The highest tagged major version is v1.

oauth2

package

v0.5.7 Latest Latest Go to latest Published: Oct 4, 2016 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory/hydra

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type ConsentStrategy
type DefaultConsentStrategy
- func (s *DefaultConsentStrategy) IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (string, error)
- func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, token string) (claims *Session, err error)
type HTTPIntrospector
type Handler
type Introspection
type Introspector
type LocalIntrospector
- func (w *LocalIntrospector) IntrospectToken(ctx context.Context, token string) (*Introspection, error)
- func (w *LocalIntrospector) TokenFromRequest(r *http.Request) string
type Session
- func NewSession(subject string) *Session

Constants ¶

View Source

const (
	ConsentChallengeKey = "hydra.consent.challenge"
	ConsentEndpointKey  = "hydra.consent.response"
)

View Source

const (
	OpenIDConnectKeyName = "hydra.openid.id-token"

	ConsentPath = "/oauth2/consent"
	TokenPath   = "/oauth2/token"
	AuthPath    = "/oauth2/auth"

	// IntrospectPath points to the OAuth2 introspection endpoint.
	IntrospectPath = "/oauth2/introspect"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ConsentStrategy ¶

type ConsentStrategy interface {
	ValidateResponse(authorizeRequest fosite.AuthorizeRequester, token string) (claims *Session, err error)
	IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (token string, err error)
}

type DefaultConsentStrategy ¶

type DefaultConsentStrategy struct {
	Issuer string

	DefaultIDTokenLifespan   time.Duration
	DefaultChallengeLifespan time.Duration
	KeyManager               jwk.Manager
}

func (*DefaultConsentStrategy) IssueChallenge ¶

func (s *DefaultConsentStrategy) IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (string, error)

func (*DefaultConsentStrategy) ValidateResponse ¶

func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, token string) (claims *Session, err error)

type HTTPIntrospector ¶ added in v0.4.0

type HTTPIntrospector struct {
	Client   *http.Client
	Dry      bool
	Endpoint *url.URL
}

func (*HTTPIntrospector) IntrospectToken ¶ added in v0.4.0

func (this *HTTPIntrospector) IntrospectToken(ctx context.Context, token string) (*Introspection, error)

IntrospectToken is capable of introspecting tokens according to https://tools.ietf.org/html/rfc7662

The HTTP API is documented at http://docs.hdyra.apiary.io/#reference/oauth2/oauth2-token-introspection

func (*HTTPIntrospector) SetClient ¶ added in v0.4.0

func (this *HTTPIntrospector) SetClient(c *clientcredentials.Config)

func (*HTTPIntrospector) TokenFromRequest ¶ added in v0.4.0

func (this *HTTPIntrospector) TokenFromRequest(r *http.Request) string

type Handler ¶

type Handler struct {
	OAuth2  fosite.OAuth2Provider
	Consent ConsentStrategy

	Introspector Introspector
	Firewall     firewall.Firewall
	H            herodot.Herodot

	ForcedHTTP bool
	ConsentURL url.URL
}

func (*Handler) AuthHandler ¶

func (h *Handler) AuthHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Handler) DefaultConsentHandler ¶

func (o *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Handler) Introspect ¶ added in v0.4.0

func (h *Handler) Introspect(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Handler) SetRoutes ¶

func (h *Handler) SetRoutes(r *httprouter.Router)

func (*Handler) TokenHandler ¶

func (h *Handler) TokenHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

type Introspection ¶ added in v0.4.0

type Introspection struct {
	// Active is a boolean indicator of whether or not the presented token
	// is currently active.  The specifics of a token's "active" state
	// will vary depending on the implementation of the authorization
	// server and the information it keeps about its tokens, but a "true"
	// value return for the "active" property will generally indicate
	// that a given token has been issued by this authorization server,
	// has not been revoked by the resource owner, and is within its
	// given time window of validity (e.g., after its issuance time and
	// before its expiration time).
	Active bool `json:"active"`

	// Scope is a JSON string containing a space-separated list of
	// scopes associated with this token.
	Scope string `json:"scope,omitempty"`

	// ClientID is aclient identifier for the OAuth 2.0 client that
	// requested this token.
	ClientID string `json:"client_id,omitempty"`

	// Subject of the token, as defined in JWT [RFC7519].
	// Usually a machine-readable identifier of the resource owner who
	// authorized this token.
	Subject string `json:"sub,omitempty"`

	// Expires at is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token will expire.
	ExpiresAt int64 `json:"exp,omitempty"`

	// Issued at is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token was
	// originally issued.
	IssuedAt int64 `json:"iat,omitempty"`

	// NotBefore is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token is not to be
	// used before.
	NotBefore int64 `json:"nbf,omitempty"`

	// Username is a human-readable identifier for the resource owner who
	// authorized this token.
	Username int64 `json:"username,omitempty"`

	// Audience is a service-specific string identifier or list of string
	// identifiers representing the intended audience for this token.
	Audience string `json:"aud,omitempty"`

	// Issuer is a string representing the issuer of this token
	Issuer string `json:"iss,omitempty"`

	// Extra is arbitrary data set by the session.
	Extra map[string]interface{} `json:"ext,omitempty"`
}

Introspection contains an access token's session data as specified by IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662

type Introspector ¶ added in v0.4.0

type Introspector interface {
	// IntrospectToken performs a token introspection according to IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662
	//
	//  func anyHttpHandler(w http.ResponseWriter, r *http.Request) {
	//    ctx, err := introspector.IntrospectToken(context.Background(), introspector.TokenFromRequest(r), "photos", "files")
	//    fmt.Sprintf("%s", ctx.Subject)
	//  }
	IntrospectToken(ctx context.Context, token string) (*Introspection, error)
}

Introspector is capable of introspecting an access token according to IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662

type LocalIntrospector ¶ added in v0.4.0

type LocalIntrospector struct {
	OAuth2 fosite.OAuth2Provider

	AccessTokenLifespan time.Duration
	Issuer              string
}

func (*LocalIntrospector) IntrospectToken ¶ added in v0.4.0

func (w *LocalIntrospector) IntrospectToken(ctx context.Context, token string) (*Introspection, error)

func (*LocalIntrospector) TokenFromRequest ¶ added in v0.4.0

func (w *LocalIntrospector) TokenFromRequest(r *http.Request) string

type Session ¶

type Session struct {
	Subject                string `json:"sub"`
	*openid.DefaultSession `json:"idToken"`
	*oauth2.HMACSession    `json:"session"`
	Extra                  map[string]interface{} `json:"extra"`
}

func NewSession ¶

func NewSession(subject string) *Session

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL