op

package
v0.7.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 10, 2020 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ApplicationTypeWeb ApplicationType = iota
	ApplicationTypeUserAgent
	ApplicationTypeNative

	AccessTokenTypeBearer AccessTokenType = iota
	AccessTokenTypeJWT
)
View Source 
const (
	AuthMethodBasic AuthMethod = "client_secret_basic"
	AuthMethodPost             = "client_secret_post"
	AuthMethodNone             = "none"

	CodeMethodS256 = "S256"
)
View Source 
const (
	ScopeOpenID  = "openid"
	ScopeProfile = "profile"
	ScopeEmail   = "email"
	ScopePhone   = "phone"
	ScopeAddress = "address"
)
View Source 
const (
	InvalidRequest      errorType = "invalid_request"
	InvalidRequestURI   errorType = "invalid_request_uri"
	InteractionRequired errorType = "interaction_required"
	ServerError         errorType = "server_error"
)

Variables

View Source 
var (
	ErrInvalidRequest = func(description string) *OAuthError {
		return &OAuthError{
			ErrorType:   InvalidRequest,
			Description: description,
		}
	}
	ErrInvalidRequestRedirectURI = func(description string) *OAuthError {
		return &OAuthError{
			ErrorType:        InvalidRequestURI,
			Description:      description,
			redirectDisabled: true,
		}
	}
	ErrInteractionRequired = func(description string) *OAuthError {
		return &OAuthError{
			ErrorType:   InteractionRequired,
			Description: description,
		}
	}
	ErrServerError = func(description string) *OAuthError {
		return &OAuthError{
			ErrorType:   ServerError,
			Description: description,
		}
	}
)
View Source 
var (
	DefaultEndpoints = &endpoints{
		Authorization: NewEndpoint(defaultAuthorizationEndpoint),
		Token:         NewEndpoint(defaulTokenEndpoint),
		Introspection: NewEndpoint(defaultIntrospectEndpoint),
		Userinfo:      NewEndpoint(defaultUserinfoEndpoint),
		EndSession:    NewEndpoint(defaultEndSessionEndpoint),
		JwksURI:       NewEndpoint(defaultKeysEndpoint),
	}
)
View Source 
var DefaultSupportedScopes = []string{
	ScopeOpenID,
	ScopeProfile,
	ScopeEmail,
	ScopePhone,
	ScopeAddress,
}

Functions

func AuthMethods 

func AuthMethods(c Configuration) []string

func AuthRequestError 

func AuthRequestError(w http.ResponseWriter, r *http.Request, authReq ErrAuthRequest, err error, encoder utils.Encoder)

func AuthResponse 

func AuthResponse(authReq AuthRequest, authorizer Authorizer, w http.ResponseWriter, r *http.Request)

func AuthResponseCode 

func AuthResponseCode(w http.ResponseWriter, r *http.Request, authReq AuthRequest, authorizer Authorizer)

func AuthResponseToken 

func AuthResponseToken(w http.ResponseWriter, r *http.Request, authReq AuthRequest, authorizer Authorizer, client Client)

func Authorize 

func Authorize(w http.ResponseWriter, r *http.Request, authorizer Authorizer)

Authorize handles the authorization request, including parsing, validating, storing and finally redirecting to the login handler

func AuthorizeCallback 

func AuthorizeCallback(w http.ResponseWriter, r *http.Request, authorizer Authorizer)

func AuthorizeClient 

func AuthorizeClient(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger) (AuthRequest, Client, error)

func AuthorizeClientIDSecret 

func AuthorizeClientIDSecret(ctx context.Context, clientID, clientSecret string, storage OPStorage) error

func BuildAuthRequestCode 

func BuildAuthRequestCode(authReq AuthRequest, crypto Crypto) (string, error)

func CodeChallengeMethods added in v0.7.1 

func CodeChallengeMethods(c Configuration) []string

func CodeExchange 

func CodeExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger)

func ContainsResponseType added in v0.7.0 

func ContainsResponseType(types []oidc.ResponseType, responseType oidc.ResponseType) bool

func CreateAccessToken 

func CreateAccessToken(ctx context.Context, authReq AuthRequest, client Client, creator TokenCreator) (token string, validity time.Duration, err error)

func CreateAuthRequestCode added in v0.6.2 

func CreateAuthRequestCode(ctx context.Context, authReq AuthRequest, storage Storage, crypto Crypto) (string, error)

func CreateBearerToken 

func CreateBearerToken(id string, crypto Crypto) (string, error)

func CreateDiscoveryConfig 

func CreateDiscoveryConfig(c Configuration, s Signer) *oidc.DiscoveryConfiguration

func CreateIDToken 

func CreateIDToken(ctx context.Context, issuer string, authReq AuthRequest, validity time.Duration, accessToken, code string, storage Storage, signer Signer) (string, error)

func CreateJWT 

func CreateJWT(issuer string, authReq AuthRequest, exp time.Time, id string, signer Signer) (string, error)

func CreateRouter 

func CreateRouter(o OpenIDProvider, interceptors ...HttpInterceptor) *mux.Router

func CreateTokenResponse 

func CreateTokenResponse(ctx context.Context, authReq AuthRequest, client Client, creator TokenCreator, createAccessToken bool, code string) (*oidc.AccessTokenResponse, error)

func Discover 

func Discover(w http.ResponseWriter, config *oidc.DiscoveryConfiguration)

func EndSession added in v0.4.0 

func EndSession(w http.ResponseWriter, r *http.Request, ender SessionEnder)

func GrantTypes 

func GrantTypes(c Configuration) []string

func Healthz added in v0.2.1 

func Healthz(w http.ResponseWriter, r *http.Request)

func IsConfidentialType 

func IsConfidentialType(c Client) bool

func Keys 

func Keys(w http.ResponseWriter, r *http.Request, k KeyProvider)

func NeedsExistingSession 

func NeedsExistingSession(authRequest *oidc.AuthRequest) bool

func ParseAccessTokenRequest 

func ParseAccessTokenRequest(r *http.Request, decoder utils.Decoder) (*oidc.AccessTokenRequest, error)

func ParseAuthorizeRequest added in v0.7.5 

func ParseAuthorizeRequest(r *http.Request, decoder utils.Decoder) (*oidc.AuthRequest, error)

func ParseEndSessionRequest added in v0.4.0 

func ParseEndSessionRequest(r *http.Request, decoder utils.Decoder) (*oidc.EndSessionRequest, error)

func ParseTokenExchangeRequest 

func ParseTokenExchangeRequest(w http.ResponseWriter, r *http.Request) (oidc.TokenRequest, error)

func Readiness added in v0.2.1 

func Readiness(w http.ResponseWriter, r *http.Request, probes ...ProbesFn)

func RedirectToLogin 

func RedirectToLogin(authReqID string, client Client, w http.ResponseWriter, r *http.Request)

func RequestError added in v0.4.0 

func RequestError(w http.ResponseWriter, r *http.Request, err error)

func ResponseTypes 

func ResponseTypes(c Configuration) []string

func Scopes 

func Scopes(c Configuration) []string

func SigAlgorithms 

func SigAlgorithms(s Signer) []string

func SubjectTypes 

func SubjectTypes(c Configuration) []string

func SupportedClaims 

func SupportedClaims(c Configuration) []string

func TokenExchange 

func TokenExchange(w http.ResponseWriter, r *http.Request, exchanger Exchanger)

func Userinfo 

func Userinfo(w http.ResponseWriter, r *http.Request, userinfoProvider UserinfoProvider)

func ValidateAccessTokenRequest 

func ValidateAccessTokenRequest(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger) (AuthRequest, Client, error)

func ValidateAuthReqIDTokenHint added in v0.5.0 

func ValidateAuthReqIDTokenHint(ctx context.Context, idTokenHint string, verifier rp.Verifier) (string, error)

func ValidateAuthReqRedirectURI 

func ValidateAuthReqRedirectURI(client Client, uri string, responseType oidc.ResponseType) error

func ValidateAuthReqResponseType 

func ValidateAuthReqResponseType(client Client, responseType oidc.ResponseType) error

func ValidateAuthReqScopes 

func ValidateAuthReqScopes(scopes []string) error

func ValidateAuthRequest 

func ValidateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, storage Storage, verifier rp.Verifier) (string, error)

func ValidateIssuer 

func ValidateIssuer(issuer string) error

func ValidateTokenExchangeRequest 

func ValidateTokenExchangeRequest(tokenReq oidc.TokenRequest, storage Storage) error

Types

type AccessTokenType 

type AccessTokenType int

type ApplicationType 

type ApplicationType int

type AuthMethod 

type AuthMethod string

type AuthRequest 

type AuthRequest interface {
	GetID() string
	GetACR() string
	GetAMR() []string
	GetAudience() []string
	GetAuthTime() time.Time
	GetClientID() string
	GetCodeChallenge() *oidc.CodeChallenge
	GetNonce() string
	GetRedirectURI() string
	GetResponseType() oidc.ResponseType
	GetScopes() []string
	GetState() string
	GetSubject() string
	Done() bool
}

func AuthorizeCodeChallenge 

func AuthorizeCodeChallenge(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger) (AuthRequest, error)

type AuthStorage 

type AuthStorage interface {
	CreateAuthRequest(context.Context, *oidc.AuthRequest, string) (AuthRequest, error)
	AuthRequestByID(context.Context, string) (AuthRequest, error)
	AuthRequestByCode(context.Context, string) (AuthRequest, error)
	SaveAuthCode(context.Context, string, string) error
	DeleteAuthRequest(context.Context, string) error

	CreateToken(context.Context, AuthRequest) (string, time.Time, error)

	TerminateSession(context.Context, string, string) error

	GetSigningKey(context.Context, chan<- jose.SigningKey, chan<- error, <-chan time.Time)
	GetKeySet(context.Context) (*jose.JSONWebKeySet, error)
	SaveNewKeyPair(context.Context) error
}

type AuthorizeValidator added in v0.7.5 

type AuthorizeValidator interface {
	Authorizer
	ValidateAuthRequest(context.Context, *oidc.AuthRequest, Storage, rp.Verifier) (string, error)
}

AuthorizeValidator is an extension of Authorizer interface implementing it's own validation mechanism for the auth request

type Authorizer 

type Authorizer interface {
	Storage() Storage
	Decoder() utils.Decoder
	Encoder() utils.Encoder
	Signer() Signer
	IDTokenVerifier() rp.Verifier
	Crypto() Crypto
	Issuer() string
}

type Client 

type Client interface {
	GetID() string
	RedirectURIs() []string
	PostLogoutRedirectURIs() []string
	ApplicationType() ApplicationType
	AuthMethod() AuthMethod
	ResponseTypes() []oidc.ResponseType
	LoginURL(string) string
	AccessTokenType() AccessTokenType
	IDTokenLifetime() time.Duration
	DevMode() bool
}

type Config 

type Config struct {
	Issuer                   string
	CryptoKey                [32]byte
	DefaultLogoutRedirectURI string
	CodeMethodS256           bool
}

type Configuration 

type Configuration interface {
	Issuer() string
	AuthorizationEndpoint() Endpoint
	TokenEndpoint() Endpoint
	UserinfoEndpoint() Endpoint
	EndSessionEndpoint() Endpoint
	KeysEndpoint() Endpoint

	AuthMethodPostSupported() bool
	CodeMethodS256Supported() bool
}

type Crypto 

type Crypto interface {
	Encrypt(string) (string, error)
	Decrypt(string) (string, error)
}

func NewAESCrypto 

func NewAESCrypto(key [32]byte) Crypto

type DefaultOP 

type DefaultOP struct {
	// contains filtered or unexported fields
}

func (*DefaultOP) AuthMethodPostSupported 

func (p *DefaultOP) AuthMethodPostSupported() bool

func (*DefaultOP) AuthorizationEndpoint 

func (p *DefaultOP) AuthorizationEndpoint() Endpoint

func (*DefaultOP) CodeMethodS256Supported added in v0.7.1 

func (p *DefaultOP) CodeMethodS256Supported() bool

func (*DefaultOP) Crypto 

func (p *DefaultOP) Crypto() Crypto

func (*DefaultOP) Decoder 

func (p *DefaultOP) Decoder() utils.Decoder

func (*DefaultOP) DefaultLogoutRedirectURI added in v0.4.0 

func (p *DefaultOP) DefaultLogoutRedirectURI() string

func (*DefaultOP) Encoder 

func (p *DefaultOP) Encoder() utils.Encoder

func (*DefaultOP) EndSessionEndpoint added in v0.4.0 

func (p *DefaultOP) EndSessionEndpoint() Endpoint

func (*DefaultOP) HandleAuthorize 

func (p *DefaultOP) HandleAuthorize(w http.ResponseWriter, r *http.Request)

func (*DefaultOP) HandleAuthorizeCallback 

func (p *DefaultOP) HandleAuthorizeCallback(w http.ResponseWriter, r *http.Request)

func (*DefaultOP) HandleDiscovery 

func (p *DefaultOP) HandleDiscovery(w http.ResponseWriter, r *http.Request)

func (*DefaultOP) HandleEndSession added in v0.4.0 

func (p *DefaultOP) HandleEndSession(w http.ResponseWriter, r *http.Request)

func (*DefaultOP) HandleExchange 

func (p *DefaultOP) HandleExchange(w http.ResponseWriter, r *http.Request)

func (*DefaultOP) HandleKeys 

func (p *DefaultOP) HandleKeys(w http.ResponseWriter, r *http.Request)

func (*DefaultOP) HandleReady added in v0.2.1 

func (p *DefaultOP) HandleReady(w http.ResponseWriter, r *http.Request)

func (*DefaultOP) HandleUserinfo 

func (p *DefaultOP) HandleUserinfo(w http.ResponseWriter, r *http.Request)

func (*DefaultOP) HttpHandler 

func (p *DefaultOP) HttpHandler() http.Handler

func (*DefaultOP) IDTokenVerifier added in v0.4.0 

func (p *DefaultOP) IDTokenVerifier() rp.Verifier

func (*DefaultOP) Issuer 

func (p *DefaultOP) Issuer() string

func (*DefaultOP) KeysEndpoint 

func (p *DefaultOP) KeysEndpoint() Endpoint

func (*DefaultOP) Signer 

func (p *DefaultOP) Signer() Signer

func (*DefaultOP) Storage 

func (p *DefaultOP) Storage() Storage

func (*DefaultOP) TokenEndpoint 

func (p *DefaultOP) TokenEndpoint() Endpoint

func (*DefaultOP) UserinfoEndpoint 

func (p *DefaultOP) UserinfoEndpoint() Endpoint

func (*DefaultOP) VerifySignature added in v0.4.0 

func (p *DefaultOP) VerifySignature(ctx context.Context, jws *jose.JSONWebSignature) ([]byte, error)

type DefaultOPOpts 

type DefaultOPOpts func(o *DefaultOP) error

func WithCustomAuthEndpoint 

func WithCustomAuthEndpoint(endpoint Endpoint) DefaultOPOpts

func WithCustomEndSessionEndpoint added in v0.4.1 

func WithCustomEndSessionEndpoint(endpoint Endpoint) DefaultOPOpts

func WithCustomKeysEndpoint added in v0.2.3 

func WithCustomKeysEndpoint(endpoint Endpoint) DefaultOPOpts

func WithCustomTokenEndpoint 

func WithCustomTokenEndpoint(endpoint Endpoint) DefaultOPOpts

func WithCustomUserinfoEndpoint 

func WithCustomUserinfoEndpoint(endpoint Endpoint) DefaultOPOpts

func WithHttpInterceptors added in v0.7.4 

func WithHttpInterceptors(interceptors ...HttpInterceptor) DefaultOPOpts

func WithRetry added in v0.2.1 

func WithRetry(max int, sleep time.Duration) DefaultOPOpts

func WithTimer added in v0.2.2 

func WithTimer(timer <-chan time.Time) DefaultOPOpts

type EndSessionRequest added in v0.4.0 

type EndSessionRequest struct {
	UserID      string
	Client      Client
	RedirectURI string
}

func ValidateEndSessionRequest added in v0.4.0 

func ValidateEndSessionRequest(ctx context.Context, req *oidc.EndSessionRequest, ender SessionEnder) (*EndSessionRequest, error)

type Endpoint 

type Endpoint struct {
	// contains filtered or unexported fields
}

func NewEndpoint added in v0.2.4 

func NewEndpoint(path string) Endpoint

func NewEndpointWithURL added in v0.2.4 

func NewEndpointWithURL(path, url string) Endpoint

func (Endpoint) Absolute 

func (e Endpoint) Absolute(host string) string

func (Endpoint) Relative 

func (e Endpoint) Relative() string

func (Endpoint) Validate 

func (e Endpoint) Validate() error

type ErrAuthRequest 

type ErrAuthRequest interface {
	GetRedirectURI() string
	GetResponseType() oidc.ResponseType
	GetState() string
}

type Exchanger 

type Exchanger interface {
	Issuer() string
	Storage() Storage
	Decoder() utils.Decoder
	Signer() Signer
	Crypto() Crypto
	AuthMethodPostSupported() bool
}

type HttpInterceptor added in v0.2.0 

type HttpInterceptor func(http.Handler) http.Handler

type KeyProvider 

type KeyProvider interface {
	Storage() Storage
}

type OAuthError 

type OAuthError struct {
	ErrorType   errorType `json:"error" schema:"error"`
	Description string    `json:"error_description,omitempty" schema:"error_description,omitempty"`
	State       string    `json:"state,omitempty" schema:"state,omitempty"`
	// contains filtered or unexported fields
}

func (*OAuthError) Error 

func (e *OAuthError) Error() string

type OPStorage 

type OPStorage interface {
	GetClientByClientID(context.Context, string) (Client, error)
	AuthorizeClientIDSecret(context.Context, string, string) error
	GetUserinfoFromScopes(context.Context, string, []string) (*oidc.Userinfo, error)
	GetUserinfoFromToken(context.Context, string, string) (*oidc.Userinfo, error)
}

type OpenIDProvider 

type OpenIDProvider interface {
	Configuration
	HandleReady(w http.ResponseWriter, r *http.Request)
	HandleDiscovery(w http.ResponseWriter, r *http.Request)
	HandleAuthorize(w http.ResponseWriter, r *http.Request)
	HandleAuthorizeCallback(w http.ResponseWriter, r *http.Request)
	HandleExchange(w http.ResponseWriter, r *http.Request)
	HandleUserinfo(w http.ResponseWriter, r *http.Request)
	HandleEndSession(w http.ResponseWriter, r *http.Request)
	HandleKeys(w http.ResponseWriter, r *http.Request)
	HttpHandler() http.Handler
}

func NewDefaultOP 

func NewDefaultOP(ctx context.Context, config *Config, storage Storage, opOpts ...DefaultOPOpts) (OpenIDProvider, error)

type ProbesFn added in v0.2.1 

type ProbesFn func(context.Context) error

func ReadySigner added in v0.2.1 

func ReadySigner(s Signer) ProbesFn

func ReadyStorage added in v0.2.1 

func ReadyStorage(s Storage) ProbesFn

type SessionEnder added in v0.4.0 

type SessionEnder interface {
	Decoder() utils.Decoder
	Storage() Storage
	IDTokenVerifier() rp.Verifier
	DefaultLogoutRedirectURI() string
}

type Signer 

type Signer interface {
	Health(ctx context.Context) error
	SignIDToken(claims *oidc.IDTokenClaims) (string, error)
	SignAccessToken(claims *oidc.AccessTokenClaims) (string, error)
	SignatureAlgorithm() jose.SignatureAlgorithm
}

func NewDefaultSigner 

func NewDefaultSigner(ctx context.Context, storage AuthStorage, keyCh <-chan jose.SigningKey) Signer

type Storage 

type Storage interface {
	AuthStorage
	OPStorage
	Health(context.Context) error
}

type StorageNotFoundError added in v0.2.1 

type StorageNotFoundError interface {
	IsNotFound()
}

type TokenCreator 

type TokenCreator interface {
	Issuer() string
	Signer() Signer
	Storage() Storage
	Crypto() Crypto
}

type UserinfoProvider 

type UserinfoProvider interface {
	Decoder() utils.Decoder
	Crypto() Crypto
	Storage() Storage
}

type ValidationAuthorizer deprecated 

type ValidationAuthorizer AuthorizeValidator

ValidationAuthorizer is an extension of Authorizer interface implementing it's own validation mechanism for the auth request

Deprecated: ValidationAuthorizer exists for historical compatibility. Use ValidationAuthorizer itself

Source Files

View all Source files

Directories

Path Synopsis
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.