Documentation ¶
Overview ¶
Package userinfo provide auth strategy to authenticate, incoming HTTP requests using the oauth2/openid userinfo endpoint, as defined in OpenID Connect https://openid.net/specs/openid-connect-core-1_0.html#UserInfo. This authentication strategy makes it easy to introduce apps, into a oauth2 authorization framework to be used by resource servers or other internal servers.
Example ¶
package main import ( "fmt" "net/http" "net/http/httptest" "github.com/shaj13/libcache" _ "github.com/shaj13/libcache/lru" "infini.sh/framework/lib/guardian/auth/strategies/oauth2/userinfo" ) func main() { srv := AuthrizationServer() opt := userinfo.SetHTTPClient(srv.Client()) strategy := userinfo.New(srv.URL, libcache.LRU.New(0), opt) r, _ := http.NewRequest("GET", "/protected/resource", nil) r.Header.Set("Authorization", "Bearer <oauth2-token>") info, err := strategy.Authenticate(r.Context(), r) fmt.Println(info.GetUserName(), err) } func AuthrizationServer() *httptest.Server { h := func(w http.ResponseWriter, r *http.Request) { const body = ` { "preferred_username": "jdoe", "sub": "Z5O3upPC88QrAjx00dis", "extension_field": "twenty-seven" } ` w.WriteHeader(200) w.Write([]byte(body)) } return httptest.NewServer(http.HandlerFunc(h)) }
Output: jdoe <nil>
Index ¶
- func GetAuthenticateFunc(addr string, opts ...auth.Option) token.AuthenticateFunc
- func New(addr string, c auth.Cache, opts ...auth.Option) auth.Strategy
- func SetClaimResolver(c oauth2.ClaimsResolver) auth.Option
- func SetClientTransport(rt http.RoundTripper) auth.Option
- func SetErrorResolver(e oauth2.ErrorResolver) auth.Option
- func SetHTTPClient(c *http.Client) auth.Option
- func SetHTTPMethod(method string) auth.Option
- func SetTLSConfig(tls *tls.Config) auth.Option
- func SetVerifyOptions(opts claims.VerifyOptions) auth.Option
- type AddressClaim
- type Claims
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthenticateFunc ¶
func GetAuthenticateFunc(addr string, opts ...auth.Option) token.AuthenticateFunc
GetAuthenticateFunc return function to authenticate request using oauth2/openid userinfo endpoint. The returned function typically used with the token strategy.
func New ¶
New return strategy authenticate request using oauth2/openid userinfo endpoint.
New is similar to:
fn := userinfo.GetAuthenticateFunc(addr, opts...) token.New(fn, cache, opts...)
func SetClaimResolver ¶
func SetClaimResolver(c oauth2.ClaimsResolver) auth.Option
SetClaimResolver sets the introspection strategy ClaimResolver to resolve the authorization claim response. Default: introspection.Claim
Example ¶
package main import ( "errors" "fmt" "net/http" "net/http/httptest" "github.com/shaj13/libcache" _ "github.com/shaj13/libcache/lru" "infini.sh/framework/lib/guardian/auth" "infini.sh/framework/lib/guardian/auth/claims" "infini.sh/framework/lib/guardian/auth/strategies/oauth2" "infini.sh/framework/lib/guardian/auth/strategies/oauth2/userinfo" ) type ExampleClaims struct { ExtensionField string `json:"extension_field"` *userinfo.Claims } func (c ExampleClaims) New() oauth2.ClaimsResolver { claim := userinfo.Claims{}.New().(*userinfo.Claims) return &ExampleClaims{Claims: claim} } func (c ExampleClaims) Resolve() auth.Info { return c } func (c ExampleClaims) Verify(opts claims.VerifyOptions) error { if v, ok := opts.Extra["extension_field"]; ok { str, ok := v.(string) if !ok { panic("Expected VerifyOptions.extension_field of type string") } if str != c.ExtensionField { return errors.New("ExampleClaim: Invalid ExtensionField") } } return nil } func main() { srv := AuthrizationServer() opt := userinfo.SetClaimResolver(new(ExampleClaims)) strategy := userinfo.New(srv.URL, libcache.LRU.New(0), opt) r, _ := http.NewRequest("GEt", "/protected/resource", nil) r.Header.Set("Authorization", "Bearer <oauth2-token>") info, err := strategy.Authenticate(r.Context(), r) fmt.Println(info.(ExampleClaims).ExtensionField, err) } func AuthrizationServer() *httptest.Server { h := func(w http.ResponseWriter, r *http.Request) { const body = ` { "preferred_username": "jdoe", "sub": "Z5O3upPC88QrAjx00dis", "extension_field": "twenty-seven" } ` w.WriteHeader(200) w.Write([]byte(body)) } return httptest.NewServer(http.HandlerFunc(h)) }
Output: twenty-seven <nil>
func SetClientTransport ¶
func SetClientTransport(rt http.RoundTripper) auth.Option
SetClientTransport sets underlying http client transport.
func SetErrorResolver ¶
func SetErrorResolver(e oauth2.ErrorResolver) auth.Option
SetErrorResolver sets the introspection strategy ErrorResolver to resolve the authorization error response. Default: oauth2.ResponseError
func SetHTTPClient ¶
SetHTTPClient sets underlying http client.
func SetHTTPMethod ¶
SetHTTPMethod sets http request's method. Default Get.
func SetTLSConfig ¶
SetTLSConfig sets underlying http client tls.
func SetVerifyOptions ¶
func SetVerifyOptions(opts claims.VerifyOptions) auth.Option
SetVerifyOptions sets the introspection strategy to verify authorization response.
Types ¶
type AddressClaim ¶
type AddressClaim struct { Formatted string `json:"formatted,omitempty"` StreetAddress string `json:"street_address,omitempty"` Locality string `json:"locality,omitempty"` Region string `json:"region,omitempty"` PostalCode string `json:"postal_code,omitempty"` Country string `json:"country,omitempty"` }
AddressClaim represents a physical mailing address as defined in OpenID https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.
type Claims ¶
type Claims struct { Subject string `json:"sub,omitempty"` Name string `json:"name,omitempty"` GivenName string `json:"given_name,omitempty"` FamilyName string `json:"family_name,omitempty"` MiddleName string `json:"middle_name,omitempty"` NickName string `json:"nickname,omitempty"` PreferredUsername string `json:"preferred_username,omitempty"` Profile string `json:"profile,omitempty"` Picture string `json:"picture,omitempty"` Website string `json:"website,omitempty"` Email string `json:"email,omitempty"` Gender string `json:"gender,omitempty"` Birthdate string `json:"birthdate,omitempty"` ZoneInfo string `json:"zoneinfo,omitempty"` Locale string `json:"locale,omitempty"` PhoneNumber string `json:"phone_number,omitempty"` PhoneNumberVerified bool `json:"phone_number_verified,omitempty"` EmailVerified bool `json:"email_verified,omitempty"` Address AddressClaim `json:"address,omitempty"` UpdatedAT *claims.Time `json:"updated_at,omitempty"` auth.Info }
Claims represents standard claims as defined in OpenID https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims. Claims implements auth.Info and oauth2.ClaimsResolver.
func (Claims) GetUserName ¶
GetUserName return's c.Info.GetUserName if exist, Otherwise, it return c.PreferredUsername or c.Email.
func (Claims) New ¶
func (c Claims) New() oauth2.ClaimsResolver
New return's a new Claims as oauth2.ClaimsResolver.