auth

package
v0.0.0-...-838d5f2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2020 License: Apache-2.0 Imports: 13 Imported by: 4

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func HEARTScopesHandler

func HEARTScopesHandler(resourceName string) gin.HandlerFunc

HEARTScopesHandler middleware provides authorization checking aginst the scopes described in the Health Relationship Trust Profile for Fast Healthcare Interoperability Resources (FHIR) OAuth 2.0 Scopes http://openid.bitbucket.org/HEART/openid-heart-fhir-oauth2.html and the SMART App Authorization Guide http://docs.smarthealthit.org/authorization/

The assumption is that gin handlers run before this one will take care of handling the OAuth 2.0 token introspection or OpenID Connect authentication. This handler looks at the scopes provided in the gin.Context to see if they are appropriate for accessing the resource.

func OAuthIntrospectionHandler

func OAuthIntrospectionHandler(clientID, clientSecret, endpoint string) gin.HandlerFunc

OAuthIntrospectionHandler creates a gin.HandlerFunc that can be used to introspect OAuth 2.0 tokens provided in the request.

This middleware will abort any requests that do not have an Authorization header. It will also halt requests if the provided bearer token is inactive or expired.

If a valid token is provided, the gin.Context is augmented by setting the following variables: scopes will be a []string containing all scopes valid for the provided token. subject will be an identifier for the user who delegated the authority represented by the token. clientID will contain the identifier for the client issuing the request.

clientID is the identifier for the OAuth 2.0 client allowed to access the token introspection endpoint clientSecret is the secret for the registered client endpoint is the URL for the token introspection endpoint at the OAuth 2.0 authorization server.

This is for performing token introspection using a "plain" OAuth 2.0 client. For HEART profiled OAuth 2.0 see:

https://github.com/mitre/heart/blob/master/middleware.go

func OIDCAuthenticationHandler

func OIDCAuthenticationHandler(config oauth2.Config) gin.HandlerFunc

OIDCAuthenticationHandler is a middleware that will check for the presence of a session with a UserInfo value set. If it exists, it will assume that the has logged in at some point. It will then check the session for a token. If the token has not expired, it will set the UserInfo in a UserInfo value on the gin Context.

If there is no UserInfo value present in the session or if the OpenIDTokenResponse has expired, the user will be redirected to the provided redirectURI.

func RedirectHandler

func RedirectHandler(config oauth2.Config, successfulAuthRedirectURL, userInfoURL string) gin.HandlerFunc

RedirectHandler provides a gin.HandlerFunc to process the authentication response from an Open ID Provider.

Types

type Config

type Config struct {
	Method           Method
	ClientID         string
	ClientSecret     string
	AuthorizationURL string
	TokenURL         string
	IntrospectionURL string
	UserInfoURL      string
	JWKPath          string
	OPURL            string
	SessionSecret    string
}

Config represents configuration information necessary to set up authentication and authorization for the FHIR server

func HEART

func HEART(clientID, jwkPath, opURL, sessionSecret string) Config

HEART provides a server configuration that will act as a HEART profiled OpenID Connect relying party for authentication, and will perform HEART profiled OAuth 2.0 token introspection to the same server for authorization.

This configuration uses the HEART scopes for authorizing access to FHIR resources when using OAuth 2.0.

clientID is the registered ID at the OpenID Connect Provider (OP) jwkPath is the file location of the private key for this client in JWK format

it is expected that the corresponding public key has been registered at the
OP

opURL the location of the OIDC OP. Discovery will be used to locate all of the

other necessary endpoints.

sessionSecret The secret that will be used to encrypt the session when it is

stored in a user's cookie

func None

func None() Config

None provides a server config where no authorization or authentication will be provided

func OIDC

func OIDC(clientID, clientSecret, authorizationURL, tokenURL, userInfoURL, introspectionURL, sessionSecret string) Config

OIDC provides a server configuration that will act as an OpenID Connect relying party for authentication, and will perform OAuth 2.0 token introspection to the same server for authorization.

This configuration still uses the HEART scopes for authorizing access to FHIR resources when using OAuth 2.0.

clientID is the registered ID at the OpenID Connect Provider (OP) clientSecret is the secret for the client (usually generated by the OP) authorizationURL Where to redirect users for authorization tokenURL Where to obtain OAuth 2.0 tokens userInfoURL The location of the OpenID Connect UserInfo endpoint sessionSecret The secret that will be used to encrypt the session when it is

stored in a user's cookie

type Method

type Method int

What type of authentication and authorization will be used

const (
	// No authentication or authorization
	AuthTypeNone Method = iota
	// "Plain" OpenID Connect and OAuth 2.0
	AuthTypeOIDC
	// HEART profiled OpenID Connect and OAuth 2.0
	AuthTypeHEART
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL