Documentation
¶
Index ¶
- Variables
- func IssueToken(serv *server.Server, request *request.TokenRequest, issuer string) (*response.TokenResponse, error)
- func MarshalTokenResponse(accessToken string, expiration uint32) (*response.TokenResponse, error)
- func NewClaims(iss string, aud string, exp uint64) jwt.RegisteredClaims
- func NewClaimsWithSubject(iss string, aud string, sub string, exp uint64) jwt.RegisteredClaims
- func ValidateTokenRequest(request *tokenModel.TokenRequest) error
Constants ¶
This section is empty.
Variables ¶
var ErrFailedToSignToken = credstackError.NewError(500, "ERR_FAILED_TO_SIGN", "token: Failed to sign token due to an internal error")
ErrFailedToSignToken - An error that gets wrapped when jwt.Token.SignedString returns an error
var ErrInvalidClientCredentials = credstackError.NewError(401, "ERR_INVALID_CLIENT_CREDENTIALS", "token: Unable to issue token. Invalid client credentials were supplied")
ErrInvalidClientCredentials - An error that gets returned when the client credentials sent in a token request do not match what was received from the database (during client credentials flow)
var ErrInvalidTokenRequest = credstackError.NewError(400, "ERR_INVALID_TOKEN_REQ", "token: Failed to issue token. One or more parts of the token request is missing")
ErrInvalidTokenRequest - An error that gets returned if one or more elements of the token request are missing
var ErrMarshalTokenResponse = credstackError.NewError(400, "ERR_MARSHAL_TOKEN_RESPONSE", "token: Failed to marshal token into token response")
ErrMarshalTokenResponse - An error that gets returned
var ErrVisibilityIssue = credstackError.NewError(400, "ERR_VISIBILITY_ERROR", "token: Failed to issue token for application. Public clients cannot use client credentials flow")
ErrVisibilityIssue - An error that gets returned when the caller tries to issue a token for a public application
Functions ¶
func IssueToken ¶
func IssueToken(serv *server.Server, request *request.TokenRequest, issuer string) (*response.TokenResponse, error)
IssueToken - A universal function for issuing tokens under any grant type for any audience. This should be used as the token generating function for implementing OAuth authentication flows. Depending on the authentication flow that is being used here, some parts of the request.TokenRequest structure that gets passed is mandatory and an ErrInvalidTokenRequest error will be returned if one is missing.
Additionally, the client_id that is used in the token request is validated to ensure that it is allowed to issue tokens on behalf of the requested audience. If the client_id is no authorized, then ErrInvalidAudience is passed. Finally, the application is also validated to ensure that it can issue tokens under the specified OAuth grant type.
TODO: Update this function to allow specifying expiration date
func MarshalTokenResponse ¶
func MarshalTokenResponse(accessToken string, expiration uint32) (*response.TokenResponse, error)
MarshalTokenResponse - Converts jwt.Token structures into response.TokenResponse structures so that they can be returned effectively
TODO: Need support for id tokens and refresh tokens here TODO: Expires in is not rendering properly, showing expiration instead of token lifetime TODO: This function feels kind of clunky...
func NewClaims ¶
func NewClaims(iss string, aud string, exp uint64) jwt.RegisteredClaims
NewClaims - Creates a new claims structure with required claims applied to it. All tokens get the following claims applied to it: iss, aud, kid, iat, nbf, and exp. No custom expiration dates are supported for now, and all tokens will expires 1 day after they are issued
func NewClaimsWithSubject ¶
NewClaimsWithSubject - Provides a simple wrapper around NewClaims and inserts the subject string into the structure. This should be either a user ID or an application ID depending on the flow that was used
func ValidateTokenRequest ¶
func ValidateTokenRequest(request *tokenModel.TokenRequest) error
ValidateTokenRequest - Initiates token request validation to ensure that tokens can be issued according to the request that was received.
Types ¶
This section is empty.
Source Files