token

package
v0.0.0-...-1726717 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2026 License: MIT Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthToken 

type AuthToken struct {
	FingerPrint string `json:"fingerprint"`
	// Session Token
	FingerPrintHash       string    `json:"fingerprint_hash"`
	SessionTokenExpiresAt int64     `json:"expires_at"`
	RefreshToken          *JWTToken `json:"refresh_token"`
	AccessToken           *JWTToken `json:"access_token"`
	IDToken               *JWTToken `json:"id_token"`
}

AuthToken object to hold the finger print, access token, id token and refresh token information

type AuthTokenConfig 

type AuthTokenConfig struct {
	LoginMethod string
	Nonce       string
	// OIDCNonce is the nonce value from the original OIDC /authorize
	// request. When set, CreateIDToken uses this for the id_token "nonce"
	// claim instead of Nonce. This separates the OIDC nonce (client-
	// provided, echoed back) from the internal session nonce (Nonce).
	OIDCNonce  string
	Code       string
	AtHash     string
	CodeHash   string
	ExpireTime string
	User       *schemas.User
	HostName   string
	Roles      []string
	Scope      []string
	// AuthTime is the Unix timestamp (seconds) at which the user
	// authenticated. OIDC Core §2 defines this as the `auth_time` ID
	// token claim. If zero, CreateIDToken falls back to time.Now() so
	// existing callers continue to work unchanged (backward compat).
	AuthTime int64
}

AuthTokenConfig is the configuration for auth token

type BackchannelLogoutConfig 

type BackchannelLogoutConfig struct {
	HostName  string
	Subject   string
	SessionID string
}

BackchannelLogoutConfig holds the per-logout data needed to build and send a logout_token. The HostName is the issuer; the Subject identifies the user; SessionID is echoed as the sid claim.

type Dependencies 

type Dependencies struct {
	Log                 *zerolog.Logger
	MemoryStoreProvider memory_store.Provider
}

Dependencies struct for token provider

type JWTToken 

type JWTToken struct {
	Token     string `json:"token"`
	ExpiresAt int64  `json:"expires_at"`
}

JWTToken is a struct to hold JWT token and its expiration time

type Provider 

type Provider interface {
	// CreateAccessToken creates an access token
	CreateAccessToken(cfg *AuthTokenConfig) (string, int64, error)
	// CreateAuthToken creates all types of auth token
	CreateAuthToken(gc *gin.Context, cfg *AuthTokenConfig) (*AuthToken, error)
	// CreateIDToken creates an id token
	CreateIDToken(cfg *AuthTokenConfig) (string, int64, error)
	// CreateRefreshToken creates a refresh token
	CreateRefreshToken(cfg *AuthTokenConfig) (string, int64, error)
	// CreateSessionToken creates a session token
	CreateSessionToken(cfg *AuthTokenConfig) (*SessionData, string, int64, error)
	// CreateVerificationToken creates a verification token
	CreateVerificationToken(authTokenConfig *AuthTokenConfig, redirectURL string, tokenType string) (string, error)
	// GetAd
	GetAdminAuthToken(gc *gin.Context) (string, error)
	// GetAccessToken gets access token from request
	GetAccessToken(gc *gin.Context) (string, error)
	// GetIDToken gets id token from request
	GetIDToken(gc *gin.Context) (string, error)
	// GetUserIDFromSessionOrAccessToken gets user id from session or access token
	GetUserIDFromSessionOrAccessToken(gc *gin.Context) (*SessionOrAccessTokenData, error)
	// IsSuperAdmin checks if user is super admin
	IsSuperAdmin(gc *gin.Context) bool
	// ParseJWTToken parses jwt token
	ParseJWTToken(token string) (jwt.MapClaims, error)
	// SignJWTToken signs jwt token
	SignJWTToken(jwtclaims jwt.MapClaims) (string, error)
	// ValidateAccessToken validates access token
	ValidateAccessToken(gc *gin.Context, accessToken string) (map[string]interface{}, error)
	// ValidateAdminToken validates session token
	ValidateBrowserSession(gc *gin.Context, encryptedSession string) (*SessionData, error)
	// ValidateJWTClaims validates jwt claims
	ValidateJWTClaims(claims jwt.MapClaims, authTokenConfig *AuthTokenConfig) (bool, error)
	// ValidateJWTTokenWithoutNonce validates jwt token without nonce
	ValidateJWTTokenWithoutNonce(claims jwt.MapClaims, authTokenConfig *AuthTokenConfig) (bool, error)
	// ValidateRefreshToken validates refresh token
	ValidateRefreshToken(gc *gin.Context, refreshToken string) (map[string]interface{}, error)
	// NotifyBackchannelLogout signs and POSTs an OIDC Back-Channel Logout
	// 1.0 logout_token to the supplied URI. Intended to be invoked from a
	// goroutine; remote HTTP failures are not surfaced beyond the local error.
	NotifyBackchannelLogout(ctx context.Context, uri string, cfg *BackchannelLogoutConfig) error
}

Provider interface for token provider

func New 

func New(cfg *config.Config, deps *Dependencies) (Provider, error)

New returns a new token provider

type SessionData 

type SessionData struct {
	Subject     string   `json:"sub"`
	Roles       []string `json:"roles"`
	Scope       []string `json:"scope"`
	Nonce       string   `json:"nonce"`
	IssuedAt    int64    `json:"iat"`
	ExpiresAt   int64    `json:"exp"`
	LoginMethod string   `json:"login_method"`
}

SessionData

type SessionOrAccessTokenData 

type SessionOrAccessTokenData struct {
	UserID      string
	LoginMethod string
	Nonce       string
}

SessionOrAccessTokenData is a struct to hold session or access token data

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.