authhandler

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2022 License: BSD-3-Clause Imports: 3 Imported by: 23

Documentation

Overview

Package authhandler implements a TokenSource to support "three-legged OAuth 2.0" via a custom AuthorizationHandler.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func TokenSource

func TokenSource(ctx context.Context, config *oauth2.Config, state string, authHandler AuthorizationHandler) oauth2.TokenSource

TokenSource returns an oauth2.TokenSource that fetches access tokens using 3-legged-OAuth flow.

The provided context.Context is used for oauth2 Exchange operation.

The provided oauth2.Config should be a full configuration containing AuthURL, TokenURL, and Scope.

An environment-specific AuthorizationHandler is used to obtain user consent.

Per the OAuth protocol, a unique "state" string should be specified here. This token source will verify that the "state" is identical in the request and response before exchanging the auth code for OAuth token to prevent CSRF attacks.

func TokenSourceWithPKCE

func TokenSourceWithPKCE(ctx context.Context, config *oauth2.Config, state string, authHandler AuthorizationHandler, pkce *PKCEParams) oauth2.TokenSource

TokenSourceWithPKCE is an enhanced version of TokenSource with PKCE support.

The pkce parameter supports PKCE flow, which uses code challenge and code verifier to prevent CSRF attacks. A unique code challenge and code verifier should be generated by the caller at runtime. See https://www.oauth.com/oauth2-servers/pkce/ for more info.

Types

type AuthorizationHandler

type AuthorizationHandler func(authCodeURL string) (code string, state string, err error)

AuthorizationHandler is a 3-legged-OAuth helper that prompts the user for OAuth consent at the specified auth code URL and returns an auth code and state upon approval.

type PKCEParams

type PKCEParams struct {
	Challenge       string // The unpadded, base64-url-encoded string of the encrypted code verifier.
	ChallengeMethod string // The encryption method (ex. S256).
	Verifier        string // The original, non-encrypted secret.
}

PKCEParams holds parameters to support PKCE.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL