oauth2

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	JsonFieldAccessTokenValue  = "access_token"
	JsonFieldTokenType         = "token_type"
	JsonFieldIssueTime         = "iat"
	JsonFieldExpiryTime        = "expiry"
	JsonFieldExpiresIn         = "expires_in"
	JsonFieldScope             = "scope"
	JsonFieldRefreshTokenValue = "refresh_token"
	JsonFieldIDTokenValue      = "id_token"
)
View Source 
const (
	ParameterClientId            = "client_id"
	ParameterClientSecret        = "client_secret"
	ParameterResponseType        = "response_type"
	ParameterRedirectUri         = "redirect_uri"
	ParameterScope               = "scope"
	ParameterState               = "state"
	ParameterGrantType           = "grant_type"
	ParameterUsername            = "username"
	ParameterPassword            = "password"
	ParameterTenantId            = "tenant_id"
	ParameterTenantExternalId    = "tenant_name" //for backward compatibility we map it to tenant_name
	ParameterNonce               = "nonce"
	ParameterMaxAge              = "max_age"
	ParameterError               = "error"
	ParameterErrorDescription    = "error_description"
	ParameterCodeChallenge       = "code_challenge"
	ParameterCodeChallengeMethod = "code_challenge_method"
	ParameterCodeVerifier        = "code_verifier"
	ParameterRequestObj          = "request"
	ParameterRequestUri          = "request_uri"
	ParameterAuthCode            = "code"
	ParameterUserApproval        = "user_oauth_approval"
	ParameterRefreshToken        = "refresh_token"
	ParameterAccessToken         = "access_token"
	ParameterSwitchUsername      = "switch_username"
	ParameterSwitchUserId        = "switch_user_id"
	ParameterDisplay             = "display"
	ParameterACR                 = "acr_values"
	ParameterPrompt              = "prompt"
	ParameterClaims              = "claims"
)
View Source 
const (
	GrantTypeClientCredentials = "client_credentials"
	GrantTypePassword          = "password"
	GrantTypeAuthCode          = "authorization_code"
	GrantTypeImplicit          = "implicit"
	GrantTypeRefresh           = "refresh_token"
	GrantTypeSwitchUser        = "urn:cisco:nfv:oauth:grant-type:switch-user"
	GrantTypeSwitchTenant      = "urn:cisco:nfv:oauth:grant-type:switch-tenant"
	GrantTypeSamlSSO           = "urn:ietf:params:oauth:grant-type:saml2-bearer"
)
View Source 
const (
	ScopeRead            = "read"
	ScopeWrite           = "write"
	ScopeTokenDetails    = "token_details"
	ScopeTenantHierarchy = "tenant_hierarchy"
	ScopeOidc            = "openid"
	ScopeOidcProfile     = "profile"
	ScopeOidcEmail       = "email"
	ScopeOidcAddress     = "address"
	ScopeOidcPhone       = "phone"
)
View Source 
const (
	CtxKeyAuthenticatedClient       = "kAuthenticatedClient"
	CtxKeyAuthenticatedAccount      = "kAuthenticatedAccount"
	CtxKeyAuthorizedTenant          = "kAuthorizedTenant"
	CtxKeyAuthorizedProvider        = "kAuthorizedProvider"
	CtxKeyUserAuthentication        = "kUserAuthentication"
	CtxKeyAuthorizationExpiryTime   = "kAuthorizationExpiryTime"
	CtxKeyAuthorizationIssueTime    = "kAuthorizationIssueTime"
	CtxKeyAuthenticationTime        = "kAuthenticationTime"
	CtxKeyReceivedAuthorizeRequest  = "kReceivedAuthRequest"
	CtxKeyValidatedAuthorizeRequest = "kValidatedAuthRequest"
	CtxKeyResolvedAuthorizeRedirect = "kResolvedRedirect"
	CtxKeyResolvedAuthorizeState    = "kResolvedState"
	CtxKeySourceAuthentication      = "kSourceAuthentication"
)
View Source 
const (
	DetailsKeyRequestExt    = "kOAuth2Ext"
	DetailsKeyRequestParams = "kOAuth2Params"
)
View Source 
const (
	/**
	 * JWT standard
	 * https://tools.ietf.org/html/draft-ietf-oauth-json-web-token-13#section-4.1
	 */
	ClaimIssuer    = "iss"
	ClaimSubject   = "sub"
	ClaimAudience  = "aud"
	ClaimExpire    = "exp"
	ClaimNotBefore = "nbf"
	ClaimIssueAt   = "iat"
	ClaimJwtId     = "jti"

	/**
	 * ID TOKEN
	 * https://openid.net/specs/openid-connect-core-1_0.html#IDToken
	 */
	ClaimAuthTime        = "auth_time"
	ClaimNonce           = "nonce"
	ClaimAuthCtxClassRef = "acr"
	ClaimAuthMethodRef   = "amr"
	ClaimAuthorizedParty = "azp"
	ClaimAccessTokenHash = "at_hash"

	/**
	 * Standard UserInfo
	 * https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
	 */
	ClaimFullName          = "name"
	ClaimFirstName         = "given_name"
	ClaimLastName          = "family_name"
	ClaimMiddleName        = "middle_name"
	ClaimNickname          = "nickname"
	ClaimPreferredUsername = "preferred_username"
	ClaimProfileUrl        = "profile"
	ClaimPictureUrl        = "picture"
	ClaimWebsite           = "website"
	ClaimEmail             = "email"
	ClaimEmailVerified     = "email_verified"
	ClaimGender            = "gender"
	ClaimBirthday          = "birthdate"    // ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format
	ClaimZoneInfo          = "zoneinfo"     // Europe/Paris or America/Los_Angeles
	ClaimLocale            = "locale"       // Typically ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1
	ClaimPhoneNumber       = "phone_number" // RFC 3966 [RFC3966] e.g. +1 (604) 555-1234;ext=5678
	ClaimPhoneNumVerified  = "phone_number_verified"
	ClaimAddress           = "address"
	ClaimUpdatedAt         = "updated_at"

	/**
	 * Standard CheckToken
	 * https://tools.ietf.org/html/rfc7662#section-2.2
	 */
	ClaimActive    = "active"
	ClaimScope     = "scope"
	ClaimClientId  = "client_id"
	ClaimUsername  = "username"
	ClaimTokenType = "token_type"

	/**
	 * NFV Additions - custom
	 */
	ClaimUserId                   = "user_id"
	ClaimAccountType              = "account_type"
	ClaimCurrency                 = "currency"
	ClaimTenantId                 = "tenant_id"
	ClaimTenantExternalId         = "tenant_name" //for backward compatibility we map it to tenant_name
	ClaimTenantSuspended          = "tenant_suspended"
	ClaimProviderId               = "provider_id"
	ClaimProviderName             = "provider_name"
	ClaimProviderDisplayName      = "provider_display_name"
	ClaimProviderDescription      = "provider_description"
	ClaimProviderEmail            = "provider_email"
	ClaimProviderNotificationType = "provider_notification_type"

	ClaimAssignedTenants = "assigned_tenants"
	ClaimRoles           = "roles"
	ClaimPermissions     = "permissions"
	ClaimOrigUsername    = "original_username"
	ClaimDefaultTenantId = "default_tenant_id"

	/**
	 * NFV Additions - Legacy
	 */
	ClaimLegacyTenantId  = "tenantId"
	ClaimLegacyFirstName = "firstName"
	ClaimLegacyLastName  = "lastName"
	ClaimLegacyUsername  = "user_name"
)
View Source 
const (
	TokenTypeBearer = "bearer"
	TokenTypeMac    = "mac"
	TokenTypeBasic  = "basic"
)
View Source 
const (
	ErrorSubTypeCodeOAuth2Internal = security.ErrorTypeCodeOAuth2 + iota<<errorutils.ErrorSubTypeOffset
	ErrorSubTypeCodeOAuth2ClientAuth
	ErrorSubTypeCodeOAuth2Authorize
	ErrorSubTypeCodeOAuth2Grant
	ErrorSubTypeCodeOAuth2Res
)

All "SubType" values are used as mask sub types of security.ErrorTypeCodeOAuth2

View Source 
const (
	ErrorCodeClientNotFound
	ErrorCodeInvalidClient
)

ErrorSubTypeCodeOAuth2ClientAuth

View Source 
const (
	ErrorCodeInvalidAuthorizeRequest
	ErrorCodeInvalidResponseType
	ErrorCodeInvalidRedirectUri
	ErrorCodeAccessRejected
	ErrorCodeOpenIDExt
)

ErrorSubTypeCodeOAuth2Authorize

View Source 
const (
	ErrorCodeGranterNotAvailable
	ErrorCodeUnauthorizedClient // grant type is not allowed for client
	ErrorCodeInvalidTokenRequest
	ErrorCodeInvalidGrant
	ErrorCodeInvalidScope
	ErrorCodeUnsupportedTokenType
	ErrorCodeGeneric
)

ErrorSubTypeCodeOAuth2Grant

View Source 
const (
	ErrorCodeInvalidAccessToken
	ErrorCodeInsufficientScope
	ErrorCodeResourceServerGeneral // this should only be used for error deserialization
)

ErrorSubTypeCodeOAuth2Res

View Source 
const (
	// https://tools.ietf.org/html/rfc6749#section-4.1.2.1
	ErrorTranslationInvalidRequest      = "invalid_request"
	ErrorTranslationUnauthorizedClient  = "unauthorized_client"
	ErrorTranslationAccessDenied        = "access_denied"
	ErrorTranslationInvalidResponseType = "unsupported_response_type"
	ErrorTranslationInvalidScope        = "invalid_scope"
	ErrorTranslationInternal            = "server_error"
	ErrorTranslationInternalNA          = "temporarily_unavailable"

	// https://tools.ietf.org/html/rfc6749#section-5.2
	ErrorTranslationInvalidClient     = "invalid_client"
	ErrorTranslationInvalidGrant      = "invalid_grant"
	ErrorTranslationGrantNotSupported = "unsupported_grant_type"

	// commonly used (no RFC reference for now)
	ErrorTranslationInsufficientScope = "insufficient_scope"
	ErrorTranslationInvalidToken      = "invalid_token"
	ErrorTranslationRedirectMismatch  = "redirect_uri_mismatch"

	// https://tools.ietf.org/html/rfc7009#section-4.1.1
	ErrorTranslationUnsupportedTokenType = "unsupported_token_type"

	// https://openid.net/specs/openid-connect-core-1_0.html#AuthError
	ErrorTranslationInteractionRequired     = "interaction_required"
	ErrorTranslationLoginRequired           = "login_required"
	ErrorTranslationAcctSelectRequired      = "account_selection_required"
	ErrorTranslationConsentRequired         = "consent_required"
	ErrorTranslationInvalidRequestURI       = "invalid_request_uri"
	ErrorTranslationInvalidRequestObj       = "invalid_request_object"
	ErrorTranslationRequestUnsupported      = "request_not_supported"
	ErrorTranslationRequestURIUnsupported   = "request_uri_not_supported"
	ErrorTranslationRegistrationUnsupported = "registration_not_supported"
)
View Source 
const (
	ClaimTag = "claim"
)
View Source 
const (
	ErrorCodeOAuth2InternalGeneral
)

ErrorSubTypeCodeOAuth2Internal

View Source 
const (
	ExtUseSessionTimeout = "use_session_timeout"
)
View Source 
const (
	LegacyResourceId = "nfv-api"
)

Variables

View Source 
var (
	ErrorTypeOAuth2 = security.NewErrorType(security.ErrorTypeCodeOAuth2, errors.New("error type: oauth2"))

	ErrorSubTypeOAuth2Internal   = security.NewErrorSubType(ErrorSubTypeCodeOAuth2Internal, errors.New("error sub-type: internal"))
	ErrorSubTypeOAuth2ClientAuth = security.NewErrorSubType(ErrorSubTypeCodeOAuth2ClientAuth, errors.New("error sub-type: oauth2 client auth"))
	ErrorSubTypeOAuth2Authorize  = security.NewErrorSubType(ErrorSubTypeCodeOAuth2Authorize, errors.New("error sub-type: oauth2 auth"))
	ErrorSubTypeOAuth2Grant      = security.NewErrorSubType(ErrorSubTypeCodeOAuth2Grant, errors.New("error sub-type: oauth2 grant"))
	ErrorSubTypeOAuth2Res        = security.NewErrorSubType(ErrorSubTypeCodeOAuth2Res, errors.New("error sub-type: oauth2 resource"))
)

ErrorTypes, can be used in errors.Is

Functions

func NewAccessRejectedError 

func NewAccessRejectedError(value interface{}, causes ...interface{}) error

func NewClientNotFoundError 

func NewClientNotFoundError(value interface{}, causes ...interface{}) error

func NewGenericError 

func NewGenericError(value interface{}, causes ...interface{}) error

func NewGranterNotAvailableError 

func NewGranterNotAvailableError(value interface{}, causes ...interface{}) error

func NewInsufficientScopeError 

func NewInsufficientScopeError(value interface{}, causes ...interface{}) error

func NewInternalError 

func NewInternalError(value interface{}, causes ...interface{}) error

func NewInternalUnavailableError 

func NewInternalUnavailableError(value interface{}, causes ...interface{}) error

func NewInvalidAccessTokenError 

func NewInvalidAccessTokenError(value interface{}, causes ...interface{}) error

func NewInvalidAuthorizeRequestError 

func NewInvalidAuthorizeRequestError(value interface{}, causes ...interface{}) error

func NewInvalidClientError 

func NewInvalidClientError(value interface{}, causes ...interface{}) error

func NewInvalidGrantError 

func NewInvalidGrantError(value interface{}, causes ...interface{}) error

func NewInvalidRedirectUriError 

func NewInvalidRedirectUriError(value interface{}, causes ...interface{}) error

func NewInvalidResponseTypeError 

func NewInvalidResponseTypeError(value interface{}, causes ...interface{}) error

func NewInvalidScopeError 

func NewInvalidScopeError(value interface{}, causes ...interface{}) error

func NewInvalidTokenRequestError 

func NewInvalidTokenRequestError(value interface{}, causes ...interface{}) error

func NewUnauthorizedClientError 

func NewUnauthorizedClientError(value interface{}, causes ...interface{}) error

func NewUnsupportedTokenTypeError 

func NewUnsupportedTokenTypeError(value interface{}, causes ...interface{}) error

func NewUserAuthentication 

func NewUserAuthentication(opts ...UserAuthOptions) *userAuthentication

Types

type AccessToken 

type AccessToken interface {
	Token
	Type() TokenType
	IssueTime() time.Time
	Scopes() utils.StringSet
	RefreshToken() RefreshToken
}

type AuthOption 

type AuthOption struct {
	Request  OAuth2Request
	UserAuth security.Authentication
	Token    AccessToken
	Details  interface{}
}

type Authentication 

type Authentication interface {
	security.Authentication
	UserAuthentication() security.Authentication
	OAuth2Request() OAuth2Request
	AccessToken() AccessToken
}

Authentication extends security.Authentication

func NewAuthentication 

func NewAuthentication(opts ...AuthenticationOptions) Authentication

type AuthenticationOptions 

type AuthenticationOptions func(opt *AuthOption)

type BasicClaims 

type BasicClaims struct {
	FieldClaimsMapper
	Audience  StringSetClaim  `claim:"aud"`
	ExpiresAt time.Time       `claim:"exp"`
	Id        string          `claim:"jti"`
	IssuedAt  time.Time       `claim:"iat"`
	Issuer    string          `claim:"iss"`
	NotBefore time.Time       `claim:"nbf"`
	Subject   string          `claim:"sub"`
	Scopes    utils.StringSet `claim:"scope"`
	ClientId  string          `claim:"client_id"`
}

BasicClaims imlements Claims

func (*BasicClaims) Get 

func (c *BasicClaims) Get(claim string) interface{}

func (*BasicClaims) Has 

func (c *BasicClaims) Has(claim string) bool

func (*BasicClaims) MarshalJSON 

func (c *BasicClaims) MarshalJSON() ([]byte, error)

func (*BasicClaims) Set 

func (c *BasicClaims) Set(claim string, value interface{})

func (*BasicClaims) UnmarshalJSON 

func (c *BasicClaims) UnmarshalJSON(bytes []byte) error

func (*BasicClaims) Values 

func (c *BasicClaims) Values() map[string]interface{}

type Claims 

type Claims interface {
	Get(claim string) interface{}
	Has(claim string) bool
	Set(claim string, value interface{})
	Values() map[string]interface{}
}

