oauth2

Documentation

Overview

Package oauth2 implements an http.Handler that performs the 3-leg OAuth2 authentication flow. While it can be used with all OAuth2 providers, functions are provided specifically for GitHub integration.

Index

• Constants
• Variables
• func DefaultErrorCallback(w http.ResponseWriter, r *http.Request, err error)
• func DefaultLoginCallback(w http.ResponseWriter, r *http.Request, login *Login)
• func GetConfig(c githubapp.Config, scopes []string) *oauth2.Config
• func NewHandler(c *oauth2.Config, params ...Param) http.Handler
• type ErrorCallback
• type Login
• type LoginCallback
• type LoginError
  • func (err LoginError) Error() string
• type Param
  • func ForceTLS(forceTLS bool) Param
  • func OnError(c ErrorCallback) Param
  • func OnLogin(c LoginCallback) Param
  • func WithStore(ss StateStore) Param
• type SessionStateStore
  • func (s *SessionStateStore) GenerateState(w http.ResponseWriter, r *http.Request) (string, error)
  • func (s *SessionStateStore) VerifyState(r *http.Request, expected string) (bool, error)
• type StateStore

Constants

const (
	DefaultRoute = "/api/github/auth"
)

Variables

var (
	DefaultSessionKey = "oauth2.state"
)

var (
	ErrInvalidState = errors.New("oauth2: invalid state value")
)

Functions

func DefaultErrorCallback

func DefaultErrorCallback(w http.ResponseWriter, r *http.Request, err error)

func DefaultLoginCallback

func DefaultLoginCallback(w http.ResponseWriter, r *http.Request, login *Login)

func GetConfig

func GetConfig(c githubapp.Config, scopes []string) *oauth2.Config

func NewHandler

func NewHandler(c *oauth2.Config, params ...Param) http.Handler

NewHandler returns an http.Hander that implements the 3-leg OAuth2 flow on a single endpoint. It accepts callbacks for both error and success conditions so that clients can take action after the auth flow is complete.

Types

type ErrorCallback

type ErrorCallback func(w http.ResponseWriter, r *http.Request, err error)

type Login

type Login struct {
	Token  *oauth2.Token
	Client *http.Client
}

Login contains information about the result of a successful auth flow.

type LoginCallback

type LoginCallback func(w http.ResponseWriter, r *http.Request, login *Login)

type LoginError

type LoginError string

LoginError is an error returned as a parameter by the OAuth provider.

func (LoginError) Error

func (err LoginError) Error() string

type Param

type Param func(*handler)

func ForceTLS

func ForceTLS(forceTLS bool) Param

ForceTLS determines if generated URLs always use HTTPS. By default, the protocol of the request is used.

func OnError

func OnError(c ErrorCallback) Param

OnError sets the error callback.

func OnLogin

func OnLogin(c LoginCallback) Param

OnLogin sets the login callback.

func WithStore

func WithStore(ss StateStore) Param

WithStore sets the StateStore used to create and verify OAuth2 states. The default state store uses a static value, is insecure, and is not suitable for production use.

type SessionStateStore

type SessionStateStore struct {
	Sessions *scs.Manager
}

func (*SessionStateStore) GenerateState

func (s *SessionStateStore) GenerateState(w http.ResponseWriter, r *http.Request) (string, error)

func (*SessionStateStore) VerifyState

func (s *SessionStateStore) VerifyState(r *http.Request, expected string) (bool, error)

type StateStore

type StateStore interface {
	// GenerateState creates a new state value, storing it in a way that can be
	// retrieved by VerifyState at a later point.
	GenerateState(w http.ResponseWriter, r *http.Request) (string, error)

	// VerifyState checks that the state associated with the request matches
	// the given state. To avoid timing attacks, implementations should use
	// constant-time comparisons if possible.
	VerifyState(r *http.Request, state string) (bool, error)
}

StateStore generates and verifies the state parameter for OAuth2 flows.