oauth2

package
v0.0.0-...-5d153c6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 30, 2024 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	DefaultCodeExp               = time.Minute * 10
	DefaultAuthorizeCodeTokenCfg = &Config{AccessTokenExp: time.Hour * 24 * 365, RefreshTokenExp: time.Hour * 24 * 365, IsGenerateRefresh: true}
	DefaultImplicitTokenCfg      = &Config{AccessTokenExp: time.Hour * 24 * 365}
	DefaultPasswordTokenCfg      = &Config{AccessTokenExp: time.Hour * 24 * 365, RefreshTokenExp: time.Hour * 24 * 365, IsGenerateRefresh: true}
	DefaultClientTokenCfg        = &Config{AccessTokenExp: time.Hour * 24 * 365}
	DefaultRefreshTokenCfg       = &RefreshingConfig{IsGenerateRefresh: true, IsRemoveAccess: true, IsRemoveRefreshing: true}
)

default configs

View Source 
var (
	ErrInvalidRedirectURI   = errors.New("invalid redirect uri")
	ErrInvalidAuthorizeCode = errors.New("invalid authorize code")
	ErrInvalidAccessToken   = errors.New("invalid access token")
	ErrInvalidRefreshToken  = errors.New("invalid refresh token")
	ErrExpiredAccessToken   = errors.New("expired access token")
	ErrExpiredRefreshToken  = errors.New("expired refresh token")
	ErrMissingCodeVerifier  = errors.New("missing code verifier")
	ErrMissingCodeChallenge = errors.New("missing code challenge")
	ErrInvalidCodeChallenge = errors.New("invalid code challenge")
)

known errors

View Source 
var (
	ErrInvalidRequest                 = errors.New("invalid_request")
	ErrUnauthorizedClient             = errors.New("unauthorized_client")
	ErrAccessDenied                   = errors.New("access_denied")
	ErrUnsupportedResponseType        = errors.New("unsupported_response_type")
	ErrInvalidScope                   = errors.New("invalid_scope")
	ErrServerError                    = errors.New("server_error")
	ErrTemporarilyUnavailable         = errors.New("temporarily_unavailable")
	ErrInvalidClient                  = errors.New("invalid_client")
	ErrInvalidGrant                   = errors.New("invalid_grant")
	ErrUnsupportedGrantType           = errors.New("unsupported_grant_type")
	ErrCodeChallengeRquired           = errors.New("invalid_request")
	ErrUnsupportedCodeChallengeMethod = errors.New("invalid_request")
	ErrInvalidCodeChallengeLen        = errors.New("invalid_request")
)

https://tools.ietf.org/html/rfc6749#section-5.2

View Source 
var Descriptions = map[error]string{
	ErrInvalidRequest:                 "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed",
	ErrUnauthorizedClient:             "The client is not authorized to request an authorization code using this method",
	ErrAccessDenied:                   "The resource owner or authorization server denied the request",
	ErrUnsupportedResponseType:        "The authorization server does not support obtaining an authorization code using this method",
	ErrInvalidScope:                   "The requested scope is invalid, unknown, or malformed",
	ErrServerError:                    "The authorization server encountered an unexpected condition that prevented it from fulfilling the request",
	ErrTemporarilyUnavailable:         "The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server",
	ErrInvalidClient:                  "Client authentication failed",
	ErrInvalidGrant:                   "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client",
	ErrUnsupportedGrantType:           "The authorization grant type is not supported by the authorization server",
	ErrCodeChallengeRquired:           "PKCE is required. code_challenge is missing",
	ErrUnsupportedCodeChallengeMethod: "Selected code_challenge_method not supported",
	ErrInvalidCodeChallengeLen:        "Code challenge length must be between 43 and 128 charachters long",
}

Descriptions error description

View Source 
var New = errors.New

New returns an error that formats as the given text.

View Source 
var StatusCodes = map[error]int{
	ErrInvalidRequest:                 400,
	ErrUnauthorizedClient:             401,
	ErrAccessDenied:                   403,
	ErrUnsupportedResponseType:        401,
	ErrInvalidScope:                   400,
	ErrServerError:                    500,
	ErrTemporarilyUnavailable:         503,
	ErrInvalidClient:                  401,
	ErrInvalidGrant:                   401,
	ErrUnsupportedGrantType:           401,
	ErrCodeChallengeRquired:           400,
	ErrUnsupportedCodeChallengeMethod: 400,
	ErrInvalidCodeChallengeLen:        400,
}

StatusCodes response error HTTP status code

Functions

func ClientBasicHandler 

func ClientBasicHandler(r *http.Request) (string, string, error)

ClientBasicHandler get client data from basic authorization

func ClientFormHandler 

func ClientFormHandler(r *http.Request) (string, string, error)

ClientFormHandler get client data from form

func DefaultValidateURI 

func DefaultValidateURI(baseURI string, redirectURI string) error

DefaultValidateURI validates that redirectURI is contained in baseURI

func NewAccessGenerate 

func NewAccessGenerate() *accessGenerate

NewAccessGenerate create to generate the access token instance

func NewAuthorizeGenerate 

func NewAuthorizeGenerate() *authorizeGenerate

NewAuthorizeGenerate create to generate the authorize code instance

func NewDefaultManager 

func NewDefaultManager() *manager

NewDefaultManager create to default authorization management instance

func NewManager 

func NewManager() *manager

NewManager create to authorization management instance

Types

type AccessGenerate 

type AccessGenerate interface {
	Token(ctx context.Context, clientId, userId string, createdAt time.Time, isGenRefresh bool) (access, refresh string, err error)
}

AccessGenerate generate the access and refresh tokens interface

type AccessTokenExpHandler 

type AccessTokenExpHandler func(w http.ResponseWriter, r *http.Request) (exp time.Duration, err error)

AccessTokenExpHandler set expiration date for the access token

type AuthorizeGenerate 

type AuthorizeGenerate interface {
	Token(ctx context.Context, data *GenerateBasic) (code string, err error)
}

AuthorizeGenerate generate the authorization code interface

type AuthorizeRequest 

type AuthorizeRequest struct {
	ResponseType        ResponseType
	ClientID            string
	Scope               string
	RedirectURI         string
	State               string
	UserID              string
	CodeChallenge       string
	CodeChallengeMethod CodeChallengeMethod
	AccessTokenExp      time.Duration
	Request             *http.Request
}

AuthorizeRequest authorization request

type AuthorizeScopeHandler 

type AuthorizeScopeHandler func(w http.ResponseWriter, r *http.Request) (scope string, err error)

AuthorizeScopeHandler set the authorized scope

type Client 

type Client interface {
	GetID() string
	GetSecret() string
	GetDomain() string
	GetUserID() string
}

func NewClient 

func NewClient(id string, secret string, domain string, userID string) Client

type ClientAuthorizedHandler 

type ClientAuthorizedHandler func(clientID string, grant GrantType) (allowed bool, err error)

ClientAuthorizedHandler check the client allows to use this authorization grant type

type ClientInfo 

type ClientInfo interface {
	GetID() string
	GetSecret() string
	GetDomain() string
	GetUserID() string
}

ClientInfo the client information model interface

type ClientInfoHandler 

type ClientInfoHandler func(r *http.Request) (clientID, clientSecret string, err error)

ClientInfoHandler get client info from request

type ClientPasswordVerifier 

type ClientPasswordVerifier interface {
	VerifyPassword(string) bool
}

ClientPasswordVerifier the password handler interface

type ClientScopeHandler 

type ClientScopeHandler func(tgr *TokenGenerateRequest) (allowed bool, err error)

ClientScopeHandler check the client allows to use scope

type ClientStore 

type ClientStore interface {
	GetByID(ctx context.Context, id string) (ClientInfo, error)
	Set(ctx context.Context, id string, cli ClientInfo) error
	Delete(ctx context.Context, id string) error
}

func NewClientStore 

func NewClientStore() ClientStore

NewClientStore create client store

type CodeChallengeMethod 

type CodeChallengeMethod string

CodeChallengeMethod PCKE method 

const (
	// CodeChallengePlain PCKE Method
	CodeChallengePlain CodeChallengeMethod = "plain"
	// CodeChallengeS256 PCKE Method
	CodeChallengeS256 CodeChallengeMethod = "S256"
)

func (CodeChallengeMethod) String 

func (ccm CodeChallengeMethod) String() string

func (CodeChallengeMethod) Validate 

func (ccm CodeChallengeMethod) Validate(cc, ver string) bool

Validate code challenge

type Config 

type Config struct {
	// access token expiration time, 0 means it doesn't expire
	AccessTokenExp time.Duration
	// refresh token expiration time, 0 means it doesn't expire
	RefreshTokenExp time.Duration
	// whether to generate the refreshing token
	IsGenerateRefresh bool
}

