Documentation ¶
Index ¶
Constants ¶
const DefaultRedirectURL = "http://localhost:8008/oauth2-redirect"
DefaultRedirectURL is the default URL to which to redirect clients after a code has been obtained. Redirect URLs may have to be registered with your OAuth2 provider.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type App ¶
type App interface { InitialToken() (*oauth2.Token, error) TokenSource(context.Context, *oauth2.Token) oauth2.TokenSource }
App provides a way to get an initial OAuth2 token as well as a continuing token source.
type AuthURLMode ¶
type AuthURLMode string
AuthURLMode describes what kind of auth URL a RemoteAppSource should obtain.
const ( // DirectAuthURLMode queries the remote proxy to get // an auth URL that goes directly to the OAuth2 provider // web page the user must go to in order to obtain // authorization. Although this mode incurs one extra // HTTP request (that is not part of the OAuth2 spec, // it is purely our own), it is perhaps more robust in // more environments, since the browser will access the // auth provider's site directly, meaning that any HTML // or JavaScript on the page that expects HTTPS or a // certain hostname will be able to function correctly. DirectAuthURLMode AuthURLMode = "direct" // ProxiedAuthURLMode makes an auth URL that goes to // the remote proxy, not directly to the provider. // This is perhaps a "purer" approach than // DirectAuthURLMode, but it may not work if HTML or // JavaScript on the provider's auth page expects // a certain scheme or hostname in the page's URL. // This mode usually works when the proxy is running // over HTTPS, but this mode may break depending on // the provider, when the proxy uses HTTP (which // should only be in dev environments of course). // // For example, Google's OAuth2 page will try to set a // secure-context cookie using JavaScript, which fails // if the auth page is proxied through a plaintext HTTP // localhost endpoint, which is what we do during // development for convenience; the lack of HTTPS caused // the page to reload infinitely because, even though // the request was reverse-proxied, the JS on the page // expected HTTPS. (See my self-congratulatory tweet: // https://twitter.com/mholt6/status/1078518306045231104) // Using DirectAuthURLMode is the easiest way around // this problem. ProxiedAuthURLMode AuthURLMode = "proxied" )
type Browser ¶
type Browser struct { // RedirectURL is the URL to redirect the browser // to after the code is obtained; it is usually a // loopback address. If empty, DefaultRedirectURL // will be used instead. RedirectURL string }
Browser gets an OAuth2 code via the web browser.
type Getter ¶
Getter is a type that can get an OAuth2 auth code. It must enforce that the state parameter of the redirected request matches expectedStateVal.
type LocalAppSource ¶
type LocalAppSource struct { // OAuth2Config is the OAuth2 configuration. OAuth2Config *oauth2.Config // AuthCodeGetter is how the auth code // is obtained. If not set, a default // oauth2client.Browser is used. AuthCodeGetter Getter }
LocalAppSource implements oauth2.TokenSource for OAuth2 client apps that have the client app credentials (Client ID and Secret) available locally. The OAuth2 provider is accessed directly using the OAuth2Config field value.
If the OAuth2Config.Endpoint's TokenURL is set but the AuthURL is empty, then it is assumed that this is a two-legged ("client credentials") OAuth2 configuration; i.e. bearer token.
LocalAppSource instances can be ephemeral.
func (LocalAppSource) InitialToken ¶
func (s LocalAppSource) InitialToken() (*oauth2.Token, error)
InitialToken obtains a token using s.OAuth2Config and s.AuthCodeGetter (unless the configuration is for a client credentials / "two-legged" flow).
func (LocalAppSource) TokenSource ¶
func (s LocalAppSource) TokenSource(ctx context.Context, tkn *oauth2.Token) oauth2.TokenSource
TokenSource returns a token source for s.
type OAuth2Info ¶
OAuth2Info contains information for obtaining an auth code.
type RemoteAppSource ¶
type RemoteAppSource struct { // How to obtain the auth URL. // Default: DirectAuthURLMode AuthURLMode AuthURLMode // The URL to the proxy server (its // address + base path). ProxyURL string // The ID of the OAuth2 provider. ProviderID string // The scopes for which to obtain // authorization. Scopes []string // The URL to redirect to to finish // the ceremony. RedirectURL string // How the auth code is obtained. // If not set, a default // oauth2code.Browser is used. AuthCodeGetter Getter }
RemoteAppSource implements oauth2.TokenSource for OAuth2 client apps that have their credentials (Client ID and Secret, as well as endpoint info) stored remotely. Thus, this type obtains tokens through a remote proxy that presumably has the client app credentials, which it will replace before proxying to the provider.
RemoteAppSource values can be ephemeral.
func (RemoteAppSource) InitialToken ¶
func (s RemoteAppSource) InitialToken() (*oauth2.Token, error)
InitialToken obtains an initial token using s.AuthCodeGetter.
func (RemoteAppSource) TokenSource ¶
func (s RemoteAppSource) TokenSource(ctx context.Context, tkn *oauth2.Token) oauth2.TokenSource
TokenSource returns a token source for s.