token

Documentation

Index

• Variables
• type Authorization
• type AuthorizationCodeGrantRequest
  • func (r *AuthorizationCodeGrantRequest) Type() oauth2.GrantType
  • func (r *AuthorizationCodeGrantRequest) Validate(redirectURI *string, challenge pkce.Challenge) error
• type GrantRequest
  • func ReadRequest(r *http.Request) (GrantRequest, error)
• type RefreshTokenGrantRequest
  • func (r *RefreshTokenGrantRequest) Scopes() []string
  • func (r *RefreshTokenGrantRequest) Type() oauth2.GrantType
  • func (r *RefreshTokenGrantRequest) Validate(scopes []string) error
• type Request
  • func (r *Request) AuthenticateClient(ctx context.Context, authzRequest *authz.Request, client oauth2.Client) error
• type Response
  • func (r *Response) Write(w http.ResponseWriter) error
• type Type

Variables

var (
	ErrClientAuthenticationFailed = errors.New(errors.KindUnauthorizedClient, "client authentication failed")
	ErrClientIDMismatch           = errors.New(errors.KindInvalidClient, "client ID mismatch")
	ErrInsufficientScopes         = errors.New(errors.KindInvalidGrant, "insufficient scopes")
	ErrMalformedRequest           = errors.New(errors.KindInvalidRequest, "malformed request")
	ErrMissingParameter           = errors.New(errors.KindInvalidRequest, "missing parameter")
	ErrRedirectURIMismatch        = errors.New(errors.KindInvalidGrant, "redirect URI mismatch")
	ErrUnsupportedGrantType       = errors.New(errors.KindUnsupportedGrantType, "unsupported grant type")
)

Types

type Authorization

type Authorization interface {
	GetClientID() string
	GetScopes() []string
}

type AuthorizationCodeGrantRequest

type AuthorizationCodeGrantRequest struct {
	Request

	Code        string  `form:"code"`
	RedirectURI *string `form:"redirect_uri,omitempty"`
	pkce.Verifier
}

func (*AuthorizationCodeGrantRequest) Type

func (r *AuthorizationCodeGrantRequest) Type() oauth2.GrantType

func (*AuthorizationCodeGrantRequest) Validate

func (r *AuthorizationCodeGrantRequest) Validate(redirectURI *string, challenge pkce.Challenge) error

Validate validates the AuthorizationCodeGrantRequest against the previously requested redirectURI and optionally PKCE challenge. If the redirectURI does not match AuthorizationCodeGrantRequest.RedirectURI, returns ErrRedirectURIMismatch.

type GrantRequest

type GrantRequest interface {
	Type() oauth2.GrantType
}

func ReadRequest

func ReadRequest(r *http.Request) (GrantRequest, error)

type RefreshTokenGrantRequest

type RefreshTokenGrantRequest struct {
	Request

	RefreshToken string  `form:"refresh_token"`
	Scope        *string `form:"scope,omitempty"`
}

func (*RefreshTokenGrantRequest) Scopes

func (r *RefreshTokenGrantRequest) Scopes() []string

func (*RefreshTokenGrantRequest) Type

func (r *RefreshTokenGrantRequest) Type() oauth2.GrantType

func (*RefreshTokenGrantRequest) Validate

func (r *RefreshTokenGrantRequest) Validate(scopes []string) error

Validate validates the RefreshTokenGrantRequest against the current scopes. If any scope(s) that is not authorized currently was requested, returns ErrInsufficientScopes.

type Request

type Request struct {
	GrantType    oauth2.GrantType `form:"grant_type"`
	ClientID     *string          `form:"client_id,omitempty"`
	ClientSecret *string          `form:"client_secret,omitempty"`
	assertion.ClientAssertion
}

func (*Request) AuthenticateClient

func (r *Request) AuthenticateClient(
	ctx context.Context,
	authzRequest *authz.Request,
	client oauth2.Client,
) error

type Response

type Response struct {
	AccessToken  string  `json:"access_token"`
	TokenType    Type    `json:"token_type"`
	ExpiresIn    *uint   `json:"expires_in,omitempty"`
	RefreshToken *string `json:"refresh_token,omitempty"`
	Scope        *string `json:"scope,omitempty"`
}

func (*Response) Write

func (r *Response) Write(w http.ResponseWriter) error

type Type

type Type string

const (
	TypeBearer Type = "bearer"
	TypeMAC    Type = "mac"
)