device

package module
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 7, 2023 License: MIT Imports: 16 Imported by: 1

README

OAuth2 Device Authorization Flow go module

This go module is a helper to implement OAuth2 Device authentication in command line interfaces (or any other input constrained device).

This is the authorization flow the AWS cli uses for SSO.

device flow sequence diagram

Providers

The module has two providers, Auth0 and Okta, and a third which is yet to be implemented.

Auth0

This provider is fully functional. Setup instructions.

Okta

This provider is fully functional. Setup instructions.

Google

To be implemented. Setup instructions.

Documentation

Index

Constants

View Source 
const GrantType = "urn:ietf:params:oauth:grant-type:device_code"

Variables

View Source 
var (
	// ErrAccessDenied is returned when the user denies the app access to their account.
	ErrAccessDenied   = errors.New("access denied by user")
	ErrAuthPending    = errors.New("authorization pending")
	ErrNotImplemented = errors.New("not implemented")
)
View Source 
var DefaultScopes = []string{"openid", "profile", "offline_access"}

Functions

This section is empty.

Types

type Auth0 added in v0.0.2 

type Auth0 struct{}

func (Auth0) Config added in v0.0.2 

func (a Auth0) Config(org, clientID string) *Config

type AuthorizationResponse added in v0.0.5 

type AuthorizationResponse struct {
	AccessToken      string `json:"access_token"`
	IDToken          string `json:"id_token"`
	Scope            string `json:"scope"`
	TokenType        string `json:"token_type"`
	ExpiresIn        int    `json:"expires_in"`
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
}

type Authorizer 

type Authorizer struct {
	*Config
	// contains filtered or unexported fields
}

func NewAuthorizer 

func NewAuthorizer(config *Config) *Authorizer

func (*Authorizer) Refresh 

func (a *Authorizer) Refresh(ctx context.Context) error

func (*Authorizer) RequestCode 

func (a *Authorizer) RequestCode(ctx context.Context) (Code, error)

func (*Authorizer) Revoke 

func (a *Authorizer) Revoke(ctx context.Context) error

func (*Authorizer) WaitForAuthorization 

func (a *Authorizer) WaitForAuthorization(ctx context.Context, code Code) (AuthorizationResponse, error)

type Code 

type Code struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete"`
	ExpiresIn               int64  `json:"expires_in"`
	Interval                int64  `json:"interval"`
}

type Config 

type Config struct {
	OAuth2Config oauth2.Config
	Audience     string
	Issuer       string
	KeyURI       string
	// contains filtered or unexported fields
}

type Error 

type Error struct {
	ErrorCode    string   `json:"ErrorCode"`
	ErrorSummary string   `json:"errorSummary"`
	ErrorCauses  []string `json:"errorCauses"`
}

type Key added in v0.0.2 

type Key struct {
	Alg string   `json:"alg"`
	Kty string   `json:"kty"`
	Use string   `json:"use"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	Kid string   `json:"kid"`
	X5T string   `json:"x5t"`
	X5C []string `json:"x5c"`
}

type OfflineValidator added in v0.0.4 

type OfflineValidator struct {
	*Config
	Keys map[string]*rsa.PublicKey
}

func (*OfflineValidator) Initialize added in v0.0.4 

func (v *OfflineValidator) Initialize(ctx context.Context) error

Initialize loads public keys from the provider

func (*OfflineValidator) Validate added in v0.0.4 

func (v *OfflineValidator) Validate(_ context.Context, tokenString string) error

Validate validates a token against public keys which must be loaded prior.

type Okta added in v0.0.2 

type Okta struct{}

func (Okta) Config added in v0.0.2 

func (o Okta) Config(org, clientID string) *Config

type OktaIntrospectionResponse added in v0.0.4 

type OktaIntrospectionResponse struct {
	Active    bool   `json:"active"`
	Scope     string `json:"scope"`
	Username  string `json:"username"`
	Exp       int64  `json:"exp"`
	Nbf       int64  `json:"nbf"`
	Iat       int64  `json:"iat"`
	Sub       string `json:"sub"`
	Aud       string `json:"aud"`
	Iss       string `json:"iss"`
	Jti       string `json:"jti"`
	TokenType string `json:"token_type"`
	ClientId  string `json:"client_id"`
	DeviceId  string `json:"device_id"`
	Uid       string `json:"uid"`
}

func (OktaIntrospectionResponse) Valid added in v0.0.4 

func (i OktaIntrospectionResponse) Valid(cfg *Config) error

type OktaOnlineValidator added in v0.0.4 

type OktaOnlineValidator struct {
	*Config
	// contains filtered or unexported fields
}

func NewOktaOnlineValidator added in v0.0.4 

func NewOktaOnlineValidator(cfg *Config) *OktaOnlineValidator

func (*OktaOnlineValidator) Initialize added in v0.0.4 

func (o *OktaOnlineValidator) Initialize(_ context.Context) error

func (*OktaOnlineValidator) Introspect added in v0.0.4 

func (o *OktaOnlineValidator) Introspect(ctx context.Context, tokenString string) (OktaIntrospectionResponse, error)

Introspect calls the Okta OAuth2 API to validate the token, see https://developer.okta.com/docs/reference/api/oidc/#introspect

func (*OktaOnlineValidator) Validate added in v0.0.4 

func (o *OktaOnlineValidator) Validate(ctx context.Context, tokenString string) error

type OnlineValidator added in v0.0.4 

type OnlineValidator struct {
	*Config
}

type Provider added in v0.0.2 

type Provider interface {
	Config(org, clientID string) *Config
}

func NewProvider added in v0.0.2 

func NewProvider(name string) Provider

type Validator added in v0.0.2 

type Validator interface {
	Validate(ctx context.Context, tokenString string) error
	Initialize(ctx context.Context) error
}

func NewOfflineValidator added in v0.0.4 

func NewOfflineValidator(cfg *Config) Validator

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.