authentication

package
v1.0.0-beta.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 29, 2018 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrUnauthorized = &herodot.DefaultError{
	CodeField:  http.StatusUnauthorized,
	ErrorField: "The provided credentials are invalid, expired, or are not authorized to use the requested scope",
}

Functions

This section is empty.

Types

type AuthenticationOAuth2ClientCredentialsRequest

type AuthenticationOAuth2ClientCredentialsRequest struct {
	// Token is the token to introspect.
	ClientID string `json:"client_id"`

	ClientSecret string `json:"client_secret"`

	// Scope is an array of scopes that are required.
	Scopes []string `json:"scope"`
}

swagger:model AuthenticationOAuth2ClientCredentialsRequest

type AuthenticationOAuth2IntrospectionRequest

type AuthenticationOAuth2IntrospectionRequest struct {
	// Token is the token to introspect.
	Token string `json:"token"`

	// Scope is an array of scopes that are required.
	Scope []string `json:"scope"`
}

swagger:model AuthenticationOAuth2IntrospectionRequest

type Authenticator

type Authenticator interface {
	Authenticate(r *http.Request) (Session, error)
}

type DefaultSession

type DefaultSession struct {
	// Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.
	// This is usually a uuid but you can choose a urn or some other id too.
	Subject string `json:"sub"`

	// Allowed is true if the request is allowed and false otherwise.
	Allowed bool `json:"allowed"`
}

swagger:model authenticationDefaultSession

func (*DefaultSession) DenyAccess

func (s *DefaultSession) DenyAccess()

func (*DefaultSession) GetSubject

func (s *DefaultSession) GetSubject() string

func (*DefaultSession) GrantAccess

func (s *DefaultSession) GrantAccess()

type IntrospectionResponse

type IntrospectionResponse struct {
	Active   bool   `json:"active"`
	Scope    string `json:"scope,omitempty"`
	ClientID string `json:"client_id,omitempty"`
	// Here, it's sub
	Subject   string   `json:"sub,omitempty"`
	ExpiresAt int64    `json:"exp,omitempty"`
	IssuedAt  int64    `json:"iat,omitempty"`
	NotBefore int64    `json:"nbf,omitempty"`
	Username  string   `json:"username,omitempty"`
	Audience  []string `json:"aud,omitempty"`
	Issuer    string   `json:"iss,omitempty"`
	TokenType string   `json:"token_type,omitempty"`

	// Session represents arbitrary session data.
	Extra map[string]interface{} `json:"ext"`
}

type OAuth2ClientCredentialsAuthentication

type OAuth2ClientCredentialsAuthentication struct {
	// contains filtered or unexported fields
}

func NewOAuth2ClientCredentialsAuthentication

func NewOAuth2ClientCredentialsAuthentication(tokenURL string) *OAuth2ClientCredentialsAuthentication

func (*OAuth2ClientCredentialsAuthentication) Authenticate

type OAuth2ClientCredentialsSession

type OAuth2ClientCredentialsSession struct {
	// Here, it's subject
	*DefaultSession
}

swagger:model authenticationOAuth2ClientCredentialsSession

func NewOAuth2ClientCredentialsSession

func NewOAuth2ClientCredentialsSession() *OAuth2ClientCredentialsSession

type OAuth2IntrospectionAuthentication

type OAuth2IntrospectionAuthentication struct {
	// contains filtered or unexported fields
}

func NewOAuth2IntrospectionAuthentication

func NewOAuth2IntrospectionAuthentication(clientID, clientSecret, tokenURL, introspectionURL string, scopes []string, strategy fosite.ScopeStrategy) *OAuth2IntrospectionAuthentication

func (*OAuth2IntrospectionAuthentication) Authenticate

func (*OAuth2IntrospectionAuthentication) Introspect

func (a *OAuth2IntrospectionAuthentication) Introspect(token string, scopes []string, strategy fosite.ScopeStrategy) (*IntrospectionResponse, error)

type OAuth2Session

type OAuth2Session struct {
	// Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app.
	// This is usually a uuid but you can choose a urn or some other id too.
	Subject string `json:"sub"`

	// Allowed is true if the request is allowed and false otherwise.
	Allowed bool `json:"allowed"`

	// GrantedScopes is a list of scopes that the subject authorized when asked for consent.
	GrantedScopes string `json:"scope"`

	// Issuer is the id of the issuer, typically an hydra instance.
	Issuer string `json:"iss"`

	// ClientID is the id of the OAuth2 client that requested the token.
	ClientID string `json:"client_id"`

	// IssuedAt is the token creation time stamp.
	IssuedAt time.Time `json:"iat"`

	// ExpiresAt is the expiry timestamp.
	ExpiresAt time.Time `json:"exp"`

	NotBefore time.Time `json:"nbf,omitempty"`
	Username  string    `json:"username,omitempty"`
	Audience  []string  `json:"aud,omitempty"`

	// Session represents arbitrary session data.
	Extra map[string]interface{} `json:"session,omitempty"`
}

swagger:model authenticationOAuth2Session

func (*OAuth2Session) DenyAccess

func (s *OAuth2Session) DenyAccess()

func (*OAuth2Session) GetSubject

func (s *OAuth2Session) GetSubject() string

func (*OAuth2Session) GrantAccess

func (s *OAuth2Session) GrantAccess()

type PlaintextAuthentication

type PlaintextAuthentication struct {
	// contains filtered or unexported fields
}

func NewPlaintextAuthentication

func NewPlaintextAuthentication() *PlaintextAuthentication

func (*PlaintextAuthentication) Authenticate

func (a *PlaintextAuthentication) Authenticate(r *http.Request) (Session, error)

type Session

type Session interface {
	GrantAccess()
	DenyAccess()
	GetSubject() string
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL