Documentation
¶
Index ¶
- Constants
- Variables
- func IsAcceptableRedirectURI(raw string) bool
- type AuthProxy
- type AuthorizeRequest
- type ClientStore
- type CodeGrant
- type ConnectPage
- type ConnectService
- type ConnectState
- type ConnectStore
- type ConnectTicket
- type ConsentChainer
- type FlowStore
- type MetadataService
- type OAuthError
- type PendingAuthorization
- type ProtectedResourceMetadata
- type ProviderClient
- type ProviderStatus
- type ProviderToken
- type RegisterRequest
- type RegisterResponse
- type RegisteredClient
- type RegisteredGatewayClient
- type SessionRecord
- type TokenRequest
- type UpstreamAuthServer
- type UpstreamRegistrar
- type UserInfoClient
Constants ¶
View Source
const CallbackPath = "/oauth/callback"
Variables ¶
View Source
var ( ErrTicketNotFound = errors.New("oauth connect: ticket expired or unknown") ErrProviderNotFound = errors.New("oauth connect: provider not configured for this consumer") )
View Source
var ( ErrNoAuthorizationServer = errors.New("oauth: no authorization server configured") ErrAmbiguousAuthorizationServer = errors.New("oauth: multiple authorization servers configured") )
View Source
var ErrInvalidGrant = errors.New("oauth provider: grant is no longer valid")
View Source
var ErrUpstreamNotDiscoverable = errors.New(
"oauth dcr: upstream does not publish OAuth protected-resource metadata; configure registration: manual with a pre-registered OAuth app")
Functions ¶
func IsAcceptableRedirectURI ¶
Types ¶
type AuthProxy ¶
type AuthProxy interface {
Authorize(ctx context.Context, baseURL string, req AuthorizeRequest) (string, error)
Callback(ctx context.Context, baseURL, state, code, idpErr, idpErrDesc string) (string, error)
Exchange(ctx context.Context, baseURL string, req TokenRequest) (map[string]any, error)
}
func NewAuthProxy ¶
func NewAuthProxy( credentials appauth.CredentialFinder, paths appconsumer.PathResolver, client *http.Client, store FlowStore, chainer ConsentChainer, signer appsts.TokenSigner, userinfo UserInfoClient, ) AuthProxy
type AuthorizeRequest ¶
type ClientStore ¶
type ClientStore interface {
SaveClient(ctx context.Context, key string, c RegisteredClient) error
GetClient(ctx context.Context, key string) (*RegisteredClient, error)
}
type CodeGrant ¶
type CodeGrant struct {
ClientID string `json:"client_id"`
RedirectURI string `json:"redirect_uri"`
CodeChallenge string `json:"code_challenge"`
Token map[string]any `json:"token"`
Subject string `json:"subject,omitempty"`
AuthID string `json:"auth_id,omitempty"`
GatewayID string `json:"gateway_id,omitempty"`
Audiences []string `json:"audiences,omitempty"`
Scopes []string `json:"scopes,omitempty"`
SessionMode bool `json:"session_mode,omitempty"`
}
type ConnectPage ¶
type ConnectPage struct {
ConsumerPath string
Providers []ProviderStatus
ResumeURL string
}
type ConnectService ¶
type ConnectService interface {
CreateTicket(ctx context.Context, gatewayID ids.GatewayID, principalSub, consumerPath string) (string, error)
Page(ctx context.Context, ticketID string) (*ConnectPage, error)
Start(ctx context.Context, baseURL, ticketID, provider string) (string, error)
Callback(ctx context.Context, baseURL, provider, state, code, errCode, errDesc string) (string, error)
Disconnect(ctx context.Context, ticketID, provider string) error
RefreshAuth(ctx context.Context, gatewayID ids.GatewayID, reg *registrydomain.Registry) (*registrydomain.MCPAuth, error)
ChainURL(ctx context.Context, baseURL string, gatewayID ids.GatewayID, resource, principalSub, resumeURL string) (string, error)
}
func NewConnectService ¶
func NewConnectService( store ConnectStore, vault vaultdomain.Repository, consumers appconsumer.DataFinder, provider ProviderClient, registrar UpstreamRegistrar, ) ConnectService
type ConnectState ¶
type ConnectState struct {
Ticket ConnectTicket `json:"ticket"`
TicketID string `json:"ticket_id"`
Provider string `json:"provider"`
Verifier string `json:"verifier,omitempty"`
}
type ConnectStore ¶
type ConnectStore interface {
SaveTicket(ctx context.Context, id string, t ConnectTicket) error
GetTicket(ctx context.Context, id string) (*ConnectTicket, error)
SaveConnect(ctx context.Context, state string, s ConnectState) error
TakeConnect(ctx context.Context, state string) (*ConnectState, error)
}
type ConnectTicket ¶
type ConsentChainer ¶
type FlowStore ¶
type FlowStore interface {
SavePending(ctx context.Context, state string, p PendingAuthorization) error
TakePending(ctx context.Context, state string) (*PendingAuthorization, error)
SaveCode(ctx context.Context, code string, g CodeGrant) error
TakeCode(ctx context.Context, code string) (*CodeGrant, error)
SaveGatewayClient(ctx context.Context, c RegisteredGatewayClient) error
GetGatewayClient(ctx context.Context, clientID string) (*RegisteredGatewayClient, error)
SaveSession(ctx context.Context, refreshToken string, rec SessionRecord) error
TakeSession(ctx context.Context, refreshToken string) (*SessionRecord, error)
}
type MetadataService ¶
type MetadataService interface {
ProtectedResource(ctx context.Context, baseURL, resource string) (*ProtectedResourceMetadata, error)
AuthorizationServer(ctx context.Context, baseURL string) (map[string]any, error)
RegisterClient(ctx context.Context, req RegisterRequest) (*RegisterResponse, error)
}
func NewMetadataService ¶
func NewMetadataService(credentials appauth.CredentialFinder, paths appconsumer.PathResolver, client *http.Client, clients FlowStore) MetadataService
type OAuthError ¶
type OAuthError struct {
Code string `json:"error"`
Description string `json:"error_description,omitempty"`
}
func (*OAuthError) Error ¶
func (e *OAuthError) Error() string
type PendingAuthorization ¶
type PendingAuthorization struct {
ClientID string `json:"client_id"`
RedirectURI string `json:"redirect_uri"`
State string `json:"state"`
CodeChallenge string `json:"code_challenge"`
CodeChallengeMethod string `json:"code_challenge_method"`
Scope string `json:"scope"`
CodeVerifier string `json:"code_verifier"`
Resource string `json:"resource,omitempty"`
AuthID string `json:"auth_id,omitempty"`
}
type ProviderClient ¶
type ProviderClient interface {
AuthorizeURL(cfg *registrydomain.MCPAuth, redirectURI, state, challenge string) string
ExchangeCode(ctx context.Context, cfg *registrydomain.MCPAuth, code, redirectURI, verifier string) (*ProviderToken, error)
Refresh(ctx context.Context, cfg *registrydomain.MCPAuth, refreshToken string) (*ProviderToken, error)
}
type ProviderStatus ¶
type ProviderToken ¶
type RegisterRequest ¶
type RegisterResponse ¶
type RegisterResponse struct {
ClientID string `json:"client_id"`
RedirectURIs []string `json:"redirect_uris,omitempty"`
ClientName string `json:"client_name,omitempty"`
GrantTypes []string `json:"grant_types"`
ResponseTypes []string `json:"response_types"`
TokenEndpointAuthMethod string `json:"token_endpoint_auth_method"`
}
type RegisteredClient ¶
type RegisteredGatewayClient ¶
type SessionRecord ¶ added in v0.2.3
type TokenRequest ¶
type UpstreamAuthServer ¶
type UpstreamAuthServer struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
RegistrationEndpoint string `json:"registration_endpoint"`
ScopesSupported []string `json:"scopes_supported"`
Resource string `json:"resource"`
}
type UpstreamRegistrar ¶
type UpstreamRegistrar interface {
Discover(ctx context.Context, upstreamURL string) (*UpstreamAuthServer, error)
EnsureClient(ctx context.Context, key string, meta *UpstreamAuthServer, redirectURI string) (*RegisteredClient, error)
CachedClient(ctx context.Context, key string) (*RegisteredClient, error)
}
Source Files
¶
Click to show internal directories.
Click to hide internal directories.