Documentation
¶
Overview ¶
Package oauth2 provides OAuth2 authentication provider implementations.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessToken ¶
type AccessToken struct {
Token string `json:"token" db:"token"`
ClientID string `json:"client_id" db:"client_id"`
UserID *uint `json:"user_id,omitempty" db:"user_id"` // null for client credentials
Scopes []string `json:"scopes" db:"scopes"`
ExpiresAt time.Time `json:"expires_at" db:"expires_at"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
LastUsed *time.Time `json:"last_used,omitempty" db:"last_used"`
IsActive bool `json:"is_active" db:"is_active"`
}
AccessToken represents an OAuth2 access token.
type AccessTokenRepository ¶
type AccessTokenRepository interface {
Create(token *AccessToken) error
GetByToken(token string) (*AccessToken, error)
Update(token *AccessToken) error
Revoke(token string) error
CleanupExpired() error
}
type AuthorizationCode ¶
type AuthorizationCode struct {
Code string `json:"code" db:"code"`
ClientID string `json:"client_id" db:"client_id"`
UserID uint `json:"user_id" db:"user_id"`
RedirectURI string `json:"redirect_uri" db:"redirect_uri"`
Scopes []string `json:"scopes" db:"scopes"`
CodeChallenge string `json:"code_challenge,omitempty" db:"code_challenge"` // PKCE
CodeChallengeMethod string `json:"code_challenge_method,omitempty" db:"code_challenge_method"`
ExpiresAt time.Time `json:"expires_at" db:"expires_at"`
Used bool `json:"used" db:"used"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
}
AuthorizationCode represents an OAuth2 authorization code.
type AuthorizationCodeRepository ¶
type AuthorizationCodeRepository interface {
Create(code *AuthorizationCode) error
GetByCode(code string) (*AuthorizationCode, error)
MarkUsed(code string) error
CleanupExpired() error
}
type Client ¶
type Client struct {
ID string `json:"id" db:"id"`
Secret string `json:"secret,omitempty" db:"secret"`
Name string `json:"name" db:"name"`
Description string `json:"description" db:"description"`
RedirectURIs []string `json:"redirect_uris" db:"redirect_uris"`
Scopes []string `json:"scopes" db:"scopes"`
GrantTypes []GrantType `json:"grant_types" db:"grant_types"`
IsActive bool `json:"is_active" db:"is_active"`
IsConfidential bool `json:"is_confidential" db:"is_confidential"` // true for server apps, false for SPAs/mobile
// Metadata
CreatedBy uint `json:"created_by" db:"created_by"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
LastUsed *time.Time `json:"last_used,omitempty" db:"last_used"`
}
Client represents an OAuth2 client application.
type ClientRepository ¶
type ClientRepository interface {
Create(client *Client) error
GetByID(id string) (*Client, error)
GetByCredentials(id, secret string) (*Client, error)
List() ([]*Client, error)
Update(client *Client) error
Delete(id string) error
}
Repository interfaces.
type ErrorResponse ¶
type ErrorResponse struct {
Error string `json:"error"`
ErrorDescription string `json:"error_description,omitempty"`
ErrorURI string `json:"error_uri,omitempty"`
State string `json:"state,omitempty"`
}
ErrorResponse represents an OAuth2 error response.
type Provider ¶
type Provider struct {
// contains filtered or unexported fields
}
Provider implements OAuth2 authorization server.
func NewProvider ¶
func NewProvider( clientRepo ClientRepository, codeRepo AuthorizationCodeRepository, accessTokenRepo AccessTokenRepository, refreshTokenRepo RefreshTokenRepository, issuer string, ) *Provider
NewProvider creates a new OAuth2 provider.
func (*Provider) SetupOAuth2Routes ¶
SetupOAuth2Routes sets up OAuth2 endpoints.
type RefreshToken ¶
type RefreshToken struct {
Token string `json:"token" db:"token"`
AccessTokenID string `json:"access_token_id" db:"access_token_id"`
ClientID string `json:"client_id" db:"client_id"`
UserID uint `json:"user_id" db:"user_id"`
Scopes []string `json:"scopes" db:"scopes"`
ExpiresAt time.Time `json:"expires_at" db:"expires_at"`
CreatedAt time.Time `json:"created_at" db:"created_at"`
Used bool `json:"used" db:"used"`
}
RefreshToken represents an OAuth2 refresh token.
type RefreshTokenRepository ¶
type RefreshTokenRepository interface {
Create(token *RefreshToken) error
GetByToken(token string) (*RefreshToken, error)
MarkUsed(token string) error
CleanupExpired() error
}
type ResponseType ¶
type ResponseType string
ResponseType represents OAuth2 response types.
const ( ResponseTypeCode ResponseType = "code" ResponseTypeToken ResponseType = "token" )
type Scope ¶
type Scope string
Scope represents OAuth2 scopes.
const ( ScopeRead Scope = "read" ScopeWrite Scope = "write" ScopeAdmin Scope = "admin" ScopeTickets Scope = "tickets" ScopeQueues Scope = "queues" ScopeUsers Scope = "users" ScopeReports Scope = "reports" ScopeWebhooks Scope = "webhooks" ScopeProfile Scope = "profile" ScopeEmail Scope = "email" ScopeOfflineAccess Scope = "offline_access" // for refresh tokens )
type TokenResponse ¶
type TokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int `json:"expires_in"`
RefreshToken string `json:"refresh_token,omitempty"`
Scope string `json:"scope,omitempty"`
}
TokenResponse represents an OAuth2 token response.
Source Files
Click to show internal directories.
Click to hide internal directories.