type ClaimsContainer 

type ClaimsContainer interface {
	Claims() Claims
	SetClaims(claims Claims)
}

type ClientDetails 

type ClientDetails interface {
	ClientId() string
}

type DefaultAccessToken 

type DefaultAccessToken struct {
	// contains filtered or unexported fields
}

DefaultAccessToken implements AccessToken and ClaimsContainer

func FromAccessToken 

func FromAccessToken(token AccessToken) *DefaultAccessToken

func NewDefaultAccessToken 

func NewDefaultAccessToken(value string) *DefaultAccessToken

func (*DefaultAccessToken) AddScopes 

func (t *DefaultAccessToken) AddScopes(scopes ...string) *DefaultAccessToken

func (*DefaultAccessToken) Claims 

func (t *DefaultAccessToken) Claims() Claims

Claims implements ClaimsContainer

func (*DefaultAccessToken) Details 

func (t *DefaultAccessToken) Details() map[string]interface{}

Details implements AccessToken

func (*DefaultAccessToken) Expired 

func (t *DefaultAccessToken) Expired() bool

Expired implements AccessToken

func (*DefaultAccessToken) ExpiryTime 

func (t *DefaultAccessToken) ExpiryTime() time.Time

ExpiryTime implements AccessToken

func (*DefaultAccessToken) IssueTime 

func (t *DefaultAccessToken) IssueTime() time.Time

IssueTime implements AccessToken

func (*DefaultAccessToken) MarshalJSON 

func (t *DefaultAccessToken) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler

func (*DefaultAccessToken) PutDetails 

func (t *DefaultAccessToken) PutDetails(key string, value interface{}) *DefaultAccessToken

func (*DefaultAccessToken) RefreshToken 

func (t *DefaultAccessToken) RefreshToken() RefreshToken

RefreshToken implements AccessToken

func (*DefaultAccessToken) RemoveScopes 

func (t *DefaultAccessToken) RemoveScopes(scopes ...string) *DefaultAccessToken

func (*DefaultAccessToken) Scopes 

func (t *DefaultAccessToken) Scopes() utils.StringSet

Scopes implements AccessToken

func (*DefaultAccessToken) SetClaims 

func (t *DefaultAccessToken) SetClaims(claims Claims)

SetClaims implements ClaimsContainer

func (*DefaultAccessToken) SetExpireTime 

func (t *DefaultAccessToken) SetExpireTime(v time.Time) *DefaultAccessToken

func (*DefaultAccessToken) SetIssueTime 

func (t *DefaultAccessToken) SetIssueTime(v time.Time) *DefaultAccessToken

func (*DefaultAccessToken) SetRefreshToken 

func (t *DefaultAccessToken) SetRefreshToken(v RefreshToken) *DefaultAccessToken

func (*DefaultAccessToken) SetScopes 

func (t *DefaultAccessToken) SetScopes(scopes utils.StringSet) *DefaultAccessToken

func (*DefaultAccessToken) SetValue 

func (t *DefaultAccessToken) SetValue(v string) *DefaultAccessToken

func (*DefaultAccessToken) Type 

func (t *DefaultAccessToken) Type() TokenType

Type implements AccessToken

func (*DefaultAccessToken) UnmarshalJSON 

func (t *DefaultAccessToken) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler

func (*DefaultAccessToken) Value 

func (t *DefaultAccessToken) Value() string

Value implements AccessToken

type DefaultRefreshToken 

type DefaultRefreshToken struct {
	// contains filtered or unexported fields
}

DefaultRefreshToken implements RefreshToken and ClaimsContainer

func FromRefreshToken 

func FromRefreshToken(token RefreshToken) *DefaultRefreshToken

func NewDefaultRefreshToken 

func NewDefaultRefreshToken(value string) *DefaultRefreshToken

func (*DefaultRefreshToken) Claims 

func (t *DefaultRefreshToken) Claims() Claims

Claims implements ClaimsContainer

func (*DefaultRefreshToken) Details 

func (t *DefaultRefreshToken) Details() map[string]interface{}

Details implements RefreshToken

func (*DefaultRefreshToken) Expired 

func (t *DefaultRefreshToken) Expired() bool

Expired implements RefreshToken

func (*DefaultRefreshToken) ExpiryTime 

func (t *DefaultRefreshToken) ExpiryTime() time.Time

ExpiryTime implements RefreshToken

func (*DefaultRefreshToken) MarshalJSON 

func (t *DefaultRefreshToken) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler, only DefaultRefreshToken.value is serialized

func (*DefaultRefreshToken) PutDetails 

func (t *DefaultRefreshToken) PutDetails(key string, value interface{}) *DefaultRefreshToken

func (*DefaultRefreshToken) SetClaims 

func (t *DefaultRefreshToken) SetClaims(claims Claims)

