Documentation ¶
Index ¶
- Variables
- func Auth(accessCheckFunction AccessCheckFunction, endpoints oauth2.Endpoint) gin.HandlerFunc
- func AuthChain(endpoints oauth2.Endpoint, accessCheckFunctions ...AccessCheckFunction) gin.HandlerFunc
- func Facebook(conf *oauth2.Config) macaron.Handler
- func Github(conf *oauth2.Config) macaron.Handler
- func Google(conf *oauth2.Config) macaron.Handler
- func HandleAuthorizeRequest(c *gin.Context)
- func HandleTokenRequest(c *gin.Context)
- func HandleTokenVerify(config ...Config) gin.HandlerFunc
- func Init(g *gin.RouterGroup)
- func InitServer(manager oauth2.Manager) *server.Server
- func LinkedIn(conf *oauth2.Config) macaron.Handler
- func NewOAuth2Provider(conf *oauth2.Config) macaron.Handler
- func RequestAuthInfo(t *oauth2.Token) ([]byte, error)
- func SetAccessTokenExpHandler(handler server.AccessTokenExpHandler)
- func SetAllowGetAccessRequest(allow bool)
- func SetAllowedGrantType(types ...oauth2.GrantType)
- func SetAllowedResponseType(types ...oauth2.ResponseType)
- func SetAuthorizeScopeHandler(handler server.AuthorizeScopeHandler)
- func SetClientAuthorizedHandler(handler server.ClientAuthorizedHandler)
- func SetClientInfoHandler(handler server.ClientInfoHandler)
- func SetClientScopeHandler(handler server.ClientScopeHandler)
- func SetExtensionFieldsHandler(handler server.ExtensionFieldsHandler)
- func SetInternalErrorHandler(handler server.InternalErrorHandler)
- func SetPasswordAuthorizationHandler(handler server.PasswordAuthorizationHandler)
- func SetRefreshingScopeHandler(handler server.RefreshingScopeHandler)
- func SetResponseErrorHandler(handler server.ResponseErrorHandler)
- func SetTokenType(tokenType string)
- func SetUserAuthorizationHandler(handler server.UserAuthorizationHandler)
- type AccessCheckFunction
- type Config
- type ErrorHandleFunc
- type TokenContainer
Constants ¶
This section is empty.
Variables ¶
var AuthInfoURL string
AuthInfoURL is the URL to get information of your token
var ( // DefaultConfig is the default middleware config. DefaultConfig = Config{ ErrorHandleFunc: func(ctx *gin.Context, err error) { ctx.AbortWithError(500, err) }, TokenKey: "github.com/go-oauth2/gin-server/access-token", Skipper: func(_ *gin.Context) bool { return false }, } )
var Transport = http.Transport{}
Transport to use for client http connections to AuthInfoURL
var VarianceTimer time.Duration = 30000 * time.Millisecond
VarianceTimer controls the max runtime of Auth() and AuthChain() middleware
Functions ¶
func Auth ¶
func Auth(accessCheckFunction AccessCheckFunction, endpoints oauth2.Endpoint) gin.HandlerFunc
Router middleware that can be used to get an authenticated and authorized service for the whole router group. Example:
var endpoints oauth2.Endpoint = oauth2.Endpoint{ AuthURL: "https://token.oauth2.corp.com/access_token", TokenURL: "https://oauth2.corp.com/corp/oauth2/tokeninfo", } var acl []ginoauth2.AccessTuple = []ginoauth2.AccessTuple{{"employee", 1070, "sszuecs"}, {"employee", 1114, "njuettner"}} router := gin.Default() private := router.Group("") private.Use(ginoauth2.Auth(ginoauth2.UidCheck, ginoauth2.endpoints)) private.GET("/api/private", func(c *gin.Context) { c.JSON(200, gin.H{"message": "Hello from private"}) })
func AuthChain ¶
func AuthChain(endpoints oauth2.Endpoint, accessCheckFunctions ...AccessCheckFunction) gin.HandlerFunc
AuthChain is a router middleware that can be used to get an authenticated and authorized service for the whole router group. Similar to Auth, but takes a chain of AccessCheckFunctions and only fails if all of them fails. Example:
var endpoints oauth2.Endpoint = oauth2.Endpoint{ AuthURL: "https://token.oauth2.corp.com/access_token", TokenURL: "https://oauth2.corp.com/corp/oauth2/tokeninfo", } var acl []ginoauth2.AccessTuple = []ginoauth2.AccessTuple{{"employee", 1070, "sszuecs"}, {"employee", 1114, "njuettner"}} router := gin.Default() private := router.Group("") checkChain := []AccessCheckFunction{ ginoauth2.UidCheck, ginoauth2.GroupCheck, } private.Use(ginoauth2.AuthChain(checkChain, ginoauth2.endpoints)) private.GET("/api/private", func(c *gin.Context) { c.JSON(200, gin.H{"message": "Hello from private"}) })
func Facebook ¶
func Facebook(conf *oauth2.Config) macaron.Handler
Facebook returns a new Facebook OAuth 2.0 backend endpoint.
