handler

package
v0.0.0-...-bea0022 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 8, 2026 License: Apache-2.0 Imports: 56 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CodeResponseTypeElement          = "code"
	NoneResponseTypeElement          = "none"
	TokenResponseTypeElement         = "token"
	SettingsActonResponseTypeElement = "urn:authgear:params:oauth:response-type:settings-action"
	// nolint:gosec
	PreAuthenticatedURLResponseTypeElement = "urn:authgear:params:oauth:response-type:pre-authenticated-url"
)
View Source 
const (
	// nolint:gosec
	PreAuthenticatedURLTokenTokenType = "urn:authgear:params:oauth:token-type:pre-authenticated-url-token"
	// nolint:gosec
	IDTokenTokenType = "urn:ietf:params:oauth:token-type:id_token"
	// nolint:gosec
	DeviceSecretTokenType = "urn:x-oath:params:oauth:token-type:device-secret"
)
View Source 
const AppSessionTokenDuration = duration.Short
View Source 
const CodeGrantValidDuration = duration.Short
View Source 
const PromotionCodeDuration = duration.Short
View Source 
const SettingsActionGrantValidDuration = duration.Short

Variables

View Source 
var (
	CodeResponseType                     = protocol.NewResponseType([]string{CodeResponseTypeElement})
	NoneResponseType                     = protocol.NewResponseType([]string{NoneResponseTypeElement})
	TokenResponseType                    = protocol.NewResponseType([]string{TokenResponseTypeElement})
	SettingsActonResponseType            = protocol.NewResponseType([]string{SettingsActonResponseTypeElement})
	PreAuthenticatedURLTokenResponseType = protocol.NewResponseType([]string{PreAuthenticatedURLResponseTypeElement, TokenResponseTypeElement})
)
View Source 
var AuthorizationHandlerLogger = slogutil.NewLogger("oauth-authz")
View Source 
var DependencySet = wire.NewSet(
	wire.Struct(new(AuthorizationHandler), "*"),
	wire.Struct(new(TokenHandler), "*"),
	wire.Struct(new(RevokeHandler), "*"),
	wire.Struct(new(AnonymousUserHandler), "*"),
	wire.Struct(new(TokenService), "*"),
	wire.Struct(new(CodeGrantService), "*"),
	wire.Struct(new(SettingsActionGrantService), "*"),
	wire.Struct(new(PreAuthenticatedURLTokenServiceImpl), "*"),
	wire.Bind(new(PreAuthenticatedURLTokenService), new(*PreAuthenticatedURLTokenServiceImpl)),
	wire.Struct(new(ProxyRedirectHandler), "*"),
	wire.Bind(new(TokenHandlerTokenService), new(*TokenService)),
	wire.Bind(new(TokenHandlerCodeGrantService), new(*CodeGrantService)),
)
View Source 
var ErrInvalidRefreshToken = protocol.NewError("invalid_grant", "invalid refresh token")
View Source 
var ErrLoggedInAsNormalUser = apierrors.NewInvalid("user logged in as normal user")
View Source 
var ErrUnauthenticated = apierrors.NewUnauthorized("authentication required")
View Source 
var TokenHandlerLogger = slogutil.NewLogger("oauth-token")
View Source 
var TokenServiceLogger = slogutil.NewLogger("oauth-token-service")

Functions

func IsConsentRequiredError 

func IsConsentRequiredError(err error) bool

func NewBucketSpecOAuthTokenPerIP 

func NewBucketSpecOAuthTokenPerIP(ip string) ratelimit.BucketSpec

func NewBucketSpecOAuthTokenPerUser 

func NewBucketSpecOAuthTokenPerUser(userID string) ratelimit.BucketSpec

Types

type AnonymousIdentityProvider 

type AnonymousIdentityProvider interface {
	List(ctx context.Context, userID string) ([]*identity.Anonymous, error)
}

type AnonymousUserHandler 

type AnonymousUserHandler struct {
	AppID       config.AppID
	OAuthConfig *config.OAuthConfig

	Graphs              GraphService
	Authorizations      AuthorizationService
	Clock               clock.Clock
	TokenService        AnonymousUserHandlerTokenService
	UserProvider        UserProvider
	AnonymousIdentities AnonymousIdentityProvider
	PromotionCodes      PromotionCodeStore
	OAuthClientResolver OAuthClientResolver
}

func (*AnonymousUserHandler) IssuePromotionCode 

func (h *AnonymousUserHandler) IssuePromotionCode(
	ctx context.Context,
	req *http.Request,
	sessionType WebSessionType,
	refreshToken string,
) (code string, codeObj *anonymous.PromotionCode, err error)

func (*AnonymousUserHandler) SignupAnonymousUser 

func (h *AnonymousUserHandler) SignupAnonymousUser(
	ctx context.Context,
	req *http.Request,
	clientID string,
	sessionType WebSessionType,
	refreshToken string,
) (*SignupAnonymousUserResult, error)

SignupAnonymousUser return token response or api errors

type AnonymousUserHandlerTokenService 

type AnonymousUserHandlerTokenService interface {
	ParseRefreshToken(ctx context.Context, token string) (authz *oauth.Authorization, offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
	IssueOfflineGrant(
		ctx context.Context,
		client *config.OAuthClientConfig,
		opts IssueOfflineGrantOptions,
		resp protocol.TokenResponse,
	) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
	PrepareUserAccessGrantByRefreshToken(
		ctx context.Context,
		options PrepareUserAccessGrantByRefreshTokenOptions,
	) (*PrepareUserAccessGrantByRefreshTokenResult, error)
}

type App2AppService 

type App2AppService interface {
	ParseTokenUnverified(requestJWT string) (t *app2app.Request, err error)
	ParseToken(requestJWT string, key jwk.Key) (*app2app.Request, error)
}

type AppSessionTokenService 

type AppSessionTokenService interface {
	Handle(ctx context.Context, input oauth.AppSessionTokenInput) (httputil.Result, error)
}

type AuthenticationInfoResolver 

type AuthenticationInfoResolver interface {
	GetAuthenticationInfoID(req *http.Request) (string, bool)
}

type AuthenticationInfoService 

type AuthenticationInfoService interface {
	Get(ctx context.Context, entryID string) (*authenticationinfo.Entry, error)
	Delete(ctx context.Context, entryID string) error
}

type AuthorizationHandler 

type AuthorizationHandler struct {
	AppID                 config.AppID
	Config                *config.OAuthConfig
	AccountDeletionConfig *config.AccountDeletionConfig
	HTTPConfig            *config.HTTPConfig
	HTTPProto             httputil.HTTPProto
	HTTPOrigin            httputil.HTTPOrigin
	AppDomains            config.AppDomains

	Database AuthorizationHandlerDatabase

	UIURLBuilder                            UIURLBuilder
	UIInfoResolver                          UIInfoResolver
	AuthenticationInfoResolver              AuthenticationInfoResolver
	Authorizations                          AuthorizationService
	AppSessionTokenService                  AppSessionTokenService
	AuthenticationInfoService               AuthenticationInfoService
	Clock                                   clock.Clock
	Cookies                                 CookieManager
	OAuthSessionService                     OAuthSessionService
	CodeGrantService                        CodeGrantService
	SettingsActionGrantService              SettingsActionGrantService
	ClientResolver                          OAuthClientResolver
	PreAuthenticatedURLTokenService         AuthorizationHandlerPreAuthenticatedURLTokenService
	IDTokenIssuer                           IDTokenIssuer
	AuthorizationHandlerAccessTokenEncoding AuthorizationHandlerAccessTokenEncoding
}

func (*AuthorizationHandler) HandleConsentWithUserCancel 

func (h *AuthorizationHandler) HandleConsentWithUserCancel(ctx context.Context, req *http.Request) httputil.Result

func (*AuthorizationHandler) HandleConsentWithUserConsent 

func (h *AuthorizationHandler) HandleConsentWithUserConsent(ctx context.Context, req *http.Request) httputil.Result

func (*AuthorizationHandler) HandleConsentWithoutUserConsent 

func (h *AuthorizationHandler) HandleConsentWithoutUserConsent(ctx context.Context, req *http.Request) (httputil.Result, *ConsentRequired)

func (*AuthorizationHandler) HandleRequest 

func (h *AuthorizationHandler) HandleRequest(
	ctx context.Context,
	r protocol.AuthorizationRequest,
	params *AuthorizationParams,
) (result httputil.Result)

func (*AuthorizationHandler) ValidateRequestWithoutTx 

func (h *AuthorizationHandler) ValidateRequestWithoutTx(
	ctx context.Context,
	r protocol.AuthorizationRequest,
) (context.Context, *AuthorizationParams, *AuthorizationResultError)

nolint:gocognit

type AuthorizationHandlerAccessTokenEncoding 

type AuthorizationHandlerAccessTokenEncoding interface {
	MakeUserAccessTokenFromPreparationResult(
		ctx context.Context,
		options oauth.MakeUserAccessTokenFromPreparationOptions,
	) (*oauth.IssueAccessGrantResult, error)
}

type AuthorizationHandlerDatabase 

type AuthorizationHandlerDatabase interface {
	WithTx(ctx context.Context, do func(ctx context.Context) error) (err error)
}

type AuthorizationHandlerPreAuthenticatedURLTokenService 

type AuthorizationHandlerPreAuthenticatedURLTokenService interface {
	ExchangeForAccessToken(
		ctx context.Context,
		client *config.OAuthClientConfig,
		sessionID string,
		token string,
	) (oauth.PrepareUserAccessTokenResult, error)
}

type AuthorizationParams 

type AuthorizationParams struct {
	Client      *config.OAuthClientConfig
	RedirectURI *url.URL
}

type AuthorizationResultError 

type AuthorizationResultError struct {
	RedirectURI *url.URL

	ResponseMode string
	UseHTTP200   bool

	InternalError bool
	Response      protocol.ErrorResponse
	Cookies       []*http.Cookie
}

func (AuthorizationResultError) IsInternalError 

func (a AuthorizationResultError) IsInternalError() bool

func (AuthorizationResultError) WriteResponse 

func (a AuthorizationResultError) WriteResponse(rw http.ResponseWriter, r *http.Request)

type AuthorizationService 

type AuthorizationService interface {
	GetByID(ctx context.Context, id string) (*oauth.Authorization, error)
	CheckAndGrant(
		ctx context.Context,
		clientID string,
		userID string,
		scopes []string,
	) (*oauth.Authorization, error)
	Check(
		ctx context.Context,
		clientID string,
		userID string,
		scopes []string,
	) (*oauth.Authorization, error)
}

type ChallengeProvider 

type ChallengeProvider interface {
	Consume(ctx context.Context, token string) (*challenge.Purpose, error)
}

type ClientCredentialsAccessTokenOptions 

type ClientCredentialsAccessTokenOptions struct {
	ResourceURI        string
	Scopes             []string
	ClientConfig       *config.OAuthClientConfig
	MaskedClientSecret string
	Resource           *resourcescope.Resource
}

type CodeGrantService 

type CodeGrantService struct {
	AppID         config.AppID
	CodeGenerator TokenGenerator
	Clock         clock.Clock

	CodeGrants oauth.CodeGrantStore
}

func (*CodeGrantService) CreateCodeGrant 

func (s *CodeGrantService) CreateCodeGrant(ctx context.Context, opts *CreateCodeGrantOptions) (code string, grant *oauth.CodeGrant, err error)

type ConsentRequired 

type ConsentRequired struct {
	UserID string
	Scopes []string
	Client *config.OAuthClientConfig
}

type CookieManager 

type CookieManager interface {
	GetCookie(r *http.Request, def *httputil.CookieDef) (*http.Cookie, error)
	ValueCookie(def *httputil.CookieDef, value string) *http.Cookie
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type CookiesGetter 

type CookiesGetter interface {
	GetCookies() []*http.Cookie
}

type CreateCodeGrantOptions 

type CreateCodeGrantOptions struct {
	Authorization        *oauth.Authorization
	SessionType          session.Type
	SessionID            string
	AuthenticationInfo   authenticationinfo.T
	IDTokenHintSID       string
	RedirectURI          string
	AuthorizationRequest protocol.AuthorizationRequest
	DPoPJKT              string
}

type CreateSettingsActionGrantOptions 

type CreateSettingsActionGrantOptions struct {
	RedirectURI          string
	AuthorizationRequest protocol.AuthorizationRequest
	UserID               string
}

