hubauth

package

v0.0.0-...-e2e270a Latest Latest Go to latest Published: Feb 18, 2021 License: Apache-2.0 Imports: 6 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/flynn/hubauth

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func InitClientInfo(parent context.Context) context.Context
func RedirectURI(base string, fragment bool, data map[string]string) (string, bool)
type AccessToken
type Audience
type AudienceMutation
type AudienceMutationOp
type AudienceStore
type AudienceUserGroupsMutation
type AudienceUserGroupsMutationOp
type AuthorizeCodeRequest
type AuthorizeResponse
type AuthorizeUserRequest
type CachedGroup
type CachedGroupMember
type CachedGroupStore
type Client
type ClientInfo
- func GetClientInfo(ctx context.Context) *ClientInfo
type ClientMutation
type ClientMutationOp
type ClientStore
type Code
type CodeStore
type DataStore
type ExchangeCodeRequest
type GoogleUserGroups
type IdPService
type ListAudiencesRequest
type ListAudiencesResponse
type OAuthError
- func (e OAuthError) Error() string
- func (e OAuthError) RedirectURI(baseURL, state string, fragment bool) string
type RefreshToken
type RefreshTokenRequest
type RefreshTokenStore
type SetCachedGroupResult

Constants ¶

View Source

const (
	ResponseModeQuery    = "query"
	ResponseModeFragment = "fragment"
)

Variables ¶

View Source

var (
	ErrNotFound = errors.New("hubauth: resource not found")
	ErrExpired  = errors.New("hubauth: resource has expired")

	ErrIncorrectCodeSecret         = errors.New("hubauth: incorrect secret for code")
	ErrRefreshTokenVersionMismatch = errors.New("hubauth: provided refresh token has the wrong version")
	ErrClientIDMismatch            = errors.New("hubauth: client ID does match")
)

View Source

var ErrUnauthorizedUser = errors.New("hubauth: unauthorized user")

Functions ¶

func InitClientInfo ¶

func InitClientInfo(parent context.Context) context.Context

func RedirectURI ¶

func RedirectURI(base string, fragment bool, data map[string]string) (string, bool)

Types ¶

type AccessToken ¶

type AccessToken struct {
	RefreshToken string `json:"refresh_token"`
	AccessToken  string `json:"access_token"`
	TokenType    string `json:"token_type"`
	ExpiresIn    int    `json:"expires_in"`
	Nonce        string `json:"nonce,omitempty"`
	Audience     string `json:"audience,omitempty"`

	RefreshTokenExpiresIn int       `json:"refresh_token_expires_in"`
	RefreshTokenIssueTime time.Time `json:"refresh_token_issue_time"`

	// used by HTTP layer to set Access-Control-Allow-Origin
	RedirectURI string `json:"-"`
}

type Audience ¶

type Audience struct {
	URL        string              `json:"url"`
	Name       string              `json:"name"`
	Type       string              `json:"type"`
	ClientIDs  []string            `json:"-"`
	UserGroups []*GoogleUserGroups `json:"-"`
	CreateTime time.Time           `json:"-"`
	UpdateTime time.Time           `json:"-"`
}

type AudienceMutation ¶

type AudienceMutation struct {
	Op AudienceMutationOp

	ClientID   string
	Type       string
	UserGroups GoogleUserGroups
}

type AudienceMutationOp ¶

type AudienceMutationOp byte

const (
	AudienceMutationOpAddClientID AudienceMutationOp = iota
	AudienceMutationOpDeleteClientID
	AudienceMutationOpSetUserGroups
	AudienceMutationOpDeleteUserGroups
	AudienceMutationSetType
)

type AudienceStore ¶

type AudienceStore interface {
	GetAudience(ctx context.Context, url string) (*Audience, error)
	CreateAudience(ctx context.Context, audience *Audience) error
	MutateAudience(ctx context.Context, url string, mut []*AudienceMutation) error
	MutateAudienceUserGroups(ctx context.Context, url string, domain string, mut []*AudienceUserGroupsMutation) error
	ListAudiencesForClient(ctx context.Context, clientID string) ([]*Audience, error)
	ListAudiences(ctx context.Context) ([]*Audience, error)
	DeleteAudience(ctx context.Context, url string) error
}

type AudienceUserGroupsMutation ¶

type AudienceUserGroupsMutation struct {
	Op AudienceUserGroupsMutationOp

	APIUser string
	Group   string
}

type AudienceUserGroupsMutationOp ¶

type AudienceUserGroupsMutationOp byte

const (
	AudienceUserGroupsMutationOpAddGroup AudienceUserGroupsMutationOp = iota
	AudienceUserGroupsMutationOpDeleteGroup
	AudienceUserGroupsMutationOpSetAPIUser
)

type AuthorizeCodeRequest ¶

type AuthorizeCodeRequest struct {
	AuthorizeUserRequest
	RPState string
	Params  url.Values
}

type AuthorizeResponse ¶

type AuthorizeResponse struct {
	URL     string
	RPState string

	Interstitial bool
	DisplayCode  string
}

type AuthorizeUserRequest ¶

type AuthorizeUserRequest struct {
	ClientID      string
	RedirectURI   string
	ClientState   string
	Nonce         string
	CodeChallenge string
	ResponseMode  string
}

type CachedGroup ¶

type CachedGroup struct {
	Domain     string
	GroupID    string
	Email      string
	UpdateTime time.Time
	CreateTime time.Time
}

type CachedGroupMember ¶

type CachedGroupMember struct {
	UserID string
	Email  string
}

type CachedGroupStore ¶

type CachedGroupStore interface {
	ListCachedGroups(ctx context.Context) ([]*CachedGroup, error)
	SetCachedGroup(ctx context.Context, group *CachedGroup, members []*CachedGroupMember) (*SetCachedGroupResult, error)
	GetCachedMemberGroups(ctx context.Context, userID string) ([]string, error)
	DeleteCachedGroup(ctx context.Context, domain, groupID string) error
}

type Client ¶

type Client struct {
	ID                 string
	RedirectURIs       []string
	RefreshTokenExpiry time.Duration
	CreateTime         time.Time
	UpdateTime         time.Time
}

type ClientInfo ¶

type ClientInfo struct {
	// Only set after the RedirectURI has been validated
	RedirectURI string
	State       string
	Fragment    bool
}

func GetClientInfo ¶

func GetClientInfo(ctx context.Context) *ClientInfo

type ClientMutation ¶

type ClientMutation struct {
	Op ClientMutationOp

	RedirectURI        string
	RefreshTokenExpiry time.Duration
}

type ClientMutationOp ¶

type ClientMutationOp byte

const (
	ClientMutationOpAddRedirectURI ClientMutationOp = iota
	ClientMutationOpDeleteRedirectURI
	ClientMutationOpSetRefreshTokenExpiry
)

type ClientStore ¶

type ClientStore interface {
	GetClient(ctx context.Context, id string) (*Client, error)
	CreateClient(ctx context.Context, client *Client) (string, error)
	MutateClient(ctx context.Context, id string, mut []*ClientMutation) error
	ListClients(ctx context.Context) ([]*Client, error)
	DeleteClient(ctx context.Context, id string) error
}

type Code ¶

type Code struct {
	ID            string
	Secret        string
	ClientID      string
	UserID        string
	UserEmail     string
	RedirectURI   string
	Nonce         string
	PKCEChallenge string
	CreateTime    time.Time
	ExpiryTime    time.Time
}

type CodeStore ¶

type CodeStore interface {
	GetCode(ctx context.Context, id string) (*Code, error)
	VerifyAndDeleteCode(ctx context.Context, id, secret string) (*Code, error)
	CreateCode(ctx context.Context, code *Code) (string, string, error)
	DeleteCode(ctx context.Context, id string) error
	DeleteExpiredCodes(ctx context.Context) ([]string, error)
}

type DataStore ¶

type DataStore interface {
	ClientStore
	AudienceStore
	CodeStore
	RefreshTokenStore
	CachedGroupStore
}

type ExchangeCodeRequest ¶

type ExchangeCodeRequest struct {
	ClientID     string
	RedirectURI  string
	Audience     string
	Code         string
	CodeVerifier string
}

type GoogleUserGroups ¶

type GoogleUserGroups struct {
	Domain  string
	APIUser string
	Groups  []string
}

type IdPService ¶

type IdPService interface {
	AuthorizeUserRedirect(ctx context.Context, req *AuthorizeUserRequest) (*AuthorizeResponse, error)
	AuthorizeCodeRedirect(ctx context.Context, req *AuthorizeCodeRequest) (*AuthorizeResponse, error)
	ExchangeCode(ctx context.Context, req *ExchangeCodeRequest) (*AccessToken, error)
	RefreshToken(ctx context.Context, req *RefreshTokenRequest) (*AccessToken, error)
	ListAudiences(ctx context.Context, req *ListAudiencesRequest) (*ListAudiencesResponse, error)
}

type ListAudiencesRequest ¶

type ListAudiencesRequest struct {
	RefreshToken string
}

type ListAudiencesResponse ¶

type ListAudiencesResponse struct {
	Audiences []*Audience `json:"audiences"`
}

type OAuthError ¶

type OAuthError struct {
	Code        string `json:"error"`
	Description string `json:"error_description"`
}

func (OAuthError) Error ¶

func (e OAuthError) Error() string

func (OAuthError) RedirectURI ¶

func (e OAuthError) RedirectURI(baseURL, state string, fragment bool) string

type RefreshToken ¶

type RefreshToken struct {
	ID          string
	ClientID    string
	UserID      string
	UserEmail   string
	RedirectURI string
	CodeID      string
	CreateTime  time.Time
	IssueTime   time.Time
	ExpiryTime  time.Time
}

type RefreshTokenRequest ¶

type RefreshTokenRequest struct {
	ClientID     string
	Audience     string
	RefreshToken string
}

type RefreshTokenStore ¶

type RefreshTokenStore interface {
	GetRefreshToken(ctx context.Context, id string) (*RefreshToken, error)
	AllocateRefreshTokenID(ctx context.Context, clientID string) (string, error)
	CreateRefreshToken(ctx context.Context, token *RefreshToken) (string, error)
	RenewRefreshToken(ctx context.Context, clientID, id string, prevIssueTime, now time.Time) (*RefreshToken, error)
	DeleteRefreshToken(ctx context.Context, id string) error
	DeleteRefreshTokensWithCode(ctx context.Context, codeID string) ([]string, error)
	DeleteExpiredRefreshTokens(ctx context.Context) ([]string, error)
}

type SetCachedGroupResult ¶

type SetCachedGroupResult struct {
	UpdatedGroup   bool
	AddedMembers   []string
	UpdatedMembers []string
	DeletedMembers []string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL