Documentation
¶
Index ¶
- Constants
- type ConsentStrategy
- type DefaultConsentStrategy
- type HTTPIntrospector
- type Handler
- func (this *Handler) AuthHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
- func (o *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
- func (this *Handler) Introspect(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
- func (this *Handler) SetRoutes(r *httprouter.Router)
- func (this *Handler) TokenHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
- type Introspection
- type Introspector
- type LocalIntrospector
- type Session
Constants ¶
View Source
const ( ConsentChallengeKey = "consent.challenge" ConsentEndpointKey = "consent.endpoint" )
View Source
const ( OpenIDConnectKeyName = "hydra.openid.connect" ConsentPath = "/oauth2/consent" TokenPath = "/oauth2/token" AuthPath = "/oauth2/auth" // IntrospectPath points to the OAuth2 introspection endpoint. IntrospectPath = "/oauth2/introspect" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type ConsentStrategy ¶
type ConsentStrategy interface {
ValidateResponse(authorizeRequest fosite.AuthorizeRequester, token string) (claims *Session, err error)
IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (token string, err error)
}
type DefaultConsentStrategy ¶
type DefaultConsentStrategy struct {
Issuer string
DefaultIDTokenLifespan time.Duration
DefaultChallengeLifespan time.Duration
KeyManager jwk.Manager
}
func (*DefaultConsentStrategy) IssueChallenge ¶
func (s *DefaultConsentStrategy) IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (string, error)
func (*DefaultConsentStrategy) ValidateResponse ¶
func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, token string) (claims *Session, err error)
type HTTPIntrospector ¶ added in v0.4.0
func (*HTTPIntrospector) IntrospectToken ¶ added in v0.4.0
func (this *HTTPIntrospector) IntrospectToken(ctx context.Context, token string) (*Introspection, error)
IntrospectToken is capable of introspecting tokens according to https://tools.ietf.org/html/rfc7662
The HTTP API is documented at http://docs.hdyra.apiary.io/#reference/oauth2/oauth2-token-introspection
func (*HTTPIntrospector) SetClient ¶ added in v0.4.0
func (this *HTTPIntrospector) SetClient(c *clientcredentials.Config)
func (*HTTPIntrospector) TokenFromRequest ¶ added in v0.4.0
func (this *HTTPIntrospector) TokenFromRequest(r *http.Request) string
type Handler ¶
type Handler struct {
OAuth2 fosite.OAuth2Provider
Consent ConsentStrategy
Introspector Introspector
Firewall firewall.Firewall
H herodot.Herodot
ForcedHTTP bool
ConsentURL url.URL
}
func (*Handler) AuthHandler ¶
func (this *Handler) AuthHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
func (*Handler) DefaultConsentHandler ¶
func (o *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
func (*Handler) Introspect ¶ added in v0.4.0
func (this *Handler) Introspect(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
func (*Handler) SetRoutes ¶
func (this *Handler) SetRoutes(r *httprouter.Router)
func (*Handler) TokenHandler ¶
func (this *Handler) TokenHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)
type Introspection ¶ added in v0.4.0
type Introspection struct {
// Active is a boolean indicator of whether or not the presented token
// is currently active. The specifics of a token's "active" state
// will vary depending on the implementation of the authorization
// server and the information it keeps about its tokens, but a "true"
// value return for the "active" property will generally indicate
// that a given token has been issued by this authorization server,
// has not been revoked by the resource owner, and is within its
// given time window of validity (e.g., after its issuance time and
// before its expiration time).
Active bool `json:"active"`
// Scope is a JSON string containing a space-separated list of
// scopes associated with this token.
Scope string `json:"scope,omitempty"`
// ClientID is aclient identifier for the OAuth 2.0 client that
// requested this token.
ClientID string `json:"client_id,omitempty"`
// Subject of the token, as defined in JWT [RFC7519].
// Usually a machine-readable identifier of the resource owner who
// authorized this token.
Subject string `json:"sub,omitempty"`
// Expires at is an integer timestamp, measured in the number of seconds
// since January 1 1970 UTC, indicating when this token will expire.
ExpiresAt int64 `json:"exp,omitempty"`
// Issued at is an integer timestamp, measured in the number of seconds
// since January 1 1970 UTC, indicating when this token was
// originally issued.
IssuedAt int64 `json:"iat,omitempty"`
// NotBefore is an integer timestamp, measured in the number of seconds
// since January 1 1970 UTC, indicating when this token is not to be
// used before.
NotBefore int64 `json:"nbf,omitempty"`
// Username is a human-readable identifier for the resource owner who
// authorized this token.
Username int64 `json:"username,omitempty"`
// Audience is a service-specific string identifier or list of string
// identifiers representing the intended audience for this token.
Audience string `json:"aud,omitempty"`
// Issuer is a string representing the issuer of this token
Issuer string `json:"iss,omitempty"`
// Extra is arbitrary data set by the session.
Extra map[string]interface{} `json:"ext,omitempty"`
}
Introspection contains an access token's session data as specified by IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662
type Introspector ¶ added in v0.4.0
type Introspector interface {
// IntrospectToken performs a token introspection according to IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662
//
// func anyHttpHandler(w http.ResponseWriter, r *http.Request) {
// ctx, err := introspector.IntrospectToken(context.Background(), introspector.TokenFromRequest(r), "photos", "files")
// fmt.Sprintf("%s", ctx.Subject)
// }
IntrospectToken(ctx context.Context, token string) (*Introspection, error)
}
Introspector is capable of introspecting an access token according to IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662
type LocalIntrospector ¶ added in v0.4.0
type LocalIntrospector struct {
OAuth2 fosite.OAuth2Provider
AccessTokenLifespan time.Duration
Issuer string
}
func (*LocalIntrospector) IntrospectToken ¶ added in v0.4.0
func (w *LocalIntrospector) IntrospectToken(ctx context.Context, token string) (*Introspection, error)
func (*LocalIntrospector) TokenFromRequest ¶ added in v0.4.0
func (w *LocalIntrospector) TokenFromRequest(r *http.Request) string
type Session ¶
type Session struct {
Subject string `json:"sub"`
*openid.DefaultSession `json:"idToken"`
*oauth2.HMACSession `json:"session"`
Extra map[string]interface{} `json:"extra"`
}
func NewSession ¶
Source Files
Click to show internal directories.
Click to hide internal directories.