oauth2

package
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2022 License: Apache-2.0 Imports: 11 Imported by: 0

Documentation

Overview

Package oauth2 is DEPRECATED. Use golang.org/x/oauth instead.

Index

Constants

View Source 
const (
	ErrorAccessDenied            = "access_denied"
	ErrorInvalidClient           = "invalid_client"
	ErrorInvalidGrant            = "invalid_grant"
	ErrorInvalidRequest          = "invalid_request"
	ErrorServerError             = "server_error"
	ErrorUnauthorizedClient      = "unauthorized_client"
	ErrorUnsupportedGrantType    = "unsupported_grant_type"
	ErrorUnsupportedResponseType = "unsupported_response_type"
)
View Source 
const (
	// OAuth2.0 response types registered by OIDC.
	//
	// See: https://openid.net/specs/oauth-v2-multiple-response-types-1_0.html#RegistryContents
	ResponseTypeCode             = "code"
	ResponseTypeCodeIDToken      = "code id_token"
	ResponseTypeCodeIDTokenToken = "code id_token token"
	ResponseTypeIDToken          = "id_token"
	ResponseTypeIDTokenToken     = "id_token token"
	ResponseTypeToken            = "token"
	ResponseTypeNone             = "none"
)
View Source 
const (
	GrantTypeAuthCode     = "authorization_code"
	GrantTypeClientCreds  = "client_credentials"
	GrantTypeUserCreds    = "password"
	GrantTypeImplicit     = "implicit"
	GrantTypeRefreshToken = "refresh_token"

	AuthMethodClientSecretPost  = "client_secret_post"
	AuthMethodClientSecretBasic = "client_secret_basic"
	AuthMethodClientSecretJWT   = "client_secret_jwt"
	AuthMethodPrivateKeyJWT     = "private_key_jwt"
)

Variables

This section is empty.

Functions

func ResponseTypesEqual 

func ResponseTypesEqual(r1, r2 string) bool

ResponseTypesEqual compares two response_type values. If either contains a space, it is treated as an unordered list. For example, comparing "code id_token" and "id_token code" would evaluate to true.

Types

type AuthCodeRequest 

type AuthCodeRequest struct {
	ResponseType string
	ClientID     string
	RedirectURL  *url.URL
	Scope        []string
	State        string
}

func ParseAuthCodeRequest 

func ParseAuthCodeRequest(q url.Values) (AuthCodeRequest, error)

type Client 

type Client struct {
	// contains filtered or unexported fields
}

func NewClient 

func NewClient(hc phttp.Client, cfg Config) (c *Client, err error)

func (*Client) AuthCodeURL 

func (c *Client) AuthCodeURL(state, accessType, prompt string) string

Generate the url for initial redirect to oauth provider.

func (*Client) ClientCredsToken 

func (c *Client) ClientCredsToken(scope []string) (result TokenResponse, err error)

ClientCredsToken posts the client id and secret to obtain a token scoped to the OAuth2 client via the "client_credentials" grant type. May not be supported by all OAuth2 servers.

func (*Client) GetAuthMethod added in v0.0.5 

func (c *Client) GetAuthMethod() string

GetAuthMethod returns the current assigned auth method. Useful for confirming what method has been used as part of the above Ping workaround.

func (*Client) HttpClient 

func (c *Client) HttpClient() phttp.Client

Return the embedded HTTP client

func (*Client) RequestToken 

func (c *Client) RequestToken(grantType, value string) (result TokenResponse, err error)

RequestToken requests a token from the Token Endpoint with the specified grantType. If 'grantType' == GrantTypeAuthCode, then 'value' should be the authorization code. If 'grantType' == GrantTypeRefreshToken, then 'value' should be the refresh token.

func (*Client) SetAuthMethod added in v0.0.5 

func (c *Client) SetAuthMethod(authMethodValue string)

SetAuthMethodAllows allows for setting the authMethod variable that provides a workaround for the Ping OIDC issue as noted in https://github.com/gravitational/teleport/issues/8374 The Ping OIDC will throw a multiple client credentials error due to the client id being set in the query and basic auth with the Client Secret Basic auth method. The Client Secret Post auth method does not have that issue and this allows for setting that auth method. Since Ping always returns Client Secret Basic and Client Secret Post as available auth methods, the default logic will always use Client Secret Basic.

func (*Client) UserCredsToken 

func (c *Client) UserCredsToken(username, password string) (result TokenResponse, err error)

UserCredsToken posts the username and password to obtain a token scoped to the OAuth2 client via the "password" grant_type May not be supported by all OAuth2 servers.

type ClientCredentials 

type ClientCredentials struct {
	ID     string
	Secret string
}

type Config 

type Config struct {
	Credentials ClientCredentials
	Scope       []string
	RedirectURL string
	AuthURL     string
	TokenURL    string

	// Must be one of the AuthMethodXXX methods above. Right now, only
	// AuthMethodClientSecretPost and AuthMethodClientSecretBasic are supported.
	AuthMethod string
}

type Error 

type Error struct {
	Type        string `json:"error"`
	Description string `json:"error_description,omitempty"`
	State       string `json:"state,omitempty"`
}

func NewError 

func NewError(typ string) *Error

func (*Error) Error 

func (e *Error) Error() string

type TokenResponse 

type TokenResponse struct {
	AccessToken  string
	TokenType    string
	Expires      int
	IDToken      string
	RefreshToken string // OPTIONAL.
	Scope        string // OPTIONAL, if identical to the scope requested by the client, otherwise, REQUIRED.
	RawBody      []byte // In case callers need some other non-standard info from the token response
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.