sdk

package
v0.9.13 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 26, 2017 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package SDK offers convenience functions for Go code around Hydra's HTTP APIs.

 import "github.com/ory-am/hydra/sdk"
 import "github.com/ory-am/hydra/client"

 var hydra, err = sdk.Connect(
	sdk.ClientID("client-id"),
	sdk.ClientSecret("client-secret"),
 	sdk.ClusterURL("https://localhost:4444"),
 )

 // You now have access to the various API endpoints of hydra, for example the oauth2 client endpoint:
 var newClient, err = hydra.Client.CreateClient(&client.Client{
 	ID:                "deadbeef",
 	Secret:            "sup3rs3cret",
 	RedirectURIs:      []string{"http://yourapp/callback"},
 	// ...
 })

 // Retrieve newly created client
 var gotClient, err = hydra.Client.GetClient(newClient.ID)

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClientID

func ClientID(id string) option

ClientID sets the OAuth2 Client ID.

 var hydra, err = sdk.Connect(
	sdk.ClientID("client-id"),
 )

func ClientSecret

func ClientSecret(secret string) option

ClientSecret sets OAuth2 Client secret.

 var hydra, err = sdk.Connect(
	sdk.ClientSecret("client-secret"),
 )

func ClusterURL

func ClusterURL(urlStr string) option

ClusterURL sets Hydra service URL

 var hydra, err = sdk.Connect(
	sdk.ClientID("https://localhost:1234/"),
 )

func FromYAML

func FromYAML(file string) option

FromYAML loads configurations from a YAML file

func Scopes

func Scopes(scopes ...string) option

Scopes is a list of scopes that are requested in the client credentials grant.

var hydra, err = sdk.Connect(
	sdk.Scopes("foo", "bar"),
)

func SkipTLSVerify

func SkipTLSVerify(val ...bool) option

SkipTLSVerify skips TLS verification for HTTPS connections.

 var hydra, err = sdk.Connect(
	sdk.SkipTLSVerify(),
 )

Types

type ChallengeClaims added in v0.7.8

type ChallengeClaims struct {
	// RequestedScopes are the scopes the application requested. Each scope should be explicitly granted by
	// the user.
	RequestedScopes []string `json:"scp"`

	// The ID of the application that initiated the OAuth2 flow.
	Audience string `json:"aud"`

	// RedirectURL is the url where the consent app will send the user after the consent flow has been completed.
	RedirectURL string `json:"redir"`

	// ExpiresAt is a unix timestamp of the expiry time.
	ExpiresAt float64 `json:"exp"`

	// ID is the tokens' ID which will be automatically echoed in the consent response.
	ID string `json:"jti"`
}

ChallengeClaims are the decoded claims of a consent challenge.

func (*ChallengeClaims) Valid added in v0.7.8

func (c *ChallengeClaims) Valid() error

Valid tests if the challenge's claims are valid.

type Client

type Client struct {
	// Clients offers OAuth2 Client management capabilities.
	Clients *client.HTTPManager

	// JSONWebKeys offers JSON Web Key management capabilities.
	JSONWebKeys *jwk.HTTPManager

	// Policies offers Access Policy management capabilities.
	Policies *policy.HTTPManager

	// Warden offers Access Token and Access Request validation strategies (for first-party resource servers).
	Warden *warden.HTTPWarden

	// Introspection offers Access Token and Access Request introspection strategies (according to RFC 7662).
	Introspection *hoauth2.HTTPIntrospector

	// Revocation offers OAuth2 Token Revocation.
	Revocator *hoauth2.HTTPRecovator

	// Groups offers warden group management capabilities.
	Groups *group.HTTPManager

	// Consent helps you verify consent challenges and sign consent responses.
	Consent *Consent
	// contains filtered or unexported fields
}

Client offers easy use of all HTTP clients.

func Connect

func Connect(opts ...option) (*Client, error)

Connect instantiates a new client to communicate with Hydra.

 import "github.com/ory-am/hydra/sdk"

 var hydra, err = sdk.Connect(
	sdk.ClientID("client-id"),
	sdk.ClientSecret("client-secret"),
 	sdk.ClusterURL("https://localhost:4444"),
 )

func (*Client) OAuth2Config added in v0.4.0

func (h *Client) OAuth2Config(redirectURL string, scopes ...string) *oauth2.Config

OAuth2Config returns an oauth2 config instance which you can use to initiate various oauth2 flows.

config := client.OAuth2Config("https://mydomain.com/oauth2_callback", "photos", "contacts.read")
redirectRequestTo := oauth2.AuthCodeURL()

// in callback handler...
token, err := config.Exchange(oauth2.NoContext, authorizeCode)
type Consent struct {
	KeyManager jwk.Manager
}

Consent is a helper for singing and verifying consent challenges. For an exemplary reference implementation, check https://github.com/ory/hydra-consent-app-go

func (*Consent) DenyConsent added in v0.7.8

func (c *Consent) DenyConsent(challenge string) (string, error)

DenyConsent can be used to indicate that the user denied consent. Returns a redirect url or an error if the challenge is invalid.

redirectUrl, _ := c.DenyConsent(challenge)
http.Redirect(w, r, redirectUrl, http.StatusFound)

func (*Consent) GenerateResponse added in v0.7.8

func (c *Consent) GenerateResponse(r *ResponseRequest) (string, error)

GenerateResponse generates a consent response and returns the consent response token, or an error if it is invalid.

redirectUrl, _ := c.GenerateResponse(challenge)
http.Redirect(w, r, redirectUrl, http.StatusFound)

func (*Consent) VerifyChallenge added in v0.7.8

func (c *Consent) VerifyChallenge(challenge string) (*ChallengeClaims, error)

VerifyChallenge verifies a consent challenge and either returns the challenge's claims if it is valid, or an error if it is not.

claims, err := c.VerifyChallenge(challenge)
if err != nil {
  // The challenge is invalid, or the signing key could not be retrieved
}
// ...

type ResponseRequest added in v0.7.8

type ResponseRequest struct {
	// Challenge is the original consent challenge.
	Challenge string

	// Subject will be the sub claim of the access token. Usually this is a resource owner (user).
	Subject string

	// Scopes are the scopes the resource owner granted to the application requesting the access token.
	Scopes []string

	// AccessTokenExtra is arbitrary data that will be available when performing token introspection or warden requests.
	AccessTokenExtra interface{}

	// IDTokenExtra is arbitrary data that will included as a claim in the ID Token, if requested.
	IDTokenExtra interface{}
}

ResponseRequest is being used by the consent response singing helper.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL