Documentation
¶
Overview ¶
Package SDK offers convenience functions for Go code around Hydra's HTTP APIs.
import "github.com/ory-am/hydra/sdk"
import "github.com/ory-am/hydra/client"
var hydra, err = sdk.Connect(
sdk.ClientID("client-id"),
sdk.ClientSecret("client-secret"),
sdk.ClusterURL("https://localhost:4444"),
)
// You now have access to the various API endpoints of hydra, for example the oauth2 client endpoint:
var newClient, err = hydra.Client.CreateClient(&client.Client{
ID: "deadbeef",
Secret: "sup3rs3cret",
RedirectURIs: []string{"http://yourapp/callback"},
// ...
})
// Retrieve newly created client
var gotClient, err = hydra.Client.GetClient(newClient.ID)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClientID ¶
func ClientID(id string) option
ClientID sets the OAuth2 Client ID.
var hydra, err = sdk.Connect(
sdk.ClientID("client-id"),
)
func ClientSecret ¶
func ClientSecret(secret string) option
ClientSecret sets OAuth2 Client secret.
var hydra, err = sdk.Connect(
sdk.ClientSecret("client-secret"),
)
func ClusterURL ¶
func ClusterURL(urlStr string) option
ClusterURL sets Hydra service URL
var hydra, err = sdk.Connect(
sdk.ClientID("https://localhost:1234/"),
)
func Scopes ¶
func Scopes(scopes ...string) option
Scopes is a list of scopes that are requested in the client credentials grant.
var hydra, err = sdk.Connect(
sdk.Scopes("foo", "bar"),
)
func SkipTLSVerify ¶
func SkipTLSVerify() option
SkipTLSVerify skips TLS verification for HTTPS connections.
var hydra, err = sdk.Connect( sdk.SkipTLSVerify(), )
Types ¶
type ChallengeClaims ¶ added in v0.7.8
type ChallengeClaims struct {
// RequestedScopes are the scopes the application requested. Each scope should be explicitly granted by
// the user.
RequestedScopes []string `json:"scp"`
// The ID of the application that initiated the OAuth2 flow.
Audience string `json:"aud"`
// RedirectURL is the url where the consent app will send the user after the consent flow has been completed.
RedirectURL string `json:"redir"`
// ExpiresAt is a unix timestamp of the expiry time.
ExpiresAt float64 `json:"exp"`
// ID is the tokens' ID which will be automatically echoed in the consent response.
ID string `json:"jti"`
}
ChallengeClaims are the decoded claims of a consent challenge.
func (*ChallengeClaims) Valid ¶ added in v0.7.8
func (c *ChallengeClaims) Valid() error
Valid tests if the challenge's claims are valid.
type Client ¶
type Client struct {
// Clients offers OAuth2 Client management capabilities.
Clients *client.HTTPManager
// JSONWebKeys offers JSON Web Key management capabilities.
JSONWebKeys *jwk.HTTPManager
// Policies offers Access Policy management capabilities.
Policies *policy.HTTPManager
// Warden offers Access Token and Access Request validation strategies (for first-party resource servers).
Warden *warden.HTTPWarden
// Introspection offers Access Token and Access Request introspection strategies (according to RFC 7662).
Introspection *hoauth2.HTTPIntrospector
// Revocation offers OAuth2 Token Revocation.
Revocator *hoauth2.HTTPRecovator
// Groups offers warden group management capabilities.
Groups *group.HTTPManager
// Consent helps you verify consent challenges and sign consent responses.
Consent *Consent
// contains filtered or unexported fields
}
Client offers easy use of all HTTP clients.
func Connect ¶
Connect instantiates a new client to communicate with Hydra.
import "github.com/ory-am/hydra/sdk"
var hydra, err = sdk.Connect(
sdk.ClientID("client-id"),
sdk.ClientSecret("client-secret"),
sdk.ClusterURL("https://localhost:4444"),
)
func (*Client) OAuth2Config ¶ added in v0.4.0
OAuth2Config returns an oauth2 config instance which you can use to initiate various oauth2 flows.
config := client.OAuth2Config("https://mydomain.com/oauth2_callback", "photos", "contacts.read")
redirectRequestTo := oauth2.AuthCodeURL()
// in callback handler...
token, err := config.Exchange(oauth2.NoContext, authorizeCode)
type Consent ¶ added in v0.7.8
Consent is a helper for singing and verifying consent challenges. For an exemplary reference implementation, check https://github.com/ory/hydra-consent-app-go
func (*Consent) DenyConsent ¶ added in v0.7.8
DenyConsent can be used to indicate that the user denied consent. Returns a redirect url or an error if the challenge is invalid.
redirectUrl, _ := c.DenyConsent(challenge) http.Redirect(w, r, redirectUrl, http.StatusFound)
func (*Consent) GenerateResponse ¶ added in v0.7.8
func (c *Consent) GenerateResponse(r *ResponseRequest) (string, error)
GenerateResponse generates a consent response and returns the consent response token, or an error if it is invalid.
redirectUrl, _ := c.GenerateResponse(challenge) http.Redirect(w, r, redirectUrl, http.StatusFound)
func (*Consent) VerifyChallenge ¶ added in v0.7.8
func (c *Consent) VerifyChallenge(challenge string) (*ChallengeClaims, error)
VerifyChallenge verifies a consent challenge and either returns the challenge's claims if it is valid, or an error if it is not.
claims, err := c.VerifyChallenge(challenge)
if err != nil {
// The challenge is invalid, or the signing key could not be retrieved
}
// ...
type ResponseRequest ¶ added in v0.7.8
type ResponseRequest struct {
// Challenge is the original consent challenge.
Challenge string
// Subject will be the sub claim of the access token. Usually this is a resource owner (user).
Subject string
// Scopes are the scopes the resource owner granted to the application requesting the access token.
Scopes []string
// AccessTokenExtra is arbitrary data that will be available when performing token introspection or warden requests.
AccessTokenExtra interface{}
// IDTokenExtra is arbitrary data that will included as a claim in the ID Token, if requested.
IDTokenExtra interface{}
}
ResponseRequest is being used by the consent response singing helper.
Source Files