oauth2

package
v0.0.0-...-9179296 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 31, 2025 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DPoPHeaderName = "DPoP"
	DPoPHeaderType = "dpop+jwt"
)
View Source 
const (
	ErrAuthorizationPending = "authorization_pending"
	ErrSlowDown             = "slow_down"
)
View Source 
const (
	AuthorizationCodeGrantType string = "authorization_code"
	ClientCredentialsGrantType string = "client_credentials"
	ImplicitGrantType          string = "implicit"
	PasswordGrantType          string = "password"
	RefreshTokenGrantType      string = "refresh_token"
	JWTBearerGrantType         string = "urn:ietf:params:oauth:grant-type:jwt-bearer"
	TokenExchangeGrantType     string = "urn:ietf:params:oauth:grant-type:token-exchange"
	DeviceGrantType            string = "urn:ietf:params:oauth:grant-type:device_code"
)

grant types

View Source 
const (
	ClientSecretBasicAuthMethod string = "client_secret_basic"
	ClientSecretPostAuthMethod  string = "client_secret_post"
	ClientSecretJwtAuthMethod   string = "client_secret_jwt"
	PrivateKeyJwtAuthMethod     string = "private_key_jwt"
	SelfSignedTLSAuthMethod     string = "self_signed_tls_client_auth"
	TLSClientAuthMethod         string = "tls_client_auth"
	NoneAuthMethod              string = "none"
)

auth methods

View Source 
const CodeVerifierLength = 43
View Source 
const (
	JwtBearerClientAssertion string = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
)

client assertion types

View Source 
const OpenIDConfigurationPath = "/.well-known/openid-configuration"

Variables

View Source 
var CodeChallengeEncoder = base64.RawURLEncoding

Functions

func DPoPSignRequest 

func DPoPSignRequest(signingKey string, hc *http.Client, r *http.Request) error

func DPoPThumbprint 

func DPoPThumbprint(signingKey string, hc *http.Client) (string, error)

func EncryptJWT 

func EncryptJWT(token string, encrypterProvider EncrypterProvider) (nestedJWT string, key interface{}, err error)

func FetchOpenIDConfiguration 

func FetchOpenIDConfiguration(ctx context.Context, issuerURL string, hc *http.Client) (request Request, c ServerConfig, err error)

func ParseError 

func ParseError(resp *http.Response) error

func PlaintextJWT 

func PlaintextJWT(claimsProvider ClaimsProvider) (jwt string, key string, err error)

func RandomString 

func RandomString(n int) string

func ReadKey 

func ReadKey(use KeyUse, location string, hc *http.Client) (jose.JSONWebKey, error)

func ReadKeyPair 

func ReadKeyPair(cert string, key string, hc *http.Client) (keyPair tls.Certificate, err error)

func ReadRootCA 

func ReadRootCA(location string, hc *http.Client) (pool *x509.CertPool, err error)

func ReadURL 

func ReadURL(location string, hc *http.Client) (data []byte, err error)

func RequestDeviceAuthorization 

func RequestDeviceAuthorization(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (request Request, response DeviceAuthorizationResponse, err error)

func RequestPAR 

func RequestPAR(
	ctx context.Context,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
) (parRequest Request, parResponse PARResponse, authorizeRequest Request, codeVerifier string, err error)

func RequestToken 

func RequestToken(
	ctx context.Context,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
	opts ...RequestTokenOption,
) (request Request, response TokenResponse, err error)

func SignJWT 

func SignJWT(claimsProvider ClaimsProvider, signerProvider SignerProvider) (jwt string, key interface{}, err error)

func UnsafeParseJWT 

func UnsafeParseJWT(token string) (*jwt.JSONWebToken, map[string]interface{}, error)

func WithAuthorizationCode 

func WithAuthorizationCode(code string) func(*RequestTokenParams)

func WithCodeVerifier 

func WithCodeVerifier(codeVerifier string) func(*RequestTokenParams)

func WithDeviceCode 

func WithDeviceCode(deviceCode string) func(*RequestTokenParams)

func WithRedirectURL 

func WithRedirectURL(url string) func(*RequestTokenParams)

Types

type ClaimsProvider 

type ClaimsProvider func() (map[string]interface{}, error)

func AssertionClaims 

func AssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider

func ClientAssertionClaims 

func ClientAssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider

func RequestObjectClaims 

func RequestObjectClaims(params url.Values, serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider

type ClientConfig 

type ClientConfig struct {
	IssuerURL              string `validate:"url"`
	RedirectURL            string `validate:"url"`
	GrantType              string `` /* 223-byte string literal not displayed */
	ClientID               string
	ClientSecret           string
	Scopes                 []string
	ACRValues              []string
	Audience               []string
	AuthMethod             string `` /* 148-byte string literal not displayed */
	PKCE                   bool
	PAR                    bool
	RequestObject          bool
	EncryptedRequestObject bool
	Insecure               bool
	ResponseType           []string `validate:"dive,omitempty,oneof=code id_token token"`
	ResponseMode           string   `validate:"omitempty,oneof=query form_post query.jwt form_post.jwt jwt"`
	Username               string
	Password               string
	RefreshToken           string
	Assertion              string `validate:"omitempty,json"`
	SigningKey             string `validate:"omitempty,uri|file"`
	EncryptionKey          string `validate:"omitempty,uri|file"`
	SubjectToken           string
	SubjectTokenType       string `validate:"omitempty,oneof=urn:ietf:params:oauth:token-type:access_token"`
	ActorToken             string
	ActorTokenType         string `validate:"omitempty,oneof=urn:ietf:params:oauth:token-type:access_token"`
	IDTokenHint            string
	LoginHint              string
	IDPHint                string
	TLSCert                string `validate:"omitempty,uri|file"`
	TLSKey                 string `validate:"omitempty,uri|file"`
	TLSRootCA              string `validate:"omitempty,uri|file"`
	CallbackTLSCert        string `validate:"omitempty,uri|file"`
	CallbackTLSKey         string `validate:"omitempty,uri|file"`
	HTTPTimeout            time.Duration
	BrowserTimeout         time.Duration
	DPoP                   bool
	Claims                 string `validate:"omitempty,json"`
	RAR                    string `validate:"omitempty,json"`
	Purpose                string
	Prompt                 []string
	MaxAge                 string
	AuthenticationCode     string
}

type DPoPClaims 

type DPoPClaims struct {
	Htm      string `json:"htm"`
	Htu      string `json:"htu"`
	Jti      string `json:"jti"`
	IssuedAt int64  `json:"iat"`
}

type DeviceAuthorizationResponse 

type DeviceAuthorizationResponse struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete"`
	ExpiresIn               int64  `json:"expires_in"`
	Interval                int64  `json:"interval"`
}

type EncrypterProvider 

type EncrypterProvider func() (jose.Encrypter, interface{}, error)

func JWEEncrypter 

func JWEEncrypter(keyPath string, hc *http.Client) EncrypterProvider

type Error 

type Error struct {
	StatusCode int    `json:"-"`
	TraceID    string `json:"-"`

	ErrorCode   string `json:"error,omitempty"`
	Description string `json:"error_description,omitempty"`
	Hint        string `json:"error_hint,omitempty"`
	Cause       string `json:"cause,omitempty"`
}

func (*Error) Error 

func (e *Error) Error() string

type KeyUse 

type KeyUse string
const (
	SigningKey    KeyUse = "sig"
	EncryptionKey KeyUse = "enc"
)

type PARResponse 

type PARResponse struct {
	RequestURI string `json:"request_uri"`
	ExpiresIn  int64  `json:"expires_in"`
}

type Request 

type Request struct {
	Method        string
	URL           *url.URL
	Headers       map[string][]string
	Form          url.Values
	JARM          map[string]interface{}
	RequestObject string
	SigningKey    interface{}
	EncryptionKey interface{}
	Cert          *x509.Certificate
}

func RequestAuthorization 

func RequestAuthorization(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (r Request, codeVerifier string, err error)

func WaitForCallback 

func WaitForCallback(clientConfig ClientConfig, serverConfig ServerConfig, hc *http.Client) (request Request, err error)

func (*Request) AuthenticateClient 

func (r *Request) AuthenticateClient(
	endpoint string,
	mtlsEndpoint string,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
) (string, error)

func (*Request) AuthorizeRequest 

func (r *Request) AuthorizeRequest(
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
) (codeVerifier string, err error)

func (*Request) Get 

func (r *Request) Get(key string) string

func (*Request) ParseJARM 

func (r *Request) ParseJARM(signingKey interface{}, encryptionKey interface{}) error

type RequestTokenOption 

type RequestTokenOption func(*RequestTokenParams)

type RequestTokenParams 

type RequestTokenParams struct {
	Code         string
	DeviceCode   string
	CodeVerifier string
	RedirectURL  string
}

type ServerConfig 

type ServerConfig struct {
	SupportedGrantTypes               []string `json:"grant_types_supported"`
	SupportedResponseTypes            []string `json:"response_types_supported"`
	SupportedTokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported"`
	SupportedScopes                   []string `json:"scopes_supported"`
	SupportedResponseModes            []string `json:"response_modes_supported"`

	AuthorizationEndpoint              string `json:"authorization_endpoint"`
	DeviceAuthorizationEndpoint        string `json:"device_authorization_endpoint"`
	PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
	TokenEndpoint                      string `json:"token_endpoint"`
	MTLsEndpointAliases                struct {
		TokenEndpoint                      string `json:"token_endpoint"`
		PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
	} `json:"mtls_endpoint_aliases"`

	JWKsURI string `json:"jwks_uri"`
}

func (ServerConfig) IsConfigured 

func (c ServerConfig) IsConfigured() bool

type SignerProvider 

type SignerProvider func() (jose.Signer, interface{}, error)

func JWKSigner 

func JWKSigner(keyPath string, hc *http.Client) SignerProvider

func SecretSigner 

func SecretSigner(secret []byte) SignerProvider

type TokenResponse 

type TokenResponse struct {
	AccessToken          string                   `json:"access_token,omitempty"`
	ExpiresIn            int64                    `json:"expires_in,omitempty"`
	IDToken              string                   `json:"id_token,omitempty"`
	IssuedTokenType      string                   `json:"issued_token_type,omitempty"`
	RefreshToken         string                   `json:"refresh_token,omitempty"`
	Scope                string                   `json:"scope,omitempty"`
	TokenType            string                   `json:"token_type,omitempty"`
	AuthorizationDetails []map[string]interface{} `json:"authorization_details,omitempty"`
}

func NewTokenResponseFromForm 

func NewTokenResponseFromForm(f url.Values) TokenResponse

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.