Documentation
¶
Index ¶
- Constants
- func PkceChallenge(verifier string) string
- func PkceInit()
- func PkceVerifier(length int) string
- type KeycloakClaims
- type KeycloakToken
- type OClient
- func (oclient *OClient) ApiRequest(w http.ResponseWriter, r *http.Request, service, method, url string, ...) (response *http.Response, err error)
- func (oclient *OClient) AuthLink(r *http.Request, authtype string, service string) (result string)
- func (oclient *OClient) DeleteCookieSession(w http.ResponseWriter, r *http.Request)
- func (oclient *OClient) ExchangeCode(w http.ResponseWriter, r *http.Request, code string, state string) (err error)
- func (oclient *OClient) GetSession(r *http.Request) (kcClaims *KeycloakClaims, isAuthenticated bool, token string, err error)
- type State
Constants ¶
View Source
const ( KEYCLOAK = "keycloak" STRAVA = "strava" LINKEDIN = "linkedin" SPOTIFY = "spotify" GITHUB = "github" FITBIT = "fitbit" OURA = "oura" AUTHORIZE = "authorization_code" REFRESH = "refresh_token" SECRET = "secret" PKCE = "pkce" SESSION_NAME = "oclient-session" COOKIE_NAME = "oclient-cookie" )
View Source
const ( GcPeriod = 60 //minutes - minimum ideal time between GC runs (unless MaxState) InitAuthTimeout = 10 //minutes - amount of time user has to complete Authorization and get Access Code from Authorization Server MaxState = 400 //max allowed length of state map, to prevent malicious memory overflow )
View Source
const DELTASECS = 5
subtract a small delta from exires_at to account for transport time
Variables ¶
This section is empty.
Functions ¶
func PkceChallenge ¶
base64-URL-encoded SHA256 hash of verifier, per rfc 7636
Types ¶
type KeycloakClaims ¶
type KeycloakClaims struct {
jwt.StandardClaims
Exp int `json:"exp,omitempty"`
Iat int `json:"iat,omitempty"`
AuthTime int `json:"auth_time,omitempty"`
Jti string `json:"jti,omitempty"`
Iss string `json:"iss,omitempty"`
Audience string `json:"aud,omitempty"`
Sub string `json:"sub,omitempty"`
Typ string `json:"typ,omitempty"`
Azp string `json:"azp,omitempty"`
SessionState string `json:"session_state,omitempty"`
AtHash string `json:"at_hash,omitempty"`
Acr string `json:"acr,omitempty"`
Sid string `json:"sid,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
Name string `json:"name,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
Email string `json:"email,omitempty"`
}
func (*KeycloakClaims) String ¶
func (kc *KeycloakClaims) String() (string, error)
type KeycloakToken ¶
type KeycloakToken struct {
AccessToken string `json:"access_token"`
ExpiresIn int64 `json:"expires_in"`
ExpiresAt int64 `json:"expires_at"`
IDToken string `json:"id_token"`
NotBeforePolicy int `json:"not-before-policy"`
RefreshExpiresIn int `json:"refresh_expires_in"`
RefreshToken string `json:"refresh_token"`
Scope string `json:"scope"`
SessionState string `json:"session_state"`
TokenType string `json:"token_type"`
}
func (*KeycloakToken) String ¶
func (kcToken *KeycloakToken) String() (string, error)
type OClient ¶
type OClient struct {
// contains filtered or unexported fields
}
func (*OClient) ApiRequest ¶
func (oclient *OClient) ApiRequest(w http.ResponseWriter, r *http.Request, service, method, url string, data map[string]interface{}) (response *http.Response, err error)
make call to a resource api, add oauth bearer token
func (*OClient) DeleteCookieSession ¶
func (oclient *OClient) DeleteCookieSession(w http.ResponseWriter, r *http.Request)
func (*OClient) ExchangeCode ¶
func (oclient *OClient) ExchangeCode(w http.ResponseWriter, r *http.Request, code string, state string) (err error)
exchange the Authorization Code for Access Token
func (*OClient) GetSession ¶
Source Files
Click to show internal directories.
Click to hide internal directories.