goauth_handlers

README

Important Notice

This public repository is read-only and no longer maintained.

goauth-handlers

Go HTTP handlers that adds OAuth 2.0 authorization framework to enable a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.

The goauth-handlers verifies that the current user has the necessary OAuth authorization to continue further. This library compares the OAuth token, stored in the session of the current user, and verifies that it has not expired and has the necessary rights. If that is not the case, response with the proper HTTP response code is sent or forwards the user to a remote OAuth Authorization server as per the Authorization Grant flow.

At this point in time, the goauth-handlers uses a client Cookie to store the user's session and OAuth information (including token). In order to keep things secure, all session information is encrypted in the cookie so that the user cannot tamper with the data.

License

This project is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file.

User Guide

The library is written in Go so you will need to set that up. Once you have Go, you can use the following command to download the source code and build it.

go get github.com/SAP/goauth-handlers

Tests

goauth-handlers project contains unit tests, in order to execute them run the following command in project root directory.

ginkgo -r

Documentation

Index

• Constants
• type AuthorizationHandler
  • func (h *AuthorizationHandler) ServeHTTP(w http.ResponseWriter, req *http.Request)
• type CallbackHandler
  • func (h *CallbackHandler) ServeHTTP(w http.ResponseWriter, req *http.Request)
• type DelegateHandler
• type StateGenerator
• type TokenDecoder
• type TokenProvider

Constants

const DataTokenKey = "oauth.token"

const DataUserInfoKey = "oauth.userinfo"

const HeaderOAuthAccessToken = "X-Goauth-Oauth-Token-Access-Token"

const HeaderOAuthInfoScopes = "X-Goauth-Oauth-Info-User-Scopes"

const HeaderOAuthInfoUserID = "X-Goauth-Oauth-Info-User-Id"

const HeaderOAuthInfoUserName = "X-Goauth-Oauth-Info-User-Name"

const HeaderOAuthRefreshToken = "X-Goauth-Oauth-Token-Refresh-Token"

const HeaderOAuthTokenExpiry = "X-Goauth-Oauth-Token-Expiry"

const HeaderOAuthTokenType = "X-Goauth-Oauth-Token-Type"

const SessionName = "goauth"

const SessionStateKey = "state"

const SessionTokenKey = "token"

const SessionURLKey = "url"

Types

type AuthorizationHandler

type AuthorizationHandler struct {
	Handler                DelegateHandler
	Provider               TokenProvider
	Decoder                TokenDecoder
	Store                  session.Store
	StateGenerator         StateGenerator
	RequiredScopes         []string
	Logger                 gologger.Logger
	StoreTokenInHeaders    bool
	StoreUserInfoInHeaders bool
}

func (*AuthorizationHandler) ServeHTTP

func (h *AuthorizationHandler) ServeHTTP(w http.ResponseWriter, req *http.Request)

type CallbackHandler

type CallbackHandler struct {
	Provider TokenProvider
	Store    session.Store
	Logger   gologger.Logger
}

func (*CallbackHandler) ServeHTTP

func (h *CallbackHandler) ServeHTTP(w http.ResponseWriter, req *http.Request)

type DelegateHandler

type DelegateHandler interface {
	http.Handler
}

type StateGenerator

type StateGenerator interface {
	GenerateState() (string, error)
}

type TokenDecoder

type TokenDecoder interface {
	Decode(*oauth2.Token) (token.Info, error)
}

TokenDecoder should be able to decode stored information in a JWT token.

type TokenProvider

type TokenProvider interface {
	RequestToken(code string) (*oauth2.Token, error)
	LoginURL(state string) string
}

TokenProvider should be able to echange auth code for access token and generate login url from state string.