oauth

package

v0.1.0 Latest Latest Go to latest Published: Feb 28, 2026 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/grokify/coreforge

Links

Open Source Insights

Documentation ¶

Index ¶

func AccessRequestFromContext(ctx context.Context) fosite.AccessRequester
func HasScope(ctx context.Context, scope string) bool
func ScopesFromContext(ctx context.Context) []string
func UserIDFromContext(ctx context.Context) string
func WithAccessRequest(ctx context.Context, ar fosite.AccessRequester) context.Context
type Client
type Config
- func DefaultConfig(issuer string, hashSecret []byte) *Config
type Handler
- func NewHandler(provider *Provider) *Handler
type Provider
- func NewProvider(db *ent.Client, cfg *Config) (*Provider, error)
type Storage
- func NewStorage(db *ent.Client) *Storage

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AccessRequestFromContext ¶

func AccessRequestFromContext(ctx context.Context) fosite.AccessRequester

AccessRequestFromContext extracts the access request from context.

func HasScope ¶

func HasScope(ctx context.Context, scope string) bool

HasScope checks if the access request in context has a specific scope.

func ScopesFromContext ¶

func ScopesFromContext(ctx context.Context) []string

ScopesFromContext extracts the granted scopes from the access request in context.

func UserIDFromContext ¶

func UserIDFromContext(ctx context.Context) string

UserIDFromContext extracts the user ID (subject) from the access request in context.

func WithAccessRequest ¶

func WithAccessRequest(ctx context.Context, ar fosite.AccessRequester) context.Context

WithAccessRequest adds the access request to the context.

Types ¶

type Client ¶

type Client struct {
	// contains filtered or unexported fields
}

Client implements fosite.Client backed by Ent OAuthApp.

func (*Client) GetAudience ¶

func (c *Client) GetAudience() fosite.Arguments

GetAudience returns the audience for this client.

func (*Client) GetGrantTypes ¶

func (c *Client) GetGrantTypes() fosite.Arguments

GetGrantTypes returns the allowed grant types.

func (*Client) GetHashedSecret ¶

func (c *Client) GetHashedSecret() []byte

GetHashedSecret returns nothing - we use custom validation.

func (*Client) GetID ¶

func (c *Client) GetID() string

GetID returns the client ID.

func (*Client) GetRedirectURIs ¶

func (c *Client) GetRedirectURIs() []string

GetRedirectURIs returns the registered redirect URIs.

func (*Client) GetResponseTypes ¶

func (c *Client) GetResponseTypes() fosite.Arguments

GetResponseTypes returns the allowed response types.

func (*Client) GetScopes ¶

func (c *Client) GetScopes() fosite.Arguments

GetScopes returns the allowed scopes.

func (*Client) IsPublic ¶

func (c *Client) IsPublic() bool

IsPublic returns true if this is a public client (SPA, native app).

func (*Client) ValidateSecret ¶

func (c *Client) ValidateSecret(ctx context.Context, secret string) error

ValidateSecret validates a client secret using Argon2id.

type Config ¶

type Config struct {
	// Issuer is the OAuth/OIDC issuer URL
	Issuer string

	// AccessTokenLifespan is the duration access tokens are valid
	AccessTokenLifespan time.Duration

	// RefreshTokenLifespan is the duration refresh tokens are valid
	RefreshTokenLifespan time.Duration

	// AuthCodeLifespan is the duration authorization codes are valid
	AuthCodeLifespan time.Duration

	// PrivateKey is the RSA private key for signing tokens
	// If nil, a key will be generated
	PrivateKey *rsa.PrivateKey

	// HashSecret is the secret used for HMAC operations
	HashSecret []byte
}

Config holds OAuth 2.0 server configuration.

func DefaultConfig ¶

func DefaultConfig(issuer string, hashSecret []byte) *Config

DefaultConfig returns a default OAuth configuration.

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

Handler provides HTTP handlers for OAuth 2.0 endpoints.

func NewHandler ¶

func NewHandler(provider *Provider) *Handler

NewHandler creates a new OAuth HTTP handler.

func (*Handler) AuthorizeEndpoint ¶

func (h *Handler) AuthorizeEndpoint(w http.ResponseWriter, r *http.Request)

AuthorizeEndpoint handles GET/POST /oauth/authorize. This is where the authorization flow begins.

func (*Handler) IntrospectionEndpoint ¶

func (h *Handler) IntrospectionEndpoint(w http.ResponseWriter, r *http.Request)

IntrospectionEndpoint handles POST /oauth/introspect. This allows resource servers to validate tokens.

func (*Handler) JWKSEndpoint ¶

func (h *Handler) JWKSEndpoint(w http.ResponseWriter, r *http.Request)

JWKSEndpoint handles GET /.well-known/jwks.json. This returns the public keys for token verification.

func (*Handler) Middleware ¶

func (h *Handler) Middleware(next http.Handler) http.Handler

Middleware provides OAuth token validation middleware.

func (*Handler) RevocationEndpoint ¶

func (h *Handler) RevocationEndpoint(w http.ResponseWriter, r *http.Request)

RevocationEndpoint handles POST /oauth/revoke. This allows clients to revoke tokens.

func (*Handler) TokenEndpoint ¶

func (h *Handler) TokenEndpoint(w http.ResponseWriter, r *http.Request)

TokenEndpoint handles POST /oauth/token. This handles all token grant types.

func (*Handler) WellKnownEndpoint ¶

func (h *Handler) WellKnownEndpoint(w http.ResponseWriter, r *http.Request)

WellKnownEndpoint handles GET /.well-known/openid-configuration. This returns the OIDC discovery document.

type Provider ¶

type Provider struct {
	// contains filtered or unexported fields
}

Provider wraps Fosite and provides OAuth 2.0/OIDC functionality.

func NewProvider ¶

func NewProvider(db *ent.Client, cfg *Config) (*Provider, error)

NewProvider creates a new OAuth provider.

func (*Provider) OAuth2Provider ¶

func (p *Provider) OAuth2Provider() fosite.OAuth2Provider

OAuth2Provider returns the underlying Fosite provider.

func (*Provider) Session ¶

func (p *Provider) Session(subject string) *openid.DefaultSession

Session creates a new OAuth session.

func (*Provider) Storage ¶

func (p *Provider) Storage() *Storage

Storage returns the storage adapter.

type Storage ¶

type Storage struct {
	// contains filtered or unexported fields
}

Storage implements fosite.Storage interfaces using Ent.

func NewStorage ¶

func NewStorage(db *ent.Client) *Storage

NewStorage creates a new Fosite storage backed by Ent.

func (*Storage) CreateAccessTokenSession ¶

func (s *Storage) CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) error

CreateAccessTokenSession stores an access token session.

func (*Storage) CreateAuthorizeCodeSession ¶

func (s *Storage) CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) error

CreateAuthorizeCodeSession stores an authorization code session.

func (*Storage) CreatePKCERequestSession ¶

func (s *Storage) CreatePKCERequestSession(ctx context.Context, signature string, request fosite.Requester) error

CreatePKCERequestSession creates a PKCE session (same as auth code).

func (*Storage) CreateRefreshTokenSession ¶

func (s *Storage) CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) error

CreateRefreshTokenSession stores a refresh token session.

func (*Storage) DeleteAccessTokenSession ¶

func (s *Storage) DeleteAccessTokenSession(ctx context.Context, signature string) error

DeleteAccessTokenSession removes an access token session.

func (*Storage) DeletePKCERequestSession ¶

func (s *Storage) DeletePKCERequestSession(ctx context.Context, signature string) error

DeletePKCERequestSession deletes a PKCE session.

func (*Storage) DeleteRefreshTokenSession ¶

func (s *Storage) DeleteRefreshTokenSession(ctx context.Context, signature string) error

DeleteRefreshTokenSession removes a refresh token session.

func (*Storage) GetAccessTokenSession ¶

func (s *Storage) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)

GetAccessTokenSession retrieves an access token session.

func (*Storage) GetAuthorizeCodeSession ¶

func (s *Storage) GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (fosite.Requester, error)

GetAuthorizeCodeSession retrieves an authorization code session.

func (*Storage) GetClient ¶

func (s *Storage) GetClient(ctx context.Context, clientID string) (fosite.Client, error)

GetClient loads an OAuth client by its client_id.

func (*Storage) GetPKCERequestSession ¶

func (s *Storage) GetPKCERequestSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)

GetPKCERequestSession gets the PKCE session for a code.

func (*Storage) GetRefreshTokenSession ¶

func (s *Storage) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (fosite.Requester, error)

GetRefreshTokenSession retrieves a refresh token session.

func (*Storage) InvalidateAuthorizeCodeSession ¶

func (s *Storage) InvalidateAuthorizeCodeSession(ctx context.Context, code string) error

InvalidateAuthorizeCodeSession marks an authorization code as used.

func (*Storage) RevokeAccessToken ¶

func (s *Storage) RevokeAccessToken(ctx context.Context, requestID string) error

RevokeAccessToken revokes an access token.

func (*Storage) RevokeRefreshToken ¶

func (s *Storage) RevokeRefreshToken(ctx context.Context, requestID string) error

RevokeRefreshToken revokes a refresh token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL