oauth2

package

v0.5.8 Latest Latest Go to latest Published: Oct 6, 2016 License: Apache-2.0 Imports: 26 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/maguro/hydra

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
type ConsentStrategy
type DefaultConsentStrategy
- func (s *DefaultConsentStrategy) IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (string, error)
- func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, token string) (claims *Session, err error)
type HTTPIntrospector
type Handler
type Introspection
type Introspector
type LocalIntrospector
- func (w *LocalIntrospector) IntrospectToken(ctx context.Context, token string) (*Introspection, error)
- func (w *LocalIntrospector) TokenFromRequest(r *http.Request) string
type Session
- func NewSession(subject string) *Session

Constants ¶

View Source

const (
	ConsentChallengeKey = "hydra.consent.challenge"
	ConsentEndpointKey  = "hydra.consent.response"
)

View Source

const (
	OpenIDConnectKeyName = "hydra.openid.id-token"

	ConsentPath = "/oauth2/consent"
	TokenPath   = "/oauth2/token"
	AuthPath    = "/oauth2/auth"

	// IntrospectPath points to the OAuth2 introspection endpoint.
	IntrospectPath = "/oauth2/introspect"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ConsentStrategy ¶

type ConsentStrategy interface {
	ValidateResponse(authorizeRequest fosite.AuthorizeRequester, token string) (claims *Session, err error)
	IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (token string, err error)
}

type DefaultConsentStrategy ¶

type DefaultConsentStrategy struct {
	Issuer string

	DefaultIDTokenLifespan   time.Duration
	DefaultChallengeLifespan time.Duration
	KeyManager               jwk.Manager
}

func (*DefaultConsentStrategy) IssueChallenge ¶

func (s *DefaultConsentStrategy) IssueChallenge(authorizeRequest fosite.AuthorizeRequester, redirectURL string) (string, error)

func (*DefaultConsentStrategy) ValidateResponse ¶

func (s *DefaultConsentStrategy) ValidateResponse(a fosite.AuthorizeRequester, token string) (claims *Session, err error)

type HTTPIntrospector ¶ added in v0.4.0

type HTTPIntrospector struct {
	Client   *http.Client
	Dry      bool
	Endpoint *url.URL
}

func (*HTTPIntrospector) IntrospectToken ¶ added in v0.4.0

func (this *HTTPIntrospector) IntrospectToken(ctx context.Context, token string) (*Introspection, error)

IntrospectToken is capable of introspecting tokens according to https://tools.ietf.org/html/rfc7662

The HTTP API is documented at http://docs.hdyra.apiary.io/#reference/oauth2/oauth2-token-introspection

func (*HTTPIntrospector) SetClient ¶ added in v0.4.0

func (this *HTTPIntrospector) SetClient(c *clientcredentials.Config)

func (*HTTPIntrospector) TokenFromRequest ¶ added in v0.4.0

func (this *HTTPIntrospector) TokenFromRequest(r *http.Request) string

type Handler ¶

type Handler struct {
	OAuth2  fosite.OAuth2Provider
	Consent ConsentStrategy

	Introspector Introspector
	Firewall     firewall.Firewall
	H            herodot.Herodot

	ForcedHTTP bool
	ConsentURL url.URL
}

func (*Handler) AuthHandler ¶

func (h *Handler) AuthHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Handler) DefaultConsentHandler ¶

func (o *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Handler) Introspect ¶ added in v0.4.0

func (h *Handler) Introspect(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

func (*Handler) SetRoutes ¶

func (h *Handler) SetRoutes(r *httprouter.Router)

func (*Handler) TokenHandler ¶

func (h *Handler) TokenHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params)

type Introspection ¶ added in v0.4.0

type Introspection struct {
	// Active is a boolean indicator of whether or not the presented token
	// is currently active.  The specifics of a token's "active" state
	// will vary depending on the implementation of the authorization
	// server and the information it keeps about its tokens, but a "true"
	// value return for the "active" property will generally indicate
	// that a given token has been issued by this authorization server,
	// has not been revoked by the resource owner, and is within its
	// given time window of validity (e.g., after its issuance time and
	// before its expiration time).
	Active bool `json:"active"`

	// Scope is a JSON string containing a space-separated list of
	// scopes associated with this token.
	Scope string `json:"scope,omitempty"`

	// ClientID is aclient identifier for the OAuth 2.0 client that
	// requested this token.
	ClientID string `json:"client_id,omitempty"`

	// Subject of the token, as defined in JWT [RFC7519].
	// Usually a machine-readable identifier of the resource owner who
	// authorized this token.
	Subject string `json:"sub,omitempty"`

	// Expires at is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token will expire.
	ExpiresAt int64 `json:"exp,omitempty"`

	// Issued at is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token was
	// originally issued.
	IssuedAt int64 `json:"iat,omitempty"`

	// NotBefore is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token is not to be
	// used before.
	NotBefore int64 `json:"nbf,omitempty"`

	// Username is a human-readable identifier for the resource owner who
	// authorized this token.
	Username int64 `json:"username,omitempty"`

	// Audience is a service-specific string identifier or list of string
	// identifiers representing the intended audience for this token.
	Audience string `json:"aud,omitempty"`

	// Issuer is a string representing the issuer of this token
	Issuer string `json:"iss,omitempty"`

	// Extra is arbitrary data set by the session.
	Extra map[string]interface{} `json:"ext,omitempty"`
}

Introspection contains an access token's session data as specified by IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662

type Introspector ¶ added in v0.4.0

type Introspector interface {
	// IntrospectToken performs a token introspection according to IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662
	//
	//  func anyHttpHandler(w http.ResponseWriter, r *http.Request) {
	//    ctx, err := introspector.IntrospectToken(context.Background(), introspector.TokenFromRequest(r), "photos", "files")
	//    fmt.Sprintf("%s", ctx.Subject)
	//  }
	IntrospectToken(ctx context.Context, token string) (*Introspection, error)
}

Introspector is capable of introspecting an access token according to IETF RFC 7662, see: https://tools.ietf.org/html/rfc7662

type LocalIntrospector ¶ added in v0.4.0

type LocalIntrospector struct {
	OAuth2 fosite.OAuth2Provider

	AccessTokenLifespan time.Duration
	Issuer              string
}

func (*LocalIntrospector) IntrospectToken ¶ added in v0.4.0

func (w *LocalIntrospector) IntrospectToken(ctx context.Context, token string) (*Introspection, error)

func (*LocalIntrospector) TokenFromRequest ¶ added in v0.4.0

func (w *LocalIntrospector) TokenFromRequest(r *http.Request) string

type Session ¶

type Session struct {
	Subject                string `json:"sub"`
	*openid.DefaultSession `json:"idToken"`
	*oauth2.HMACSession    `json:"session"`
	Extra                  map[string]interface{} `json:"extra"`
}

func NewSession ¶

func NewSession(subject string) *Session

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL