Documentation ¶
Index ¶
- func Compose(config *Config, storage interface{}, strategy interface{}, ...) fosite.OAuth2Provider
- func ComposeAllEnabled(config *Config, storage interface{}, secret []byte, key *rsa.PrivateKey) fosite.OAuth2Provider
- func NewOAuth2HMACStrategy(config *Config, secret []byte, rotatedSecrets [][]byte) *oauth2.HMACSHAStrategy
- func NewOAuth2JWTECDSAStrategy(key *ecdsa.PrivateKey, strategy *oauth2.HMACSHAStrategy) *oauth2.DefaultJWTStrategy
- func NewOAuth2JWTECDSAStrategyWithIssuer(key *ecdsa.PrivateKey, strategy *oauth2.HMACSHAStrategy, issuer string) *oauth2.DefaultJWTStrategy
- func NewOAuth2JWTStrategy(key *rsa.PrivateKey, strategy *oauth2.HMACSHAStrategy) *oauth2.DefaultJWTStrategy
- func NewOAuth2JWTStrategyWithIssuer(key *rsa.PrivateKey, strategy *oauth2.HMACSHAStrategy, issuer string) *oauth2.DefaultJWTStrategy
- func NewOpenIDConnectECDSAStrategy(config *Config, key *ecdsa.PrivateKey) *openid.DefaultStrategy
- func NewOpenIDConnectStrategy(config *Config, key *rsa.PrivateKey) *openid.DefaultStrategy
- func OAuth2AuthorizeExplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OAuth2AuthorizeImplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OAuth2ClientCredentialsGrantFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OAuth2PKCEFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OAuth2RefreshTokenGrantFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OAuth2ResourceOwnerPasswordCredentialsFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OAuth2StatelessJWTIntrospectionFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OAuth2TokenIntrospectionFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OAuth2TokenRevocationFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OpenIDConnectExplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OpenIDConnectHybridFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OpenIDConnectImplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- func OpenIDConnectRefreshFactory(config *Config, storage interface{}, strategy interface{}) interface{}
- type CommonStrategy
- type Config
- func (c *Config) GetAccessTokenLifespan() time.Duration
- func (c *Config) GetAudienceStrategy() fosite.AudienceMatchingStrategy
- func (c *Config) GetAuthorizeCodeLifespan() time.Duration
- func (c *Config) GetHashCost() int
- func (c *Config) GetIDTokenLifespan() time.Duration
- func (c *Config) GetJWKSFetcherStrategy() fosite.JWKSFetcherStrategy
- func (c *Config) GetMinParameterEntropy() int
- func (c *Config) GetRedirectSecureChecker() func(*url.URL) bool
- func (c *Config) GetRefreshTokenLifespan() time.Duration
- func (c *Config) GetRefreshTokenScopes() []string
- func (c *Config) GetScopeStrategy() fosite.ScopeStrategy
- func (c *Config) GetTokenEntropy() int
- type Factory
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Compose ¶
func Compose(config *Config, storage interface{}, strategy interface{}, hasher fosite.Hasher, factories ...Factory) fosite.OAuth2Provider
Compose takes a config, a storage, a strategy and handlers to instantiate an OAuth2Provider:
import "github.com/ory/fosite/compose" // var storage = new(MyFositeStorage) var config = Config { AccessTokenLifespan: time.Minute * 30, // check Config for further configuration options } var strategy = NewOAuth2HMACStrategy(config) var oauth2Provider = Compose( config, storage, strategy, NewOAuth2AuthorizeExplicitHandler, OAuth2ClientCredentialsGrantFactory, // for a complete list refer to the docs of this package )
Compose makes use of interface{} types in order to be able to handle a all types of stores, strategies and handlers.
func ComposeAllEnabled ¶
func ComposeAllEnabled(config *Config, storage interface{}, secret []byte, key *rsa.PrivateKey) fosite.OAuth2Provider
ComposeAllEnabled returns a fosite instance with all OAuth2 and OpenID Connect handlers enabled.
func NewOAuth2HMACStrategy ¶
func NewOAuth2HMACStrategy(config *Config, secret []byte, rotatedSecrets [][]byte) *oauth2.HMACSHAStrategy
func NewOAuth2JWTECDSAStrategy ¶ added in v0.32.4
func NewOAuth2JWTECDSAStrategy(key *ecdsa.PrivateKey, strategy *oauth2.HMACSHAStrategy) *oauth2.DefaultJWTStrategy
func NewOAuth2JWTECDSAStrategyWithIssuer ¶ added in v0.32.4
func NewOAuth2JWTECDSAStrategyWithIssuer(key *ecdsa.PrivateKey, strategy *oauth2.HMACSHAStrategy, issuer string) *oauth2.DefaultJWTStrategy
func NewOAuth2JWTStrategy ¶
func NewOAuth2JWTStrategy(key *rsa.PrivateKey, strategy *oauth2.HMACSHAStrategy) *oauth2.DefaultJWTStrategy
func NewOAuth2JWTStrategyWithIssuer ¶ added in v0.32.2
func NewOAuth2JWTStrategyWithIssuer(key *rsa.PrivateKey, strategy *oauth2.HMACSHAStrategy, issuer string) *oauth2.DefaultJWTStrategy
func NewOpenIDConnectECDSAStrategy ¶ added in v0.32.4
func NewOpenIDConnectECDSAStrategy(config *Config, key *ecdsa.PrivateKey) *openid.DefaultStrategy
func NewOpenIDConnectStrategy ¶
func NewOpenIDConnectStrategy(config *Config, key *rsa.PrivateKey) *openid.DefaultStrategy
func OAuth2AuthorizeExplicitFactory ¶
func OAuth2AuthorizeExplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2AuthorizeExplicitFactory creates an OAuth2 authorize code grant ("authorize explicit flow") handler and registers an access token, refresh token and authorize code validator.
func OAuth2AuthorizeImplicitFactory ¶
func OAuth2AuthorizeImplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2AuthorizeImplicitFactory creates an OAuth2 implicit grant ("authorize implicit flow") handler and registers an access token, refresh token and authorize code validator.
func OAuth2ClientCredentialsGrantFactory ¶
func OAuth2ClientCredentialsGrantFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2ClientCredentialsGrantFactory creates an OAuth2 client credentials grant handler and registers an access token, refresh token and authorize code validator.
func OAuth2PKCEFactory ¶ added in v0.16.4
func OAuth2PKCEFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2PKCEFactory creates a PKCE handler.
func OAuth2RefreshTokenGrantFactory ¶
func OAuth2RefreshTokenGrantFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2RefreshTokenGrantFactory creates an OAuth2 refresh grant handler and registers an access token, refresh token and authorize code validator.
func OAuth2ResourceOwnerPasswordCredentialsFactory ¶
func OAuth2ResourceOwnerPasswordCredentialsFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2ResourceOwnerPasswordCredentialsFactory creates an OAuth2 resource owner password credentials grant handler and registers an access token, refresh token and authorize code validator.
func OAuth2StatelessJWTIntrospectionFactory ¶ added in v0.6.17
func OAuth2StatelessJWTIntrospectionFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2StatelessJWTIntrospectionFactory creates an OAuth2 token introspection handler and registers an access token validator. This can only be used to validate JWTs and does so statelessly, meaning it uses only the data available in the JWT itself, and does not access the storage implementation at all.
Due to the stateless nature of this factory, THE BUILT-IN REVOCATION MECHANISMS WILL NOT WORK. If you need revocation, you can validate JWTs statefully, using the other factories.
func OAuth2TokenIntrospectionFactory ¶ added in v0.5.0
func OAuth2TokenIntrospectionFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2TokenIntrospectionFactory creates an OAuth2 token introspection handler and registers an access token and refresh token validator.
func OAuth2TokenRevocationFactory ¶ added in v0.4.0
func OAuth2TokenRevocationFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OAuth2TokenRevocationFactory creates an OAuth2 token revocation handler.
func OpenIDConnectExplicitFactory ¶ added in v0.5.0
func OpenIDConnectExplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OpenIDConnectExplicitFactory creates an OpenID Connect explicit ("authorize code flow") grant handler.
**Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
func OpenIDConnectHybridFactory ¶ added in v0.5.0
func OpenIDConnectHybridFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OpenIDConnectHybridFactory creates an OpenID Connect hybrid grant handler.
**Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
func OpenIDConnectImplicitFactory ¶ added in v0.5.0
func OpenIDConnectImplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OpenIDConnectImplicitFactory creates an OpenID Connect implicit ("implicit flow") grant handler.
**Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
func OpenIDConnectRefreshFactory ¶ added in v0.11.0
func OpenIDConnectRefreshFactory(config *Config, storage interface{}, strategy interface{}) interface{}
OpenIDConnectRefreshFactory creates a handler for refreshing openid connect tokens.
**Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
Types ¶
type CommonStrategy ¶
type CommonStrategy struct { oauth2.CoreStrategy openid.OpenIDConnectTokenStrategy jwt.JWTStrategy }
type Config ¶
type Config struct { // AccessTokenLifespan sets how long an access token is going to be valid. Defaults to one hour. AccessTokenLifespan time.Duration // RefreshTokenLifespan sets how long a refresh token is going to be valid. Defaults to 30 days. Set to -1 for // refresh tokens that never expire. RefreshTokenLifespan time.Duration // AuthorizeCodeLifespan sets how long an authorize code is going to be valid. Defaults to fifteen minutes. AuthorizeCodeLifespan time.Duration // IDTokenLifespan sets the default id token lifetime. Defaults to one hour. IDTokenLifespan time.Duration // IDTokenIssuer sets the default issuer of the ID Token. IDTokenIssuer string // HashCost sets the cost of the password hashing cost. Defaults to 12. HashCost int // DisableRefreshTokenValidation sets the introspection endpoint to disable refresh token validation. DisableRefreshTokenValidation bool // SendDebugMessagesToClients if set to true, includes error debug messages in response payloads. Be aware that sensitive // data may be exposed, depending on your implementation of Fosite. Such sensitive data might include database error // codes or other information. Proceed with caution! SendDebugMessagesToClients bool // ScopeStrategy sets the scope strategy that should be supported, for example fosite.WildcardScopeStrategy. ScopeStrategy fosite.ScopeStrategy // AudienceMatchingStrategy sets the audience matching strategy that should be supported, defaults to fosite.DefaultsAudienceMatchingStrategy. AudienceMatchingStrategy fosite.AudienceMatchingStrategy // EnforcePKCE, if set to true, requires clients to perform authorize code flows with PKCE. Defaults to false. EnforcePKCE bool // EnforcePKCEForPublicClients requires only public clients to use PKCE with the authorize code flow. Defaults to false. EnforcePKCEForPublicClients bool // EnablePKCEPlainChallengeMethod sets whether or not to allow the plain challenge method (S256 should be used whenever possible, plain is really discouraged). Defaults to false. EnablePKCEPlainChallengeMethod bool // AllowedPromptValues sets which OpenID Connect prompt values the server supports. Defaults to []string{"login", "none", "consent", "select_account"}. AllowedPromptValues []string // TokenURL is the the URL of the Authorization Server's Token Endpoint. If the authorization server is intended // to be compatible with the private_key_jwt client authentication method (see http://openid.net/specs/openid-connect-core-1_0.html#CodeFlowAuth), // this value MUST be set. TokenURL string // JWKSFetcherStrategy is responsible for fetching JSON Web Keys from remote URLs. This is required when the private_key_jwt // client authentication method is used. Defaults to fosite.DefaultJWKSFetcherStrategy. JWKSFetcher fosite.JWKSFetcherStrategy // TokenEntropy indicates the entropy of the random string, used as the "message" part of the HMAC token. // Defaults to 32. TokenEntropy int // RedirectSecureChecker is a function that returns true if the provided URL can be securely used as a redirect URL. RedirectSecureChecker func(*url.URL) bool // RefreshTokenScopes defines which OAuth scopes will be given refresh tokens during the authorization code grant exchange. This defaults to "offline" and "offline_access". When set to an empty array, all exchanges will be given refresh tokens. RefreshTokenScopes []string // MinParameterEntropy controls the minimum size of state and nonce parameters. Defaults to fosite.MinParameterEntropy. MinParameterEntropy int }
func (*Config) GetAccessTokenLifespan ¶
GetAccessTokenLifespan returns how long an access token should be valid. Defaults to one hour.
func (*Config) GetAudienceStrategy ¶ added in v0.27.0
func (c *Config) GetAudienceStrategy() fosite.AudienceMatchingStrategy
GetAudienceStrategy returns the scope strategy to be used. Defaults to glob scope strategy.
func (*Config) GetAuthorizeCodeLifespan ¶
GetAuthorizeCodeLifespan returns how long an authorize code should be valid. Defaults to one fifteen minutes.
func (*Config) GetHashCost ¶
GetHashCost returns the bcrypt cost factor. Defaults to 12.
func (*Config) GetIDTokenLifespan ¶
GeIDTokenLifespan returns how long an id token should be valid. Defaults to one hour.
func (*Config) GetJWKSFetcherStrategy ¶ added in v0.21.0
func (c *Config) GetJWKSFetcherStrategy() fosite.JWKSFetcherStrategy
GetJWKSFetcherStrategy returns the JWKSFetcherStrategy.
func (*Config) GetMinParameterEntropy ¶ added in v0.32.4
GetMinParameterEntropy returns MinParameterEntropy if set. Defaults to fosite.MinParameterEntropy.
func (*Config) GetRedirectSecureChecker ¶ added in v0.29.2
GetTokenEntropy returns the entropy of the "message" part of a HMAC Token. Defaults to 32.
func (*Config) GetRefreshTokenLifespan ¶ added in v0.28.0
GetRefreshTokenLifespan sets how long a refresh token is going to be valid. Defaults to 30 days. Set to -1 for refresh tokens that never expire.
func (*Config) GetRefreshTokenScopes ¶ added in v0.30.0
GetRefreshTokenScopes returns which scopes will provide refresh tokens.
func (*Config) GetScopeStrategy ¶ added in v0.11.0
func (c *Config) GetScopeStrategy() fosite.ScopeStrategy
GetScopeStrategy returns the scope strategy to be used. Defaults to glob scope strategy.
func (*Config) GetTokenEntropy ¶ added in v0.28.1
GetTokenEntropy returns the entropy of the "message" part of a HMAC Token. Defaults to 32.