oauth2

package
v0.0.0-...-c345e67 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 6, 2024 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrUnknownClient error = errors.New("unknown OAuth2 Client ID")
)

Functions

func AcquireToken 

func AcquireToken(issuerUrl string, entry *config.PrefixEntry, dirResp server_structs.DirectorResponse, osdfPath string, opts config.TokenGenerationOpts) (*config.TokenEntry, error)

func ContextClient 

func ContextClient(ctx context.Context) *http.Client

func GetRedirectURL 

func GetRedirectURL(callback string) (redirURL string, err error)

Generate a redirect URL for OAuth2 code authentication flow, given the callback path It will use OIDC.ClientRedirectHostname as the hostname if set. This is useful for local testing in a container environment.

func ParsePelicanOAuth 

func ParsePelicanOAuth(pCfg Config, callback string) (oCfg upstream_oauth.Config, err error)

Parse pelican/oAuth2 config to golang/x/oauth2 Config

func RetrieveToken 

func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values) (*oauth2_upstream.Token, error)

Types

type Config 

type Config struct {
	// ClientID is the application's ID.
	ClientID string

	// ClientSecret is the application's secret.
	ClientSecret string

	// Endpoint contains the resource server's token endpoint
	// URLs. These are constants specific to each server and are
	// often available via site-specific packages, such as
	// google.Endpoint or github.Endpoint.
	Endpoint Endpoint

	// Scope specifies optional requested permissions.
	Scopes []string
}

func ServerOIDCClient added in v1.0.4 

func ServerOIDCClient() (result Config, provider config.OIDCProvider, err error)

ServerOIDCClient loads the OIDC client configuration for the pelican server

func (*Config) AuthDevice 

func (c *Config) AuthDevice(ctx context.Context) (*DeviceAuth, error)

AuthDevice returns a device auth struct which contains a device code and authorization information provided for users to enter on another device.

func (*Config) Poll 

func (c *Config) Poll(ctx context.Context, da *DeviceAuth) (*oauth2_upstream.Token, error)

Poll does a polling to exchange an device code for a token.

type ContextKey 

type ContextKey struct{}
var HTTPClient ContextKey

type DCRPConfig 

type DCRPConfig struct {
	// InitialAccessToken specifies access token used to get access to get access to
	// client registration endpoint URL. The method by which the initial access token
	// is obtained by the client or developer is generally out of band
	InitialAccessToken string

	// ClientRegistrationEndpointURL specifies authorization server's client registration endpoint URL
	// This is a constant specific to each server.
	ClientRegistrationEndpointURL string

	// HTTP Transport to use; if nil, then the default one is used.
	Transport http.RoundTripper

	// Metadata specifies client metadata to be used for client registration
	Metadata
}

Config describes Dynamic Client Registration configuration

func (*DCRPConfig) Register 

func (c *DCRPConfig) Register() (*Response, error)

Register performs Dynamic Client Registration dy doing round trip to authorization server

type DeviceAuth 

type DeviceAuth struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
	ExpiresIn               int    `json:"expires_in"`
	Interval                int    `json:"interval,omitempty"`
	// contains filtered or unexported fields
}

type Endpoint 

type Endpoint struct {
	AuthURL       string
	DeviceAuthURL string
	TokenURL      string
	UserInfoURL   string
}

type Metadata 

type Metadata struct {
	// RedirectURIs specifies redirection URI strings for use in
	// redirect-based flows such as the "authorization code" and "implicit".
	RedirectURIs []string `json:"redirect_uris,omitempty"`

	// TokenEndpointAuthMethod specifies indicator of the requested authentication
	// method for the token endpoint
	// Possible values are:
	// "none": The client is a public client and does not have a client secret.
	// "client_secret_post": The client uses the HTTP POST parameters
	// "client_secret_basic": The client uses HTTP Basic
	// Additional values can be defined or absolute URIs can also be used
	// as values for this parameter without being registered.
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`

	// GrantTypes specifies grant type strings that the client can use at the token endpoint
	// Possible values are:
	// "authorization_code": The authorization code grant type
	// "implicit": The implicit grant type
	// "password": The resource owner password credentials grant type
	// "client_credentials": The client credentials grant type
	// "refresh_token": The refresh token grant type
	// "urn:ietf:params:oauth:grant-type:jwt-bearer": The JWT Bearer Token Grant Type
	// "urn:ietf:params:oauth:grant-type:saml2-bearer": The SAML 2.0 Bearer Assertion Grant
	GrantTypes []string `json:"grant_types,omitempty"`

	// ResponseTypes specifies response type strings that the client can
	// use at the authorization endpoint.
	// Possible values are:
	// "code": The "authorization code" response
	// "token": The "implicit" response
	ResponseTypes []string `json:"response_types,omitempty"`

	// ClientName specifies Human-readable string name of the client
	// to be presented to the end-user during authorization
	ClientName string `json:"client_name,omitempty"`

	// ClientURI specifies URL of a web page providing information about the client.
	ClientURI string `json:"client_uri,omitempty"`

	// LogoURI specifies URL of a logo of the client
	LogoURI string `json:"logo_uri,omitempty"`

	// Scopes specifies scope values that the client can use when requesting access tokens.
	Scopes []string `json:"-"`

	// Scope specifies wire-level scopes representation
	Scope string `json:"scope,omitempty"`

	// Contacts specifies ways to contact people responsible for this client,
	// typically email addresses.
	Contacts []string `json:"contacts,omitempty"`

	// TermsOfServiceURI specifies URL of a human-readable terms of service
	// document for the client
	TermsOfServiceURI string `json:"tos_uri,omitempty"`

	// PolicyURI specifies URL of a human-readable privacy policy document
	PolicyURI string `json:"policy_uri,omitempty"`

	// JWKSURI specifies URL referencing the client's JWK Set [RFC7517] document,
	// which contains the client's public keys.
	JWKSURI string `json:"jwks_uri,omitempty"`

	// JWKS specifies the client's JWK Set [RFC7517] document, which contains
	// the client's public keys.  The value of this field MUST be a JSON
	// containing a valid JWK Set.
	JWKS string `json:"jwks,omitempty"`

	// SoftwareID specifies UUID assigned by the client developer or software publisher
	// used by registration endpoints to identify the client software.
	SoftwareID string `json:"software_id,omitempty"`

	// SoftwareVersion specifies version of the client software
	SoftwareVersion string `json:"software_version,omitempty"`

	// SoftwareStatement specifies client metadata values about the client software
	// as claims.  This is a string value containing the entire signed JWT.
	SoftwareStatement string `json:"software_statement,omitempty"`

	// Optional specifies optional fields
	Optional map[string]string `json:"-"`
}

Metadata describes client metadata. Registered clients have a set of metadata values associated with their client identifier at an authorization server. The implementation and use of all client metadata fields is OPTIONAL

type RegistrationError 

type RegistrationError struct {
	Response *http.Response
	Body     []byte
}

RegistrationError describes errors returned by auth server during client registration process

func (*RegistrationError) Error 

func (r *RegistrationError) Error() string

type Response 

type Response struct {
	// ClientID specifies client identifier string. REQUIRED
	ClientID string `json:"client_id"`

	// ClientSecret specifies client secret string. OPTIONAL
	ClientSecret string `json:"client_secret"`

	// ClientIDIssuedAt specifies time at which the client identifier was issued. OPTIONAL
	ClientIDIssuedAt time.Time `json:"client_id_issued_at"`

	// ClientSecretExpiresAt specifies time at which the client	secret will expire
	// or 0 if it will not expire. REQUIRED if "client_secret" is issued.
	ClientSecretExpiresAt time.Time `json:"client_secret_expires_at"`

	// Additionally, the authorization server MUST return all registered metadata about this client
	Metadata `json:",inline"`
}

Response describes Client Information Response as specified in Section 3.2.1 of RFC 7591

func (Response) MarshalJSON 

func (r Response) MarshalJSON() ([]byte, error)

MarshalJSON prepares Response for wire JSON representation

func (*Response) UnmarshalJSON 

func (r *Response) UnmarshalJSON(data []byte) error

MarshalJSON prepares Response from wire JSON representation

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.