Versions in this module Expand all Collapse all v0 v0.14.0 Apr 24, 2024 v0.13.0 Feb 27, 2024 Changes in this version + const ApprovalModelKeyApprovalUrl + const ApprovalModelKeyAuthRequest + const TokenEnhancerOrderBasicClaims + const TokenEnhancerOrderDetailsClaims + const TokenEnhancerOrderExpiry + const TokenEnhancerOrderRefreshToken + const TokenEnhancerOrderResourceIdClaims + const TokenEnhancerOrderTokenDetails + func ConvertToOAuthUserAuthentication(userAuth security.Authentication, options ...ConvertOption) oauth2.UserAuthentication + func IsSubSet(_ context.Context, superset utils.StringSet, subset utils.StringSet) (ok bool, invalid string) + func LoadAndValidateClientId(c context.Context, clientId string, clientStore oauth2.OAuth2ClientStore) (oauth2.OAuth2Client, error) + func NewJwtTokenStore(opts ...JTSOptions) *jwtTokenStore + func NewWildcardUrlMatcher(pattern string) (*wildcardUrlMatcher, error) + func ResolveRedirectUri(_ context.Context, redirectUri string, client oauth2.OAuth2Client) (string, error) + func RetrieveAuthenticatedClient(c context.Context) oauth2.OAuth2Client + func RetrieveFullyAuthenticatedClient(c context.Context) (oauth2.OAuth2Client, error) + func ValidateAllAutoApprovalScopes(c context.Context, client oauth2.OAuth2Client, scopes utils.StringSet) error + func ValidateAllScopes(c context.Context, client oauth2.OAuth2Client, scopes utils.StringSet) error + func ValidateApproval(c context.Context, approval map[string]bool, client oauth2.OAuth2Client, ...) error + func ValidateGrant(_ context.Context, client oauth2.OAuth2Client, grantType string) error + func ValidateResponseTypes(ctx context.Context, request *AuthorizeRequest, supported utils.StringSet) error + func ValidateScope(c context.Context, client oauth2.OAuth2Client, scopes ...string) error + type AccessRevoker interface + RevokeWithClientId func(ctx context.Context, clientId string, revokeRefreshToken bool) error + RevokeWithSessionId func(ctx context.Context, sessionId string, sessionName string) error + RevokeWithTokenValue func(ctx context.Context, tokenValue string, hint RevokerTokenHint) error + RevokeWithUsername func(ctx context.Context, username string, revokeRefreshToken bool) error + type AuthHandlerOption struct + ApprovalPageTmpl string + ApprovalUrl string + AuthCodeStore AuthorizationCodeStore + AuthService AuthorizationService + Extensions []AuthorizeHandler + type AuthHandlerOptions func(opt *AuthHandlerOption) + type AuthorizationCodeStore interface + ConsumeAuthorizationCode func(ctx context.Context, authCode string, onetime bool) (oauth2.Authentication, error) + GenerateAuthorizationCode func(ctx context.Context, r *AuthorizeRequest, user security.Authentication) (string, error) + type AuthorizationRegistry interface + FindSessionId func(ctx context.Context, token oauth2.Token) (string, error) + ReadStoredAuthorization func(ctx context.Context, token oauth2.RefreshToken) (oauth2.Authentication, error) + RegisterAccessToken func(ctx context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) error + RegisterRefreshToken func(ctx context.Context, token oauth2.RefreshToken, oauth oauth2.Authentication) error + RevokeAccessToken func(ctx context.Context, token oauth2.AccessToken) error + RevokeAllAccessTokens func(ctx context.Context, token oauth2.RefreshToken) error + RevokeClientAccess func(ctx context.Context, clientId string, revokeRefreshToken bool) error + RevokeRefreshToken func(ctx context.Context, token oauth2.RefreshToken) error + RevokeSessionAccess func(ctx context.Context, sessionId string, revokeRefreshToken bool) error + RevokeUserAccess func(ctx context.Context, username string, revokeRefreshToken bool) error + type AuthorizationService interface + CreateAccessToken func(ctx context.Context, oauth oauth2.Authentication) (oauth2.AccessToken, error) + CreateAuthentication func(ctx context.Context, request oauth2.OAuth2Request, ...) (oauth2.Authentication, error) + RefreshAccessToken func(ctx context.Context, oauth oauth2.Authentication, ...) (oauth2.AccessToken, error) + SwitchAuthentication func(ctx context.Context, request oauth2.OAuth2Request, ...) (oauth2.Authentication, error) + type AuthorizeHandler interface + HandleApprovalPage func(ctx context.Context, r *AuthorizeRequest, user security.Authentication) (ResponseHandlerFunc, error) + HandleApproved func(ctx context.Context, r *AuthorizeRequest, user security.Authentication) (ResponseHandlerFunc, error) + type AuthorizeRequest struct + Approved bool + ClientId string + Extensions map[string]interface{} + Parameters map[string]string + RedirectUri string + ResponseTypes utils.StringSet + Scopes utils.StringSet + State string + func NewAuthorizeRequest(opts ...func(req *AuthorizeRequest)) *AuthorizeRequest + func ParseAuthorizeRequest(req *http.Request) (*AuthorizeRequest, error) + func ParseAuthorizeRequestWithKVs(ctx context.Context, values map[string]interface{}) (*AuthorizeRequest, error) + func (r *AuthorizeRequest) Context() utils.MutableContext + func (r *AuthorizeRequest) OAuth2Request() oauth2.OAuth2Request + func (r *AuthorizeRequest) String() string + func (r *AuthorizeRequest) WithContext(ctx context.Context) *AuthorizeRequest + type AuthorizeRequestProcessChain interface + Next func(ctx context.Context, request *AuthorizeRequest) (processed *AuthorizeRequest, err error) + type AuthorizeRequestProcessor interface + Process func(ctx context.Context, request *AuthorizeRequest) (processed *AuthorizeRequest, err error) + func NewAuthorizeRequestProcessor(delegates ...ChainedAuthorizeRequestProcessor) AuthorizeRequestProcessor + type BasicClaimsTokenEnhancer struct + func (te *BasicClaimsTokenEnhancer) Enhance(_ context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + func (te *BasicClaimsTokenEnhancer) Order() int + type ChainedAuthorizeRequestProcessor interface + Process func(ctx context.Context, request *AuthorizeRequest, ...) (validated *AuthorizeRequest, err error) + type ClientDetails struct + AccessTokenValidity time.Duration + AssignedTenantIds utils.StringSet + AutoApproveScopes utils.StringSet + ClientId string + GrantTypes utils.StringSet + RedirectUris utils.StringSet + RefreshTokenValidity time.Duration + ResourceIds utils.StringSet + Scopes utils.StringSet + Secret string + UseSessionTimeout bool + type CompositeTokenEnhancer struct + func NewCompositeTokenEnhancer(delegates ...TokenEnhancer) *CompositeTokenEnhancer + func (e *CompositeTokenEnhancer) Add(enhancers ...TokenEnhancer) + func (e *CompositeTokenEnhancer) Enhance(ctx context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + func (e *CompositeTokenEnhancer) Remove(enhancer TokenEnhancer) + type CompositeTokenGranter struct + func NewCompositeTokenGranter(delegates ...TokenGranter) *CompositeTokenGranter + func (g *CompositeTokenGranter) Add(granter TokenGranter) *CompositeTokenGranter + func (g *CompositeTokenGranter) Delegates() []TokenGranter + func (g *CompositeTokenGranter) Grant(ctx context.Context, request *TokenRequest) (oauth2.AccessToken, error) + type ConvertOption func(option *ConvertOptions) + func ConvertWithSkipTypeCheck(skipTypeCheck bool) ConvertOption + type ConvertOptions struct + SkipTypeCheck bool + func (c *ConvertOptions) AppendUserAuthOptions(option OverrideAuthOptions) + type DASOption struct + AccountStore security.AccountStore + ClientStore oauth2.OAuth2ClientStore + DetailsFactory *common.ContextDetailsFactory + Issuer security.Issuer + PostTokenEnhancers []TokenEnhancer + ProviderStore security.ProviderStore + TenantStore security.TenantStore + TokenEnhancers []TokenEnhancer + TokenStore TokenStore + type DASOptions func(*DASOption) + type DefaultAuthorizationService struct + func NewDefaultAuthorizationService(opts ...DASOptions) *DefaultAuthorizationService + func (s *DefaultAuthorizationService) CreateAccessToken(c context.Context, oauth oauth2.Authentication) (oauth2.AccessToken, error) + func (s *DefaultAuthorizationService) CreateAuthentication(ctx context.Context, request oauth2.OAuth2Request, ...) (oauth oauth2.Authentication, err error) + func (s *DefaultAuthorizationService) RefreshAccessToken(c context.Context, oauth oauth2.Authentication, ...) (oauth2.AccessToken, error) + func (s *DefaultAuthorizationService) SwitchAuthentication(ctx context.Context, request oauth2.OAuth2Request, ...) (oauth oauth2.Authentication, err error) + type DefaultAuthorizeHandler struct + func NewAuthorizeHandler(opts ...AuthHandlerOptions) *DefaultAuthorizeHandler + func (h *DefaultAuthorizeHandler) Extend(makers ...AuthorizeHandler) *DefaultAuthorizeHandler + func (h *DefaultAuthorizeHandler) HandleApprovalPage(ctx context.Context, r *AuthorizeRequest, user security.Authentication) (ResponseHandlerFunc, error) + func (h *DefaultAuthorizeHandler) HandleApproved(ctx context.Context, r *AuthorizeRequest, user security.Authentication) (ResponseHandlerFunc, error) + func (h *DefaultAuthorizeHandler) MakeAuthCodeResponse(ctx context.Context, r *AuthorizeRequest, user oauth2.UserAuthentication) (ResponseHandlerFunc, error) + func (h *DefaultAuthorizeHandler) MakeImplicitResponse(ctx context.Context, r *AuthorizeRequest, user oauth2.UserAuthentication) (ResponseHandlerFunc, error) + type DefaultOAuth2Client struct + func NewClient() *DefaultOAuth2Client + func NewClientWithDetails(clientDetails ClientDetails) *DefaultOAuth2Client + func (c *DefaultOAuth2Client) AccessTokenValidity() time.Duration + func (c *DefaultOAuth2Client) AssignedTenantIds() utils.StringSet + func (c *DefaultOAuth2Client) AutoApproveScopes() utils.StringSet + func (c *DefaultOAuth2Client) CacheableCopy() security.Account + func (c *DefaultOAuth2Client) ClientId() string + func (c *DefaultOAuth2Client) Credentials() interface{} + func (c *DefaultOAuth2Client) Disabled() bool + func (c *DefaultOAuth2Client) GrantTypes() utils.StringSet + func (c *DefaultOAuth2Client) ID() interface{} + func (c *DefaultOAuth2Client) Locked() bool + func (c *DefaultOAuth2Client) MaxTokensPerUser() int + func (c *DefaultOAuth2Client) Permissions() []string + func (c *DefaultOAuth2Client) RedirectUris() utils.StringSet + func (c *DefaultOAuth2Client) RefreshTokenValidity() time.Duration + func (c *DefaultOAuth2Client) ResourceIDs() utils.StringSet + func (c *DefaultOAuth2Client) Scopes() utils.StringSet + func (c *DefaultOAuth2Client) Secret() string + func (c *DefaultOAuth2Client) SecretRequired() bool + func (c *DefaultOAuth2Client) Type() security.AccountType + func (c *DefaultOAuth2Client) UseMFA() bool + func (c *DefaultOAuth2Client) UseSessionTimeout() bool + func (c *DefaultOAuth2Client) Username() string + type DetailsTokenEnhancer struct + func (e *DetailsTokenEnhancer) Enhance(_ context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + func (e *DetailsTokenEnhancer) Order() int + type ExpiryTokenEnhancer struct + func (e *ExpiryTokenEnhancer) Enhance(_ context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + func (e *ExpiryTokenEnhancer) Order() int + type JTSOption struct + AuthRegistry AuthorizationRegistry + Decoder jwt.JwtDecoder + DetailsStore security.ContextDetailsStore + Encoder jwt.JwtEncoder + Reader oauth2.TokenStoreReader + type JTSOptions func(opt *JTSOption) + type LegacyTokenEnhancer struct + func (te *LegacyTokenEnhancer) Enhance(_ context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + func (te *LegacyTokenEnhancer) Order() int + type OAuth2ClientAccountStore struct + func WrapOAuth2ClientStore(clientStore oauth2.OAuth2ClientStore) *OAuth2ClientAccountStore + func (s *OAuth2ClientAccountStore) LoadAccountById(ctx context.Context, id interface{}) (security.Account, error) + func (s *OAuth2ClientAccountStore) LoadAccountByUsername(ctx context.Context, username string) (security.Account, error) + func (s *OAuth2ClientAccountStore) LoadLockingRules(ctx context.Context, acct security.Account) (security.AccountLockingRule, error) + func (s *OAuth2ClientAccountStore) LoadPwdAgingRules(ctx context.Context, acct security.Account) (security.AccountPwdAgingRule, error) + func (s *OAuth2ClientAccountStore) Save(ctx context.Context, acct security.Account) error + type OAuth2ErrorHandler struct + func NewOAuth2ErrorHandler() *OAuth2ErrorHandler + func (h *OAuth2ErrorHandler) HandleError(c context.Context, r *http.Request, rw http.ResponseWriter, err error) + type OverrideAuthOptions func(userAuth security.Authentication) oauth2.UserAuthOptions + type RedisAuthorizationCodeStore struct + func NewRedisAuthorizationCodeStore(ctx context.Context, cf redis.ClientFactory, dbIndex int) *RedisAuthorizationCodeStore + func (s *RedisAuthorizationCodeStore) ConsumeAuthorizationCode(ctx context.Context, authCode string, onetime bool) (oauth2.Authentication, error) + func (s *RedisAuthorizationCodeStore) GenerateAuthorizationCode(ctx context.Context, r *AuthorizeRequest, user security.Authentication) (string, error) + type RefreshTokenEnhancer struct + func (te *RefreshTokenEnhancer) Enhance(ctx context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + func (te *RefreshTokenEnhancer) Order() int + type ResourceIdTokenEnhancer struct + func (te *ResourceIdTokenEnhancer) Enhance(c context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + func (te *ResourceIdTokenEnhancer) Order() int + type ResponseHandlerFunc func(ctx *gin.Context) + type RevokerTokenHint string + const RevokerHintAccessToken + const RevokerHintRefreshToken + type StandardAuthorizeRequestProcessor struct + func NewStandardAuthorizeRequestProcessor(opts ...StdARPOptions) *StandardAuthorizeRequestProcessor + func (p *StandardAuthorizeRequestProcessor) Process(ctx context.Context, request *AuthorizeRequest, ...) (validated *AuthorizeRequest, err error) + type StdARPOption struct + AccountStore security.AccountStore + ClientStore oauth2.OAuth2ClientStore + type StdARPOptions func(*StdARPOption) + type TokenEnhancer interface + Enhance func(ctx context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + type TokenGranter interface + Grant func(ctx context.Context, request *TokenRequest) (oauth2.AccessToken, error) + type TokenRequest struct + ClientId string + Extensions map[string]interface{} + GrantType string + Parameters map[string]string + Scopes utils.StringSet + func NewTokenRequest() *TokenRequest + func ParseTokenRequest(req *http.Request) (*TokenRequest, error) + func (r *TokenRequest) Context() utils.MutableContext + func (r *TokenRequest) OAuth2Request(client oauth2.OAuth2Client) oauth2.OAuth2Request + func (r *TokenRequest) String() string + func (r *TokenRequest) WithContext(ctx context.Context) *TokenRequest + type TokenStore interface + RemoveAccessToken func(ctx context.Context, token oauth2.Token) error + RemoveRefreshToken func(ctx context.Context, token oauth2.RefreshToken) error + ReusableAccessToken func(ctx context.Context, oauth oauth2.Authentication) (oauth2.AccessToken, error) + SaveAccessToken func(ctx context.Context, token oauth2.AccessToken, oauth oauth2.Authentication) (oauth2.AccessToken, error) + SaveRefreshToken func(ctx context.Context, token oauth2.RefreshToken, oauth oauth2.Authentication) (oauth2.RefreshToken, error)