userinfo

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2024 License: AGPL-3.0, MIT Imports: 12 Imported by: 0

Documentation

Overview

Package userinfo provide auth strategy to authenticate, incoming HTTP requests using the oauth2/openid userinfo endpoint, as defined in OpenID Connect https://openid.net/specs/openid-connect-core-1_0.html#UserInfo. This authentication strategy makes it easy to introduce apps, into a oauth2 authorization framework to be used by resource servers or other internal servers.

Example
package main

import (
	"fmt"
	"net/http"
	"net/http/httptest"

	"github.com/shaj13/libcache"

	_ "github.com/shaj13/libcache/lru"
	"infini.sh/framework/lib/guardian/auth/strategies/oauth2/userinfo"
)

func main() {
	srv := AuthrizationServer()
	opt := userinfo.SetHTTPClient(srv.Client())
	strategy := userinfo.New(srv.URL, libcache.LRU.New(0), opt)
	r, _ := http.NewRequest("GET", "/protected/resource", nil)
	r.Header.Set("Authorization", "Bearer <oauth2-token>")
	info, err := strategy.Authenticate(r.Context(), r)
	fmt.Println(info.GetUserName(), err)
}

func AuthrizationServer() *httptest.Server {
	h := func(w http.ResponseWriter, r *http.Request) {
		const body = `
		{
			"preferred_username": "jdoe",
			"sub": "Z5O3upPC88QrAjx00dis",
			"extension_field": "twenty-seven"
		}
		`
		w.WriteHeader(200)
		w.Write([]byte(body))
	}
	return httptest.NewServer(http.HandlerFunc(h))
}
Output:

jdoe <nil>

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetAuthenticateFunc

func GetAuthenticateFunc(addr string, opts ...auth.Option) token.AuthenticateFunc

GetAuthenticateFunc return function to authenticate request using oauth2/openid userinfo endpoint. The returned function typically used with the token strategy.

func New

func New(addr string, c auth.Cache, opts ...auth.Option) auth.Strategy

New return strategy authenticate request using oauth2/openid userinfo endpoint.

New is similar to:

fn := userinfo.GetAuthenticateFunc(addr, opts...)
token.New(fn, cache, opts...)

func SetClaimResolver

func SetClaimResolver(c oauth2.ClaimsResolver) auth.Option

SetClaimResolver sets the introspection strategy ClaimResolver to resolve the authorization claim response. Default: introspection.Claim

Example
package main

import (
	"errors"
	"fmt"
	"net/http"
	"net/http/httptest"

	"github.com/shaj13/libcache"

	_ "github.com/shaj13/libcache/lru"
	"infini.sh/framework/lib/guardian/auth"
	"infini.sh/framework/lib/guardian/auth/claims"
	"infini.sh/framework/lib/guardian/auth/strategies/oauth2"
	"infini.sh/framework/lib/guardian/auth/strategies/oauth2/userinfo"
)

type ExampleClaims struct {
	ExtensionField string `json:"extension_field"`
	*userinfo.Claims
}

func (c ExampleClaims) New() oauth2.ClaimsResolver {
	claim := userinfo.Claims{}.New().(*userinfo.Claims)
	return &ExampleClaims{Claims: claim}
}

func (c ExampleClaims) Resolve() auth.Info {
	return c
}

func (c ExampleClaims) Verify(opts claims.VerifyOptions) error {
	if v, ok := opts.Extra["extension_field"]; ok {
		str, ok := v.(string)
		if !ok {
			panic("Expected VerifyOptions.extension_field of type string")
		}
		if str != c.ExtensionField {
			return errors.New("ExampleClaim: Invalid ExtensionField")
		}
	}
	return nil
}

func main() {
	srv := AuthrizationServer()
	opt := userinfo.SetClaimResolver(new(ExampleClaims))
	strategy := userinfo.New(srv.URL, libcache.LRU.New(0), opt)
	r, _ := http.NewRequest("GEt", "/protected/resource", nil)
	r.Header.Set("Authorization", "Bearer <oauth2-token>")
	info, err := strategy.Authenticate(r.Context(), r)
	fmt.Println(info.(ExampleClaims).ExtensionField, err)
}

func AuthrizationServer() *httptest.Server {
	h := func(w http.ResponseWriter, r *http.Request) {
		const body = `
		{
			"preferred_username": "jdoe",
			"sub": "Z5O3upPC88QrAjx00dis",
			"extension_field": "twenty-seven"
		}
		`
		w.WriteHeader(200)
		w.Write([]byte(body))
	}
	return httptest.NewServer(http.HandlerFunc(h))
}
Output:

twenty-seven <nil>

func SetClientTransport

func SetClientTransport(rt http.RoundTripper) auth.Option

SetClientTransport sets underlying http client transport.

func SetErrorResolver

func SetErrorResolver(e oauth2.ErrorResolver) auth.Option

SetErrorResolver sets the introspection strategy ErrorResolver to resolve the authorization error response. Default: oauth2.ResponseError

func SetHTTPClient

func SetHTTPClient(c *http.Client) auth.Option

SetHTTPClient sets underlying http client.

func SetHTTPMethod

func SetHTTPMethod(method string) auth.Option

SetHTTPMethod sets http request's method. Default Get.

func SetTLSConfig

func SetTLSConfig(tls *tls.Config) auth.Option

SetTLSConfig sets underlying http client tls.

func SetVerifyOptions

func SetVerifyOptions(opts claims.VerifyOptions) auth.Option

SetVerifyOptions sets the introspection strategy to verify authorization response.

Types

type AddressClaim

type AddressClaim struct {
	Formatted     string `json:"formatted,omitempty"`
	StreetAddress string `json:"street_address,omitempty"`
	Locality      string `json:"locality,omitempty"`
	Region        string `json:"region,omitempty"`
	PostalCode    string `json:"postal_code,omitempty"`
	Country       string `json:"country,omitempty"`
}

AddressClaim represents a physical mailing address as defined in OpenID https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.

type Claims

type Claims struct {
	Subject             string       `json:"sub,omitempty"`
	Name                string       `json:"name,omitempty"`
	GivenName           string       `json:"given_name,omitempty"`
	FamilyName          string       `json:"family_name,omitempty"`
	MiddleName          string       `json:"middle_name,omitempty"`
	NickName            string       `json:"nickname,omitempty"`
	PreferredUsername   string       `json:"preferred_username,omitempty"`
	Profile             string       `json:"profile,omitempty"`
	Picture             string       `json:"picture,omitempty"`
	Website             string       `json:"website,omitempty"`
	Email               string       `json:"email,omitempty"`
	Gender              string       `json:"gender,omitempty"`
	Birthdate           string       `json:"birthdate,omitempty"`
	ZoneInfo            string       `json:"zoneinfo,omitempty"`
	Locale              string       `json:"locale,omitempty"`
	PhoneNumber         string       `json:"phone_number,omitempty"`
	PhoneNumberVerified bool         `json:"phone_number_verified,omitempty"`
	EmailVerified       bool         `json:"email_verified,omitempty"`
	Address             AddressClaim `json:"address,omitempty"`
	UpdatedAT           *claims.Time `json:"updated_at,omitempty"`
	auth.Info
}

Claims represents standard claims as defined in OpenID https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims. Claims implements auth.Info and oauth2.ClaimsResolver.

func (Claims) GetID

func (c Claims) GetID() string

GetID return's c.Info.GetID if exist, Otherwise, it return c.Subject.

func (Claims) GetUserName

func (c Claims) GetUserName() string

GetUserName return's c.Info.GetUserName if exist, Otherwise, it return c.PreferredUsername or c.Email.

func (Claims) New

func (c Claims) New() oauth2.ClaimsResolver

New return's a new Claims as oauth2.ClaimsResolver.

func (Claims) Resolve

func (c Claims) Resolve() auth.Info

Resolve return's c as auth.Info.

func (Claims) Verify

func (c Claims) Verify(opts claims.VerifyOptions) (err error)

Verify always return a nil error.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL