oauthservice

package
Version: v0.0.0-...-d3d53d6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 23, 2016 License: BSD-3-Clause Imports: 17 Imported by: 0

Documentation

Index

Constants

View Source
const (
	//AuthorizationGrantCodeType is the requested response_type for an 'authorization code' oauth2 flow
	AuthorizationGrantCodeType = "code"
	//ClientCredentialsGrantCodeType is the requested grant_type for a 'client credentials' oauth2 flow
	ClientCredentialsGrantCodeType = "client_credentials"
)

Variables

View Source
var AccessTokenExpiration = time.Second * 3600 * 24 //Tokens expire after 1 day

AccessTokenExpiration is the time in seconds an access token expires

Functions

func InitModels

func InitModels()

InitModels initialize models in mongo, if required.

Types

type AccessToken

type AccessToken struct {
	AccessToken string
	Type        string
	Username    string
	GlobalID    string //The organization that granted the token (in case of a client credentials flow)
	Scope       string
	ClientID    string //The client_id of the organization that was granted the token
	CreatedAt   time.Time
}

AccessToken is an oauth2 accesstoken together with the access information it stands for

func (*AccessToken) ExpirationTime

func (at *AccessToken) ExpirationTime() time.Time

ExpirationTime return the time at which this token expires

func (*AccessToken) IsExpired

func (at *AccessToken) IsExpired() bool

IsExpired is a convenience method for IsExpired(time.Now())

func (*AccessToken) IsExpiredAt

func (at *AccessToken) IsExpiredAt(testtime time.Time) bool

IsExpiredAt checks if the token is expired at a specific time

type ClientManager

type ClientManager interface {
	//AllByClientID retrieves all clients with a given ID
	AllByClientID(clientID string) ([]*Oauth2Client, error)
}

ClientManager defines a client persistence interface

type IdentityService

type IdentityService interface {
	//FilterAuthorizedScopes filters the requested scopes to the ones that are authorizated, if no authorization exists, authorizedScops is nil
	FilterAuthorizedScopes(r *http.Request, username string, grantedTo string, requestedscopes []string) (authorizedScopes []string, err error)
	//FilterPossibleScopes filters the requestedScopes to the relevant ones that are possible
	// For example, a `user:memberof:orgid1` is not possible if the user is not a member the `orgid1` organization and there is no outstanding invite for this organization
	// If allowInvitations is true, invitations to organizations allows the "user:memberof:organization" as possible scopes
	FilterPossibleScopes(r *http.Request, username string, requestedScopes []string, allowInvitations bool) (possibleScopes []string, err error)
}

IdentityService provides some basic knowledge about authorizations required for the oauthservice

type Manager

type Manager struct {
	// contains filtered or unexported fields
}

Manager is used to store

func NewManager

func NewManager(r *http.Request) *Manager

NewManager creates and initializes a new Manager

func (*Manager) AllByClientID

func (m *Manager) AllByClientID(clientID string) (clients []*Oauth2Client, err error)

AllByClientID retrieves all clients with a given ID

func (*Manager) CreateClient

func (m *Manager) CreateClient(client *Oauth2Client) (err error)

CreateClient saves an Oauth2 client

func (*Manager) DeleteAllForOrganization

func (m *Manager) DeleteAllForOrganization(clientID string) (err error)

DeleteAllForOrganization removes al client secrets for the organization

func (*Manager) DeleteClient

func (m *Manager) DeleteClient(clientID, label string) (err error)

DeleteClient removes a client secret by it's clientID and label

func (*Manager) Get

func (m *Manager) Get(authorizationcode string) (*authorizationRequest, error)

Get an authorizationRequest by it's authorizationcode.

func (*Manager) GetAccessToken

func (m *Manager) GetAccessToken(token string) (at *AccessToken, err error)

GetAccessToken gets an access token by it's actual token string If the token is not found or is expired, nil is returned

func (*Manager) GetClient

func (m *Manager) GetClient(clientID, label string) (client *Oauth2Client, err error)

GetClient retrieves a client given a clientid and a label

func (*Manager) GetClientLabels

func (m *Manager) GetClientLabels(clientID string) (labels []string, err error)

GetClientLabels returns a list of labels for which there are apikeys registered for a specific client

func (*Manager) RemoveClientsById

func (m *Manager) RemoveClientsById(clientid string) error

RemoveClientsById removes oauth clients by client id

func (*Manager) RemoveTokensByGlobalId

func (m *Manager) RemoveTokensByGlobalId(globalid string) error

RemoveTokensByGlobalId removes oauth tokens by global id

func (*Manager) UpdateClient

func (m *Manager) UpdateClient(clientID, oldLabel, newLabel string, callbackURL string, clientcredentialsGrantType bool) (err error)

UpdateClient updates the label, callbackurl and clientCredentialsGrantType properties of a client

type Oauth2Client

type Oauth2Client struct {
	ClientID                   string
	Label                      string //Label is a just a tag to identity the secret for this ClientID
	Secret                     string
	CallbackURL                string
	ClientCredentialsGrantType bool //ClientCredentialsGrantType indicates if this client can be used in an oauth2 client credentials grant flow
}

Oauth2Client is an oauth2 client

func NewOauth2Client

func NewOauth2Client(clientID, label, callbackURL string, clientCredentialsGrantType bool) *Oauth2Client

NewOauth2Client creates a new NewOauth2Client with a random secret

type Service

type Service struct {
	// contains filtered or unexported fields
}

Service is the oauthserver http service

func NewService

func NewService(sessionService SessionService, identityService IdentityService, ecdsaKey *ecdsa.PrivateKey) (service *Service, err error)

NewService creates and initializes a Service

func (*Service) AccessTokenHandler

func (service *Service) AccessTokenHandler(w http.ResponseWriter, r *http.Request)

AccessTokenHandler is the handler of the /v1/oauth/access_token endpoint

func (*Service) AddRoutes

func (service *Service) AddRoutes(router *mux.Router)

AddRoutes adds the routes and handlerfunctions to the router

func (*Service) AuthorizeHandler

func (service *Service) AuthorizeHandler(w http.ResponseWriter, request *http.Request)

AuthorizeHandler is the handler of the /v1/oauth/authorize endpoint

func (*Service) GetWebuser

func (service *Service) GetWebuser(r *http.Request, w http.ResponseWriter) (username string, err error)

GetWebuser returns the authenticated user if any or an empty string if not

func (*Service) JWTHandler

func (service *Service) JWTHandler(w http.ResponseWriter, r *http.Request)

JWTHandler returns a JWT with claims that are a subset of the scopes available to the authorizing token

type SessionService

type SessionService interface {
	//GetLoggedInUser returns an authenticated user, or an empty string if there is none
	GetLoggedInUser(request *http.Request, w http.ResponseWriter) (username string, err error)
	//SetAPIAccessToken sets the api access token for this session
	SetAPIAccessToken(w http.ResponseWriter, token string) (err error)
}

SessionService declares a context where you can have a logged in user

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL