Documentation ¶
Overview ¶
Package oauth provides implementations for an OAuth 2.0 server.
Index ¶
- Constants
- func AuthClient(adapter TokenAdapter, c *TokenContext) (*ClientEntry, *Error)
- func ErrorDescription(code string) string
- func ErrorStatus(code string) int
- func HandlerClient(adapter TokenAdapter, c *TokenContext) (*TokenResponse, *Error)
- func HandlerPassword(adapter TokenAdapter, c *TokenContext) (*TokenResponse, *Error)
- func HandlerRefresh(adapter TokenAdapter, c *TokenContext) (*TokenResponse, *Error)
- type ClientEntry
- type Error
- type ErrorBuilder
- type TokenAdapter
- type TokenContext
- type TokenHandlerFunc
- type TokenResponse
- type TokenService
Constants ¶
const ( // RFC6749ErrorResponseURI defines URI for documentation of error responses // from Auth 2.0 documentation. RFC6749ErrorResponseURI = "http://tools.ietf.org/html/rfc6749#section-5.2" // CodeInvalidClient defines error code when client authentication failed. CodeInvalidClient = "invalid_client" // CodeInvalidGrant defines error code when provided authorization grant or // refresh token is invalid. CodeInvalidGrant = "invalid_grant" // CodeInvalidRequest defines error code when the request has any error on // parameter or is malformed. CodeInvalidRequest = "invalid_request" // CodeInvalidScope defines error code when has any error related to scope. CodeInvalidScope = "invalid_scope" // authorization. CodeUnauthorizedClient = "unauthorized_client" // CodeUnsupportedGrantType defines error code when the authorization grant // type is not supported. CodeUnsupportedGrantType = "unsupported_grant_type" )
const ( // FormClientID defines the form's key name to define client identifier. FormClientID = "client_id" // FormKeyCode defines the form's key name to define authorization code. FormKeyCode = "code" // FormKeyGrantType defines the form's key name to define grant type. FormKeyGrantType = "grant_type" // FormKeyPassword defines the form's key name to define user password. FormKeyPassword = "password" // FormKeyRedirect defines the form's key name to define redirection // endpoint. FormKeyRedirect = "redirect_uri" // FormKeyRefreshToken defines the form's key name to define refresh token. FormKeyRefreshToken = "refresh_token" // FormKeyScope defines the form's key name to define client scopes. FormKeyScope = "scope" // FormKeyState defines the form's key name to define session nonce. FormKeyState = "state" // FormKeyUsername defines the form's key name to define user name. FormKeyUsername = "username" )
const BearerTokenType = "Bearer"
BearerTokenType defines the token type for Bearer usage (RFC 6750).
const GrantTypeClient = "client_credentials"
GrantTypeClient defines the code for Client Credentials Grant authentication.
const GrantTypeCode = "authorization_code"
GrantTypeCode defines the code for Authorization Code Grant authentication.
const GrantTypePassword = "password"
GrantTypePassword defines the code for Resource Owner Password Credentials Grant authentication.
const GrantTypeRefresh = "refresh_token"
GrantTypeRefresh defines the code for Refresh Access Token authentication.
Variables ¶
This section is empty.
Functions ¶
func AuthClient ¶
func AuthClient(adapter TokenAdapter, c *TokenContext, ) (*ClientEntry, *Error)
AuthClient validates client authentication and authorization.
func ErrorDescription ¶
ErrorDescription returns an error description for error code.
func ErrorStatus ¶
ErrorStatus returns a HTTP status code for error code.
func HandlerClient ¶
func HandlerClient(adapter TokenAdapter, c *TokenContext) (*TokenResponse, *Error)
HandlerClient handles Client Credential Grant for TokenService.
func HandlerPassword ¶
func HandlerPassword(adapter TokenAdapter, c *TokenContext) (*TokenResponse, *Error)
HandlerPassword handles Resource Owner Password Credentials Grant for TokenService.
func HandlerRefresh ¶
func HandlerRefresh(adapter TokenAdapter, c *TokenContext) (*TokenResponse, *Error)
HandlerRefresh handles Refresh Access Token for TokenService.
Types ¶
type ClientEntry ¶
type ClientEntry struct { ClientID string `bson:"_id" json:"client_id"` ClientSecret string `bson:"secret" json:"client_secret,omitempty"` ClientType string `bson:"type" json:"client_type"` RedirectUris []string `bson:"redirs" json:"redirect_uris"` JavascriptOrigins []string `bson:"origins" json:"javascript_origins"` AllowedGrants []string `bson:"grants" json:"allowed_grants"` AllowedScopes []string `bson:"scopes" json:"allowed_scopes"` }
A ClientEntry represents a record for client credentials and authorizations.
func (*ClientEntry) MarshalJSON ¶
func (mj *ClientEntry) MarshalJSON() ([]byte, error)
func (*ClientEntry) MarshalJSONBuf ¶
func (mj *ClientEntry) MarshalJSONBuf(buf fflib.EncodingBuffer) error
func (*ClientEntry) UnmarshalJSON ¶
func (uj *ClientEntry) UnmarshalJSON(input []byte) error
func (*ClientEntry) UnmarshalJSONFFLexer ¶
func (uj *ClientEntry) UnmarshalJSONFFLexer(fs *fflib.FFLexer, state fflib.FFParseState) error
type Error ¶
type Error struct { Code string `json:"error"` Description string `json:"error_description,omitempty"` URI string `json:"error_uri,omitempty"` // HTTP status code. Status int `json:"-"` }
An Error represents an OAuth 2.0 error response.
func (*Error) MarshalJSON ¶
func (*Error) MarshalJSONBuf ¶
func (mj *Error) MarshalJSONBuf(buf fflib.EncodingBuffer) error
func (*Error) UnmarshalJSON ¶
func (*Error) UnmarshalJSONFFLexer ¶
type ErrorBuilder ¶
type ErrorBuilder interface { // Build creates and returns a new Error. Build() Error // InvalidRequest sets current error to invalid request error. InvalidRequest() ErrorBuilder // InvalidClient sets current error to invalid client error. InvalidClient() ErrorBuilder // InvalidClientCredentials sets current error to invalid client // credentials error. InvalidClientCredentials() ErrorBuilder // InvalidGrant sets current error to invalid grant error. InvalidGrant() ErrorBuilder // InvalidRefreshToken sets current error to invalid refresh token error. InvalidRefreshToken() ErrorBuilder // InvalidScope sets current error to invalid scope error. InvalidScope() ErrorBuilder // InvalidUserCredential sets current error to invalid user credentials // error. InvalidUserCredentials(username string) ErrorBuilder // MissingClientCredentials sets current error to missing client // credentials error. MissingClientCredentials() ErrorBuilder // SetDescription sets the description for current error. SetDescription(string) ErrorBuilder // SetStatus sets the HTTP status for current error. SetStatus(int) ErrorBuilder // SetUri sets the URI for current error. SetURI(string) ErrorBuilder UnauthorizedClient() ErrorBuilder // UnsupportedGrantType sets current error to unsupported grant type error. UnsupportedGrantType() ErrorBuilder }
An ErrorBuilder provides methods to construct a new Error.
type TokenAdapter ¶
type TokenAdapter interface { // FindClient gets the client information if valid. FindClient(c *TokenContext) *ClientEntry // NewAccessToken creates and returns a new access token. NewAccessToken(c *TokenContext) *TokenResponse // ValidateRefresh validate provided refresh token. ValidateRefresh(c *TokenContext) bool // ValidateUser validate resource owner credentials for password grant type. ValidateUser(c *TokenContext) bool }
A TokenAdapter provides an adapter for token management.
type TokenContext ¶
type TokenContext struct { GrantType string Scope string State string Code string RedirectURI string ClientID string Username string Password string RefreshToken string HTTPUser string HTTPSecret string Client *ClientEntry Values map[string]interface{} }
A TokenContext represents an object to pass variables between TokenHandler and TokenProvider methods.
func (TokenContext) ScopeList ¶
func (s TokenContext) ScopeList() []string
ScopeList returns scope split by its spaces.
type TokenHandlerFunc ¶
type TokenHandlerFunc func(TokenAdapter, *TokenContext) (*TokenResponse, *Error)
A TokenHandlerFunc represents a function that handle a grant type for TokenService.
type TokenResponse ¶
type TokenResponse struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type"` ExpiresIn int `json:"expires_in,omitempty"` RefreshToken string `json:"refresh_token,omitempty"` Scope string `json:"scope,omitempty"` State string `json:"state,omitempty"` }
A TokenResponse represents a OAuth response that carry a new access token.
func NewTokenResponse ¶
func NewTokenResponse( accessToken string, tokenType string, expiresIn int, refreshToken string, scope string, state string, ) TokenResponse
NewTokenResponse creates a new instance of TokenResponse.
func (*TokenResponse) MarshalJSON ¶
func (mj *TokenResponse) MarshalJSON() ([]byte, error)
func (*TokenResponse) MarshalJSONBuf ¶
func (mj *TokenResponse) MarshalJSONBuf(buf fflib.EncodingBuffer) error
func (*TokenResponse) UnmarshalJSON ¶
func (uj *TokenResponse) UnmarshalJSON(input []byte) error
func (*TokenResponse) UnmarshalJSONFFLexer ¶
func (uj *TokenResponse) UnmarshalJSONFFLexer(fs *fflib.FFLexer, state fflib.FFParseState) error
type TokenService ¶
type TokenService struct {
// contains filtered or unexported fields
}
A TokenService provides token management for OAuth 2.0 server.
func NewTokenService ¶
func NewTokenService(ta TokenAdapter, grantTypes ...string) *TokenService
NewTokenService creates a new instance of TokenService and pre-loads specified handlers.
func (*TokenService) AccessTokenRequest ¶
func (svc *TokenService) AccessTokenRequest(context *TokenContext, ) (*TokenResponse, *Error)
AccessTokenRequest receives a request to create a new access token.
func (*TokenService) SetHandler ¶
func (svc *TokenService) SetHandler(grantType string, handler TokenHandlerFunc)
SetHandler register a new handler for specified grant type.
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
Package oauthtest provides mocking to test oauth package.
|
Package oauthtest provides mocking to test oauth package. |
transport
|
|
ginhttp
Package ginhttp provides an HTTP handler for an OAuth 2.0 server (gin-gonic/gin).
|
Package ginhttp provides an HTTP handler for an OAuth 2.0 server (gin-gonic/gin). |
http
Package http provides an HTTP handler for an OAuth 2.0 server.
|
Package http provides an HTTP handler for an OAuth 2.0 server. |