oauthproxy

package module
v0.0.0-...-eaed519 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 26, 2024 License: MIT Imports: 35 Imported by: 0

README

Oauth Proxy

This proxy is created to allow multiple clients (programs, servers) to use the same Oauth token to be used simultaneously and keeping the latest (refresh) token in sync in multiple processes.

This is a proxy specifically for Oauth token calls. It intercepts calls to the token endpoint of a Oauth provider. The proxy keeps a local database of the tokens and expire times. Whenever a token is to expire, the proxy refreshes the token with a call to the original provider endpoint and stores the new tokens (refresh token and access token) centrally. So is ensured every client uses the same refresh token, access token and expire time. The proxy takes care of making calls to the original token endpoint.

       +----------+
       |          |
       |  Oauth   |
       | provider |
       |          |
       +----+-----+
            ^
            |
            v
       +----+-----+
       |          |
       |  Oauth   |
       |  proxy   |
       |          |
       +-+------+-+
         ^      ^
         |      |
     +---+      +---+
     |              |
+----+-----+   +----+-----+
|          |   |          |
|  Oauth   |   |  Oauth   |
|  client  |   |  client  |
|          |   |          |
+----------+   +----------+

Installation

go get github.com/omniboost/oauth-proxy/bin/oauth-proxy

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	GRAFANA_LOKI_URL   = os.Getenv("GRAFANA_LOKI_URL")
	GRAFANA_LOKI_USER  = os.Getenv("GRAFANA_LOKI_USER")
	GRAFANA_LOKI_TOKEN = os.Getenv("GRAFANA_LOKI_TOKEN")
)
View Source 
var Assets = func() http.FileSystem {
	fs := vfsgen۰FS{
		"/": &vfsgen۰DirInfo{
			name:    "/",
			modTime: time.Date(2018, 9, 28, 8, 44, 52, 405762943, time.UTC),
		},
		"/empty.sqlite3": &vfsgen۰CompressedFileInfo{
			name:             "empty.sqlite3",
			modTime:          time.Date(2018, 9, 28, 8, 21, 57, 583127862, time.UTC),
			uncompressedSize: 16384,

			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\xec\xd7\x41\x6b\xdb\x30\x14\x07\x70\x39\x29\x2b\xf6\x48\xe9\xcd\x3b\xea\x12\x68\x68\xd8\x65\x5f\x60\x5e\x2b\x86\x59\xe2\xb4\xae\x02\xcd\x61\xd8\x9a\xfd\xba\x89\x25\xb6\x63\x29\xac\x3b\x6e\x83\x7d\xb6\x7d\xac\xd1\x2c\x6b\xd3\xb4\xa6\x63\xb0\x15\xc2\xff\x77\x92\xde\x93\xff\xd8\x0f\x7c\xd0\xd9\xe9\x40\x5b\xe2\x17\x65\x3d\x53\x96\xbf\x60\xfb\xcc\x71\xd8\x4b\xce\x19\x63\x0e\x63\x6c\x87\xdd\x68\x6d\xec\x1d\xf6\x30\x87\x3d\x7f\xf6\xa3\xc3\x18\x6b\x77\x7c\xb6\xf7\x76\xef\x69\xc7\xff\x83\xa7\x00\x00\x00\x00\x00\x00\xfe\x9f\x2f\xf3\xf6\xae\xff\xa9\xeb\x7c\x3d\xd3\x45\x4e\x97\xa5\x4d\x54\x55\x25\xd9\x54\x53\x61\x13\x9d\xff\x5e\x19\xca\x6a\xb2\x49\x59\xeb\xf7\xba\x50\xd3\xa4\xa6\x8b\x9a\xcc\x87\xc4\x96\x1f\xa9\x28\xd5\xc2\xae\x96\x66\xe7\x28\x16\x81\x14\x7c\x1c\x85\xa7\x63\xc1\xc3\xe8\x58\x9c\xf3\xf4\xaf\x62\x53\x3e\x8a\x78\xba\x1e\x9e\xf2\x03\xcf\x4d\x55\x55\xa5\x7d\xcf\x4d\xaf\xd3\xd6\x77\xbf\x12\x97\x95\x86\x54\xaf\x77\xd2\x7a\xe2\x1f\x1e\x3a\x13\xab\xde\x4d\xc9\xcc\xa7\xda\x52\x62\x68\xbe\xa0\x22\xdb\xdc\xb6\x57\x9f\x23\x83\x57\x03\xc1\x37\x9a\x07\x85\x9a\x51\xdf\xd0\xbc\xf7\x8d\x3b\xbb\x7e\xb7\xeb\x7c\x6f\x2f\x33\xd7\xdf\x79\x7d\xdd\xba\x95\x76\xcf\xa7\xe9\x3c\x75\xc3\x48\x8a\xd7\x22\xe6\xd1\x48\xf2\x68\x3c\x18\xf0\x93\x38\x1c\x06\xf1\x84\xbf\x11\x13\x1e\x8c\xe5\x28\x8c\x8e\x62\x31\x14\x91\xec\xaf\x86\xe1\x4a\x71\x2e\xaf\xcf\x5f\x55\xed\xe7\x8a\xee\x29\xdf\x4c\xac\xb1\xb7\x9a\xdf\xdd\x7e\xc3\x34\xef\x1e\x7c\xa8\xaf\xb2\x8c\x8c\x69\x6c\xd3\x65\xa5\x6b\x32\x89\xb2\xa9\x9b\x2b\x4b\x56\xcf\x68\xf9\x7e\x35\x29\x4b\xf9\xb2\x7e\x1c\x48\x21\xc3\xa1\xb8\xf5\xe0\xa2\xca\x9b\x0f\x78\xbd\xab\xbb\x39\xdb\x7f\xec\xdf\x0d\x00\x00\x00\x00\x00\x00\x00\xfe\x25\xdc\xff\x01\x00\x00\x00\x00\x00\x00\xb6\x9f\xc7\x70\xff\x07\x00\x00\x00\x00\x00\x00\xd8\x76\x3f\x03\x00\x00\xff\xff\xcb\xec\x59\x8d\x00\x40\x00\x00"),
		},
		"/generate.go": &vfsgen۰CompressedFileInfo{
			name:             "generate.go",
			modTime:          time.Date(2018, 9, 28, 8, 44, 52, 405762943, time.UTC),
			uncompressedSize: 280,

			compressedContent: []byte("\x1f\x8b\x08\x00\x00\x00\x00\x00\x00\xff\x34\x8e\x41\x4b\xc4\x40\x0c\x46\xcf\xc9\xaf\x88\x39\xb5\xb0\x74\xef\x0b\x3d\x08\xb2\x5e\x44\x05\xc1\x7b\xb6\xa4\xed\xe0\x74\xa6\x64\xd2\xc5\x65\xe9\x7f\x97\x5a\xbd\x7e\x21\xef\xbd\x59\xba\x2f\x19\x94\x26\x09\x09\x31\x4c\x73\x36\xa7\x0a\x81\x63\x1e\x18\x81\x93\xfa\x71\x74\x9f\x19\x11\x78\x08\x3e\x2e\x97\xa6\xcb\xd3\xb1\x8c\x8b\x75\x39\xbf\x1c\xaf\x7d\x19\x34\x31\xd6\x88\xfd\x92\xba\x5f\x50\x55\xd3\x1d\xe1\x2a\x46\x7d\xa1\xed\xbb\x39\x87\xa8\x1f\xb7\xe2\x3a\x51\xbb\x2f\x4f\xc1\x2a\x96\x52\xd4\x0b\xd7\x08\x6a\x46\xa7\x96\x76\x5a\xf3\xac\x49\x4d\x5c\xab\xbe\x1c\xfe\xb7\xb7\xd9\x43\x4e\xe5\x8e\x00\xef\x7b\xf4\xab\x4c\x7a\x22\xe2\x2c\x8b\x8f\xb3\xe5\xef\x1b\x1f\x10\xe0\x53\x2c\xc8\x25\xfe\x9d\xf9\x71\x77\x1c\x10\xd6\x1a\x21\xf4\xb4\xa9\x1e\x5a\x4a\x21\x6e\x95\x10\xf3\xd0\x9c\xc5\x25\xc6\x54\xa9\x59\x8d\xb0\xe2\x8a\x3f\x01\x00\x00\xff\xff\x55\x2f\x3b\x33\x18\x01\x00\x00"),
		},
	}
	fs["/"].(*vfsgen۰DirInfo).entries = []os.FileInfo{
		fs["/empty.sqlite3"].(os.FileInfo),
		fs["/generate.go"].(os.FileInfo),
	}

	return fs
}()

Assets statically implements the virtual filesystem provided to vfsgen.

Functions

func PushRequestResponseToGrafana 

func PushRequestResponseToGrafana(r *http.Request, w http.ResponseWriter, metrics httpsnoop.Metrics) error

Types

type ErrorResponse 

type ErrorResponse struct {
	// acceptable:
	// - invalid_request
	// - invalid_client
	// - invalid_grant
	// - invalid_scope
	// - unauthorized_client
	// - unsupported_grant_type
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description,omitempty"`
	ErrorURI         string `json:"error_uri,omitempty"`
}

type RawMessages 

type RawMessages map[string]json.RawMessage

type RevokeRequest 

type RevokeRequest struct {
	// contains filtered or unexported fields
}

type RoundTripperWithSave 

type RoundTripperWithSave struct {
	// contains filtered or unexported fields
}

func NewRoundTripperWithSave 

func NewRoundTripperWithSave(rtp http.RoundTripper) *RoundTripperWithSave

func (*RoundTripperWithSave) LastResponseBody 

func (rt *RoundTripperWithSave) LastResponseBody() io.Reader

func (*RoundTripperWithSave) RoundTrip 

func (rt *RoundTripperWithSave) RoundTrip(req *http.Request) (*http.Response, error)

type Server 

type Server struct {
	// contains filtered or unexported fields
}

func NewServer 

func NewServer() (*Server, error)

func (*Server) Addr 

func (s *Server) Addr() string

func (*Server) ErrorResponse 

func (s *Server) ErrorResponse(w http.ResponseWriter, err error)

func (*Server) GetTokenRequestParamsFromFormRequest 

func (s *Server) GetTokenRequestParamsFromFormRequest(r *http.Request) (providers.TokenRequestParams, error)

func (*Server) GetTokenRequestParamsFromJSONRequest 

func (s *Server) GetTokenRequestParamsFromJSONRequest(r *http.Request) (providers.TokenRequestParams, error)

func (*Server) GetTokenRequestParamsFromRequest 

func (s *Server) GetTokenRequestParamsFromRequest(r *http.Request) (providers.TokenRequestParams, error)

func (*Server) GetTokenRevokeParamsFromRequest 

func (s *Server) GetTokenRevokeParamsFromRequest(r *http.Request) (TokenRevokeParams, error)

func (*Server) NewClient 

func (s *Server) NewClient() *http.Client

func (*Server) NewDB 

func (s *Server) NewDB() (*sql.DB, error)

func (*Server) NewHTTP 

func (s *Server) NewHTTP() *http.Server

func (*Server) NewProviderRevokeHandler 

func (s *Server) NewProviderRevokeHandler(provider providers.RevokeProvider) http.HandlerFunc

func (*Server) NewProviderTokenHandler 

func (s *Server) NewProviderTokenHandler(provider providers.Provider) http.HandlerFunc

func (*Server) NewProviders 

func (s *Server) NewProviders() providers.Providers

func (*Server) NewRouter 

func (s *Server) NewRouter() *http.ServeMux

func (*Server) RequestToken 

func (s *Server) RequestToken(provider providers.Provider, params providers.TokenRequestParams) (*Token, error)

func (*Server) RevokeToken 

func (s *Server) RevokeToken(provider providers.RevokeProvider, params TokenRevokeParams) (*http.Response, error)

func (*Server) SetDB 

func (s *Server) SetDB(db *sql.DB)

func (*Server) SetHTTP 

func (s *Server) SetHTTP(http *http.Server)

func (*Server) SetPort 

func (s *Server) SetPort(port int)

func (*Server) SetProviders 

func (s *Server) SetProviders(pp providers.Providers)

func (*Server) SetRouter 

func (s *Server) SetRouter(r *http.ServeMux)

func (*Server) Start 

func (s *Server) Start() error

func (*Server) StartLambda 

func (s *Server) StartLambda() error

func (*Server) StartLocal 

func (s *Server) StartLocal() error

func (*Server) Stop 

func (s *Server) Stop() error

type Token 

type Token struct {
	*oauth2.Token
	Raw map[string]json.RawMessage
}

type TokenRequest 

type TokenRequest struct {
	// contains filtered or unexported fields
}

type TokenRequestBody 

type TokenRequestBody struct {
	RefreshToken string `json:"refresh_token"`
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	Code         string `json:"code"`
	RedirectURL  string `json:"redirect_uri"`
	CodeVerifier string `json:"code_verifier,omitempty"`

	RawMessages
}

func (*TokenRequestBody) UnmarshalJSON 

func (rb *TokenRequestBody) UnmarshalJSON(data []byte) error

func (TokenRequestBody) Validate 

func (rb TokenRequestBody) Validate() []error

type TokenRequestResult 

type TokenRequestResult struct {
	// contains filtered or unexported fields
}

type TokenRequester 

type TokenRequester struct {
	// contains filtered or unexported fields
}

func NewTokenRequester 

func NewTokenRequester(db *sql.DB, provider providers.Provider) *TokenRequester

func (*TokenRequester) AddTokenToTokenRequest 

func (tr *TokenRequester) AddTokenToTokenRequest(db mysql.DB, request *mysql.TokenRequest, token Token) (*mysql.TokenRequest, error)

func (*TokenRequester) CodeExchange 

func (tr *TokenRequester) CodeExchange(req TokenRequest) (*Token, error)

func (*TokenRequester) DBTokenFromDB 

func (tr *TokenRequester) DBTokenFromDB(db mysql.DB, params providers.TokenRequestParams) (*mysql.OauthToken, error)

func (*TokenRequester) DBTokenToOauth2Token 

func (tr *TokenRequester) DBTokenToOauth2Token(dbToken *mysql.OauthToken) (*Token, error)

func (*TokenRequester) FetchNewToken 

func (tr *TokenRequester) FetchNewToken(params providers.TokenRequestParams) (*oauth2.Token, error)

func (*TokenRequester) Listen 

func (tr *TokenRequester) Listen()

func (*TokenRequester) NewTokenRequest 

func (tr *TokenRequester) NewTokenRequest(params providers.TokenRequestParams) TokenRequest

func (*TokenRequester) Request 

func (tr *TokenRequester) Request(params providers.TokenRequestParams) (*Token, error)

func (*TokenRequester) SaveNewTokenRequest 

func (tr *TokenRequester) SaveNewTokenRequest(db mysql.DB, params providers.TokenRequestParams) (*mysql.TokenRequest, error)

func (*TokenRequester) SaveToken 

func (tr *TokenRequester) SaveToken(db mysql.DB, token *Token, params providers.TokenRequestParams) (mysql.OauthToken, error)

func (*TokenRequester) Start 

func (tr *TokenRequester) Start()

func (*TokenRequester) Stop 

func (tr *TokenRequester) Stop()

func (*TokenRequester) TokenFromDB 

func (tr *TokenRequester) TokenFromDB(db mysql.DB, params providers.TokenRequestParams) (*Token, error)

func (*TokenRequester) TokenRefresh 

func (tr *TokenRequester) TokenRefresh(req TokenRequest) (*Token, error)

type TokenResponseBody 

type TokenResponseBody struct {
	TokenType    string `json:"token_type"`
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`

	RawMessages `json:"-"`
}

func (TokenResponseBody) MarshalJSON 

func (rb TokenResponseBody) MarshalJSON() ([]byte, error)

func (*TokenResponseBody) UnmarshalJSON 

func (rb *TokenResponseBody) UnmarshalJSON(data []byte) error

type TokenRevokeParams 

type TokenRevokeParams struct {
	Token         string `schema:"token"`
	TokenTypeHint string `schema:"token_type_hint"`
	Request       *http.Request
}

type TokenRevokeResult 

type TokenRevokeResult struct {
	// contains filtered or unexported fields
}

type TokenRevoker 

type TokenRevoker struct {
	// contains filtered or unexported fields
}

func NewTokenRevoker 

func NewTokenRevoker(db *sql.DB, provider providers.RevokeProvider) *TokenRevoker

func (*TokenRevoker) Listen 

func (tr *TokenRevoker) Listen()

func (*TokenRevoker) NewTokenRevoke 

func (tr *TokenRevoker) NewTokenRevoke(params TokenRevokeParams) RevokeRequest

func (*TokenRevoker) Revoke 

func (tr *TokenRevoker) Revoke(params TokenRevokeParams) (*http.Response, error)

func (*TokenRevoker) Start 

func (tr *TokenRevoker) Start()

Source Files

View all Source files

Directories

Path Synopsis
bin
convert-sqlite-to-mysql
oauth-proxy
oauth-proxy/cmd
Package db contains generated code for schema 'oauth_proxy'.
 Package db contains generated code for schema 'oauth_proxy'.
Package db contains generated code for schema 'production.sqlite3'.
 Package db contains generated code for schema 'production.sqlite3'.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.