Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AccessTokenJWTToRequest

func AccessTokenJWTToRequest(token *jwtx.Token) fosite.Requester

    AccessTokenJWTToRequest tries to reconstruct fosite.Request from a JWT.

    Types

    type AccessTokenStorage

    type AccessTokenStorage interface {
    	CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)
    
    	GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)
    
    	DeleteAccessTokenSession(ctx context.Context, signature string) (err error)
    }

    type AccessTokenStrategy

    type AccessTokenStrategy interface {
    	AccessTokenSignature(token string) string
    	GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
    	ValidateAccessToken(ctx context.Context, requester fosite.Requester, token string) (err error)
    }

    type AuthorizeCodeStorage

    type AuthorizeCodeStorage interface {
    	// GetAuthorizeCodeSession stores the authorization request for a given authorization code.
    	CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error)
    
    	// GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request.
    	// If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this
    	// method should return the ErrInvalidatedAuthorizeCode error.
    	//
    	// Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error!
    	GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error)
    
    	// InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization
    	// code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the
    	// ErrInvalidatedAuthorizeCode error.
    	InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error)
    }

      AuthorizeCodeStorage handles storage requests related to authorization codes.

      type AuthorizeCodeStrategy

      type AuthorizeCodeStrategy interface {
      	AuthorizeCodeSignature(token string) string
      	GenerateAuthorizeCode(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
      	ValidateAuthorizeCode(ctx context.Context, requester fosite.Requester, token string) (err error)
      }

      type AuthorizeExplicitGrantHandler

      type AuthorizeExplicitGrantHandler struct {
      	AccessTokenStrategy   AccessTokenStrategy
      	RefreshTokenStrategy  RefreshTokenStrategy
      	AuthorizeCodeStrategy AuthorizeCodeStrategy
      	CoreStorage           CoreStorage
      
      	// AuthCodeLifespan defines the lifetime of an authorize code.
      	AuthCodeLifespan time.Duration
      
      	// AccessTokenLifespan defines the lifetime of an access token.
      	AccessTokenLifespan time.Duration
      
      	// RefreshTokenLifespan defines the lifetime of a refresh token. Leave to 0 for unlimited lifetime.
      	RefreshTokenLifespan time.Duration
      
      	ScopeStrategy            fosite.ScopeStrategy
      	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
      
      	// SanitationWhiteList is a whitelist of form values that are required by the token endpoint. These values
      	// are safe for storage in a database (cleartext).
      	SanitationWhiteList []string
      
      	TokenRevocationStorage TokenRevocationStorage
      
      	IsRedirectURISecure func(*url.URL) bool
      
      	RefreshTokenScopes []string
      }

        AuthorizeExplicitGrantTypeHandler is a response handler for the Authorize Code grant using the explicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.1

        func (*AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest

        func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

        func (*AuthorizeExplicitGrantHandler) CanSkipClientAuth

        func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

        func (*AuthorizeExplicitGrantHandler) GetSanitationWhiteList

        func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string

        func (*AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest

        func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

        func (*AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest

        func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

          HandleTokenEndpointRequest implements * https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything)

          func (*AuthorizeExplicitGrantHandler) IssueAuthorizeCode

          func (*AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse

          func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

          type AuthorizeImplicitGrantTypeHandler

          type AuthorizeImplicitGrantTypeHandler struct {
          	AccessTokenStrategy AccessTokenStrategy
          
          	// AccessTokenStorage is used to persist session data across requests.
          	AccessTokenStorage AccessTokenStorage
          
          	// AccessTokenLifespan defines the lifetime of an access token.
          	AccessTokenLifespan time.Duration
          
          	ScopeStrategy            fosite.ScopeStrategy
          	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
          }

            AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.2

            func (*AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest

            func (*AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken

            type ClientCredentialsGrantHandler

            type ClientCredentialsGrantHandler struct {
            	*HandleHelper
            	ScopeStrategy            fosite.ScopeStrategy
            	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
            }

            func (*ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest

            func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

            func (*ClientCredentialsGrantHandler) CanSkipClientAuth

            func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

            func (*ClientCredentialsGrantHandler) HandleTokenEndpointRequest

            func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error

              IntrospectTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.4.2

              func (*ClientCredentialsGrantHandler) PopulateTokenEndpointResponse

              func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error

                PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.4.3

                type ClientCredentialsGrantStorage

                type ClientCredentialsGrantStorage interface {
                	AccessTokenStorage
                }

                type CoreValidator

                type CoreValidator struct {
                	CoreStrategy
                	CoreStorage
                	ScopeStrategy                 fosite.ScopeStrategy
                	DisableRefreshTokenValidation bool
                }

                func (*CoreValidator) IntrospectToken

                func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)

                type DefaultJWTStrategy

                type DefaultJWTStrategy struct {
                	jwt.JWTStrategy
                	HMACSHAStrategy *HMACSHAStrategy
                	Issuer          string
                	ScopeField      jwt.JWTScopeFieldEnum
                }

                  DefaultJWTStrategy is a JWT RS256 strategy.

                  func (DefaultJWTStrategy) AccessTokenSignature

                  func (h DefaultJWTStrategy) AccessTokenSignature(token string) string

                  func (DefaultJWTStrategy) AuthorizeCodeSignature

                  func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string

                  func (*DefaultJWTStrategy) GenerateAccessToken

                  func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)

                  func (*DefaultJWTStrategy) GenerateAuthorizeCode

                  func (h *DefaultJWTStrategy) GenerateAuthorizeCode(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

                  func (*DefaultJWTStrategy) GenerateRefreshToken

                  func (h *DefaultJWTStrategy) GenerateRefreshToken(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

                  func (DefaultJWTStrategy) RefreshTokenSignature

                  func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string

                  func (*DefaultJWTStrategy) ValidateAccessToken

                  func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error

                  func (*DefaultJWTStrategy) ValidateAuthorizeCode

                  func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosite.Requester, token string) error

                  func (*DefaultJWTStrategy) ValidateRefreshToken

                  func (h *DefaultJWTStrategy) ValidateRefreshToken(ctx context.Context, req fosite.Requester, token string) error

                  func (*DefaultJWTStrategy) WithIssuer

                  func (h *DefaultJWTStrategy) WithIssuer(issuer string) *DefaultJWTStrategy

                  func (*DefaultJWTStrategy) WithScopeField

                  func (h *DefaultJWTStrategy) WithScopeField(scopeField jwt.JWTScopeFieldEnum) *DefaultJWTStrategy

                  type HMACSHAStrategy

                  type HMACSHAStrategy struct {
                  	Enigma                *enigma.HMACStrategy
                  	AccessTokenLifespan   time.Duration
                  	RefreshTokenLifespan  time.Duration
                  	AuthorizeCodeLifespan time.Duration
                  }

                  func (HMACSHAStrategy) AccessTokenSignature

                  func (h HMACSHAStrategy) AccessTokenSignature(token string) string

                  func (HMACSHAStrategy) AuthorizeCodeSignature

                  func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string

                  func (HMACSHAStrategy) GenerateAccessToken

                  func (h HMACSHAStrategy) GenerateAccessToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

                  func (HMACSHAStrategy) GenerateAuthorizeCode

                  func (h HMACSHAStrategy) GenerateAuthorizeCode(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

                  func (HMACSHAStrategy) GenerateRefreshToken

                  func (h HMACSHAStrategy) GenerateRefreshToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

                  func (HMACSHAStrategy) RefreshTokenSignature

                  func (h HMACSHAStrategy) RefreshTokenSignature(token string) string

                  func (HMACSHAStrategy) ValidateAccessToken

                  func (h HMACSHAStrategy) ValidateAccessToken(_ context.Context, r fosite.Requester, token string) (err error)

                  func (HMACSHAStrategy) ValidateAuthorizeCode

                  func (h HMACSHAStrategy) ValidateAuthorizeCode(_ context.Context, r fosite.Requester, token string) (err error)

                  func (HMACSHAStrategy) ValidateRefreshToken

                  func (h HMACSHAStrategy) ValidateRefreshToken(_ context.Context, r fosite.Requester, token string) (err error)

                  type HandleHelper

                  type HandleHelper struct {
                  	AccessTokenStrategy  AccessTokenStrategy
                  	AccessTokenStorage   AccessTokenStorage
                  	AccessTokenLifespan  time.Duration
                  	RefreshTokenLifespan time.Duration
                  }

                  func (*HandleHelper) IssueAccessToken

                  func (h *HandleHelper) IssueAccessToken(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

                  type JWTSession

                  type JWTSession struct {
                  	JWTClaims *jwt.JWTClaims
                  	JWTHeader *jwt.Headers
                  	ExpiresAt map[fosite.TokenType]time.Time
                  	Username  string
                  	Subject   string
                  }

                    JWTSession Container for the JWT session.

                    func (*JWTSession) Clone

                    func (j *JWTSession) Clone() fosite.Session

                    func (*JWTSession) GetExpiresAt

                    func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time

                    func (*JWTSession) GetJWTClaims

                    func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer

                    func (*JWTSession) GetJWTHeader

                    func (j *JWTSession) GetJWTHeader() *jwt.Headers

                    func (*JWTSession) GetSubject

                    func (j *JWTSession) GetSubject() string

                    func (*JWTSession) GetUsername

                    func (j *JWTSession) GetUsername() string

                    func (*JWTSession) SetExpiresAt

                    func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)

                    func (*JWTSession) SetSubject

                    func (j *JWTSession) SetSubject(subject string)

                    type JWTSessionContainer

                    type JWTSessionContainer interface {
                    	// GetJWTClaims returns the claims.
                    	GetJWTClaims() jwt.JWTClaimsContainer
                    
                    	// GetJWTHeader returns the header.
                    	GetJWTHeader() *jwt.Headers
                    
                    	fosite.Session
                    }

                    type RefreshTokenGrantHandler

                    type RefreshTokenGrantHandler struct {
                    	AccessTokenStrategy    AccessTokenStrategy
                    	RefreshTokenStrategy   RefreshTokenStrategy
                    	TokenRevocationStorage TokenRevocationStorage
                    
                    	// AccessTokenLifespan defines the lifetime of an access token.
                    	AccessTokenLifespan time.Duration
                    
                    	// RefreshTokenLifespan defines the lifetime of a refresh token.
                    	RefreshTokenLifespan time.Duration
                    
                    	ScopeStrategy            fosite.ScopeStrategy
                    	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
                    	RefreshTokenScopes       []string
                    }

                    func (*RefreshTokenGrantHandler) CanHandleTokenEndpointRequest

                    func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

                    func (*RefreshTokenGrantHandler) CanSkipClientAuth

                    func (c *RefreshTokenGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

                    func (*RefreshTokenGrantHandler) HandleTokenEndpointRequest

                    func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

                      HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-6

                      func (*RefreshTokenGrantHandler) PopulateTokenEndpointResponse

                      func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

                        PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-6

                        type RefreshTokenStorage

                        type RefreshTokenStorage interface {
                        	CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)
                        
                        	GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)
                        
                        	DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)
                        }

                        type RefreshTokenStrategy

                        type RefreshTokenStrategy interface {
                        	RefreshTokenSignature(token string) string
                        	GenerateRefreshToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
                        	ValidateRefreshToken(ctx context.Context, requester fosite.Requester, token string) (err error)
                        }

                        type ResourceOwnerPasswordCredentialsGrantHandler

                        type ResourceOwnerPasswordCredentialsGrantHandler struct {
                        	// ResourceOwnerPasswordCredentialsGrantStorage is used to persist session data across requests.
                        	ResourceOwnerPasswordCredentialsGrantStorage ResourceOwnerPasswordCredentialsGrantStorage
                        
                        	RefreshTokenStrategy     RefreshTokenStrategy
                        	ScopeStrategy            fosite.ScopeStrategy
                        	AudienceMatchingStrategy fosite.AudienceMatchingStrategy
                        	RefreshTokenScopes       []string
                        
                        	*HandleHelper
                        }

                        func (*ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest

                        func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

                        func (*ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth

                        func (*ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest

                        func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

                          HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.3.2

                          func (*ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse

                          func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

                            PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.3.3

                            type ResourceOwnerPasswordCredentialsGrantStorage

                            type ResourceOwnerPasswordCredentialsGrantStorage interface {
                            	Authenticate(ctx context.Context, name string, secret string) error
                            	AccessTokenStorage
                            	RefreshTokenStorage
                            }

                            type StatelessJWTValidator

                            type StatelessJWTValidator struct {
                            	jwt.JWTStrategy
                            	ScopeStrategy fosite.ScopeStrategy
                            }

                            func (*StatelessJWTValidator) IntrospectToken

                            func (v *StatelessJWTValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)

                            type TokenRevocationHandler

                            type TokenRevocationHandler struct {
                            	TokenRevocationStorage TokenRevocationStorage
                            	RefreshTokenStrategy   RefreshTokenStrategy
                            	AccessTokenStrategy    AccessTokenStrategy
                            }

                            func (*TokenRevocationHandler) RevokeToken

                            func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error

                              RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.

                              type TokenRevocationStorage

                              type TokenRevocationStorage interface {
                              	RefreshTokenStorage
                              	AccessTokenStorage
                              
                              	// RevokeRefreshToken revokes a refresh token as specified in:
                              	// https://tools.ietf.org/html/rfc7009#section-2.1
                              	// If the particular
                              	// token is a refresh token and the authorization server supports the
                              	// revocation of access tokens, then the authorization server SHOULD
                              	// also invalidate all access tokens based on the same authorization
                              	// grant (see Implementation Note).
                              	RevokeRefreshToken(ctx context.Context, requestID string) error
                              
                              	// RevokeAccessToken revokes an access token as specified in:
                              	// https://tools.ietf.org/html/rfc7009#section-2.1
                              	// If the token passed to the request
                              	// is an access token, the server MAY revoke the respective refresh
                              	// token as well.
                              	RevokeAccessToken(ctx context.Context, requestID string) error
                              }

                                TokenRevocationStorage provides the storage implementation as specified in: https://tools.ietf.org/html/rfc7009