oauth2

package
v0.46.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 15, 2024 License: Apache-2.0 Imports: 13 Imported by: 212

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessTokenJWTToRequest added in v0.36.0 

func AccessTokenJWTToRequest(token *jwt.Token) fosite.Requester

AccessTokenJWTToRequest tries to reconstruct fosite.Request from a JWT.

Types

type AccessTokenStorage 

type AccessTokenStorage interface {
	CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

	GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

	DeleteAccessTokenSession(ctx context.Context, signature string) (err error)
}

type AccessTokenStrategy 

type AccessTokenStrategy interface {
	AccessTokenSignature(ctx context.Context, token string) string
	GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
	ValidateAccessToken(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type AuthorizeCodeStorage 

type AuthorizeCodeStorage interface {
	// GetAuthorizeCodeSession stores the authorization request for a given authorization code.
	CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error)

	// GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request.
	// If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this
	// method should return the ErrInvalidatedAuthorizeCode error.
	//
	// Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error!
	GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error)

	// InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization
	// code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the
	// ErrInvalidatedAuthorizeCode error.
	InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error)
}

AuthorizeCodeStorage handles storage requests related to authorization codes.

type AuthorizeCodeStrategy 

type AuthorizeCodeStrategy interface {
	AuthorizeCodeSignature(ctx context.Context, token string) string
	GenerateAuthorizeCode(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
	ValidateAuthorizeCode(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type AuthorizeExplicitGrantHandler 

type AuthorizeExplicitGrantHandler struct {
	AccessTokenStrategy    AccessTokenStrategy
	RefreshTokenStrategy   RefreshTokenStrategy
	AuthorizeCodeStrategy  AuthorizeCodeStrategy
	CoreStorage            CoreStorage
	TokenRevocationStorage TokenRevocationStorage
	Config                 interface {
		fosite.AuthorizeCodeLifespanProvider
		fosite.AccessTokenLifespanProvider
		fosite.RefreshTokenLifespanProvider
		fosite.ScopeStrategyProvider
		fosite.AudienceStrategyProvider
		fosite.RedirectSecureCheckerProvider
		fosite.RefreshTokenScopesProvider
		fosite.OmitRedirectScopeParamProvider
		fosite.SanitationAllowedProvider
	}
}

AuthorizeExplicitGrantHandler is a response handler for the Authorize Code grant using the explicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.1

func (*AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest added in v0.37.0 

func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) bool

func (*AuthorizeExplicitGrantHandler) CanSkipClientAuth added in v0.37.0 

func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(ctx context.Context, requester fosite.AccessRequester) bool

func (*AuthorizeExplicitGrantHandler) GetSanitationWhiteList added in v0.17.0 

func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList(ctx context.Context) []string

func (*AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest 

func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest 

func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements * https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything)

func (*AuthorizeExplicitGrantHandler) IssueAuthorizeCode 

func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse 

func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) (err error)

type AuthorizeImplicitGrantTypeHandler 

type AuthorizeImplicitGrantTypeHandler struct {
	AccessTokenStrategy AccessTokenStrategy
	// AccessTokenStorage is used to persist session data across requests.
	AccessTokenStorage AccessTokenStorage

	Config interface {
		fosite.AccessTokenLifespanProvider
		fosite.ScopeStrategyProvider
		fosite.AudienceStrategyProvider
	}
}

AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.2

func (*AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest 

func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken 

func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

type ClientCredentialsGrantHandler 

type ClientCredentialsGrantHandler struct {
	*HandleHelper
	Config interface {
		fosite.ScopeStrategyProvider
		fosite.AudienceStrategyProvider
		fosite.AccessTokenLifespanProvider
	}
}

func (*ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest added in v0.37.0 

func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) bool

func (*ClientCredentialsGrantHandler) CanSkipClientAuth added in v0.37.0 

func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(ctx context.Context, requester fosite.AccessRequester) bool

func (*ClientCredentialsGrantHandler) HandleTokenEndpointRequest 

func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

IntrospectTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.4.2

func (*ClientCredentialsGrantHandler) PopulateTokenEndpointResponse 

func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.4.3

type ClientCredentialsGrantStorage 

type ClientCredentialsGrantStorage interface {
	AccessTokenStorage
}

type CoreStorage 

type CoreStorage interface {
	AuthorizeCodeStorage
	AccessTokenStorage
	RefreshTokenStorage
}

type CoreStrategy 

type CoreStrategy interface {
	AccessTokenStrategy
	RefreshTokenStrategy
	AuthorizeCodeStrategy
}

type CoreValidator 

type CoreValidator struct {
	CoreStrategy
	CoreStorage
	Config coreValidatorConfigProvider
}

func (*CoreValidator) IntrospectToken added in v0.4.0 

func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)

type DefaultJWTStrategy added in v0.21.0 

type DefaultJWTStrategy struct {
	jwt.Signer
	HMACSHAStrategy *HMACSHAStrategy
	Config          interface {
		fosite.AccessTokenIssuerProvider
		fosite.JWTScopeFieldProvider
	}
}

DefaultJWTStrategy is a JWT RS256 strategy.

func (DefaultJWTStrategy) AccessTokenSignature added in v0.21.0 

func (h DefaultJWTStrategy) AccessTokenSignature(ctx context.Context, token string) string

func (DefaultJWTStrategy) AuthorizeCodeSignature added in v0.21.0 

func (h DefaultJWTStrategy) AuthorizeCodeSignature(ctx context.Context, token string) string

func (*DefaultJWTStrategy) GenerateAccessToken added in v0.21.0 

func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)

func (*DefaultJWTStrategy) GenerateAuthorizeCode added in v0.21.0 

func (h *DefaultJWTStrategy) GenerateAuthorizeCode(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

func (*DefaultJWTStrategy) GenerateRefreshToken added in v0.21.0 

func (h *DefaultJWTStrategy) GenerateRefreshToken(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

func (DefaultJWTStrategy) RefreshTokenSignature added in v0.21.0 

func (h DefaultJWTStrategy) RefreshTokenSignature(ctx context.Context, token string) string

func (*DefaultJWTStrategy) ValidateAccessToken added in v0.21.0 

func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error

func (*DefaultJWTStrategy) ValidateAuthorizeCode added in v0.21.0 

func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosite.Requester, token string) error

func (*DefaultJWTStrategy) ValidateRefreshToken added in v0.21.0 

func (h *DefaultJWTStrategy) ValidateRefreshToken(ctx context.Context, req fosite.Requester, token string) error

type HMACSHAStrategy 

type HMACSHAStrategy struct {
	Enigma *enigma.HMACStrategy
	Config interface {
		fosite.AccessTokenLifespanProvider
		fosite.RefreshTokenLifespanProvider
		fosite.AuthorizeCodeLifespanProvider
	}
	// contains filtered or unexported fields
}

func (*HMACSHAStrategy) AccessTokenSignature 

func (h *HMACSHAStrategy) AccessTokenSignature(ctx context.Context, token string) string

func (*HMACSHAStrategy) AuthorizeCodeSignature 

func (h *HMACSHAStrategy) AuthorizeCodeSignature(ctx context.Context, token string) string

func (*HMACSHAStrategy) GenerateAccessToken 

func (h *HMACSHAStrategy) GenerateAccessToken(ctx context.Context, _ fosite.Requester) (token string, signature string, err error)

func (*HMACSHAStrategy) GenerateAuthorizeCode 

func (h *HMACSHAStrategy) GenerateAuthorizeCode(ctx context.Context, _ fosite.Requester) (token string, signature string, err error)

func (*HMACSHAStrategy) GenerateRefreshToken 

func (h *HMACSHAStrategy) GenerateRefreshToken(ctx context.Context, _ fosite.Requester) (token string, signature string, err error)

func (*HMACSHAStrategy) RefreshTokenSignature 

func (h *HMACSHAStrategy) RefreshTokenSignature(ctx context.Context, token string) string

func (*HMACSHAStrategy) ValidateAccessToken 

func (h *HMACSHAStrategy) ValidateAccessToken(ctx context.Context, r fosite.Requester, token string) (err error)

func (*HMACSHAStrategy) ValidateAuthorizeCode 

func (h *HMACSHAStrategy) ValidateAuthorizeCode(ctx context.Context, r fosite.Requester, token string) (err error)

func (*HMACSHAStrategy) ValidateRefreshToken 

func (h *HMACSHAStrategy) ValidateRefreshToken(ctx context.Context, r fosite.Requester, token string) (err error)

type HandleHelper 

type HandleHelper struct {
	AccessTokenStrategy AccessTokenStrategy
	AccessTokenStorage  AccessTokenStorage
	Config              HandleHelperConfigProvider
}

func (*HandleHelper) IssueAccessToken 

func (h *HandleHelper) IssueAccessToken(ctx context.Context, defaultLifespan time.Duration, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type HandleHelperConfigProvider added in v0.43.0 

type HandleHelperConfigProvider interface {
	fosite.AccessTokenLifespanProvider
	fosite.RefreshTokenLifespanProvider
}

type JWTSession 

type JWTSession struct {
	JWTClaims *jwt.JWTClaims
	JWTHeader *jwt.Headers
	ExpiresAt map[fosite.TokenType]time.Time
	Username  string
	Subject   string
}

JWTSession Container for the JWT session.

func (*JWTSession) Clone added in v0.6.0 

func (j *JWTSession) Clone() fosite.Session

func (*JWTSession) GetExpiresAt added in v0.5.0 

func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time

func (*JWTSession) GetExtraClaims added in v0.40.0 

func (s *JWTSession) GetExtraClaims() map[string]interface{}

GetExtraClaims implements ExtraClaimsSession for JWTSession. The returned value is a copy of JWTSession claims.

func (*JWTSession) GetJWTClaims 

func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer

func (*JWTSession) GetJWTHeader 

func (j *JWTSession) GetJWTHeader() *jwt.Headers

func (*JWTSession) GetSubject added in v0.5.0 

func (j *JWTSession) GetSubject() string

func (*JWTSession) GetUsername added in v0.5.0 

func (j *JWTSession) GetUsername() string

func (*JWTSession) SetExpiresAt added in v0.5.0 

func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)

func (*JWTSession) SetSubject added in v0.37.0 

func (j *JWTSession) SetSubject(subject string)

type JWTSessionContainer 

type JWTSessionContainer interface {
	// GetJWTClaims returns the claims.
	GetJWTClaims() jwt.JWTClaimsContainer

	// GetJWTHeader returns the header.
	GetJWTHeader() *jwt.Headers

	fosite.Session
}

type RefreshTokenGrantHandler 

type RefreshTokenGrantHandler struct {
	AccessTokenStrategy    AccessTokenStrategy
	RefreshTokenStrategy   RefreshTokenStrategy
	TokenRevocationStorage TokenRevocationStorage
	Config                 interface {
		fosite.AccessTokenLifespanProvider
		fosite.RefreshTokenLifespanProvider
		fosite.ScopeStrategyProvider
		fosite.AudienceStrategyProvider
		fosite.RefreshTokenScopesProvider
	}
}

func (*RefreshTokenGrantHandler) CanHandleTokenEndpointRequest added in v0.37.0 

func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) bool

func (*RefreshTokenGrantHandler) CanSkipClientAuth added in v0.37.0 

func (c *RefreshTokenGrantHandler) CanSkipClientAuth(ctx context.Context, requester fosite.AccessRequester) bool

func (*RefreshTokenGrantHandler) HandleTokenEndpointRequest 

func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-6

func (*RefreshTokenGrantHandler) PopulateTokenEndpointResponse 

func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) (err error)

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-6

type RefreshTokenStorage 

type RefreshTokenStorage interface {
	CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

	GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

	DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)
}

type RefreshTokenStrategy 

type RefreshTokenStrategy interface {
	RefreshTokenSignature(ctx context.Context, token string) string
	GenerateRefreshToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
	ValidateRefreshToken(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type ResourceOwnerPasswordCredentialsGrantHandler deprecated 

type ResourceOwnerPasswordCredentialsGrantHandler struct {
	*HandleHelper
	// ResourceOwnerPasswordCredentialsGrantStorage is used to persist session data across requests.
	ResourceOwnerPasswordCredentialsGrantStorage ResourceOwnerPasswordCredentialsGrantStorage
	RefreshTokenStrategy                         RefreshTokenStrategy
	Config                                       interface {
		fosite.ScopeStrategyProvider
		fosite.AudienceStrategyProvider
		fosite.RefreshTokenScopesProvider
		fosite.RefreshTokenLifespanProvider
		fosite.AccessTokenLifespanProvider
	}
}

Deprecated: This handler is deprecated as a means to communicate that the ROPC grant type is widely discouraged and is at the time of this writing going to be omitted in the OAuth 2.1 spec. For more information on why this grant type is discouraged see: https://www.scottbrady91.com/oauth/why-the-resource-owner-password-credentials-grant-type-is-not-authentication-nor-suitable-for-modern-applications

func (*ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest added in v0.37.0 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) bool

func (*ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth added in v0.37.0 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth(ctx context.Context, _ fosite.AccessRequester) bool

func (*ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.3.2

func (*ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.3.3

type ResourceOwnerPasswordCredentialsGrantStorage 

type ResourceOwnerPasswordCredentialsGrantStorage interface {
	Authenticate(ctx context.Context, name string, secret string) error
	AccessTokenStorage
	RefreshTokenStorage
}

type StatelessJWTValidator added in v0.6.17 

type StatelessJWTValidator struct {
	jwt.Signer
	Config interface {
		fosite.ScopeStrategyProvider
	}
}

func (*StatelessJWTValidator) IntrospectToken added in v0.6.17 

func (v *StatelessJWTValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)

type TokenRevocationHandler added in v0.4.0 

type TokenRevocationHandler struct {
	TokenRevocationStorage TokenRevocationStorage
	RefreshTokenStrategy   RefreshTokenStrategy
	AccessTokenStrategy    AccessTokenStrategy
}

func (*TokenRevocationHandler) RevokeToken added in v0.4.0 

func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error

RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.

type TokenRevocationStorage added in v0.4.0 

type TokenRevocationStorage interface {
	RefreshTokenStorage
	AccessTokenStorage

	// RevokeRefreshToken revokes a refresh token as specified in:
	// https://tools.ietf.org/html/rfc7009#section-2.1
	// If the particular
	// token is a refresh token and the authorization server supports the
	// revocation of access tokens, then the authorization server SHOULD
	// also invalidate all access tokens based on the same authorization
	// grant (see Implementation Note).
	RevokeRefreshToken(ctx context.Context, requestID string) error

	// RevokeRefreshTokenMaybeGracePeriod revokes a refresh token as specified in:
	// https://tools.ietf.org/html/rfc7009#section-2.1
	// If the particular
	// token is a refresh token and the authorization server supports the
	// revocation of access tokens, then the authorization server SHOULD
	// also invalidate all access tokens based on the same authorization
	// grant (see Implementation Note).
	//
	// If the Refresh Token grace period is greater than zero in configuration the token
	// will have its expiration time set as UTCNow + GracePeriod.
	RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) error

	// RevokeAccessToken revokes an access token as specified in:
	// https://tools.ietf.org/html/rfc7009#section-2.1
	// If the token passed to the request
	// is an access token, the server MAY revoke the respective refresh
	// token as well.
	RevokeAccessToken(ctx context.Context, requestID string) error
}

TokenRevocationStorage provides the storage implementation as specified in: https://tools.ietf.org/html/rfc7009

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.