Documentation ¶
Index ¶
- Constants
- Variables
- func AfterEach()
- func BeforeEach()
- func BuildFrontToken(userId string, atExpiry uint64, jwtPayload interface{}) string
- func ClearSession(config sessmodels.TypeNormalisedInput, res http.ResponseWriter, ...) error
- func ClearSessionCookiesFromOlderCookieDomain(req *http.Request, res http.ResponseWriter, ...) error
- func ClearSessionFromAllTokenTransferMethods(config sessmodels.TypeNormalisedInput, req *http.Request, ...) error
- func CreateJWT(payload map[string]interface{}, validitySecondsPointer *uint64, ...) (jwtmodels.CreateJWTResponse, error)
- func CreateNewSession(req *http.Request, res http.ResponseWriter, tenantId string, userID string, ...) (sessmodels.SessionContainer, error)
- func CreateNewSessionInRequest(req *http.Request, res http.ResponseWriter, tenantId string, ...) (sessmodels.SessionContainer, error)
- func CreateNewSessionWithoutRequestResponse(tenantId string, userID string, accessTokenPayload map[string]interface{}, ...) (sessmodels.SessionContainer, error)
- func FetchAndSetClaim(sessionHandle string, claim *claims.TypeSessionClaim, ...) (bool, error)
- func GetAllSessionHandlesForUser(userID string, tenantId *string, userContext ...supertokens.UserContext) ([]string, error)
- func GetAntiCsrfTokenFromHeaders(req *http.Request) *string
- func GetAuthmodeFromHeader(req *http.Request) *sessmodels.TokenTransferMethod
- func GetCORSAllowedHeaders() []string
- func GetClaimValue(sessionHandle string, claim *claims.TypeSessionClaim, ...) (sessmodels.GetClaimValueResult, error)
- func GetCombinedJWKS() (*keyfunc.JWKS, error)
- func GetCookieValue(request *http.Request, key string) *string
- func GetCurrTimeInMS() uint64
- func GetJWKS(userContext ...supertokens.UserContext) (jwtmodels.GetJWKSResponse, error)
- func GetOpenIdDiscoveryConfiguration(userContext ...supertokens.UserContext) (openidmodels.GetOpenIdDiscoveryConfigurationResponse, error)
- func GetRequiredClaimValidators(sessionContainer sessmodels.SessionContainer, ...) ([]claims.SessionClaimValidator, error)
- func GetRidFromHeader(req *http.Request) *string
- func GetSession(req *http.Request, res http.ResponseWriter, ...) (sessmodels.SessionContainer, error)
- func GetSessionFromRequest(req *http.Request, res http.ResponseWriter, ...) (sessmodels.SessionContainer, error)
- func GetSessionFromRequestContext(ctx context.Context) sessmodels.SessionContainer
- func GetSessionInformation(sessionHandle string, userContext ...supertokens.UserContext) (*sessmodels.SessionInformation, error)
- func GetSessionWithoutRequestResponse(accessToken string, antiCSRFToken *string, ...) (sessmodels.SessionContainer, error)
- func GetToken(req *http.Request, tokenType sessmodels.TokenType, ...) (*string, error)
- func GetURLScheme(URL string) (string, error)
- func HandleRefreshAPI(apiImplementation sessmodels.APIInterface, options sessmodels.APIOptions, ...) error
- func Init(config *sessmodels.TypeInput) supertokens.Recipe
- func MakeAPIImplementation() sessmodels.APIInterface
- func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.TypeNormalisedInput, ...) sessmodels.RecipeInterface
- func MergeIntoAccessTokenPayload(sessionHandle string, accessTokenPayloadUpdate map[string]interface{}, ...) (bool, error)
- func ParseJWTWithoutSignatureVerification(token string) (sessmodels.ParsedJWTInfo, error)
- func RefreshSession(req *http.Request, res http.ResponseWriter, ...) (sessmodels.SessionContainer, error)
- func RefreshSessionInRequest(req *http.Request, res http.ResponseWriter, ...) (sessmodels.SessionContainer, error)
- func RefreshSessionWithoutRequestResponse(refreshToken string, disableAntiCSRF *bool, antiCSRFToken *string, ...) (sessmodels.SessionContainer, error)
- func RemoveClaim(sessionHandle string, claim *claims.TypeSessionClaim, ...) (bool, error)
- func ResetForTest()
- func RevokeAllSessionsForUser(userID string, tenantId *string, userContext ...supertokens.UserContext) ([]string, error)
- func RevokeMultipleSessions(sessionHandles []string, userContext ...supertokens.UserContext) ([]string, error)
- func RevokeSession(sessionHandle string, userContext ...supertokens.UserContext) (bool, error)
- func SetAccessTokenInResponse(config sessmodels.TypeNormalisedInput, res http.ResponseWriter, ...) error
- func SetClaimValue(sessionHandle string, claim *claims.TypeSessionClaim, value interface{}, ...) (bool, error)
- func SignOutAPI(apiImplementation sessmodels.APIInterface, options sessmodels.APIOptions, ...) error
- func UpdateSessionDataInDatabase(sessionHandle string, newSessionData map[string]interface{}, ...) (bool, error)
- func ValidateAccessTokenStructure(payload map[string]interface{}, version int) error
- func ValidateAndNormaliseUserInput(appInfo supertokens.NormalisedAppinfo, config *sessmodels.TypeInput) (sessmodels.TypeNormalisedInput, error)
- func ValidateClaimsForSessionHandle(sessionHandle string, ...) (sessmodels.ValidateClaimsResponse, error)
- func ValidateClaimsInJWTPayload(tenantId string, userID string, jwtPayload map[string]interface{}, ...) ([]claims.ClaimValidationError, error)
- func ValidateClaimsInPayload(claimValidators []claims.SessionClaimValidator, ...) []claims.ClaimValidationError
- func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.HandlerFunc) http.HandlerFunc
- func VerifySessionHelper(recipeInstance Recipe, options *sessmodels.VerifySessionOptions, ...) http.HandlerFunc
- type AccessTokenInfoStruct
- type Recipe
- type SessionContainerInput
- type TokenInfo
Constants ¶
const ( RefreshAPIPath = "/session/refresh" SignoutAPIPath = "/signout" AntiCSRF_VIA_TOKEN = "VIA_TOKEN" AntiCSRF_VIA_CUSTOM_HEADER = "VIA_CUSTOM_HEADER" AntiCSRF_NONE = "NONE" CookieSameSite_NONE = "none" CookieSameSite_LAX = "lax" CookieSameSite_STRICT = "strict" )
const RECIPE_ID = "session"
Variables ¶
var AvailableTokenTransferMethods = []sessmodels.TokenTransferMethod{sessmodels.CookieTransferMethod, sessmodels.HeaderTransferMethod}
var HEADERS = []string{
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIxIn0=",
"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0=",
}
var JWKCacheMaxAgeInMs int64 = 60000
var JWKRefreshRateLimit = 500
Functions ¶
func BeforeEach ¶ added in v0.5.2
func BeforeEach()
func BuildFrontToken ¶ added in v0.12.0
func ClearSession ¶ added in v0.12.0
func ClearSession(config sessmodels.TypeNormalisedInput, res http.ResponseWriter, transferMethod sessmodels.TokenTransferMethod, request *http.Request, userContext supertokens.UserContext) error
func ClearSessionCookiesFromOlderCookieDomain ¶ added in v0.19.0
func ClearSessionCookiesFromOlderCookieDomain(req *http.Request, res http.ResponseWriter, config sessmodels.TypeNormalisedInput, userContext supertokens.UserContext) error
ClearSessionCookiesFromOlderCookieDomain addresses an edge case where changing the cookieDomain config on the server can lead to session integrity issues. For instance, if the API server URL is 'api.example.com' with a cookie domain of '.example.com', and the server updates the cookie domain to 'api.example.com', the client may retain cookies with both '.example.com' and 'api.example.com' domains.
Consequently, if the server chooses the older cookie, session invalidation occurs, potentially resulting in an infinite refresh loop. To fix this, users are asked to specify "OlderCookieDomain" in the config.
This function checks for multiple cookies with the same name and clears the cookies for the older domain.
func ClearSessionFromAllTokenTransferMethods ¶ added in v0.12.0
func ClearSessionFromAllTokenTransferMethods(config sessmodels.TypeNormalisedInput, req *http.Request, res http.ResponseWriter, userContext supertokens.UserContext) error
func CreateJWT ¶ added in v0.3.2
func CreateJWT(payload map[string]interface{}, validitySecondsPointer *uint64, useStaticSigningKey *bool, userContext ...supertokens.UserContext) (jwtmodels.CreateJWTResponse, error)
func CreateNewSession ¶
func CreateNewSession(req *http.Request, res http.ResponseWriter, tenantId string, userID string, accessTokenPayload map[string]interface{}, sessionDataInDatabase map[string]interface{}, userContext ...supertokens.UserContext) (sessmodels.SessionContainer, error)
func CreateNewSessionInRequest ¶ added in v0.12.0
func CreateNewSessionInRequest(req *http.Request, res http.ResponseWriter, tenantId string, config sessmodels.TypeNormalisedInput, appInfo supertokens.NormalisedAppinfo, recipeInstance Recipe, recipeImpl sessmodels.RecipeInterface, userID string, accessTokenPayload map[string]interface{}, sessionDataInDatabase map[string]interface{}, userContext supertokens.UserContext) (sessmodels.SessionContainer, error)
func CreateNewSessionWithoutRequestResponse ¶ added in v0.12.0
func CreateNewSessionWithoutRequestResponse(tenantId string, userID string, accessTokenPayload map[string]interface{}, sessionDataInDatabase map[string]interface{}, disableAntiCSRF *bool, userContext ...supertokens.UserContext) (sessmodels.SessionContainer, error)
func FetchAndSetClaim ¶ added in v0.9.0
func FetchAndSetClaim(sessionHandle string, claim *claims.TypeSessionClaim, userContext ...supertokens.UserContext) (bool, error)
func GetAllSessionHandlesForUser ¶
func GetAllSessionHandlesForUser(userID string, tenantId *string, userContext ...supertokens.UserContext) ([]string, error)
func GetAntiCsrfTokenFromHeaders ¶ added in v0.12.0
func GetAuthmodeFromHeader ¶ added in v0.12.0
func GetAuthmodeFromHeader(req *http.Request) *sessmodels.TokenTransferMethod
func GetCORSAllowedHeaders ¶ added in v0.12.0
func GetCORSAllowedHeaders() []string
func GetClaimValue ¶ added in v0.9.0
func GetClaimValue(sessionHandle string, claim *claims.TypeSessionClaim, userContext ...supertokens.UserContext) (sessmodels.GetClaimValueResult, error)
func GetCombinedJWKS ¶ added in v0.12.6
func GetCombinedJWKS() (*keyfunc.JWKS, error)
* This function fetches all JWKs from the first available core instance. This combines the other JWKS functions to become error resistant.
Every core instance a backend is connected to is expected to connect to the same database and use the same key set for token verification. Otherwise, the result of session verification would depend on which core is currently available.
func GetCookieValue ¶ added in v0.12.0
func GetCurrTimeInMS ¶ added in v0.12.0
func GetCurrTimeInMS() uint64
func GetJWKS ¶ added in v0.3.2
func GetJWKS(userContext ...supertokens.UserContext) (jwtmodels.GetJWKSResponse, error)
func GetOpenIdDiscoveryConfiguration ¶ added in v0.3.2
func GetOpenIdDiscoveryConfiguration(userContext ...supertokens.UserContext) (openidmodels.GetOpenIdDiscoveryConfigurationResponse, error)
func GetRequiredClaimValidators ¶ added in v0.12.0
func GetRequiredClaimValidators( sessionContainer sessmodels.SessionContainer, overrideGlobalClaimValidators func(globalClaimValidators []claims.SessionClaimValidator, sessionContainer sessmodels.SessionContainer, userContext supertokens.UserContext) ([]claims.SessionClaimValidator, error), userContext supertokens.UserContext, ) ([]claims.SessionClaimValidator, error)
func GetRidFromHeader ¶ added in v0.12.0
func GetSession ¶
func GetSession(req *http.Request, res http.ResponseWriter, options *sessmodels.VerifySessionOptions, userContext ...supertokens.UserContext) (sessmodels.SessionContainer, error)
func GetSessionFromRequest ¶ added in v0.12.0
func GetSessionFromRequest(req *http.Request, res http.ResponseWriter, config sessmodels.TypeNormalisedInput, options *sessmodels.VerifySessionOptions, recipeImpl sessmodels.RecipeInterface, userContext supertokens.UserContext) (sessmodels.SessionContainer, error)
func GetSessionFromRequestContext ¶
func GetSessionFromRequestContext(ctx context.Context) sessmodels.SessionContainer
func GetSessionInformation ¶
func GetSessionInformation(sessionHandle string, userContext ...supertokens.UserContext) (*sessmodels.SessionInformation, error)
func GetSessionWithoutRequestResponse ¶ added in v0.12.0
func GetSessionWithoutRequestResponse(accessToken string, antiCSRFToken *string, options *sessmodels.VerifySessionOptions, userContext ...supertokens.UserContext) (sessmodels.SessionContainer, error)
func GetToken ¶ added in v0.12.0
func GetToken(req *http.Request, tokenType sessmodels.TokenType, transferMethod sessmodels.TokenTransferMethod) (*string, error)
func GetURLScheme ¶ added in v0.0.5
func HandleRefreshAPI ¶ added in v0.12.0
func HandleRefreshAPI(apiImplementation sessmodels.APIInterface, options sessmodels.APIOptions, userContext supertokens.UserContext) error
func Init ¶
func Init(config *sessmodels.TypeInput) supertokens.Recipe
func MakeAPIImplementation ¶ added in v0.12.0
func MakeAPIImplementation() sessmodels.APIInterface
func MakeRecipeImplementation ¶ added in v0.12.0
func MakeRecipeImplementation(querier supertokens.Querier, config sessmodels.TypeNormalisedInput, appInfo supertokens.NormalisedAppinfo) sessmodels.RecipeInterface
func MergeIntoAccessTokenPayload ¶ added in v0.9.0
func MergeIntoAccessTokenPayload(sessionHandle string, accessTokenPayloadUpdate map[string]interface{}, userContext ...supertokens.UserContext) (bool, error)
func ParseJWTWithoutSignatureVerification ¶ added in v0.12.0
func ParseJWTWithoutSignatureVerification(token string) (sessmodels.ParsedJWTInfo, error)
func RefreshSession ¶
func RefreshSession(req *http.Request, res http.ResponseWriter, userContext ...supertokens.UserContext) (sessmodels.SessionContainer, error)
func RefreshSessionInRequest ¶ added in v0.12.0
func RefreshSessionInRequest(req *http.Request, res http.ResponseWriter, config sessmodels.TypeNormalisedInput, recipeImpl sessmodels.RecipeInterface, userContext supertokens.UserContext) (sessmodels.SessionContainer, error)
func RefreshSessionWithoutRequestResponse ¶ added in v0.12.0
func RefreshSessionWithoutRequestResponse(refreshToken string, disableAntiCSRF *bool, antiCSRFToken *string, userContext ...supertokens.UserContext) (sessmodels.SessionContainer, error)
func RemoveClaim ¶ added in v0.9.0
func RemoveClaim(sessionHandle string, claim *claims.TypeSessionClaim, userContext ...supertokens.UserContext) (bool, error)
func ResetForTest ¶
func ResetForTest()
func RevokeAllSessionsForUser ¶
func RevokeAllSessionsForUser(userID string, tenantId *string, userContext ...supertokens.UserContext) ([]string, error)
func RevokeMultipleSessions ¶
func RevokeMultipleSessions(sessionHandles []string, userContext ...supertokens.UserContext) ([]string, error)
func RevokeSession ¶
func RevokeSession(sessionHandle string, userContext ...supertokens.UserContext) (bool, error)
func SetAccessTokenInResponse ¶ added in v0.12.0
func SetAccessTokenInResponse(config sessmodels.TypeNormalisedInput, res http.ResponseWriter, accessToken string, frontToken string, tokenTransferMethod sessmodels.TokenTransferMethod, request *http.Request, userContext supertokens.UserContext) error
func SetClaimValue ¶ added in v0.9.0
func SetClaimValue(sessionHandle string, claim *claims.TypeSessionClaim, value interface{}, userContext ...supertokens.UserContext) (bool, error)
func SignOutAPI ¶ added in v0.12.0
func SignOutAPI(apiImplementation sessmodels.APIInterface, options sessmodels.APIOptions, userContext supertokens.UserContext) error
func UpdateSessionDataInDatabase ¶ added in v0.12.0
func UpdateSessionDataInDatabase(sessionHandle string, newSessionData map[string]interface{}, userContext ...supertokens.UserContext) (bool, error)
func ValidateAccessTokenStructure ¶ added in v0.12.0
func ValidateAndNormaliseUserInput ¶ added in v0.12.0
func ValidateAndNormaliseUserInput(appInfo supertokens.NormalisedAppinfo, config *sessmodels.TypeInput) (sessmodels.TypeNormalisedInput, error)
func ValidateClaimsForSessionHandle ¶ added in v0.9.0
func ValidateClaimsForSessionHandle( sessionHandle string, overrideGlobalClaimValidators func([]claims.SessionClaimValidator, sessmodels.SessionInformation, supertokens.UserContext) []claims.SessionClaimValidator, userContext ...supertokens.UserContext, ) (sessmodels.ValidateClaimsResponse, error)
func ValidateClaimsInJWTPayload ¶ added in v0.9.0
func ValidateClaimsInJWTPayload( tenantId string, userID string, jwtPayload map[string]interface{}, overrideGlobalClaimValidators func(globalClaimValidators []claims.SessionClaimValidator, userID string, userContext ...supertokens.UserContext) []claims.SessionClaimValidator, userContext ...supertokens.UserContext, ) ([]claims.ClaimValidationError, error)
func ValidateClaimsInPayload ¶ added in v0.12.0
func ValidateClaimsInPayload(claimValidators []claims.SessionClaimValidator, newAccessTokenPayload map[string]interface{}, userContext supertokens.UserContext) []claims.ClaimValidationError
func VerifySession ¶
func VerifySession(options *sessmodels.VerifySessionOptions, otherHandler http.HandlerFunc) http.HandlerFunc
func VerifySessionHelper ¶
func VerifySessionHelper(recipeInstance Recipe, options *sessmodels.VerifySessionOptions, otherHandler http.HandlerFunc) http.HandlerFunc
Types ¶
type AccessTokenInfoStruct ¶ added in v0.12.0
type AccessTokenInfoStruct struct { SessionHandle string UserID string RefreshTokenHash1 string ParentRefreshTokenHash1 *string UserData map[string]interface{} AntiCsrfToken *string ExpiryTime uint64 TimeCreated uint64 TenantId string }
func GetInfoFromAccessToken ¶ added in v0.12.0
func GetInfoFromAccessToken(jwtInfo sessmodels.ParsedJWTInfo, jwks *keyfunc.JWKS, doAntiCsrfCheck bool) (*AccessTokenInfoStruct, error)
type Recipe ¶
type Recipe struct { RecipeModule supertokens.RecipeModule Config sessmodels.TypeNormalisedInput RecipeImpl sessmodels.RecipeInterface OpenIdRecipe openid.Recipe APIImpl sessmodels.APIInterface // contains filtered or unexported fields }
func GetRecipeInstanceOrThrowError ¶ added in v0.9.0
func MakeRecipe ¶
func MakeRecipe(recipeId string, appInfo supertokens.NormalisedAppinfo, config *sessmodels.TypeInput, onSuperTokensAPIError func(err error, req *http.Request, res http.ResponseWriter)) (Recipe, error)
func (*Recipe) AddClaimFromOtherRecipe ¶ added in v0.9.0
func (r *Recipe) AddClaimFromOtherRecipe(claim *claims.TypeSessionClaim) error
Claim functions
func (*Recipe) AddClaimValidatorFromOtherRecipe ¶ added in v0.9.0
func (r *Recipe) AddClaimValidatorFromOtherRecipe(validator claims.SessionClaimValidator) error
func (*Recipe) GetClaimsAddedByOtherRecipes ¶ added in v0.12.0
func (r *Recipe) GetClaimsAddedByOtherRecipes() []*claims.TypeSessionClaim
type SessionContainerInput ¶
type SessionContainerInput struct {
// contains filtered or unexported fields
}