Back to

Package oauth

Latest Go to latest

The highest tagged major version is .

Published: Oct 2, 2019 | License: GPL2 | Module:



const (
	// AccessTokenHint ...
	AccessTokenHint = "access_token"
	// RefreshTokenHint ...
	RefreshTokenHint = "refresh_token"
const Bearer = "Bearer"

Bearer is the default type of generated tokens.


var (
	// ErrAccessTokenNotFound ...
	ErrAccessTokenNotFound = errors.New("access token not found")
	// ErrAccessTokenExpired ...
	ErrAccessTokenExpired = errors.New("access token expired")
var (
	// ErrAuthorizationCodeNotFound ...
	ErrAuthorizationCodeNotFound = errors.New("authorization code not found")
	// ErrAuthorizationCodeExpired ...
	ErrAuthorizationCodeExpired = errors.New("authorization code expired")
var (
	// ErrClientNotFound ...
	ErrClientNotFound = errors.New("client not found")
	// ErrInvalidClientSecret ...
	ErrInvalidClientSecret = errors.New("invalid client secret")
	// ErrClientIDTaken ...
	ErrClientIDTaken = errors.New("client ID taken")
var (

	// ErrInvalidGrantType ...
	ErrInvalidGrantType = errors.New("invalid grant type")
	// ErrInvalidClientIDOrSecret ...
	ErrInvalidClientIDOrSecret = errors.New("invalid client ID or secret")
var (
	// ErrTokenMissing ...
	ErrTokenMissing = errors.New("token missing")
	// ErrTokenHintInvalid ...
	ErrTokenHintInvalid = errors.New("invalid token hint")
var (
	// ErrRefreshTokenNotFound ...
	ErrRefreshTokenNotFound = errors.New("refresh token not found")
	// ErrRefreshTokenExpired ...
	ErrRefreshTokenExpired = errors.New("refresh token expired")
	// ErrRequestedScopeCannotBeGreater ...
	ErrRequestedScopeCannotBeGreater = errors.New("requested scope cannot be greater")
var (
	// MinPasswordLength defines minimum password length
	MinPasswordLength = 6

	// ErrPasswordTooShort ...
	ErrPasswordTooShort = fmt.Errorf(
		"password must be at least %d characters long",
	// ErrUserNotFound ...
	ErrUserNotFound = errors.New("user not found")
	// ErrInvalidUserPassword ...
	ErrInvalidUserPassword = errors.New("invalid user password")
	// ErrCannotSetEmptyUsername ...
	ErrCannotSetEmptyUsername = errors.New("cannot set empty username")
	// ErrUserPasswordNotSet ...
	ErrUserPasswordNotSet = errors.New("user password not set")
	// ErrUsernameTaken ...
	ErrUsernameTaken = errors.New("username taken")
var (
	// ErrInvalidRedirectURI ...
	ErrInvalidRedirectURI = errors.New("invalid redirect URI")
var (
	// ErrInvalidScope ...
	ErrInvalidScope = errors.New("invalid scope")
var (
	// ErrInvalidUsernameOrPassword ...
	ErrInvalidUsernameOrPassword = errors.New("invalid username or password")
var (
	// ErrRoleNotFound ...
	ErrRoleNotFound = errors.New("role not found")

func AuthClient

func AuthClient(clientID, secret string) (*models.OAuthApplication, error)

AuthClient authenticates client

func AuthUser

func AuthUser(username, password string) (*models.User, error)

AuthUser authenticates user

func Authenticate

func Authenticate(token string) (*models.AccessToken, error)

Authenticate checks the access token is valid

func ClearUserTokens

func ClearUserTokens(userSession *session.UserSession)

ClearUserTokens deletes the user's access and refresh tokens associated with this client id

func ClientExists

func ClientExists(clientID string) bool

ClientExists returns true if client exists

func CreateClient

func CreateClient(clientID, secret, redirectURI string) (*models.OAuthApplication, error)

CreateClient saves a new client to database

func CreateClientTx

func CreateClientTx(clientID, secret, redirectURI string) (*models.OAuthApplication, error)

CreateClientTx saves a new client to database using injected db object

func CreateUser

func CreateUser(roleID, username, password string) (*models.User, error)

CreateUser saves a new user to database

func FindClientByClientID

func FindClientByClientID(clientID string) (*models.OAuthApplication, error)

FindClientByClientID looks up a client by client ID

func FindRoleByID

func FindRoleByID(id string) (*models.UserRole, error)

FindRoleByID looks up a role by ID and returns it

func FindUserByEmail

func FindUserByEmail(email string) (*models.User, error)

FindUserByUsername looks up a user by username

func GetDefaultScope

func GetDefaultScope() string

GetDefaultScope returns the default scope

func GetOrCreateRefreshToken

func GetOrCreateRefreshToken(client *models.OAuthApplication, user *models.User, expiresIn int, scope string) (*models.RefreshToken, error)

GetOrCreateRefreshToken retrieves an existing refresh token, if expired, the token gets deleted and new refresh token is created

func GetScope

func GetScope(requestedScope string) (string, error)

GetScope takes a requested scope and, if it's empty, returns the default scope, if not empty, it validates the requested scope

func GetValidRefreshToken

func GetValidRefreshToken(token string, client *models.OAuthApplication) (*models.RefreshToken, error)

GetValidRefreshToken returns a valid non expired refresh token

func GrantAccessToken

func GrantAccessToken(client *models.OAuthApplication, user *models.User, expiresIn int, scope string) (*models.AccessToken, error)

GrantAccessToken deletes old tokens and grants a new access token

func GrantAuthorizationCode

func GrantAuthorizationCode(client *models.OAuthApplication, user *models.User, expiresIn int, redirectURI, scope string) (*models.AuthorizationCode, error)

GrantAuthorizationCode grants a new authorization code

func IntrospectHandler

func IntrospectHandler(ctx echo.Context) error

introspectHandler handles OAuth 2.0 introspect request (POST /v1/oauth/introspect)

func IsRoleAllowed

func IsRoleAllowed(role string, allowedRoles []string) bool

IsRoleAllowed returns true if the role is allowed to use this service

func Login

func Login(client *models.OAuthApplication, user *models.User, scope string) (*models.AccessToken, *models.RefreshToken, error)

Login creates an access token and refresh token for a user (logs him/her in)

func ScopeExists

func ScopeExists(requestedScope string) bool

ScopeExists checks if a scope exists

func SetPassword

func SetPassword(user *models.User, password string) error

SetPassword sets a user password

func TokensHandler

func TokensHandler(ctx echo.Context) error

tokensHandler handles all OAuth 2.0 grant types (POST /v1/oauth/tokens)

func UpdateUsername

func UpdateUsername(user *models.User, username string) error

UpdateUsername ...

func UserExists

func UserExists(username string) bool

UserExists returns true if user exists

type AccessTokenResponse

type AccessTokenResponse struct {
	UserID       string `json:"user_id,omitempty"`
	AccessToken  string `json:"access_token"`
	ExpiresIn    int    `json:"expires_in"`
	TokenType    string `json:"token_type"`
	Scope        string `json:"scope"`
	RefreshToken string `json:"refresh_token,omitempty"`

AccessTokenResponse ...

func NewAccessTokenResponse

func NewAccessTokenResponse(accessToken *models.AccessToken, refreshToken *models.RefreshToken, lifetime int, theTokenType string) (*AccessTokenResponse, error)

NewAccessTokenResponse ...

type IntrospectResponse

type IntrospectResponse struct {
	Active    bool   `json:"active"`
	Scope     string `json:"scope,omitempty"`
	ClientID  string `json:"client_id,omitempty"`
	Username  string `json:"username,omitempty"`
	TokenType string `json:"token_type,omitempty"`
	ExpiresAt int    `json:"exp,omitempty"`

IntrospectResponse ...

func IntrospectToken

func IntrospectToken(r *http.Request, client *models.OAuthApplication) (*IntrospectResponse, error)

func NewIntrospectResponseFromAccessToken

func NewIntrospectResponseFromAccessToken(accessToken *models.AccessToken) (*IntrospectResponse, error)

NewIntrospectResponseFromAccessToken ...

func NewIntrospectResponseFromRefreshToken

func NewIntrospectResponseFromRefreshToken(refreshToken *models.RefreshToken) (*IntrospectResponse, error)

NewIntrospectResponseFromRefreshToken ...

Package Files

Documentation was rendered with GOOS=linux and GOARCH=amd64.

Jump to identifier

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to identifier