mytokenlib

package module
v0.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 17, 2023 License: MIT Imports: 9 Imported by: 2

README

mytoken logo

License GitHub go.mod Go version Go Report DeepSource Release date Release version

mytokenlib

mytokenlib is a go library for communicating with a mytoken server. mytoken is a central web service with the goal to easily obtain OpenID Connect access tokens across devices.

A mytoken command line client can be found at https://github.com/oidc-mytoken/client.

The mytoken server can be found at https://github.com/oidc-mytoken/server.

A demo instance of mytoken is running at https://mytoken.data.kit.edu/.

Documentation

Index

Constants

View Source 
const ContextKeyUserAgent = "mytokenlib-user-agent"

ContextKeyUserAgent is used to set a useragent string in the context

Variables

This section is empty.

Functions

func NewAccessTokenRequest 

func NewAccessTokenRequest(issuer, mytoken string, scopes, audiences []string, comment string) api.AccessTokenRequest

NewAccessTokenRequest creates a new api.AccessTokenRequest with the passed arguments

func SetClient added in v0.3.0 

func SetClient(client *http.Client)

SetClient sets the http.Client used to make API requests

func SetContext added in v0.3.0 

func SetContext(contxt context.Context)

SetContext sets a context.Context used for all API requests

Types

type AccessTokenEndpoint added in v0.3.0 

type AccessTokenEndpoint struct {
	// contains filtered or unexported fields
}

AccessTokenEndpoint is type representing a mytoken server's Access Token Endpoint and the actions that can be performed there.

func (AccessTokenEndpoint) APIGet added in v0.3.0 

func (at AccessTokenEndpoint) APIGet(
	mytoken string, oidcIssuer string, scopes, audiences []string, comment string,
) (resp api.AccessTokenResponse, err error)

APIGet uses the passed mytoken to return an access token with the specified attributes. If a non-empty string is passed as the oidcIssuer it must match the oidc issuer of the mytoken. If scopes and audiences are passed the access token is requested with these parameters, if omitted the default values for this mytoken / provider are used. Multiple scopes are passed as a space separated string. The comment details how the access token is intended to be used. If the used mytoken changes (due to token rotation), the new mytoken is included in the api.AccessTokenResponse

func (AccessTokenEndpoint) DoHTTPRequest added in v0.3.0 

func (at AccessTokenEndpoint) DoHTTPRequest(method string, req, resp interface{}) error

DoHTTPRequest performs an http request to the access token endpoint

func (AccessTokenEndpoint) Get added in v0.3.0 

func (at AccessTokenEndpoint) Get(
	mytoken *string, oidcIssuer string, scopes, audiences []string, comment string,
) (string, error)

Get uses the passed mytoken to return an access token with the specified attributes. If a non-empty string is passed as the oidcIssuer it must match the oidc issuer of the mytoken. If scopes and audiences are passed the access token is requested with these parameters, if omitted the default values for this mytoken / provider are used. Multiple scopes are passed as a space separated string. The comment details how the access token is intended to be used. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

type Endpoint added in v0.3.0 

type Endpoint interface {
	DoHTTPRequest(method string, req interface{}, resp interface{}) error
}

Endpoint is an interface for mytoken endpoints

type GrantsEndpoint added in v0.3.0 

type GrantsEndpoint struct {
	SSH *SSHGrantEndpoint
	// contains filtered or unexported fields
}

GrantsEndpoint is type representing a mytoken server's grants Endpoint and the actions that can be performed there.

func (GrantsEndpoint) APIDisableGrant added in v0.3.0 

func (g GrantsEndpoint) APIDisableGrant(mytoken, grant string) (resp api.OnlyTokenUpdateResponse, err error)

APIDisableGrant disables the passed grant for this user. If the used mytoken changes (due to token rotation), the new mytoken is included in the api.OnlyTokenUpdateResponse

func (GrantsEndpoint) APIEnableGrant added in v0.3.0 

func (g GrantsEndpoint) APIEnableGrant(mytoken, grant string) (resp api.OnlyTokenUpdateResponse, err error)

APIEnableGrant enables the passed grant for this user. If the used mytoken changes (due to token rotation), the new mytoken is included in the api.OnlyTokenUpdateResponse

func (GrantsEndpoint) APIGet added in v0.3.0 

func (g GrantsEndpoint) APIGet(mytoken string) (resp api.GrantTypeInfoResponse, err error)

APIGet returns the api.GrantTypeInfoResponse about the enabled grant types for this user. If the used mytoken changes (due to token rotation), the new mytoken is included in the api.GrantTypeInfoResponse

func (GrantsEndpoint) DisableGrant added in v0.3.0 

func (g GrantsEndpoint) DisableGrant(mytoken *string, grant string) (err error)

DisableGrant disables the passed grant for this user. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

func (GrantsEndpoint) DoHTTPRequest added in v0.3.0 

func (g GrantsEndpoint) DoHTTPRequest(method string, req, resp interface{}) error

DoHTTPRequest performs an http request to the grants endpoint

func (GrantsEndpoint) DoHTTPRequestWithAuth added in v0.3.0 

func (g GrantsEndpoint) DoHTTPRequestWithAuth(method string, req, resp interface{}, mytoken string) error

DoHTTPRequestWithAuth performs an http request to the grants endpoint

func (GrantsEndpoint) EnableGrant added in v0.3.0 

func (g GrantsEndpoint) EnableGrant(mytoken *string, grant string) (err error)

EnableGrant enables the passed grant for this user. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

func (GrantsEndpoint) Get added in v0.3.0 

func (g GrantsEndpoint) Get(mytoken *string) ([]api.GrantTypeInfo, error)

Get returns a slice of api.GrantTypeInfo about the enabled grant types for this user. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

type MytokenEndpoint added in v0.3.0 

type MytokenEndpoint struct {
	// contains filtered or unexported fields
}

MytokenEndpoint is type representing a mytoken server's Mytoken Endpoint and the actions that can be performed there.

func (MytokenEndpoint) APIFromAuthorizationFlow added in v0.3.0 

func (my MytokenEndpoint) APIFromAuthorizationFlow(
	issuer string, restrictions api.Restrictions, capabilities api.Capabilities,
	rotation *api.Rotation, responseType, name, applicationName string, callbacks PollingCallbacks,
) (api.MytokenResponse, error)

APIFromAuthorizationFlow is a rather high level function that obtains a new mytoken using the authorization code flow. This function starts the flow with the passed parameters and performs the polling for the mytoken. The passed PollingCallbacks are called throughout the flow.

func (MytokenEndpoint) APIFromAuthorizationFlowReq added in v0.6.0 

func (my MytokenEndpoint) APIFromAuthorizationFlowReq(
	req api.GeneralMytokenRequest, callbacks PollingCallbacks,
) (api.MytokenResponse, error)

APIFromAuthorizationFlowReq is a rather high level function that obtains a new mytoken using the authorization code flow. This function starts the flow with the passed request and performs the polling for the mytoken. The passed PollingCallbacks are called throughout the flow.

func (MytokenEndpoint) APIFromMytoken added in v0.3.0 

func (my MytokenEndpoint) APIFromMytoken(
	mytoken string, issuer string, restrictions api.Restrictions, capabilities api.Capabilities, rotation *api.Rotation,
	responseType, name string,
) (api.MytokenResponse, error)

APIFromMytoken obtains a sub-mytoken by using an existing mytoken according to the passed parameters. If the used mytoken changes (due to token rotation), the new mytoken is included in the api.MytokenResponse

func (MytokenEndpoint) APIFromRequest added in v0.3.0 

func (my MytokenEndpoint) APIFromRequest(request interface{}) (resp api.MytokenResponse, err error)

APIFromRequest sends the passed request marshalled as json to the servers mytoken endpoint to obtain a mytoken and returns the api.MytokenResponse.

func (MytokenEndpoint) APIFromTransferCode added in v0.3.0 

func (my MytokenEndpoint) APIFromTransferCode(transferCode string) (api.MytokenResponse, error)

APIFromTransferCode exchanges the transferCode into the linked mytoken

func (MytokenEndpoint) APIInitAuthorizationFlow added in v0.3.0 

func (my MytokenEndpoint) APIInitAuthorizationFlow(req api.GeneralMytokenRequest) (
	resp api.AuthCodeFlowResponse, err error,
)

APIInitAuthorizationFlow starts the authorization code flow to obtain a mytoken with the passed parameters; it returns the api.AuthCodeFlowResponse

func (MytokenEndpoint) APIPoll added in v0.3.0 

func (my MytokenEndpoint) APIPoll(res api.PollingInfo, callback func(int64, int)) (*api.MytokenResponse, error)

APIPoll performs the polling for the final mytoken in the authorization code flow using the passed api.PollingInfo. The callback function takes the polling interval and the number of iteration as parameters; it is called for each polling attempt where the final mytoken could not yet be obtained (but no error occurred); it is usually used to print progress output. At the end the api.MytokenResponse is returned.

func (MytokenEndpoint) APIPollOnce added in v0.3.0 

func (my MytokenEndpoint) APIPollOnce(pollingCode string) (*api.MytokenResponse, error)

APIPollOnce sends a single polling request with the passed pollingCode; it returns the api. MytokenResponse if obtained, or an error if an error occurred.

func (MytokenEndpoint) DoHTTPRequest added in v0.3.0 

func (my MytokenEndpoint) DoHTTPRequest(method string, req, resp interface{}) error

DoHTTPRequest performs an http request to the mytoken endpoint

func (MytokenEndpoint) FromAuthorizationFlow added in v0.3.0 

func (my MytokenEndpoint) FromAuthorizationFlow(
	issuer string, restrictions api.Restrictions, capabilities api.Capabilities,
	rotation *api.Rotation, responseType, name, applicationName string, callbacks PollingCallbacks,
) (string, error)

FromAuthorizationFlow is a rather high level function that obtains a new mytoken using the authorization code flow. This function starts the flow with the passed parameters and performs the polling for the mytoken. The passed PollingCallbacks are called throughout the flow.

func (MytokenEndpoint) FromMytoken added in v0.3.0 

func (my MytokenEndpoint) FromMytoken(
	mytoken *string, issuer string, restrictions api.Restrictions, capabilities api.Capabilities,
	rotation *api.Rotation, responseType, name string,
) (string, error)

FromMytoken obtains a sub-mytoken by using an existing mytoken according to the passed parameters. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

func (MytokenEndpoint) FromRequest added in v0.3.0 

func (my MytokenEndpoint) FromRequest(request interface{}) (string, *string, error)

FromRequest sends the passed request marshalled as json to the servers mytoken endpoint to obtain a mytoken and returns the obtained mytoken and if a mytoken was used for authorization and it was rotated the updated mytoken.

func (MytokenEndpoint) FromTransferCode added in v0.3.0 

func (my MytokenEndpoint) FromTransferCode(transferCode string) (string, error)

FromTransferCode exchanges the transferCode into the linked mytoken

func (MytokenEndpoint) Poll added in v0.3.0 

func (my MytokenEndpoint) Poll(res api.PollingInfo, callback func(int64, int)) (string, error)

Poll performs the polling for the final mytoken in the authorization code flow using the passed api.PollingInfo. The callback function takes the polling interval and the number of iteration as parameters; it is called for each polling attempt where the final mytoken could not yet be obtained (but no error occurred); it is usually used to print progress output. At the end the mytoken is returned.

func (MytokenEndpoint) PollOnce added in v0.3.0 

func (my MytokenEndpoint) PollOnce(pollingCode string) (string, bool, error)

PollOnce sends a single polling request with the passed pollingCode; it returns the mytoken if obtained, a bool indicating if the mytoken was obtained, or an error if an error occurred.

type MytokenError 

type MytokenError struct {
	// contains filtered or unexported fields
}

MytokenError is a error type from the mytoken library

func (MytokenError) Error 

func (err MytokenError) Error() string

Error implements the error interface and returns a string representation of this MytokenError

type MytokenServer added in v0.3.0 

type MytokenServer struct {
	ServerMetadata api.MytokenConfiguration
	AccessToken    *AccessTokenEndpoint
	Mytoken        *MytokenEndpoint
	Revocation     *RevocationEndpoint
	Tokeninfo      *TokeninfoEndpoint
	Transfer       *TransferEndpoint
	UserSettings   *UserSettingsEndpoint
}

MytokenServer is a type describing a mytoken server instance

func NewMytokenServer added in v0.3.0 

func NewMytokenServer(url string) (*MytokenServer, error)

NewMytokenServer creates a new MytokenServer

type PollingCallbacks 

type PollingCallbacks struct {
	Init     func(string) error
	Callback func(int64, int)
	End      func()
}

PollingCallbacks is a struct holding callback related to the polling in the authorization code flow. The Init function takes the authorization url and is called before starting polling the server; this callback usually displays information to the user how to proceed, including the passed authorization url The Callback function takes the polling interval and the number of iteration as parameters; it is called for each polling attempt where the final mytoken could not yet be obtained (but no error occurred); it is usually used to print progress output. The End function is called after the mytoken was successfully obtained and might be used to finish output printed to the user.

type RevocationEndpoint added in v0.3.0 

type RevocationEndpoint struct {
	// contains filtered or unexported fields
}

RevocationEndpoint is type representing a mytoken server's Revocation Endpoint and the actions that can be performed there.

func (RevocationEndpoint) DoHTTPRequest added in v0.3.0 

func (r RevocationEndpoint) DoHTTPRequest(method string, req, resp interface{}) error

DoHTTPRequest performs an http request to the revocation endpoint

func (RevocationEndpoint) Revoke added in v0.3.0 

func (r RevocationEndpoint) Revoke(mytoken, oidcIssuer string, recursive bool) error

Revoke revokes the passed mytoken; if recursive is true also all subtokens (and their subtokens...) are revoked.

func (RevocationEndpoint) RevokeID added in v0.4.0 

func (r RevocationEndpoint) RevokeID(momID, mytoken, oidcIssuer string, recursive bool) error

RevokeID revokes the mytoken with the passed mom id; using the passed mytoken as authorization; if recursive is true also all subtokens (and their subtokens...) are revoked.

type SSHGrantEndpoint added in v0.3.0 

type SSHGrantEndpoint struct {
	// contains filtered or unexported fields
}

SSHGrantEndpoint is type representing a mytoken server's ssh grant Endpoint and the actions that can be performed there.

func (SSHGrantEndpoint) APIAdd added in v0.3.0 

func (s SSHGrantEndpoint) APIAdd(
	mytoken, sshKey, name string, restrictions api.Restrictions, capabilities api.Capabilities,
	callbacks PollingCallbacks,
) (response api.SSHKeyAddFinalResponse, tokenUpdate *api.MytokenResponse, err error)

APIAdd is a rather high level function to add a new ssh key; this includes sending the initial request including the public key, starting the necessary authorization code flow. This function starts the flow with the passed parameters and performs the polling for the ssh username and configuration. The passed PollingCallbacks are called throughout the flow. If the used mytoken changes (due to token rotation), the new mytoken is returned in the non-nil *api.MytokenResponse

func (SSHGrantEndpoint) APIGet added in v0.3.0 

func (s SSHGrantEndpoint) APIGet(mytoken string) (resp api.SSHInfoResponse, err error)

APIGet returns the api.SSHInfoResponse for this user. If the used mytoken changes (due to token rotation), the new mytoken is included in the api.SSHInfoResponse

func (SSHGrantEndpoint) APIInitAddSSHKey added in v0.3.0 

func (s SSHGrantEndpoint) APIInitAddSSHKey(
	mytoken, sshKey, name string, restrictions api.Restrictions, capabilities api.Capabilities,
) (resp api.SSHKeyAddResponse, err error)

APIInitAddSSHKey starts the flow to add an ssh key; it returns the api.AuthCodeFlowResponse

func (SSHGrantEndpoint) APIPoll added in v0.3.0 

func (s SSHGrantEndpoint) APIPoll(res api.PollingInfo, callback func(int64, int)) (*api.SSHKeyAddFinalResponse, error)

APIPoll performs the polling for the final ssh username in the add ssh key flow using the passed api.PollingInfo. The callback function takes the polling interval and the number of iteration as parameters; it is called for each polling attempt where the final mytoken could not yet be obtained (but no error occurred); it is usually used to print progress output. At the end the api.SSHKeyAddFinalResponse is returned.

func (SSHGrantEndpoint) APIPollOnce added in v0.3.0 

func (s SSHGrantEndpoint) APIPollOnce(pollingCode string) (*api.SSHKeyAddFinalResponse, error)

APIPollOnce sends a single polling request with the passed pollingCode; it returns the api.SSHKeyAddFinalResponse if obtained, or an error if an error occurred.

func (SSHGrantEndpoint) APIRemove added in v0.3.0 

func (s SSHGrantEndpoint) APIRemove(mytoken, keyFP, publicKey string) (resp api.OnlyTokenUpdateResponse, err error)

APIRemove removes an ssh public key, therefore disabling it. One of keyFP and publicKey must be given, i.e. the ssh key can be deleted by giving only the SHA256 fingerprint or the full public key. If the used mytoken changes (due to token rotation), the new mytoken is included in the api.OnlyTokenUpdateResponse

func (SSHGrantEndpoint) Add added in v0.3.0 

func (s SSHGrantEndpoint) Add(
	mytoken *string, sshKey, name string, restrictions api.Restrictions, capabilities api.Capabilities,
	callbacks PollingCallbacks,
) (api.SSHKeyAddFinalResponse, error)

Add is a rather high level function to add a new ssh key; this includes sending the initial request including the public key, starting the necessary authorization code flow. This function starts the flow with the passed parameters and performs the polling for the ssh username and configuration. The passed PollingCallbacks are called throughout the flow. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

func (SSHGrantEndpoint) DoHTTPRequest added in v0.3.0 

func (s SSHGrantEndpoint) DoHTTPRequest(method string, req, resp interface{}) error

DoHTTPRequest performs an http request to the ssh grant endpoint

func (SSHGrantEndpoint) DoHTTPRequestWithAuth added in v0.3.0 

func (s SSHGrantEndpoint) DoHTTPRequestWithAuth(
	method string, req interface{}, resp interface{}, mytoken string,
) error

DoHTTPRequestWithAuth performs an http request to the ssh grant endpoint

func (SSHGrantEndpoint) Get added in v0.3.0 

func (s SSHGrantEndpoint) Get(mytoken *string) ([]api.SSHKeyInfo, bool, error)

Get returns a slice of api.SSHKeyInfo about the enabled ssh keys for this user and a bool indicating if the ssh grant is enabled or not. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

func (SSHGrantEndpoint) Remove added in v0.3.0 

func (s SSHGrantEndpoint) Remove(mytoken *string, keyFP, publicKey string) error

Remove removes an ssh public key, therefore disabling it. One of keyFP and publicKey must be given, i.e. the ssh key can be deleted by giving only the SHA256 fingerprint or the full public key. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

type TokeninfoEndpoint added in v0.3.0 

type TokeninfoEndpoint struct {
	// contains filtered or unexported fields
}

TokeninfoEndpoint is type representing a mytoken server's Revocation Endpoint and the actions that can be performed there.

func (TokeninfoEndpoint) APIHistory added in v0.3.0 

func (info TokeninfoEndpoint) APIHistory(mytoken string, momID ...string) (
	resp api.TokeninfoHistoryResponse, err error,
)

APIHistory obtains the event history for the passed mytoken or mom id. If the used mytoken changes (due to token rotation), the new mytoken is included in the api.TokeninfoHistoryResponse

func (TokeninfoEndpoint) APIListMytokens added in v0.3.0 

func (info TokeninfoEndpoint) APIListMytokens(mytoken string) (resp api.TokeninfoListResponse, err error)

APIListMytokens returns an api.TokeninfoListResponse listing metadata about all the user's mytoken and their children (recursively) If the used mytoken changes (due to token rotation), the new mytoken is included in the api.TokeninfoListResponse

func (TokeninfoEndpoint) APISubtokens added in v0.3.0 

func (info TokeninfoEndpoint) APISubtokens(mytoken string) (resp api.TokeninfoSubtokensResponse, err error)

APISubtokens returns an api.TokeninfoTreeResponse listing metadata about the passed mytoken and its children ( recursively) If the used mytoken changes (due to token rotation), the new mytoken is included in the api.TokeninfoTreeResponse

func (TokeninfoEndpoint) DoHTTPRequest added in v0.3.0 

func (info TokeninfoEndpoint) DoHTTPRequest(method string, req, resp interface{}) error

DoHTTPRequest performs an http request to the tokeninfo endpoint

func (TokeninfoEndpoint) History added in v0.3.0 

func (info TokeninfoEndpoint) History(mytoken *string) ([]api.EventEntry, error)

History obtains the event history for the passed mytoken. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

func (TokeninfoEndpoint) HistoryForOtherMytoken added in v0.7.0 

func (info TokeninfoEndpoint) HistoryForOtherMytoken(mytoken *string, momID string) (*api.EventHistory, error)

HistoryForOtherMytoken obtains the event history for mytoken with the passed mom id and uses the passed mytoken as authorization. If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

func (TokeninfoEndpoint) Introspect added in v0.3.0 

func (info TokeninfoEndpoint) Introspect(mytoken string) (*api.TokeninfoIntrospectResponse, error)

Introspect introspects the passed mytoken

func (TokeninfoEndpoint) ListMytokens added in v0.3.0 

func (info TokeninfoEndpoint) ListMytokens(mytoken *string) ([]api.MytokenEntryTree, error)

ListMytokens returns a slice of api.MytokenEntryTree listing metadata about all the user's mytoken and their children (recursively) If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

func (TokeninfoEndpoint) Subtokens added in v0.3.0 

func (info TokeninfoEndpoint) Subtokens(mytoken *string) (*api.MytokenEntryTree, error)

Subtokens returns an api.MytokenEntryTree listing metadata about the passed mytoken and its children ( recursively) If the used mytoken changes (due to token rotation), the passed variable is updated accordingly.

type TransferEndpoint added in v0.3.0 

type TransferEndpoint struct {
	// contains filtered or unexported fields
}

TransferEndpoint is type representing a mytoken server's Token Transfer Endpoint and the actions that can be performed there.

func (TransferEndpoint) APICreate added in v0.3.0 

func (t TransferEndpoint) APICreate(mytoken string) (api.TransferCodeResponse, error)

APICreate creates a new transfer code for the passed mytoken and returns the api response

func (TransferEndpoint) Create added in v0.3.0 

func (t TransferEndpoint) Create(mytoken string) (string, error)

Create creates a new transfer code for the passed mytoken

func (TransferEndpoint) DoHTTPRequest added in v0.3.0 

func (t TransferEndpoint) DoHTTPRequest(method string, req, resp interface{}) error

DoHTTPRequest performs an http request to the token transfer endpoint

type UserSettingsEndpoint added in v0.3.0 

type UserSettingsEndpoint struct {
	Grants *GrantsEndpoint
	// contains filtered or unexported fields
}

UserSettingsEndpoint is type representing a mytoken server's User Settings Endpoint and the actions that can be performed there.

func (UserSettingsEndpoint) DoHTTPRequest added in v0.3.0 

func (s UserSettingsEndpoint) DoHTTPRequest(method string, req, resp interface{}) error

DoHTTPRequest performs an http request to the user settings endpoint

func (UserSettingsEndpoint) MetaData added in v0.3.0 

func (s UserSettingsEndpoint) MetaData() (api.SettingsMetaData, error)

MetaData returns the user settings endpoint's api.SettingsMetaData

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.