Documentation
¶
Index ¶
- Constants
- Variables
- func CodeAndMessageFrom(err error) (int, interface{})
- func MakeAuthorizeEndpoint(s oauth2Server) endpoint.Endpoint
- func MakeHTTPHandler(srv oauth2Server, ts tokenStoreManager, log logger, loginURI string) http.Handler
- func MatchScope(requiredScope string, allowedScopes string) bool
- func MatchScopes(requiredScopes string, allowedScopes string) bool
- func MatchScopesStrict(requiredScopes string, allowedScopes string) bool
- func NewError(err error) *httpencoder.ErrorResponse
- func NewOauth2Server(jwtGen oauth2.AccessGenerate, codeGen oauth2.AuthorizeGenerate, ...) (*server.Server, *manage.Manager)
- func WithClientScope(scope string) handlerOption
- func WithCodeScope(scope string) handlerOption
- func WithPasswordScope(scope string) handlerOption
- type AuthorizeRequest
- type Client
- type Endpoints
- type Handler
- type IntrospectResponse
- type Store
- func (s *Store) Create(ctx context.Context, info oauth2.TokenInfo) error
- func (s *Store) GetByAccess(ctx context.Context, access string) (oauth2.TokenInfo, error)
- func (s *Store) GetByCode(ctx context.Context, code string) (oauth2.TokenInfo, error)
- func (s *Store) GetByID(ctx context.Context, id string) (oauth2.ClientInfo, error)
- func (s *Store) GetByRefresh(ctx context.Context, refresh string) (oauth2.TokenInfo, error)
- func (s *Store) RemoveByAccess(ctx context.Context, access string) error
- func (s *Store) RemoveByCode(ctx context.Context, code string) error
- func (s *Store) RemoveByRefresh(ctx context.Context, refresh string) error
- type Token
- func (t *Token) GetAccess() string
- func (t *Token) GetAccessCreateAt() time.Time
- func (t *Token) GetAccessExpiresIn() time.Duration
- func (t *Token) GetClientID() string
- func (t *Token) GetCode() string
- func (t *Token) GetCodeChallenge() string
- func (t *Token) GetCodeChallengeMethod() oauth2.CodeChallengeMethod
- func (t *Token) GetCodeCreateAt() time.Time
- func (t *Token) GetCodeExpiresIn() time.Duration
- func (t *Token) GetRedirectURI() string
- func (t *Token) GetRefresh() string
- func (t *Token) GetRefreshCreateAt() time.Time
- func (t *Token) GetRefreshExpiresIn() time.Duration
- func (t *Token) GetScope() string
- func (t *Token) GetUserID() string
- func (t *Token) New() oauth2.TokenInfo
- func (t *Token) SetAccess(access string)
- func (t *Token) SetAccessCreateAt(createdAt time.Time)
- func (t *Token) SetAccessExpiresIn(expIn time.Duration)
- func (t *Token) SetClientID(id string)
- func (t *Token) SetCode(code string)
- func (t *Token) SetCodeChallenge(challenge string)
- func (t *Token) SetCodeChallengeMethod(method oauth2.CodeChallengeMethod)
- func (t *Token) SetCodeCreateAt(createdAt time.Time)
- func (t *Token) SetCodeExpiresIn(expIn time.Duration)
- func (t *Token) SetRedirectURI(uri string)
- func (t *Token) SetRefresh(refresh string)
- func (t *Token) SetRefreshCreateAt(createdAt time.Time)
- func (t *Token) SetRefreshExpiresIn(expIn time.Duration)
- func (t *Token) SetScope(scope string)
- func (t *Token) SetUserID(id string)
Constants ¶
View Source
const (
// logged in user id key in session
LoggedInUserIDKey = "logged_in_user_id"
)
Variables ¶
View Source
var ( ErrInvalidRequest = errors.New("invalid_request") ErrInvalidCredentials = errors.New("invalid_credentials") ErrMethodNotAllowed = errors.New("method_not_allowed") ErrInvalidAccessToken = errors.New("invalid_access_token") )
Predefined errors
View Source
var ErrorCodes = map[error]int{ ErrInvalidRequest: http.StatusBadRequest, ErrInvalidCredentials: http.StatusUnauthorized, ErrMethodNotAllowed: http.StatusMethodNotAllowed, ErrInvalidAccessToken: http.StatusUnauthorized, ErrUnauthorized: http.StatusUnauthorized, oauthErrors.ErrInvalidRedirectURI: http.StatusBadRequest, oauthErrors.ErrInvalidAuthorizeCode: http.StatusBadRequest, oauthErrors.ErrInvalidAccessToken: http.StatusUnauthorized, oauthErrors.ErrInvalidRefreshToken: http.StatusUnauthorized, oauthErrors.ErrExpiredAccessToken: http.StatusUnauthorized, oauthErrors.ErrExpiredRefreshToken: http.StatusUnauthorized, oauthErrors.ErrMissingCodeVerifier: http.StatusBadRequest, oauthErrors.ErrMissingCodeChallenge: http.StatusBadRequest, oauthErrors.ErrInvalidCodeChallenge: http.StatusBadRequest, }
Error codes map
View Source
var ErrorMessages = map[error]string{ ErrInvalidRequest: "Invalid request", ErrInvalidCredentials: "Invalid credentials", ErrMethodNotAllowed: "Method not allowed", ErrInvalidAccessToken: "Missed or invalid access token", ErrUnauthorized: "Unauthorized", oauthErrors.ErrInvalidRedirectURI: "Invalid redirect uri", oauthErrors.ErrInvalidAuthorizeCode: "Invalid authorize code", oauthErrors.ErrInvalidAccessToken: "Invalid access token", oauthErrors.ErrInvalidRefreshToken: "Invalid refresh token", oauthErrors.ErrExpiredAccessToken: "Expired access token", oauthErrors.ErrExpiredRefreshToken: "Expired refresh token", oauthErrors.ErrMissingCodeVerifier: "Missing code verifier", oauthErrors.ErrMissingCodeChallenge: "Missing code challenge", oauthErrors.ErrInvalidCodeChallenge: "Invalid code challenge", }
Error messages
Functions ¶
func CodeAndMessageFrom ¶ added in v0.1.5
CodeAndMessageFrom returns http error code by error type. Returns (0, nil) if error is not found. This function can be used to get error code and message from external packages.
func MakeAuthorizeEndpoint ¶
MakeAuthorizeEndpoint returns an endpoint via the passed service.
func MakeHTTPHandler ¶
func MakeHTTPHandler(srv oauth2Server, ts tokenStoreManager, log logger, loginURI string) http.Handler
MakeHTTPHandler returns a handler that makes a set of endpoints available on predefined paths.
func MatchScope ¶
MatchScopes verifies if the scope is allowed. It returns true if the scope is allowed, false otherwise.
func MatchScopes ¶
MatchScopes verifies if the scope is allowed. It returns true if the scope is allowed, false otherwise.
func MatchScopesStrict ¶
MatchScopesStrict verifies if the all scopes is allowed. It returns true if the scope is allowed, false otherwise.
func NewOauth2Server ¶
func NewOauth2Server( jwtGen oauth2.AccessGenerate, codeGen oauth2.AuthorizeGenerate, tokenStorage oauth2.TokenStore, clientStorage oauth2.ClientStore, authHandler Handler, ) (*server.Server, *manage.Manager)
NewOauth2Server initializes the OAuth2 server.
func WithClientScope ¶
func WithClientScope(scope string) handlerOption
WithClientScope sets the default scope for client_credentials grant type
func WithCodeScope ¶
func WithCodeScope(scope string) handlerOption
WithCodeScope sets the default scope for authorization_code grant type
func WithPasswordScope ¶
func WithPasswordScope(scope string) handlerOption
WithPasswordScope sets the default scope for password grant type
Types ¶
type AuthorizeRequest ¶
type AuthorizeRequest struct{}
type Client ¶
type Client struct {
ID string `json:"id"`
Secret string `json:"secret,omitempty"`
Domain string `json:"domain"`
Public bool `json:"is_public"`
UserID uuid.UUID `json:"user_id"`
CreatedAt time.Time `json:"created_at"`
// contains filtered or unexported fields
}
Client represents an OAuth client implements the oauth2.ClientInfo interface.
func NewClient ¶
func NewClient(source repository.Client, secret string) *Client
NewClient creates a new client instance. The secret is hashed before being stored. Client implements the ClientInfo interface.
func (*Client) VerifyPassword ¶
VerifyPassword verifies the client secret.
type Endpoints ¶
type Endpoints struct {
Authorize endpoint.Endpoint
Token endpoint.Endpoint
RevokeToken endpoint.Endpoint
}
Endpoints collects all of the endpoints that compose a auth service. It's meant to be used as a helper struct, to collect all of the endpoints into a single parameter.
type Handler ¶
type Handler interface {
ClientAuthorizedHandler(clientID string, grant oauth2.GrantType) (allowed bool, err error)
ClientScopeHandler(tgr *oauth2.TokenGenerateRequest) (allowed bool, err error)
AuthorizeScopeHandler(w http.ResponseWriter, r *http.Request) (scope string, err error)
RefreshingScopeHandler(tgr *oauth2.TokenGenerateRequest, oldScope string) (allowed bool, err error)
UserAuthorizationHandler(w http.ResponseWriter, r *http.Request) (userID string, err error)
PasswordAuthorizationHandler(ctx context.Context, clientID, username, password string) (userID string, err error)
ExtensionFieldsHandler(ti oauth2.TokenInfo) (fieldsValue map[string]interface{})
ResponseErrorHandler(re *errors.Response)
InternalErrorHandler(err error) (re *errors.Response)
}
func NewHandler ¶
func NewHandler(repo handlerRepository, opts ...handlerOption) Handler
NewHandler creates a new oauth2 handler instance.
func NewHandlerLogger ¶
NewHandlerLogger returns a new handlerLogger.
type IntrospectResponse ¶
type IntrospectResponse struct {
Active bool `json:"active"`
Scope string `json:"scope,omitempty"`
ClientID string `json:"client_id,omitempty"`
UserID string `json:"user_id,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresAt int64 `json:"exp,omitempty"`
IssuedAt int64 `json:"iat,omitempty"`
NotBefore int64 `json:"nbf,omitempty"`
Subject string `json:"sub,omitempty"`
Audience string `json:"aud,omitempty"`
Issuer string `json:"iss,omitempty"`
TokenID string `json:"jti,omitempty"`
}
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
func NewStore ¶
func NewStore(repo oauthRepository) *Store
NewStore creates a new store instance. The store is used to manage the client and token information. Implements the interface of the oauth2.ClientStore and oauth2.TokenStore.
func (*Store) GetByAccess ¶
use the access token for token information data
func (*Store) GetByRefresh ¶
use the refresh token for token information data
func (*Store) RemoveByAccess ¶
use the access token to delete the token information
func (*Store) RemoveByCode ¶
delete the authorization code
type Token ¶
type Token struct {
ID uuid.UUID `json:"id"`
ClientID string `json:"client_id"`
UserID *uuid.UUID `json:"user_id,omitempty"`
RedirectURI string `json:"redirect_uri,omitempty"`
Scope string `json:"scope,omitempty"`
Code string `json:"code,omitempty"`
CodeCreatedAt *time.Time `json:"code_created_at,omitempty"`
CodeExpiresIn int64 `json:"code_expires_in,omitempty"`
CodeChallenge string `json:"code_challenge,omitempty"`
CodeChallengeMethod string `json:"code_challenge_method,omitempty"`
Access string `json:"access,omitempty"`
AccessCreatedAt *time.Time `json:"access_created_at,omitempty"`
AccessExpiresIn int64 `json:"access_expires_in,omitempty"`
Refresh string `json:"refresh,omitempty"`
RefreshCreatedAt *time.Time `json:"refresh_created_at,omitempty"`
RefreshExpiresIn int64 `json:"refresh_expires_in,omitempty"`
CreatedAt time.Time `json:"created_at"`
}
Token represents an OAuth token implements the oauth2.TokenInfo interface.
func NewToken ¶
func NewToken(source repository.Token) *Token
NewToken creates a new token instance from a repository token.
func (*Token) GetAccessCreateAt ¶
func (*Token) GetAccessExpiresIn ¶
func (*Token) GetClientID ¶
func (*Token) GetCodeChallenge ¶
func (*Token) GetCodeChallengeMethod ¶
func (t *Token) GetCodeChallengeMethod() oauth2.CodeChallengeMethod
func (*Token) GetCodeCreateAt ¶
func (*Token) GetCodeExpiresIn ¶
func (*Token) GetRedirectURI ¶
func (*Token) GetRefresh ¶
func (*Token) GetRefreshCreateAt ¶
func (*Token) GetRefreshExpiresIn ¶
func (*Token) SetAccessCreateAt ¶
func (*Token) SetAccessExpiresIn ¶
func (*Token) SetClientID ¶
func (*Token) SetCodeChallenge ¶
func (*Token) SetCodeChallengeMethod ¶
func (t *Token) SetCodeChallengeMethod(method oauth2.CodeChallengeMethod)
func (*Token) SetCodeCreateAt ¶
func (*Token) SetCodeExpiresIn ¶
func (*Token) SetRedirectURI ¶
func (*Token) SetRefresh ¶
func (*Token) SetRefreshCreateAt ¶
func (*Token) SetRefreshExpiresIn ¶
Source Files
Click to show internal directories.
Click to hide internal directories.