Versions in this module Expand all Collapse all v1 v1.0.9 Jun 2, 2026 Changes in this version + const CollectionPrefix + const EntityAccessTokens + const EntityAuthorizationCodes + const EntityClients + const EntityJtiDenylist + const EntityOpenIDSessions + const EntityPKCESessions + const EntityRefreshTokens + const EntityUsers + var ErrResourceExists = errors.New("resource conflict") + func SignatureFromJTI(jti string) string + type AccessTokenStorage interface + CreateAccessTokenSession func(ctx context.Context, signature string, request fosite.Requester) (err error) + DeleteAccessTokenSession func(ctx context.Context, signature string) (err error) + GetAccessTokenSession func(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) + type AuthClientFunc func(ctx context.Context) (Client, bool) + type AuthClientMigrator interface + AuthenticateMigration func(ctx context.Context, currentAuth AuthClientFunc, clientID string, ...) (Client, error) + Migrate func(ctx context.Context, migratedClient Client) (Client, error) + type AuthUserFunc func(ctx context.Context) (User, bool) + type AuthUserMigrator interface + AuthenticateMigration func(ctx context.Context, currentAuth AuthUserFunc, userID string, password string) (User, error) + Migrate func(ctx context.Context, migratedUser User) (User, error) + type Client struct + AllowedAudiences []string + AllowedRegions []string + AllowedTenantAccess []string + ClientURI string + Contacts []string + CreateTime int64 + Disabled bool + GrantTypes []string + ID string + LogoURI string + Name string + Owner string + PolicyURI string + Provider string + Public bool + Published bool + RedirectURIs []string + ResponseTypes []string + Scopes []string + Secret string + TermsOfServiceURI string + UpdateTime int64 + func (c *Client) DisableScopeAccess(scopes ...string) + func (c *Client) DisableTenantAccess(tenantIDs ...string) + func (c *Client) EnableScopeAccess(scopes ...string) + func (c *Client) EnableTenantAccess(tenantIDs ...string) + func (c *Client) GetAudience() fosite.Arguments + func (c *Client) GetGrantTypes() fosite.Arguments + func (c *Client) GetHashedSecret() []byte + func (c *Client) GetID() string + func (c *Client) GetOwner() string + func (c *Client) GetRedirectURIs() []string + func (c *Client) GetResponseTypes() fosite.Arguments + func (c *Client) GetScopes() fosite.Arguments + func (c *Client) IsDisabled() bool + func (c *Client) IsPublic() bool + func (c Client) Equal(x Client) bool + func (c Client) IsEmpty() bool + type ClientManager interface + type ClientStore interface + Authenticate func(ctx context.Context, clientID string, secret string) (Client, error) + ClientAssertionJWTValid func(_ context.Context, jti string) error + Create func(ctx context.Context, client Client) (Client, error) + Delete func(ctx context.Context, clientID string) error + Get func(ctx context.Context, clientID string) (Client, error) + GrantScopes func(ctx context.Context, clientID string, scopes []string) (Client, error) + IsJWTUsed func(ctx context.Context, jti string) (bool, error) + List func(ctx context.Context, filter ListClientsRequest) ([]Client, error) + MarkJWTUsedForTime func(ctx context.Context, jti string, exp time.Time) error + RemoveScopes func(ctx context.Context, clientID string, scopes []string) (Client, error) + SetClientAssertionJWT func(_ context.Context, jti string, exp time.Time) error + Update func(ctx context.Context, clientID string, client Client) (Client, error) + type Configure interface + Configure func(ctx context.Context) error + type DeniedJTI struct + Expiry int64 + JTI string + Signature string + func NewDeniedJTI(jti string, exp time.Time) DeniedJTI + type DeniedJTIManager interface + type DeniedJTIStore interface + Create func(ctx context.Context, deniedJti DeniedJTI) (DeniedJTI, error) + Delete func(ctx context.Context, jti string) error + DeleteBefore func(ctx context.Context, expBefore int64) error + Get func(ctx context.Context, jti string) (DeniedJTI, error) + type Expire interface + ConfigureExpiryWithTTL func(ctx context.Context, ttl int) error + type ListClientsRequest struct + AllowedRegion string + AllowedTenantAccess string + Contact string + Disabled bool + GrantType string + Public bool + Published bool + RedirectURI string + ResponseType string + ScopesIntersection []string + ScopesUnion []string + type ListRequestsRequest struct + ClientID string + GrantedScopesIntersection []string + GrantedScopesUnion []string + ScopesIntersection []string + ScopesUnion []string + UserID string + type ListUsersRequest struct + AllowedPersonAccess string + AllowedTenantAccess string + Disabled bool + FirstName string + LastName string + PersonID string + ScopesIntersection []string + ScopesUnion []string + Username string + type RefreshTokenStorage interface + CreateRefreshTokenSession func(ctx context.Context, signature string, accessSignature string, ...) (err error) + DeleteRefreshTokenSession func(ctx context.Context, signature string) (err error) + GetRefreshTokenSession func(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) + RotateRefreshToken func(ctx context.Context, requestID string, refreshTokenSignature string) (err error) + type Request struct + Active bool + ClientID string + CreateTime int64 + Form url.Values + GrantedAudience fosite.Arguments + GrantedScope fosite.Arguments + ID string + RequestedAt time.Time + RequestedAudience fosite.Arguments + RequestedScope fosite.Arguments + Session []byte + Signature string + UpdateTime int64 + UserID string + func NewRequest() Request + func (r *Request) ToRequest(ctx context.Context, session fosite.Session, cm ClientStore) (*fosite.Request, error) + type RequestManager interface + type RequestStore interface + Authenticate func(ctx context.Context, username string, secret string) (subject string, err error) + Create func(ctx context.Context, entityName string, request Request) (Request, error) + Delete func(ctx context.Context, entityName string, requestID string) error + DeleteBySignature func(ctx context.Context, entityName string, signature string) error + Get func(ctx context.Context, entityName string, requestID string) (Request, error) + GetPublicKey func(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error) + GetPublicKeyScopes func(ctx context.Context, issuer string, subject string, keyId string) ([]string, error) + GetPublicKeys func(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error) + List func(ctx context.Context, entityName string, filter ListRequestsRequest) ([]Request, error) + RevokeAccessToken func(ctx context.Context, requestID string) error + RevokeRefreshToken func(ctx context.Context, requestID string) error + RevokeRefreshTokenMaybeGracePeriod func(ctx context.Context, requestID string, signature string) error + Update func(ctx context.Context, entityName string, requestID string, request Request) (Request, error) + type Store struct + func (s *Store) Authenticate(ctx context.Context, username string, secret string) (subject string, err error) + type User struct + AllowedPersonAccess []string + AllowedTenantAccess []string + CreateTime int64 + Disabled bool + FirstName string + ID string + LastName string + Password string + PersonID string + ProfileURI string + Roles []string + Scopes []string + UpdateTime int64 + Username string + func (u *User) Authenticate(cleartext string, hasher fosite.Hasher) error + func (u *User) DisablePeopleAccess(personIDs ...string) + func (u *User) DisableRoles(roles ...string) + func (u *User) DisableScopeAccess(scopes ...string) + func (u *User) DisableTenantAccess(tenantIDs ...string) + func (u *User) EnablePeopleAccess(personIDs ...string) + func (u *User) EnableRoles(roles ...string) + func (u *User) EnableScopeAccess(scopes ...string) + func (u *User) EnableTenantAccess(tenantIDs ...string) + func (u *User) Equal(x User) bool + func (u *User) FullName() string + func (u *User) GetHashedSecret() []byte + func (u *User) GetID() string + func (u *User) IsEmpty() bool + func (u *User) SetPassword(cleartext string, hasher fosite.Hasher) (err error) + type UserManager interface + type UserStorer interface + Authenticate func(ctx context.Context, username string, password string) (User, error) + AuthenticateByID func(ctx context.Context, userID string, password string) (User, error) + AuthenticateByUsername func(ctx context.Context, username string, password string) (User, error) + Create func(ctx context.Context, user User) (User, error) + Delete func(ctx context.Context, userID string) error + Get func(ctx context.Context, userID string) (User, error) + GetByUsername func(ctx context.Context, username string) (User, error) + GrantScopes func(ctx context.Context, userID string, scopes []string) (User, error) + List func(ctx context.Context, filter ListUsersRequest) ([]User, error) + RemoveScopes func(ctx context.Context, userID string, scopes []string) (User, error) + Update func(ctx context.Context, userID string, user User) (User, error) + type UsersByFirstName []User + func (u UsersByFirstName) Len() int + func (u UsersByFirstName) Less(i, j int) bool + func (u UsersByFirstName) Swap(i, j int) + type UsersByLastName []User + func (u UsersByLastName) Len() int + func (u UsersByLastName) Less(i, j int) bool + func (u UsersByLastName) Swap(i, j int) + type UsersByUsername []User + func (u UsersByUsername) Len() int + func (u UsersByUsername) Less(i, j int) bool + func (u UsersByUsername) Swap(i, j int)