type EventService 

type EventService interface {
	DispatchEventOnCommit(ctx context.Context, payload event.Payload) error
}

type FinishAuthorizationOptions 

type FinishAuthorizationOptions struct {
	Client               *config.OAuthClientConfig
	RedirectURI          *url.URL
	AuthorizationRequest protocol.AuthorizationRequest
	SessionType          session.Type
	SessionID            string
	AuthenticationInfo   authenticationinfo.T
	IDTokenHintSID       string
	Cookies              []*http.Cookie
	GrantAuthz           bool
}

type GraphService 

type GraphService interface {
	NewGraph(ctx context.Context, interactionCtx *interaction.Context, intent interaction.Intent) (*interaction.Graph, error)
	DryRun(ctx context.Context, contextValue interaction.ContextValues, fn func(ctx context.Context, interactionCtx *interaction.Context) (*interaction.Graph, error)) error
	Run(ctx context.Context, contextValue interaction.ContextValues, graph *interaction.Graph) error
	Accept(ctx context.Context, interactionCtx *interaction.Context, graph *interaction.Graph, input interface{}) (*interaction.Graph, []interaction.Edge, error)
}

type HandleResult 

type HandleResult struct {
	PrepareIDTokenResult                       *oidc.PrepareIDTokenResult
	PrepareUserAccessGrantByRefreshTokenResult *PrepareUserAccessGrantByRefreshTokenResult
	Response                                   protocol.TokenResponse
}

type IDTokenIssuer 

type IDTokenIssuer interface {
	Iss() string
	PrepareIDToken(ctx context.Context, opts oidc.PrepareIDTokenOptions) (result *oidc.PrepareIDTokenResult, err error)
	MakeIDTokenFromPreparationResult(ctx context.Context, opts oidc.MakeIDTokenFromPreparationResultOptions) (idToken string, err error)
	VerifyIDToken(idToken string) (token jwt.Token, err error)
}

type IssueOfflineGrantOptions 

type IssueOfflineGrantOptions struct {
	AuthenticationInfo authenticationinfo.T
	Scopes             []string
	AuthorizationID    string
	IDPSessionID       string
	DeviceInfo         map[string]interface{}
	IdentityID         string
	SSOEnabled         bool
	App2AppDeviceKey   jwk.Key
	IssueDeviceSecret  bool
	DPoPJKT            string
}

type IssueOfflineGrantRefreshTokenOptions 

type IssueOfflineGrantRefreshTokenOptions struct {
	Scopes          []string
	AuthorizationID string
	DPoPJKT         string
}

type IssuePreAuthenticatedURLTokenOptions 

type IssuePreAuthenticatedURLTokenOptions struct {
	AppID           string
	ClientID        string
	OfflineGrantID  string
	AuthorizationID string
	Scopes          []string
}

type IssuePreAuthenticatedURLTokenResult 

type IssuePreAuthenticatedURLTokenResult struct {
	Token     string
	TokenHash string
	TokenType string
	ExpiresIn int
}

type OAuthClientResolver 

type OAuthClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type OAuthSessionService 

type OAuthSessionService interface {
	Save(ctx context.Context, entry *oauthsession.Entry) (err error)
	Get(ctx context.Context, entryID string) (*oauthsession.Entry, error)
	Delete(ctx context.Context, entryID string) error
}

type PreAuthenticatedURLTokenService 

type PreAuthenticatedURLTokenService interface {
	IssuePreAuthenticatedURLToken(
		ctx context.Context,
		options *IssuePreAuthenticatedURLTokenOptions,
	) (*IssuePreAuthenticatedURLTokenResult, error)
}

type PreAuthenticatedURLTokenServiceImpl 

type PreAuthenticatedURLTokenServiceImpl struct {
	Clock clock.Clock

	PreAuthenticatedURLTokens oauth.PreAuthenticatedURLTokenStore
	AccessGrantService        oauth.PreAuthenticatedURLTokenAccessGrantService
	OfflineGrantService       oauth.PreAuthenticatedURLTokenOfflineGrantService
}

func (*PreAuthenticatedURLTokenServiceImpl) ExchangeForAccessToken 

func (s *PreAuthenticatedURLTokenServiceImpl) ExchangeForAccessToken(
	ctx context.Context,
	client *config.OAuthClientConfig,
	sessionID string,
	token string,
) (oauth.PrepareUserAccessTokenResult, error)

func (*PreAuthenticatedURLTokenServiceImpl) IssuePreAuthenticatedURLToken 

func (s *PreAuthenticatedURLTokenServiceImpl) IssuePreAuthenticatedURLToken(
	ctx context.Context,
	options *IssuePreAuthenticatedURLTokenOptions,
) (*IssuePreAuthenticatedURLTokenResult, error)

type PrepareUserAccessGrantByRefreshTokenOptions 

type PrepareUserAccessGrantByRefreshTokenOptions struct {
	oauth.PrepareUserAccessGrantOptions
	ShouldRotateRefreshToken bool
}

type PrepareUserAccessGrantByRefreshTokenResult 

type PrepareUserAccessGrantByRefreshTokenResult struct {
	RotateRefreshTokenResult *oauth.RotateRefreshTokenResult
	PreparationResult        oauth.PrepareUserAccessTokenResult
}

type PromotionCodeStore 

type PromotionCodeStore interface {
	CreatePromotionCode(ctx context.Context, code *anonymous.PromotionCode) error
}

type ProxyRedirectHandler 

type ProxyRedirectHandler struct {
	OAuthConfig *config.OAuthConfig
	HTTPOrigin  httputil.HTTPOrigin
	HTTPProto   httputil.HTTPProto
	AppDomains  config.AppDomains
}

func (*ProxyRedirectHandler) Validate 

func (h *ProxyRedirectHandler) Validate(redirectURIWithQuery string) (*oauth.WriteResponseOptions, error)

type RevokeHandler 

type RevokeHandler struct {
	SessionManager      SessionManager
	OfflineGrantService RevokeHandlerOfflineGrantService
	AccessGrants        RevokeHandlerAccessGrantStore
}

func (*RevokeHandler) Handle 

func (h *RevokeHandler) Handle(ctx context.Context, r protocol.RevokeRequest) error

type RevokeHandlerAccessGrantStore 

type RevokeHandlerAccessGrantStore interface {
	GetAccessGrant(ctx context.Context, tokenHash string) (*oauth.AccessGrant, error)
	DeleteAccessGrant(ctx context.Context, g *oauth.AccessGrant) error
}

type RevokeHandlerOfflineGrantService 

type RevokeHandlerOfflineGrantService interface {
	GetOfflineGrant(ctx context.Context, id string) (*oauth.OfflineGrant, error)
}

type SessionManager 

type SessionManager interface {
	RevokeWithEvent(ctx context.Context, session session.SessionBase, isTermination bool, isAdminAPI bool) error
	RevokeWithoutEvent(ctx context.Context, session session.SessionBase) error
}

type SettingsActionGrantService 

type SettingsActionGrantService struct {
	AppID         config.AppID
	CodeGenerator TokenGenerator
	Clock         clock.Clock

	SettingsActionGrants oauth.SettingsActionGrantStore
}

func (*SettingsActionGrantService) CreateSettingsActionGrant 

func (s *SettingsActionGrantService) CreateSettingsActionGrant(ctx context.Context, opts *CreateSettingsActionGrantOptions) (code string, grant *oauth.SettingsActionGrant, err error)

type SignupAnonymousUserResult 

type SignupAnonymousUserResult struct {
	PrepareUserAccessGrantByRefreshTokenResult *PrepareUserAccessGrantByRefreshTokenResult
	Response                                   protocol.TokenResponse

	Cookies []*http.Cookie
}

type SimpleSessionLike 

type SimpleSessionLike struct {
	ID               string
	GrantSessionKind oauth.GrantSessionKind
}

func (SimpleSessionLike) SessionID 

func (s SimpleSessionLike) SessionID() string

func (SimpleSessionLike) SessionType 

func (s SimpleSessionLike) SessionType() session.Type

type TokenGenerator 

type TokenGenerator func() string

type TokenHandler 

type TokenHandler struct {
	Database TokenHandlerAppDatabase

	AppID                  config.AppID
	AppDomains             config.AppDomains
	HTTPProto              httputil.HTTPProto
	HTTPOrigin             httputil.HTTPOrigin
	OAuthFeatureConfig     *config.OAuthFeatureConfig
	IdentityFeatureConfig  *config.IdentityFeatureConfig
	OAuthClientCredentials *config.OAuthClientCredentials

	Authorizations                  AuthorizationService
	CodeGrants                      TokenHandlerCodeGrantStore
	SettingsActionGrantStore        TokenHandlerSettingsActionGrantStore
	IDPSessions                     TokenHandlerIDPSessionProvider
	OfflineGrants                   TokenHandlerOfflineGrantStore
	AppSessionTokens                TokenHandlerAppSessionTokenStore
	OfflineGrantService             TokenHandlerOfflineGrantService
	PreAuthenticatedURLTokenService PreAuthenticatedURLTokenService
	ClientResourceScopeService      TokenHandlerClientResourceScopeService
	Graphs                          GraphService
	IDTokenIssuer                   IDTokenIssuer
	Clock                           clock.Clock
	TokenService                    TokenHandlerTokenService
	AccessTokenEncoding             TokenHandlerAccessTokenEncoding
	Events                          EventService
	SessionManager                  SessionManager
	App2App                         App2AppService
	Challenges                      ChallengeProvider
	CodeGrantService                TokenHandlerCodeGrantService
	ClientResolver                  OAuthClientResolver
	UIInfoResolver                  UIInfoResolver
	RateLimiter                     TokenHandlerRateLimiter

	RemoteIP        httputil.RemoteIP
	UserAgentString httputil.UserAgentString
}

func (*TokenHandler) Handle 

func (h *TokenHandler) Handle(ctx context.Context, rw http.ResponseWriter, req *http.Request, r protocol.TokenRequest) httputil.Result

func (*TokenHandler) IssueAppSessionToken 

func (h *TokenHandler) IssueAppSessionToken(ctx context.Context, refreshToken string) (string, *oauth.AppSessionToken, error)

func (*TokenHandler) IssueTokensForAuthorizationCode 

func (h *TokenHandler) IssueTokensForAuthorizationCode(
	ctx context.Context,
	client *config.OAuthClientConfig,
	r protocol.TokenRequest,
) (*HandleResult, error)

nolint:gocognit

func (*TokenHandler) IssueTokensForSettingsActionCode 

func (h *TokenHandler) IssueTokensForSettingsActionCode(
	ctx context.Context,
	client *config.OAuthClientConfig,
	r protocol.TokenRequest,
) (*HandleResult, error)

nolint:gocognit

type TokenHandlerAccessTokenEncoding 

type TokenHandlerAccessTokenEncoding interface {
	MakeUserAccessTokenFromPreparationResult(
		ctx context.Context,
		options oauth.MakeUserAccessTokenFromPreparationOptions,
	) (*oauth.IssueAccessGrantResult, error)
}

type TokenHandlerAppDatabase 

type TokenHandlerAppDatabase interface {
	WithTx(ctx_original context.Context, do func(ctx context.Context) error) (err error)
}

type TokenHandlerAppSessionTokenStore 

type TokenHandlerAppSessionTokenStore interface {
	CreateAppSessionToken(ctx context.Context, t *oauth.AppSessionToken) error
}

type TokenHandlerClientResourceScopeService 

type TokenHandlerClientResourceScopeService interface {
	GetClientResourceByURI(ctx context.Context, clientID string, uri string) (*resourcescope.Resource, error)
	GetClientResourceScopes(ctx context.Context, clientID string, resourceID string) ([]*resourcescope.Scope, error)
}

type TokenHandlerCodeGrantService 

type TokenHandlerCodeGrantService interface {
	CreateCodeGrant(ctx context.Context, opts *CreateCodeGrantOptions) (code string, grant *oauth.CodeGrant, err error)
}

type TokenHandlerCodeGrantStore 

type TokenHandlerCodeGrantStore interface {
	GetCodeGrant(ctx context.Context, codeHash string) (*oauth.CodeGrant, error)
	DeleteCodeGrant(ctx context.Context, g *oauth.CodeGrant) error
}

type TokenHandlerIDPSessionProvider 

type TokenHandlerIDPSessionProvider interface {
	Get(ctx context.Context, id string) (*idpsession.IDPSession, error)
}

type TokenHandlerOfflineGrantService 

type TokenHandlerOfflineGrantService interface {
	AccessOfflineGrant(ctx context.Context, id string, refreshTokenHash string, accessEvent *access.Event, expireAt time.Time) (*oauth.OfflineGrant, error)
	GetOfflineGrant(ctx context.Context, id string) (*oauth.OfflineGrant, error)
}

type TokenHandlerOfflineGrantStore 

type TokenHandlerOfflineGrantStore interface {
	DeleteOfflineGrant(ctx context.Context, g *oauth.OfflineGrant) error

	UpdateOfflineGrantDeviceInfo(ctx context.Context, id string, deviceInfo map[string]interface{}, expireAt time.Time) (*oauth.OfflineGrant, error)
	UpdateOfflineGrantAuthenticatedAt(ctx context.Context, id string, authenticatedAt time.Time, expireAt time.Time) (*oauth.OfflineGrant, error)
	UpdateOfflineGrantApp2AppDeviceKey(ctx context.Context, id string, newKey string, expireAt time.Time) (*oauth.OfflineGrant, error)
	UpdateOfflineGrantDeviceSecretHash(
		ctx context.Context,
		grantID string,
		newDeviceSecretHash string,
		dpopJKT string,
		expireAt time.Time) (*oauth.OfflineGrant, error)

	ListOfflineGrants(ctx context.Context, userID string) ([]*oauth.OfflineGrant, error)
	ListClientOfflineGrants(ctx context.Context, clientID string, userID string) ([]*oauth.OfflineGrant, error)
}

type TokenHandlerRateLimiter 

type TokenHandlerRateLimiter interface {
	Allow(ctx context.Context, spec ratelimit.BucketSpec) (*ratelimit.FailedReservation, error)
}

type TokenHandlerSettingsActionGrantStore 

type TokenHandlerSettingsActionGrantStore interface {
	GetSettingsActionGrant(ctx context.Context, codeHash string) (*oauth.SettingsActionGrant, error)
	DeleteSettingsActionGrant(ctx context.Context, g *oauth.SettingsActionGrant) error
}

type TokenHandlerTokenService 

type TokenHandlerTokenService interface {
	ParseRefreshToken(ctx context.Context, token string) (authz *oauth.Authorization, offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
	PrepareUserAccessGrantByRefreshToken(
		ctx context.Context,
		options PrepareUserAccessGrantByRefreshTokenOptions,
	) (*PrepareUserAccessGrantByRefreshTokenResult, error)
	IssueOfflineGrant(
		ctx context.Context,
		client *config.OAuthClientConfig,
		opts IssueOfflineGrantOptions,
		resp protocol.TokenResponse,
	) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
	IssueRefreshTokenForOfflineGrant(
		ctx context.Context,
		offlineGrantID string,
		client *config.OAuthClientConfig,
		opts IssueOfflineGrantRefreshTokenOptions,
		resp protocol.TokenResponse,
	) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)
	IssueDeviceSecret(ctx context.Context, resp protocol.TokenResponse) (deviceSecretHash string)
	IssueClientCredentialsAccessToken(
		ctx context.Context,
		options ClientCredentialsAccessTokenOptions,
		resp protocol.TokenResponse,
	) error
}

type TokenHandlerUserFacade 

type TokenHandlerUserFacade interface {
	GetRaw(ctx context.Context, id string) (*user.User, error)
}

type TokenService 

type TokenService struct {
	RemoteIP        httputil.RemoteIP
	UserAgentString httputil.UserAgentString
	AppID           config.AppID
	Config          *config.OAuthConfig
	ClientResolver  OAuthClientResolver

	Authorizations      TokenServiceAuthorizationStore
	OfflineGrants       TokenServiceOfflineGrantStore
	AccessGrants        TokenServiceAccessGrantStore
	OfflineGrantService TokenServiceOfflineGrantService
	AccessEvents        *access.EventProvider
	AccessTokenIssuer   TokenServiceAccessTokenIssuer
	GenerateToken       TokenGenerator
	Clock               clock.Clock
	Users               TokenHandlerUserFacade
	Events              EventService

	AccessGrantService TokenServiceAccessGrantService
}

func (*TokenService) IssueClientCredentialsAccessToken 

func (s *TokenService) IssueClientCredentialsAccessToken(ctx context.Context, options ClientCredentialsAccessTokenOptions, resp protocol.TokenResponse) error

func (*TokenService) IssueDeviceSecret 

func (s *TokenService) IssueDeviceSecret(ctx context.Context, resp protocol.TokenResponse) (deviceSecretHash string)

func (*TokenService) IssueOfflineGrant 

func (s *TokenService) IssueOfflineGrant(
	ctx context.Context,
	client *config.OAuthClientConfig,
	opts IssueOfflineGrantOptions,
	resp protocol.TokenResponse,
) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)

func (*TokenService) IssueRefreshTokenForOfflineGrant 

func (s *TokenService) IssueRefreshTokenForOfflineGrant(
	ctx context.Context,
	offlineGrantID string,
	client *config.OAuthClientConfig,
	opts IssueOfflineGrantRefreshTokenOptions,
	resp protocol.TokenResponse,
) (offlineGrant *oauth.OfflineGrant, tokenHash string, err error)

func (*TokenService) ParseRefreshToken 

func (s *TokenService) ParseRefreshToken(ctx context.Context, token string) (
	authz *oauth.Authorization, offlineGrant *oauth.OfflineGrant, tokenHash string, err error)

func (*TokenService) PrepareUserAccessGrantByRefreshToken 

func (s *TokenService) PrepareUserAccessGrantByRefreshToken(
	ctx context.Context,
	options PrepareUserAccessGrantByRefreshTokenOptions,
) (*PrepareUserAccessGrantByRefreshTokenResult, error)

type TokenServiceAccessGrantService 

type TokenServiceAccessGrantService interface {
	PrepareUserAccessGrant(
		ctx context.Context,
		options oauth.PrepareUserAccessGrantOptions,
	) (oauth.PrepareUserAccessTokenResult, error)
}

type TokenServiceAccessGrantStore 

type TokenServiceAccessGrantStore interface {
	oauth.AccessGrantStore
}

type TokenServiceAccessTokenIssuer 

type TokenServiceAccessTokenIssuer interface {
	EncodeClientAccessToken(ctx context.Context, options oauth.EncodeClientAccessTokenOptions) (string, error)
}

type TokenServiceAuthorizationStore 

type TokenServiceAuthorizationStore interface {
	oauth.AuthorizationStore
}

type TokenServiceOfflineGrantService 

type TokenServiceOfflineGrantService interface {
	ComputeOfflineGrantExpiry(session *oauth.OfflineGrant) (expiry time.Time, err error)
	GetOfflineGrant(ctx context.Context, id string) (*oauth.OfflineGrant, error)
	CreateNewRefreshToken(
		ctx context.Context,
		options oauth.CreateNewRefreshTokenOptions,
	) (*oauth.CreateNewRefreshTokenResult, *oauth.OfflineGrant, error)
	RotateRefreshToken(
		ctx context.Context,
		options oauth.RotateRefreshTokenOptions,
	) (*oauth.RotateRefreshTokenResult, *oauth.OfflineGrant, error)
}

type TokenServiceOfflineGrantStore 

type TokenServiceOfflineGrantStore interface {
	oauth.OfflineGrantStore
}

type UIInfoResolver 

type UIInfoResolver interface {
	ResolveForAuthorizationEndpoint(ctx context.Context, client *config.OAuthClientConfig, req protocol.AuthorizationRequest) (*oidc.UIInfo, *oidc.UIInfoByProduct, error)
}

type UIURLBuilder 

type UIURLBuilder interface {
	BuildAuthenticationURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)
	BuildSettingsActionURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)
}

type UserProvider 

type UserProvider interface {
	Get(ctx context.Context, id string, role accesscontrol.Role) (*model.User, error)
}

type WebSessionType 

type WebSessionType string
const (
	WebSessionTypeCookie       WebSessionType = "cookie"
	WebSessionTypeRefreshToken WebSessionType = "refresh_token"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.