authzserver

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 21, 2024 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Overview

OAuthServer implementation that serve oauth2 authorize and client_credentials flows.

Index

Constants

View Source 
const (
	ClientIDClaim = "client_id"
	UserIDClaim   = "user_info"
	ScopeClaim    = "scp"
	KeyIDClaim    = "key_id"
)

Variables

This section is empty.

Functions

func GetIssuer 

func GetIssuer(ctx context.Context, req *http.Request, cfg *config.Config) string

func GetJSONWebKeysEndpoint 

func GetJSONWebKeysEndpoint(authCtx interfaces.AuthenticationContext) http.HandlerFunc

GetJSONWebKeysEndpoint serves requests to the jwks endpoint. ref: https://tools.ietf.org/html/rfc7517

func RegisterHandlers 

func RegisterHandlers(handler interfaces.HandlerRegisterer, authCtx interfaces.AuthenticationContext)

RegisterHandlers registers http endpoints for handling OAuth2 flow (/authorize,

Types

type Encryptor 

type Encryptor interface {
	Encrypt(raw string) (cypher string, err error)
	Decrypt(cypher string) (raw string, err error)
}

type OAuth2MetadataProvider 

type OAuth2MetadataProvider struct {
	// contains filtered or unexported fields
}

func NewService 

func NewService(config *authConfig.Config) OAuth2MetadataProvider

func (OAuth2MetadataProvider) AuthFuncOverride 

func (s OAuth2MetadataProvider) AuthFuncOverride(ctx context.Context, fullMethodName string) (context.Context, error)

Override auth func to enforce anonymous access on the implemented APIs Ref: https://github.com/grpc-ecosystem/go-grpc-middleware/blob/master/auth/auth.go#L31

func (OAuth2MetadataProvider) GetOAuth2Metadata 

func (s OAuth2MetadataProvider) GetOAuth2Metadata(ctx context.Context, r *service.OAuth2MetadataRequest) (*service.OAuth2MetadataResponse, error)

func (OAuth2MetadataProvider) GetPublicClientConfig 

func (s OAuth2MetadataProvider) GetPublicClientConfig(context.Context, *service.PublicClientAuthConfigRequest) (*service.PublicClientAuthConfigResponse, error)

type Provider 

type Provider struct {
	fosite.OAuth2Provider
	// contains filtered or unexported fields
}

Provider implements OAuth2 Authorization Server.

func NewProvider 

func NewProvider(ctx context.Context, cfg config.AuthorizationServer, sm core.SecretManager) (Provider, error)

NewProvider creates a new OAuth2 Provider that is able to do OAuth 2-legged and 3-legged flows. It'll lookup config.SecretNameClaimSymmetricKey and config.SecretNameTokenSigningRSAKey secrets from the secret manager to use to sign and generate hashes for tokens. The RSA Private key is expected to be in PEM format with the public key embedded. Use auth.GetInitSecretsCommand() to generate new valid secrets that will be accepted by this provider. The config.SecretNameClaimSymmetricKey must be a 32-bytes long key in Base64Encoding.

func (Provider) KeySet 

func (p Provider) KeySet() jwk.Set

func (Provider) NewJWTSessionToken 

func (p Provider) NewJWTSessionToken(subject, appID, issuer, audience string, userInfoClaims *service.UserInfoResponse) *fositeOAuth2.JWTSession

NewJWTSessionToken is a helper function for creating a new session.

func (Provider) PublicKeys 

func (p Provider) PublicKeys() []rsa.PublicKey

func (Provider) ValidateAccessToken 

func (p Provider) ValidateAccessToken(ctx context.Context, expectedAudience, tokenStr string) (interfaces.IdentityContext, error)

type ResourceServer 

type ResourceServer struct {
	// contains filtered or unexported fields
}

ResourceServer authorizes access requests issued by an external Authorization Server.

func NewOAuth2ResourceServer 

func NewOAuth2ResourceServer(ctx context.Context, cfg authConfig.ExternalAuthorizationServer, fallbackBaseURL config.URL) (ResourceServer, error)

NewOAuth2ResourceServer initializes a new OAuth2ResourceServer.

func (ResourceServer) ValidateAccessToken 

func (r ResourceServer) ValidateAccessToken(ctx context.Context, expectedAudience, tokenStr string) (interfaces.IdentityContext, error)

type StatelessCodeProvider 

type StatelessCodeProvider struct {
	oauth22.CoreStrategy
	// contains filtered or unexported fields
}

StatelessCodeProvider offers a strategy that encodes authorization code and refresh tokens into JWT to avoid requiring storing these tokens on the server side. These tokens are usually short lived so storing them to a persistent store (e.g. DB) is not desired. A more suitable store would be an in-memory read-efficient store (e.g. Redis) however, that would add additional requirements on setting up kozmoAdmin and hence why we are going with this strategy.

func NewStatelessCodeProvider 

func NewStatelessCodeProvider(cfg config.AuthorizationServer, blockKey [auth.SymmetricKeyLength]byte, strategy oauth22.CoreStrategy) StatelessCodeProvider

func (StatelessCodeProvider) AuthorizeCodeSignature 

func (p StatelessCodeProvider) AuthorizeCodeSignature(token string) string

func (StatelessCodeProvider) Decrypt 

func (p StatelessCodeProvider) Decrypt(encrypted string) (string, error)

func (StatelessCodeProvider) Encrypt 

func (p StatelessCodeProvider) Encrypt(raw string) (string, error)

func (StatelessCodeProvider) GenerateAccessToken 

func (p StatelessCodeProvider) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)

func (StatelessCodeProvider) GenerateAuthorizeCode 

func (p StatelessCodeProvider) GenerateAuthorizeCode(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)

func (StatelessCodeProvider) GenerateRefreshToken 

func (p StatelessCodeProvider) GenerateRefreshToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)

func (StatelessCodeProvider) RefreshTokenSignature 

func (p StatelessCodeProvider) RefreshTokenSignature(token string) string

func (StatelessCodeProvider) ValidateAuthorizeCode 

func (p StatelessCodeProvider) ValidateAuthorizeCode(ctx context.Context, requester fosite.Requester, token string) (err error)

func (StatelessCodeProvider) ValidateRefreshToken 

func (p StatelessCodeProvider) ValidateRefreshToken(ctx context.Context, requester fosite.Requester, token string) (err error)

type StatelessTokenStore 

type StatelessTokenStore struct {
	*storage.MemoryStore
	jwt.JWTStrategy
	// contains filtered or unexported fields
}

StatelessTokenStore provides a ship on top of the MemoryStore to avoid storing tokens in memory (or elsewhere) but instead hydrates fosite.Request and sessions from the tokens themselves.

func (StatelessTokenStore) DeleteRefreshTokenSession 

func (s StatelessTokenStore) DeleteRefreshTokenSession(_ context.Context, _ string) (err error)

func (StatelessTokenStore) GetAuthorizeCodeSession 

func (s StatelessTokenStore) GetAuthorizeCodeSession(ctx context.Context, code string, _ fosite.Session) (fosite.Requester, error)

func (StatelessTokenStore) GetPKCERequestSession 

func (s StatelessTokenStore) GetPKCERequestSession(ctx context.Context, signature string, _ fosite.Session) (fosite.Requester, error)

func (StatelessTokenStore) GetRefreshTokenSession 

func (s StatelessTokenStore) GetRefreshTokenSession(ctx context.Context, signature string, _ fosite.Session) (request fosite.Requester, err error)

func (StatelessTokenStore) InvalidateAuthorizeCodeSession 

func (s StatelessTokenStore) InvalidateAuthorizeCodeSession(_ context.Context, _ string) (err error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.