apple

package
v1.64.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 15, 2020 License: MIT Imports: 15 Imported by: 20

Documentation

Overview

Package `apple` implements the OAuth2 protocol for authenticating users through Apple. This package can be used as a reference implementation of an OAuth2 provider for Goth.

Index

Constants

View Source
const (
	ScopeEmail = "email"
	ScopeName  = "name"

	AppleAudOrIss = "https://appleid.apple.com"
)

Variables

This section is empty.

Functions

func MakeSecret

func MakeSecret(sp SecretParams) (*string, error)

Types

type ID

type ID struct {
	Sub            string `json:"sub"`
	Email          string `json:"email"`
	IsPrivateEmail bool   `json:"is_private_email"`
}

type IDTokenClaims

type IDTokenClaims struct {
	jwt.StandardClaims
	AccessTokenHash string `json:"at_hash"`
	AuthTime        int    `json:"auth_time"`
	Email           string `json:"email"`
	IsPrivateEmail  bool   `json:"is_private_email,string"`
}

type Provider

type Provider struct {
	// contains filtered or unexported fields
}

func New

func New(clientId, secret, redirectURL string, httpClient *http.Client, scopes ...string) *Provider

func (Provider) BeginAuth

func (p Provider) BeginAuth(state string) (goth.Session, error)

func (Provider) Client

func (p Provider) Client() *http.Client

func (Provider) ClientId

func (p Provider) ClientId() string

func (Provider) Debug

func (Provider) Debug(bool)

Debug is a no-op for the apple package.

func (Provider) FetchUser

func (p Provider) FetchUser(session goth.Session) (goth.User, error)

Apple doesn't seem to provide a user profile endpoint like all the other providers do. Therefore this will return a User with the unique identifier obtained through authorization as the only identifying attribute. A full name and email can be obtained from the form post response to the redirect page following authentication, if the name are email scopes are requested. Additionally, if the response type is form_post and the email scope is requested, the email will be encoded into the ID token in the email claim.

func (Provider) Name

func (p Provider) Name() string

func (Provider) RedirectURL

func (p Provider) RedirectURL() string

func (Provider) RefreshToken

func (p Provider) RefreshToken(refreshToken string) (*oauth2.Token, error)

func (Provider) RefreshTokenAvailable

func (Provider) RefreshTokenAvailable() bool

func (Provider) Secret

func (p Provider) Secret() string

func (*Provider) SetName

func (p *Provider) SetName(name string)

func (Provider) UnmarshalSession

func (Provider) UnmarshalSession(data string) (goth.Session, error)

type SecretParams

type SecretParams struct {
	PKCS8PrivateKey, TeamId, KeyId, ClientId string
	Iat, Exp                                 int
}

type Session

type Session struct {
	AuthURL      string
	AccessToken  string
	RefreshToken string
	ExpiresAt    time.Time
	ID
}

func (*Session) Authorize

func (s *Session) Authorize(provider goth.Provider, params goth.Params) (string, error)

func (Session) GetAuthURL

func (s Session) GetAuthURL() (string, error)

func (Session) Marshal

func (s Session) Marshal() string

func (Session) String

func (s Session) String() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL