README
¶
Token Flows
App API Key & Customer Token Flow
Organizations support the concept of an app, a container for a set of predefined API Keys for use with organization websites, servers, and other applications. The reason that Apps exist is that each App can be managed and tracked individually. Resetting an App can expire all keys just for that App.
API Keys are used for accessing all data within an particular Organization and for logging in Customers for that organization. Only a subset of endpoints are available to API Keys and Permissions are respected by each endpoint. Logging a customer in involves issuing an Customer Token based on the Customer's login and is exclusively used for accessing a Customer's. Customer tokens do not work on endpoints that API Keys work and vice versa.
Customer Tokens are good for 1 hour. API Keys have no limit.
Organization Reference Token & Access Token Flow
Organizations maintain Reference tokens with the scopes, teams, and permissions for each user with access to the Organization. Reference Tokens are used to generate both the OAuth Access and Refresh Tokens.
Access and Refresh Tokens are generated either by a User supplying their Login and Organizational credentials. Access Tokens can also be generated by supplying a previously generated Refresh Token.
Access Tokens are good for 1 hour. Refresh Tokens are good forever.
Documentation
¶
Index ¶
- Constants
- Variables
- func IsAccess(claims Claims) bool
- func IsApi(claims Claims) bool
- func IsCustomer(claims Claims) bool
- func IsReference(claims Claims) bool
- func IsRefresh(claims Claims) bool
- func Query(db *datastore.Datastore) datastore.Query
- type AccessClaims
- type Claims
- type Token
- func (t *Token) Decode(str string, secret []byte) error
- func (t *Token) Defaults()
- func (t *Token) Encode(secret []byte) (string, error)
- func (t *Token) IsValid(nowUnix int64) error
- func (t *Token) IssueAccessToken(usrId string, secret []byte) (string, error)
- func (t *Token) IssueRefreshToken(usrId string, secret []byte) (string, error)
- func (t *Token) Load(properties []datastore.Property) error
- func (t *Token) Revoke()
- func (t *Token) Save() ([]datastore.Property, error)
- type Type
Constants ¶
const ( // Internal Claims used to store Access Token claims Reference Type = "reference" // Special Username/Password OAuth grant key Api = "api" // Claims generated by Reference Claims Access = "access" // Customer is a Special Access Token generated from API Claim Customer = "customer" // Token issued using the Reference Claims, used only to request new Acess Claims Refresh = "refresh" )
const (
Algorithm = "HS256"
)
Variables ¶
var ( InvalidTokenType = errors.New("Invalid token type") TokenOwnershipInvalid = errors.New("Token does not belong to this user") TokenRevoked = errors.New("Token is revoked") TokenIsExpired = jwt.TokenIsExpired TokenIsNotValidYet = jwt.TokenIsNotValidYet )
Functions ¶
func IsCustomer ¶
Types ¶
type AccessClaims ¶
type Claims ¶
type Claims struct {
jwt.Claims
AccessClaims
AppId string `json:"app,omitempty"`
UserId string `json:"usr,omitempty"`
OrganizationName string `json:"org,omitempty"`
Type Type `json:"typ,omitempty"`
Scopes []string `json:"scopes,omitempty"`
Test bool `json:"tst,omitempty"`
Permissions bit.Field `json:"bit,omitempty"`
}
Used for Refresh and Site Tokens
type Token ¶
type Token struct {
mixin.Model[Token]
Claims Claims `json:"claims"`
Name string `json:"name"`
// In Hours
AccessPeriod int64 `json:"accessPeriod"`
Revoked bool `json:"revoked"`
String string `json:"-" datastore:",noindex"`
}
func (*Token) IssueAccessToken ¶
Issues short term expiration token for site/cli/dashboard
Source Files