Documentation ¶
Index ¶
- func AccessTokenJWTToRequest(token *jwt.Token) fosite.Requester
- type AccessTokenStorage
- type AccessTokenStrategy
- type AuthorizeCodeStorage
- type AuthorizeCodeStrategy
- type AuthorizeExplicitGrantHandler
- func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string
- func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, ...) error
- func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, ...) error
- func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, ...) (err error)
- type AuthorizeImplicitGrantTypeHandler
- type ClientCredentialsGrantHandler
- func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error
- func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, ...) error
- type ClientCredentialsGrantStorage
- type CoreStorage
- type CoreStrategy
- type CoreValidator
- type DefaultJWTStrategy
- func (h DefaultJWTStrategy) AccessTokenSignature(token string) string
- func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string
- func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
- func (h *DefaultJWTStrategy) GenerateAuthorizeCode(ctx context.Context, req fosite.Requester) (token string, signature string, err error)
- func (h *DefaultJWTStrategy) GenerateRefreshToken(ctx context.Context, req fosite.Requester) (token string, signature string, err error)
- func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string
- func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error
- func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosite.Requester, token string) error
- func (h *DefaultJWTStrategy) ValidateRefreshToken(ctx context.Context, req fosite.Requester, token string) error
- func (h *DefaultJWTStrategy) WithIssuer(issuer string) *DefaultJWTStrategy
- func (h *DefaultJWTStrategy) WithScopeField(scopeField jwt.JWTScopeFieldEnum) *DefaultJWTStrategy
- type HMACSHAStrategy
- func (h HMACSHAStrategy) AccessTokenSignature(token string) string
- func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string
- func (h HMACSHAStrategy) GenerateAccessToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
- func (h HMACSHAStrategy) GenerateAuthorizeCode(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
- func (h HMACSHAStrategy) GenerateRefreshToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
- func (h HMACSHAStrategy) RefreshTokenSignature(token string) string
- func (h HMACSHAStrategy) ValidateAccessToken(_ context.Context, r fosite.Requester, token string) (err error)
- func (h HMACSHAStrategy) ValidateAuthorizeCode(_ context.Context, r fosite.Requester, token string) (err error)
- func (h HMACSHAStrategy) ValidateRefreshToken(_ context.Context, r fosite.Requester, token string) (err error)
- type HandleHelper
- type JWTSession
- func (j *JWTSession) Clone() fosite.Session
- func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time
- func (s *JWTSession) GetExtraClaims() map[string]interface{}
- func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer
- func (j *JWTSession) GetJWTHeader() *jwt.Headers
- func (j *JWTSession) GetSubject() string
- func (j *JWTSession) GetUsername() string
- func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)
- func (j *JWTSession) SetSubject(subject string)
- type JWTSessionContainer
- type RefreshTokenGrantHandler
- func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *RefreshTokenGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, ...) (err error)
- type RefreshTokenStorage
- type RefreshTokenStrategy
- type ResourceOwnerPasswordCredentialsGrantHandlerdeprecated
- func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
- func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
- func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, ...) error
- type ResourceOwnerPasswordCredentialsGrantStorage
- type StatelessJWTValidator
- type TokenRevocationHandler
- type TokenRevocationStorage
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AccessTokenStorage ¶
type AccessTokenStorage interface { CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) DeleteAccessTokenSession(ctx context.Context, signature string) (err error) }
type AccessTokenStrategy ¶
type AuthorizeCodeStorage ¶
type AuthorizeCodeStorage interface { // GetAuthorizeCodeSession stores the authorization request for a given authorization code. CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error) // GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request. // If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this // method should return the ErrInvalidatedAuthorizeCode error. // // Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error! GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error) // InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization // code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the // ErrInvalidatedAuthorizeCode error. InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error) }
AuthorizeCodeStorage handles storage requests related to authorization codes.
type AuthorizeCodeStrategy ¶
type AuthorizeExplicitGrantHandler ¶
type AuthorizeExplicitGrantHandler struct { AccessTokenStrategy AccessTokenStrategy RefreshTokenStrategy RefreshTokenStrategy AuthorizeCodeStrategy AuthorizeCodeStrategy CoreStorage CoreStorage // AuthCodeLifespan defines the lifetime of an authorize code. AuthCodeLifespan time.Duration // AccessTokenLifespan defines the lifetime of an access token. AccessTokenLifespan time.Duration // RefreshTokenLifespan defines the lifetime of a refresh token. Leave to 0 for unlimited lifetime. RefreshTokenLifespan time.Duration ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy // SanitationWhiteList is a whitelist of form values that are required by the token endpoint. These values // are safe for storage in a database (cleartext). SanitationWhiteList []string TokenRevocationStorage TokenRevocationStorage IsRedirectURISecure func(*url.URL) bool RefreshTokenScopes []string // OmitRedirectScopeParam must be set to true if the scope query param is to be omitted // in the authorization's redirect URI OmitRedirectScopeParam bool }
AuthorizeExplicitGrantTypeHandler is a response handler for the Authorize Code grant using the explicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.1
func (*AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest ¶ added in v0.37.0
func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*AuthorizeExplicitGrantHandler) CanSkipClientAuth ¶ added in v0.37.0
func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*AuthorizeExplicitGrantHandler) GetSanitationWhiteList ¶ added in v0.17.0
func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string
func (*AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest ¶
func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
func (*AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest ¶
func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
HandleTokenEndpointRequest implements * https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything)
func (*AuthorizeExplicitGrantHandler) IssueAuthorizeCode ¶
func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
func (*AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse ¶
func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) (err error)
type AuthorizeImplicitGrantTypeHandler ¶
type AuthorizeImplicitGrantTypeHandler struct { AccessTokenStrategy AccessTokenStrategy // AccessTokenStorage is used to persist session data across requests. AccessTokenStorage AccessTokenStorage // AccessTokenLifespan defines the lifetime of an access token. AccessTokenLifespan time.Duration ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy }
AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.2
func (*AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest ¶
func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
func (*AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken ¶
func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
type ClientCredentialsGrantHandler ¶
type ClientCredentialsGrantHandler struct { *HandleHelper ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy }
func (*ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest ¶ added in v0.37.0
func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*ClientCredentialsGrantHandler) CanSkipClientAuth ¶ added in v0.37.0
func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*ClientCredentialsGrantHandler) HandleTokenEndpointRequest ¶
func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error
IntrospectTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.4.2
func (*ClientCredentialsGrantHandler) PopulateTokenEndpointResponse ¶
func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error
PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.4.3
type ClientCredentialsGrantStorage ¶
type ClientCredentialsGrantStorage interface { AccessTokenStorage }
type CoreStorage ¶
type CoreStorage interface { AuthorizeCodeStorage AccessTokenStorage RefreshTokenStorage }
type CoreStrategy ¶
type CoreStrategy interface { AccessTokenStrategy RefreshTokenStrategy AuthorizeCodeStrategy }
type CoreValidator ¶
type CoreValidator struct { CoreStrategy CoreStorage ScopeStrategy fosite.ScopeStrategy DisableRefreshTokenValidation bool }
func (*CoreValidator) IntrospectToken ¶ added in v0.4.0
type DefaultJWTStrategy ¶ added in v0.21.0
type DefaultJWTStrategy struct { jwt.JWTStrategy HMACSHAStrategy *HMACSHAStrategy Issuer string ScopeField jwt.JWTScopeFieldEnum }
DefaultJWTStrategy is a JWT RS256 strategy.
func (DefaultJWTStrategy) AccessTokenSignature ¶ added in v0.21.0
func (h DefaultJWTStrategy) AccessTokenSignature(token string) string
func (DefaultJWTStrategy) AuthorizeCodeSignature ¶ added in v0.21.0
func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string
func (*DefaultJWTStrategy) GenerateAccessToken ¶ added in v0.21.0
func (*DefaultJWTStrategy) GenerateAuthorizeCode ¶ added in v0.21.0
func (*DefaultJWTStrategy) GenerateRefreshToken ¶ added in v0.21.0
func (DefaultJWTStrategy) RefreshTokenSignature ¶ added in v0.21.0
func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string
func (*DefaultJWTStrategy) ValidateAccessToken ¶ added in v0.21.0
func (*DefaultJWTStrategy) ValidateAuthorizeCode ¶ added in v0.21.0
func (*DefaultJWTStrategy) ValidateRefreshToken ¶ added in v0.21.0
func (*DefaultJWTStrategy) WithIssuer ¶ added in v0.35.1
func (h *DefaultJWTStrategy) WithIssuer(issuer string) *DefaultJWTStrategy
func (*DefaultJWTStrategy) WithScopeField ¶ added in v0.35.1
func (h *DefaultJWTStrategy) WithScopeField(scopeField jwt.JWTScopeFieldEnum) *DefaultJWTStrategy
type HMACSHAStrategy ¶
type HMACSHAStrategy struct { Enigma *enigma.HMACStrategy AccessTokenLifespan time.Duration RefreshTokenLifespan time.Duration AuthorizeCodeLifespan time.Duration }
func (HMACSHAStrategy) AccessTokenSignature ¶
func (h HMACSHAStrategy) AccessTokenSignature(token string) string
func (HMACSHAStrategy) AuthorizeCodeSignature ¶
func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string
func (HMACSHAStrategy) GenerateAccessToken ¶
func (HMACSHAStrategy) GenerateAuthorizeCode ¶
func (HMACSHAStrategy) GenerateRefreshToken ¶
func (HMACSHAStrategy) RefreshTokenSignature ¶
func (h HMACSHAStrategy) RefreshTokenSignature(token string) string
func (HMACSHAStrategy) ValidateAccessToken ¶
func (HMACSHAStrategy) ValidateAuthorizeCode ¶
func (HMACSHAStrategy) ValidateRefreshToken ¶
type HandleHelper ¶
type HandleHelper struct { AccessTokenStrategy AccessTokenStrategy AccessTokenStorage AccessTokenStorage AccessTokenLifespan time.Duration RefreshTokenLifespan time.Duration }
func (*HandleHelper) IssueAccessToken ¶
func (h *HandleHelper) IssueAccessToken(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
type JWTSession ¶
type JWTSession struct { JWTClaims *jwt.JWTClaims JWTHeader *jwt.Headers ExpiresAt map[fosite.TokenType]time.Time Username string Subject string }
JWTSession Container for the JWT session.
func (*JWTSession) Clone ¶ added in v0.6.0
func (j *JWTSession) Clone() fosite.Session
func (*JWTSession) GetExpiresAt ¶ added in v0.5.0
func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time
func (*JWTSession) GetExtraClaims ¶ added in v0.40.0
func (s *JWTSession) GetExtraClaims() map[string]interface{}
GetExtraClaims implements ExtraClaimsSession for JWTSession. The returned value is a copy of JWTSession claims.
func (*JWTSession) GetJWTClaims ¶
func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer
func (*JWTSession) GetJWTHeader ¶
func (j *JWTSession) GetJWTHeader() *jwt.Headers
func (*JWTSession) GetSubject ¶ added in v0.5.0
func (j *JWTSession) GetSubject() string
func (*JWTSession) GetUsername ¶ added in v0.5.0
func (j *JWTSession) GetUsername() string
func (*JWTSession) SetExpiresAt ¶ added in v0.5.0
func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)
func (*JWTSession) SetSubject ¶ added in v0.37.0
func (j *JWTSession) SetSubject(subject string)
type JWTSessionContainer ¶
type RefreshTokenGrantHandler ¶
type RefreshTokenGrantHandler struct { AccessTokenStrategy AccessTokenStrategy RefreshTokenStrategy RefreshTokenStrategy TokenRevocationStorage TokenRevocationStorage // AccessTokenLifespan defines the lifetime of an access token. AccessTokenLifespan time.Duration // RefreshTokenLifespan defines the lifetime of a refresh token. RefreshTokenLifespan time.Duration ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy RefreshTokenScopes []string }
func (*RefreshTokenGrantHandler) CanHandleTokenEndpointRequest ¶ added in v0.37.0
func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*RefreshTokenGrantHandler) CanSkipClientAuth ¶ added in v0.37.0
func (c *RefreshTokenGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*RefreshTokenGrantHandler) HandleTokenEndpointRequest ¶
func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-6
func (*RefreshTokenGrantHandler) PopulateTokenEndpointResponse ¶
func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) (err error)
PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-6
type RefreshTokenStorage ¶
type RefreshTokenStorage interface { CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) DeleteRefreshTokenSession(ctx context.Context, signature string) (err error) }
type RefreshTokenStrategy ¶
type ResourceOwnerPasswordCredentialsGrantHandler
deprecated
type ResourceOwnerPasswordCredentialsGrantHandler struct { // ResourceOwnerPasswordCredentialsGrantStorage is used to persist session data across requests. ResourceOwnerPasswordCredentialsGrantStorage ResourceOwnerPasswordCredentialsGrantStorage RefreshTokenStrategy RefreshTokenStrategy ScopeStrategy fosite.ScopeStrategy AudienceMatchingStrategy fosite.AudienceMatchingStrategy RefreshTokenScopes []string *HandleHelper }
Deprecated: This handler is deprecated as a means to communicate that the ROPC grant type is widely discouraged and is at the time of this writing going to be omitted in the OAuth 2.1 spec. For more information on why this grant type is discouraged see: https://www.scottbrady91.com/oauth/why-the-resource-owner-password-credentials-grant-type-is-not-authentication-nor-suitable-for-modern-applications
func (*ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest ¶ added in v0.37.0
func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
func (*ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth ¶ added in v0.37.0
func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
func (*ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest ¶
func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.3.2
func (*ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse ¶
func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.3.3
type ResourceOwnerPasswordCredentialsGrantStorage ¶
type ResourceOwnerPasswordCredentialsGrantStorage interface { Authenticate(ctx context.Context, name string, secret string) error AccessTokenStorage RefreshTokenStorage }
type StatelessJWTValidator ¶ added in v0.6.17
type StatelessJWTValidator struct { jwt.JWTStrategy ScopeStrategy fosite.ScopeStrategy }
func (*StatelessJWTValidator) IntrospectToken ¶ added in v0.6.17
type TokenRevocationHandler ¶ added in v0.4.0
type TokenRevocationHandler struct { TokenRevocationStorage TokenRevocationStorage RefreshTokenStrategy RefreshTokenStrategy AccessTokenStrategy AccessTokenStrategy }
func (*TokenRevocationHandler) RevokeToken ¶ added in v0.4.0
func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error
RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.
type TokenRevocationStorage ¶ added in v0.4.0
type TokenRevocationStorage interface { RefreshTokenStorage AccessTokenStorage // RevokeRefreshToken revokes a refresh token as specified in: // https://tools.ietf.org/html/rfc7009#section-2.1 // If the particular // token is a refresh token and the authorization server supports the // revocation of access tokens, then the authorization server SHOULD // also invalidate all access tokens based on the same authorization // grant (see Implementation Note). RevokeRefreshToken(ctx context.Context, requestID string) error // RevokeRefreshTokenMaybeGracePeriod revokes a refresh token as specified in: // https://tools.ietf.org/html/rfc7009#section-2.1 // If the particular // token is a refresh token and the authorization server supports the // revocation of access tokens, then the authorization server SHOULD // also invalidate all access tokens based on the same authorization // grant (see Implementation Note). // // If the Refresh Token grace period is greater than zero in configuration the token // will have its expiration time set as UTCNow + GracePeriod. RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) error // RevokeAccessToken revokes an access token as specified in: // https://tools.ietf.org/html/rfc7009#section-2.1 // If the token passed to the request // is an access token, the server MAY revoke the respective refresh // token as well. RevokeAccessToken(ctx context.Context, requestID string) error }
TokenRevocationStorage provides the storage implementation as specified in: https://tools.ietf.org/html/rfc7009
Source Files ¶
- flow_authorize_code_auth.go
- flow_authorize_code_token.go
- flow_authorize_implicit.go
- flow_client_credentials.go
- flow_client_credentials_storage.go
- flow_refresh.go
- flow_resource_owner.go
- flow_resource_owner_storage.go
- helper.go
- introspector.go
- introspector_jwt.go
- revocation.go
- revocation_storage.go
- storage.go
- strategy.go
- strategy_hmacsha.go
- strategy_jwt.go
- strategy_jwt_session.go