oauth1

package module
Version: v0.0.0-...-f88559e Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 11, 2017 License: BSD-3-Clause Imports: 17 Imported by: 1

README

oauth1 GoDoc

Package oauth1 provides building blocks for implementing an OAuth 1.0 service provider. See the example code for how to implement authentication for protected resources and redirection-based authorization.

Documentation

Overview

Package oauth1 provides building blocks for implementing an OAuth 1.0 server.

Index

Constants

This section is empty.

Variables

View Source
var (
	// ErrNotFound is the error returned by Store methods if a token or client
	// can not be found.
	ErrNotFound = errors.New("not found")
	// ErrNonceAlreadyUsed is the error returned by ConsumeNonce if a nonce is
	// re-used.
	ErrNonceAlreadyUsed = errors.New("nonce already used")
)

Functions

func IsInternal

func IsInternal(err error) bool

IsInternal returns true if err is caused by an internal server error.

func WriteError

func WriteError(w http.ResponseWriter, err error)

WriteError encodes and writes err to w with the appropriate status code.

Types

type ClientCredentials

type ClientCredentials struct {
	ID     string
	Secret string

	// Callback is an optional pre-configured callback URI for the client.
	// It is only used if Server.FixedCallbacks is set to true.
	Callback *url.URL

	// Custom is an extension slot that is not used internally. An
	// implementation may optionally use it to store for example the
	// application name or author information.
	Custom interface{}
}

ClientCredentials holds the identifier and shared secret used to authenticate a particular client.

type Server

type Server struct {
	// Store is the database used to store credentials and nonces.
	Store Store

	// MaxAge specifies an age limit for timestamps, after (optionally)
	// accounting for clock skew. A request with an older timestamp will be
	// denied with HTTP 401 Unauthorized.
	//
	// A MaxAge of zero means no limit.
	MaxAge time.Duration

	// MaxSkew specifies the allowed difference between client and server time.
	//
	// It is only applied if MaxAge is not zero.
	MaxSkew time.Duration

	// FixedCallbacks controls if the callback URL should be specified via the
	// oauth_callback protocol parameter or pre-configured per client.
	FixedCallbacks bool

	// Realm is the description of the protected area to be included in
	// WWW-Authenticate headers.
	//
	// If Realm is empty WWW-Authenticate headers are suppressed.
	Realm string
	// contains filtered or unexported fields
}

Server provides methods for interacting with OAuth 1.0 clients.

func (*Server) Authenticate

func (s *Server) Authenticate(r *http.Request) (*ClientCredentials, *TokenCredentials, error)

Authenticate verifies that the authenticated request is protocol compliant and valid. The *TokenCredentials returned is nil if the request is signed with only client credentials.

func (*Server) ConcludeAuthorization

func (s *Server) ConcludeAuthorization(r *http.Request) (*TokenCredentials, error)

ConcludeAuthorization consumes the supplied temporary token credentials and returns new token credentials that can be used by the client for authenticated requests.

This is the third and final step for a client to acquire token credentials.

func (*Server) InitiateAuthorization

func (s *Server) InitiateAuthorization(r *http.Request) (*TempCredentials, error)

InitiateAuthorization validates a request for new temporary credentials and creates them if successful.

This is the first step taken by a client to acquire token credentials.

func (*Server) RequestAuthorization

func (s *Server) RequestAuthorization(r *http.Request) (*ClientCredentials, *TempCredentials, error)

RequestAuthorization validates a request made by the client to obtain authorization from the resource owner.

The service provider must ask the resource owner to grant access, and if authorization is given the user agent should be redirected to the token's VerifiedCallback(). If this callback is nil the VerificationCode should instead be displayed together with instructions to manually inform the client that authorization is completed.

This is the second step for a client to acquire token credentials.

type Store

type Store interface {
	// GetClient loads the credentials with the given ID from the database.
	// It returns ErrNotFound if no matching record can be found.
	GetClient(ctx context.Context, id string) (*ClientCredentials, error)

	// GetToken loads the token credentials with the given ID from the
	// database. It returns ErrNotFound if no matching record can be found.
	GetToken(ctx context.Context, id string) (*TokenCredentials, error)

	// GetToken loads the temporary credentials with the given ID from the
	// database. It returns ErrNotFound if no matching record can be found.
	GetTemp(ctx context.Context, id string) (*TempCredentials, error)

	// AddTempCredentials adds new temporary credentials to the database.
	AddTempCredentials(context.Context, *TempCredentials) error

	// ConvertTempCredentials replaces the temporary credentials with token
	// credentials.
	ConvertTempCredentials(ctx context.Context, old *TempCredentials, new *TokenCredentials) error

	// ConsumeNonce validates that a nonce is unique across all requests with
	// the same timestamp, client and token combinations. If the combination
	// has been used before ConsumeNonce returns ErrNonceAlreadyUsed.
	ConsumeNonce(ctx context.Context, nonce string, timestamp time.Time, clientID, tokenID string) error
}

Store is the interface used to manage credentials and nonces.

type TempCredentials

type TempCredentials struct {
	ID               string
	Secret           string
	ClientID         string
	Callback         *url.URL
	VerificationCode string

	// Custom is an extension slot that is not used internally. An
	// implementation may optionally use it to store for example a
	// user association.
	Custom interface{}
}

TempCredentials holds the identifier and shared secret used to make an authorization request to the resource owner.

func (*TempCredentials) Redirect

func (t *TempCredentials) Redirect(w http.ResponseWriter, r *http.Request)

Redirect replies with a redirect to the callback URL, with identifier and verification code added to the query string. It panics if there is no callback.

func (*TempCredentials) WriteTo

func (t *TempCredentials) WriteTo(w http.ResponseWriter) error

WriteTo encodes and writes the identifier and secret to w.

type TokenCredentials

type TokenCredentials struct {
	ID       string
	Secret   string
	ClientID string

	// Custom is an extension slot that is not used internally. An
	// implementation may optionally use it to store for example a
	// user association.
	Custom interface{}
}

TokenCredentials holds the identifier and shared secret used to authenticate a resource owner.

func (*TokenCredentials) WriteTo

func (t *TokenCredentials) WriteTo(w http.ResponseWriter) error

WriteTo encodes and writes the identifier and secret to w.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL