Documentation ¶
Index ¶
- Constants
- Variables
- func AuthClient(clientID, secret string) (*models.OAuthApplication, error)
- func AuthUser(username, password string) (*models.User, error)
- func Authenticate(token string) (*models.AccessToken, error)
- func ClearUserTokens(userSession *session.UserSession)
- func ClientExists(clientID string) bool
- func CreateClient(clientID, secret, redirectURI string) (*models.OAuthApplication, error)
- func CreateClientTx(clientID, secret, redirectURI string) (*models.OAuthApplication, error)
- func CreateUser(roleID, username, password string) (*models.User, error)
- func FindClientByClientID(clientID string) (*models.OAuthApplication, error)
- func FindRoleByID(id string) (*models.UserRole, error)
- func FindUserByEmail(email string) (*models.User, error)
- func GetDefaultScope() string
- func GetOrCreateRefreshToken(client *models.OAuthApplication, user *models.User, expiresIn int, ...) (*models.RefreshToken, error)
- func GetScope(requestedScope string) (string, error)
- func GetValidRefreshToken(token string, client *models.OAuthApplication) (*models.RefreshToken, error)
- func GrantAccessToken(client *models.OAuthApplication, user *models.User, expiresIn int, ...) (*models.AccessToken, error)
- func GrantAuthorizationCode(client *models.OAuthApplication, user *models.User, expiresIn int, ...) (*models.AuthorizationCode, error)
- func IntrospectHandler(ctx echo.Context) error
- func IsRoleAllowed(role string, allowedRoles []string) bool
- func Login(client *models.OAuthApplication, user *models.User, scope string) (*models.AccessToken, *models.RefreshToken, error)
- func ScopeExists(requestedScope string) bool
- func SetPassword(user *models.User, password string) error
- func TokensHandler(ctx echo.Context) error
- func UpdateUsername(user *models.User, username string) error
- func UserExists(username string) bool
- type AccessTokenResponse
- type IntrospectResponse
- func IntrospectToken(r *http.Request, client *models.OAuthApplication) (*IntrospectResponse, error)
- func NewIntrospectResponseFromAccessToken(accessToken *models.AccessToken) (*IntrospectResponse, error)
- func NewIntrospectResponseFromRefreshToken(refreshToken *models.RefreshToken) (*IntrospectResponse, error)
Constants ¶
const ( // AccessTokenHint ... AccessTokenHint = "access_token" // RefreshTokenHint ... RefreshTokenHint = "refresh_token" )
const Bearer = "Bearer"
Bearer is the default type of generated tokens.
Variables ¶
var ( // ErrAccessTokenNotFound ... ErrAccessTokenNotFound = errors.New("access token not found") // ErrAccessTokenExpired ... ErrAccessTokenExpired = errors.New("access token expired") )
var ( // ErrAuthorizationCodeNotFound ... ErrAuthorizationCodeNotFound = errors.New("authorization code not found") // ErrAuthorizationCodeExpired ... ErrAuthorizationCodeExpired = errors.New("authorization code expired") )
var ( // ErrClientNotFound ... ErrClientNotFound = errors.New("client not found") // ErrInvalidClientSecret ... ErrInvalidClientSecret = errors.New("invalid client secret") // ErrClientIDTaken ... ErrClientIDTaken = errors.New("client ID taken") )
var ( // ErrInvalidGrantType ... ErrInvalidGrantType = errors.New("invalid grant type") // ErrInvalidClientIDOrSecret ... ErrInvalidClientIDOrSecret = errors.New("invalid client ID or secret") )
var ( // ErrTokenMissing ... ErrTokenMissing = errors.New("token missing") // ErrTokenHintInvalid ... ErrTokenHintInvalid = errors.New("invalid token hint") )
var ( // ErrRefreshTokenNotFound ... ErrRefreshTokenNotFound = errors.New("refresh token not found") // ErrRefreshTokenExpired ... ErrRefreshTokenExpired = errors.New("refresh token expired") // ErrRequestedScopeCannotBeGreater ... ErrRequestedScopeCannotBeGreater = errors.New("requested scope cannot be greater") )
var ( // MinPasswordLength defines minimum password length MinPasswordLength = 6 // ErrPasswordTooShort ... ErrPasswordTooShort = fmt.Errorf( "password must be at least %d characters long", MinPasswordLength, ) // ErrUserNotFound ... ErrUserNotFound = errors.New("user not found") // ErrInvalidUserPassword ... ErrInvalidUserPassword = errors.New("invalid user password") // ErrCannotSetEmptyUsername ... ErrCannotSetEmptyUsername = errors.New("cannot set empty username") // ErrUserPasswordNotSet ... ErrUserPasswordNotSet = errors.New("user password not set") // ErrUsernameTaken ... ErrUsernameTaken = errors.New("username taken") )
var ( // ErrInvalidRedirectURI ... ErrInvalidRedirectURI = errors.New("invalid redirect URI") )
var ( // ErrInvalidScope ... ErrInvalidScope = errors.New("invalid scope") )
var ( // ErrInvalidUsernameOrPassword ... ErrInvalidUsernameOrPassword = errors.New("invalid username or password") )
var ( // ErrRoleNotFound ... ErrRoleNotFound = errors.New("role not found") )
Functions ¶
func AuthClient ¶
func AuthClient(clientID, secret string) (*models.OAuthApplication, error)
AuthClient authenticates client
func Authenticate ¶
func Authenticate(token string) (*models.AccessToken, error)
Authenticate checks the access token is valid
func ClearUserTokens ¶
func ClearUserTokens(userSession *session.UserSession)
ClearUserTokens deletes the user's access and refresh tokens associated with this client id
func ClientExists ¶
ClientExists returns true if client exists
func CreateClient ¶
func CreateClient(clientID, secret, redirectURI string) (*models.OAuthApplication, error)
CreateClient saves a new client to database
func CreateClientTx ¶
func CreateClientTx(clientID, secret, redirectURI string) (*models.OAuthApplication, error)
CreateClientTx saves a new client to database using injected db object
func CreateUser ¶
CreateUser saves a new user to database
func FindClientByClientID ¶
func FindClientByClientID(clientID string) (*models.OAuthApplication, error)
FindClientByClientID looks up a client by client ID
func FindRoleByID ¶
FindRoleByID looks up a role by ID and returns it
func FindUserByEmail ¶
FindUserByUsername looks up a user by username
func GetOrCreateRefreshToken ¶
func GetOrCreateRefreshToken(client *models.OAuthApplication, user *models.User, expiresIn int, scope string) (*models.RefreshToken, error)
GetOrCreateRefreshToken retrieves an existing refresh token, if expired, the token gets deleted and new refresh token is created
func GetScope ¶
GetScope takes a requested scope and, if it's empty, returns the default scope, if not empty, it validates the requested scope
func GetValidRefreshToken ¶
func GetValidRefreshToken(token string, client *models.OAuthApplication) (*models.RefreshToken, error)
GetValidRefreshToken returns a valid non expired refresh token
func GrantAccessToken ¶
func GrantAccessToken(client *models.OAuthApplication, user *models.User, expiresIn int, scope string) (*models.AccessToken, error)
GrantAccessToken deletes old tokens and grants a new access token
func GrantAuthorizationCode ¶
func GrantAuthorizationCode(client *models.OAuthApplication, user *models.User, expiresIn int, redirectURI, scope string) (*models.AuthorizationCode, error)
GrantAuthorizationCode grants a new authorization code
func IntrospectHandler ¶
func IntrospectHandler(ctx echo.Context) error
introspectHandler handles OAuth 2.0 introspect request (POST /v1/oauth/introspect)
func IsRoleAllowed ¶
IsRoleAllowed returns true if the role is allowed to use this service
func Login ¶
func Login(client *models.OAuthApplication, user *models.User, scope string) (*models.AccessToken, *models.RefreshToken, error)
Login creates an access token and refresh token for a user (logs him/her in)
func ScopeExists ¶
ScopeExists checks if a scope exists
func SetPassword ¶
SetPassword sets a user password
func TokensHandler ¶
func TokensHandler(ctx echo.Context) error
tokensHandler handles all OAuth 2.0 grant types (POST /v1/oauth/tokens)
func UpdateUsername ¶
UpdateUsername ...
Types ¶
type AccessTokenResponse ¶
type AccessTokenResponse struct { UserID string `json:"user_id,omitempty"` AccessToken string `json:"access_token"` ExpiresIn int `json:"expires_in"` TokenType string `json:"token_type"` Scope string `json:"scope"` RefreshToken string `json:"refresh_token,omitempty"` }
AccessTokenResponse ...
func NewAccessTokenResponse ¶
func NewAccessTokenResponse(accessToken *models.AccessToken, refreshToken *models.RefreshToken, lifetime int, theTokenType string) (*AccessTokenResponse, error)
NewAccessTokenResponse ...
type IntrospectResponse ¶
type IntrospectResponse struct { Active bool `json:"active"` Scope string `json:"scope,omitempty"` ClientID string `json:"client_id,omitempty"` Username string `json:"username,omitempty"` TokenType string `json:"token_type,omitempty"` ExpiresAt int `json:"exp,omitempty"` }
IntrospectResponse ...
func IntrospectToken ¶
func IntrospectToken(r *http.Request, client *models.OAuthApplication) (*IntrospectResponse, error)
func NewIntrospectResponseFromAccessToken ¶
func NewIntrospectResponseFromAccessToken(accessToken *models.AccessToken) (*IntrospectResponse, error)
NewIntrospectResponseFromAccessToken ...
func NewIntrospectResponseFromRefreshToken ¶
func NewIntrospectResponseFromRefreshToken(refreshToken *models.RefreshToken) (*IntrospectResponse, error)
NewIntrospectResponseFromRefreshToken ...
Source Files ¶
- access_token.go
- authenticate.go
- authorization_code.go
- client.go
- errors.go
- grant_type_authorization_code.go
- grant_type_client_credentials.go
- grant_type_password.go
- grant_type_refresh_token.go
- handlers.go
- introspect.go
- login.go
- refresh_token.go
- response.go
- role.go
- scope.go
- service.go
- tokentypes.go
- user.go