oidcsdk

package module
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 23, 2020 License: Apache-2.0 Imports: 7 Imported by: 8

README

Go

github.com/identityOrg/oidcsdk

An attempt to create a SDK for OAuth2 and OpenID Connect protocol

Documentation

Index

Constants

View Source 
const (
	GrantAuthorizationCode     = "authorization_code"
	GrantImplicit              = "implicit"
	GrantResourceOwnerPassword = "password"
	GrantClientCredentials     = "client_credentials"
	GrantRefreshToken          = "refresh_token"
)
View Source 
const (
	ScopeOpenid        = "openid"
	ScopeProfile       = "profile"
	ScopeEmail         = "email"
	ScopeAddress       = "address"
	ScopeOfflineAccess = "offline_access"
)
View Source 
const (
	ResponseTypeCode    = "code"
	ResponseTypeToken   = "token"
	ResponseTypeIdToken = "id_token"
)
View Source 
const (
	ResponseModeQuery    = "query"
	ResponseModeFragment = "fragment"
	ResponseModeFormPost = "form"
)
View Source 
const (
	ContentTypeUrlEncodedForm = "application/x-www-form-urlencoded"
	ContentTypeJson           = "application/json"
	ContentTypeHtml           = "text/html"
)
View Source 
const (
	HeaderContentType   = "Content-Type"
	HeaderAuthorization = "Authorization"
)
View Source 
const (
	ExpireAuthorizationCode = 1
	ExpireAccessToken       = 2
	ExpireRefreshToken      = 4
)
View Source 
const (
	UrlOidcDiscovery = "/.well-known/openid-configuration"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Arguments 

type Arguments []string

func (Arguments) Exact deprecated 

func (r Arguments) Exact(name string) bool

Deprecated: Use ExactOne, Matches or MatchesExact

func (Arguments) ExactOne 

func (r Arguments) ExactOne(name string) bool

ExactOne checks, by string case, that a single argument equals the provided string.

func (Arguments) Has 

func (r Arguments) Has(items ...string) bool

Has checks, in a case-insensitive manner, that all of the items provided exists in arguments.

func (Arguments) HasOneOf 

func (r Arguments) HasOneOf(items ...string) bool

HasOneOf checks, in a case-insensitive manner, that one of the items provided exists in arguments.

func (Arguments) Matches 

func (r Arguments) Matches(items ...string) bool

Matches performs an case-insensitive, out-of-order check that the items provided exist and equal all of the args in arguments. Note:

  • Providing a list that includes duplicate string-case items will return not matched.

func (Arguments) MatchesExact 

func (r Arguments) MatchesExact(items ...string) bool

MatchesExact checks, by order and string case, that the items provided equal those in arguments.

func (Arguments) String 

func (r Arguments) String() string

type AuthenticationRequestContextFactory 

type AuthenticationRequestContextFactory func(request *http.Request) (IAuthenticationRequestContext, IError)

type AuthenticationResponseWriter 

type AuthenticationResponseWriter func(requestContext IAuthenticationRequestContext, w http.ResponseWriter, r *http.Request) error

type BearerErrorResponseWriter added in v0.3.0 

type BearerErrorResponseWriter func(writer http.ResponseWriter, request *http.Request) error

type Config 

type Config struct {
	Issuer                   string
	AuthCodeLifespan         time.Duration
	AccessTokenLifespan      time.Duration
	RefreshTokenLifespan     time.Duration
	AccessTokenEntropy       int
	AuthorizationCodeEntropy int
	RefreshTokenEntropy      int
	StateParamMinimumEntropy int
	GlobalConsentRequired    bool
	PKCEPlainEnabled         bool
}

func NewConfig 

func NewConfig(issuer string) *Config

type ErrorFactory 

type ErrorFactory func(status uint8, code string, description string) IError

type ErrorStrategy 

type ErrorStrategy func(err error, w http.ResponseWriter)

type IAccessTokenStrategy 

type IAccessTokenStrategy interface {
	GenerateAccessToken() (token string, signature string)
	SignAccessToken(token string) (signature string, err error)
}

type IAuthEPHandler 

type IAuthEPHandler interface {
	HandleAuthEP(ctx context.Context, requestContext IAuthenticationRequestContext) IError
}

type IAuthenticationRequestContext 

type IAuthenticationRequestContext interface {
	IRequestContext
	GetUserSession() ISession
	SetUserSession(sess ISession)
	GetNonce() string
	GetResponseMode() string
	GetResponseType() Arguments
	SetRedirectURI(uri string)
	IssueAuthorizationCode(code string, signature string, expiry time.Time)
}

type IAuthorizationCodeStrategy 

type IAuthorizationCodeStrategy interface {
	GenerateAuthCode() (code string, signature string)
	SignAuthCode(token string) (signature string, err error)
}

type IBaseContext 

type IBaseContext interface {
	GetRequestID() string
	GetRequestedAt() time.Time
	GetClientID() string
	GetToken() string
	GetTokenTypeHint() string
	SetClient(client IClient)
	GetClientSecret() string
	GetClient() IClient
	GetError() IError
	SetError(err IError)
	GetForm() *url.Values
}

type IClient 

type IClient interface {
	GetID() string
	GetSecret() string
	IsPublic() bool
	GetIDTokenSigningAlg() jose.SignatureAlgorithm
	GetRedirectURIs() []string
	GetApprovedScopes() Arguments
	GetApprovedGrantTypes() Arguments
}

type IClientCredentialContext added in v0.3.0 

type IClientCredentialContext interface {
	GetClientID() string
	GetClientSecret() string
	SetClient(client IClient)
}

type IClientStore 

type IClientStore interface {
	GetClient(ctx context.Context, clientID string) (client IClient, err error)
	FetchClientProfile(ctx context.Context, clientID string) RequestProfile
}

type IConfigurable 

type IConfigurable interface {
	Configure(config *Config, arg ...interface{})
}

type IError 

type IError interface {
	error
	GetStatus() string
	GetReason() string
	GetStatusCode() int
	GetDescription() string
	GetDebugInfo() string
}

type IIDTokenStrategy 

type IIDTokenStrategy interface {
	GenerateIDToken(profile RequestProfile, client IClient, expiry time.Time,
		transactionClaims map[string]interface{}) (idToken string, err error)
}

type IIntrospectionEPHandler added in v0.3.0 

type IIntrospectionEPHandler interface {
	HandleIntrospectionEP(ctx context.Context, requestContext IIntrospectionRequestContext) IError
}

type IIntrospectionRequestContext 

type IIntrospectionRequestContext interface {
	IBaseContext
	GetProfile() RequestProfile
	SetProfile(profile RequestProfile)
	IsActive() bool
	SetActive(active bool)
	GetTokenType() string
	SetTokenType(tokenType string)
}

type IManager 

type IManager interface {
	ProcessAuthorizationEP(writer http.ResponseWriter, request *http.Request)
	ProcessTokenEP(writer http.ResponseWriter, request *http.Request)
	ProcessIntrospectionEP(writer http.ResponseWriter, request *http.Request)
	ProcessRevocationEP(writer http.ResponseWriter, request *http.Request)
	ProcessDiscoveryEP(writer http.ResponseWriter, request *http.Request)
	ProcessKeysEP(writer http.ResponseWriter, request *http.Request)
}

type IRefreshTokenStrategy 

type IRefreshTokenStrategy interface {
	GenerateRefreshToken() (token string, signature string)
	SignRefreshToken(token string) (signature string, err error)
}

type IRequestContext 

type IRequestContext interface {
	GetRequestID() string
	GetRequestedAt() time.Time
	GetState() string
	GetRedirectURI() string
	GetClientID() string
	GetRequestedScopes() Arguments
	GetRequestedAudience() Arguments
	GetClaims() map[string]interface{}
	GetClient() IClient
	SetClient(client IClient)
	GetProfile() RequestProfile
	SetProfile(profile RequestProfile)
	GetIssuedTokens() Tokens
	IssueAccessToken(token string, signature string, expiry time.Time)
	IssueRefreshToken(token string, signature string, expiry time.Time)
	IssueIDToken(token string)
	GetError() IError
	SetError(err IError)
	GetForm() *url.Values
}

type IRevocationEPHandler added in v0.3.0 

type IRevocationEPHandler interface {
	HandleRevocationEP(ctx context.Context, requestContext IRevocationRequestContext) IError
}

type IRevocationRequestContext 

type IRevocationRequestContext interface {
	IBaseContext
}

type ISecretStore added in v0.3.0 

type ISecretStore interface {
	GetAllSecrets() *jose.JSONWebKeySet
}

type ISession 

type ISession interface {
	GetUsername() string
	GetLoginTime() *time.Time
	IsConsentSubmitted() bool
	IsLoginDone() bool
	GetApprovedScopes() Arguments
	GetScope() string
}

type ISessionManager 

type ISessionManager interface {
	RetrieveUserSession(r *http.Request) (ISession, error)
}

type ITokenEPHandler 

type ITokenEPHandler interface {
	HandleTokenEP(ctx context.Context, requestContext ITokenRequestContext) IError
}

type ITokenRequestContext 

type ITokenRequestContext interface {
	IRequestContext
	GetRefreshToken() string
	GetPreviousRequestID() (id string)
	SetPreviousRequestID(id string)
	GetGrantType() string
	GetClientSecret() string
	GetAuthorizationCode() string
	GetUsername() string
	GetPassword() string
}

type ITokenStore 

type ITokenStore interface {
	StoreTokenProfile(ctx context.Context, reqId string, signatures TokenSignatures, profile RequestProfile) (err error)
	GetProfileWithAuthCodeSign(ctx context.Context, signature string) (profile RequestProfile, reqId string, err error)
	GetProfileWithAccessTokenSign(ctx context.Context, signature string) (profile RequestProfile, reqId string, err error)
	GetProfileWithRefreshTokenSign(ctx context.Context, signature string) (profile RequestProfile, reqId string, err error)
	InvalidateWithRequestID(ctx context.Context, reqID string, what uint8) (err error)
}

type ITokenStoreNew added in v0.3.0 

type ITokenStoreNew interface {
	StoreAuthorizationCode(ctx context.Context, reqId string, sign string, expiry time.Time, profile RequestProfile) (err error)
	StoreAccessToken(ctx context.Context, reqId string, sign string, expiry time.Time, profile RequestProfile) (err error)
	StoreRefreshToken(ctx context.Context, reqId string, sign string, expiry time.Time, profile RequestProfile) (err error)
	InvalidateAuthorizationCode(ctx context.Context, reqId string) (err error)
	InvalidateAccessToken(ctx context.Context, reqId string) (err error)
	InvalidateRefreshToken(ctx context.Context, reqId string) (err error)
	FindAuthorizationCode(ctx context.Context, sign string)
}

type ITransactionalStore 

type ITransactionalStore interface {
	StartTransaction(ctx context.Context)
	CommitTransaction(ctx context.Context)
	RollbackTransaction(ctx context.Context)
}

type IUserStore 

type IUserStore interface {
	Authenticate(ctx context.Context, username string, credential []byte) (err error)
	GetClaims(ctx context.Context, username string, scopes Arguments, claimsIDs []string) (map[string]interface{}, error)
	IsConsentRequired(ctx context.Context, username string, clientId string, scopes Arguments) bool
	StoreConsent(ctx context.Context, username string, clientId string, scopes Arguments) error
	FetchUserProfile(ctx context.Context, username string) RequestProfile
}

type IntrospectionRequestContextFactory 

type IntrospectionRequestContextFactory func(request *http.Request) (IIntrospectionRequestContext, IError)

type IntrospectionResponseWriter 

type IntrospectionResponseWriter func(requestContext IIntrospectionRequestContext, writer http.ResponseWriter, request *http.Request) error

type JsonErrorWriter 

type JsonErrorWriter func(pError IError, w http.ResponseWriter, r *http.Request) error

type RedirectErrorWriter 

type RedirectErrorWriter func(requestContext IAuthenticationRequestContext, w http.ResponseWriter, r *http.Request) error

type RequestProfile 

type RequestProfile map[string]string

func NewRequestProfile 

func NewRequestProfile() RequestProfile

func (RequestProfile) GetAudience 

func (r RequestProfile) GetAudience() Arguments

func (RequestProfile) GetClientID 

func (r RequestProfile) GetClientID() string

func (RequestProfile) GetCodeChallenge added in v0.3.0 

func (r RequestProfile) GetCodeChallenge() string

func (RequestProfile) GetCodeChallengeMethod added in v0.3.0 

func (r RequestProfile) GetCodeChallengeMethod() string

func (RequestProfile) GetDomain 

func (r RequestProfile) GetDomain() string

func (RequestProfile) GetNonce 

func (r RequestProfile) GetNonce() string

func (RequestProfile) GetRedirectURI 

func (r RequestProfile) GetRedirectURI() string

func (RequestProfile) GetScope 

func (r RequestProfile) GetScope() Arguments

func (RequestProfile) GetState 

func (r RequestProfile) GetState() string

func (RequestProfile) GetUsername 

func (r RequestProfile) GetUsername() string

func (RequestProfile) IsClient 

func (r RequestProfile) IsClient() bool

func (RequestProfile) SetAudience 

func (r RequestProfile) SetAudience(aud Arguments)

func (RequestProfile) SetClientID 

func (r RequestProfile) SetClientID(username string)

func (RequestProfile) SetCodeChallenge added in v0.3.0 

func (r RequestProfile) SetCodeChallenge(challenge string)

func (RequestProfile) SetCodeChallengeMethod added in v0.3.0 

func (r RequestProfile) SetCodeChallengeMethod(challengeMethod string)

func (RequestProfile) SetDomain 

func (r RequestProfile) SetDomain(domain string)

func (RequestProfile) SetNonce 

func (r RequestProfile) SetNonce(nonce string)

func (RequestProfile) SetRedirectURI 

func (r RequestProfile) SetRedirectURI(redirectUri string)

func (RequestProfile) SetScope 

func (r RequestProfile) SetScope(scopes Arguments)

func (RequestProfile) SetState 

func (r RequestProfile) SetState(state string)

func (RequestProfile) SetUsername 

func (r RequestProfile) SetUsername(username string)

type RevocationRequestContextFactory 

type RevocationRequestContextFactory func(request *http.Request) (IRevocationRequestContext, IError)

type RevocationResponseWriter 

type RevocationResponseWriter func(requestContext IRevocationRequestContext, writer http.ResponseWriter, request *http.Request) error

type TokenRequestContextFactory 

type TokenRequestContextFactory func(request *http.Request) (ITokenRequestContext, IError)

type TokenResponseWriter 

type TokenResponseWriter func(requestContext ITokenRequestContext, w http.ResponseWriter, r *http.Request) error

type TokenSignatures 

type TokenSignatures struct {
	AuthorizationCodeSignature string
	AccessTokenSignature       string
	RefreshTokenSignature      string
	RefreshTokenExpiry         time.Time
	AccessTokenExpiry          time.Time
	AuthorizationCodeExpiry    time.Time
}

type Tokens 

type Tokens struct {
	TokenSignatures
	AuthorizationCode string
	AccessToken       string
	RefreshToken      string
	TokenType         string
	IDToken           string
}

Source Files

View all Source files

Directories

Path Synopsis
demosession
memdbstore
secretkey
impl
authep
client
introrevoke
manager
middleware
processors
sdkerror
strategies
tokenep

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.