Documentation
¶
Index ¶
- Constants
- func MustCreateBasicCookieHandler(insecure bool) *sessions.CookieStore
- type Client
- func (c *Client) ExchangeBearerTokenForClientToken(bearerLine string) (*OAuthGrant, error)
- func (c *Client) FetchAccessToken(postData url.Values) (*OAuthGrant, error)
- func (c *Client) GetAuthorizeEndpoint() string
- func (c *Client) GetTokenEndpoint() string
- func (c *Client) ValidateAccessToken(at, expectedClientID string) (jwt.MapClaims, error)
- type LoggedInUser
- type LoginHandler
- type OAuthGrant
Constants ¶
const ( // We set this value in a context for wrapped requests KeyLoggedInUser ctxKey = iota )
Variables ¶
This section is empty.
Functions ¶
func MustCreateBasicCookieHandler ¶ added in v0.0.3
func MustCreateBasicCookieHandler(insecure bool) *sessions.CookieStore
Create cookie handler, panic upon failure
Types ¶
type Client ¶
type Client struct {
// URL is the URL to UAA, e.g. https://uaa.system.example.com.
URL string
// Used for authorize redirects, and issuer validation
ExternalURL string
ClientID string
ClientSecret string
// If specified, used in instead of system CAs
CACerts []string
// contains filtered or unexported fields
}
Client will validate access tokens against a UAA instance, caching keys as required.
func NewClientFromAPIURL ¶
NewClientFromAPIURL looks up, via the apiEndpoint, the correct UAA address and returns a client.
func (*Client) ExchangeBearerTokenForClientToken ¶
func (c *Client) ExchangeBearerTokenForClientToken(bearerLine string) (*OAuthGrant, error)
ExchangeBearerTokenForClientToken takes a bearer token (such as that returned by CF), and exchanges via the API auth flow, for an OAuthGrant for the specified clientID. The clientSecret here is really not a secret.
func (*Client) FetchAccessToken ¶
func (c *Client) FetchAccessToken(postData url.Values) (*OAuthGrant, error)
FetchAccessToken sends data to endpoint to fetch a token and returns a grant object.
func (*Client) GetAuthorizeEndpoint ¶
func (*Client) GetTokenEndpoint ¶
type LoggedInUser ¶ added in v0.0.3
type LoggedInUser struct {
// Will be valid for at least 5 minutes
AccessToken string
// Email address for user as reported by CloudFoundry
EmailAddress string
// Access token will expire around TTL
TTL time.Time
}
This value is set for handlers to be able to use
type LoginHandler ¶ added in v0.0.3
type LoginHandler struct {
// Non-persistent store
Cookies *sessions.CookieStore
// UAA validator
UAA *Client
// Scopes to request
Scopes []string
// BaseURL of ourselves for redirect URIs
BaseURL string
// ExternalURL for UAA
ExternalUAAURL string
// Written if access is denied
DeniedContent []byte
// If this returns true, then this request will be passed through with no further processing
ShouldIgnore func(*http.Request) bool
// If this returns true, then this request will look for an Authorization header instead of cookies
AcceptAPIHeader func(*http.Request) bool
// If set, will log debug info
Logger *log.Logger
// AllowedUsers if not empty, then user is 403ed unless they are in this list
AllowedUsers []string
}
http.Hander which is middleware that ensure a user is logged in, and will pass a LoggedInUser to wrapped HTTP requests
type OAuthGrant ¶
type OAuthGrant struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
Scope string `json:"scope"`
RefreshToken string `json:"refresh_token"`
JTI string `json:"jti"`
}
OAuthGrant used to parse JSON for an access token from UAA server.
Source Files