Context, userID string) error
}

type PreAuthenticatedURLToken 

type PreAuthenticatedURLToken struct {
	AppID           string   `json:"app_id"`
	AuthorizationID string   `json:"authorization_id"`
	ClientID        string   `json:"client_id"`
	OfflineGrantID  string   `json:"offline_grant_id"`
	Scopes          []string `json:"scopes"`

	CreatedAt time.Time `json:"created_at"`
	ExpireAt  time.Time `json:"expire_at"`
	TokenHash string    `json:"token_hash"`
}

type PreAuthenticatedURLTokenAccessGrantService 

type PreAuthenticatedURLTokenAccessGrantService interface {
	IssueAccessGrant(
		ctx context.Context,
		client *config.OAuthClientConfig,
		scopes []string,
		authzID string,
		userID string,
		sessionID string,
		sessionKind GrantSessionKind,
		refreshTokenHash string,
	) (*IssueAccessGrantResult, error)
}

type PreAuthenticatedURLTokenOfflineGrantService 

type PreAuthenticatedURLTokenOfflineGrantService interface {
	GetOfflineGrant(ctx context.Context, id string) (*OfflineGrant, error)
	CreateNewRefreshToken(
		ctx context.Context,
		grant *OfflineGrant,
		clientID string,
		scopes []string,
		authorizationID string,
		dpopJKT string,
	) (*CreateNewRefreshTokenResult, *OfflineGrant, error)
}

type PreAuthenticatedURLTokenStore 

type PreAuthenticatedURLTokenStore interface {
	CreatePreAuthenticatedURLToken(ctx context.Context, t *PreAuthenticatedURLToken) error
	ConsumePreAuthenticatedURLToken(ctx context.Context, tokenHash string) (*PreAuthenticatedURLToken, error)
}

type PromptResolver 

type PromptResolver struct {
	Clock clock.Clock
}

func (*PromptResolver) ResolvePrompt 

func (r *PromptResolver) ResolvePrompt(req protocol.AuthorizationRequest, sidSession session.ListableSession) (prompt []string)

type Resolver 

type Resolver struct {
	RemoteIP            httputil.RemoteIP
	UserAgentString     httputil.UserAgentString
	OAuthConfig         *config.OAuthConfig
	Authorizations      AuthorizationStore
	AccessGrants        AccessGrantStore
	AppSessions         AppSessionStore
	AccessTokenDecoder  AccessTokenDecoder
	Sessions            ResolverSessionProvider
	Cookies             ResolverCookieManager
	Clock               clock.Clock
	OfflineGrantService ResolverOfflineGrantService
}

func (*Resolver) Resolve 

func (re *Resolver) Resolve(ctx context.Context, rw http.ResponseWriter, r *http.Request) (session.ResolvedSession, error)

type ResolverCookieManager 

type ResolverCookieManager interface {
	GetCookie(r *http.Request, def *httputil.CookieDef) (*http.Cookie, error)
}

type ResolverOfflineGrantService 

type ResolverOfflineGrantService interface {
	AccessOfflineGrant(ctx context.Context, grantID string, accessEvent *access.Event, expireAt time.Time) (*OfflineGrant, error)
	GetOfflineGrant(ctx context.Context, id string) (*OfflineGrant, error)
}

type ResolverSessionProvider 

type ResolverSessionProvider interface {
	AccessWithID(ctx context.Context, id string, accessEvent access.Event) (*idpsession.IDPSession, error)
}

type ServiceIDPSessionProvider 

type ServiceIDPSessionProvider interface {
	Get(ctx context.Context, id string) (*idpsession.IDPSession, error)
	CheckSessionExpired(session *idpsession.IDPSession) (expired bool)
}

type SessionManager 

type SessionManager struct {
	Store   OfflineGrantStore
	Config  *config.OAuthConfig
	Service OfflineGrantService
}

func (*SessionManager) CleanUpForDeletingUserID 

func (m *SessionManager) CleanUpForDeletingUserID(ctx context.Context, userID string) error

func (*SessionManager) ClearCookie 

func (m *SessionManager) ClearCookie() []*http.Cookie

func (*SessionManager) Delete 

func (m *SessionManager) Delete(ctx context.Context, session session.ListableSession) error

func (*SessionManager) Get 

func (m *SessionManager) Get(ctx context.Context, id string) (session.ListableSession, error)

func (*SessionManager) List 

func (m *SessionManager) List(ctx context.Context, userID string) ([]session.ListableSession, error)

func (*SessionManager) TerminateAllExcept 

func (m *SessionManager) TerminateAllExcept(ctx context.Context, userID string, currentSession session.ResolvedSession) ([]session.ListableSession, error)

type SettingsActionGrant 

type SettingsActionGrant struct {
	AppID string `json:"app_id"`

	CreatedAt time.Time `json:"created_at"`
	ExpireAt  time.Time `json:"expire_at"`
	CodeHash  string    `json:"code_hash"`

	RedirectURI          string                        `json:"redirect_uri"`
	AuthorizationRequest protocol.AuthorizationRequest `json:"authorization_request"`
}

type SettingsActionGrantStore 

type SettingsActionGrantStore interface {
	GetSettingsActionGrant(ctx context.Context, codeHash string) (*SettingsActionGrant, error)
	CreateSettingsActionGrant(ctx context.Context, g *SettingsActionGrant) error
	DeleteSettingsActionGrant(ctx context.Context, g *SettingsActionGrant) error
}

Source Files

View all Source files

Directories

Path Synopsis
handler
protocol

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.