ftauth

package module
v0.0.0-...-a8587fa Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2021 License: Apache-2.0 Imports: 24 Imported by: 0

README

FTAuth Go SDK

Go SDK for the FTAuth server.

Install

go get -u github.com/ftauth/sdk-go

Docs

Documentation is available at https://ftauth.io.

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrNotAuthenticated = errors.New("the client is not authenticated")
	ErrNoRefreshToken   = errors.New("no refresh token")
	ErrInvalidKeyStore  = errors.New("invalid keystore")
)

Common errors.

View Source 
var (
	KeyAccessToken  = "access_token"
	KeyRefreshToken = "refresh_token"
)

Common keys.

View Source 
var (
	ErrUnsupportedClientType = errors.New("unsupported client type")
)

Authorizer errors.

View Source 
var NullLogger = &LoggerExt{nullLogger{}}

NullLogger is a Logger that discards all output.

View Source 
var StdLogger = &LoggerExt{stdLogger{}}

StdLogger is a Logger that prints all logs to stdout.

Functions

func NewMiddleware 

func NewMiddleware(config *Config) (*fthttp.Middleware, error)

NewMiddleware creates a middleware factory for FTAuth verification.

func TokenSource 

func TokenSource(token *oauth2.Token) oauth2.TokenSource

TokenSource provides a refreshing token source linked to the KeyStore which is compatible with the oauth2 library.

Types

type AuthorizationCodeResponse 

type AuthorizationCodeResponse struct {
	Code  string
	State string
	Error error
}

AuthorizationCodeResponse holds the query parameters returned from a successful Authorize call, as well as an error if any error occurred.

func (*AuthorizationCodeResponse) String 

func (authResp *AuthorizationCodeResponse) String() string

type Authorizer 

type Authorizer interface {
	// Authorize returns a URL through which the user must authenticate.
	// The client is responsible for listening to redirect steps and
	// capturing the query parameters for use with Exchange.
	Authorize() (string, error)

	// Exchange communicates with the FTAuth server, exchanging the
	// authorization code for an access + refresh token.
	Exchange(authResp *AuthorizationCodeResponse) (*http.Client, error)
}

Authorizer handles authorization with the server, invoking WebViews or HTTP requests as necessary on a platform basis.

type CertificateRepository 

type CertificateRepository struct {
	// contains filtered or unexported fields
}

CertificateRepository holds a map of hosts to certificate pools for use with TLS handshake verification (i.e. certificate pinning).

func GetCertificateRepository 

func GetCertificateRepository() *CertificateRepository

GetCertificateRepository returns the main certificate repo for adding/removing security configurations.

func (*CertificateRepository) AddSecurityConfiguration 

func (cr *CertificateRepository) AddSecurityConfiguration(sc *SecurityConfiguration)

AddSecurityConfiguration configures the TLS client for request to the specified host.

func (*CertificateRepository) GetDefaultConfiguration 

func (cr *CertificateRepository) GetDefaultConfiguration() *SecurityConfiguration

GetDefaultConfiguration returns the default security configuration, i.e. the configuration used when a server's configuration has not been explicitly set.

func (*CertificateRepository) GetSecurityConfiguration 

func (cr *CertificateRepository) GetSecurityConfiguration(host string) *SecurityConfiguration

GetSecurityConfiguration returns the stored configuration for the given host, returning nil if not found.

func (*CertificateRepository) RemoveSecurityConfiguration 

func (cr *CertificateRepository) RemoveSecurityConfiguration(host string)

RemoveSecurityConfiguration resets the security configuration for the host, using the default security configuration instead.

func (*CertificateRepository) SetDefaultConfiguration 

func (cr *CertificateRepository) SetDefaultConfiguration(sc *SecurityConfiguration)

SetDefaultConfiguration sets the default security configuration, i.e. the configuration used when a server's configuration has not been explicitly set.

type Client 

type Client struct {
	Config      *ClientConfig
	KeyStore    KeyStore
	OauthConfig *model.OAuthConfig
	*LoggerExt

	sync.RWMutex // protects httpClient
	// contains filtered or unexported fields
}

Client communicates with HTTP services on behalf of an authenticated user.

func NewClient 

func NewClient(config *Config) (*Client, error)

NewClient creates a new FTAuth client with the given options. Use DefaultOptions if unsure.

func (*Client) Configure 

func (c *Client) Configure(oauthConfig *model.OAuthConfig)

Configure initializes OAuth information for the FTAuth client. Depending on the provider, for example, it will change how we initialize it.

func (*Client) CurrentUser 

func (c *Client) CurrentUser() (*model.UserData, error)

CurrentUser returns the currently logged in user, if authenticated.

func (*Client) DefaultAuthorizer 

func (client *Client) DefaultAuthorizer(config *ClientConfig) (Authorizer, error)

DefaultAuthorizer creates an Oauth2 confidential grant client. Public clients should use their platform's implementation.

func (*Client) Initialize 

func (c *Client) Initialize() error

Initialize loads the client with cached values from the KeyStore.

func (*Client) IsAuthenticated 

func (c *Client) IsAuthenticated() bool

IsAuthenticated returns true if the user has an authenticated HTTP client.

func (*Client) Request 

func (c *Client) Request(request *Request) (*http.Response, error)

Request performs an HTTP request on behalf of the authenticated user, automatically refreshing credentials as needed.

func (*Client) SaveTokens 

func (c *Client) SaveTokens(accessTokenJWT, refreshTokenJWT string) error

SaveTokens validates and stores the tokens in the Keystore.

func (*Client) SetHTTPClient 

func (c *Client) SetHTTPClient(client *http.Client)

SetHTTPClient sets the HTTP client for internal use.

func (*Client) Token 

func (c *Client) Token() (*oauth2.Token, error)

Token implements TokenSource for the oauth2 package.

type ClientConfig 

type ClientConfig struct {
	GatewayURL   string           `json:"gateway_url"`
	ClientID     string           `json:"client_id"`
	ClientSecret string           `json:"client_secret"`
	ClientType   model.ClientType `json:"client_type"`
	RedirectURI  string           `json:"redirect_uri"`
	Scopes       []string         `json:"scopes"`
	Timeout      uint             `json:"timeout"`
	// contains filtered or unexported fields
}

ClientConfig holds configuration information for the FTAuth client.

func (*ClientConfig) Valid 

func (c *ClientConfig) Valid() error

Valid returns an error if there are missing or invalid fields, otherwise nil.

type Config 

type Config struct {
	KeyStore     KeyStore
	Logger       *LoggerExt
	ClientConfig *ClientConfig
}

Config holds options for configuring the client. Use DefaultOptions if unsure.

func (*Config) Valid 

func (config *Config) Valid() error

Valid returns nil if the config is valid.

type KeyStore 

type KeyStore interface {
	Save(key string, value []byte) error
	Get(key string) ([]byte, error)
	Delete(key string) error
	Clear() error
}

KeyStore exchanges private key data with a backend keychain. Implementations will vary by client, but all should be encrypted or reasonably protected against attacks.

type KeyStoreError 

type KeyStoreError struct {
	Code    KeyStoreErrorCode
	Details string
}

KeyStoreError represents an error in retrieving or saving keys to the keychain. It provides a common error type across many platform implementations.

func (*KeyStoreError) Error 

func (err *KeyStoreError) Error() string

type KeyStoreErrorCode 

type KeyStoreErrorCode int

KeyStoreErrorCode represents the different error types expected from a KeyStore implementation. 

const (
	KeyStoreErrorCodeUnknown KeyStoreErrorCode = iota // an unknown error occurred
	KeyStoreErrorCodeAccess                           // error accessing the keychain (e.g. i/o error)
	KeyStoreErrorCodeKey                              // an error accessing the key (i.e. not found)
)

KeyStoreErrorCodes

func (KeyStoreErrorCode) Description 

func (code KeyStoreErrorCode) Description() string

Description provides a human-readable description of the error code.

type Logger 

type Logger interface {
	Debug(log string)
	Info(log string)
	Warn(log string)
	Error(log string)
}

Logger allows printing logs in the mobile world.

type LoggerExt 

type LoggerExt struct {
	Logger
}

LoggerExt wraps the Logger interface to define extra Go-specific helper functions. These functions cannot be part of the main interface but are helpful on the Go side.

func (*LoggerExt) Debugf 

func (log *LoggerExt) Debugf(format string, a ...interface{})

Debugf formats according to fmt.Sprintf and calls log.Debug on the result.

func (*LoggerExt) Debugln 

func (log *LoggerExt) Debugln(a ...interface{})

Debugln formats according to fmt.Sprintln and calls log.Debug on the result.

func (*LoggerExt) Errorf 

func (log *LoggerExt) Errorf(format string, a ...interface{})

Errorf formats according to fmt.Sprintf and calls log.Error on the result.

func (*LoggerExt) Errorln 

func (log *LoggerExt) Errorln(a ...interface{})

Errorln formats according to fmt.Sprintln and calls log.Error on the result.

func (*LoggerExt) Infof 

func (log *LoggerExt) Infof(format string, a ...interface{})

Infof formats according to fmt.Sprintf and calls log.Info on the result.

func (*LoggerExt) Infoln 

func (log *LoggerExt) Infoln(a ...interface{})

Infoln formats according to fmt.Sprintln and calls log.Info on the result.

func (*LoggerExt) Warnf 

func (log *LoggerExt) Warnf(format string, a ...interface{})

Warnf formats according to fmt.Sprintf and calls log.Warn on the result.

func (*LoggerExt) Warnln 

func (log *LoggerExt) Warnln(a ...interface{})

Warnln formats according to fmt.Sprintln and calls log.Warn on the result.

type Request 

type Request struct {
	Method string
	URL    string
	Body   []byte
	Public bool
}

Request holds an HTTP request and metadata.

type SecurityConfiguration 

type SecurityConfiguration struct {
	Host           string // e.g. google.com
	TrustPublicPKI bool
	// contains filtered or unexported fields
}

SecurityConfiguration holds a host-specific configuration for the rules to use when verifying a TLS handshake.

func NewSecurityConfiguration 

func NewSecurityConfiguration(host string, trustPublicPKI bool) *SecurityConfiguration

NewSecurityConfiguration creates a new configuration object for the given host. Must call CertficateRepository.AddSecurityConfiguration() for it to take effect.

func (*SecurityConfiguration) AddIntermediateASN1 

func (sc *SecurityConfiguration) AddIntermediateASN1(asn1 []byte) error

AddIntermediateASN1 pins the intermediate certificate (in ASN1 DER format), adding it to the list of verified certificates for the host in this configuration.

func (*SecurityConfiguration) AddIntermediatePEM 

func (sc *SecurityConfiguration) AddIntermediatePEM(pem []byte) error

AddIntermediatePEM pins the intermediate certificate(s) (in PEM format), adding them to the list of verified certificates for the host in this configuration.

func (*SecurityConfiguration) ResetPinning 

func (sc *SecurityConfiguration) ResetPinning()

ResetPinning removes all intermediate certs and resets TrustSystemRoots to true.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.