Documentation
¶
Overview ¶
Package userinfo provide auth strategy to authenticate, incoming HTTP requests using the oauth2/openid userinfo endpoint, as defined in OpenID Connect https://openid.net/specs/openid-connect-core-1_0.html#UserInfo. This authentication strategy makes it easy to introduce apps, into a oauth2 authorization framework to be used by resource servers or other internal servers.
Example ¶
package main
import (
"fmt"
"net/http"
"net/http/httptest"
"github.com/shaj13/libcache"
"github.com/shaj13/go-guardian/v2/auth/strategies/oauth2/userinfo"
_ "github.com/shaj13/libcache/lru"
)
func main() {
srv := AuthrizationServer()
opt := userinfo.SetHTTPClient(srv.Client())
strategy := userinfo.New(srv.URL, libcache.LRU.New(0), opt)
r, _ := http.NewRequest("GET", "/protected/resource", nil)
r.Header.Set("Authorization", "Bearer <oauth2-token>")
info, err := strategy.Authenticate(r.Context(), r)
fmt.Println(info.GetUserName(), err)
}
func AuthrizationServer() *httptest.Server {
h := func(w http.ResponseWriter, r *http.Request) {
const body = `
{
"preferred_username": "jdoe",
"sub": "Z5O3upPC88QrAjx00dis",
"extension_field": "twenty-seven"
}
`
w.WriteHeader(200)
w.Write([]byte(body))
}
return httptest.NewServer(http.HandlerFunc(h))
}
Output: jdoe <nil>
Index ¶
- func GetAuthenticateFunc(addr string, opts ...auth.Option) token.AuthenticateFunc
- func New(addr string, c auth.Cache, opts ...auth.Option) auth.Strategy
- func SetClaimResolver(c oauth2.ClaimsResolver) auth.Option
- func SetClientTransport(rt http.RoundTripper) auth.Option
- func SetErrorResolver(e oauth2.ErrorResolver) auth.Option
- func SetHTTPClient(c *http.Client) auth.Option
- func SetHTTPMethod(method string) auth.Option
- func SetTLSConfig(tls *tls.Config) auth.Option
- func SetVerifyOptions(opts claims.VerifyOptions) auth.Option
- type AddressClaim
- type Claims
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GetAuthenticateFunc ¶
func GetAuthenticateFunc(addr string, opts ...auth.Option) token.AuthenticateFunc
GetAuthenticateFunc return function to authenticate request using oauth2/openid userinfo endpoint. The returned function typically used with the token strategy.
func New ¶
New return strategy authenticate request using oauth2/openid userinfo endpoint.
New is similar to:
fn := userinfo.GetAuthenticateFunc(addr, opts...) token.New(fn, cache, opts...)
func SetClaimResolver ¶
func SetClaimResolver(c oauth2.ClaimsResolver) auth.Option
SetClaimResolver sets the introspection strategy ClaimResolver to resolve the authorization claim response. Default: introspection.Claim
Example ¶
package main
import (
"errors"
"fmt"
"net/http"
"net/http/httptest"
"github.com/shaj13/libcache"
"github.com/shaj13/go-guardian/v2/auth"
"github.com/shaj13/go-guardian/v2/auth/claims"
"github.com/shaj13/go-guardian/v2/auth/strategies/oauth2"
"github.com/shaj13/go-guardian/v2/auth/strategies/oauth2/userinfo"
_ "github.com/shaj13/libcache/lru"
)
type ExampleClaims struct {
ExtensionField string `json:"extension_field"`
*userinfo.Claims
}
func (c ExampleClaims) New() oauth2.ClaimsResolver {
claim := userinfo.Claims{}.New().(*userinfo.Claims)
return &ExampleClaims{Claims: claim}
}
func (c ExampleClaims) Resolve() auth.Info {
return c
}
func (c ExampleClaims) Verify(opts claims.VerifyOptions) error {
if v, ok := opts.Extra["extension_field"]; ok {
str, ok := v.(string)
if !ok {
panic("Expected VerifyOptions.extension_field of type string")
}
if str != c.ExtensionField {
return errors.New("ExampleClaim: Invalid ExtensionField")
}
}
return nil
}
func main() {
srv := AuthrizationServer()
opt := userinfo.SetClaimResolver(new(ExampleClaims))
strategy := userinfo.New(srv.URL, libcache.LRU.New(0), opt)
r, _ := http.NewRequest("GEt", "/protected/resource", nil)
r.Header.Set("Authorization", "Bearer <oauth2-token>")
info, err := strategy.Authenticate(r.Context(), r)
fmt.Println(info.(ExampleClaims).ExtensionField, err)
}
func AuthrizationServer() *httptest.Server {
h := func(w http.ResponseWriter, r *http.Request) {
const body = `
{
"preferred_username": "jdoe",
"sub": "Z5O3upPC88QrAjx00dis",
"extension_field": "twenty-seven"
}
`
w.WriteHeader(200)
w.Write([]byte(body))
}
return httptest.NewServer(http.HandlerFunc(h))
}
Output: twenty-seven <nil>
func SetClientTransport ¶
func SetClientTransport(rt http.RoundTripper) auth.Option
SetClientTransport sets underlying http client transport.
func SetErrorResolver ¶
func SetErrorResolver(e oauth2.ErrorResolver) auth.Option
SetErrorResolver sets the introspection strategy ErrorResolver to resolve the authorization error response. Default: oauth2.ResponseError
func SetHTTPClient ¶
SetHTTPClient sets underlying http client.
func SetHTTPMethod ¶
SetHTTPMethod sets http request's method. Default Get.
func SetTLSConfig ¶
SetTLSConfig sets underlying http client tls.
func SetVerifyOptions ¶
func SetVerifyOptions(opts claims.VerifyOptions) auth.Option
SetVerifyOptions sets the introspection strategy to verify authorization response.
Types ¶
type AddressClaim ¶
type AddressClaim struct {
Formatted string `json:"formatted,omitempty"`
StreetAddress string `json:"street_address,omitempty"`
Locality string `json:"locality,omitempty"`
Region string `json:"region,omitempty"`
PostalCode string `json:"postal_code,omitempty"`
Country string `json:"country,omitempty"`
}
AddressClaim represents a physical mailing address as defined in OpenID https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim.
type Claims ¶
type Claims struct {
Subject string `json:"sub,omitempty"`
Name string `json:"name,omitempty"`
GivenName string `json:"given_name,omitempty"`
FamilyName string `json:"family_name,omitempty"`
MiddleName string `json:"middle_name,omitempty"`
NickName string `json:"nickname,omitempty"`
PreferredUsername string `json:"preferred_username,omitempty"`
Profile string `json:"profile,omitempty"`
Picture string `json:"picture,omitempty"`
Website string `json:"website,omitempty"`
Email string `json:"email,omitempty"`
Gender string `json:"gender,omitempty"`
Birthdate string `json:"birthdate,omitempty"`
ZoneInfo string `json:"zoneinfo,omitempty"`
Locale string `json:"locale,omitempty"`
PhoneNumber string `json:"phone_number,omitempty"`
PhoneNumberVerified bool `json:"phone_number_verified,omitempty"`
EmailVerified bool `json:"email_verified,omitempty"`
Address AddressClaim `json:"address,omitempty"`
UpdatedAT *claims.Time `json:"updated_at,omitempty"`
auth.Info
}
Claims represents standard claims as defined in OpenID https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims. Claims implements auth.Info and oauth2.ClaimsResolver.
func (Claims) GetUserName ¶
GetUserName return's c.Info.GetUserName if exist, Otherwise, it return c.PreferredUsername or c.Email.
func (Claims) New ¶
func (c Claims) New() oauth2.ClaimsResolver
New return's a new Claims as oauth2.ClaimsResolver.
Source Files