Config authorization configuration parameters

type ConfigConfig 

type ConfigConfig struct {
	TokenType                   string         // token type
	AllowGetAccessRequest       bool           // to allow GET requests for the token
	AllowedResponseTypes        []ResponseType // allow the authorization type
	AllowedGrantTypes           []GrantType    // allow the grant type
	AllowedCodeChallengeMethods []CodeChallengeMethod
	ForcePKCE                   bool
}

Config configuration parameters

func NewConfigConfig 

func NewConfigConfig() *ConfigConfig

NewConfig create to configuration instance

type ExtensionFieldsHandler 

type ExtensionFieldsHandler func(ti TokenInfo) (fieldsValue map[string]interface{})

ExtensionFieldsHandler in response to the access token with the extension of the field

type GenerateBasic 

type GenerateBasic struct {
	Client    ClientInfo
	UserID    string
	CreateAt  time.Time
	TokenInfo TokenInfo
	Request   *http.Request
}

GenerateBasic provide the basis of the generated token data

type GrantType 

type GrantType string

GrantType authorization model 

const (
	AuthorizationCode   GrantType = "authorization_code"
	PasswordCredentials GrantType = "password"
	ClientCredentials   GrantType = "client_credentials"
	Refreshing          GrantType = "refresh_token"
	Implicit            GrantType = "__implicit"
)

define authorization model

func (GrantType) String 

func (gt GrantType) String() string

type InternalErrorHandler 

type InternalErrorHandler func(err error) (re *Response)

InternalErrorHandler internal error handing

type Manager 

type Manager interface {
	// get the client information
	GetClient(ctx context.Context, clientID string) (cli ClientInfo, err error)

	// generate the authorization token(code)
	GenerateAuthToken(ctx context.Context, rt ResponseType, tgr *TokenGenerateRequest) (authToken TokenInfo, err error)

	// generate the access token
	GenerateAccessToken(ctx context.Context, gt GrantType, tgr *TokenGenerateRequest) (accessToken TokenInfo, err error)

	// refreshing an access token
	RefreshAccessToken(ctx context.Context, tgr *TokenGenerateRequest) (accessToken TokenInfo, err error)

	// use the access token to delete the token information
	RemoveAccessToken(ctx context.Context, access string) (err error)

	// use the refresh token to delete the token information
	RemoveRefreshToken(ctx context.Context, refresh string) (err error)

	// according to the access token for corresponding token information
	LoadAccessToken(ctx context.Context, access string) (ti TokenInfo, err error)

	// according to the refresh token for corresponding token information
	LoadRefreshToken(ctx context.Context, refresh string) (ti TokenInfo, err error)
}

Manager authorization management interface

type PasswordAuthorizationHandler 

type PasswordAuthorizationHandler func(ctx context.Context, clientID, username, password string) (userID string, err error)

PasswordAuthorizationHandler get user id from username and password

type PreRedirectErrorHandler 

type PreRedirectErrorHandler func(w http.ResponseWriter, req *AuthorizeRequest, err error) error

PreRedirectErrorHandler is used to override "redirect-on-error" behavior

type RefreshingConfig 

type RefreshingConfig struct {
	// access token expiration time, 0 means it doesn't expire
	AccessTokenExp time.Duration
	// refresh token expiration time, 0 means it doesn't expire
	RefreshTokenExp time.Duration
	// whether to generate the refreshing token
	IsGenerateRefresh bool
	// whether to reset the refreshing create time
	IsResetRefreshTime bool
	// whether to remove access token
	IsRemoveAccess bool
	// whether to remove refreshing token
	IsRemoveRefreshing bool
}

RefreshingConfig refreshing token config

type RefreshingScopeHandler 

type RefreshingScopeHandler func(tgr *TokenGenerateRequest, oldScope string) (allowed bool, err error)

RefreshingScopeHandler check the scope of the refreshing token

type RefreshingValidationHandler 

type RefreshingValidationHandler func(ti TokenInfo) (allowed bool, err error)

RefreshingValidationHandler check if refresh_token is still valid. eg no revocation or other

type Response 

type Response struct {
	Error       error
	ErrorCode   int
	Description string
	URI         string
	StatusCode  int
	Header      http.Header
}

Response error response

func NewResponse 

func NewResponse(err error, statusCode int) *Response

NewResponse create the response pointer

func (*Response) SetHeader 

func (r *Response) SetHeader(key, value string)

SetHeader sets the header entries associated with key to the single element value.

type ResponseErrorHandler 

type ResponseErrorHandler func(re *Response)

ResponseErrorHandler response error handing

type ResponseTokenHandler 

type ResponseTokenHandler func(w http.ResponseWriter, data map[string]interface{}, header http.Header, statusCode ...int) error

ResponseTokenHandler response token handing

type ResponseType 

type ResponseType string

ResponseType the type of authorization request 

const (
	CodeType  ResponseType = "code"
	TokenType ResponseType = "token"
)

define the type of authorization request

func (ResponseType) String 

func (rt ResponseType) String() string

type Server 

type Server struct {
	Config                       *ConfigConfig
	Manager                      Manager
	ClientInfoHandler            ClientInfoHandler
	ClientAuthorizedHandler      ClientAuthorizedHandler
	ClientScopeHandler           ClientScopeHandler
	UserAuthorizationHandler     UserAuthorizationHandler
	PasswordAuthorizationHandler PasswordAuthorizationHandler
	RefreshingValidationHandler  RefreshingValidationHandler
	PreRedirectErrorHandler      PreRedirectErrorHandler
	RefreshingScopeHandler       RefreshingScopeHandler
	ResponseErrorHandler         ResponseErrorHandler
	InternalErrorHandler         InternalErrorHandler
	ExtensionFieldsHandler       ExtensionFieldsHandler
	AccessTokenExpHandler        AccessTokenExpHandler
	AuthorizeScopeHandler        AuthorizeScopeHandler
	ResponseTokenHandler         ResponseTokenHandler
}

Server Provide authorization server

func NewDefaultServer 

func NewDefaultServer(manager Manager) *Server

NewDefaultServer create a default authorization server

func NewServer 

func NewServer(cfg *ConfigConfig, manager Manager) *Server

NewServer create authorization server

func (*Server) BearerAuth 

func (s *Server) BearerAuth(r *http.Request) (string, bool)

BearerAuth parse bearer token

func (*Server) CheckCodeChallengeMethod 

func (s *Server) CheckCodeChallengeMethod(ccm CodeChallengeMethod) bool

CheckCodeChallengeMethod checks for allowed code challenge method

func (*Server) CheckGrantType 

func (s *Server) CheckGrantType(gt GrantType) bool

CheckGrantType check allows grant type

func (*Server) CheckResponseType 

func (s *Server) CheckResponseType(rt ResponseType) bool

CheckResponseType check allows response type

func (*Server) GetAccessToken 

func (s *Server) GetAccessToken(ctx context.Context, gt GrantType, tgr *TokenGenerateRequest) (TokenInfo,
	error)

GetAccessToken access token

func (*Server) GetAuthorizeData 

func (s *Server) GetAuthorizeData(rt ResponseType, ti TokenInfo) map[string]interface{}

GetAuthorizeData get authorization response data

func (*Server) GetAuthorizeToken 

func (s *Server) GetAuthorizeToken(ctx context.Context, req *AuthorizeRequest) (TokenInfo, error)

GetAuthorizeToken get authorization token(code)

func (*Server) GetErrorData 

func (s *Server) GetErrorData(err error) (map[string]interface{}, int, http.Header)

GetErrorData get error response data

func (*Server) GetRedirectURI 

func (s *Server) GetRedirectURI(req *AuthorizeRequest, data map[string]interface{}) (string, error)

GetRedirectURI get redirect uri

func (*Server) GetTokenData 

func (s *Server) GetTokenData(ti TokenInfo) map[string]interface{}

GetTokenData token data

func (*Server) HandleAuthorizeRequest 

func (s *Server) HandleAuthorizeRequest(w http.ResponseWriter, r *http.Request) (string, error)

HandleAuthorizeRequest the authorization request handling

func (*Server) HandleTokenRequest 

func (s *Server) HandleTokenRequest(w http.ResponseWriter, r *http.Request) error

HandleTokenRequest token request handling

func (*Server) SetAccessTokenExpHandler 

func (s *Server) SetAccessTokenExpHandler(handler AccessTokenExpHandler)

SetAccessTokenExpHandler set expiration date for the access token

func (*Server) SetAllowGetAccessRequest 

func (s *Server) SetAllowGetAccessRequest(allow bool)

SetAllowGetAccessRequest to allow GET requests for the token

func (*Server) SetAllowedGrantType 

func (s *Server) SetAllowedGrantType(types ...GrantType)

SetAllowedGrantType allow the grant types

func (*Server) SetAllowedResponseType 

func (s *Server) SetAllowedResponseType(types ...ResponseType)

SetAllowedResponseType allow the authorization types

func (*Server) SetAuthorizeScopeHandler 

func (s *Server) SetAuthorizeScopeHandler(handler AuthorizeScopeHandler)

SetAuthorizeScopeHandler set scope for the access token

func (*Server) SetClientAuthorizedHandler 

func (s *Server) SetClientAuthorizedHandler(handler ClientAuthorizedHandler)

SetClientAuthorizedHandler check the client allows to use this authorization grant type

func (*Server) SetClientInfoHandler 

func (s *Server) SetClientInfoHandler(handler ClientInfoHandler)

SetClientInfoHandler get client info from request

func (*Server) SetClientScopeHandler 

func (s *Server) SetClientScopeHandler(handler ClientScopeHandler)

SetClientScopeHandler check the client allows to use scope

func (*Server) SetExtensionFieldsHandler 

func (s *Server) SetExtensionFieldsHandler(handler ExtensionFieldsHandler)

SetExtensionFieldsHandler in response to the access token with the extension of the field

func (*Server) SetInternalErrorHandler 

func (s *Server) SetInternalErrorHandler(handler InternalErrorHandler)

SetInternalErrorHandler internal error handling

func (*Server) SetPasswordAuthorizationHandler 

func (s *Server) SetPasswordAuthorizationHandler(handler PasswordAuthorizationHandler)

SetPasswordAuthorizationHandler get user id from username and password

func (*Server) SetPreRedirectErrorHandler 

func (s *Server) SetPreRedirectErrorHandler(handler PreRedirectErrorHandler)

SetPreRedirectErrorHandler sets the PreRedirectErrorHandler in current Server instance

func (*Server) SetRefreshingScopeHandler 

func (s *Server) SetRefreshingScopeHandler(handler RefreshingScopeHandler)

SetRefreshingScopeHandler check the scope of the refreshing token

func (*Server) SetRefreshingValidationHandler 

func (s *Server) SetRefreshingValidationHandler(handler RefreshingValidationHandler)

SetRefreshingValidationHandler check if refresh_token is still valid. eg no revocation or other

func (*Server) SetResponseErrorHandler 

func (s *Server) SetResponseErrorHandler(handler ResponseErrorHandler)

SetResponseErrorHandler response error handling

func (*Server) SetResponseTokenHandler 

func (s *Server) SetResponseTokenHandler(handler ResponseTokenHandler)

SetResponseTokenHandler response token handing

func (*Server) SetTokenType 

func (s *Server) SetTokenType(tokenType string)

SetTokenType token type

func (*Server) SetUserAuthorizationHandler 

func (s *Server) SetUserAuthorizationHandler(handler UserAuthorizationHandler)

SetUserAuthorizationHandler get user id from request authorization

func (*Server) ValidationAuthorizeRequest 

func (s *Server) ValidationAuthorizeRequest(r *http.Request) (*AuthorizeRequest, error)

