Documentation ¶
Overview ¶
Package osecure provides simple login service based on OAuth client.
Package osecure provides simple login service based on OAuth client.
Package osecure provides simple login service based on OAuth client.
Index ¶
- Constants
- Variables
- func AttachRequestWithSessionData(r *http.Request, sessionData *AuthSessionData) *http.Request
- func CompareErrorMessage(err error, msg string) bool
- func WrapError(msg string, err error) error
- type AuthSessionCookieData
- type AuthSessionData
- type CookieConfig
- type GetPermissionsFunc
- type IntrospectTokenFunc
- type OAuthConfig
- type OAuthSession
- func (s *OAuthSession) Authorize(w http.ResponseWriter, r *http.Request) (*AuthSessionData, error)
- func (s *OAuthSession) CallbackView(w http.ResponseWriter, r *http.Request)
- func (s *OAuthSession) ClearSession(w http.ResponseWriter, r *http.Request) error
- func (s *OAuthSession) EndOAuth(w http.ResponseWriter, r *http.Request) (string, *oauth2.Token, error)
- func (s *OAuthSession) LogOut(redirect string) http.HandlerFunc
- func (s *OAuthSession) SecuredF(isAPI bool) func(http.HandlerFunc) http.HandlerFunc
- func (s *OAuthSession) SecuredH(isAPI bool) func(http.Handler) http.Handler
- func (s *OAuthSession) StartOAuth(w http.ResponseWriter, r *http.Request) error
- type StateHandler
- type StringSet
- type TokenVerifier
Constants ¶
const ( ErrorStringFailedToExchangeAuthorizationCode = "failed to exchange authorization code" ErrorStringUnableToSetCookie = "unable to set cookie" ErrorStringCannotIntrospectToken = "cannot introspect token" ErrorStringCannotGetPermission = "cannot get permission" ErrorStringInvalidState = "invalid state" )
const ( SessionExpireTime = 86400 PermissionExpireTime = 600 )
Variables ¶
var ( ErrorInvalidSession = errors.New("invalid session") // Authorize() ErrorInvalidAuthorizationSyntax = errors.New("invalid authorization syntax") // Authorize() ErrorUnsupportedAuthorizationScheme = errors.New("unsupported authorization scheme") // Authorize() ErrorInvalidClientID = errors.New("invalid client ID (audience of token)") // Authorize() ErrorInvalidUserID = errors.New("invalid user ID (subject of token)") // not used )
Functions ¶
func AttachRequestWithSessionData ¶
func AttachRequestWithSessionData(r *http.Request, sessionData *AuthSessionData) *http.Request
AttachRequestWithSessionData append session data into request context.
func CompareErrorMessage ¶
Types ¶
type AuthSessionCookieData ¶
type AuthSessionCookieData struct { Token *oauth2.Token Permissions StringSet PermissionsExpiresAt time.Time }
func (*AuthSessionCookieData) GetPermissions ¶
func (cookieData *AuthSessionCookieData) GetPermissions() []string
GetPermissions lists the permissions of the current user and client.
func (*AuthSessionCookieData) HasPermission ¶
func (cookieData *AuthSessionCookieData) HasPermission(permission string) bool
HasPermission checks if the current user has such permission.
type AuthSessionData ¶
type AuthSessionData struct { UserID string ClientID string *AuthSessionCookieData }
func GetRequestSessionData ¶
func GetRequestSessionData(r *http.Request) (*AuthSessionData, bool)
GetRequestSessionData get session data from request context.
func (*AuthSessionData) GetClientID ¶
func (data *AuthSessionData) GetClientID() string
GetClientID get client ID of the current user session.
func (*AuthSessionData) GetUserID ¶
func (data *AuthSessionData) GetUserID() string
GetUserID get user ID of the current user session.
type CookieConfig ¶
type CookieConfig struct { AuthenticationKey string `yaml:"authentication_key" env:"akey"` EncryptionKey string `yaml:"encryption_key" env:"ekey"` }
CookieConfig is a config of github.com/gorilla/securecookie. Recommended configurations are base64 of 64 bytes key for AuthenticationKey, and base64 of 32 bytes key for EncryptionKey.
type GetPermissionsFunc ¶
type IntrospectTokenFunc ¶
type OAuthConfig ¶
type OAuthConfig struct { ClientID string `yaml:"client_id" env:"client_id"` ClientSecret string `yaml:"client_secret" env:"client_secret"` Scopes []string `yaml:"scopes" env:"scopes"` AuthURL string `yaml:"auth_url" env:"auth_url"` TokenURL string `yaml:"token_url" env:"token_url"` AppIDList []string `yaml:"app_id_list" env:"app_id_list"` }
OAuthConfig is a config of osecure.
type OAuthSession ¶
type OAuthSession struct {
// contains filtered or unexported fields
}
func NewOAuthSession ¶
func NewOAuthSession(name string, cookieConf *CookieConfig, oauthConf *OAuthConfig, tokenVerifier *TokenVerifier, callbackURL string, stateHandler StateHandler) *OAuthSession
NewOAuthSession creates osecure session.
func (*OAuthSession) Authorize ¶
func (s *OAuthSession) Authorize(w http.ResponseWriter, r *http.Request) (*AuthSessionData, error)
Authorize authorize user by verifying cookie or bearer token. if user is authorized, return valid session data. else, return error.
func (*OAuthSession) CallbackView ¶
func (s *OAuthSession) CallbackView(w http.ResponseWriter, r *http.Request)
CallbackView is a http handler for the authentication redirection of the auth server.
func (*OAuthSession) ClearSession ¶
func (s *OAuthSession) ClearSession(w http.ResponseWriter, r *http.Request) error
ClearSession clear session.
func (*OAuthSession) EndOAuth ¶
func (s *OAuthSession) EndOAuth(w http.ResponseWriter, r *http.Request) (string, *oauth2.Token, error)
EndOAuth finish OAuth flow. it will verify state, exchange from authorization code to token, set cookie to make user logged in.
func (*OAuthSession) LogOut ¶
func (s *OAuthSession) LogOut(redirect string) http.HandlerFunc
LogOut is a http handler to log out the user.
func (*OAuthSession) SecuredF ¶
func (s *OAuthSession) SecuredF(isAPI bool) func(http.HandlerFunc) http.HandlerFunc
SecuredF is a http middleware for http.HandlerFunc to check if the current user has logged in.
func (*OAuthSession) SecuredH ¶
SecuredH is a http middleware for http.Handler to check if the current user has logged in.
func (*OAuthSession) StartOAuth ¶
func (s *OAuthSession) StartOAuth(w http.ResponseWriter, r *http.Request) error
StartOAuth redirect to endpoint of OAuth service provider for OAuth flow.
type StateHandler ¶
type StateHandler interface { Generate(cookieStore *sessions.CookieStore, w http.ResponseWriter, r *http.Request) (state string, err error) Verify(cookieStore *sessions.CookieStore, w http.ResponseWriter, r *http.Request, state string) (continueURI string, err error) }
type TokenVerifier ¶
type TokenVerifier struct { IntrospectTokenFunc IntrospectTokenFunc GetPermissionsFunc GetPermissionsFunc }
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package osecure/contrib provides plugins for simple login service based on OAuth client.
|
Package osecure/contrib provides plugins for simple login service based on OAuth client. |
Package osecure/state_handler provides state generator and verifier in OAuth flow.
|
Package osecure/state_handler provides state generator and verifier in OAuth flow. |