oauth

package
v0.0.0-...-4ae6852 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 25, 2025 License: AGPL-3.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Attach 

func Attach(mux goahttp.Muxer, service *Service)

func ClientInfoCacheKey 

func ClientInfoCacheKey(mcpURL string, clientID string) string

func GrantCacheKey 

func GrantCacheKey(toolsetId uuid.UUID, code string) string

func TokenCacheKey 

func TokenCacheKey(toolsetID uuid.UUID, token string) string

Types

type AuthorizationRequest 

type AuthorizationRequest struct {
	ResponseType        string `json:"response_type"`
	ClientID            string `json:"client_id"`
	RedirectURI         string `json:"redirect_uri"`
	Scope               string `json:"scope"`
	State               string `json:"state"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
	Nonce               string `json:"nonce"`
}

AuthorizationRequest represents an OAuth authorization request

type ClientInfo 

type ClientInfo struct {
	MCPURL                  string    `json:"mcp_url"`
	ClientID                string    `json:"client_id"`
	ClientSecret            string    `json:"client_secret"`
	ClientSecretExpiresAt   int64     `json:"client_secret_expires_at"`
	ClientName              string    `json:"client_name"`
	RedirectURIs            []string  `json:"redirect_uris"`
	GrantTypes              []string  `json:"grant_types"`
	ResponseTypes           []string  `json:"response_types"`
	Scope                   string    `json:"scope"`
	TokenEndpointAuthMethod string    `json:"token_endpoint_auth_method"`
	ApplicationType         string    `json:"application_type"`
	CreatedAt               time.Time `json:"created_at"`
	UpdatedAt               time.Time `json:"updated_at"`
}

ClientInfo represents an OAuth client registration

type ClientRegistrationService 

type ClientRegistrationService struct {
	// contains filtered or unexported fields
}

ClientRegistrationService handles OAuth Dynamic Client Registration

func NewClientRegistrationService 

func NewClientRegistrationService(cacheImpl cache.Cache, logger *slog.Logger) *ClientRegistrationService

func (*ClientRegistrationService) GetClient 

func (s *ClientRegistrationService) GetClient(ctx context.Context, mcpURL string, clientID string) (*ClientInfo, error)

func (*ClientRegistrationService) IsValidRedirectURI 

func (s *ClientRegistrationService) IsValidRedirectURI(ctx context.Context, mcpURL string, clientID, redirectURI string) (bool, error)

IsValidRedirectURI checks if a redirect URI is valid for the client

func (*ClientRegistrationService) RegisterClient 

func (s *ClientRegistrationService) RegisterClient(ctx context.Context, req *ClientInfo, mcpURL string) (*ClientInfo, error)

RegisterClient implements RFC 7591 Dynamic Client Registration

func (*ClientRegistrationService) ValidateClientCredentials 

func (s *ClientRegistrationService) ValidateClientCredentials(ctx context.Context, mcpURL string, clientID, clientSecret string) (*ClientInfo, error)

ValidateClientCredentials validates client credentials

type ConsentTemplateData 

type ConsentTemplateData struct {
	ClientID            string
	ClientName          string
	ToolsetName         string
	RedirectURI         string
	Scope               string
	Scopes              []string
	State               string
	CodeChallenge       string
	CodeChallengeMethod string
	ResponseType        string
	MCPURL              string
	MCPSlug             string
}

ConsentTemplateData represents the data for the consent screen

type ExternalSecret 

type ExternalSecret struct {
	SecurityKeys []string   `json:"-"`
	Token        string     `json:"-"`
	ExpiresAt    *time.Time `json:"-"`
}

type Grant 

type Grant struct {
	ToolsetID           uuid.UUID
	Code                string
	ClientID            string
	RedirectURI         string
	Scope               string
	State               string
	CodeChallenge       string
	CodeChallengeMethod string
	Props               map[string]string
	CreatedAt           time.Time
	ExpiresAt           time.Time
	ExternalSecrets     []ExternalSecret
}

Grant represents an OAuth authorization grant

func (Grant) AdditionalCacheKeys 

func (g Grant) AdditionalCacheKeys() []string

func (Grant) CacheKey 

func (g Grant) CacheKey() string

func (Grant) TTL 

func (g Grant) TTL() time.Duration

type GrantManager 

type GrantManager struct {
	// contains filtered or unexported fields
}

GrantManager handles OAuth authorization grant operations

func NewGrantManager 

func NewGrantManager(cacheImpl cache.Cache, clientRegistration *ClientRegistrationService, pkceService *PKCEService, logger *slog.Logger, enc *encryption.Client) *GrantManager

func (*GrantManager) BuildAuthorizationResponse 

func (gm *GrantManager) BuildAuthorizationResponse(ctx context.Context, grant *Grant, redirectURI string) (string, error)

BuildAuthorizationResponse builds the authorization response URL

func (*GrantManager) BuildErrorResponse 

func (gm *GrantManager) BuildErrorResponse(ctx context.Context, redirectURI, errorString, errorDescription, state string) (string, error)

BuildErrorResponse builds an error response URL

func (*GrantManager) CreateAuthorizationGrant 

func (gm *GrantManager) CreateAuthorizationGrant(ctx context.Context, req *AuthorizationRequest, mcpURL string, toolsetId uuid.UUID, accessToken string, expiresAt *time.Time, securityKeys []string) (*Grant, error)

CreateAuthorizationGrant creates a new authorization grant

func (*GrantManager) ValidateAndConsumeGrant 

func (gm *GrantManager) ValidateAndConsumeGrant(ctx context.Context, toolsetId uuid.UUID, code, clientID, redirectURI string) (*Grant, error)

ValidateAndConsumeGrant validates and consumes an authorization grant

func (*GrantManager) ValidateAuthorizationRequest 

func (gm *GrantManager) ValidateAuthorizationRequest(ctx context.Context, req *AuthorizationRequest, mcpURL string) error

ValidateAuthorizationRequest validates an authorization request

type OauthProxyClientInfo 

type OauthProxyClientInfo struct {
	MCPURL                  string
	ClientID                string
	ClientSecret            string
	ClientSecretExpiresAt   time.Time
	ClientName              string
	RedirectUris            []string
	GrantTypes              []string
	ResponseTypes           []string
	Scope                   string
	TokenEndpointAuthMethod string
	ApplicationType         string
	CreatedAt               time.Time
	UpdatedAt               time.Time
}

func (OauthProxyClientInfo) AdditionalCacheKeys 

func (o OauthProxyClientInfo) AdditionalCacheKeys() []string

func (OauthProxyClientInfo) CacheKey 

func (o OauthProxyClientInfo) CacheKey() string

func (OauthProxyClientInfo) TTL 

func (o OauthProxyClientInfo) TTL() time.Duration

type PKCEService 

type PKCEService struct {
	// contains filtered or unexported fields
}

PKCEService handles PKCE (Proof Key for Code Exchange) operations

func NewPKCEService 

func NewPKCEService(logger *slog.Logger) *PKCEService

func (*PKCEService) GenerateCodeChallenge 

func (s *PKCEService) GenerateCodeChallenge(codeVerifier string, method string) (string, error)

GenerateCodeChallenge generates a code challenge from a code verifier

func (*PKCEService) ValidateCodeChallenge 

func (s *PKCEService) ValidateCodeChallenge(ctx context.Context, codeChallenge string, method string) error

ValidateCodeChallenge validates that a code challenge is properly formatted

func (*PKCEService) ValidateCodeVerifier 

func (s *PKCEService) ValidateCodeVerifier(ctx context.Context, codeVerifier string) error

ValidateCodeVerifier validates that a code verifier is properly formatted

func (*PKCEService) ValidatePKCEFlow 

func (s *PKCEService) ValidatePKCEFlow(ctx context.Context, grant *Grant, codeVerifier string) error

ValidatePKCEFlow validates the complete PKCE flow

func (*PKCEService) VerifyCodeChallenge 

func (s *PKCEService) VerifyCodeChallenge(ctx context.Context, codeVerifier, codeChallenge, method string) error

VerifyCodeChallenge verifies that a code verifier matches the code challenge

type Service 

type Service struct {
	// contains filtered or unexported fields
}

func NewService 

func NewService(logger *slog.Logger, tracerProvider trace.TracerProvider, meterProvider metric.MeterProvider, db *pgxpool.Pool, serverURL *url.URL, cacheImpl cache.Cache, enc *encryption.Client, env *environments.EnvironmentEntries) *Service

func (*Service) ValidateAccessToken 

func (s *Service) ValidateAccessToken(ctx context.Context, toolsetId uuid.UUID, accessToken string) (*Token, error)

ValidateAccessToken validates an OAuth access token

type Token 

type Token struct {
	ToolsetID       uuid.UUID        `json:"-"`
	AccessToken     string           `json:"access_token"`
	TokenType       string           `json:"token_type"`
	Scope           string           `json:"scope,omitempty"`
	CreatedAt       time.Time        `json:"created_at"`
	ExpiresAt       time.Time        `json:"expires_at"`
	ExternalSecrets []ExternalSecret `json:"-"` // this should never be exposed in JSON
}

Token represents an OAuth access token

func (Token) AdditionalCacheKeys 

func (t Token) AdditionalCacheKeys() []string

func (Token) CacheKey 

func (t Token) CacheKey() string

func (Token) TTL 

func (t Token) TTL() time.Duration

type TokenRequest 

type TokenRequest struct {
	GrantType    string `json:"grant_type"`
	Code         string `json:"code"`
	RedirectURI  string `json:"redirect_uri"`
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	CodeVerifier string `json:"code_verifier"`
}

TokenRequest represents an OAuth token request

type TokenResponse 

type TokenResponse struct {
	AccessToken string `json:"access_token"`
	TokenType   string `json:"token_type"`
	ExpiresIn   int    `json:"expires_in"`
	Scope       string `json:"scope,omitempty"`
}

type TokenService 

type TokenService struct {
	// contains filtered or unexported fields
}

TokenService handles OAuth token operations

func NewTokenService 

func NewTokenService(cacheImpl cache.Cache, clientRegistration *ClientRegistrationService, grantManager *GrantManager, pkceService *PKCEService, logger *slog.Logger, enc *encryption.Client) *TokenService

func (*TokenService) CreateErrorResponse 

func (ts *TokenService) CreateErrorResponse(errorType, description string) map[string]interface{}

CreateErrorResponse creates a standardized error response

func (*TokenService) CreateTokenResponse 

func (ts *TokenService) CreateTokenResponse(token *Token) *TokenResponse

CreateTokenResponse creates a standardized token response

func (*TokenService) ExchangeAuthorizationCode 

func (ts *TokenService) ExchangeAuthorizationCode(ctx context.Context, req *TokenRequest, mcpURL string, toolsetId uuid.UUID) (*Token, error)

ExchangeAuthorizationCode exchanges an authorization code for tokens

func (*TokenService) SetTokenExpiration 

func (ts *TokenService) SetTokenExpiration(accessTokenExpiration time.Duration)

SetTokenExpiration sets custom token expiration time

func (*TokenService) ValidateAccessToken 

func (ts *TokenService) ValidateAccessToken(ctx context.Context, toolsetId uuid.UUID, accessToken string) (*Token, error)

ValidateAccessToken validates an access token

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.