oauth2

package
v1.4.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 17, 2022 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ErrAuthorizationPending = "authorization_pending"
	ErrSlowDown             = "slow_down"
)
View Source 
const (
	AuthorizationCodeGrantType string = "authorization_code"
	ClientCredentialsGrantType string = "client_credentials"
	ImplicitGrantType          string = "implicit"
	PasswordGrantType          string = "password"
	RefreshTokenGrantType      string = "refresh_token"
	JWTBearerGrantType         string = "urn:ietf:params:oauth:grant-type:jwt-bearer"
	TokenExchangeGrantType     string = "urn:ietf:params:oauth:grant-type:token-exchange"
	DeviceGrantType            string = "urn:ietf:params:oauth:grant-type:device_code"
)

grant types

View Source 
const (
	ClientSecretBasicAuthMethod string = "client_secret_basic"
	ClientSecretPostAuthMethod  string = "client_secret_post"
	ClientSecretJwtAuthMethod   string = "client_secret_jwt"
	PrivateKeyJwtAuthMethod     string = "private_key_jwt"
	SelfSignedTLSAuthMethod     string = "self_signed_tls_client_auth"
	TLSClientAuthMethod         string = "tls_client_auth"
	NoneAuthMethod              string = "none"
)

auth methods

View Source 
const CodeVerifierLength = 43
View Source 
const (
	JwtBearerClientAssertion string = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
)

client assertion types

View Source 
const OpenIDConfigurationPath = "/.well-known/openid-configuration"

Variables

View Source 
var CodeChallengeEncoder = base64.RawURLEncoding

Functions

func FetchOpenIDConfiguration 

func FetchOpenIDConfiguration(ctx context.Context, issuerURL string, hc *http.Client) (request Request, c ServerConfig, err error)

func NewAuthorizationRequest added in v1.4.0 

func NewAuthorizationRequest(addr string, cconfig ClientConfig) (values url.Values, codeVerifier string, err error)

func ParseError 

func ParseError(resp *http.Response) error

func RandomString 

func RandomString(n int) string

func ReadKey 

func ReadKey(use KeyUse, location string, hc *http.Client) (jose.JSONWebKey, error)

func ReadKeyPair added in v1.1.0 

func ReadKeyPair(cert string, key string, hc *http.Client) (keyPair tls.Certificate, err error)

func ReadRootCA added in v1.1.0 

func ReadRootCA(location string, hc *http.Client) (pool *x509.CertPool, err error)

func ReadURL added in v1.1.0 

func ReadURL(location string, hc *http.Client) (data []byte, err error)

func RequestDeviceAuthorization added in v1.4.0 

func RequestDeviceAuthorization(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (request Request, response DeviceAuthorizationResponse, err error)

func RequestPAR added in v1.4.0 

func RequestPAR(
	ctx context.Context,
	addr string,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
) (parRequest Request, parResponse PARResponse, authorizeRequest Request, codeVerifier string, err error)

func RequestToken 

func RequestToken(
	ctx context.Context,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
	opts ...RequestTokenOption,
) (request Request, response TokenResponse, err error)

func SignJWT 

func SignJWT(claimsProvider ClaimsProvider, signerProvider SignerProvider) (jwt string, key interface{}, err error)

func UnsafeParseJWT added in v1.4.0 

func UnsafeParseJWT(token string) (*jwt.JSONWebToken, map[string]interface{}, error)

func WithAuthorizationCode 

func WithAuthorizationCode(code string) func(*RequestTokenParams)

func WithCodeVerifier 

func WithCodeVerifier(codeVerifier string) func(*RequestTokenParams)

func WithDeviceCode added in v1.4.0 

func WithDeviceCode(deviceCode string) func(*RequestTokenParams)

func WithRedirectURL 

func WithRedirectURL(url string) func(*RequestTokenParams)

Types

type ClaimsProvider added in v1.1.0 

type ClaimsProvider func() (map[string]interface{}, error)

func AssertionClaims added in v1.1.0 

func AssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider

func ClientAssertionClaims added in v1.1.0 

func ClientAssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider

type ClientConfig 

type ClientConfig struct {
	IssuerURL        string
	GrantType        string
	ClientID         string
	ClientSecret     string
	Scopes           []string
	AuthMethod       string
	PKCE             bool
	PAR              bool
	Insecure         bool
	ResponseType     []string
	ResponseMode     string
	Username         string
	Password         string
	RefreshToken     string
	Assertion        string
	SigningKey       string
	EncryptionKey    string
	SubjectToken     string
	SubjectTokenType string
	ActorToken       string
	ActorTokenType   string
	TLSCert          string
	TLSKey           string
	TLSRootCA        string
}

type DeviceAuthorizationResponse added in v1.4.0 

type DeviceAuthorizationResponse struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete"`
	ExpiresIn               int64  `json:"expires_in"`
	Interval                int64  `json:"interval"`
}

type Error 

type Error struct {
	StatusCode int    `json:"-"`
	TraceID    string `json:"-"`

	ErrorCode   string `json:"error,omitempty"`
	Description string `json:"error_description,omitempty"`
	Hint        string `json:"error_hint,omitempty"`
	Cause       string `json:"cause,omitempty"`
}

func (*Error) Error 

func (e *Error) Error() string

type KeyUse added in v1.4.0 

type KeyUse string
const (
	SigningKey    KeyUse = "sig"
	EncryptionKey KeyUse = "enc"
)

type PARResponse added in v1.4.0 

type PARResponse struct {
	RequestURI string `json:"request_uri"`
	ExpiresIn  int64  `json:"expires_in"`
}

type Request 

type Request struct {
	Method  string
	URL     *url.URL
	Headers map[string][]string
	Form    url.Values
	JARM    map[string]interface{}
	Key     interface{}
	Cert    *x509.Certificate
}

func RequestAuthorization 

func RequestAuthorization(addr string, cconfig ClientConfig, sconfig ServerConfig) (r Request, codeVerifier string, err error)

func WaitForCallback 

func WaitForCallback(clientConfig ClientConfig, serverConfig ServerConfig, addr string, hc *http.Client) (request Request, err error)

func (*Request) AuthenticateClient added in v1.4.0 

func (r *Request) AuthenticateClient(
	endpoint string,
	mtlsEndpoint string,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
) (string, error)

func (*Request) Get 

func (r *Request) Get(key string) string

func (*Request) ParseJARM added in v1.4.0 

func (r *Request) ParseJARM(signingKey interface{}, encryptionKey interface{}) error

type RequestTokenOption 

type RequestTokenOption func(*RequestTokenParams)

type RequestTokenParams 

type RequestTokenParams struct {
	Code         string
	DeviceCode   string
	CodeVerifier string
	RedirectURL  string
}

type ServerConfig 

type ServerConfig struct {
	Issuer                             string   `json:"issuer"`
	JWKsURI                            string   `json:"jwks_uri"`
	SupportedGrantTypes                []string `json:"grant_types_supported"`
	SupportedResponseTypes             []string `json:"response_types_supported"`
	SupportedTokenEndpointAuthMethods  []string `json:"token_endpoint_auth_methods_supported"`
	SupportedScopes                    []string `json:"scopes_supported"`
	SupportedResponseModes             []string `json:"response_modes_supported"`
	AuthorizationEndpoint              string   `json:"authorization_endpoint"`
	DeviceAuthorizationEndpoint        string   `json:"device_authorization_endpoint"`
	PushedAuthorizationRequestEndpoint string   `json:"pushed_authorization_request_endpoint"`
	TokenEndpoint                      string   `json:"token_endpoint"`
	MTLsEndpointAliases                struct {
		TokenEndpoint                      string `json:"token_endpoint"`
		PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
	} `json:"mtls_endpoint_aliases"`
}

type SignerProvider added in v1.1.0 

type SignerProvider func() (jose.Signer, interface{}, error)

func JWKSigner added in v1.1.0 

func JWKSigner(clientConfig ClientConfig, hc *http.Client) SignerProvider

func SecretSigner added in v1.1.0 

func SecretSigner(secret []byte) SignerProvider

type TokenResponse 

type TokenResponse struct {
	AccessToken     string `json:"access_token,omitempty"`
	ExpiresIn       int64  `json:"expires_in,omitempty"`
	IDToken         string `json:"id_token,omitempty"`
	IssuedTokenType string `json:"issued_token_type,omitempty"`
	RefreshToken    string `json:"refresh_token,omitempty"`
	Scope           string `json:"scope,omitempty"`
	TokenType       string `json:"token_type,omitempty"`
}

func NewTokenResponseFromForm 

func NewTokenResponseFromForm(f url.Values) TokenResponse

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.