Documentation
¶
Overview ¶
Package personserver implements the AAuth Person Server. The Person Server handles human consent for agent authorization.
Index ¶
- Variables
- type Agent
- type AuthorizationRequest
- type AuthorizationResponse
- type ConsentRequest
- type ConsentStatusResponse
- type ErrorResponse
- type Mission
- type MissionStatus
- type Option
- type PreAuthorization
- type Server
- func (s *Server) HandleAuthorize(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleConsentPage(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleConsentStatus(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleConsentSubmit(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleCreateAgent(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleCreateUser(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleJWKS(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleListAgents(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleListMissions(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleListUsers(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleMetadata(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleRevoke(w http.ResponseWriter, r *http.Request)
- func (s *Server) HandleToken(w http.ResponseWriter, r *http.Request)
- func (s *Server) Handler() http.Handler
- func (s *Server) Issuer() string
- func (s *Server) KeyID() string
- func (s *Server) PublicKey() crypto.PublicKey
- func (s *Server) RegisterHandlers(mux *http.ServeMux)
- func (s *Server) Store() Store
- type Store
- type StoreError
- type Token
- type TokenRequest
- type TokenResponse
- type User
Constants ¶
This section is empty.
Variables ¶
var ( // ErrInvalidPrivateKey is returned when the private key is invalid. ErrInvalidPrivateKey = errors.New("private key must implement crypto.Signer") )
Package errors.
Functions ¶
This section is empty.
Types ¶
type Agent ¶
type Agent struct {
ID string `json:"id"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
PublicKey string `json:"public_key"`
RedirectURI string `json:"redirect_uri,omitempty"`
Trusted bool `json:"trusted"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Agent represents a registered agent that can request authorization.
type AuthorizationRequest ¶
type AuthorizationRequest struct {
AgentToken string `json:"agent_token"`
UserID string `json:"user_id"`
Scopes string `json:"scope"`
MissionName string `json:"mission_name,omitempty"`
MissionDesc string `json:"mission_description,omitempty"`
InteractionType string `json:"interaction_type,omitempty"`
Duration int64 `json:"duration,omitempty"` // Seconds
RedirectURI string `json:"redirect_uri,omitempty"`
State string `json:"state,omitempty"`
}
AuthorizationRequest is the request from an agent to authorize a mission.
type AuthorizationResponse ¶
type AuthorizationResponse struct {
// For immediate approval (pre-authorized)
AccessToken string `json:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
Scope string `json:"scope,omitempty"`
// For deferred consent
ConsentURI string `json:"consent_uri,omitempty"`
StatusURI string `json:"status_uri,omitempty"`
MissionID string `json:"mission_id,omitempty"`
Interval int `json:"interval,omitempty"`
}
AuthorizationResponse is returned when authorization is requested.
type ConsentRequest ¶
type ConsentRequest struct {
MissionID string `json:"mission_id"`
AgentID string `json:"agent_id"`
AgentName string `json:"agent_name"`
UserID string `json:"user_id"`
UserName string `json:"user_name"`
Scopes []string `json:"scopes"`
Description string `json:"description"`
Duration string `json:"duration"`
}
ConsentRequest represents a pending consent request shown to the user.
type ConsentStatusResponse ¶
type ConsentStatusResponse struct {
Status string `json:"status"` // pending, approved, denied, expired
AccessToken string `json:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"`
Scope string `json:"scope,omitempty"`
Error string `json:"error,omitempty"`
ErrorDesc string `json:"error_description,omitempty"`
}
ConsentStatusResponse is returned when polling for consent status.
type ErrorResponse ¶
type ErrorResponse struct {
Error string `json:"error"`
Description string `json:"error_description,omitempty"`
}
ErrorResponse represents an OAuth-style error response.
type Mission ¶
type Mission struct {
ID string `json:"id"`
AgentID string `json:"agent_id"`
UserID string `json:"user_id"`
Name string `json:"name"`
Description string `json:"description,omitempty"`
Scopes string `json:"scopes"`
InteractionType string `json:"interaction_type"`
Status MissionStatus `json:"status"`
Duration int64 `json:"duration"`
ExpiresAt *time.Time `json:"expires_at,omitempty"`
ApprovedAt *time.Time `json:"approved_at,omitempty"`
DeniedAt *time.Time `json:"denied_at,omitempty"`
DenialReason string `json:"denial_reason,omitempty"`
CreatedAt time.Time `json:"created_at"`
UpdatedAt time.Time `json:"updated_at"`
}
Mission represents an agent's request to act on behalf of a user.
type MissionStatus ¶
type MissionStatus string
MissionStatus represents the status of a mission request.
const ( MissionStatusPending MissionStatus = "pending" MissionStatusApproved MissionStatus = "approved" MissionStatusDenied MissionStatus = "denied" MissionStatusExpired MissionStatus = "expired" MissionStatusRevoked MissionStatus = "revoked" )
Mission statuses.
type Option ¶
type Option func(*Server)
Option configures the Server.
func WithMissionTimeout ¶
WithMissionTimeout sets the mission pending timeout.
func WithSigningMethod ¶
func WithSigningMethod(method jwt.SigningMethod) Option
WithSigningMethod sets the JWT signing method.
type PreAuthorization ¶
type PreAuthorization struct {
ID string `json:"id"`
UserID string `json:"user_id"`
AgentID string `json:"agent_id"`
Scopes string `json:"scopes"`
CreatedAt string `json:"created_at"`
ExpiresAt string `json:"expires_at,omitempty"`
}
PreAuthorization allows users to pre-approve certain scopes for agents.
type Server ¶
type Server struct {
// contains filtered or unexported fields
}
Server is the Person Server that handles human consent for agent authorization.
func New ¶
func New(store Store, issuer string, privateKey crypto.PrivateKey, keyID string, opts ...Option) (*Server, error)
New creates a new Person Server.
func (*Server) HandleAuthorize ¶
func (s *Server) HandleAuthorize(w http.ResponseWriter, r *http.Request)
HandleAuthorize handles authorization requests from agents (POST /authorize).
func (*Server) HandleConsentPage ¶
func (s *Server) HandleConsentPage(w http.ResponseWriter, r *http.Request)
HandleConsentPage renders the consent page for the user (GET /consent/{id}).
func (*Server) HandleConsentStatus ¶
func (s *Server) HandleConsentStatus(w http.ResponseWriter, r *http.Request)
HandleConsentStatus returns the consent status for polling (GET /consent/status/{id}).
func (*Server) HandleConsentSubmit ¶
func (s *Server) HandleConsentSubmit(w http.ResponseWriter, r *http.Request)
HandleConsentSubmit handles the user's consent decision (POST /consent/{id}).
func (*Server) HandleCreateAgent ¶
func (s *Server) HandleCreateAgent(w http.ResponseWriter, r *http.Request)
HandleCreateAgent creates a new agent (POST /admin/agents).
func (*Server) HandleCreateUser ¶
func (s *Server) HandleCreateUser(w http.ResponseWriter, r *http.Request)
HandleCreateUser creates a new user (POST /admin/users).
func (*Server) HandleJWKS ¶
func (s *Server) HandleJWKS(w http.ResponseWriter, r *http.Request)
HandleJWKS returns the public key set (/.well-known/jwks.json).
func (*Server) HandleListAgents ¶
func (s *Server) HandleListAgents(w http.ResponseWriter, r *http.Request)
HandleListAgents lists all agents (GET /admin/agents).
func (*Server) HandleListMissions ¶
func (s *Server) HandleListMissions(w http.ResponseWriter, r *http.Request)
HandleListMissions lists pending missions (GET /admin/missions).
func (*Server) HandleListUsers ¶
func (s *Server) HandleListUsers(w http.ResponseWriter, r *http.Request)
HandleListUsers lists all users (GET /admin/users).
func (*Server) HandleMetadata ¶
func (s *Server) HandleMetadata(w http.ResponseWriter, r *http.Request)
HandleMetadata returns the server metadata (/.well-known/aauth-configuration).
func (*Server) HandleRevoke ¶
func (s *Server) HandleRevoke(w http.ResponseWriter, r *http.Request)
HandleRevoke handles token revocation (POST /revoke).
func (*Server) HandleToken ¶
func (s *Server) HandleToken(w http.ResponseWriter, r *http.Request)
HandleToken handles token requests (POST /token).
func (*Server) Handler ¶
Handler returns an http.Handler that serves all Person Server endpoints. Use this when you want the Person Server to handle all routes.
func (*Server) RegisterHandlers ¶
RegisterHandlers registers all Person Server handlers on the given mux. This is a convenience method for registering all handlers at once.
type Store ¶
type Store interface {
// Close closes the store connection.
Close() error
// User operations
CreateUser(ctx context.Context, user *User) error
GetUser(ctx context.Context, id string) (*User, error)
GetUserByEmail(ctx context.Context, email string) (*User, error)
ListUsers(ctx context.Context) ([]*User, error)
// Agent operations
CreateAgent(ctx context.Context, agent *Agent) error
GetAgent(ctx context.Context, id string) (*Agent, error)
ListAgents(ctx context.Context) ([]*Agent, error)
// Mission operations
CreateMission(ctx context.Context, mission *Mission) error
GetMission(ctx context.Context, id string) (*Mission, error)
ApproveMission(ctx context.Context, id string, duration time.Duration) error
DenyMission(ctx context.Context, id, reason string) error
ListPendingMissions(ctx context.Context) ([]*Mission, error)
ListMissionsByUser(ctx context.Context, userID string) ([]*Mission, error)
// Token operations
CreateToken(ctx context.Context, token *Token) error
GetToken(ctx context.Context, id string) (*Token, error)
RevokeToken(ctx context.Context, id string) error
}
Store defines the interface for Person Server storage. Implementations can use SQLite, DynamoDB, PostgreSQL, etc.
type StoreError ¶
type StoreError string
StoreError represents storage errors.
const ( ErrNotFound StoreError = "not found" ErrAlreadyExists StoreError = "already exists" ErrInvalidInput StoreError = "invalid input" )
Store errors.
func (StoreError) Error ¶
func (e StoreError) Error() string
type Token ¶
type Token struct {
ID string `json:"id"`
MissionID string `json:"mission_id,omitempty"`
AgentID string `json:"agent_id"`
UserID string `json:"user_id"`
Scopes string `json:"scopes"`
TokenType string `json:"token_type"`
Protocol string `json:"protocol"`
IssuedAt time.Time `json:"issued_at"`
ExpiresAt time.Time `json:"expires_at"`
RevokedAt *time.Time `json:"revoked_at,omitempty"`
}
Token represents an issued auth token record.
type TokenRequest ¶
type TokenRequest struct {
GrantType string `json:"grant_type"`
MissionID string `json:"mission_id,omitempty"`
AgentToken string `json:"agent_token,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
}
TokenRequest is the request to exchange an approval for a token.
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
Scope string `json:"scope,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
}
TokenResponse is returned when a token is issued.