SetClaims implements ClaimsContainer

func (*DefaultRefreshToken) SetExpireTime 

func (t *DefaultRefreshToken) SetExpireTime(v time.Time) *DefaultRefreshToken

func (*DefaultRefreshToken) SetValue 

func (t *DefaultRefreshToken) SetValue(v string) *DefaultRefreshToken

func (*DefaultRefreshToken) UnmarshalJSON 

func (t *DefaultRefreshToken) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler

func (*DefaultRefreshToken) Value 

func (t *DefaultRefreshToken) Value() string

Value implements RefreshToken

func (*DefaultRefreshToken) WillExpire 

func (t *DefaultRefreshToken) WillExpire() bool

WillExpire implements RefreshToken

type FieldClaimsMapper 

type FieldClaimsMapper struct {
	// contains filtered or unexported fields
}

FieldClaimsMapper is a helper type that can be embedded into struct based claims FieldClaimsMapper implements claimsMapper See BasicClaims as an example. Note: having non-claims struct as fields is not recommended for deserialization

func (*FieldClaimsMapper) DoMarshalJSON 

func (m *FieldClaimsMapper) DoMarshalJSON(owner interface{}) ([]byte, error)

func (*FieldClaimsMapper) DoUnmarshalJSON 

func (m *FieldClaimsMapper) DoUnmarshalJSON(owner interface{}, bytes []byte) error

func (*FieldClaimsMapper) Get 

func (m *FieldClaimsMapper) Get(owner interface{}, claim string) interface{}

func (*FieldClaimsMapper) Has 

func (m *FieldClaimsMapper) Has(owner interface{}, claim string) bool

func (*FieldClaimsMapper) Set 

func (m *FieldClaimsMapper) Set(owner interface{}, claim string, value interface{})

func (*FieldClaimsMapper) Values 

func (m *FieldClaimsMapper) Values(owner interface{}) map[string]interface{}

return claims values as a map, without any conversion

type MapClaims 

type MapClaims map[string]interface{}

MapClaims imlements Claims & claimsMapper

func (MapClaims) Get 

func (c MapClaims) Get(claim string) interface{}

func (MapClaims) Has 

func (c MapClaims) Has(claim string) bool

func (MapClaims) MarshalJSON 

func (c MapClaims) MarshalJSON() ([]byte, error)

func (MapClaims) Set 

func (c MapClaims) Set(claim string, value interface{})

func (MapClaims) UnmarshalJSON 

func (c MapClaims) UnmarshalJSON(bytes []byte) error

func (MapClaims) Values 

func (c MapClaims) Values() map[string]interface{}

type OAuth2Client 

type OAuth2Client interface {
	ClientId() string
	SecretRequired() bool
	Secret() string
	GrantTypes() utils.StringSet
	RedirectUris() utils.StringSet
	Scopes() utils.StringSet
	AutoApproveScopes() utils.StringSet
	AccessTokenValidity() time.Duration
	RefreshTokenValidity() time.Duration
	UseSessionTimeout() bool
	AssignedTenantIds() utils.StringSet
	ResourceIDs() utils.StringSet
}

type OAuth2ClientStore 

type OAuth2ClientStore interface {
	LoadClientByClientId(ctx context.Context, clientId string) (OAuth2Client, error)
}

type OAuth2Error 

type OAuth2Error struct {
	security.CodedError
	EC string // oauth error code
	SC int    // status code
}

OAuth2Error extends security.CodedError, and implements:

  • OAuth2ErrorTranslator
  • json.Marshaler
  • json.Unmarshaler
  • web.Headerer
  • web.StatusCoder
  • encoding.BinaryMarshaler
  • encoding.BinaryUnmarshaler

func NewOAuth2Error 

func NewOAuth2Error(code int64, e interface{}, oauth2Code string, sc int, causes ...interface{}) *OAuth2Error

func (*OAuth2Error) Headers 

func (e *OAuth2Error) Headers() http.Header

func (OAuth2Error) MarshalBinary 

func (e OAuth2Error) MarshalBinary() ([]byte, error)

MarshalBinary implements encoding.BinaryMarshaler interface

func (*OAuth2Error) MarshalJSON 

func (e *OAuth2Error) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler

func (*OAuth2Error) StatusCode 

func (e *OAuth2Error) StatusCode() int

func (*OAuth2Error) TranslateErrorCode 

func (e *OAuth2Error) TranslateErrorCode() string

func (*OAuth2Error) TranslateStatusCode 

func (e *OAuth2Error) TranslateStatusCode() int

func (*OAuth2Error) UnmarshalBinary 

func (e *OAuth2Error) UnmarshalBinary(data []byte) error

UnmarshalBinary implements encoding.BinaryUnmarshaler interface

func (*OAuth2Error) UnmarshalJSON 

func (e *OAuth2Error) UnmarshalJSON(data []byte) error

UnmarshalJSON implements json.Unmarshaler Note: JSON doesn't include internal code error. So reconstruct error from JSON is not possible. 

Unmarshaler can only be used for opaque token checking HTTP call

type OAuth2ErrorTranslator 

type OAuth2ErrorTranslator interface {
	error
	TranslateErrorCode() string
	TranslateStatusCode() int
}

type OAuth2Request 

type OAuth2Request interface {
	Parameters() map[string]string
	ClientId() string
	Scopes() utils.StringSet
	Approved() bool
	GrantType() string
	RedirectUri() string
	ResponseTypes() utils.StringSet
	Extensions() map[string]interface{}
	NewOAuth2Request(...RequestOptionsFunc) OAuth2Request
}

func NewOAuth2Request 

func NewOAuth2Request(optFuncs ...RequestOptionsFunc) OAuth2Request

type RefreshToken 

type RefreshToken interface {
	Token
	WillExpire() bool
}

type RequestDetails 

type RequestDetails struct {
	Parameters    map[string]string      `json:"parameters"`
	ClientId      string                 `json:"clientId"`
	Scopes        utils.StringSet        `json:"scope"`
	Approved      bool                   `json:"approved"`
	GrantType     string                 `json:"grantType"`
	RedirectUri   string                 `json:"redirectUri"`
	ResponseTypes utils.StringSet        `json:"responseTypes"`
	Extensions    map[string]interface{} `json:"extensions"`
}

type RequestOptionsFunc 

type RequestOptionsFunc func(opt *RequestDetails)

type StringSetClaim 

type StringSetClaim utils.StringSet

StringSetClaim is an alias of utils.StringSet with different JSON serialization specialized for some Claims StringSetClaim serialize as JSON string if there is single element in the set, otherwise as JSON array

func (StringSetClaim) MarshalJSON 

func (s StringSetClaim) MarshalJSON() ([]byte, error)

MarshalJSON json.Marshaler

func (StringSetClaim) UnmarshalJSON 

func (s StringSetClaim) UnmarshalJSON(data []byte) error

UnmarshalJSON json.Unmarshaler

type TimeoutApplier 

type TimeoutApplier interface {
	ApplyTimeout(ctx context.Context, sessionId string) (valid bool, err error)
}

type Token 

type Token interface {
	Value() string
	ExpiryTime() time.Time
	Expired() bool
	Details() map[string]interface{}
}

type TokenHint 

type TokenHint int
const (
	TokenHintAccessToken TokenHint
	TokenHintRefreshToken
)

func (TokenHint) String 

func (h TokenHint) String() string

type TokenStoreReader 

type TokenStoreReader interface {
	// ReadAuthentication load associated Authentication with Token.
	// Token can be AccessToken or RefreshToken
	ReadAuthentication(ctx context.Context, tokenValue string, hint TokenHint) (Authentication, error)

	// ReadAccessToken load AccessToken with given value.
	// If the AccessToken is not associated with a valid security.ContextDetails (revoked), it returns error
	ReadAccessToken(ctx context.Context, value string) (AccessToken, error)

	// ReadRefreshToken load RefreshToken with given value.
	// this method does not imply any revocation status. it depends on implementation
	ReadRefreshToken(ctx context.Context, value string) (RefreshToken, error)
}

type TokenType 

type TokenType string

func (TokenType) HttpHeader 

func (t TokenType) HttpHeader() string

type UserAuthOption 

type UserAuthOption struct {
	Principal   string
	Permissions map[string]interface{}
	State       security.AuthenticationState
	Details     map[string]interface{}
}

type UserAuthOptions 

type UserAuthOptions func(opt *UserAuthOption)

type UserAuthentication 

type UserAuthentication interface {
	security.Authentication
	Subject() string
	DetailsMap() map[string]interface{}
}

Source Files

View all Source files

Directories

Path Synopsis
authorize
claims
clientauth
grants
misc
mocks
openid
revoke
token
internal

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.