oidcsdk

package module
v0.7.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 9, 2020 License: Apache-2.0 Imports: 7 Imported by: 8

README

Go

github.com/identityOrg/oidcsdk

An attempt to create a SDK for OAuth2 and OpenID Connect protocol

Documentation

Index

Constants

View Source 
const (
	GrantAuthorizationCode     = "authorization_code"
	GrantImplicit              = "implicit"
	GrantResourceOwnerPassword = "password"
	GrantClientCredentials     = "client_credentials"
	GrantRefreshToken          = "refresh_token"
)
View Source 
const (
	ScopeOpenid        = "openid"
	ScopeProfile       = "profile"
	ScopeEmail         = "email"
	ScopeAddress       = "address"
	ScopeOfflineAccess = "offline_access"
)
View Source 
const (
	ResponseTypeCode    = "code"
	ResponseTypeToken   = "token"
	ResponseTypeIdToken = "id_token"
)
View Source 
const (
	ResponseModeQuery    = "query"
	ResponseModeFragment = "fragment"
	ResponseModeFormPost = "form"
)
View Source 
const (
	ContentTypeUrlEncodedForm = "application/x-www-form-urlencoded"
	ContentTypeJson           = "application/json"
	ContentTypeHtml           = "text/html"
)
View Source 
const (
	HeaderContentType   = "Content-Type"
	HeaderAuthorization = "Authorization"
)
View Source 
const (
	ExpireAuthorizationCode = 1
	ExpireAccessToken       = 2
	ExpireRefreshToken      = 4
)
View Source 
const (
	UrlOidcDiscovery = "/.well-known/openid-configuration"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Arguments 

type Arguments []string

func (Arguments) Exact deprecated 

func (r Arguments) Exact(name string) bool

Deprecated: Use ExactOne, Matches or MatchesExact

func (Arguments) ExactOne 

func (r Arguments) ExactOne(name string) bool

ExactOne checks, by string case, that a single argument equals the provided string.

func (Arguments) Has 

func (r Arguments) Has(items ...string) bool

Has checks, in a case-insensitive manner, that all of the items provided exists in arguments.

func (Arguments) HasOneOf 

func (r Arguments) HasOneOf(items ...string) bool

HasOneOf checks, in a case-insensitive manner, that one of the items provided exists in arguments.

func (Arguments) Matches 

func (r Arguments) Matches(items ...string) bool

Matches performs an case-insensitive, out-of-order check that the items provided exist and equal all of the args in arguments. Note:

  • Providing a list that includes duplicate string-case items will return not matched.

func (Arguments) MatchesExact 

func (r Arguments) MatchesExact(items ...string) bool

MatchesExact checks, by order and string case, that the items provided equal those in arguments.

func (Arguments) String 

func (r Arguments) String() string

type Config 

type Config struct {
	Issuer                   string
	AuthCodeLifespan         time.Duration
	AccessTokenLifespan      time.Duration
	RefreshTokenLifespan     time.Duration
	AccessTokenEntropy       int
	AuthorizationCodeEntropy int
	RefreshTokenEntropy      int
	StateParamMinimumEntropy int
	GlobalConsentRequired    bool
	PKCEPlainEnabled         bool
}

func NewConfig 

func NewConfig(issuer string) *Config

type ErrorFactory 

type ErrorFactory func(status uint8, code string, description string) IError

type ErrorStrategy 

type ErrorStrategy func(err error, w http.ResponseWriter)

type IAccessTokenStrategy 

type IAccessTokenStrategy interface {
	GenerateAccessToken() (token string, signature string)
	SignAccessToken(token string) (signature string, err error)
}

type IAuthEPHandler 

type IAuthEPHandler interface {
	HandleAuthEP(ctx context.Context, requestContext IAuthenticationRequestContext) IError
}

type IAuthenticationRequestContext 

type IAuthenticationRequestContext interface {
	IRequestContext
	GetUserSession() ISession
	SetUserSession(sess ISession)
	GetNonce() string
	GetResponseMode() string
	GetResponseType() Arguments
	SetRedirectURI(uri string)
	IssueAuthorizationCode(code string, signature string, expiry time.Time)
}

type IAuthorizationCodeStrategy 

type IAuthorizationCodeStrategy interface {
	GenerateAuthCode() (code string, signature string)
	SignAuthCode(token string) (signature string, err error)
}

type IClient 

type IClient interface {
	GetID() string
	GetSecret() string
	IsPublic() bool
	GetIDTokenSigningAlg() jose.SignatureAlgorithm
	GetRedirectURIs() []string
	GetApprovedScopes() Arguments
	GetApprovedGrantTypes() Arguments
}

type IClientCredentialContext added in v0.3.0 

type IClientCredentialContext interface {
	GetClientID() string
	GetClientSecret() string
	SetClient(client IClient)
}

type IClientStore 

type IClientStore interface {
	GetClient(ctx context.Context, clientID string) (client IClient, err error)
	FetchClientProfile(ctx context.Context, clientID string) RequestProfile
}

type IError 

type IError interface {
	error
	GetStatus() string
	GetReason() string
	GetStatusCode() int
	GetDescription() string
	GetDebugInfo() string
}

type IErrorWriter added in v0.4.0 

type IErrorWriter interface {
	WriteJsonError(pError IError, additionalValues url.Values, w http.ResponseWriter, r *http.Request) error
	WriteRedirectError(requestContext IAuthenticationRequestContext, w http.ResponseWriter, r *http.Request) error
	WriteBearerError(pError IError, additionalValues url.Values, w http.ResponseWriter, r *http.Request) error
}

type IIDTokenStrategy 

type IIDTokenStrategy interface {
	GenerateIDToken(ctx context.Context, profile RequestProfile, client IClient, expiry time.Time,
		transactionClaims map[string]interface{}, tokens Tokens) (idToken string, err error)
}

type IIntrospectionEPHandler added in v0.3.0 

type IIntrospectionEPHandler interface {
	HandleIntrospectionEP(ctx context.Context, requestContext IIntrospectionRequestContext) IError
}

type IIntrospectionRequestContext 

type IIntrospectionRequestContext interface {
	IRevocationRequestContext
	GetProfile() RequestProfile
	SetProfile(profile RequestProfile)
	IsActive() bool
	SetActive(active bool)
	GetTokenType() string
	SetTokenType(tokenType string)
}

type IManager 

type IManager interface {
	ProcessAuthorizationEP(writer http.ResponseWriter, request *http.Request)
	ProcessTokenEP(writer http.ResponseWriter, request *http.Request)
	ProcessIntrospectionEP(writer http.ResponseWriter, request *http.Request)
	ProcessRevocationEP(writer http.ResponseWriter, request *http.Request)
	ProcessDiscoveryEP(writer http.ResponseWriter, request *http.Request)
	ProcessKeysEP(writer http.ResponseWriter, request *http.Request)
	ProcessUserInfoEP(writer http.ResponseWriter, request *http.Request)

	SetLoginPageHandler(pageHandler http.HandlerFunc)
	SetConsentPageHandler(pageHandler http.HandlerFunc)
	SetErrorStrategy(strategy ErrorStrategy)
}

type IRefreshTokenStrategy 

type IRefreshTokenStrategy interface {
	GenerateRefreshToken() (token string, signature string)
	SignRefreshToken(token string) (signature string, err error)
}

type IRequestContext 

type IRequestContext interface {
	GetRequestID() string
	GetRequestedAt() time.Time
	GetState() string
	GetRedirectURI() string
	GetClientID() string
	GetRequestedScopes() Arguments
	GetRequestedAudience() Arguments
	GetClaims() map[string]interface{}
	GetClient() IClient
	SetClient(client IClient)
	GetProfile() RequestProfile
	SetProfile(profile RequestProfile)
	GetIssuedTokens() Tokens
	IssueAccessToken(token string, signature string, expiry time.Time)
	IssueRefreshToken(token string, signature string, expiry time.Time)
	IssueIDToken(token string)
	GetError() IError
	SetError(err IError)
	GetForm() *url.Values
}

type IRequestContextFactory added in v0.4.0 

type IRequestContextFactory interface {
	BuildTokenRequestContext(request *http.Request) (ITokenRequestContext, IError)
	BuildAuthorizationRequestContext(request *http.Request) (IAuthenticationRequestContext, IError)
	BuildRevocationRequestContext(request *http.Request) (IRevocationRequestContext, IError)
	BuildIntrospectionRequestContext(request *http.Request) (IIntrospectionRequestContext, IError)
	BuildUserInfoRequestContext(request *http.Request) (IUserInfoRequestContext, IError)
}

type IResponseWriter added in v0.4.0 

type IResponseWriter interface {
	WriteTokenResponse(requestContext ITokenRequestContext, w http.ResponseWriter, r *http.Request) error
	WriteAuthorizationResponse(requestContext IAuthenticationRequestContext, w http.ResponseWriter, r *http.Request) error
	WriteIntrospectionResponse(requestContext IIntrospectionRequestContext, w http.ResponseWriter, r *http.Request) error
	WriteRevocationResponse(w http.ResponseWriter, r *http.Request) error
	WriteUserInfoResponse(requestContext IUserInfoRequestContext, w http.ResponseWriter, r *http.Request) error
}

type IRevocationEPHandler added in v0.3.0 

type IRevocationEPHandler interface {
	HandleRevocationEP(ctx context.Context, requestContext IRevocationRequestContext) IError
}

type IRevocationRequestContext 

type IRevocationRequestContext interface {
	GetRequestID() string
	GetRequestedAt() time.Time
	GetClientID() string
	GetToken() string
	GetTokenTypeHint() string
	SetClient(client IClient)
	GetClientSecret() string
	GetClient() IClient
	GetError() IError
	SetError(err IError)
	GetForm() *url.Values
}

type ISecretStore added in v0.3.0 

type ISecretStore interface {
	GetAllSecrets(ctx context.Context) (*jose.JSONWebKeySet, error)
}

type ISession 

type ISession interface {
	GetUsername() string
	GetLoginTime() *time.Time
	IsConsentSubmitted() bool
	IsLoginDone() bool
	GetApprovedScopes() Arguments
	GetScope() string
}

type ISessionManager 

type ISessionManager interface {
	RetrieveUserSession(r *http.Request) (ISession, error)
}

type ITokenEPHandler 

type ITokenEPHandler interface {
	HandleTokenEP(ctx context.Context, requestContext ITokenRequestContext) IError
}

type ITokenRequestContext 

type ITokenRequestContext interface {
	IRequestContext
	GetRefreshToken() string
	GetPreviousRequestID() (id string)
	SetPreviousRequestID(id string)
	GetGrantType() string
	GetClientSecret() string
	GetAuthorizationCode() string
	GetUsername() string
	GetPassword() string
}

type ITokenSignatures added in v0.6.1 

type ITokenSignatures interface {
	GetACSignature() string
	GetATSignature() string
	GetRTSignature() string
	GetACExpiry() time.Time
	GetATExpiry() time.Time
	GetRTExpiry() time.Time
}

type ITokenStore 

type ITokenStore interface {
	StoreTokenProfile(ctx context.Context, reqId string, signatures ITokenSignatures, profile RequestProfile) (err error)
	GetProfileWithAuthCodeSign(ctx context.Context, signature string) (profile RequestProfile, reqId string, err error)
	GetProfileWithAccessTokenSign(ctx context.Context, signature string) (profile RequestProfile, reqId string, err error)
	GetProfileWithRefreshTokenSign(ctx context.Context, signature string) (profile RequestProfile, reqId string, err error)
	InvalidateWithRequestID(ctx context.Context, reqID string, what uint8) (err error)
}

type ITransactionManager added in v0.7.2 

type ITransactionManager interface {
	BeginTransaction(ctx context.Context, readOnly bool) context.Context
	CommitTransaction(ctx context.Context) context.Context
	RollbackTransaction(ctx context.Context) context.Context
}

type IUserInfoEPHandler added in v0.6.0 

type IUserInfoEPHandler interface {
	HandleUserInfoEP(ctx context.Context, requestContext IUserInfoRequestContext) IError
}

type IUserInfoRequestContext added in v0.6.0 

type IUserInfoRequestContext interface {
	GetBearerToken() string
	GetUsername() string
	SetUsername(username string)
	GetClaims() map[string]interface{}
	AddClaim(claimId string, value interface{})
	GetApprovedScopes() Arguments
	SetApprovedScopes(scopes Arguments)
	GetRequestedClaims() []string
	SetRequestedClaims(claimIds []string)
}

type IUserStore 

type IUserStore interface {
	Authenticate(ctx context.Context, username string, credential []byte) (err error)
	GetClaims(ctx context.Context, username string, scopes Arguments, claimsIDs []string) (map[string]interface{}, error)
	IsConsentRequired(ctx context.Context, username string, clientId string, scopes Arguments) bool
	StoreConsent(ctx context.Context, username string, clientId string, scopes Arguments) error
	FetchUserProfile(ctx context.Context, username string) RequestProfile
}

type RequestProfile 

type RequestProfile map[string]string

func NewRequestProfile 

func NewRequestProfile() RequestProfile

func (RequestProfile) GetAudience 

func (r RequestProfile) GetAudience() Arguments

func (RequestProfile) GetClientID 

func (r RequestProfile) GetClientID() string

func (RequestProfile) GetCodeChallenge added in v0.3.0 

func (r RequestProfile) GetCodeChallenge() string

func (RequestProfile) GetCodeChallengeMethod added in v0.3.0 

func (r RequestProfile) GetCodeChallengeMethod() string

func (RequestProfile) GetDomain 

func (r RequestProfile) GetDomain() string

func (RequestProfile) GetNonce 

func (r RequestProfile) GetNonce() string

func (RequestProfile) GetRedirectURI 

func (r RequestProfile) GetRedirectURI() string

func (RequestProfile) GetScope 

func (r RequestProfile) GetScope() Arguments

func (RequestProfile) GetState 

func (r RequestProfile) GetState() string

func (RequestProfile) GetUsername 

func (r RequestProfile) GetUsername() string

func (RequestProfile) IsClient 

func (r RequestProfile) IsClient() bool

func (RequestProfile) SetAudience 

func (r RequestProfile) SetAudience(aud Arguments)

func (RequestProfile) SetClientID 

func (r RequestProfile) SetClientID(username string)

func (RequestProfile) SetCodeChallenge added in v0.3.0 

func (r RequestProfile) SetCodeChallenge(challenge string)

func (RequestProfile) SetCodeChallengeMethod added in v0.3.0 

func (r RequestProfile) SetCodeChallengeMethod(challengeMethod string)

func (RequestProfile) SetDomain 

func (r RequestProfile) SetDomain(domain string)

func (RequestProfile) SetNonce 

func (r RequestProfile) SetNonce(nonce string)

func (RequestProfile) SetRedirectURI 

func (r RequestProfile) SetRedirectURI(redirectUri string)

func (RequestProfile) SetScope 

func (r RequestProfile) SetScope(scopes Arguments)

func (RequestProfile) SetState 

func (r RequestProfile) SetState(state string)

func (RequestProfile) SetUsername 

func (r RequestProfile) SetUsername(username string)

type TokenSignatures 

type TokenSignatures struct {
	AuthorizationCodeSignature string
	AccessTokenSignature       string
	RefreshTokenSignature      string
	RefreshTokenExpiry         time.Time
	AccessTokenExpiry          time.Time
	AuthorizationCodeExpiry    time.Time
}

func (*TokenSignatures) GetACExpiry added in v0.6.1 

func (t *TokenSignatures) GetACExpiry() time.Time

func (*TokenSignatures) GetACSignature added in v0.6.1 

func (t *TokenSignatures) GetACSignature() string

func (*TokenSignatures) GetATExpiry added in v0.6.1 

func (t *TokenSignatures) GetATExpiry() time.Time

func (*TokenSignatures) GetATSignature added in v0.6.1 

func (t *TokenSignatures) GetATSignature() string

func (*TokenSignatures) GetRTExpiry added in v0.6.1 

func (t *TokenSignatures) GetRTExpiry() time.Time

func (*TokenSignatures) GetRTSignature added in v0.6.1 

func (t *TokenSignatures) GetRTSignature() string

type Tokens 

type Tokens struct {
	TokenSignatures
	AuthorizationCode string
	AccessToken       string
	RefreshToken      string
	TokenType         string
	IDToken           string
}

Source Files

View all Source files

Directories

Path Synopsis
config
demosession
memdbstore
secretkey
client
factories
manager
middleware
processors
sdkerror
strategies
writers

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.