Documentation
¶
Index ¶
- Constants
- Variables
- func CompareVerifierAndChallenge(v CodeVerifier, c CodeChallenge) error
- func CreateToken(claims storage.Claims, signKey *rsa.PrivateKey) (string, error)
- func ErrorContent(code, desc string) string
- func ErrorURL(source, code, desc, state string) string
- func NewRandomID() string
- type AccessTokenRequestParams
- type Auth
- func (a *Auth) AddClient(client Client)
- func (a *Auth) AddIdentityProvider(id string, provider provider.IdentityProvider)
- func (a *Auth) AuthorizationHandler() http.Handler
- func (a *Auth) CallbackHandler(w http.ResponseWriter, r *http.Request, p provider.IdentityProvider)
- func (a *Auth) GetIdentityProvider(name string) (provider.IdentityProvider, error)
- func (a *Auth) LoginHandler(w http.ResponseWriter, r *http.Request, p provider.IdentityProvider)
- func (a *Auth) ResourceHandler(h http.Handler) http.Handler
- func (a *Auth) ServeHTTP(w http.ResponseWriter, r *http.Request)
- func (a *Auth) TokenHandler() http.Handler
- type Claims
- type Client
- type CodeChallenge
- type CodeVerifier
- type Config
- type Error
- type RefreshToken
- type RefreshTokenRepository
- type RefreshTokenRepositoryConfig
- type Repository
- type User
- type UserCredentials
Constants ¶
View Source
const ( ErrInvalidRequest = "invalid_request" ErrAccessDenied = "access_denied" ErrUnsupportedResponseType = "unsupported_response_type" ErrInvalidScope = "invalid_scope" ErrServerError = "server_error" ErrInternalServerError = "internal_error" )
View Source
const ( ErrTknInvalidRequest = "invalid_request" ErrTknInvalidClient = "invalid_client" ErrTknInvalidGrant = "invalid_grant" ErrTknUnsupportedGrantType = "unsupported_grant_type" ErrTknInvalidScope = "invalid_scope" )
View Source
const CodeVerifierLenMax = 128
View Source
const CodeVerifierLenMin = 43
View Source
const TransformationPlain = "plain"
View Source
const TransformationS256 = "S256"
Variables ¶
View Source
var ( ErrNotFound = errors.New("not found") ErrAlreadyExists = errors.New("already exists") ErrNotImplemented = errors.New("not implemented") )
View Source
var ErrInvalidCodeVerifierLen = errors.New("auth/pkce: invalid code verifier len")
View Source
var ErrMismatchedVerifierAndChallenge = errors.New("auth/pkce: challenge is not a transformed verifier")
View Source
var ErrUnsupportedTransformation = errors.New("auth/pkce: unsupported code verifier transformation method")
Functions ¶
func CompareVerifierAndChallenge ¶
func CompareVerifierAndChallenge(v CodeVerifier, c CodeChallenge) error
func CreateToken ¶
func ErrorContent ¶
func NewRandomID ¶
func NewRandomID() string
Types ¶
type AccessTokenRequestParams ¶
type AccessTokenRequestParams struct {
// OAuth2.0 request parameters
GrantType string
// access token request parameters
AuthCodeID string
RedirectURI string
ClientID string
// refreshing access token parameters
RefreshToken string
Scope string // not implemented
// PKCE request parameters
CodeVerifier string
}
todo(n.rodionov): break this structure on to code -> token & refresh token -> token request structures
type Auth ¶
type Auth struct {
URLPrefix string
VerifyKey *rsa.PublicKey
SignKey *rsa.PrivateKey
Storage storage.Storage
RefreshTokenRepository
ViewRouter view.Router
// contains filtered or unexported fields
}
func New ¶
func New(verifyKey *rsa.PublicKey, signKey *rsa.PrivateKey, storage storage.Storage, vr view.Router, c Config) (*Auth, error)
todo(n.rodionov): move parameters into config
func (*Auth) AddIdentityProvider ¶
func (a *Auth) AddIdentityProvider(id string, provider provider.IdentityProvider)
func (*Auth) AuthorizationHandler ¶
only authorization code grant flow for now
func (*Auth) CallbackHandler ¶
func (a *Auth) CallbackHandler(w http.ResponseWriter, r *http.Request, p provider.IdentityProvider)
func (*Auth) GetIdentityProvider ¶
func (a *Auth) GetIdentityProvider(name string) (provider.IdentityProvider, error)
func (*Auth) LoginHandler ¶
func (a *Auth) LoginHandler(w http.ResponseWriter, r *http.Request, p provider.IdentityProvider)
func (*Auth) ResourceHandler ¶
todo: change handler name
func (*Auth) TokenHandler ¶
TODO(k15tfu):
Since this client authentication method involves a password, the authorization server MUST protect any endpoint utilizing it against brute force attacks.
type Claims ¶
type Claims struct {
*jwt.StandardClaims
Email string `json:"email,omitempty"`
}
todo(n.rodionov): move all token related entities into separate package
type CodeChallenge ¶
type CodeChallenge struct {
Challenge string `json:"code-challenge"`
Method string `json:"code-challenge-method"`
}
func NewCodeChallenge ¶
func NewCodeChallenge(v CodeVerifier, t string) (CodeChallenge, error)
func NewCodeChallengeFromString ¶
func NewCodeChallengeFromString(s string, t string) (CodeChallenge, error)
func (CodeChallenge) String ¶
func (c CodeChallenge) String() string
type CodeVerifier ¶
type CodeVerifier string
func NewCodeVerifier ¶
func NewCodeVerifier(length int) (CodeVerifier, error)
todo(n.rodionov): use masking instead of getting the remainder
type Config ¶
type Config struct {
RefreshTokenRepositoryConfig
}
type RefreshToken ¶
type RefreshTokenRepository ¶
type RefreshTokenRepository interface {
Create(token RefreshToken) error
Read(id string) (RefreshToken, error)
Update(tokenID string, updater func(token RefreshToken) (RefreshToken, error)) error
Delete(id string) error
}
type RefreshTokenRepositoryConfig ¶
type RefreshTokenRepositoryConfig interface {
New() (RefreshTokenRepository, error)
}
type Repository ¶
type Repository interface {
}
type UserCredentials ¶
type UserCredentials interface {
}
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.