oauth

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 19, 2021 License: Apache-2.0 Imports: 22 Imported by: 65

Documentation

Overview

Package oauth is consumer interface for OAuth 1.0, OAuth 1.0a and RFC 5849.

Redirection-based Authorization

This section outlines how to use the oauth package in redirection-based authorization (http://tools.ietf.org/html/rfc5849#section-2).

Step 1: Create a Client using credentials and URIs provided by the server. The Client can be initialized once at application startup and stored in a package-level variable.

Step 2: Request temporary credentials using the Client RequestTemporaryCredentials method. The callbackURL parameter is the URL of the callback handler in step 4. Save the returned credential secret so that it can be later found using credential token as a key. The secret can be stored in a database keyed by the token. Another option is to store the token and secret in session storage or a cookie.

Step 3: Redirect the user to URL returned from AuthorizationURL method. The AuthorizationURL method uses the temporary credentials from step 2 and other parameters as specified by the server.

Step 4: The server redirects back to the callback URL specified in step 2 with the temporary token and a verifier. Use the temporary token to find the temporary secret saved in step 2. Using the temporary token, temporary secret and verifier, request token credentials using the client RequestToken method. Save the returned credentials for later use in the application.

Signing Requests

The Client type has two low-level methods for signing requests, SignForm and SetAuthorizationHeader.

The SignForm method adds an OAuth signature to a form. The application makes an authenticated request by encoding the modified form to the query string or request body.

The SetAuthorizationHeader method adds an OAuth signature to a request header. The SetAuthorizationHeader method is the only way to correctly sign a request if the application sets the URL Opaque field when making a request.

The Get, Put, Post and Delete methods sign and invoke a request using the supplied net/http Client. These methods are easy to use, but not as flexible as constructing a request using one of the low-level methods.

Context With HTTP Client

A context-enabled method can include a custom HTTP client in the context and execute an HTTP request using the included HTTP client.

hc := &http.Client{Timeout: 2 * time.Second}
ctx := context.WithValue(context.Background(), oauth.HTTPClient, hc)
c := oauth.Client{ /* Any settings */ }
resp, err := c.GetContext(ctx, &oauth.Credentials{}, rawurl, nil)

Index

Constants

This section is empty.

Variables

View Source
var HTTPClient contextKey

HTTPClient is the context key to use with context's WithValue function to associate an *http.Client value with a context.

Functions

This section is empty.

Types

type Client

type Client struct {
	// Credentials specifies the client key and secret.
	// Also known as the consumer key and secret
	Credentials Credentials

	// TemporaryCredentialRequestURI is the endpoint used by the client to
	// obtain a set of temporary credentials. Also known as the request token
	// URL.
	TemporaryCredentialRequestURI string

	// ResourceOwnerAuthorizationURI is the endpoint to which the resource
	// owner is redirected to grant authorization. Also known as authorization
	// URL.
	ResourceOwnerAuthorizationURI string

	// TokenRequestURI is the endpoint used by the client to request a set of
	// token credentials using a set of temporary credentials. Also known as
	// access token URL.
	TokenRequestURI string

	// RenewCredentialRequestURI is the endpoint the client uses to
	// request a new set of token credentials using the old set of credentials.
	RenewCredentialRequestURI string

	// TemporaryCredentialsMethod is the HTTP method used by the client to
	// obtain a set of temporary credentials. If this field is the empty
	// string, then POST is used.
	TemporaryCredentialsMethod string

	// TokenCredentailsMethod is the HTTP method used by the client to request
	// a set of token credentials. If this field is the empty string, then POST
	// is used.
	TokenCredentailsMethod string

	// Header specifies optional extra headers for requests.
	Header http.Header

	// SignatureMethod specifies the method for signing a request.
	SignatureMethod SignatureMethod

	// PrivateKey is the private key to use for RSA-SHA* signatures. This field
	// must be set for RSA-SHA* signatures and ignored for other signature
	// methods.
	PrivateKey *rsa.PrivateKey
}

Client represents an OAuth client.

func (*Client) AuthorizationHeader

func (c *Client) AuthorizationHeader(credentials *Credentials, method string, u *url.URL, params url.Values) string

AuthorizationHeader returns the HTTP authorization header value for given method, URL and parameters.

AuthorizationHeader is deprecated. Use SetAuthorizationHeader instead.

func (*Client) AuthorizationURL

func (c *Client) AuthorizationURL(temporaryCredentials *Credentials, additionalParams url.Values) string

AuthorizationURL returns the URL for resource owner authorization. See http://tools.ietf.org/html/rfc5849#section-2.2 for information about resource owner authorization.

func (*Client) Delete

func (c *Client) Delete(client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

Delete issues a DELETE with the specified form.

func (*Client) DeleteContext

func (c *Client) DeleteContext(ctx context.Context, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

DeleteContext uses Context to perform Delete.

func (*Client) Get

func (c *Client) Get(client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

Get issues a GET to the specified URL with form added as a query string.

func (*Client) GetContext

func (c *Client) GetContext(ctx context.Context, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

GetContext uses Context to perform Get.

func (*Client) Post

func (c *Client) Post(client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

Post issues a POST with the specified form.

func (*Client) PostContext

func (c *Client) PostContext(ctx context.Context, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

PostContext uses Context to perform Post.

func (*Client) Put

func (c *Client) Put(client *http.Client, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

Put issues a PUT with the specified form.

func (*Client) PutContext

func (c *Client) PutContext(ctx context.Context, credentials *Credentials, urlStr string, form url.Values) (*http.Response, error)

PutContext uses Context to perform Put.

func (*Client) RenewRequestCredentials

func (c *Client) RenewRequestCredentials(client *http.Client, credentials *Credentials, sessionHandle string) (*Credentials, url.Values, error)

RenewRequestCredentials requests new token credentials from the server. See http://wiki.oauth.net/w/page/12238549/ScalableOAuth#AccessTokenRenewal for information about access token renewal.

func (*Client) RenewRequestCredentialsContext

func (c *Client) RenewRequestCredentialsContext(ctx context.Context, credentials *Credentials, sessionHandle string) (*Credentials, url.Values, error)

RenewRequestCredentialsContext uses Context to perform RenewRequestCredentials.

func (*Client) RequestTemporaryCredentials

func (c *Client) RequestTemporaryCredentials(client *http.Client, callbackURL string, additionalParams url.Values) (*Credentials, error)

RequestTemporaryCredentials requests temporary credentials from the server. See http://tools.ietf.org/html/rfc5849#section-2.1 for information about temporary credentials.

func (*Client) RequestTemporaryCredentialsContext

func (c *Client) RequestTemporaryCredentialsContext(ctx context.Context, callbackURL string, additionalParams url.Values) (*Credentials, error)

RequestTemporaryCredentialsContext uses Context to perform RequestTemporaryCredentials.

func (*Client) RequestToken

func (c *Client) RequestToken(client *http.Client, temporaryCredentials *Credentials, verifier string) (*Credentials, url.Values, error)

RequestToken requests token credentials from the server. See http://tools.ietf.org/html/rfc5849#section-2.3 for information about token credentials.

func (*Client) RequestTokenContext

func (c *Client) RequestTokenContext(ctx context.Context, temporaryCredentials *Credentials, verifier string) (*Credentials, url.Values, error)

RequestTokenContext uses Context to perform RequestToken.

func (*Client) RequestTokenXAuth

func (c *Client) RequestTokenXAuth(client *http.Client, temporaryCredentials *Credentials, user, password string) (*Credentials, url.Values, error)

RequestTokenXAuth requests token credentials from the server using the xAuth protocol. See https://dev.twitter.com/oauth/xauth for information on xAuth.

func (*Client) RequestTokenXAuthContext

func (c *Client) RequestTokenXAuthContext(ctx context.Context, temporaryCredentials *Credentials, user, password string) (*Credentials, url.Values, error)

RequestTokenXAuthContext uses Context to perform RequestTokenXAuth.

func (*Client) SetAuthorizationHeader

func (c *Client) SetAuthorizationHeader(header http.Header, credentials *Credentials, method string, u *url.URL, form url.Values) error

SetAuthorizationHeader adds an OAuth signature to a request header.

See http://tools.ietf.org/html/rfc5849#section-3.5.1 for information about transmitting OAuth parameters in an HTTP request header.

func (*Client) SignForm

func (c *Client) SignForm(credentials *Credentials, method, urlStr string, form url.Values) error

SignForm adds an OAuth signature to form. The urlStr argument must not include a query string.

See http://tools.ietf.org/html/rfc5849#section-3.5.2 for information about transmitting OAuth parameters in a request body and http://tools.ietf.org/html/rfc5849#section-3.5.2 for information about transmitting OAuth parameters in a query string.

func (*Client) SignParam

func (c *Client) SignParam(credentials *Credentials, method, urlStr string, params url.Values)

SignParam is deprecated. Use SignForm instead.

type Credentials

type Credentials struct {
	Token  string // Also known as consumer key or access token.
	Secret string // Also known as consumer secret or access token secret.
}

Credentials represents client, temporary and token credentials.

type RequestCredentialsError

type RequestCredentialsError struct {
	StatusCode int
	Header     http.Header
	Body       []byte
	// contains filtered or unexported fields
}

RequestCredentialsError is an error containing response information when requesting credentials.

func (RequestCredentialsError) Error

func (e RequestCredentialsError) Error() string

type SignatureMethod

type SignatureMethod int

SignatureMethod identifies a signature method.

const (
	HMACSHA1   SignatureMethod = iota // HMAC-SHA1
	RSASHA1                           // RSA-SHA1
	PLAINTEXT                         // Plain text
	HMACSHA256                        // HMAC-256
	RSASHA256                         // RSA-SHA256
)

func (SignatureMethod) String

func (sm SignatureMethod) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL