Documentation ¶
Index ¶
- Constants
- Variables
- func InitModels()
- type AccessToken
- type ClientManager
- type IdentityService
- type Manager
- func (m *Manager) AllByClientID(clientID string) (clients []*Oauth2Client, err error)
- func (m *Manager) CreateClient(client *Oauth2Client) (err error)
- func (m *Manager) DeleteAllForOrganization(clientID string) (err error)
- func (m *Manager) DeleteClient(clientID, label string) (err error)
- func (m *Manager) Get(authorizationcode string) (*authorizationRequest, error)
- func (m *Manager) GetAccessToken(token string) (at *AccessToken, err error)
- func (m *Manager) GetClient(clientID, label string) (client *Oauth2Client, err error)
- func (m *Manager) GetClientLabels(clientID string) (labels []string, err error)
- func (m *Manager) RemoveClientsById(clientid string) error
- func (m *Manager) RemoveTokensByGlobalId(globalid string) error
- func (m *Manager) UpdateClient(clientID, oldLabel, newLabel string, callbackURL string, ...) (err error)
- type Oauth2Client
- type Service
- func (service *Service) AccessTokenHandler(w http.ResponseWriter, r *http.Request)
- func (service *Service) AddRoutes(router *mux.Router)
- func (service *Service) AuthorizeHandler(w http.ResponseWriter, request *http.Request)
- func (service *Service) GetWebuser(r *http.Request, w http.ResponseWriter) (username string, err error)
- func (service *Service) JWTHandler(w http.ResponseWriter, r *http.Request)
- type SessionService
Constants ¶
const ( //AuthorizationGrantCodeType is the requested response_type for an 'authorization code' oauth2 flow AuthorizationGrantCodeType = "code" //ClientCredentialsGrantCodeType is the requested grant_type for a 'client credentials' oauth2 flow ClientCredentialsGrantCodeType = "client_credentials" )
Variables ¶
var AccessTokenExpiration = time.Second * 3600 * 24 //Tokens expire after 1 day
AccessTokenExpiration is the time in seconds an access token expires
Functions ¶
Types ¶
type AccessToken ¶
type AccessToken struct { AccessToken string Type string Username string GlobalID string //The organization that granted the token (in case of a client credentials flow) Scope string ClientID string //The client_id of the organization that was granted the token CreatedAt time.Time }
AccessToken is an oauth2 accesstoken together with the access information it stands for
func (*AccessToken) ExpirationTime ¶
func (at *AccessToken) ExpirationTime() time.Time
ExpirationTime return the time at which this token expires
func (*AccessToken) IsExpired ¶
func (at *AccessToken) IsExpired() bool
IsExpired is a convenience method for IsExpired(time.Now())
func (*AccessToken) IsExpiredAt ¶
func (at *AccessToken) IsExpiredAt(testtime time.Time) bool
IsExpiredAt checks if the token is expired at a specific time
type ClientManager ¶
type ClientManager interface { //AllByClientID retrieves all clients with a given ID AllByClientID(clientID string) ([]*Oauth2Client, error) }
ClientManager defines a client persistence interface
type IdentityService ¶
type IdentityService interface { //FilterAuthorizedScopes filters the requested scopes to the ones that are authorizated, if no authorization exists, authorizedScops is nil FilterAuthorizedScopes(r *http.Request, username string, grantedTo string, requestedscopes []string) (authorizedScopes []string, err error) //FilterPossibleScopes filters the requestedScopes to the relevant ones that are possible // For example, a `user:memberof:orgid1` is not possible if the user is not a member the `orgid1` organization and there is no outstanding invite for this organization // If allowInvitations is true, invitations to organizations allows the "user:memberof:organization" as possible scopes FilterPossibleScopes(r *http.Request, username string, requestedScopes []string, allowInvitations bool) (possibleScopes []string, err error) }
IdentityService provides some basic knowledge about authorizations required for the oauthservice
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
Manager is used to store
func NewManager ¶
NewManager creates and initializes a new Manager
func (*Manager) AllByClientID ¶
func (m *Manager) AllByClientID(clientID string) (clients []*Oauth2Client, err error)
AllByClientID retrieves all clients with a given ID
func (*Manager) CreateClient ¶
func (m *Manager) CreateClient(client *Oauth2Client) (err error)
CreateClient saves an Oauth2 client
func (*Manager) DeleteAllForOrganization ¶
DeleteAllForOrganization removes al client secrets for the organization
func (*Manager) DeleteClient ¶
DeleteClient removes a client secret by it's clientID and label
func (*Manager) GetAccessToken ¶
func (m *Manager) GetAccessToken(token string) (at *AccessToken, err error)
GetAccessToken gets an access token by it's actual token string If the token is not found or is expired, nil is returned
func (*Manager) GetClient ¶
func (m *Manager) GetClient(clientID, label string) (client *Oauth2Client, err error)
GetClient retrieves a client given a clientid and a label
func (*Manager) GetClientLabels ¶
GetClientLabels returns a list of labels for which there are apikeys registered for a specific client
func (*Manager) RemoveClientsById ¶
RemoveClientsById removes oauth clients by client id
func (*Manager) RemoveTokensByGlobalId ¶
RemoveTokensByGlobalId removes oauth tokens by global id
type Oauth2Client ¶
type Oauth2Client struct { ClientID string Label string //Label is a just a tag to identity the secret for this ClientID Secret string CallbackURL string ClientCredentialsGrantType bool //ClientCredentialsGrantType indicates if this client can be used in an oauth2 client credentials grant flow }
Oauth2Client is an oauth2 client
func NewOauth2Client ¶
func NewOauth2Client(clientID, label, callbackURL string, clientCredentialsGrantType bool) *Oauth2Client
NewOauth2Client creates a new NewOauth2Client with a random secret
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
Service is the oauthserver http service
func NewService ¶
func NewService(sessionService SessionService, identityService IdentityService, ecdsaKey *ecdsa.PrivateKey) (service *Service, err error)
NewService creates and initializes a Service
func (*Service) AccessTokenHandler ¶
func (service *Service) AccessTokenHandler(w http.ResponseWriter, r *http.Request)
AccessTokenHandler is the handler of the /v1/oauth/access_token endpoint
func (*Service) AuthorizeHandler ¶
func (service *Service) AuthorizeHandler(w http.ResponseWriter, request *http.Request)
AuthorizeHandler is the handler of the /v1/oauth/authorize endpoint
func (*Service) GetWebuser ¶
func (service *Service) GetWebuser(r *http.Request, w http.ResponseWriter) (username string, err error)
GetWebuser returns the authenticated user if any or an empty string if not
func (*Service) JWTHandler ¶
func (service *Service) JWTHandler(w http.ResponseWriter, r *http.Request)
JWTHandler returns a JWT with claims that are a subset of the scopes available to the authorizing token
type SessionService ¶
type SessionService interface { //GetLoggedInUser returns an authenticated user, or an empty string if there is none GetLoggedInUser(request *http.Request, w http.ResponseWriter) (username string, err error) //SetAPIAccessToken sets the api access token for this session SetAPIAccessToken(w http.ResponseWriter, token string) (err error) }
SessionService declares a context where you can have a logged in user