oauth1

package
v1.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 24, 2024 License: Apache-2.0 Imports: 15 Imported by: 7

Documentation

Overview

Package oauth1 enables management of OpenStack OAuth1 tokens and Authentication.

Example to Create an OAuth1 Consumer

createConsumerOpts := oauth1.CreateConsumerOpts{
	Description: "My consumer",
}
consumer, err := oauth1.CreateConsumer(identityClient, createConsumerOpts).Extract()
if err != nil {
	panic(err)
}

// NOTE: Consumer secret is available only on create response
fmt.Printf("Consumer: %+v\n", consumer)

Example to Request an unauthorized OAuth1 token

requestTokenOpts := oauth1.RequestTokenOpts{
	OAuthConsumerKey:     consumer.ID,
	OAuthConsumerSecret:  consumer.Secret,
	OAuthSignatureMethod: oauth1.HMACSHA1,
	RequestedProjectID:   projectID,
}
requestToken, err := oauth1.RequestToken(identityClient, requestTokenOpts).Extract()
if err != nil {
	panic(err)
}

// NOTE: Request token secret is available only on request response
fmt.Printf("Request token: %+v\n", requestToken)

Example to Authorize an unauthorized OAuth1 token

authorizeTokenOpts := oauth1.AuthorizeTokenOpts{
	Roles: []oauth1.Role{
		{Name: "member"},
	},
}
authToken, err := oauth1.AuthorizeToken(identityClient, requestToken.OAuthToken, authorizeTokenOpts).Extract()
if err != nil {
	panic(err)
}

fmt.Printf("Verifier ID of the unauthorized Token: %+v\n", authToken.OAuthVerifier)

Example to Create an OAuth1 Access Token

accessTokenOpts := oauth1.CreateAccessTokenOpts{
	OAuthConsumerKey:     consumer.ID,
	OAuthConsumerSecret:  consumer.Secret,
	OAuthToken:           requestToken.OAuthToken,
	OAuthTokenSecret:     requestToken.OAuthTokenSecret,
	OAuthVerifier:        authToken.OAuthVerifier,
	OAuthSignatureMethod: oauth1.HMACSHA1,
}
accessToken, err := oauth1.CreateAccessToken(identityClient, accessTokenOpts).Extract()
if err != nil {
	panic(err)
}

// NOTE: Access token secret is available only on create response
fmt.Printf("OAuth1 Access Token: %+v\n", accessToken)

Example to List User's OAuth1 Access Tokens

allPages, err := oauth1.ListAccessTokens(identityClient, userID).AllPages()
if err != nil {
	panic(err)
}
accessTokens, err := oauth1.ExtractAccessTokens(allPages)
if err != nil {
	panic(err)
}

for _, accessToken := range accessTokens {
	fmt.Printf("Access Token: %+v\n", accessToken)
}

Example to Authenticate a client using OAuth1 method

client, err := openstack.NewClient("http://localhost:5000/v3")
if err != nil {
	panic(err)
}

authOptions := &oauth1.AuthOptions{
	// consumer token, created earlier
	OAuthConsumerKey:    consumer.ID,
	OAuthConsumerSecret: consumer.Secret,
	// access token, created earlier
	OAuthToken:           accessToken.OAuthToken,
	OAuthTokenSecret:     accessToken.OAuthTokenSecret,
	OAuthSignatureMethod: oauth1.HMACSHA1,
}
err = openstack.AuthenticateV3(client, authOptions, gophercloud.EndpointOpts{})
if err != nil {
	panic(err)
}

Example to Create a Token using OAuth1 method

var oauth1Token struct {
	tokens.Token
	oauth1.TokenExt
}

createOpts := &oauth1.AuthOptions{
	// consumer token, created earlier
	OAuthConsumerKey:    consumer.ID,
	OAuthConsumerSecret: consumer.Secret,
	// access token, created earlier
	OAuthToken:           accessToken.OAuthToken,
	OAuthTokenSecret:     accessToken.OAuthTokenSecret,
	OAuthSignatureMethod: oauth1.HMACSHA1,
}
err := tokens.Create(identityClient, createOpts).ExtractInto(&oauth1Token)
if err != nil {
	panic(err)
}

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Create

Create authenticates and either generates a new OpenStack token from an OAuth1 token.

func ListAccessTokenRoles

func ListAccessTokenRoles(client *gophercloud.ServiceClient, userID string, id string) pagination.Pager

ListAccessTokenRoles enumerates authorized access token roles.

func ListAccessTokens

func ListAccessTokens(client *gophercloud.ServiceClient, userID string) pagination.Pager

ListAccessTokens enumerates authorized access tokens.

func ListConsumers

func ListConsumers(client *gophercloud.ServiceClient) pagination.Pager

List enumerates Consumers.

Types

type AccessToken

type AccessToken struct {
	ID                string     `json:"id"`
	ConsumerID        string     `json:"consumer_id"`
	ProjectID         string     `json:"project_id"`
	AuthorizingUserID string     `json:"authorizing_user_id"`
	ExpiresAt         *time.Time `json:"-"`
}

AccessToken represents an AccessToken response as a struct.

func ExtractAccessTokens

func ExtractAccessTokens(r pagination.Page) ([]AccessToken, error)

ExtractAccessTokens returns a slice of AccessTokens contained in a single page of results.

func (*AccessToken) UnmarshalJSON

func (r *AccessToken) UnmarshalJSON(b []byte) error

type AccessTokenRole

type AccessTokenRole struct {
	ID       string `json:"id"`
	Name     string `json:"name"`
	DomainID string `json:"domain_id"`
}

AccessTokenRole represents an Access Token Role struct.

func ExtractAccessTokenRoles

func ExtractAccessTokenRoles(r pagination.Page) ([]AccessTokenRole, error)

ExtractAccessTokenRoles returns a slice of AccessTokenRole contained in a single page of results.

type AccessTokenRolesPage

type AccessTokenRolesPage struct {
	pagination.LinkedPageBase
}

AccessTokenRolesPage is a single page of Access Token roles results.

func (AccessTokenRolesPage) IsEmpty

func (r AccessTokenRolesPage) IsEmpty() (bool, error)

IsEmpty determines whether or not a an AccessTokensPage contains any results.

func (AccessTokenRolesPage) NextPageURL

func (r AccessTokenRolesPage) NextPageURL() (string, error)

NextPageURL extracts the "next" link from the links section of the result.

type AccessTokensPage

type AccessTokensPage struct {
	pagination.LinkedPageBase
}

AccessTokensPage is a single page of Access Tokens results.

func (AccessTokensPage) IsEmpty

func (r AccessTokensPage) IsEmpty() (bool, error)

IsEmpty determines whether or not a an AccessTokensPage contains any results.

func (AccessTokensPage) NextPageURL

func (r AccessTokensPage) NextPageURL() (string, error)

NextPageURL extracts the "next" link from the links section of the result.

type AuthOptions

type AuthOptions struct {
	// OAuthConsumerKey is the OAuth1 Consumer Key.
	OAuthConsumerKey string `q:"oauth_consumer_key" required:"true"`

	// OAuthConsumerSecret is the OAuth1 Consumer Secret. Used to generate
	// an OAuth1 request signature.
	OAuthConsumerSecret string `required:"true"`

	// OAuthToken is the OAuth1 Request Token.
	OAuthToken string `q:"oauth_token" required:"true"`

	// OAuthTokenSecret is the OAuth1 Request Token Secret. Used to generate
	// an OAuth1 request signature.
	OAuthTokenSecret string `required:"true"`

	// OAuthSignatureMethod is the OAuth1 signature method the Consumer used
	// to sign the request. Supported values are "HMAC-SHA1" or "PLAINTEXT".
	// "PLAINTEXT" is not recommended for production usage.
	OAuthSignatureMethod SignatureMethod `q:"oauth_signature_method" required:"true"`

	// OAuthTimestamp is an OAuth1 request timestamp. If nil, current Unix
	// timestamp will be used.
	OAuthTimestamp *time.Time

	// OAuthNonce is an OAuth1 request nonce. Nonce must be a random string,
	// uniquely generated for each request. Will be generated automatically
	// when it is not set.
	OAuthNonce string `q:"oauth_nonce"`

	// AllowReauth allows Gophercloud to re-authenticate automatically
	// if/when your token expires.
	AllowReauth bool
}

AuthOptions represents options for authenticating a user using OAuth1 tokens.

func (AuthOptions) CanReauth

func (opts AuthOptions) CanReauth() bool

CanReauth allows AuthOptions to satisfy the tokens.AuthOptionsBuilder interface.

func (AuthOptions) ToTokenV3CreateMap

func (opts AuthOptions) ToTokenV3CreateMap(map[string]interface{}) (map[string]interface{}, error)

ToTokenV3CreateMap builds a create request body.

func (AuthOptions) ToTokenV3HeadersMap

func (opts AuthOptions) ToTokenV3HeadersMap(headerOpts map[string]interface{}) (map[string]string, error)

ToTokenV3HeadersMap builds the headers required for an OAuth1-based create request.

func (AuthOptions) ToTokenV3ScopeMap

func (opts AuthOptions) ToTokenV3ScopeMap() (map[string]interface{}, error)

ToTokenV3ScopeMap allows AuthOptions to satisfy the tokens.AuthOptionsBuilder interface.

type AuthorizeTokenOpts

type AuthorizeTokenOpts struct {
	Roles []Role `json:"roles"`
}

AuthorizeTokenOpts provides options used to authorize a request token.

func (AuthorizeTokenOpts) ToOAuth1AuthorizeTokenMap

func (opts AuthorizeTokenOpts) ToOAuth1AuthorizeTokenMap() (map[string]interface{}, error)

ToOAuth1AuthorizeTokenMap formats an AuthorizeTokenOpts into an authorize token request.

type AuthorizeTokenOptsBuilder

type AuthorizeTokenOptsBuilder interface {
	ToOAuth1AuthorizeTokenMap() (map[string]interface{}, error)
}

AuthorizeTokenOptsBuilder allows extensions to add additional parameters to the AuthorizeToken request.

type AuthorizeTokenResult

type AuthorizeTokenResult struct {
	gophercloud.Result
}

func AuthorizeToken

AuthorizeToken authorizes an unauthorized consumer token.

func (AuthorizeTokenResult) Extract

func (r AuthorizeTokenResult) Extract() (*AuthorizedToken, error)

Extract interprets AuthorizeTokenResult result as a AuthorizedToken.

type AuthorizedToken

type AuthorizedToken struct {
	// OAuthVerifier is the ID of the token verifier.
	OAuthVerifier string `json:"oauth_verifier"`
}

AuthorizedToken contains an OAuth1 authorized token info.

type Consumer

type Consumer struct {
	ID          string `json:"id"`
	Secret      string `json:"secret"`
	Description string `json:"description"`
}

Consumer represents a delegated authorization request between two identities.

func ExtractConsumers

func ExtractConsumers(r pagination.Page) ([]Consumer, error)

ExtractConsumers returns a slice of Consumers contained in a single page of results.

type ConsumersPage

type ConsumersPage struct {
	pagination.LinkedPageBase
}

ConsumersPage is a single page of Region results.

func (ConsumersPage) IsEmpty

func (c ConsumersPage) IsEmpty() (bool, error)

IsEmpty determines whether or not a page of Consumers contains any results.

func (ConsumersPage) NextPageURL

func (c ConsumersPage) NextPageURL() (string, error)

NextPageURL extracts the "next" link from the links section of the result.

type CreateAccessTokenOpts

type CreateAccessTokenOpts struct {
	// OAuthConsumerKey is the OAuth1 Consumer Key.
	OAuthConsumerKey string `q:"oauth_consumer_key" required:"true"`

	// OAuthConsumerSecret is the OAuth1 Consumer Secret. Used to generate
	// an OAuth1 request signature.
	OAuthConsumerSecret string `required:"true"`

	// OAuthToken is the OAuth1 Request Token.
	OAuthToken string `q:"oauth_token" required:"true"`

	// OAuthTokenSecret is the OAuth1 Request Token Secret. Used to generate
	// an OAuth1 request signature.
	OAuthTokenSecret string `required:"true"`

	// OAuthVerifier is the OAuth1 verification code.
	OAuthVerifier string `q:"oauth_verifier" required:"true"`

	// OAuthSignatureMethod is the OAuth1 signature method the Consumer used
	// to sign the request. Supported values are "HMAC-SHA1" or "PLAINTEXT".
	// "PLAINTEXT" is not recommended for production usage.
	OAuthSignatureMethod SignatureMethod `q:"oauth_signature_method" required:"true"`

	// OAuthTimestamp is an OAuth1 request timestamp. If nil, current Unix
	// timestamp will be used.
	OAuthTimestamp *time.Time

	// OAuthNonce is an OAuth1 request nonce. Nonce must be a random string,
	// uniquely generated for each request. Will be generated automatically
	// when it is not set.
	OAuthNonce string `q:"oauth_nonce"`
}

CreateAccessTokenOpts provides options used to create an OAuth1 token.

func (CreateAccessTokenOpts) ToOAuth1CreateAccessTokenHeaders

func (opts CreateAccessTokenOpts) ToOAuth1CreateAccessTokenHeaders(method, u string) (map[string]string, error)

ToOAuth1CreateAccessTokenHeaders formats a CreateAccessTokenOpts into a map of request headers.

type CreateAccessTokenOptsBuilder

type CreateAccessTokenOptsBuilder interface {
	ToOAuth1CreateAccessTokenHeaders(string, string) (map[string]string, error)
}

CreateAccessTokenOptsBuilder allows extensions to add additional parameters to the CreateAccessToken request.

type CreateConsumerOpts

type CreateConsumerOpts struct {
	// Description is the consumer description.
	Description string `json:"description"`
}

CreateConsumerOpts provides options used to create a new Consumer.

func (CreateConsumerOpts) ToOAuth1CreateConsumerMap

func (opts CreateConsumerOpts) ToOAuth1CreateConsumerMap() (map[string]interface{}, error)

ToOAuth1CreateConsumerMap formats a CreateConsumerOpts into a create request.

type CreateConsumerOptsBuilder

type CreateConsumerOptsBuilder interface {
	ToOAuth1CreateConsumerMap() (map[string]interface{}, error)
}

CreateConsumerOptsBuilder allows extensions to add additional parameters to the CreateConsumer request.

type CreateConsumerResult

type CreateConsumerResult struct {
	// contains filtered or unexported fields
}

CreateConsumerResult is the response from a Create operation. Call its Extract method to interpret it as a Consumer.

func CreateConsumer

Create creates a new Consumer.

func (CreateConsumerResult) Extract

func (c CreateConsumerResult) Extract() (*Consumer, error)

Extract interprets any consumer result as a Consumer.

type DeleteConsumerResult

type DeleteConsumerResult struct {
	gophercloud.ErrResult
}

DeleteConsumerResult is the response from a Delete operation. Call its ExtractErr to determine if the request succeeded or failed.

func DeleteConsumer

func DeleteConsumer(client *gophercloud.ServiceClient, id string) (r DeleteConsumerResult)

Delete deletes a Consumer.

type GetAccessTokenResult

type GetAccessTokenResult struct {
	gophercloud.Result
}

func GetAccessToken

func GetAccessToken(client *gophercloud.ServiceClient, userID string, id string) (r GetAccessTokenResult)

GetAccessToken retrieves details on a single OAuth1 access token by an ID.

func (GetAccessTokenResult) Extract

func (r GetAccessTokenResult) Extract() (*AccessToken, error)

Extract interprets any GetAccessTokenResult result as an AccessToken.

type GetAccessTokenRoleResult

type GetAccessTokenRoleResult struct {
	gophercloud.Result
}

func GetAccessTokenRole

func GetAccessTokenRole(client *gophercloud.ServiceClient, userID string, id string, roleID string) (r GetAccessTokenRoleResult)

GetAccessTokenRole retrieves details on a single OAuth1 access token role by an ID.

func (GetAccessTokenRoleResult) Extract

Extract interprets any GetAccessTokenRoleResult result as an AccessTokenRole.

type GetConsumerResult

type GetConsumerResult struct {
	// contains filtered or unexported fields
}

GetConsumerResult is the response from a Get operation. Call its Extract method to interpret it as a Consumer.

func GetConsumer

func GetConsumer(client *gophercloud.ServiceClient, id string) (r GetConsumerResult)

GetConsumer retrieves details on a single Consumer by ID.

func (GetConsumerResult) Extract

func (c GetConsumerResult) Extract() (*Consumer, error)

Extract interprets any consumer result as a Consumer.

type OAuth1

type OAuth1 struct {
	AccessTokenID string `json:"access_token_id"`
	ConsumerID    string `json:"consumer_id"`
}

OAuth1 is an OAuth1 object, returned in OAuth1 token result.

type RequestTokenOpts

type RequestTokenOpts struct {
	// OAuthConsumerKey is the OAuth1 Consumer Key.
	OAuthConsumerKey string `q:"oauth_consumer_key" required:"true"`

	// OAuthConsumerSecret is the OAuth1 Consumer Secret. Used to generate
	// an OAuth1 request signature.
	OAuthConsumerSecret string `required:"true"`

	// OAuthSignatureMethod is the OAuth1 signature method the Consumer used
	// to sign the request. Supported values are "HMAC-SHA1" or "PLAINTEXT".
	// "PLAINTEXT" is not recommended for production usage.
	OAuthSignatureMethod SignatureMethod `q:"oauth_signature_method" required:"true"`

	// OAuthTimestamp is an OAuth1 request timestamp. If nil, current Unix
	// timestamp will be used.
	OAuthTimestamp *time.Time

