hubauth

package

v0.0.0-...-e2e270a Latest Latest Go to latest Published: Feb 18, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/flynn/hubauth

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func InitClientInfo(parent context.Context) context.Context
func RedirectURI(base string, fragment bool, data map[string]string) (string, bool)
type AccessToken
type Audience
type AudienceMutation
type AudienceMutationOp
type AudienceStore
type AudienceUserGroupsMutation
type AudienceUserGroupsMutationOp
type AuthorizeCodeRequest
type AuthorizeResponse
type AuthorizeUserRequest
type CachedGroup
type CachedGroupMember
type CachedGroupStore
type Client
type ClientInfo
- func GetClientInfo(ctx context.Context) *ClientInfo
type ClientMutation
type ClientMutationOp
type ClientStore
type Code
type CodeStore
type DataStore
type ExchangeCodeRequest
type GoogleUserGroups
type IdPService
type ListAudiencesRequest
type ListAudiencesResponse
type OAuthError
- func (e OAuthError) Error() string
- func (e OAuthError) RedirectURI(baseURL, state string, fragment bool) string
type RefreshToken
type RefreshTokenRequest
type RefreshTokenStore
type SetCachedGroupResult

Constants ¶

View Source

const (
	ResponseModeQuery    = "query"
	ResponseModeFragment = "fragment"
)

Variables ¶

View Source

var (
	ErrNotFound = errors.New("hubauth: resource not found")
	ErrExpired  = errors.New("hubauth: resource has expired")

	ErrIncorrectCodeSecret         = errors.New("hubauth: incorrect secret for code")
	ErrRefreshTokenVersionMismatch = errors.New("hubauth: provided refresh token has the wrong version")
	ErrClientIDMismatch            = errors.New("hubauth: client ID does match")
)

View Source

var ErrUnauthorizedUser = errors.New("hubauth: unauthorized user")

Functions ¶

func InitClientInfo ¶

func InitClientInfo(parent context.Context) context.Context

func RedirectURI ¶

func RedirectURI(base string, fragment bool, data map[string]string) (string, bool)

Types ¶

type AccessToken ¶

type AccessToken struct {
	RefreshToken string `json:"refresh_token"`
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	Nonce        string `json:"nonce,omitempty"`
	Audience     string `json:"audience,omitempty"`

	RefreshTokenExpiresIn int       `json:"refresh_token_expires_in"`
	RefreshTokenIssueTime time.Time `json:"refresh_token_issue_time"`

	// used by HTTP layer to set Access-Control-Allow-Origin
	RedirectURI string `json:"-"`
}

type Audience ¶

type Audience struct {
	URL        string              `json:"url"`
	Name       string              `json:"name"`
	Type       string              `json:"type"`
	ClientIDs  []string            `json:"-"`
	UserGroups []*GoogleUserGroups `json:"-"`
	CreateTime time.Time           `json:"-"`
	UpdateTime time.Time           `json:"-"`
}

type AudienceMutation ¶

type AudienceMutation struct {
	Op AudienceMutationOp

	ClientID   string
	Type       string
	UserGroups GoogleUserGroups
}

type AudienceMutationOp ¶

type AudienceMutationOp byte

const (
	AudienceMutationOpAddClientID AudienceMutationOp = iota
	AudienceMutationOpDeleteClientID
	AudienceMutationOpSetUserGroups
	AudienceMutationOpDeleteUserGroups
	AudienceMutationSetType
)

type AudienceStore ¶

type AudienceStore interface {
	GetAudience(ctx context.Context, url string) (*Audience, error)
	CreateAudience(ctx context.Context, audience *Audience) error
	MutateAudience(ctx context.Context, url string, mut []*AudienceMutation) error
	MutateAudienceUserGroups(ctx context.Context, url string, domain string, mut []*AudienceUserGroupsMutation) error
	ListAudiencesForClient(ctx context.Context, clientID string) ([]*Audience, error)
	ListAudiences(ctx context.Context) ([]*Audience, error)
	DeleteAudience(ctx context.Context, url string) error
}

type AudienceUserGroupsMutation ¶

type AudienceUserGroupsMutation struct {
	Op AudienceUserGroupsMutationOp

	APIUser string
	Group   string
}

type AudienceUserGroupsMutationOp ¶

type AudienceUserGroupsMutationOp byte

const (
	AudienceUserGroupsMutationOpAddGroup AudienceUserGroupsMutationOp = iota
	AudienceUserGroupsMutationOpDeleteGroup
	AudienceUserGroupsMutationOpSetAPIUser
)

type AuthorizeCodeRequest ¶

type AuthorizeCodeRequest struct {
	AuthorizeUserRequest
	RPState string
	Params  url.Values
}

type AuthorizeResponse ¶

type AuthorizeResponse struct {
	URL     string
	RPState string

	Interstitial bool
	DisplayCode  string
}

type AuthorizeUserRequest ¶

type AuthorizeUserRequest struct {
	ClientID      string
	RedirectURI   string
	ClientState   string
	Nonce         string
	CodeChallenge string
	ResponseMode  string
}

type CachedGroup ¶

type CachedGroup struct {
	Domain     string
	GroupID    string
	Email      string
	UpdateTime time.Time
	CreateTime time.Time
}

type CachedGroupMember ¶

type CachedGroupMember struct {
	UserID string
	Email  string
}

type CachedGroupStore ¶

type CachedGroupStore interface {
	ListCachedGroups(ctx context.Context) ([]*CachedGroup, error)
	SetCachedGroup(ctx context.Context, group *CachedGroup, members []*CachedGroupMember) (*SetCachedGroupResult, error)
	GetCachedMemberGroups(ctx context.Context, userID string) ([]string, error)
	DeleteCachedGroup(ctx context.Context, domain, groupID string) error
}

type Client ¶

type Client struct {
	ID                 string
	RedirectURIs       []string
	RefreshTokenExpiry time.Duration
	CreateTime         time.Time
	UpdateTime         time.Time
}

type ClientInfo ¶

type ClientInfo struct {
	// Only set after the RedirectURI has been validated
	RedirectURI string
	State       string
	Fragment    bool
}

func GetClientInfo ¶

func GetClientInfo(ctx context.Context) *ClientInfo

type ClientMutation ¶

type ClientMutation struct {
	Op ClientMutationOp

	RedirectURI        string
	RefreshTokenExpiry time.Duration
}

type ClientMutationOp ¶

type ClientMutationOp byte

const (
	ClientMutationOpAddRedirectURI ClientMutationOp = iota
	ClientMutationOpDeleteRedirectURI
	ClientMutationOpSetRefreshTokenExpiry
)

type ClientStore ¶

type ClientStore interface {
	GetClient(ctx context.Context, id string) (*Client, error)
	CreateClient(ctx context.Context, client *Client) (string, error)
	MutateClient(ctx context.Context, id string, mut []*ClientMutation) error
	ListClients(ctx context.Context) ([]*Client, error)
	DeleteClient(ctx context.Context, id string) error
}

type Code ¶

type Code struct {
	ID            string
	Secret        string
	ClientID      string
	UserID        string
	UserEmail     string
	RedirectURI   string
	Nonce         string
	PKCEChallenge string
	CreateTime    time.Time
	ExpiryTime    time.Time
}

type CodeStore ¶

type CodeStore interface {
	GetCode(ctx context.Context, id string) (*Code, error)
	VerifyAndDeleteCode(ctx context.Context, id, secret string) (*Code, error)
	CreateCode(ctx context.Context, code *Code) (string, string, error)
	DeleteCode(ctx context.Context, id string) error
	DeleteExpiredCodes(ctx context.Context) ([]string, error)
}

type DataStore ¶

type DataStore interface {
	ClientStore
	AudienceStore
	CodeStore
	RefreshTokenStore
	CachedGroupStore
}

type ExchangeCodeRequest ¶

type ExchangeCodeRequest struct {
	ClientID     string
	RedirectURI  string
	Audience     string
	Code         string
	CodeVerifier string
}

type GoogleUserGroups ¶

type GoogleUserGroups struct {
	Domain  string
	APIUser string
	Groups  []string
}

type IdPService ¶

type IdPService interface {
	AuthorizeUserRedirect(ctx context.Context, req *AuthorizeUserRequest) (*AuthorizeResponse, error)
	AuthorizeCodeRedirect(ctx context.Context, req *AuthorizeCodeRequest) (*AuthorizeResponse, error)
	ExchangeCode(ctx context.Context, req *ExchangeCodeRequest) (*AccessToken, error)
	RefreshToken(ctx context.Context, req *RefreshTokenRequest) (*AccessToken, error)
	ListAudiences(ctx context.Context, req *ListAudiencesRequest) (*ListAudiencesResponse, error)
}

type ListAudiencesRequest ¶

type ListAudiencesRequest struct {
	RefreshToken string
}

type ListAudiencesResponse ¶

type ListAudiencesResponse struct {
	Audiences []*Audience `json:"audiences"`
}

type OAuthError ¶

type OAuthError struct {
	Code        string `json:"error"`
	Description string `json:"error_description"`
}

func (OAuthError) Error ¶

func (e OAuthError) Error() string

func (OAuthError) RedirectURI ¶

func (e OAuthError) RedirectURI(baseURL, state string, fragment bool) string

type RefreshToken ¶

type RefreshToken struct {
	ID          string
	ClientID    string
	UserID      string
	UserEmail   string
	RedirectURI string
	CodeID      string
	CreateTime  time.Time
	IssueTime   time.Time
	ExpiryTime  time.Time
}

type RefreshTokenRequest ¶

type RefreshTokenRequest struct {
	ClientID     string
	Audience     string
	RefreshToken string
}

type RefreshTokenStore ¶

type RefreshTokenStore interface {
	GetRefreshToken(ctx context.Context, id string) (*RefreshToken, error)
	AllocateRefreshTokenID(ctx context.Context, clientID string) (string, error)
	CreateRefreshToken(ctx context.Context, token *RefreshToken) (string, error)
	RenewRefreshToken(ctx context.Context, clientID, id string, prevIssueTime, now time.Time) (*RefreshToken, error)
	DeleteRefreshToken(ctx context.Context, id string) error
	DeleteRefreshTokensWithCode(ctx context.Context, codeID string) ([]string, error)
	DeleteExpiredRefreshTokens(ctx context.Context) ([]string, error)
}

type SetCachedGroupResult ¶

type SetCachedGroupResult struct {
	UpdatedGroup   bool
	AddedMembers   []string
	UpdatedMembers []string
	DeletedMembers []string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL