auth

package
v0.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 28, 2016 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package auth implements an authenticator component that provides OAuth2 compatible authentication.

Index

Constants

View Source 
const AccessTokenContextKey = "fire.auth.access_token"

AccessTokenContextKey is the key used to save the access token in a context.

Variables

This section is empty.

Functions

func Callback 

func Callback(scope string) fire.Callback

Callback returns a callback that can be used to protect resources by requiring an access token with the provided scopes to be granted.

Note: It requires that the request has already been authorized using the Authorizer middleware of an authenticator.

func DefaultCompareStrategy 

func DefaultCompareStrategy(hash, password []byte) error

DefaultCompareStrategy uses bcrypt to compare the hash and the password.

func DefaultGrantStrategy 

func DefaultGrantStrategy(req *GrantRequest) (bool, []string)

DefaultGrantStrategy grants the complete requested scope.

Types

type AccessToken 

type AccessToken struct {
	fire.Base       `json:"-" bson:",inline" fire:"access-tokens:access_tokens"`
	Signature       string         `json:"signature" valid:"required"`
	ExpiresAt       time.Time      `json:"expires-at" valid:"required" bson:"expires_at"`
	Scope           []string       `json:"scope" valid:"required" bson:"scope"`
	ClientID        bson.ObjectId  `json:"client-id" valid:"-" bson:"client_id"`
	ResourceOwnerID *bson.ObjectId `json:"resource-owner-id" valid:"-" bson:"resource_owner_id"`
}

AccessToken is the built-in model used to store access tokens.

func (*AccessToken) GetTokenData 

func (t *AccessToken) GetTokenData() *TokenData

GetTokenData implements the Token interface.

func (*AccessToken) SetTokenData 

func (t *AccessToken) SetTokenData(data *TokenData)

SetTokenData implements the Token interface.

func (*AccessToken) TokenIdentifier 

func (t *AccessToken) TokenIdentifier() string

TokenIdentifier implements the Token interface.

type Application 

type Application struct {
	fire.Base   `json:"-" bson:",inline" fire:"applications"`
	Name        string `json:"name" valid:"required"`
	Key         string `json:"key" valid:"required"`
	SecretHash  []byte `json:"-" valid:"required"`
	Scope       string `json:"scope" valid:"required"`
	RedirectURI string `json:"redirect_uri" valid:"required"`
}

Application is the built-in model used to store clients.

func (*Application) ClientIdentifier 

func (a *Application) ClientIdentifier() string

ClientIdentifier implements the Client interface.

func (*Application) ValidRedirectURI 

func (a *Application) ValidRedirectURI(uri string) bool

ValidRedirectURI implements the Client interface.

func (*Application) ValidSecret 

func (a *Application) ValidSecret(secret string) bool

ValidSecret implements the Client interface.

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

An Authenticator provides OAuth2 based authentication. The implementation currently supports the Resource Owner Credentials Grant, Client Credentials Grant and Implicit Grant.

func New 

func New(store *fire.Store, policy *Policy) *Authenticator

New constructs a new Authenticator from a store and policy.

func (*Authenticator) Authorizer 

func (a *Authenticator) Authorizer(scope string) func(http.Handler) http.Handler

Authorizer returns a middleware that can be used to authorize a request by requiring an access token with the provided scopes to be granted.

func (*Authenticator) Endpoint 

func (a *Authenticator) Endpoint(prefix string) http.Handler

Endpoint returns a handler for the common token and authorize endpoint.

type Client 

type Client interface {
	fire.Model

	ClientIdentifier() string
	ValidRedirectURI(string) bool
	ValidSecret(string) bool
}

Client is the interface that must be implemented to provide a custom client fire.

type CompareStrategy 

type CompareStrategy func(hash, password []byte) error

The CompareStrategy is invoked by the authenticator with the stored password hash and submitted password of a resource owner. The callback is responsible for comparing the submitted password with the stored hash and should return an error if they do not match.

type GrantRequest 

type GrantRequest struct {
	Scope         []string
	Client        Client
	ResourceOwner ResourceOwner
}

A GrantRequest is used in conjunction with the GrantStrategy.

type GrantStrategy 

type GrantStrategy func(req *GrantRequest) (bool, []string)

The GrantStrategy is invoked by the authenticator with the grant type, the requested scope, the client and the resource owner before issuing an access token. The callback should return the scopes that should be granted.

Note: The Owner is not set for a client credentials grant.

type Policy 

type Policy struct {
	Secret []byte

	PasswordGrant          bool
	ClientCredentialsGrant bool
	ImplicitGrant          bool

	AccessToken   Token
	RefreshToken  Token
	Client        Client
	ResourceOwner ResourceOwner

	GrantStrategy   GrantStrategy
	CompareStrategy CompareStrategy

	AccessTokenLifespan  time.Duration
	RefreshTokenLifespan time.Duration
}

A Policy configures the provided authentication schemes.

func DefaultPolicy 

func DefaultPolicy(secret string) *Policy

DefaultPolicy returns a simple policy that uses all built-in models and strategies.

func (*Policy) NewKeyAndSignature 

func (p *Policy) NewKeyAndSignature() (string, string, error)

NewKeyAndSignature returns a new key with a matching signature that can be used to issue custom access tokens.

type RefreshToken 

type RefreshToken struct {
	fire.Base       `json:"-" bson:",inline" fire:"refresh-tokens:refresh_tokens"`
	Signature       string         `json:"signature" valid:"required"`
	ExpiresAt       time.Time      `json:"expires-at" valid:"required" bson:"expires_at"`
	Scope           []string       `json:"scope" valid:"required" bson:"scope"`
	ClientID        bson.ObjectId  `json:"client-id" valid:"-" bson:"client_id"`
	ResourceOwnerID *bson.ObjectId `json:"resource-owner-id" valid:"-" bson:"resource_owner_id"`
}

RefreshToken is the built-in model used to store refresh tokens.

func (*RefreshToken) GetTokenData 

func (t *RefreshToken) GetTokenData() *TokenData

GetTokenData implements the Token interface.

func (*RefreshToken) SetTokenData 

func (t *RefreshToken) SetTokenData(data *TokenData)

SetTokenData implements the Token interface.

func (*RefreshToken) TokenIdentifier 

func (t *RefreshToken) TokenIdentifier() string

TokenIdentifier implements the Token interface.

type ResourceOwner 

type ResourceOwner interface {
	fire.Model

	ResourceOwnerIdentifier() string
	ValidPassword(string) bool
}

ResourceOwner is the interface that must be implemented to provide a custom resource owner fire.

type Token 

type Token interface {
	fire.Model

	TokenIdentifier() string
	GetTokenData() *TokenData
	SetTokenData(*TokenData)
}

Token is the interface that must be implemented to provide a custom access token and refresh token fire.

type TokenData 

type TokenData struct {
	Signature       string
	Scope           []string
	ExpiresAt       time.Time
	ClientID        bson.ObjectId
	ResourceOwnerID *bson.ObjectId
}

TokenData is used to carry token related information.

type User 

type User struct {
	fire.Base    `json:"-" bson:",inline" fire:"users"`
	Name         string `json:"name" valid:"required"`
	Email        string `json:"email" valid:"required"`
	PasswordHash []byte `json:"-" valid:"required"`
}

User is the built-in model used to store resource owners.

func (*User) ResourceOwnerIdentifier 

func (u *User) ResourceOwnerIdentifier() string

ResourceOwnerIdentifier implements the ResourceOwner interface.

func (*User) ValidPassword 

func (u *User) ValidPassword(password string) bool

ValidPassword implements the ResourceOwner interface.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.