	// OAuthNonce is an OAuth1 request nonce. Nonce must be a random string,
	// uniquely generated for each request. Will be generated automatically
	// when it is not set.
	OAuthNonce string `q:"oauth_nonce"`

	// RequestedProjectID is a Project ID a consumer user requested an
	// access to.
	RequestedProjectID string `h:"Requested-Project-Id"`
}

RequestTokenOpts provides options used to get a consumer unauthorized request token.

func (RequestTokenOpts) ToOAuth1RequestTokenHeaders

func (opts RequestTokenOpts) ToOAuth1RequestTokenHeaders(method, u string) (map[string]string, error)

ToOAuth1RequestTokenHeaders formats a RequestTokenOpts into a map of request headers.

type RequestTokenOptsBuilder

type RequestTokenOptsBuilder interface {
	ToOAuth1RequestTokenHeaders(string, string) (map[string]string, error)
}

RequestTokenOptsBuilder allows extensions to add additional parameters to the RequestToken request.

type RevokeAccessTokenResult

type RevokeAccessTokenResult struct {
	gophercloud.ErrResult
}

RevokeAccessTokenResult is the response from a Delete operation. Call its ExtractErr to determine if the request succeeded or failed.

func RevokeAccessToken

func RevokeAccessToken(client *gophercloud.ServiceClient, userID string, id string) (r RevokeAccessTokenResult)

RevokeAccessToken revokes an OAuth1 access token.

type Role

type Role struct {
	ID   string `json:"id,omitempty"`
	Name string `json:"name,omitempty"`
}

Role is a struct representing a role object in a AuthorizeTokenOpts struct.

type SignatureMethod

type SignatureMethod string

Type SignatureMethod is a OAuth1 SignatureMethod type.

const (
	// HMACSHA1 is a recommended OAuth1 signature method.
	HMACSHA1 SignatureMethod = "HMAC-SHA1"

	// PLAINTEXT signature method is not recommended to be used in
	// production environment.
	PLAINTEXT SignatureMethod = "PLAINTEXT"

	// OAuth1TokenContentType is a supported content type for an OAuth1
	// token.
	OAuth1TokenContentType = "application/x-www-form-urlencoded"
)

type Token

type Token struct {
	// OAuthToken is the key value for the oauth token that the Identity API returns.
	OAuthToken string `q:"oauth_token"`
	// OAuthTokenSecret is the secret value associated with the OAuth Token.
	OAuthTokenSecret string `q:"oauth_token_secret"`
	// OAuthExpiresAt is the date and time when an OAuth token expires.
	OAuthExpiresAt *time.Time `q:"-"`
}

Token contains an OAuth1 token.

type TokenExt

type TokenExt struct {
	OAuth1 OAuth1 `json:"OS-OAUTH1"`
}

TokenExt represents an extension of the base token result.

type TokenResult

type TokenResult struct {
	gophercloud.Result
	Body []byte
}

TokenResult is a struct to handle "Content-Type: application/x-www-form-urlencoded" response.

func CreateAccessToken

func CreateAccessToken(client *gophercloud.ServiceClient, opts CreateAccessTokenOptsBuilder) (r TokenResult)

CreateAccessToken creates a new OAuth1 Access Token

func RequestToken

func RequestToken(client *gophercloud.ServiceClient, opts RequestTokenOptsBuilder) (r TokenResult)

RequestToken requests an unauthorized OAuth1 Token.

func (TokenResult) Extract

func (r TokenResult) Extract() (*Token, error)

Extract interprets any OAuth1 token result as a Token.

type UpdateConsumerOpts

type UpdateConsumerOpts struct {
	// Description is the consumer description.
	Description string `json:"description"`
}

UpdateConsumerOpts provides options used to update a consumer.

func (UpdateConsumerOpts) ToOAuth1UpdateConsumerMap

func (opts UpdateConsumerOpts) ToOAuth1UpdateConsumerMap() (map[string]interface{}, error)

ToOAuth1UpdateConsumerMap formats an UpdateConsumerOpts into a consumer update request.

type UpdateConsumerResult

type UpdateConsumerResult struct {
	// contains filtered or unexported fields
}

UpdateConsumerResult is the response from a Create operation. Call its Extract method to interpret it as a Consumer.

func UpdateConsumer

func UpdateConsumer(client *gophercloud.ServiceClient, id string, opts UpdateConsumerOpts) (r UpdateConsumerResult)

UpdateConsumer updates an existing Consumer.

func (UpdateConsumerResult) Extract

func (c UpdateConsumerResult) Extract() (*Consumer, error)

Extract interprets any consumer result as a Consumer.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL