Documentation
¶
Index ¶
- func AcquireToken(issuerUrl string, entry *config.PrefixEntry, osdfPath string, isWrite bool) (*config.TokenEntry, error)
- func ContextClient(ctx context.Context) *http.Client
- func RetrieveToken(ctx context.Context, clientID, clientSecret, tokenURL string, v url.Values) (*oauth2_upstream.Token, error)
- type Config
- type ContextKey
- type DCRPConfig
- type DeviceAuth
- type Endpoint
- type Metadata
- type OauthIssuer
- type RegistrationError
- type Response
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AcquireToken ¶
func AcquireToken(issuerUrl string, entry *config.PrefixEntry, osdfPath string, isWrite bool) (*config.TokenEntry, error)
func RetrieveToken ¶
Types ¶
type Config ¶
type Config struct {
// ClientID is the application's ID.
ClientID string
// ClientSecret is the application's secret.
ClientSecret string
// Endpoint contains the resource server's token endpoint
// URLs. These are constants specific to each server and are
// often available via site-specific packages, such as
// google.Endpoint or github.Endpoint.
Endpoint Endpoint
// Scope specifies optional requested permissions.
Scopes []string
}
func (*Config) AuthDevice ¶
func (c *Config) AuthDevice(ctx context.Context) (*DeviceAuth, error)
AuthDevice returns a device auth struct which contains a device code and authorization information provided for users to enter on another device.
func (*Config) Poll ¶
func (c *Config) Poll(ctx context.Context, da *DeviceAuth) (*oauth2_upstream.Token, error)
Poll does a polling to exchange an device code for a token.
type DCRPConfig ¶
type DCRPConfig struct {
// InitialAccessToken specifies access token used to get access to get access to
// client registration endpoint URL. The method by which the initial access token
// is obtained by the client or developer is generally out of band
InitialAccessToken string
// ClientRegistrationEndpointURL specifies authorization server's client registration endpoint URL
// This is a constant specific to each server.
ClientRegistrationEndpointURL string
// Metadata specifies client metadata to be used for client registration
Metadata
}
Config describes Dynamic Client Registration configuration
func (*DCRPConfig) Register ¶
func (c *DCRPConfig) Register() (*Response, error)
Register performs Dynamic Client Registration dy doing round trip to authorization server
type DeviceAuth ¶
type DeviceAuth struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
VerificationURIComplete string `json:"verification_uri_complete,omitempty"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval,omitempty"`
// contains filtered or unexported fields
}
type Metadata ¶
type Metadata struct {
// RedirectURIs specifies redirection URI strings for use in
// redirect-based flows such as the "authorization code" and "implicit".
RedirectURIs []string `json:"redirect_uris,omitempty"`
// TokenEndpointAuthMethod specifies indicator of the requested authentication
// method for the token endpoint
// Possible values are:
// "none": The client is a public client and does not have a client secret.
// "client_secret_post": The client uses the HTTP POST parameters
// "client_secret_basic": The client uses HTTP Basic
// Additional values can be defined or absolute URIs can also be used
// as values for this parameter without being registered.
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`
// GrantTypes specifies grant type strings that the client can use at the token endpoint
// Possible values are:
// "authorization_code": The authorization code grant type
// "implicit": The implicit grant type
// "password": The resource owner password credentials grant type
// "client_credentials": The client credentials grant type
// "refresh_token": The refresh token grant type
// "urn:ietf:params:oauth:grant-type:jwt-bearer": The JWT Bearer Token Grant Type
// "urn:ietf:params:oauth:grant-type:saml2-bearer": The SAML 2.0 Bearer Assertion Grant
GrantTypes []string `json:"grant_types,omitempty"`
// ResponseTypes specifies response type strings that the client can
// use at the authorization endpoint.
// Possible values are:
// "code": The "authorization code" response
// "token": The "implicit" response
ResponseTypes []string `json:"response_types,omitempty"`
// ClientName specifies Human-readable string name of the client
// to be presented to the end-user during authorization
ClientName string `json:"client_name,omitempty"`
// ClientURI specifies URL of a web page providing information about the client.
ClientURI string `json:"client_uri,omitempty"`
// LogoURI specifies URL of a logo of the client
LogoURI string `json:"logo_uri,omitempty"`
// Scopes specifies scope values that the client can use when requesting access tokens.
Scopes []string `json:"-"`
// Scope specifies wire-level scopes representation
Scope string `json:"scope,omitempty"`
// Contacts specifies ways to contact people responsible for this client,
// typically email addresses.
Contacts []string `json:"contacts,omitempty"`
// TermsOfServiceURI specifies URL of a human-readable terms of service
// document for the client
TermsOfServiceURI string `json:"tos_uri,omitempty"`
// PolicyURI specifies URL of a human-readable privacy policy document
PolicyURI string `json:"policy_uri,omitempty"`
// JWKSURI specifies URL referencing the client's JWK Set [RFC7517] document,
// which contains the client's public keys.
JWKSURI string `json:"jwks_uri,omitempty"`
// JWKS specifies the client's JWK Set [RFC7517] document, which contains
// the client's public keys. The value of this field MUST be a JSON
// containing a valid JWK Set.
JWKS string `json:"jwks,omitempty"`
// SoftwareID specifies UUID assigned by the client developer or software publisher
// used by registration endpoints to identify the client software.
SoftwareID string `json:"software_id,omitempty"`
// SoftwareVersion specifies version of the client software
SoftwareVersion string `json:"software_version,omitempty"`
// SoftwareStatement specifies client metadata values about the client software
// as claims. This is a string value containing the entire signed JWT.
SoftwareStatement string `json:"software_statement,omitempty"`
// Optional specifies optional fields
Optional map[string]string `json:"-"`
}
Metadata describes client metadata. Registered clients have a set of metadata values associated with their client identifier at an authorization server. The implementation and use of all client metadata fields is OPTIONAL
type OauthIssuer ¶
type OauthIssuer struct {
Issuer string `json:"issuer"`
AuthURL string `json:"authorization_endpoint"`
DeviceAuthURL string `json:"device_authorization_endpoint"`
TokenURL string `json:"token_endpoint"`
RegistrationURL string `json:"registration_endpoint"`
GrantTypes []string `json:"grant_types_supported"`
}
func GetIssuerMetadata ¶
func GetIssuerMetadata(issuer_url string) (*OauthIssuer, error)
type RegistrationError ¶
RegistrationError describes errors returned by auth server during client registration process
func (*RegistrationError) Error ¶
func (r *RegistrationError) Error() string
type Response ¶
type Response struct {
// ClientID specifies client identifier string. REQUIRED
ClientID string `json:"client_id"`
// ClientSecret specifies client secret string. OPTIONAL
ClientSecret string `json:"client_secret"`
// ClientIDIssuedAt specifies time at which the client identifier was issued. OPTIONAL
ClientIDIssuedAt time.Time `json:"client_id_issued_at"`
// ClientSecretExpiresAt specifies time at which the client secret will expire
// or 0 if it will not expire. REQUIRED if "client_secret" is issued.
ClientSecretExpiresAt time.Time `json:"client_secret_expires_at"`
// Additionally, the authorization server MUST return all registered metadata about this client
Metadata `json:",inline"`
}
Response describes Client Information Response as specified in Section 3.2.1 of RFC 7591
func (Response) MarshalJSON ¶
MarshalJSON prepares Response for wire JSON representation
func (*Response) UnmarshalJSON ¶
MarshalJSON prepares Response from wire JSON representation
Source Files
Click to show internal directories.
Click to hide internal directories.