client

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 2, 2026 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateClientWithID 

func CreateClientWithID(clientID string, request ClientCreateRequest) error

CreateClientWithID creates a new OAuth2 client with a specific client_id. Used for well-known clients like the admin UI.

func DeleteClient 

func DeleteClient(clientID string) error

DeleteClient performs a soft delete by setting is_active to false

func FilterScopes added in v1.2.0 

func FilterScopes(c *Client, requested string) string

FilterScopes returns the intersection of the requested scopes and the client's allowed scopes, preserving the original request order. If the client is nil or has no scopes configured, the requested scopes are returned unchanged.

func GenerateClientID 

func GenerateClientID() (string, error)

GenerateClientID generates a unique client identifier

func GenerateClientSecret 

func GenerateClientSecret() (string, error)

GenerateClientSecret generates a secure client secret

func HandleClientEndpoint 

func HandleClientEndpoint(w http.ResponseWriter, r *http.Request)

HandleClientEndpoint is a combined handler for /oauth2/register endpoints Routes requests based on method and path

func HandleDeleteClient 

func HandleDeleteClient(w http.ResponseWriter, r *http.Request)

HandleDeleteClient handles DELETE /oauth2/register/{client_id} - deactivates a client @Summary Deactivate a client @Description Deactivates (soft deletes) a registered client (admin only) @Tags client @Accept json @Produce json @Param client_id path string true "Client ID" @Success 204 "No Content" @Failure 404 {object} model.AuthErrorResponse @Router /oauth2/register/{client_id} [delete] @Router /admin/api/clients/{client_id} [delete]

func HandleGetClient 

func HandleGetClient(w http.ResponseWriter, r *http.Request)

HandleGetClient handles GET /oauth2/register/{client_id} - gets client info @Summary Get client information @Description Retrieves information about a registered client (admin only) @Tags client @Accept json @Produce json @Param client_id path string true "Client ID" @Success 200 {object} ClientInfoResponse @Failure 404 {object} model.AuthErrorResponse @Router /oauth2/register/{client_id} [get] @Router /admin/api/clients/{client_id} [get]

func HandleListClients 

func HandleListClients(w http.ResponseWriter, r *http.Request)

HandleListClients handles GET /oauth2/register - lists all clients @Summary List all clients @Description Lists all registered clients (admin only) @Tags client @Accept json @Produce json @Success 200 {array} ClientInfoResponse @Failure 500 {object} model.AuthErrorResponse @Router /oauth2/register [get] @Router /admin/api/clients [get]

func HandleRegister 

func HandleRegister(w http.ResponseWriter, r *http.Request)

HandleRegister handles POST /oauth2/register - creates a new client @Summary Register a new OAuth2 client @Description Registers a new OAuth2/OIDC client (admin only) @Tags client @Accept json @Produce json @Param request body ClientCreateRequest true "Client registration request" @Success 201 {object} ClientResponse @Failure 400 {object} model.AuthErrorResponse @Failure 401 {object} model.AuthErrorResponse @Failure 500 {object} model.AuthErrorResponse @Router /oauth2/register [post] @Router /admin/api/clients [post]

func HandleUpdateClient 

func HandleUpdateClient(w http.ResponseWriter, r *http.Request)

HandleUpdateClient handles PUT /oauth2/register/{client_id} - updates a client @Summary Update client information @Description Updates a registered client (admin only) @Tags client @Accept json @Produce json @Param client_id path string true "Client ID" @Param request body ClientUpdateRequest true "Client update request" @Success 200 {object} ClientInfoResponse @Failure 400 {object} model.AuthErrorResponse @Failure 404 {object} model.AuthErrorResponse @Router /oauth2/register/{client_id} [put] @Router /admin/api/clients/{client_id} [put]

func IsGrantTypeAllowed 

func IsGrantTypeAllowed(client *Client, grantType string) bool

IsGrantTypeAllowed checks if the given grant type is allowed for the client

func IsResponseTypeAllowed 

func IsResponseTypeAllowed(client *Client, responseType string) bool

IsResponseTypeAllowed checks if the given response type is allowed for the client

func IsValidRedirectURI 

func IsValidRedirectURI(client *Client, redirectURI string) bool

IsValidRedirectURI checks if the given redirect URI is allowed for the client

func ValidateClientCreateRequest 

func ValidateClientCreateRequest(input ClientCreateRequest) error

ValidateClientCreateRequest validates a client registration request

func ValidateClientUpdateRequest 

func ValidateClientUpdateRequest(input ClientUpdateRequest) error

ValidateClientUpdateRequest validates a client update request

func ValidateRedirectURIs 

func ValidateRedirectURIs(uris []string) error

ValidateRedirectURIs validates that all redirect URIs are valid URLs

func ValidateScopes added in v1.2.0 

func ValidateScopes(c *Client, requested string) bool

ValidateScopes returns true if every requested scope is within the client's allowed scopes. Returns true unconditionally when the client is nil, has no scopes configured, or the requested scope string is empty.

Types

type Client 

type Client struct {
	ID                      string    `db:"id"`
	ClientID                string    `db:"client_id"`
	ClientSecret            string    `db:"client_secret"`
	ClientName              string    `db:"client_name"`
	ClientType              string    `db:"client_type"`
	RedirectURIs            string    `db:"redirect_uris"`
	GrantTypes              string    `db:"grant_types"`
	ResponseTypes           string    `db:"response_types"`
	Scopes                  string    `db:"scopes"`
	TokenEndpointAuthMethod string    `db:"token_endpoint_auth_method"`
	IsActive                bool      `db:"is_active"`
	CreatedAt               time.Time `db:"created_at"`
	UpdatedAt               time.Time `db:"updated_at"`
	// Per-client overrides — nil means "use global setting"
	AccessTokenExpiration       *string `db:"access_token_expiration"`
	RefreshTokenExpiration      *string `db:"refresh_token_expiration"`
	AuthorizationCodeExpiration *string `db:"authorization_code_expiration"`
	AllowedAudiences            *string `db:"allowed_audiences"` // JSON array
	AllowSelfSignup             *bool   `db:"allow_self_signup"`
	SsoSessionIdleTimeout       *string `db:"sso_session_idle_timeout"`
	TrustDeviceEnabled          *bool   `db:"trust_device_enabled"`
	TrustDeviceExpiration       *string `db:"trust_device_expiration"`
}

Client represents an OAuth2/OIDC client in the database

func AuthenticateClient 

func AuthenticateClient(clientID, clientSecret string) (*Client, error)

AuthenticateClient verifies the client credentials Returns the client if authentication succeeds, error otherwise

func AuthenticateClientFromRequest 

func AuthenticateClientFromRequest(r *http.Request) (*Client, error)

AuthenticateClientFromRequest extracts client credentials from the HTTP request and authenticates the client. Supports both Basic Auth and form parameters. Returns nil, nil if no client credentials are provided (backward compatibility)

func ClientByClientID 

func ClientByClientID(clientID string) (*Client, error)

ClientByClientID retrieves a client by its public client_id

func ClientByID 

func ClientByID(id string) (*Client, error)

ClientByID retrieves a client by its internal ID

func ClientByName 

func ClientByName(name string) (*Client, error)

ClientByName retrieves an active client by its client_name

func ListClients 

func ListClients() ([]*Client, error)

ListClients retrieves all active clients

func (*Client) GetGrantTypes 

func (c *Client) GetGrantTypes() []string

GetGrantTypes parses and returns the grant types as a slice

func (*Client) GetRedirectURIs 

func (c *Client) GetRedirectURIs() []string

GetRedirectURIs parses and returns the redirect URIs as a slice

func (*Client) GetResponseTypes 

func (c *Client) GetResponseTypes() []string

GetResponseTypes parses and returns the response types as a slice

func (*Client) ToInfoResponse 

func (c *Client) ToInfoResponse() *ClientInfoResponse

ToInfoResponse converts a Client to a ClientInfoResponse

func (*Client) ToOverrides 

func (c *Client) ToOverrides() config.ClientOverrides

ToOverrides converts the nullable client override fields into a config.ClientOverrides struct, which can be passed to config.GetForClient() to resolve per-client settings.

type ClientCreateRequest 

type ClientCreateRequest struct {
	ClientID                string   `json:"client_id,omitempty"`
	ClientName              string   `json:"client_name"`
	RedirectURIs            []string `json:"redirect_uris"`
	GrantTypes              []string `json:"grant_types,omitempty"`
	ResponseTypes           []string `json:"response_types,omitempty"`
	ClientType              string   `json:"client_type,omitempty"`
	Scopes                  string   `json:"scopes,omitempty"`
	TokenEndpointAuthMethod string   `json:"token_endpoint_auth_method,omitempty"`
	// Per-client overrides
	AccessTokenExpiration       *string  `json:"access_token_expiration,omitempty"`
	RefreshTokenExpiration      *string  `json:"refresh_token_expiration,omitempty"`
	AuthorizationCodeExpiration *string  `json:"authorization_code_expiration,omitempty"`
	AllowedAudiences            []string `json:"allowed_audiences,omitempty"`
	AllowSelfSignup             *bool    `json:"allow_self_signup,omitempty"`
	SsoSessionIdleTimeout       *string  `json:"sso_session_idle_timeout,omitempty"`
	TrustDeviceEnabled          *bool    `json:"trust_device_enabled,omitempty"`
	TrustDeviceExpiration       *string  `json:"trust_device_expiration,omitempty"`
}

ClientCreateRequest represents the request body for client registration

type ClientInfoResponse 

type ClientInfoResponse struct {
	ClientID                string   `json:"client_id"`
	ClientName              string   `json:"client_name"`
	ClientType              string   `json:"client_type"`
	RedirectURIs            []string `json:"redirect_uris"`
	GrantTypes              []string `json:"grant_types"`
	ResponseTypes           []string `json:"response_types"`
	Scopes                  string   `json:"scopes"`
	TokenEndpointAuthMethod string   `json:"token_endpoint_auth_method"`
	IsActive                bool     `json:"is_active"`
	// Per-client overrides
	AccessTokenExpiration       *string  `json:"access_token_expiration,omitempty"`
	RefreshTokenExpiration      *string  `json:"refresh_token_expiration,omitempty"`
	AuthorizationCodeExpiration *string  `json:"authorization_code_expiration,omitempty"`
	AllowedAudiences            []string `json:"allowed_audiences,omitempty"`
	AllowSelfSignup             *bool    `json:"allow_self_signup,omitempty"`
	SsoSessionIdleTimeout       *string  `json:"sso_session_idle_timeout,omitempty"`
	TrustDeviceEnabled          *bool    `json:"trust_device_enabled,omitempty"`
	TrustDeviceExpiration       *string  `json:"trust_device_expiration,omitempty"`
}

ClientInfoResponse represents the response for getting client info (without secret)

func UpdateClient 

func UpdateClient(clientID string, request ClientUpdateRequest) (*ClientInfoResponse, error)

UpdateClient updates an existing OAuth2 client

type ClientResponse 

type ClientResponse struct {
	ClientID                string   `json:"client_id"`
	ClientSecret            string   `json:"client_secret,omitempty"`
	ClientSecretExpiresAt   int      `json:"client_secret_expires_at"`
	ClientName              string   `json:"client_name"`
	ClientType              string   `json:"client_type"`
	RedirectURIs            []string `json:"redirect_uris"`
	GrantTypes              []string `json:"grant_types"`
	ResponseTypes           []string `json:"response_types"`
	Scopes                  string   `json:"scopes"`
	TokenEndpointAuthMethod string   `json:"token_endpoint_auth_method"`
}

ClientResponse represents the response for client operations

func CreateClient 

func CreateClient(request ClientCreateRequest) (*ClientResponse, error)

CreateClient creates a new OAuth2 client in the database Returns the client response with the plain text secret (shown only once)

type ClientUpdateRequest 

type ClientUpdateRequest struct {
	ClientName              string   `json:"client_name,omitempty"`
	RedirectURIs            []string `json:"redirect_uris,omitempty"`
	GrantTypes              []string `json:"grant_types,omitempty"`
	ResponseTypes           []string `json:"response_types,omitempty"`
	Scopes                  string   `json:"scopes,omitempty"`
	TokenEndpointAuthMethod string   `json:"token_endpoint_auth_method,omitempty"`
	IsActive                *bool    `json:"is_active,omitempty"`
	// Per-client overrides
	AccessTokenExpiration       *string  `json:"access_token_expiration,omitempty"`
	RefreshTokenExpiration      *string  `json:"refresh_token_expiration,omitempty"`
	AuthorizationCodeExpiration *string  `json:"authorization_code_expiration,omitempty"`
	AllowedAudiences            []string `json:"allowed_audiences,omitempty"`
	AllowSelfSignup             *bool    `json:"allow_self_signup,omitempty"`
	SsoSessionIdleTimeout       *string  `json:"sso_session_idle_timeout,omitempty"`
	TrustDeviceEnabled          *bool    `json:"trust_device_enabled,omitempty"`
	TrustDeviceExpiration       *string  `json:"trust_device_expiration,omitempty"`
}

ClientUpdateRequest represents the request body for updating a client

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.