login

package
v0.0.0-...-184bb4f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 14, 2023 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	TokenRoute      = "/v1/oauth2/token"
	ListRoute       = "/v1/oauth2/keys"
	IntrospectRoute = "/v1/oauth2/introspect"
	OnboardingRoute = "/v1/oauth2/onboard"
)
View Source 
const (
	RS384 = "RS384"
	RS512 = "RS512"
	RS256 = "RS256"
)

Variables

This section is empty.

Functions

func Introspect 

func Introspect(svc Service) http.Handler

Introspect godoc @Summary Introspection endpoint (rfc7662) to introspect the issued JWT Access Tokens @ID introspect-jwt @Description This endpoint allows introspection of the issued JWT Access Tokens. @Tags token @Produce json @Security BearerAuth @Success 200 {object} IntrospectionResponse @Failure 400 {object} ErrorResponse @Failure 401 {object} ErrorResponse @Failure 500 {object} ErrorResponse @Router /v1/oauth2/introspect [get] @Router /v1/oauth2/introspect [post]

func IssueToken 

func IssueToken(svc Service) http.Handler

IssueToken godoc @Summary Issues JWT Access Tokens (rfc7519) using Client Credentials Grant with Basic Authentication (rfc6749) @ID create-token @Description This endpoint issues JWT Access Tokens using the Client Credentials Grant with Basic Authentication. @Tags token @Accept x-www-form-urlencoded @Produce json @Success 200 {object} TokenResponse @Failure 400 {object} ErrorResponse @Failure 401 {object} ErrorResponse @Failure 500 {object} ErrorResponse @Param grant_type formData string true "grant_type" default(client_credentials) @Param client_id formData string true "client_id" default(test) @Param client_secret formData string true "client_secret" default(test) @Router /v1/oauth2/token [post]

func ListKnownSigningKeys 

func ListKnownSigningKeys(svc Service) http.Handler

ListKnownSigningKeys godoc @Summary Endpoint to list the signing keys (rfc7517) @ID list-keys @Description This endpoint lists the signing keys. @Tags token @Produce json @Security BearerAuth @Success 200 {object} KeysResponse @Failure 400 {object} ErrorResponse @Failure 401 {object} ErrorResponse @Failure 500 {object} ErrorResponse @Router /v1/oauth2/keys [get]

func Onboarding 

func Onboarding(svc Service) http.Handler

Onboarding godoc @Summary Facilitates the creation of signing keys and onboarding new clients (client_id, client_secret and signing key pairs) @ID declare-clients-and-keys @Description This endpoint helps local tests, by creating signing keys and declaring new clients @Tags token @Accept x-www-form-urlencoded @Success 202 @Failure 400 {object} ErrorResponse @Failure 401 {object} ErrorResponse @Failure 500 {object} ErrorResponse @Param totp formData string true "totp code" @Param operation_type formData string true "operation_type can be create_key (should provide key_name) and create_client (should provide client_id, client_secret and associated key_name)." default(create_key) @Param client_id formData string false "client_id" default(test) @Param client_secret formData string false "client_secret" default(test) @Param key_name formData string true "key_name" default(my_key) @Router /v1/oauth2/onboard [post]

func RegisterRoutes 

func RegisterRoutes(
	router *mux.Router,
	svc Service,
	logger func(inner http.Handler, name string) http.Handler,
	recoverer func(next http.Handler) http.Handler,
)

Types

type ErrorResponse 

type ErrorResponse struct {
	Code    int    `json:"code"`
	Message string `json:"error"`
}

type IntrospectionResponse 

type IntrospectionResponse struct {
	ClientID  string `json:"client_id"`
	Subject   string `json:"sub"`
	Scope     string `json:"scope"`
	Audience  string `json:"aud"`
	Type      string `json:"token_type"`
	UUID      string `json:"jti"`
	ExpiresAt int64  `json:"exp"`
	NotBefore int64  `json:"nbf"`
	IssuedAt  int64  `json:"iat"`
	Active    bool   `json:"active"`
}

type KeysResponse 

type KeysResponse struct {
	Keys []SignKey `json:"keys"`
}

type RepoImpl 

type RepoImpl struct {
	// contains filtered or unexported fields
}

func NewRepository 

func NewRepository(db *sql.DB) RepoImpl

func (*RepoImpl) CreateTables 

func (r *RepoImpl) CreateTables() error

func (*RepoImpl) GetClientSecretAndPrivateKeyByClientID 

func (r *RepoImpl) GetClientSecretAndPrivateKeyByClientID(clientID string) (string, []byte, error)

func (*RepoImpl) GetSigningKeyFromAuditedToken 

func (r *RepoImpl) GetSigningKeyFromAuditedToken(tokenString string) ([]byte, error)

func (*RepoImpl) InsertAudit 

func (r *RepoImpl) InsertAudit(clientID, accessToken, tokenType string, expiresIn int64) error

func (*RepoImpl) InsertClient 

func (r *RepoImpl) InsertClient(clientID string, clientSecret []byte, keyName string) error

func (*RepoImpl) ListAllSigningKeys 

func (r *RepoImpl) ListAllSigningKeys() ([]string, [][]byte, error)

func (*RepoImpl) SavePrivateKey 

func (r *RepoImpl) SavePrivateKey(keyName string, keyData []byte) error

type RepoMock 

type RepoMock struct {
	// contains filtered or unexported fields
}

func NewMock 

func NewMock(clientID string) RepoMock

func (*RepoMock) GetClientSecretAndPrivateKeyByClientID 

func (r *RepoMock) GetClientSecretAndPrivateKeyByClientID(clientID string) (string, []byte, error)

func (*RepoMock) GetSigningKeyFromAuditedToken 

func (r *RepoMock) GetSigningKeyFromAuditedToken(tokenString string) ([]byte, error)

func (*RepoMock) InsertAudit 

func (r *RepoMock) InsertAudit(clientID, accessToken, tokenType string, expiresIn int64) error

func (*RepoMock) InsertClient 

func (r *RepoMock) InsertClient(clientID string, clientSecret []byte, keyName string) error

func (*RepoMock) ListAllSigningKeys 

func (r *RepoMock) ListAllSigningKeys() ([]string, [][]byte, error)

func (*RepoMock) SavePrivateKey 

func (r *RepoMock) SavePrivateKey(keyName string, keyData []byte) error

type Repository 

type Repository interface {
	GetClientSecretAndPrivateKeyByClientID(clientID string) (string, []byte, error)
	InsertAudit(clientID, accessToken, tokenType string, expiresIn int64) error
	SavePrivateKey(keyName string, keyData []byte) error
	InsertClient(clientID string, clientSecret []byte, keyName string) error
	GetSigningKeyFromAuditedToken(tokenString string) ([]byte, error)
	ListAllSigningKeys() ([]string, [][]byte, error)
}

type Service 

type Service interface {
	Sign(clientID, clientSecret string) (*TokenResponse, error)
	DecodeJWTToken(tokenString string) (*jwt.Token, error)
	ListKnownSigningKeys() (*KeysResponse, error)
	GenerateAndSavePrivateKey(totpKey, keyName string) error
	OnboardNewClient(totpKey, clientID, clientSecret, keyName string) error
}

type SignKey 

type SignKey struct {
	KeyID     string `json:"key_id"`
	Key       string `json:"public_key"`
	Algorithm string `json:"algorithm"`
	Use       string `json:"use"`
}

type SvcImpl 

type SvcImpl struct {
	// contains filtered or unexported fields
}

func NewService 

func NewService(
	repo Repository,
	expiration time.Duration,
	signMethod string,
	totpKey string,
) SvcImpl

func (*SvcImpl) DecodeJWTToken 

func (s *SvcImpl) DecodeJWTToken(tokenString string) (*jwt.Token, error)

func (*SvcImpl) GenerateAndSavePrivateKey 

func (s *SvcImpl) GenerateAndSavePrivateKey(totpKey, keyName string) error

func (*SvcImpl) ListKnownSigningKeys 

func (s *SvcImpl) ListKnownSigningKeys() (*KeysResponse, error)

func (*SvcImpl) OnboardNewClient 

func (s *SvcImpl) OnboardNewClient(totpKey, clientID, clientSecret, keyName string) error

func (*SvcImpl) Sign 

func (s *SvcImpl) Sign(clientID, clientSecret string) (*TokenResponse, error)

type TokenResponse 

type TokenResponse struct {
	AccessToken string `json:"access_token"`
	TokenType   string `json:"token_type"`
	ExpiresIn   int64  `json:"expires_in"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.