osin

package module
v0.0.0-...-2c71676 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 20, 2013 License: BSD-3-Clause Imports: 9 Imported by: 0

README

OSIN

Golang OAuth2 server library

OSIN is an OAuth2 server library for the Go language, as specified at http://tools.ietf.org/html/rfc6749.

Using it, you can build your own OAuth2 authentication service.

The library implements the majority of the specification, like authorization and token endpoints, and authorization code, implicit, resource owner and client credentials grant types.

Dependencies
Example Server
import "github.com/RangelReale/osin"

// TestStorage implements the "osin.Storage" interface
server := osin.NewServer(osin.NewServerConfig(), &TestStorage{})
output := osin.NewResponseOutputJSON()

// Authorization code endpoint
http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
	resp := server.NewResponse()
	if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {
		
		// HANDLE LOGIN PAGE HERE
		
		ar.Authorized = true
		server.FinishAuthorizeRequest(resp, r, ar)
	}
	output.Output(resp, w, r)
})

// Access token endpoint
http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
	resp := server.NewResponse()
	if ar := server.HandleAccessRequest(resp, r); ar != nil {
		ar.Authorized = true
		server.FinishAccessRequest(resp, r, ar)
	}
	output.Output(resp, w, r)
})

http.ListenAndServe(":14000", nil)
Example Access

Open in your web browser:

http://localhost:14000/authorize?response_type=code&client_id=1234&redirect_url=http%3A%2F%2Flocalhost%3A14000%2Fappauth%2Fcode
License

The code is licensed using "New BSD" license.

Author

Rangel Reale

Documentation

Index

Constants

View Source 
const (
	AUTHORIZATION_CODE AccessRequestType = "authorization_code"
	REFRESH_TOKEN                        = "refresh_token"
	PASSWORD                             = "password"
	CLIENT_CREDENTIALS                   = "client_credentials"
	IMPLICIT                             = "__implicit"
)
View Source 
const (
	E_INVALID_REQUEST           string = "invalid_request"
	E_UNAUTHORIZED_CLIENT              = "unauthorized_client"
	E_ACCESS_DENIED                    = "access_denied"
	E_UNSUPPORTED_RESPONSE_TYPE        = "unsupported_response_type"
	E_INVALID_SCOPE                    = "invalid_scope"
	E_SERVER_ERROR                     = "server_error"
	E_TEMPORARILY_UNAVAILABLE          = "temporarily_unavailable"
	E_UNSUPPORTED_GRANT_TYPE           = "unsupported_grant_type"
	E_INVALID_GRANT                    = "invalid_grant"
	E_INVALID_CLIENT                   = "invalid_client"
)

Variables

This section is empty.

Functions

func ValidateUri 

func ValidateUri(baseUri string, redirectUri string) error

Validate if redirectUri is contained in baseUri

Types

type AccessData 

type AccessData struct {
	// Client information
	Client *Client

	// Authorize data, for authorization code
	AuthorizeData *AuthorizeData

	// Previous access data, for refresh token
	AccessData *AccessData

	// Access token
	AccessToken string

	// Refresh Token. Can be blank
	RefreshToken string

	// Token expiration in seconds
	ExpiresIn int32

	// Requested scope
	Scope string

	// Redirect Uri from request
	RedirectUri string

	// Date created
	CreatedAt time.Time

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

Access data

func (*AccessData) ExpireAt 

func (d *AccessData) ExpireAt() time.Time

Returns the expiration date

func (*AccessData) IsExpired 

func (d *AccessData) IsExpired() bool

Returns true if access expired

type AccessRequest 

type AccessRequest struct {
	Type          AccessRequestType
	Code          string
	Client        *Client
	AuthorizeData *AuthorizeData
	AccessData    *AccessData
	RedirectUri   string
	Scope         string
	Username      string
	Password      string

	// Set if request is authorized
	Authorized bool

	// Token expiration in seconds. Change if different from default
	Expiration int32

	// Set if a refresh token should be generated
	GenerateRefresh bool

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

Access request information

type AccessRequestType 

type AccessRequestType string

type AccessTokenGen 

type AccessTokenGen interface {
	GenerateAccessToken(data *AccessData, generaterefresh bool) (accesstoken string, refreshtoken string, err error)
}

Access token generator interface

type AccessTokenGenDefault 

type AccessTokenGenDefault struct {
}

Default authorization token generator

func (*AccessTokenGenDefault) GenerateAccessToken 

func (a *AccessTokenGenDefault) GenerateAccessToken(data *AccessData, generaterefresh bool) (accesstoken string, refreshtoken string, err error)

type AllowedAccessType 

type AllowedAccessType []AccessRequestType

func (AllowedAccessType) Exists 

func (t AllowedAccessType) Exists(rt AccessRequestType) bool

Checks if the type exists in the list

type AllowedAuthorizeType 

type AllowedAuthorizeType []AuthorizeRequestType

Helper allowing objects

func (AllowedAuthorizeType) Exists 

func (t AllowedAuthorizeType) Exists(rt AuthorizeRequestType) bool

Checks if the type exists in the list

type AuthorizeData 

type AuthorizeData struct {
	// Client information
	Client *Client

	// Authorization code
	Code string

	// Token expiration in seconds
	ExpiresIn int32

	// Requested scope
	Scope string

	// Redirect Uri from request
	RedirectUri string

	// State data from request
	State string

	// Date created
	CreatedAt time.Time

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

Authorization data

func (*AuthorizeData) ExpireAt 

func (d *AuthorizeData) ExpireAt() time.Time

Returns the expiration date

func (*AuthorizeData) IsExpired 

func (d *AuthorizeData) IsExpired() bool

Returns true if authorization expired

type AuthorizeRequest 

type AuthorizeRequest struct {
	Type        AuthorizeRequestType
	Client      *Client
	Scope       string
	RedirectUri string
	State       string

	// Set if request is authorized
	Authorized bool

	// Token expiration in seconds. Change if different from default.
	// If type = TOKEN, this expiration will be for the ACCESS token.
	Expiration int32

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

Authorize request information

type AuthorizeRequestType 

type AuthorizeRequestType string
const (
	CODE  AuthorizeRequestType = "code"
	TOKEN                      = "token"
)

type AuthorizeTokenGen 

type AuthorizeTokenGen interface {
	GenerateAuthorizeToken(data *AuthorizeData) (string, error)
}

Authorization token generator interface

type AuthorizeTokenGenDefault 

type AuthorizeTokenGenDefault struct {
}

Default authorization token generator

func (*AuthorizeTokenGenDefault) GenerateAuthorizeToken 

func (a *AuthorizeTokenGenDefault) GenerateAuthorizeToken(data *AuthorizeData) (ret string, err error)

type BasicAuth 

type BasicAuth struct {
	Username string
	Password string
}

Parse basic authentication header

func CheckBasicAuth 

func CheckBasicAuth(r *http.Request) (*BasicAuth, error)

Return authorization header data

func CheckClientAuth 

func CheckClientAuth(r *http.Request, useparams bool) (*BasicAuth, error)

Check client authentication in params if allowed, and on authorization header

type Client 

type Client struct {
	// Client id
	Id string

	// Client secrent
	Secret string

	// Base client uri
	RedirectUri string

	// Data to be passed to storage. Not used by the library.
	UserData interface{}
}

Client information

type DefaultErrorId 

type DefaultErrorId string

type DefaultErrors 

type DefaultErrors struct {
	// contains filtered or unexported fields
}

Default errors and messages

func NewDefaultErrors 

func NewDefaultErrors() *DefaultErrors

func (*DefaultErrors) Get 

func (e *DefaultErrors) Get(id string) string

type InfoRequest 

type InfoRequest struct {
	Code       string
	AccessData *AccessData
}

Info request information

type Response 

type Response struct {
	Type               ResponseType
	StatusCode         int
	StatusText         string
	ErrorStatusCode    int
	URL                string
	Output             ResponseData
	Headers            http.Header
	IsError            bool
	InternalError      error
	RedirectInFragment bool
}

Server response

func NewDefaultResponse 

func NewDefaultResponse() *Response

Creates a new response NOTE: creating the response this way don't take in account server's ErrorStatusCode configuration - use Server.NewResponse() instead

func (*Response) GetRedirectUrl 

func (r *Response) GetRedirectUrl() (string, error)

Returns the redirect url with parameters

func (*Response) SetError 

func (r *Response) SetError(id string, description string)

Set error

func (*Response) SetErrorState 

func (r *Response) SetErrorState(id string, description string, state string)

Set error with state

func (*Response) SetErrorUri 

func (r *Response) SetErrorUri(id string, description string, uri string, state string)

Set error with uri

func (*Response) SetRedirect 

func (r *Response) SetRedirect(url string)

Set response to be redirect instead of data output

func (*Response) SetRedirectFragment 

func (r *Response) SetRedirectFragment(f bool)

If true, redirect values are passed in fragment instead of as query parameters

type ResponseData 

type ResponseData map[string]interface{}

Data for response output

type ResponseOutput 

type ResponseOutput interface {
	Output(*Response, http.ResponseWriter, *http.Request) error
}

Interface for response output

type ResponseOutputJSON 

type ResponseOutputJSON struct {
}

Output the response in JSON

func NewResponseOutputJSON 

func NewResponseOutputJSON() *ResponseOutputJSON

func (*ResponseOutputJSON) Output 

func (o *ResponseOutputJSON) Output(rs *Response, w http.ResponseWriter, r *http.Request) error

type ResponseType 

type ResponseType int

Response type enum 

const (
	DATA ResponseType = iota
	REDIRECT
)

type Server 

type Server struct {
	Config            *ServerConfig
	Storage           Storage
	AuthorizeTokenGen AuthorizeTokenGen
	AccessTokenGen    AccessTokenGen
}

OAuth2 server class

func NewServer 

func NewServer(config *ServerConfig, storage Storage) *Server

Creates a new server instance

func (*Server) FinishAccessRequest 

func (s *Server) FinishAccessRequest(w *Response, r *http.Request, ar *AccessRequest)

func (*Server) FinishAuthorizeRequest 

func (s *Server) FinishAuthorizeRequest(w *Response, r *http.Request, ar *AuthorizeRequest)

func (*Server) FinishInfoRequest 

func (s *Server) FinishInfoRequest(w *Response, r *http.Request, ir *InfoRequest)

func (*Server) HandleAccessRequest 

func (s *Server) HandleAccessRequest(w *Response, r *http.Request) *AccessRequest

Access token request

func (*Server) HandleAuthorizeRequest 

func (s *Server) HandleAuthorizeRequest(w *Response, r *http.Request) *AuthorizeRequest

Authorize request

func (*Server) HandleInfoRequest 

func (s *Server) HandleInfoRequest(w *Response, r *http.Request) *InfoRequest

Information request. NOT an RFC specification.

func (*Server) NewResponse 

func (s *Server) NewResponse() *Response

Creates a new response for the server

type ServerConfig 

type ServerConfig struct {
	// Authorization token expiration in seconds (default 5 minutes)
	AuthorizationExpiration int32

	// Access token expiration in seconds (default 1 hour)
	AccessExpiration int32

	// Token type to return
	TokenType string

	// List of allowed authorize types (only CODE by default)
	AllowedAuthorizeTypes AllowedAuthorizeType

	// List of allowed access types (only AUTHORIZATION_CODE by default)
	AllowedAccessTypes AllowedAccessType

	// HTTP status code to return for errors - default 200
	// Only used if response was created from server
	ErrorStatusCode int

	// If true allows client secret also in params, else only in
	// Authorization header - default false
	AllowClientSecretInParams bool

	// If true allows access request using GET, else only POST - default false
	AllowGetAccessRequest bool
}

Server configuration

func NewServerConfig 

func NewServerConfig() *ServerConfig

type Storage 

type Storage interface {
	// Load client.
	GetClient(id string) (*Client, error)

	// Save authorize data.
	SaveAuthorize(*AuthorizeData) error

	// Load authorize data. Client information MUST be loaded together.
	// Optionally can return error if expired.
	LoadAuthorize(code string) (*AuthorizeData, error)

	// Remove authorize data.
	RemoveAuthorize(code string) error

	// Save access data. If RefreshToken is not blank, must save in a way
	// that can be loaded using LoadRefresh.
	SaveAccess(*AccessData) error

	// Load access data. Client information MUST be loaded together.
	// AuthorizeData and AccessData DON'T NEED to be loaded if not easily available.
	// Optionally can return error if expired.
	LoadAccess(code string) (*AccessData, error)

	// Remove access data.
	RemoveAccess(code string) error

	// Load refresh access data. Client information MUST be loaded together.
	// AuthorizeData and AccessData DON'T NEED to be loaded if not easily available.
	// Optionally can return error if expired.
	LoadRefresh(code string) (*AccessData, error)

	// Remove refresh data.
	RemoveRefresh(code string) error
}

Storage interface

Source Files

View all Source files

Directories

Path Synopsis
complete
goauth2client
jwttoken
simple

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.