oauth

package
v0.379.2-next.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 13, 2024 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

View Source
const (
	KeelIssuer = "https://keel.so"

	ResetTokenExpiry time.Duration = time.Minute * 15
)

Variables

View Source
var (
	ErrInvalidToken     = common.NewAuthenticationFailedMessageErr("cannot be parsed or verified as a valid JWT")
	ErrTokenExpired     = common.NewAuthenticationFailedMessageErr("token has expired")
	ErrIdentityNotFound = common.NewAuthenticationFailedMessageErr("identity not found")
)

Functions

func ConsumeAuthCode added in v0.373.0

func ConsumeAuthCode(ctx context.Context, code string) (isValid bool, identityId string, err error)

ConsumeAuthCode checks that the provided auth code has not expired, consumes it (making it unusable again), and returning the identity it is associated with.

func ExtractClaimFromJwt added in v0.379.1

func ExtractClaimFromJwt(token string, claim string) (string, error)

func GenerateAccessToken

func GenerateAccessToken(ctx context.Context, identityId string) (string, time.Duration, error)

func GenerateResetToken added in v0.379.1

func GenerateResetToken(ctx context.Context, identityId string) (string, error)

func NewAuthCode added in v0.373.0

func NewAuthCode(ctx context.Context, identityId string) (string, error)

NewAuthCode generates a new auth code for the identity using the configured or default expiry time.

func NewRefreshToken

func NewRefreshToken(ctx context.Context, identityId string) (string, error)

NewRefreshToken generates a new refresh token for the identity using the configured or default expiry time.

func RevokeRefreshToken

func RevokeRefreshToken(ctx context.Context, refreshTokenRaw string) error

RevokeRefreshToken will delete (revoke) the provided refresh token, which will prevent it from being used again.

func RotateRefreshToken

func RotateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, refreshToken string, identityId string, err error)

RotateRefreshToken validates that the provided refresh token has not expired, and then rotates it for a new refresh token with the exact same expiry time and identity. The original refresh token is then revoked from future use.

func ValidateAccessToken

func ValidateAccessToken(ctx context.Context, tokenString string) (string, error)

func ValidateRefreshToken

func ValidateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, identityId string, err error)

ValidateRefreshToken validates that the provided refresh token has no expired, and also returns the identity it is associated with. The refresh token is not revoked.

func ValidateResetToken added in v0.379.1

func ValidateResetToken(ctx context.Context, tokenString string) (string, error)

func VerifyIdToken

func VerifyIdToken(ctx context.Context, idTokenRaw string) (*oidc.IDToken, error)

VerifyIdToken will verify the ID token from an OpenID Connect provider.

Types

type AccessTokenClaims

type AccessTokenClaims struct {
	jwt.RegisteredClaims
}

https://pkg.go.dev/github.com/golang-jwt/jwt/v4#RegisteredClaims

type IdTokenClaims

type IdTokenClaims struct {
	jwt.RegisteredClaims
	UserClaims
}

type UserClaims

type UserClaims struct {
	// default 'email' scope claims
	Email         string `json:"email,omitempty"`
	EmailVerified bool   `json:"email_verified,omitempty"`

	// default 'profile' scope claims
	Name              string `json:"name,omitempty"`
	GivenName         string `json:"given_name,omitempty"`
	FamilyName        string `json:"family_name,omitempty"`
	MiddleName        string `json:"middle_name,omitempty"`
	NickName          string `json:"nick_name,omitempty"`
	PreferredUsername string `json:"preferred_username,omitempty"`
	Profile           string `json:"profile,omitempty"`
	Picture           string `json:"picture,omitempty"`
	Website           string `json:"website,omitempty"`
	Gender            string `json:"gender,omitempty"`
	ZoneInfo          string `json:"zoneinfo,omitempty"`
	Locale            string `json:"locale,omitempty"`

	// default 'phone' scope claims
	PhoneNumber         string `json:"phone_number,omitempty"`
	PhoneNumberVerified bool   `json:"phone_number_verified,omitempty"`
}

https://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL