Documentation ¶
Index ¶
- Constants
- func Authorize(secretKey string, formatter TokenSecureFormatter) func(next http.Handler) http.Handler
- func CheckBasicAuthentication(username, password string, r *http.Request) error
- func GetBasicAuthentication(r *http.Request) (username, password string, err error)
- type AuthorizationCodeVerifier
- type BearerAuthentication
- type BearerServer
- type CredentialsVerifier
- type GrantType
- type RC4TokenSecureFormatter
- type RefreshToken
- type SHA256RC4TokenSecureFormatter
- type Token
- type TokenProvider
- func (tp *TokenProvider) CryptRefreshToken(t *RefreshToken) (token string, err error)
- func (tp *TokenProvider) CryptToken(t *Token) (token string, err error)
- func (tp *TokenProvider) DecryptRefreshTokens(refreshToken string) (refresh *RefreshToken, err error)
- func (tp *TokenProvider) DecryptToken(token string) (t *Token, err error)
- type TokenResponse
- type TokenSecureFormatter
- type TokenType
Constants ¶
const ( CredentialContext contextKey = "oauth.credential" ClaimsContext contextKey = "oauth.claims" ScopeContext contextKey = "oauth.scope" TokenTypeContext contextKey = "oauth.tokentype" AccessTokenContext contextKey = "oauth.accesstoken" )
Variables ¶
This section is empty.
Functions ¶
func Authorize ¶
func Authorize(secretKey string, formatter TokenSecureFormatter) func(next http.Handler) http.Handler
Authorize is the OAuth 2.0 middleware for go-chi resource server. Authorize creates a BearerAuthentication middleware and return the Authorize method.
func CheckBasicAuthentication ¶
Check Basic Authorization header credentials
Types ¶
type AuthorizationCodeVerifier ¶
type AuthorizationCodeVerifier interface { // ValidateCode checks the authorization code and returns the user credential ValidateCode(clientID, clientSecret, code, redirectURI string, r *http.Request) (string, error) }
AuthorizationCodeVerifier defines the interface of the Authorization Code verifier
type BearerAuthentication ¶
type BearerAuthentication struct {
// contains filtered or unexported fields
}
BearerAuthentication middleware for go-chi
func NewBearerAuthentication ¶
func NewBearerAuthentication(secretKey string, formatter TokenSecureFormatter) *BearerAuthentication
NewBearerAuthentication create a BearerAuthentication middleware
type BearerServer ¶
BearerServer is the OAuth 2 bearer server implementation.
func NewBearerServer ¶
func NewBearerServer(secretKey string, ttl time.Duration, verifier CredentialsVerifier, formatter TokenSecureFormatter) *BearerServer
NewBearerServer creates new OAuth 2 bearer server
func (*BearerServer) AuthorizationCode ¶
func (bs *BearerServer) AuthorizationCode(w http.ResponseWriter, r *http.Request)
AuthorizationCode manages authorization code grant type requests for the phase two of the authorization process
func (*BearerServer) ClientCredentials ¶
func (bs *BearerServer) ClientCredentials(w http.ResponseWriter, r *http.Request)
ClientCredentials manages client credentials grant type requests
func (*BearerServer) UserCredentials ¶
func (bs *BearerServer) UserCredentials(w http.ResponseWriter, r *http.Request)
UserCredentials manages password grant type requests
type CredentialsVerifier ¶
type CredentialsVerifier interface { // Validate username and password returning an error if the user credentials are wrong ValidateUser(username, password, scope string, r *http.Request) error // Validate clientID and secret returning an error if the client credentials are wrong ValidateClient(clientID, clientSecret, scope string, r *http.Request) error // Provide additional claims to the token AddClaims(tokenType TokenType, credential, tokenID, scope string, r *http.Request) (map[string]string, error) // Provide additional information to the authorization server response AddProperties(tokenType TokenType, credential, tokenID, scope string, r *http.Request) (map[string]string, error) // Optionally validate previously stored tokenID during refresh request ValidateTokenID(tokenType TokenType, credential, tokenID, refreshTokenID string) error // Optionally store the tokenID generated for the user StoreTokenID(tokenType TokenType, credential, tokenID, refreshTokenID string) error }
CredentialsVerifier defines the interface of the user and client credentials verifier.
type RC4TokenSecureFormatter ¶
type RC4TokenSecureFormatter struct {
// contains filtered or unexported fields
}
func NewRC4TokenSecurityProvider ¶
func NewRC4TokenSecurityProvider(key []byte) *RC4TokenSecureFormatter
func (*RC4TokenSecureFormatter) CryptToken ¶
func (sc *RC4TokenSecureFormatter) CryptToken(source []byte) ([]byte, error)
func (*RC4TokenSecureFormatter) DecryptToken ¶
func (sc *RC4TokenSecureFormatter) DecryptToken(source []byte) ([]byte, error)
type RefreshToken ¶
type RefreshToken struct { CreationDate time.Time `json:"date"` TokenID string `json:"id_token"` RefreshTokenID string `json:"id_refresh_token"` Credential string `json:"credential"` TokenType TokenType `json:"type"` Scope string `json:"scope"` }
RefreshToken structure included in the authorization server response
type SHA256RC4TokenSecureFormatter ¶
type SHA256RC4TokenSecureFormatter struct {
// contains filtered or unexported fields
}
func NewSHA256RC4TokenSecurityProvider ¶
func NewSHA256RC4TokenSecurityProvider(key []byte) *SHA256RC4TokenSecureFormatter
func (*SHA256RC4TokenSecureFormatter) CryptToken ¶
func (sc *SHA256RC4TokenSecureFormatter) CryptToken(source []byte) ([]byte, error)
func (*SHA256RC4TokenSecureFormatter) DecryptToken ¶
func (sc *SHA256RC4TokenSecureFormatter) DecryptToken(source []byte) ([]byte, error)
type Token ¶
type Token struct { ID string `json:"id_token"` CreationDate time.Time `json:"date"` ExpiresIn time.Duration `json:"expires_in"` // secs Credential string `json:"credential"` Scope string `json:"scope"` Claims map[string]string `json:"claims"` TokenType TokenType `json:"type"` }
Token structure generated by the authorization server
type TokenProvider ¶
type TokenProvider struct {
// contains filtered or unexported fields
}
func NewTokenProvider ¶
func NewTokenProvider(formatter TokenSecureFormatter) *TokenProvider
func (*TokenProvider) CryptRefreshToken ¶
func (tp *TokenProvider) CryptRefreshToken(t *RefreshToken) (token string, err error)
func (*TokenProvider) CryptToken ¶
func (tp *TokenProvider) CryptToken(t *Token) (token string, err error)
func (*TokenProvider) DecryptRefreshTokens ¶
func (tp *TokenProvider) DecryptRefreshTokens(refreshToken string) (refresh *RefreshToken, err error)
func (*TokenProvider) DecryptToken ¶
func (tp *TokenProvider) DecryptToken(token string) (t *Token, err error)
type TokenResponse ¶
type TokenResponse struct { Token string `json:"access_token"` RefreshToken string `json:"refresh_token"` TokenType TokenType `json:"token_type"` // bearer ExpiresIn int64 `json:"expires_in"` // secs Properties map[string]string `json:"properties"` }
TokenResponse is the authorization server response