func Github ¶
func Github(conf *oauth2.Config) macaron.Handler
Github returns a new Github OAuth 2.0 backend endpoint.
func Google ¶
func Google(conf *oauth2.Config) macaron.Handler
Google returns a new Google OAuth 2.0 backend endpoint.
func HandleAuthorizeRequest ¶
HandleAuthorizeRequest the authorization request handling
func HandleTokenRequest ¶
HandleTokenRequest token request handling
func HandleTokenVerify ¶
func HandleTokenVerify(config ...Config) gin.HandlerFunc
HandleTokenVerify Verify the access token of the middleware
func Init ¶
func Init(g *gin.RouterGroup)
func InitServer ¶
InitServer Initialize the service
func LinkedIn ¶
func LinkedIn(conf *oauth2.Config) macaron.Handler
LinkedIn returns a new LinkedIn OAuth 2.0 backend endpoint.
func NewOAuth2Provider ¶
func NewOAuth2Provider(conf *oauth2.Config) macaron.Handler
NewOAuth2Provider returns a generic OAuth 2.0 backend endpoint.
func SetAccessTokenExpHandler ¶
func SetAccessTokenExpHandler(handler server.AccessTokenExpHandler)
SetAccessTokenExpHandler set expiration date for the access token
func SetAllowGetAccessRequest ¶
func SetAllowGetAccessRequest(allow bool)
SetAllowGetAccessRequest to allow GET requests for the token
func SetAllowedGrantType ¶
func SetAllowedGrantType(types ...oauth2.GrantType)
SetAllowedGrantType allow the grant types
func SetAllowedResponseType ¶
func SetAllowedResponseType(types ...oauth2.ResponseType)
SetAllowedResponseType allow the authorization types
func SetAuthorizeScopeHandler ¶
func SetAuthorizeScopeHandler(handler server.AuthorizeScopeHandler)
SetAuthorizeScopeHandler set scope for the access token
func SetClientAuthorizedHandler ¶
func SetClientAuthorizedHandler(handler server.ClientAuthorizedHandler)
SetClientAuthorizedHandler check the client allows to use this authorization grant type
func SetClientInfoHandler ¶
func SetClientInfoHandler(handler server.ClientInfoHandler)
SetClientInfoHandler get client info from request
func SetClientScopeHandler ¶
func SetClientScopeHandler(handler server.ClientScopeHandler)
SetClientScopeHandler check the client allows to use scope
func SetExtensionFieldsHandler ¶
func SetExtensionFieldsHandler(handler server.ExtensionFieldsHandler)
SetExtensionFieldsHandler in response to the access token with the extension of the field
func SetInternalErrorHandler ¶
func SetInternalErrorHandler(handler server.InternalErrorHandler)
SetInternalErrorHandler internal error handling
func SetPasswordAuthorizationHandler ¶
func SetPasswordAuthorizationHandler(handler server.PasswordAuthorizationHandler)
SetPasswordAuthorizationHandler get user id from username and password
func SetRefreshingScopeHandler ¶
func SetRefreshingScopeHandler(handler server.RefreshingScopeHandler)
SetRefreshingScopeHandler check the scope of the refreshing token
func SetResponseErrorHandler ¶
func SetResponseErrorHandler(handler server.ResponseErrorHandler)
SetResponseErrorHandler response error handling
func SetUserAuthorizationHandler ¶
func SetUserAuthorizationHandler(handler server.UserAuthorizationHandler)
SetUserAuthorizationHandler get user id from request authorization
Types ¶
type AccessCheckFunction ¶
type AccessCheckFunction func(tc *TokenContainer, ctx *gin.Context) bool
AccessCheckFunction is a function that checks if a given token grants access.
type Config ¶
type Config struct { // error handling when starting the session ErrorHandleFunc ErrorHandleFunc // keys stored in the context TokenKey string // defines a function to skip middleware.Returning true skips processing // the middleware. Skipper func(*gin.Context) bool }
Config defines the config for Session middleware
type ErrorHandleFunc ¶
ErrorHandleFunc error handling function
type TokenContainer ¶
type TokenContainer struct { Token *oauth2.Token Scopes map[string]interface{} // LDAP record vom Benutzer (cn, .. GrantType string // password, ?? Realm string // services, employees }
TokenContainer stores all relevant token information
func GetTokenContainer ¶
func GetTokenContainer(token *oauth2.Token) (*TokenContainer, error)
func ParseTokenContainer ¶
func ParseTokenContainer(t *oauth2.Token, data map[string]interface{}) (*TokenContainer, error)
func (*TokenContainer) Valid ¶
func (t *TokenContainer) Valid() bool
TokenContainer
Validates that the AccessToken within TokenContainer is not expired and not empty.