oauth2

package
v0.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 28, 2024 License: GPL-3.0 Imports: 10 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewClient 

func NewClient(tokenSource TokenSource, scope string) *http.Client

func ParseProtectedResourceMetadataURL 

func ParseProtectedResourceMetadataURL(response *http.Response) *url.URL

ParseProtectedResourceMetadataURL returns the URL of the protected resource metadata according to https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-07.html, if the HTTP response contains a WWW-Authenticate header according to the specification. If the header is not present, does not contain the WWW-Authenticate header or the header does not contain the protected resource metadata URL, nil is returned.

func ProtectedResourceMetadataLocator 

func ProtectedResourceMetadataLocator(metadataLoader *MetadataLoader, response *http.Response) (*url.URL, error)

ProtectedResourceMetadataLocator tries to load the OAuth2 Authorization Server URL for a resource server, using protected resource metadata provided by the resource server. It tries to locate the URL of the resource metadata using the following options:

  • resource URI specified in request context
  • WWW-Authenticate header in the response (specified by the draft RFC).

func WithResourceURI 

func WithResourceURI(ctx context.Context, uri string) context.Context

WithResourceURI returns a new context with the given resource URI, which will be used to fetch the protected resource metadata when using ProtectedResourceMetadataLocator. This is useful when the resource server is not able to provide the protected resource metadata URL in the WWW-Authenticate response header. E.g., when an API gateway is used that allows limited control over the response headers.

func WithScope 

func WithScope(ctx context.Context, scope string) context.Context

WithScope returns a new context with the given OAuth2 scope, which will override the default scope set in the OAuth2 client.

Types

type AuthorizationServerLocator 

type AuthorizationServerLocator func(metadataLoader *MetadataLoader, response *http.Response) (*url.URL, error)

AuthorizationServerLocator is a function that determines the URL of the OAuth2 Authorization Server from an OAuth2 Resource Server response. If the Authorization Server URL cannot be determined, the function returns nil.

func StaticAuthorizationServerURL 

func StaticAuthorizationServerURL(u *url.URL) AuthorizationServerLocator

StaticAuthorizationServerURL returns an AuthorizationServerLocator that always returns the same URL.

type AuthorizationServerMetadata 

type AuthorizationServerMetadata struct {
	// AuthorizationEndpoint is the URL of the OAuth2 Authorization Endpoint.
	AuthorizationEndpoint string `json:"authorization_endpoint"`
}

type HttpRequestDoer 

type HttpRequestDoer interface {
	Do(req *http.Request) (*http.Response, error)
}

type MetadataLoader 

type MetadataLoader struct {
	Client HttpRequestDoer
}

MetadataLoader loads metadata from a URL and unmarshals it into a target struct. TODO: add caching

func (MetadataLoader) Load 

func (m MetadataLoader) Load(metadataUrl string, target interface{}) error

type ProtectedResourceMetadata 

type ProtectedResourceMetadata struct {
	// Resource contains the protected resource's resource identifier, which is a URL that uses the https scheme and has no query or fragment components.
	Resource string `json:"resource"`
	// AuthorizationServers contains a JSON array containing a list of OAuth authorization server issuer identifiers,
	// as defined in [RFC8414], for authorization servers that can be used with this protected resource.
	// Protected resources MAY choose not to advertise some supported authorization servers even when this parameter is used.
	// In some use cases, the set of authorization servers will not be enumerable, in which case this metadata parameter would not be used.
	AuthorizationServers []string `json:"authorization_servers"`
	// BearerMethodsSupported contains a JSON array containing a list of the supported methods of sending an OAuth 2.0 Bearer Token [RFC6750]
	// to the protected resource. Defined values are ["header", "body", "query"], corresponding to Sections 2.1, 2.2, and 2.3 of RFC 6750.
	BearerMethodsSupported []string `json:"bearer_methods_supported"`
}

ProtectedResourceMetadata contains metadata about a protected resource according to https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-07.html

type Token 

type Token struct {
	AccessToken string
	TokenType   string
	Expiry      *time.Time
}

type TokenSource 

type TokenSource interface {
	Token(httpRequest *http.Request, authzServerURL *url.URL, scope string) (*Token, error)
}

type Transport 

type Transport struct {
	TokenSource         TokenSource
	MetadataLoader      *MetadataLoader
	Scope               string
	UnderlyingTransport http.RoundTripper
	AuthzServerLocators []AuthorizationServerLocator
}

func (*Transport) RoundTrip 

func (o *Transport) RoundTrip(httpRequest *http.Request) (*http.Response, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.