Documentation ¶
Index ¶
- Constants
- Variables
- func NewHS256JwtClaimsToken(claims *JwtClaims, jwtVerifyKey []byte) (string, error)
- func NewJwtClaimsToken(claims *JwtClaims, algorithm string, key interface{}) (string, error)
- func NewJwtStandardClaimsToken(claims *JwtStandardClaims, algorithm string, key interface{}) (string, error)
- func NewJwtToken(v interface{}, algorithm string, key interface{}) (string, error)
- func NewOpenIDContext(ctx context.Context, openID string) context.Context
- func OpenIDFromContext(ctx context.Context) (string, error)
- func RandomCode() string
- func RandomDeviceCode() string
- func RandomState() string
- func RandomUserCode() string
- func RedirectError(w http.ResponseWriter, r *http.Request, redirectURI *url.URL, err error)
- func RedirectSuccess(w http.ResponseWriter, r *http.Request, redirectURI *url.URL, code string)
- func StringSplit(s, sep string) (results []string)
- func WriterError(w http.ResponseWriter, err error)
- func WriterJSON(w http.ResponseWriter, value interface{})
- type AccessTokener
- type Client
- func (c *Client) AuthorizeAuthorizationCode(ctx context.Context, w http.ResponseWriter, redirectURI, scope, state string) (err error)
- func (c *Client) AuthorizeImplicit(ctx context.Context, w http.ResponseWriter, redirectURI, scope, state string) (err error)
- func (c *Client) DeviceAuthorization(ctx context.Context, w http.ResponseWriter, scope string) (err error)
- func (c *Client) RefreshToken(ctx context.Context, refreshToken string) (model *TokenResponse, err error)
- func (c *Client) Token(ctx context.Context, grantType string, values url.Values) (token *TokenResponse, err error)
- func (c *Client) TokenAuthorizationCode(ctx context.Context, code, redirectURI, clientID string) (token *TokenResponse, err error)
- func (c *Client) TokenClientCredentials(ctx context.Context, scope ...string) (model *TokenResponse, err error)
- func (c *Client) TokenDeviceCode(ctx context.Context, deviceCode string) (model *TokenResponse, err error)
- func (c *Client) TokenIntrospect(ctx context.Context, token string, tokenTypeHint ...string) (introspection *IntrospectionResponse, err error)
- func (c *Client) TokenResourceOwnerPasswordCredentials(ctx context.Context, username, password string) (model *TokenResponse, err error)
- func (c *Client) TokenRevocation(ctx context.Context, token string, tokenTypeHint ...string) (introspection *IntrospectionResponse, err error)
- type ClientBasic
- type CodeValue
- type CustomGrantTypeAuthenticationFunc
- type DefaultAccessToken
- func (d *DefaultAccessToken) Generate(ctx context.Context, issuer, clientID, scope, openID string, code *CodeValue) (token *TokenResponse, err error)
- func (d *DefaultAccessToken) Parse(ctx context.Context, accessToken string) (claims *JwtClaims, err error)
- func (d *DefaultAccessToken) Refresh(ctx context.Context, clientID, refreshToken string) (token *TokenResponse, err error)
- type DefaultLogger
- func (*DefaultLogger) Debugf(_ context.Context, format string, args ...interface{})
- func (*DefaultLogger) Debugln(_ context.Context, args ...interface{})
- func (*DefaultLogger) Errorf(_ context.Context, format string, args ...interface{})
- func (*DefaultLogger) Errorln(_ context.Context, args ...interface{})
- type DeviceAuthorizationResponse
- type DeviceCodeValue
- type ErrorResponse
- type GenerateAccessTokenFunc
- type GenerateCodeFunc
- type GenerateDeviceAuthorizationFunc
- type IntrospectionResponse
- type JwtClaims
- type JwtStandardClaims
- func (c JwtStandardClaims) Valid() error
- func (c *JwtStandardClaims) VerifyAudience(cmp []string, req bool) bool
- func (c *JwtStandardClaims) VerifyExpiresAt(cmp int64, req bool) bool
- func (c *JwtStandardClaims) VerifyIssuedAt(cmp int64, req bool) bool
- func (c *JwtStandardClaims) VerifyIssuer(cmp string, req bool) bool
- func (c *JwtStandardClaims) VerifyNotBefore(cmp int64, req bool) bool
- type Logger
- type ParseAccessTokenFunc
- type RefreshAccessTokenFunc
- type Server
- func (srv *Server) HandleAuthorize(w http.ResponseWriter, r *http.Request)
- func (srv *Server) HandleDeviceAuthorization(w http.ResponseWriter, r *http.Request)
- func (srv *Server) HandleToken(w http.ResponseWriter, r *http.Request)
- func (srv *Server) HandleTokenIntrospection(w http.ResponseWriter, r *http.Request)
- func (srv *Server) HandleTokenRevocation(w http.ResponseWriter, r *http.Request)
- func (srv *Server) Init(opts ...ServerOption)
- type ServerOption
- func ServerCustomGrantTypeAuthentication(customGrantTypeAuthentication map[string]CustomGrantTypeAuthenticationFunc) ServerOption
- func ServerCustomGrantTypeEnabled(customGrantTypeEnabled bool) ServerOption
- func ServerDeviceAuthorizationEndpointEnabled(deviceAuthorizationEndpointEnabled bool) ServerOption
- func ServerDeviceVerificationURI(deviceVerificationURI string) ServerOption
- func ServerIntrospectEndpointEnabled(introspectEndpointEnabled bool) ServerOption
- func ServerIssuer(issuer string) ServerOption
- func ServerLogger(log Logger) ServerOption
- func ServerTokenRevocationEnabled(tokenRevocationEnabled bool) ServerOption
- type ServerOptions
- type TokenResponse
- type TokenRevocationFunc
- type VerifyClientFunc
- type VerifyClientIDFunc
- type VerifyCodeFunc
- type VerifyDeviceCodeFunc
- type VerifyGrantTypeFunc
- type VerifyIntrospectionTokenFunc
- type VerifyPasswordFunc
- type VerifyRedirectURIFunc
- type VerifyScopeFunc
Constants ¶
const ( // AccessTokenExpire ... AccessTokenExpire = time.Second * 3600 // RefreshTokenExpire ... RefreshTokenExpire = AccessTokenExpire / 2 // TokenTypeBearer ... TokenTypeBearer = "Bearer" // ScopeRefreshToken ... ScopeRefreshToken = "refresh_token" // DefaultJwtIssuer ... DefaultJwtIssuer = "github.com/nilorg/oauth2" )
const ( // ResponseTypeKey ... ResponseTypeKey = "response_type" // ClientIDKey ... ClientIDKey = "client_id" // ClientSecretKey ... ClientSecretKey = "client_secret" // RedirectURIKey ... RedirectURIKey = "redirect_uri" // ScopeKey ... ScopeKey = "scope" // StateKey ... StateKey = "state" // GrantTypeKey ... GrantTypeKey = "grant_type" // CodeKey ... CodeKey = "code" // TokenKey ... TokenKey = "token" // ErrorKey ... ErrorKey = "error" // AccessTokenKey ... AccessTokenKey = "access_token" // TokenTypeKey ... TokenTypeKey = "token_type" // ClientCredentialsKey ... ClientCredentialsKey = "client_credentials" // PasswordKey ... PasswordKey = "password" // UsernameKey ... UsernameKey = "username" // RefreshTokenKey ... RefreshTokenKey = "refresh_token" // AuthorizationCodeKey ... AuthorizationCodeKey = "authorization_code" // DeviceCodeKey ... DeviceCodeKey = "device_code" // UrnIetfParamsOAuthGrantTypeDeviceCodeKey ... UrnIetfParamsOAuthGrantTypeDeviceCodeKey = "urn:ietf:params:oauth:grant-type:device_code" // TokenTypeHintKey ... TokenTypeHintKey = "token_type_hint" // ImplicitKey ... ImplicitKey = "implicit" )
Variables ¶
var ( // ErrInvalidRequest 无效的请求 ErrInvalidRequest = errors.New("invalid_request") ErrUnauthorizedClient = errors.New("unauthorized_client") // ErrAccessDenied 拒绝访问 ErrAccessDenied = errors.New("access_denied") // ErrUnsupportedResponseType 不支持的response类型 ErrUnsupportedResponseType = errors.New("unsupported_response_type") // ErrUnsupportedGrantType 不支持的grant类型 ErrUnsupportedGrantType = errors.New("unsupported_grant_type") // ErrInvalidGrant 无效的grant ErrInvalidGrant = errors.New("invalid_grant") // ErrInvalidScope 无效scope ErrInvalidScope = errors.New("invalid_scope") ErrTemporarilyUnavailable = errors.New("temporarily_unavailable") // ErrServerError 服务器错误 ErrServerError = errors.New("server_error") // ErrInvalidClient 无效的客户 ErrInvalidClient = errors.New("invalid_client") // ErrExpiredToken 过期的令牌 ErrExpiredToken = errors.New("expired_token") // ErrAuthorizationPending 授权待定 // https://tools.ietf.org/html/rfc8628#section-3.5 ErrAuthorizationPending = errors.New("authorization_pending") // ErrSlowDown 轮询太频繁 // https://tools.ietf.org/html/rfc8628#section-3.5 ErrSlowDown = errors.New("slow_down") // ErrUnsupportedTokenType 不支持的令牌类型 // https://tools.ietf.org/html/rfc7009#section-4.1.1 ErrUnsupportedTokenType = errors.New("unsupported_token_type") )
var ( // ErrVerifyClientFuncNil ... ErrVerifyClientFuncNil = errors.New("OAuth2 Server VerifyClient Is Nil") // ErrVerifyClientIDFuncNil ... ErrVerifyClientIDFuncNil = errors.New("OAuth2 Server VerifyClientID Is Nil") // ErrVerifyPasswordFuncNil ... ErrVerifyPasswordFuncNil = errors.New("OAuth2 Server VerifyPassword Is Nil") // ErrVerifyRedirectURIFuncNil ... ErrVerifyRedirectURIFuncNil = errors.New("OAuth2 Server VerifyRedirectURI Is Nil") // ErrGenerateCodeFuncNil ... ErrGenerateCodeFuncNil = errors.New("OAuth2 Server GenerateCode Is Nil") // ErrVerifyCodeFuncNil ... ErrVerifyCodeFuncNil = errors.New("OAuth2 Server VerifyCode Is Nil") // ErrVerifyScopeFuncNil ... ErrVerifyScopeFuncNil = errors.New("OAuth2 Server VerifyScope Is Nil") // ErrGenerateAccessTokenFuncNil ... ErrGenerateAccessTokenFuncNil = errors.New("OAuth2 Server GenerateAccessTokenFunc Is Nil") // ErrGenerateDeviceAuthorizationFuncNil ... ErrGenerateDeviceAuthorizationFuncNil = errors.New("OAuth2 Server GenerateDeviceAuthorizationFunc Is Nil") // ErrVerifyDeviceCodeFuncNil ... ErrVerifyDeviceCodeFuncNil = errors.New("OAuth2 Server ErrVerifyDeviceCodeFunc Is Nil") // ErrRefreshAccessTokenFuncNil ... ErrRefreshAccessTokenFuncNil = errors.New("OAuth2 Server ErrRefreshAccessTokenFuncNil Is Nil") // ErrParseAccessTokenFuncNil ... ErrParseAccessTokenFuncNil = errors.New("OAuth2 Server ParseAccessTokenFunc Is Nil") // ErrVerifyIntrospectionTokenFuncNil ... ErrVerifyIntrospectionTokenFuncNil = errors.New("OAuth2 Server VerifyIntrospectionToken Is Nil") // ErrTokenRevocationFuncNil ... ErrTokenRevocationFuncNil = errors.New("OAuth2 Server TokenRevocation Is Nil") // ErrVerifyGrantTypeFuncNil ... ErrVerifyGrantTypeFuncNil = errors.New("OAuth2 Server VerifyGrantType Is Nil") // ErrInvalidAccessToken 无效的访问令牌 ErrInvalidAccessToken = errors.New("invalid_access_token") // ErrInvalidRedirectURI 无效的RedirectURI ErrInvalidRedirectURI = errors.New("invalid_redirect_uri") // ErrStateValueDidNotMatch ... ErrStateValueDidNotMatch = errors.New("state value did not match") // ErrMissingAccessToken ... ErrMissingAccessToken = errors.New("missing access token") // ErrAccessToken ... ErrAccessToken = errors.New("OAuth2 Server AccessToken Is Nil") )
var ( // Errors ... Errors = map[string]error{ ErrVerifyClientFuncNil.Error(): ErrVerifyClientFuncNil, ErrInvalidAccessToken.Error(): ErrInvalidAccessToken, ErrStateValueDidNotMatch.Error(): ErrStateValueDidNotMatch, ErrMissingAccessToken.Error(): ErrMissingAccessToken, ErrInvalidRequest.Error(): ErrInvalidRequest, ErrUnauthorizedClient.Error(): ErrUnauthorizedClient, ErrAccessDenied.Error(): ErrAccessDenied, ErrUnsupportedResponseType.Error(): ErrUnsupportedResponseType, ErrUnsupportedGrantType.Error(): ErrUnsupportedGrantType, ErrInvalidGrant.Error(): ErrInvalidGrant, ErrInvalidScope.Error(): ErrInvalidScope, ErrTemporarilyUnavailable.Error(): ErrTemporarilyUnavailable, ErrServerError.Error(): ErrServerError, ErrInvalidClient.Error(): ErrInvalidClient, ErrExpiredToken.Error(): ErrExpiredToken, ErrAuthorizationPending.Error(): ErrAuthorizationPending, ErrSlowDown.Error(): ErrSlowDown, ErrUnsupportedTokenType.Error(): ErrUnsupportedTokenType, } // ErrStatusCodes ... ErrStatusCodes = map[error]int{ ErrInvalidRequest: http.StatusBadRequest, ErrUnauthorizedClient: http.StatusUnauthorized, ErrAccessDenied: http.StatusForbidden, ErrUnsupportedResponseType: http.StatusUnauthorized, ErrInvalidScope: http.StatusBadRequest, ErrServerError: http.StatusInternalServerError, ErrTemporarilyUnavailable: http.StatusServiceUnavailable, ErrInvalidClient: http.StatusUnauthorized, ErrInvalidGrant: http.StatusUnauthorized, ErrUnsupportedGrantType: http.StatusUnauthorized, ErrExpiredToken: http.StatusUnauthorized, ErrAuthorizationPending: http.StatusPreconditionRequired, ErrSlowDown: http.StatusForbidden, ErrUnsupportedTokenType: http.StatusServiceUnavailable, } )
var ( // ErrContextNotFoundOpenID 上下文不存在OpenID ErrContextNotFoundOpenID = errors.New("OAuth2上下文不存在OpenID") )
Functions ¶
func NewHS256JwtClaimsToken ¶ added in v0.2.1
NewHS256JwtClaimsToken ...
func NewJwtClaimsToken ¶ added in v0.2.1
NewJwtClaimsToken ...
func NewJwtStandardClaimsToken ¶ added in v0.2.1
func NewJwtStandardClaimsToken(claims *JwtStandardClaims, algorithm string, key interface{}) (string, error)
NewJwtStandardClaimsToken ...
func NewJwtToken ¶ added in v0.2.0
NewJwtToken ...
func NewOpenIDContext ¶ added in v0.0.3
NewOpenIDContext 创建OpenID上下文
func OpenIDFromContext ¶ added in v0.0.3
OpenIDFromContext ...
func RandomDeviceCode ¶ added in v0.2.0
func RandomDeviceCode() string
RandomDeviceCode 随机DeviceCode
func RedirectError ¶
RedirectError 重定向错误
func RedirectSuccess ¶
RedirectSuccess 重定向成功
func StringSplit ¶ added in v0.0.4
StringSplit strings.Split
Types ¶
type AccessTokener ¶ added in v0.4.2
type AccessTokener interface { Generate(ctx context.Context, issuer, clientID, scope, openID string, code *CodeValue) (token *TokenResponse, err error) Refresh(ctx context.Context, clientID, refreshToken string) (token *TokenResponse, err error) Parse(ctx context.Context, accessToken string) (claims *JwtClaims, err error) }
AccessTokener AccessToken接口
type Client ¶
type Client struct { Log Logger ServerBaseURL string AuthorizationEndpoint string TokenEndpoint string IntrospectEndpoint string DeviceAuthorizationEndpoint string TokenRevocationEndpoint string ID string Secret string // contains filtered or unexported fields }
Client oauth2 client
func (*Client) AuthorizeAuthorizationCode ¶
func (c *Client) AuthorizeAuthorizationCode(ctx context.Context, w http.ResponseWriter, redirectURI, scope, state string) (err error)
AuthorizeAuthorizationCode ...
func (*Client) AuthorizeImplicit ¶
func (c *Client) AuthorizeImplicit(ctx context.Context, w http.ResponseWriter, redirectURI, scope, state string) (err error)
AuthorizeImplicit ...
func (*Client) DeviceAuthorization ¶ added in v0.2.0
func (c *Client) DeviceAuthorization(ctx context.Context, w http.ResponseWriter, scope string) (err error)
DeviceAuthorization ...
func (*Client) RefreshToken ¶
func (c *Client) RefreshToken(ctx context.Context, refreshToken string) (model *TokenResponse, err error)
RefreshToken ...
func (*Client) TokenAuthorizationCode ¶
func (c *Client) TokenAuthorizationCode(ctx context.Context, code, redirectURI, clientID string) (token *TokenResponse, err error)
TokenAuthorizationCode ... TokenAuthorizationCode(code, redirectURI, state string)
func (*Client) TokenClientCredentials ¶
func (c *Client) TokenClientCredentials(ctx context.Context, scope ...string) (model *TokenResponse, err error)
TokenClientCredentials ...
func (*Client) TokenDeviceCode ¶ added in v0.2.0
func (c *Client) TokenDeviceCode(ctx context.Context, deviceCode string) (model *TokenResponse, err error)
TokenDeviceCode ...
func (*Client) TokenIntrospect ¶ added in v0.2.0
func (c *Client) TokenIntrospect(ctx context.Context, token string, tokenTypeHint ...string) (introspection *IntrospectionResponse, err error)
TokenIntrospect ...
func (*Client) TokenResourceOwnerPasswordCredentials ¶
func (c *Client) TokenResourceOwnerPasswordCredentials(ctx context.Context, username, password string) (model *TokenResponse, err error)
TokenResourceOwnerPasswordCredentials ...
func (*Client) TokenRevocation ¶ added in v0.2.0
func (c *Client) TokenRevocation(ctx context.Context, token string, tokenTypeHint ...string) (introspection *IntrospectionResponse, err error)
TokenRevocation token撤销
type ClientBasic ¶
ClientBasic 客户端基础
func RequestClientBasic ¶
func RequestClientBasic(r *http.Request) (basic *ClientBasic, err error)
RequestClientBasic 获取请求中的客户端信息
type CodeValue ¶
type CodeValue struct { ClientID string `json:"client_id"` OpenID string `json:"open_id"` RedirectURI string `json:"redirect_uri"` Scope []string `json:"scope"` }
CodeValue code值
func (*CodeValue) MarshalBinary ¶ added in v0.0.4
MarshalBinary json
func (*CodeValue) UnmarshalBinary ¶ added in v0.0.4
UnmarshalBinary json
type CustomGrantTypeAuthenticationFunc ¶ added in v0.3.3
type CustomGrantTypeAuthenticationFunc func(ctx context.Context, client *ClientBasic, req *http.Request) (openID string, err error)
CustomGrantTypeAuthenticationFunc 自定义GrantType身份验证委托
type DefaultAccessToken ¶ added in v0.4.2
type DefaultAccessToken struct { AccessTokener JwtVerifyKey []byte }
func NewDefaultAccessToken ¶ added in v0.4.2
func NewDefaultAccessToken(jwtVerifyKey []byte) *DefaultAccessToken
func (*DefaultAccessToken) Generate ¶ added in v0.4.2
func (d *DefaultAccessToken) Generate(ctx context.Context, issuer, clientID, scope, openID string, code *CodeValue) (token *TokenResponse, err error)
Generate 生成AccessToken
func (*DefaultAccessToken) Parse ¶ added in v0.4.2
func (d *DefaultAccessToken) Parse(ctx context.Context, accessToken string) (claims *JwtClaims, err error)
Parse 解析AccessToken
func (*DefaultAccessToken) Refresh ¶ added in v0.4.2
func (d *DefaultAccessToken) Refresh(ctx context.Context, clientID, refreshToken string) (token *TokenResponse, err error)
Refresh 刷新AccessToken
type DefaultLogger ¶
type DefaultLogger struct{}
DefaultLogger ...
func (*DefaultLogger) Debugf ¶
func (*DefaultLogger) Debugf(_ context.Context, format string, args ...interface{})
Debugf ...
func (*DefaultLogger) Debugln ¶
func (*DefaultLogger) Debugln(_ context.Context, args ...interface{})
Debugln ...
func (*DefaultLogger) Errorf ¶
func (*DefaultLogger) Errorf(_ context.Context, format string, args ...interface{})
Errorf ...
func (*DefaultLogger) Errorln ¶
func (*DefaultLogger) Errorln(_ context.Context, args ...interface{})
Errorln ...
type DeviceAuthorizationResponse ¶ added in v0.2.0
type DeviceAuthorizationResponse struct { DeviceCode string `json:"device_code"` UserCode string `json:"user_code"` VerificationURI string `json:"verification_uri"` VerificationURIComplete string `json:"verification_uri_complete,omitempty"` ExpiresIn int64 `json:"expires_in"` Interval int `json:"interval"` }
DeviceAuthorizationResponse Device Authorization Response. https://tools.ietf.org/html/rfc8628#section-3.2
type DeviceCodeValue ¶ added in v0.2.0
DeviceCodeValue device_code值
func (*DeviceCodeValue) MarshalBinary ¶ added in v0.2.0
func (code *DeviceCodeValue) MarshalBinary() ([]byte, error)
MarshalBinary json
func (*DeviceCodeValue) UnmarshalBinary ¶ added in v0.2.0
func (code *DeviceCodeValue) UnmarshalBinary(data []byte) error
UnmarshalBinary json
type ErrorResponse ¶
type ErrorResponse struct {
Error string `json:"error"`
}
ErrorResponse error response.
type GenerateAccessTokenFunc ¶ added in v0.1.0
type GenerateAccessTokenFunc func(ctx context.Context, issuer, clientID, scope, openID string, code *CodeValue) (token *TokenResponse, err error)
GenerateAccessTokenFunc 生成AccessToken委托
func NewDefaultGenerateAccessToken ¶ added in v0.1.0
func NewDefaultGenerateAccessToken(jwtVerifyKey []byte) GenerateAccessTokenFunc
NewDefaultGenerateAccessToken 创建默认生成AccessToken方法
type GenerateCodeFunc ¶
type GenerateCodeFunc func(ctx context.Context, clientID, openID, redirectURI string, scope []string) (code string, err error)
GenerateCodeFunc 生成Code委托
type GenerateDeviceAuthorizationFunc ¶ added in v0.2.0
type GenerateDeviceAuthorizationFunc func(ctx context.Context, issuer, verificationURI, clientID string, scope []string) (resp *DeviceAuthorizationResponse, err error)
GenerateDeviceAuthorizationFunc 生成设备授权
type IntrospectionResponse ¶ added in v0.2.0
type IntrospectionResponse struct { Active bool `json:"active"` ClientID string `json:"client_id,omitempty"` Username string `json:"username,omitempty"` Scope string `json:"scope,omitempty"` Sub string `json:"sub,omitempty"` Aud string `json:"aud,omitempty"` Iss int64 `json:"iss,omitempty"` Exp int64 `json:"exp,omitempty"` }
IntrospectionResponse Introspection Response. https://tools.ietf.org/html/rfc7662#section-2.2
type JwtClaims ¶
type JwtClaims struct { JwtStandardClaims Scope string `json:"scope,omitempty"` }
JwtClaims 在jwt标准上的扩展
func NewJwtClaims ¶
NewJwtClaims ...
func ParseHS256JwtClaimsToken ¶ added in v0.2.1
ParseHS256JwtClaimsToken ...
func ParseJwtClaimsToken ¶ added in v0.2.1
ParseJwtClaimsToken ...
type JwtStandardClaims ¶ added in v0.2.0
type JwtStandardClaims struct { Audience []string `json:"aud,omitempty"` ExpiresAt int64 `json:"exp,omitempty"` ID string `json:"jti,omitempty"` IssuedAt int64 `json:"iat,omitempty"` Issuer string `json:"iss,omitempty"` NotBefore int64 `json:"nbf,omitempty"` Subject string `json:"sub,omitempty"` }
JwtStandardClaims as referenced at https://tools.ietf.org/html/rfc7519#section-4.1
func ParseJwtStandardClaimsToken ¶ added in v0.2.1
func ParseJwtStandardClaimsToken(token string, key interface{}) (claims *JwtStandardClaims, err error)
ParseJwtStandardClaimsToken ...
func (JwtStandardClaims) Valid ¶ added in v0.2.0
func (c JwtStandardClaims) Valid() error
Valid time based claims "exp, iat, nbf". There is no accounting for clock skew. As well, if any of the above claims are not in the token, it will still be considered a valid claim.
func (*JwtStandardClaims) VerifyAudience ¶ added in v0.2.0
func (c *JwtStandardClaims) VerifyAudience(cmp []string, req bool) bool
VerifyAudience Compares the aud claim against cmp. If required is false, this method will return true if the value matches or is unset 如果required为false,如果值匹配或未设置,此方法将返回true
func (*JwtStandardClaims) VerifyExpiresAt ¶ added in v0.2.0
func (c *JwtStandardClaims) VerifyExpiresAt(cmp int64, req bool) bool
VerifyExpiresAt Compares the exp claim against cmp. If required is false, this method will return true if the value matches or is unset 如果required为false,如果值匹配或未设置,此方法将返回true
func (*JwtStandardClaims) VerifyIssuedAt ¶ added in v0.2.0
func (c *JwtStandardClaims) VerifyIssuedAt(cmp int64, req bool) bool
VerifyIssuedAt Compares the iat claim against cmp. If required is false, this method will return true if the value matches or is unset 如果required为false,如果值匹配或未设置,此方法将返回true
func (*JwtStandardClaims) VerifyIssuer ¶ added in v0.2.0
func (c *JwtStandardClaims) VerifyIssuer(cmp string, req bool) bool
VerifyIssuer Compares the iss claim against cmp. If required is false, this method will return true if the value matches or is unset 如果required为false,如果值匹配或未设置,此方法将返回true
func (*JwtStandardClaims) VerifyNotBefore ¶ added in v0.2.0
func (c *JwtStandardClaims) VerifyNotBefore(cmp int64, req bool) bool
VerifyNotBefore Compares the nbf claim against cmp. If required is false, this method will return true if the value matches or is unset 如果required为false,如果值匹配或未设置,此方法将返回true
type Logger ¶
type Logger interface { // Debugf 测试 Debugf(ctx context.Context, format string, args ...interface{}) // Debugln 测试 Debugln(ctx context.Context, args ...interface{}) // Errorf 错误 Errorf(ctx context.Context, format string, args ...interface{}) // Errorln 错误 Errorln(ctx context.Context, args ...interface{}) }
Logger logger
type ParseAccessTokenFunc ¶ added in v0.1.0
type ParseAccessTokenFunc func(ctx context.Context, accessToken string) (claims *JwtClaims, err error)
ParseAccessTokenFunc 解析AccessToken为JwtClaims委托
func NewDefaultParseAccessToken ¶ added in v0.1.0
func NewDefaultParseAccessToken(jwtVerifyKey []byte) ParseAccessTokenFunc
NewDefaultParseAccessToken 创建默认解析AccessToken方法
type RefreshAccessTokenFunc ¶ added in v0.1.0
type RefreshAccessTokenFunc func(ctx context.Context, clientID, refreshToken string) (token *TokenResponse, err error)
RefreshAccessTokenFunc 刷新AccessToken委托
func NewDefaultRefreshAccessToken ¶ added in v0.1.0
func NewDefaultRefreshAccessToken(jwtVerifyKey []byte) RefreshAccessTokenFunc
NewDefaultRefreshAccessToken 创建默认刷新AccessToken方法
type Server ¶
type Server struct { VerifyClient VerifyClientFunc VerifyClientID VerifyClientIDFunc VerifyScope VerifyScopeFunc VerifyGrantType VerifyGrantTypeFunc VerifyPassword VerifyPasswordFunc VerifyRedirectURI VerifyRedirectURIFunc GenerateCode GenerateCodeFunc VerifyCode VerifyCodeFunc GenerateDeviceAuthorization GenerateDeviceAuthorizationFunc VerifyDeviceCode VerifyDeviceCodeFunc VerifyIntrospectionToken VerifyIntrospectionTokenFunc TokenRevocation TokenRevocationFunc AccessToken AccessTokener // contains filtered or unexported fields }
Server OAuth2Server
func (*Server) HandleAuthorize ¶
func (srv *Server) HandleAuthorize(w http.ResponseWriter, r *http.Request)
HandleAuthorize 处理Authorize
func (*Server) HandleDeviceAuthorization ¶ added in v0.2.0
func (srv *Server) HandleDeviceAuthorization(w http.ResponseWriter, r *http.Request)
HandleDeviceAuthorization 处理DeviceAuthorization https://tools.ietf.org/html/rfc8628#section-3.1
func (*Server) HandleToken ¶
func (srv *Server) HandleToken(w http.ResponseWriter, r *http.Request)
HandleToken 处理Token
func (*Server) HandleTokenIntrospection ¶ added in v0.2.0
func (srv *Server) HandleTokenIntrospection(w http.ResponseWriter, r *http.Request)
HandleTokenIntrospection 处理内省端点 https://tools.ietf.org/html/rfc7662#section-2.1
func (*Server) HandleTokenRevocation ¶ added in v0.2.0
func (srv *Server) HandleTokenRevocation(w http.ResponseWriter, r *http.Request)
HandleTokenRevocation 处理Token销毁 https://tools.ietf.org/html/rfc7009
type ServerOption ¶ added in v0.2.0
type ServerOption func(*ServerOptions)
ServerOption 为可选参数赋值的函数
func ServerCustomGrantTypeAuthentication ¶ added in v0.3.3
func ServerCustomGrantTypeAuthentication(customGrantTypeAuthentication map[string]CustomGrantTypeAuthenticationFunc) ServerOption
ServerCustomGrantTypeAuthentication ...
func ServerCustomGrantTypeEnabled ¶ added in v0.3.3
func ServerCustomGrantTypeEnabled(customGrantTypeEnabled bool) ServerOption
ServerCustomGrantTypeEnabled ...
func ServerDeviceAuthorizationEndpointEnabled ¶ added in v0.2.0
func ServerDeviceAuthorizationEndpointEnabled(deviceAuthorizationEndpointEnabled bool) ServerOption
ServerDeviceAuthorizationEndpointEnabled ...
func ServerDeviceVerificationURI ¶ added in v0.2.0
func ServerDeviceVerificationURI(deviceVerificationURI string) ServerOption
ServerDeviceVerificationURI ...
func ServerIntrospectEndpointEnabled ¶ added in v0.2.0
func ServerIntrospectEndpointEnabled(introspectEndpointEnabled bool) ServerOption
ServerIntrospectEndpointEnabled ...
func ServerTokenRevocationEnabled ¶ added in v0.2.0
func ServerTokenRevocationEnabled(tokenRevocationEnabled bool) ServerOption
ServerTokenRevocationEnabled ...
type ServerOptions ¶ added in v0.2.0
type ServerOptions struct { Log Logger Issuer string DeviceAuthorizationEndpointEnabled bool // https://tools.ietf.org/html/rfc8628 DeviceVerificationURI string // https://tools.ietf.org/html/rfc8628#section-3.2 IntrospectEndpointEnabled bool // https://tools.ietf.org/html/rfc7662 TokenRevocationEnabled bool // https://tools.ietf.org/html/rfc7009 CustomGrantTypeEnabled bool // 自定义身份验证 CustomGrantTypeAuthentication map[string]CustomGrantTypeAuthenticationFunc }
ServerOptions server可选参数列表
type TokenResponse ¶
type TokenResponse struct { AccessToken string `json:"access_token"` TokenType string `json:"token_type,omitempty"` ExpiresIn int64 `json:"expires_in"` RefreshToken string `json:"refresh_token,omitempty"` Data interface{} `json:"data,omitempty"` Scope string `json:"scope,omitempty"` IDToken string `json:"id_token,omitempty"` // https://openid.net/specs/openid-connect-core-1_0.html#IDToken }
TokenResponse token response.
type TokenRevocationFunc ¶ added in v0.2.0
TokenRevocationFunc Token撤销委托 https://tools.ietf.org/html/rfc7009#section-2.2
type VerifyClientFunc ¶
type VerifyClientFunc func(ctx context.Context, basic *ClientBasic) (err error)
VerifyClientFunc 验证客户端委托
type VerifyClientIDFunc ¶ added in v0.3.0
VerifyClientIDFunc 验证客户端ID委托
type VerifyCodeFunc ¶
type VerifyCodeFunc func(ctx context.Context, code, clientID, redirectURI string) (value *CodeValue, err error)
VerifyCodeFunc 验证Code委托
type VerifyDeviceCodeFunc ¶ added in v0.2.0
type VerifyDeviceCodeFunc func(ctx context.Context, deviceCode, clientID string) (value *DeviceCodeValue, err error)
VerifyDeviceCodeFunc 验证DeviceCode委托
type VerifyGrantTypeFunc ¶ added in v0.4.0
VerifyGrantTypeFunc 验证授权类型委托
type VerifyIntrospectionTokenFunc ¶ added in v0.2.0
type VerifyIntrospectionTokenFunc func(ctx context.Context, token, clientID string, tokenTypeHint ...string) (resp *IntrospectionResponse, err error)
VerifyIntrospectionTokenFunc 验证IntrospectionToken委托
type VerifyPasswordFunc ¶
type VerifyPasswordFunc func(ctx context.Context, username, password string) (openID string, err error)
VerifyPasswordFunc 验证账号密码委托
type VerifyRedirectURIFunc ¶ added in v0.0.3
VerifyRedirectURIFunc 验证RedirectURI委托