README
¶
OAuth2
Oauth2 middleware for http.
Environment based configuration
OAUTH2_URLdefault:"https://cp-1-prod.pacelink.net"- URL of the Oauth server that provides
/oauth2/introspect
- URL of the Oauth server that provides
OAUTH2_CLIENT_ID- ID of the oauth2 client
OAUTH2_CLIENT_SECRET- Secret of the oauth2 client
Documentation
¶
Overview ¶
Package oauth2 provides a middelware that introspects the auth token on behalf of PACE services and populate the request context with useful information when the token is valid, otherwise aborts the request.
Example ¶
r := mux.NewRouter()
middleware := Middleware{}
r.Use(middleware.Handler)
r.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
userid, _ := UserID(r.Context())
log.Printf("AUDIT: User %s does something", userid)
if HasScope(r.Context(), "dtc:codes:write") {
fmt.Fprintf(w, "User has scope.")
return
}
fmt.Fprintf(w, "Your client may not have the right scopes to see the secret code")
})
srv := &http.Server{
Handler: r,
Addr: "127.0.0.1:8000",
}
log.Fatal(srv.ListenAndServe())
Output:
Index ¶
- Variables
- func BearerToken(ctx context.Context) (string, bool)
- func ClientID(ctx context.Context) (string, bool)
- func ContextTransfer(sourceCtx context.Context, targetCtx context.Context) context.Context
- func HasScope(ctx context.Context, scope Scope) bool
- func Request(r *http.Request) *http.Request
- func Scopes(ctx context.Context) []string
- func UserID(ctx context.Context) (string, bool)
- func WithBearerToken(ctx context.Context, bearerToken string) context.Context
- type IntrospectResponse
- type Middleware
- type Scope
- type TokenIntrospecter
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ErrBadUpstreamResponse = errors.New("bad upstream response when introspecting token")
ErrBadUpstreamResponse the response from the server has the wrong format
var ErrInvalidToken = errors.New("user token is invalid")
ErrInvalidToken in case the token is not valid or expired
var ErrUpstreamConnection = errors.New("problem connecting to the introspection endpoint")
ErrUpstreamConnection connection issue
Functions ¶
func BearerToken ¶
BearerToken returns the bearer token stored in ctx
func ContextTransfer ¶ added in v0.1.12
ContextTransfer sources the oauth2 token from the sourceCtx and returning a new context based on the targetCtx
func HasScope ¶
HasScope extracts an access token T from context and checks if the permissions represented by the provided scope are included in T.
func WithBearerToken ¶ added in v0.1.14
WithBearerToken returns a new context that has the given bearer token set. Use BearerToken() to retrieve the token. Use Request() to obtain a request with the Authorization header set accordingly.
Types ¶
type IntrospectResponse ¶ added in v0.1.11
type IntrospectResponse struct {
Active bool `json:"active"`
Scope string `json:"scope"`
ClientID string `json:"client_id"`
UserID string `json:"user_id"`
}
IntrospectResponse in case of a successful check of the oauth2 request
type Middleware ¶
type Middleware struct {
Backend TokenIntrospecter
}
Middleware holds data necessary for Oauth processing
func NewMiddleware ¶
func NewMiddleware(backend TokenIntrospecter) *Middleware
NewMiddleware creates a new Oauth middleware
type Scope ¶ added in v0.1.11
type Scope string
Scope represents an OAuth 2 access token scope
func (*Scope) IsIncludedIn ¶ added in v0.1.11
IsIncludedIn checks if the permissions of a scope s are also included in the provided scope t. This can be useful to check if a scope has all required permissions to access an endpoint.
type TokenIntrospecter ¶ added in v0.1.11
type TokenIntrospecter interface {
IntrospectToken(ctx context.Context, token string) (*IntrospectResponse, error)
}
TokenIntrospecter needs to be implemented for token lookup
Source Files
Directories