Documentation ¶
Index ¶
- Constants
- func AuthorizeHandler(schema *proto.Schema) common.HandlerFunc
- func CallbackHandler(schema *proto.Schema) common.HandlerFunc
- func GetClientSecret(ctx context.Context, provider *config.Provider) (string, bool)
- func ProvidersHandler(schema *proto.Schema) common.HandlerFunc
- func RevokeHandler(schema *proto.Schema) common.HandlerFunc
- func TokenEndpointHandler(schema *proto.Schema) common.HandlerFunc
- type ErrorResponse
- type ProviderResponse
- type RevokeEndpointErrorResponse
- type TokenResponse
Constants ¶
const ( // The request is missing a required parameter, includes an // invalid parameter value, includes a parameter more than // once, or is otherwise malformed. AuthorizationErrInvalidRequest = "invalid_request" // code using this method. AuthorizationErrUnauthorizedClient = "unauthorized_client" // The resource owner or authorization server denied the // request. AuthorizationErrAccessDenied = "access_denied" // The authorization server encountered an unexpected // condition that prevented it from fulfilling the request. // (This error code is needed because a 500 Internal Server // Error HTTP status code cannot be returned to the client // via an HTTP redirect.) AuthorizationErrServerError = "server_error" )
Error response types for the authorization endpoint https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1
const ( ArgGrantType = "grant_type" ArgSubjectToken = "subject_token" ArgSubjectTokenType = "subject_token_type" ArgRequestedTokenType = "requested_token_type" ArgCode = "code" ArgRefreshToken = "refresh_token" ArgToken = "token" ArgUsername = "username" ArgPassword = "password" )
https://datatracker.ietf.org/doc/html/rfc6749#section-5.2 https://datatracker.ietf.org/doc/html/rfc7009#section-2.1
const ( TokenErrUnsupportedGrantType = "unsupported_grant_type" TokenErrInvalidClient = "invalid_client" TokenErrInvalidRequest = "invalid_request" )
https://datatracker.ietf.org/doc/html/rfc6749#section-5.2
const ( GrantTypeImplicit = "implicit" GrantTypePassword = "password" GrantTypeClientCredentials = "client_credentials" GrantTypeAuthCode = "authorization_code" GrantTypeRefreshToken = "refresh_token" GrantTypeTokenExchange = "token_exchange" )
const (
TokenType = "bearer"
)
Variables ¶
This section is empty.
Functions ¶
func AuthorizeHandler ¶ added in v0.373.0
func AuthorizeHandler(schema *proto.Schema) common.HandlerFunc
AuthorizeHandler is a redirection endpoint that will redirect to the provider's sign-in/auth page
func CallbackHandler ¶ added in v0.373.0
func CallbackHandler(schema *proto.Schema) common.HandlerFunc
CallbackHandler is called by the provider after the authentication process is complete
If there is something wrong with the syntax of the request, such as the redirect_uri or client_id is invalid, then it’s important not to redirect the user and instead you should show the error message directly. This is to avoid letting your authorization server be used as an open redirector.
func GetClientSecret ¶ added in v0.373.0
func ProvidersHandler ¶ added in v0.373.0
func ProvidersHandler(schema *proto.Schema) common.HandlerFunc
func RevokeHandler ¶
func RevokeHandler(schema *proto.Schema) common.HandlerFunc
func TokenEndpointHandler ¶
func TokenEndpointHandler(schema *proto.Schema) common.HandlerFunc
TokenEndpointHandler handles requests to the token endpoint for the various grant types we support. OAuth2.0 specification: https://datatracker.ietf.org/doc/html/rfc6749#section-3.2 OpenID Connect specification for Token Endpoint: https://openid.net/specs/openid-connect-standard-1_0-21_orig.html#token_ep
Types ¶
type ErrorResponse ¶
type ErrorResponse struct { Error string `json:"error,omitempty"` ErrorDescription string `json:"error_description,omitempty"` }
https://openid.net/specs/openid-connect-standard-1_0-21_orig.html#AccessTokenErrorResponse https://datatracker.ietf.org/doc/html/rfc7009#section-2.2
type ProviderResponse ¶ added in v0.373.0
type TokenResponse ¶
type TokenResponse struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` ExpiresIn int `json:"expires_in"` RefreshToken string `json:"refresh_token,omitempty"` }
https://openid.net/specs/openid-connect-standard-1_0-21_orig.html#AccessTokenResponse