Documentation
¶
Overview ¶
Package authhandler implements a TokenSource to support "three-legged OAuth 2.0" via a custom AuthorizationHandler.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func TokenSource ¶
func TokenSource(ctx context.Context, config *oauth2.Config, state string, authHandler AuthorizationHandler) oauth2.TokenSource
TokenSource returns an oauth2.TokenSource that fetches access tokens using 3-legged-OAuth flow.
The provided context.Context is used for oauth2 Exchange operation.
The provided oauth2.Config should be a full configuration containing AuthURL, TokenURL, and Scope.
An environment-specific AuthorizationHandler is used to obtain user consent.
Per the OAuth protocol, a unique "state" string should be specified here. This token source will verify that the "state" is identical in the request and response before exchanging the auth code for OAuth token to prevent CSRF attacks.
func TokenSourceWithPKCE ¶
func TokenSourceWithPKCE(ctx context.Context, config *oauth2.Config, state string, authHandler AuthorizationHandler, pkce *PKCEParams) oauth2.TokenSource
TokenSourceWithPKCE is an enhanced version of TokenSource with PKCE support.
The pkce parameter supports PKCE flow, which uses code challenge and code verifier to prevent CSRF attacks. A unique code challenge and code verifier should be generated by the caller at runtime. See https://www.oauth.com/oauth2-servers/pkce/ for more info.
Types ¶
type AuthorizationHandler ¶
AuthorizationHandler is a 3-legged-OAuth helper that prompts the user for OAuth consent at the specified auth code URL and returns an auth code and state upon approval.
type PKCEParams ¶
type PKCEParams struct {
Challenge string // The unpadded, base64-url-encoded string of the encrypted code verifier.
ChallengeMethod string // The encryption method (ex. S256).
Verifier string // The original, non-encrypted secret.
}
PKCEParams holds parameters to support PKCE.
Source Files