oauth2

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 4, 2016 License: MIT Imports: 16 Imported by: 0

Documentation

Overview

Package oauth2 implements an authenticator component that provides OAuth2 compatible authentication.

Index

Constants

View Source 
const (
	// PasswordGrant specifies the OAuth Resource Owner Password Credentials Grant.
	PasswordGrant = "password"

	// ClientCredentialsGrant specifies the OAuth Client Credentials Grant.
	ClientCredentialsGrant = "client_credentials"

	// ImplicitGrant specifies the OAuth Implicit Grant.
	ImplicitGrant = "implicit"
)

Variables

This section is empty.

Functions

func DefaultCompareStrategy 

func DefaultCompareStrategy(hash, password []byte) error

DefaultCompareStrategy uses bcrypt to compare the hash and the password.

func DefaultGrantStrategy 

func DefaultGrantStrategy(req *GrantRequest) []string

DefaultGrantStrategy grants all requested scopes.

Types

type AccessToken 

type AccessToken struct {
	model.Base    `json:"-" bson:",inline" fire:"access-tokens:access_tokens"`
	Signature     string         `json:"signature" valid:"required"`
	RequestedAt   time.Time      `json:"requested-at" valid:"required" bson:"requested_at"`
	GrantedScopes []string       `json:"granted-scopes" valid:"required" bson:"granted_scopes"`
	ClientID      bson.ObjectId  `json:"client-id" valid:"-" bson:"client_id"`
	OwnerID       *bson.ObjectId `json:"owner-id" valid:"-" bson:"owner_id"`
}

AccessToken is the built-in model used to store access tokens. The model can be mounted using a controller to become manageable an API.

func (*AccessToken) GetOAuthData 

func (t *AccessToken) GetOAuthData() (time.Time, []string)

GetOAuthData implements the AccessTokenModel interface.

func (*AccessToken) OAuthIdentifier 

func (t *AccessToken) OAuthIdentifier() string

OAuthIdentifier implements the AccessTokenModel interface.

func (*AccessToken) SetOAuthData 

func (t *AccessToken) SetOAuthData(signature string, grantedScopes []string, clientID bson.ObjectId, ownerID *bson.ObjectId)

SetOAuthData implements the AccessTokenModel interface.

type AccessTokenModel 

type AccessTokenModel interface {
	model.Model

	OAuthIdentifier() string
	GetOAuthData() (requestedAt time.Time, grantedScopes []string)
	SetOAuthData(signature string, grantedScopes []string, clientID bson.ObjectId, ownerID *bson.ObjectId)
}

AccessTokenModel is the interface that must be implemented to provide a custom access token model.

type Application 

type Application struct {
	model.Base `json:"-" bson:",inline" fire:"applications"`
	Name       string   `json:"name" valid:"required"`
	Key        string   `json:"key" valid:"required"`
	SecretHash []byte   `json:"-" valid:"required"`
	Scopes     []string `json:"scopes" valid:"required"`
	GrantTypes []string `json:"grant-types" valid:"required" bson:"grant_types"`
	Callbacks  []string `json:"callbacks" valid:"required"`
}

Application is the built-in model used to store clients. The model can be mounted as a fire Resource to become manageable via the API.

func (*Application) GetOAuthData 

func (a *Application) GetOAuthData() ([]byte, []string, []string, []string)

GetOAuthData implements the ClientModel interface.

func (*Application) OAuthIdentifier 

func (a *Application) OAuthIdentifier() string

OAuthIdentifier implements the ClientModel interface.

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

An Authenticator provides OAuth2 based authentication. The implementation currently supports the Resource Owner Credentials Grant, Client Credentials Grant and Implicit Grant flows.

func New 

func New(store *model.Store, policy *Policy, prefix string) *Authenticator

New creates and returns a new Authenticator.

func (*Authenticator) Authorize 

func (a *Authenticator) Authorize(ctx echo.Context, scopes []string) error

Authorize can be used to authorize a request by requiring an access token with the provided scopes to be granted.

func (*Authenticator) Authorizer 

func (a *Authenticator) Authorizer(scopes ...string) jsonapi.Callback

Authorizer returns a callback that can be used to protect resources by requiring an access token with the provided scopes to be granted.

func (*Authenticator) Describe 

func (a *Authenticator) Describe() fire.ComponentInfo

Describe implements the fire.Component interface.

func (*Authenticator) EchoAuthorizer 

func (a *Authenticator) EchoAuthorizer(scopes ...string) echo.MiddlewareFunc

EchoAuthorizer can be used to protect echo handlers by requiring an access token with the provided scopes to be granted.

func (*Authenticator) NewKeyAndSignature 

func (a *Authenticator) NewKeyAndSignature() (string, string, error)

NewKeyAndSignature returns a new key with a matching signature that can be used to issue custom access tokens.

func (*Authenticator) Register 

func (a *Authenticator) Register(router *echo.Echo)

Register implements the fire.RoutableComponent interface.

type ClientModel 

type ClientModel interface {
	model.Model

	OAuthIdentifier() string
	GetOAuthData() (secretHash []byte, scopes []string, grantTypes []string, callbacks []string)
}

ClientModel is the interface that must be implemented to provide a custom client model.

type CompareStrategy 

type CompareStrategy func(hash, password []byte) error

The CompareStrategy is invoked by the Authenticator with the stored password hash and submitted password of a owner. The callback is responsible for comparing the submitted password with the stored hash and should return an error if they do not match.

type GrantRequest 

type GrantRequest struct {
	GrantType       string
	RequestedScopes []string
	Client          ClientModel
	Owner           OwnerModel
}

A GrantRequest is used in conjunction with the GrantStrategy.

type GrantStrategy 

type GrantStrategy func(req *GrantRequest) []string

The GrantStrategy is invoked by the Authenticator with the grant type, requested scopes, the client and the owner before issuing an AccessToken. The callback should return a list of additional scopes that should be granted.

Note: The Owner is not set for a client credentials grant.

type OwnerModel 

type OwnerModel interface {
	model.Model

	OAuthIdentifier() string
	GetOAuthData() (passwordHash []byte)
}

OwnerModel is the interface that must be implemented to provide a custom owner model.

type Policy 

type Policy struct {
	PasswordGrant          bool
	ClientCredentialsGrant bool
	ImplicitGrant          bool

	Secret []byte

	OwnerModel       OwnerModel
	ClientModel      ClientModel
	AccessTokenModel AccessTokenModel

	GrantStrategy   GrantStrategy
	CompareStrategy CompareStrategy
	TokenLifespan   time.Duration
}

A Policy is used to prepare an authentication policy for an Authenticator.

func DefaultPolicy 

func DefaultPolicy() *Policy

DefaultPolicy returns a simple policy that provides a starting point.

type User 

type User struct {
	model.Base   `json:"-" bson:",inline" fire:"users"`
	Name         string `json:"name" valid:"required"`
	Email        string `json:"email" valid:"required"`
	PasswordHash []byte `json:"-" valid:"required"`
}

User is the built-in model used to store users. The model can be mounted as a fire Resource to become manageable via the API.

func (*User) GetOAuthData 

func (u *User) GetOAuthData() []byte

GetOAuthData implements the OwnerModel interface.

func (*User) OAuthIdentifier 

func (u *User) OAuthIdentifier() string

OAuthIdentifier implements the OwnerModel interface.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.