Documentation
¶
Index ¶
- Constants
- Variables
- type APIRefreshRequest
- type APIRefreshResponse
- type APITokenGenerateRequest
- type APITokenGenerateResponse
- type APITokenValidateRequest
- type APITokenValidateResponse
- type HTTPTokenProvider
- func (p *HTTPTokenProvider) GenerateRefreshToken(ctx context.Context, userID, clientID, scopes string) (*TokenResult, error)
- func (p *HTTPTokenProvider) GenerateToken(ctx context.Context, userID, clientID, scopes string) (*TokenResult, error)
- func (p *HTTPTokenProvider) Name() string
- func (p *HTTPTokenProvider) RefreshAccessToken(ctx context.Context, refreshToken string, enableRotation bool) (*RefreshResult, error)
- func (p *HTTPTokenProvider) ValidateRefreshToken(ctx context.Context, tokenString string) (*TokenValidationResult, error)
- func (p *HTTPTokenProvider) ValidateToken(ctx context.Context, tokenString string) (*TokenValidationResult, error)
- type LocalTokenProvider
- func (p *LocalTokenProvider) GenerateRefreshToken(ctx context.Context, userID, clientID, scopes string) (*TokenResult, error)
- func (p *LocalTokenProvider) GenerateToken(ctx context.Context, userID, clientID, scopes string) (*TokenResult, error)
- func (p *LocalTokenProvider) Name() string
- func (p *LocalTokenProvider) RefreshAccessToken(ctx context.Context, refreshToken string, enableRotation bool) (*RefreshResult, error)
- func (p *LocalTokenProvider) ValidateRefreshToken(ctx context.Context, tokenString string) (*TokenValidationResult, error)
- func (p *LocalTokenProvider) ValidateToken(ctx context.Context, tokenString string) (*TokenValidationResult, error)
- type RefreshResult
- type TokenResult
- type TokenValidationResult
Constants ¶
View Source
const (
TokenTypeBearer = "Bearer"
)
Token type constants
Variables ¶
View Source
var ( // ErrTokenGeneration indicates token generation failed ErrTokenGeneration = errors.New("failed to generate token") // ErrTokenValidation indicates token validation failed ErrTokenValidation = errors.New("failed to validate token") // ErrInvalidToken indicates the token is invalid ErrInvalidToken = errors.New("invalid token") // ErrExpiredToken indicates the token has expired ErrExpiredToken = errors.New("token expired") // ErrInvalidRefreshToken indicates the refresh token is invalid ErrInvalidRefreshToken = errors.New("invalid refresh token") // ErrExpiredRefreshToken indicates the refresh token has expired ErrExpiredRefreshToken = errors.New("refresh token expired") // ErrTokenReused indicates a refresh token was reused (security alert) ErrTokenReused = errors.New("token reuse detected") // ErrInvalidScope indicates scope validation failed ErrInvalidScope = errors.New("invalid scope") // ErrHTTPTokenConnection indicates failed connection to token API ErrHTTPTokenConnection = errors.New("failed to connect to token API") // ErrHTTPTokenAuthFailed indicates token API rejected request ErrHTTPTokenAuthFailed = errors.New("token API rejected request") // ErrHTTPTokenInvalidResp indicates invalid response from token API ErrHTTPTokenInvalidResp = errors.New("invalid response from token API") )
Functions ¶
This section is empty.
Types ¶
type APIRefreshRequest ¶
type APIRefreshRequest struct {
RefreshToken string `json:"refresh_token"`
UserID string `json:"user_id"`
ClientID string `json:"client_id"`
Scopes string `json:"scopes"`
EnableRotation bool `json:"enable_rotation"`
}
APIRefreshRequest is the request payload for refresh token operations
type APIRefreshResponse ¶
type APIRefreshResponse struct {
Success bool `json:"success"`
AccessToken string `json:"access_token,omitempty"`
RefreshToken string `json:"refresh_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
AccessExpiresIn int `json:"access_expires_in,omitempty"`
RefreshExpiresIn int `json:"refresh_expires_in,omitempty"`
Claims map[string]any `json:"claims,omitempty"`
Message string `json:"message,omitempty"`
}
APIRefreshResponse is the expected response for refresh token operations
type APITokenGenerateRequest ¶
type APITokenGenerateRequest struct {
UserID string `json:"user_id"`
ClientID string `json:"client_id"`
Scopes string `json:"scopes"`
ExpiresIn int `json:"expires_in,omitempty"` // seconds
}
APITokenGenerateRequest is the request payload for token generation
type APITokenGenerateResponse ¶
type APITokenGenerateResponse struct {
Success bool `json:"success"`
AccessToken string `json:"access_token,omitempty"`
TokenType string `json:"token_type,omitempty"`
ExpiresIn int `json:"expires_in,omitempty"` // seconds
Claims map[string]any `json:"claims,omitempty"`
Message string `json:"message,omitempty"`
}
APITokenGenerateResponse is the expected response for token generation
type APITokenValidateRequest ¶
type APITokenValidateRequest struct {
Token string `json:"token"`
}
APITokenValidateRequest is the request payload for token validation
type APITokenValidateResponse ¶
type APITokenValidateResponse struct {
Valid bool `json:"valid"`
UserID string `json:"user_id,omitempty"`
ClientID string `json:"client_id,omitempty"`
Scopes string `json:"scopes,omitempty"`
ExpiresAt int64 `json:"expires_at,omitempty"` // Unix timestamp
Claims map[string]any `json:"claims,omitempty"`
Message string `json:"message,omitempty"`
}
APITokenValidateResponse is the expected response for token validation
type HTTPTokenProvider ¶
type HTTPTokenProvider struct {
// contains filtered or unexported fields
}
HTTPTokenProvider generates and validates tokens via external HTTP API
func NewHTTPTokenProvider ¶
func NewHTTPTokenProvider(cfg *config.Config) *HTTPTokenProvider
NewHTTPTokenProvider creates a new HTTP API token provider
func (*HTTPTokenProvider) GenerateRefreshToken ¶
func (p *HTTPTokenProvider) GenerateRefreshToken( ctx context.Context, userID, clientID, scopes string, ) (*TokenResult, error)
GenerateRefreshToken requests refresh token generation from external API
func (*HTTPTokenProvider) GenerateToken ¶
func (p *HTTPTokenProvider) GenerateToken( ctx context.Context, userID, clientID, scopes string, ) (*TokenResult, error)
GenerateToken requests token generation from external API
func (*HTTPTokenProvider) Name ¶
func (p *HTTPTokenProvider) Name() string
Name returns provider name for logging
func (*HTTPTokenProvider) RefreshAccessToken ¶
func (p *HTTPTokenProvider) RefreshAccessToken( ctx context.Context, refreshToken string, enableRotation bool, ) (*RefreshResult, error)
RefreshAccessToken requests new access token (and optionally new refresh token) from external API
func (*HTTPTokenProvider) ValidateRefreshToken ¶
func (p *HTTPTokenProvider) ValidateRefreshToken( ctx context.Context, tokenString string, ) (*TokenValidationResult, error)
ValidateRefreshToken requests refresh token validation from external API
func (*HTTPTokenProvider) ValidateToken ¶
func (p *HTTPTokenProvider) ValidateToken( ctx context.Context, tokenString string, ) (*TokenValidationResult, error)
ValidateToken requests token validation from external API
type LocalTokenProvider ¶
type LocalTokenProvider struct {
// contains filtered or unexported fields
}
LocalTokenProvider generates and validates JWT tokens locally
func NewLocalTokenProvider ¶
func NewLocalTokenProvider(cfg *config.Config) *LocalTokenProvider
NewLocalTokenProvider creates a new local token provider
func (*LocalTokenProvider) GenerateRefreshToken ¶
func (p *LocalTokenProvider) GenerateRefreshToken( ctx context.Context, userID, clientID, scopes string, ) (*TokenResult, error)
GenerateRefreshToken creates a refresh token JWT with longer expiration
func (*LocalTokenProvider) GenerateToken ¶
func (p *LocalTokenProvider) GenerateToken( ctx context.Context, userID, clientID, scopes string, ) (*TokenResult, error)
GenerateToken creates a JWT token using local signing
func (*LocalTokenProvider) Name ¶
func (p *LocalTokenProvider) Name() string
Name returns provider name for logging
func (*LocalTokenProvider) RefreshAccessToken ¶
func (p *LocalTokenProvider) RefreshAccessToken( ctx context.Context, refreshToken string, enableRotation bool, ) (*RefreshResult, error)
RefreshAccessToken generates new access token (and optionally new refresh token in rotation mode)
func (*LocalTokenProvider) ValidateRefreshToken ¶
func (p *LocalTokenProvider) ValidateRefreshToken( ctx context.Context, tokenString string, ) (*TokenValidationResult, error)
ValidateRefreshToken verifies a refresh token JWT
func (*LocalTokenProvider) ValidateToken ¶
func (p *LocalTokenProvider) ValidateToken( ctx context.Context, tokenString string, ) (*TokenValidationResult, error)
ValidateToken verifies a JWT token using local verification
type RefreshResult ¶
type RefreshResult struct {
AccessToken *TokenResult // New access token (required)
RefreshToken *TokenResult // New refresh token (only present in rotation mode)
Success bool // Operation success status
}
RefreshResult represents the result of a refresh token operation
type TokenResult ¶
type TokenResult struct {
TokenString string // The JWT string
TokenType string // "Bearer"
ExpiresAt time.Time // Token expiration time
Claims map[string]any // Additional claims from provider
Success bool // Generation success status
}
TokenResult represents the result of token generation
Source Files
Click to show internal directories.
Click to hide internal directories.