ValidationAuthorizeRequest the authorization request validation

func (*Server) ValidationBearerToken 

func (s *Server) ValidationBearerToken(r *http.Request) (TokenInfo, error)

ValidationBearerToken validation the bearer tokens https://tools.ietf.org/html/rfc6750

func (*Server) ValidationTokenRequest 

func (s *Server) ValidationTokenRequest(r *http.Request) (GrantType, *TokenGenerateRequest, error)

ValidationTokenRequest the token request validation

type Token 

type Token struct {
	ClientID            string        `bson:"ClientID"`
	UserID              string        `bson:"UserID"`
	RedirectURI         string        `bson:"RedirectURI"`
	Scope               string        `bson:"Scope"`
	Code                string        `bson:"Code"`
	CodeChallenge       string        `bson:"CodeChallenge"`
	CodeChallengeMethod string        `bson:"CodeChallengeMethod"`
	CodeCreateAt        time.Time     `bson:"CodeCreateAt"`
	CodeExpiresIn       time.Duration `bson:"CodeExpiresIn"`
	Access              string        `bson:"Access"`
	AccessCreateAt      time.Time     `bson:"AccessCreateAt"`
	AccessExpiresIn     time.Duration `bson:"AccessExpiresIn"`
	Refresh             string        `bson:"Refresh"`
	RefreshCreateAt     time.Time     `bson:"RefreshCreateAt"`
	RefreshExpiresIn    time.Duration `bson:"RefreshExpiresIn"`
}

Token token model

func NewToken 

func NewToken() *Token

NewToken create to token model instance

func (*Token) GetAccess 

func (t *Token) GetAccess() string

GetAccess access Token

func (*Token) GetAccessCreateAt 

func (t *Token) GetAccessCreateAt() time.Time

GetAccessCreateAt create Time

func (*Token) GetAccessExpiresIn 

func (t *Token) GetAccessExpiresIn() time.Duration

GetAccessExpiresIn the lifetime in seconds of the access token

func (*Token) GetClientID 

func (t *Token) GetClientID() string

GetClientID the client id

func (*Token) GetCode 

func (t *Token) GetCode() string

GetCode authorization code

func (*Token) GetCodeChallenge 

func (t *Token) GetCodeChallenge() string

GetCodeChallenge challenge code

func (*Token) GetCodeChallengeMethod 

func (t *Token) GetCodeChallengeMethod() CodeChallengeMethod

GetCodeChallengeMethod challenge method

func (*Token) GetCodeCreateAt 

func (t *Token) GetCodeCreateAt() time.Time

GetCodeCreateAt create Time

func (*Token) GetCodeExpiresIn 

func (t *Token) GetCodeExpiresIn() time.Duration

GetCodeExpiresIn the lifetime in seconds of the authorization code

func (*Token) GetRedirectURI 

func (t *Token) GetRedirectURI() string

GetRedirectURI redirect URI

func (*Token) GetRefresh 

func (t *Token) GetRefresh() string

GetRefresh refresh Token

func (*Token) GetRefreshCreateAt 

func (t *Token) GetRefreshCreateAt() time.Time

GetRefreshCreateAt create Time

func (*Token) GetRefreshExpiresIn 

func (t *Token) GetRefreshExpiresIn() time.Duration

GetRefreshExpiresIn the lifetime in seconds of the refresh token

func (*Token) GetScope 

func (t *Token) GetScope() string

GetScope get scope of authorization

func (*Token) GetUserID 

func (t *Token) GetUserID() string

GetUserID the user id

func (*Token) New 

func (t *Token) New() TokenInfo

New create to token model instance

func (*Token) SetAccess 

func (t *Token) SetAccess(access string)

SetAccess access Token

func (*Token) SetAccessCreateAt 

func (t *Token) SetAccessCreateAt(createAt time.Time)

SetAccessCreateAt create Time

func (*Token) SetAccessExpiresIn 

func (t *Token) SetAccessExpiresIn(exp time.Duration)

SetAccessExpiresIn the lifetime in seconds of the access token

func (*Token) SetClientID 

func (t *Token) SetClientID(clientID string)

SetClientID the client id

func (*Token) SetCode 

func (t *Token) SetCode(code string)

SetCode authorization code

func (*Token) SetCodeChallenge 

func (t *Token) SetCodeChallenge(code string)

SetCodeChallenge challenge code

func (*Token) SetCodeChallengeMethod 

func (t *Token) SetCodeChallengeMethod(method CodeChallengeMethod)

SetCodeChallengeMethod challenge method

func (*Token) SetCodeCreateAt 

func (t *Token) SetCodeCreateAt(createAt time.Time)

SetCodeCreateAt create Time

func (*Token) SetCodeExpiresIn 

func (t *Token) SetCodeExpiresIn(exp time.Duration)

SetCodeExpiresIn the lifetime in seconds of the authorization code

func (*Token) SetRedirectURI 

func (t *Token) SetRedirectURI(redirectURI string)

SetRedirectURI redirect URI

func (*Token) SetRefresh 

func (t *Token) SetRefresh(refresh string)

SetRefresh refresh Token

func (*Token) SetRefreshCreateAt 

func (t *Token) SetRefreshCreateAt(createAt time.Time)

SetRefreshCreateAt create Time

func (*Token) SetRefreshExpiresIn 

func (t *Token) SetRefreshExpiresIn(exp time.Duration)

SetRefreshExpiresIn the lifetime in seconds of the refresh token

func (*Token) SetScope 

func (t *Token) SetScope(scope string)

SetScope get scope of authorization

func (*Token) SetUserID 

func (t *Token) SetUserID(userID string)

SetUserID the user id

type TokenGenerateRequest 

type TokenGenerateRequest struct {
	ClientID            string
	ClientSecret        string
	UserID              string
	RedirectURI         string
	Scope               string
	Code                string
	CodeChallenge       string
	CodeChallengeMethod CodeChallengeMethod
	Refresh             string
	CodeVerifier        string
	AccessTokenExp      time.Duration
	Request             *http.Request
}

TokenGenerateRequest provide to generate the token request parameters

type TokenInfo 

type TokenInfo interface {
	New() TokenInfo

	GetClientID() string
	SetClientID(string)
	GetUserID() string
	SetUserID(string)
	GetRedirectURI() string
	SetRedirectURI(string)
	GetScope() string
	SetScope(string)

	GetCode() string
	SetCode(string)
	GetCodeCreateAt() time.Time
	SetCodeCreateAt(time.Time)
	GetCodeExpiresIn() time.Duration
	SetCodeExpiresIn(time.Duration)
	GetCodeChallenge() string
	SetCodeChallenge(string)
	GetCodeChallengeMethod() CodeChallengeMethod
	SetCodeChallengeMethod(CodeChallengeMethod)

	GetAccess() string
	SetAccess(string)
	GetAccessCreateAt() time.Time
	SetAccessCreateAt(time.Time)
	GetAccessExpiresIn() time.Duration
	SetAccessExpiresIn(time.Duration)

	GetRefresh() string
	SetRefresh(string)
	GetRefreshCreateAt() time.Time
	SetRefreshCreateAt(time.Time)
	GetRefreshExpiresIn() time.Duration
	SetRefreshExpiresIn(time.Duration)
}

TokenInfo the token information model interface

type TokenStore 

type TokenStore interface {
	// create and store the new token information
	Create(ctx context.Context, info TokenInfo) error

	// delete the authorization code
	RemoveByCode(ctx context.Context, code string) error

	// use the access token to delete the token information
	RemoveByAccess(ctx context.Context, access string) error

	// use the refresh token to delete the token information
	RemoveByRefresh(ctx context.Context, refresh string) error

	// use the authorization code for token information data
	GetByCode(ctx context.Context, code string) (TokenInfo, error)

	// use the access token for token information data
	GetByAccess(ctx context.Context, access string) (TokenInfo, error)

	// use the refresh token for token information data
	GetByRefresh(ctx context.Context, refresh string) (TokenInfo, error)
}

type UserAuthorizationHandler 

type UserAuthorizationHandler func(w http.ResponseWriter, r *http.Request) (userID string, err error)

UserAuthorizationHandler get user id from request authorization

type ValidateURIHandler 

type ValidateURIHandler func(baseURI, redirectURI string) error

ValidateURIHandler validates that redirectURI is contained in baseURI

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.