serverprovider

package
v0.1.4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 21, 2024 License: Apache-2.0 Imports: 16 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetContextSession

func GetContextSession(ctx context.Context) *model.AuthSession

GetContextSession returns session model object from context

func GetContextTargetClient

func GetContextTargetClient(ctx context.Context) *model.AuthClient

GetContextTargetClient returns auth client object

func GetContextTargetUserID

func GetContextTargetUserID(ctx context.Context) uint64

GetContextTargetUserID returns ID of the user

func NewContext

func NewContext(ctxs ...context.Context) context.Context

NewContext with additional functionality for oauth2 module

func NewProvider

func NewProvider(config *fosite.Config, store *DatabaseStorage, strat *compose.CommonStrategy, hasher fosite.Hasher) fosite.OAuth2Provider

NewProvider returns oauth2 provider

func SetContextSession

func SetContextSession(ctx context.Context, session *model.AuthSession)

SetContextSession puts session model into the context

func SetContextTargetClient

func SetContextTargetClient(ctx context.Context, client *model.AuthClient)

SetContextTargetClient puts user ID into the context to reuse it in future

func SetContextTargetUserID

func SetContextTargetUserID(ctx context.Context, id uint64)

SetContextTargetUserID puts user ID into the context to reuse it in future

Types

type DatabaseStorage

type DatabaseStorage struct {
	// contains filtered or unexported fields
}

DatabaseStorage implements fosite.Storage interface to control Oauth2 and OpenID access

func NewDatabaseStorage

func NewDatabaseStorage(db *gorm.DB, userAccessor userAccessor, cache cacher, cacheLifetime time.Duration) *DatabaseStorage

NewDatabaseStorage object accesor

func (*DatabaseStorage) Authenticate

func (s *DatabaseStorage) Authenticate(ctx context.Context, email string, secret string) error

Authenticate user by login and secret (:password)

func (*DatabaseStorage) ClientAssertionJWTValid

func (s *DatabaseStorage) ClientAssertionJWTValid(ctx context.Context, jti string) error

ClientAssertionJWTValid returns an error if the JTI is known or the DB check failed and nil if the JTI is not known.

func (*DatabaseStorage) CreateAccessTokenSession

func (s *DatabaseStorage) CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) error

CreateAccessTokenSession updates session values

func (*DatabaseStorage) CreateAuthorizeCodeSession

func (s *DatabaseStorage) CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) error

CreateAuthorizeCodeSession stores the authorization request for a given authorization code.

func (*DatabaseStorage) CreateImplicitAccessTokenSession

func (s *DatabaseStorage) CreateImplicitAccessTokenSession(ctx context.Context, code string, req fosite.Requester) error

CreateImplicitAccessTokenSession invalid method

func (*DatabaseStorage) CreatePKCERequestSession

func (s *DatabaseStorage) CreatePKCERequestSession(ctx context.Context, code string, request fosite.Requester) error

CreatePKCERequestSession action

func (*DatabaseStorage) CreateRefreshTokenSession

func (s *DatabaseStorage) CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) error

CreateRefreshTokenSession updates session values

func (*DatabaseStorage) DeleteAccessTokenSession

func (s *DatabaseStorage) DeleteAccessTokenSession(ctx context.Context, signature string) error

DeleteAccessTokenSession from DB

func (*DatabaseStorage) DeleteAuthorizeCodeSession

func (s *DatabaseStorage) DeleteAuthorizeCodeSession(ctx context.Context, code string) error

DeleteAuthorizeCodeSession same as InvalidateAuthorizeCodeSession

func (*DatabaseStorage) DeletePKCERequestSession

func (s *DatabaseStorage) DeletePKCERequestSession(ctx context.Context, code string) error

DeletePKCERequestSession action

func (*DatabaseStorage) DeleteRefreshTokenSession

func (s *DatabaseStorage) DeleteRefreshTokenSession(ctx context.Context, signature string) error

DeleteRefreshTokenSession from database

func (*DatabaseStorage) GetAccessTokenSession

func (s *DatabaseStorage) GetAccessTokenSession(ctx context.Context, signature string, _ fosite.Session) (fosite.Requester, error)

GetAccessTokenSession returns request by access token

func (*DatabaseStorage) GetAuthorizeCodeSession

func (s *DatabaseStorage) GetAuthorizeCodeSession(ctx context.Context, code string, _ fosite.Session) (fosite.Requester, error)

GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request. If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this method should return the ErrInvalidatedAuthorizeCode error.

Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error!

func (*DatabaseStorage) GetClient

func (s *DatabaseStorage) GetClient(ctx context.Context, id string) (fosite.Client, error)

GetClient object from database

func (*DatabaseStorage) GetPKCERequestSession

func (s *DatabaseStorage) GetPKCERequestSession(ctx context.Context, code string, _ fosite.Session) (fosite.Requester, error)

GetPKCERequestSession action

func (*DatabaseStorage) GetRefreshTokenSession

func (s *DatabaseStorage) GetRefreshTokenSession(ctx context.Context, signature string, _ fosite.Session) (fosite.Requester, error)

GetRefreshTokenSession returns session by refresh token

func (*DatabaseStorage) InvalidateAuthorizeCodeSession

func (s *DatabaseStorage) InvalidateAuthorizeCodeSession(ctx context.Context, code string) error

InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the ErrInvalidatedAuthorizeCode error.

func (*DatabaseStorage) RevokeAccessToken

func (s *DatabaseStorage) RevokeAccessToken(ctx context.Context, requestID string) error

RevokeAccessToken revokes an access token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the token passed to the request is an access token, the server MAY revoke the respective refresh token as well.

func (*DatabaseStorage) RevokeRefreshToken

func (s *DatabaseStorage) RevokeRefreshToken(ctx context.Context, requestID string) error

RevokeRefreshToken revokes a refresh token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the particular token is a refresh token and the authorization server supports the revocation of access tokens, then the authorization server SHOULD also invalidate all access tokens based on the same authorization grant (see Implementation Note).

func (*DatabaseStorage) RevokeRefreshTokenMaybeGracePeriod

func (s *DatabaseStorage) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) error

RevokeRefreshTokenMaybeGracePeriod revokes a refresh token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the particular token is a refresh token and the authorization server supports the revocation of access tokens, then the authorization server SHOULD also invalidate all access tokens based on the same authorization grant (see Implementation Note).

If the Refresh Token grace period is greater than zero in configuration the token will have its expiration time set as UTCNow + GracePeriod.

func (*DatabaseStorage) SetClientAssertionJWT

func (s *DatabaseStorage) SetClientAssertionJWT(ctx context.Context, jti string, exp time.Time) error

SetClientAssertionJWT marks a JTI as known for the given expiry time. Before inserting the new JTI, it will clean up any existing JTIs that have expired as those tokens can not be replayed due to the expiry.

type Session

type Session struct {
	Username string
	Subject  string

	AccessToken           string
	AccessTokenExpiresAt  time.Time
	RefreshToken          string
	RefreshTokenExpiresAt time.Time
	// contains filtered or unexported fields
}

Session object value

func NewSession

func NewSession(
	ctx context.Context,
	username string,
	subject string,
	accessToken string,
	accessTokenExpiresAt time.Time,
	refreshToken string,
	refreshTokenExpiresAt time.Time,
) *Session

NewSession returns basic session object

func (*Session) Clone

func (sess *Session) Clone() fosite.Session

Clone clones the session.

func (*Session) Context

func (sess *Session) Context() context.Context

Context of the

func (*Session) GetExpiresAt

func (sess *Session) GetExpiresAt(key fosite.TokenType) time.Time

GetExpiresAt returns the expiration time of a token if set, or time.IsZero() if not.

session.GetExpiresAt(fosite.AccessToken)

func (*Session) GetSubject

func (sess *Session) GetSubject() string

GetSubject returns the subject, if set. This is optional and only used during token introspection.

func (*Session) GetUsername

func (sess *Session) GetUsername() string

GetUsername returns the username, if set. This is optional and only used during token introspection.

func (*Session) SetExpiresAt

func (sess *Session) SetExpiresAt(key fosite.TokenType, exp time.Time)

SetExpiresAt sets the expiration time of a token.

Directories

Path Synopsis
Package mocks is a generated GoMock package.
Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL