authentication

package
v0.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 20, 2018 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrUnauthorized = &herodot.DefaultError{
	CodeField:  http.StatusUnauthorized,
	ErrorField: "The provided credentials are invalid, expired, or are not authorized to use the requested scope",
}

Functions

This section is empty.

Types

type AuthenticationOAuth2ClientCredentialsRequest 

type AuthenticationOAuth2ClientCredentialsRequest struct {
	// Token is the token to introspect.
	ClientID string `json:"id"`

	ClientSecret string `json:"secret"`

	// Scope is an array of scopes that are required.
	Scopes []string `json:"scope"`
}

swagger:model AuthenticationOAuth2ClientCredentialsRequest

type AuthenticationOAuth2IntrospectionRequest 

type AuthenticationOAuth2IntrospectionRequest struct {
	// Token is the token to introspect.
	Token string `json:"token"`

	// Scope is an array of scopes that are required.
	Scope []string `json:"scope"`
}

swagger:model AuthenticationOAuth2IntrospectionRequest

type Authenticator 

type Authenticator interface {
	Authenticate(r *http.Request) (Session, error)
}

type DefaultSession 

type DefaultSession struct {
	// Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.
	// This is usually a uuid but you can choose a urn or some other id too.
	Subject string `json:"sub"`

	// Allowed is true if the request is allowed and false otherwise.
	Allowed bool `json:"allowed"`
}

swagger:model authenticationDefaultSession

func (*DefaultSession) DenyAccess 

func (s *DefaultSession) DenyAccess()

func (*DefaultSession) GetSubject 

func (s *DefaultSession) GetSubject() string

func (*DefaultSession) GrantAccess 

func (s *DefaultSession) GrantAccess()

type IntrospectionResponse 

type IntrospectionResponse struct {
	Active   bool   `json:"active"`
	Scope    string `json:"scope,omitempty"`
	ClientID string `json:"client_id,omitempty"`
	// Here, it's sub
	Subject   string   `json:"sub,omitempty"`
	ExpiresAt int64    `json:"exp,omitempty"`
	IssuedAt  int64    `json:"iat,omitempty"`
	NotBefore int64    `json:"nbf,omitempty"`
	Username  string   `json:"username,omitempty"`
	Audience  []string `json:"aud,omitempty"`
	Issuer    string   `json:"iss,omitempty"`
	TokenType string   `json:"token_type,omitempty"`

	// Session represents arbitrary session data.
	Extra map[string]interface{} `json:"ext"`
}

type OAuth2ClientCredentialsAuthentication 

type OAuth2ClientCredentialsAuthentication struct {
	// contains filtered or unexported fields
}

func NewOAuth2ClientCredentialsAuthentication 

func NewOAuth2ClientCredentialsAuthentication(tokenURL string) *OAuth2ClientCredentialsAuthentication

func (*OAuth2ClientCredentialsAuthentication) Authenticate 

func (a *OAuth2ClientCredentialsAuthentication) Authenticate(r *http.Request) (Session, error)

type OAuth2ClientCredentialsSession 

type OAuth2ClientCredentialsSession struct {
	// Here, it's subject
	*DefaultSession
}

swagger:model authenticationOAuth2ClientCredentialsSession

func NewOAuth2ClientCredentialsSession 

func NewOAuth2ClientCredentialsSession() *OAuth2ClientCredentialsSession

type OAuth2IntrospectionAuthentication 

type OAuth2IntrospectionAuthentication struct {
	// contains filtered or unexported fields
}

func NewOAuth2IntrospectionAuthentication 

func NewOAuth2IntrospectionAuthentication(clientID, clientSecret, tokenURL, introspectionURL string, scopes []string, strategy fosite.ScopeStrategy) *OAuth2IntrospectionAuthentication

func (*OAuth2IntrospectionAuthentication) Authenticate 

func (a *OAuth2IntrospectionAuthentication) Authenticate(r *http.Request) (Session, error)

func (*OAuth2IntrospectionAuthentication) Introspect 

func (a *OAuth2IntrospectionAuthentication) Introspect(token string, scopes []string, strategy fosite.ScopeStrategy) (*IntrospectionResponse, error)

type OAuth2Session 

type OAuth2Session struct {
	// Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.
	// This is usually a uuid but you can choose a urn or some other id too.
	Subject string `json:"sub"`

	// Allowed is true if the request is allowed and false otherwise.
	Allowed bool `json:"allowed"`

	// GrantedScopes is a list of scopes that the subject authorized when asked for consent.
	GrantedScopes string `json:"scope"`

	// Issuer is the id of the issuer, typically an hydra instance.
	Issuer string `json:"iss"`

	// ClientID is the id of the OAuth2 client that requested the token.
	ClientID string `json:"client_id"`

	// IssuedAt is the token creation time stamp.
	IssuedAt time.Time `json:"iat"`

	// ExpiresAt is the expiry timestamp.
	ExpiresAt time.Time `json:"exp"`

	NotBefore time.Time `json:"nbf,omitempty"`
	Username  string    `json:"username,omitempty"`
	Audience  []string  `json:"aud,omitempty"`

	// Session represents arbitrary session data.
	Extra map[string]interface{} `json:"session,omitempty"`
}

swagger:model authenticationOAuth2Session

func (*OAuth2Session) DenyAccess 

func (s *OAuth2Session) DenyAccess()

func (*OAuth2Session) GetSubject 

func (s *OAuth2Session) GetSubject() string

func (*OAuth2Session) GrantAccess 

func (s *OAuth2Session) GrantAccess()

type PlaintextAuthentication 

type PlaintextAuthentication struct {
	// contains filtered or unexported fields
}

func NewPlaintextAuthentication 

func NewPlaintextAuthentication() *PlaintextAuthentication

func (*PlaintextAuthentication) Authenticate 

func (a *PlaintextAuthentication) Authenticate(r *http.Request) (Session, error)

type Session 

type Session interface {
	GrantAccess()
	DenyAccess()
	GetSubject() string
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.