oauth

package

v0.385.0 Latest Latest Go to latest Published: Apr 24, 2024 License: AGPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/teamkeel/keel

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ConsumeAuthCode(ctx context.Context, code string) (isValid bool, identityId string, err error)
func ExtractClaimFromJwt(token string, claim string) (string, error)
func GenerateAccessToken(ctx context.Context, identityId string) (string, time.Duration, error)
func GenerateResetToken(ctx context.Context, identityId string) (string, error)
func NewAuthCode(ctx context.Context, identityId string) (string, error)
func NewRefreshToken(ctx context.Context, identityId string) (string, error)
func RevokeRefreshToken(ctx context.Context, refreshTokenRaw string) error
func RotateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, refreshToken string, identityId string, err error)
func ValidateAccessToken(ctx context.Context, tokenString string) (string, error)
func ValidateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, identityId string, err error)
func ValidateResetToken(ctx context.Context, tokenString string) (string, error)
func VerifyIdToken(ctx context.Context, idTokenRaw string) (*oidc.IDToken, error)
type AccessTokenClaims
type IdTokenClaims
type UserClaims

Constants ¶

View Source

const (
	KeelIssuer = "https://keel.so"

	ResetTokenExpiry time.Duration = time.Minute * 15
)

Variables ¶

View Source

var (
	ErrInvalidToken     = common.NewAuthenticationFailedMessageErr("cannot be parsed or verified as a valid JWT")
	ErrTokenExpired     = common.NewAuthenticationFailedMessageErr("token has expired")
	ErrIdentityNotFound = common.NewAuthenticationFailedMessageErr("identity not found")
)

Functions ¶

func ConsumeAuthCode ¶ added in v0.373.0

func ConsumeAuthCode(ctx context.Context, code string) (isValid bool, identityId string, err error)

ConsumeAuthCode checks that the provided auth code has not expired, consumes it (making it unusable again), and returning the identity it is associated with.

func ExtractClaimFromJwt ¶ added in v0.379.1

func ExtractClaimFromJwt(token string, claim string) (string, error)

func GenerateAccessToken ¶

func GenerateAccessToken(ctx context.Context, identityId string) (string, time.Duration, error)

func GenerateResetToken ¶ added in v0.379.1

func GenerateResetToken(ctx context.Context, identityId string) (string, error)

func NewAuthCode ¶ added in v0.373.0

func NewAuthCode(ctx context.Context, identityId string) (string, error)

NewAuthCode generates a new auth code for the identity using the configured or default expiry time.

func NewRefreshToken ¶

func NewRefreshToken(ctx context.Context, identityId string) (string, error)

NewRefreshToken generates a new refresh token for the identity using the configured or default expiry time.

func RevokeRefreshToken ¶

func RevokeRefreshToken(ctx context.Context, refreshTokenRaw string) error

RevokeRefreshToken will delete (revoke) the provided refresh token, which will prevent it from being used again.

func RotateRefreshToken ¶

func RotateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, refreshToken string, identityId string, err error)

RotateRefreshToken validates that the provided refresh token has not expired, and then rotates it for a new refresh token with the exact same expiry time and identity. The original refresh token is then revoked from future use.

func ValidateAccessToken ¶

func ValidateAccessToken(ctx context.Context, tokenString string) (string, error)

func ValidateRefreshToken ¶

func ValidateRefreshToken(ctx context.Context, refreshTokenRaw string) (isValid bool, identityId string, err error)

ValidateRefreshToken validates that the provided refresh token has no expired, and also returns the identity it is associated with. The refresh token is not revoked.

func ValidateResetToken ¶ added in v0.379.1

func ValidateResetToken(ctx context.Context, tokenString string) (string, error)

func VerifyIdToken ¶

func VerifyIdToken(ctx context.Context, idTokenRaw string) (*oidc.IDToken, error)

VerifyIdToken will verify the ID token from an OpenID Connect provider.

Types ¶

type AccessTokenClaims ¶

type AccessTokenClaims struct {
	jwt.RegisteredClaims
}

https://pkg.go.dev/github.com/golang-jwt/jwt/v4#RegisteredClaims

type IdTokenClaims ¶

type IdTokenClaims struct {
	jwt.RegisteredClaims
	UserClaims
}

type UserClaims ¶

type UserClaims struct {
	// default 'email' scope claims
	Email         string `json:"email,omitempty"`
	EmailVerified bool   `json:"email_verified,omitempty"`

	// default 'profile' scope claims
	Name              string `json:"name,omitempty"`
	GivenName         string `json:"given_name,omitempty"`
	FamilyName        string `json:"family_name,omitempty"`
	MiddleName        string `json:"middle_name,omitempty"`
	NickName          string `json:"nick_name,omitempty"`
	PreferredUsername string `json:"preferred_username,omitempty"`
	Profile           string `json:"profile,omitempty"`
	Picture           string `json:"picture,omitempty"`
	Website           string `json:"website,omitempty"`
	Gender            string `json:"gender,omitempty"`
	ZoneInfo          string `json:"zoneinfo,omitempty"`
	Locale            string `json:"locale,omitempty"`

	// default 'phone' scope claims
	PhoneNumber         string `json:"phone_number,omitempty"`
	PhoneNumberVerified bool   `json:"phone_number_verified,omitempty"`
}

https://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
oauthtest

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL