auth

package
v0.3.4 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 23, 2025 License: MIT Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const JWTKeySize = 32

JWTKeySize is the key size for JWT signing (256-bit).

Variables

This section is empty.

Functions

func GenerateRandomString 

func GenerateRandomString(length int) (string, error)

GenerateRandomString creates a random string of the specified length.

Types

type Client 

type Client struct {
	ID           string    `json:"id"`
	Secret       []byte    `json:"secret"`
	Name         string    `json:"name"`
	Description  string    `json:"description"`
	RedirectURIs []string  `json:"redirect_uris"`
	GrantTypes   []string  `json:"grant_types"`
	Scopes       []string  `json:"scopes"`
	Audience     []string  `json:"audience"`
	Public       bool      `json:"public"`
	Active       bool      `json:"active"`
	CreatedAt    time.Time `json:"created_at"`
	UpdatedAt    time.Time `json:"updated_at"`
}

Client implements fosite.Client interface and serves as the unified client model.

func NewClient 

func NewClient(id, secret string, redirectURIs []string, scopes []string) *Client

NewClient creates a new client for OAuth2 with given parameters.

func (*Client) GetAudience 

func (c *Client) GetAudience() fosite.Arguments

GetAudience returns the client's audience.

func (*Client) GetGrantTypes 

func (c *Client) GetGrantTypes() fosite.Arguments

GetGrantTypes returns the allowed grant types.

func (*Client) GetHashedSecret 

func (c *Client) GetHashedSecret() []byte

GetHashedSecret returns the hashed client secret.

func (*Client) GetID 

func (c *Client) GetID() string

GetID returns the client ID.

func (*Client) GetRedirectURIs 

func (c *Client) GetRedirectURIs() []string

GetRedirectURIs returns the client's redirect URIs.

func (*Client) GetResponseTypes 

func (c *Client) GetResponseTypes() fosite.Arguments

GetResponseTypes returns the allowed response types.

func (*Client) GetScopes 

func (c *Client) GetScopes() fosite.Arguments

GetScopes returns the client's allowed scopes.

func (*Client) GetTokenEndpointAuthMethod 

func (c *Client) GetTokenEndpointAuthMethod() string

GetTokenEndpointAuthMethod returns the client's token endpoint authentication method.

func (*Client) IsPublic 

func (c *Client) IsPublic() bool

IsPublic returns whether this is a public client.

type ClientService 

type ClientService struct {
	// contains filtered or unexported fields
}

ClientService manages client applications.

func NewClientService 

func NewClientService(store *storage.Store) *ClientService

NewClientService creates a new client service.

func (*ClientService) CreateClient 

func (s *ClientService) CreateClient(
	ctx context.Context,
	name, description, redirectURI string,
	scopes []string,
) (*ClientWithSecret, error)

CreateClient registers a new client.

func (*ClientService) DeleteClient 

func (s *ClientService) DeleteClient(id string) error

DeleteClient removes a client.

func (*ClientService) GetClient 

func (s *ClientService) GetClient(ctx context.Context, id string) (*Client, error)

GetClient retrieves a client by ID.

func (*ClientService) ListClients 

func (s *ClientService) ListClients(ctx context.Context) ([]*Client, error)

ListClients returns all registered clients.

func (*ClientService) RotateClientSecret added in v0.3.0 

func (s *ClientService) RotateClientSecret(ctx context.Context, clientID string) (*ClientWithSecret, error)

RotateClientSecret generates and sets a new secret for the client, returning it in plaintext once.

func (*ClientService) UpdateClient 

func (s *ClientService) UpdateClient(ctx context.Context, clientID string, updates map[string]any) (*Client, error)

UpdateClient updates a client's information.

type ClientWithSecret 

type ClientWithSecret struct {
	*Client

	PlaintextSecret string `json:"secret"`
}

ClientWithSecret holds a client and its plaintext secret for API responses.

func NewClientWithDetails 

func NewClientWithDetails(name, description, redirectURI string, scopes []string) (*ClientWithSecret, error)

NewClientWithDetails creates a new client with auto-generated ID and secret.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server wraps Fosite OAuth2 provider.

func NewServer 

func NewServer(store StorageInterface, cfg *config.Config, jwtSigningKey []byte) (*Server, error)

NewServer creates a new OAuth2 server using Fosite.

func (*Server) HandleAuthorizeRequest 

func (s *Server) HandleAuthorizeRequest(writer http.ResponseWriter, request *http.Request)

HandleAuthorizeRequest handles OAuth2 authorization requests.

func (*Server) HandleTokenRequest 

func (s *Server) HandleTokenRequest(writer http.ResponseWriter, request *http.Request)

HandleTokenRequest handles OAuth2 token requests.

func (*Server) Provider 

func (s *Server) Provider() fosite.OAuth2Provider

Provider returns the fosite OAuth2 provider.

func (*Server) Storage 

func (s *Server) Storage() *Storage

Storage returns the auth storage.

func (*Server) ValidateAccessToken 

func (s *Server) ValidateAccessToken(ctx context.Context, token string) (string, []string, error)

ValidateAccessToken validates an access token and returns client info.

type Storage 

type Storage struct {
	// contains filtered or unexported fields
}

Storage implements fosite.Storage interface using our storage backend.

func (*Storage) Authenticate 

func (s *Storage) Authenticate(_ context.Context, _ string) error

Authenticate is required by fosite.Storage but can be no-ops for basic implementation.

func (*Storage) ClientAssertionJWTValid 

func (s *Storage) ClientAssertionJWTValid(_ context.Context, _ string) error

func (*Storage) CreateAccessTokenSession 

func (s *Storage) CreateAccessTokenSession(_ context.Context, signature string, req fosite.Requester) error

func (*Storage) CreateAuthorizeCodeSession 

func (s *Storage) CreateAuthorizeCodeSession(ctx context.Context, code string, req fosite.Requester) error

func (*Storage) CreatePKCERequestSession 

func (s *Storage) CreatePKCERequestSession(_ context.Context, signature string, req fosite.Requester) error

func (*Storage) CreateRefreshTokenSession 

func (s *Storage) CreateRefreshTokenSession(
	_ context.Context,
	signature string,
	accessSignature string,
	req fosite.Requester,
) error

func (*Storage) DeleteAccessTokenSession 

func (s *Storage) DeleteAccessTokenSession(_ context.Context, signature string) error

func (*Storage) DeletePKCERequestSession 

func (s *Storage) DeletePKCERequestSession(_ context.Context, signature string) error

func (*Storage) DeleteRefreshTokenSession 

func (s *Storage) DeleteRefreshTokenSession(_ context.Context, signature string) error

func (*Storage) GetAccessTokenSession 

func (s *Storage) GetAccessTokenSession(
	ctx context.Context,
	signature string,
	session fosite.Session,
) (fosite.Requester, error)

func (*Storage) GetAuthorizeCodeSession 

func (s *Storage) GetAuthorizeCodeSession(
	ctx context.Context,
	code string,
	session fosite.Session,
) (fosite.Requester, error)

func (*Storage) GetClient 

func (s *Storage) GetClient(_ context.Context, id string) (fosite.Client, error)

func (*Storage) GetPKCERequestSession 

func (s *Storage) GetPKCERequestSession(
	ctx context.Context,
	signature string,
	session fosite.Session,
) (fosite.Requester, error)

func (*Storage) GetRefreshTokenSession 

func (s *Storage) GetRefreshTokenSession(
	ctx context.Context,
	signature string,
	session fosite.Session,
) (fosite.Requester, error)

func (*Storage) InvalidateAuthorizeCodeSession 

func (s *Storage) InvalidateAuthorizeCodeSession(_ context.Context, code string) error

func (*Storage) RevokeAccessToken 

func (s *Storage) RevokeAccessToken(_ context.Context, requestID string) error

func (*Storage) RevokeRefreshToken 

func (s *Storage) RevokeRefreshToken(_ context.Context, requestID string) error

func (*Storage) RevokeRefreshTokenMaybeGracePeriod 

func (s *Storage) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, _ string) error

func (*Storage) RotateRefreshToken 

func (s *Storage) RotateRefreshToken(_ context.Context, _ string, refreshTokenSignature string) error

func (*Storage) SetClientAssertionJWT 

func (s *Storage) SetClientAssertionJWT(_ context.Context, _ string, _ time.Time) error

type StorageAdapter 

type StorageAdapter struct {
	// contains filtered or unexported fields
}

StorageAdapter adapts our storage.Store to work with FositeStore.

func NewStorageAdapter 

func NewStorageAdapter(store *storage.Store) *StorageAdapter

NewStorageAdapter creates a new storage adapter.

func (*StorageAdapter) Delete 

func (s *StorageAdapter) Delete(key string) error

Delete removes a value.

func (*StorageAdapter) Get 

func (s *StorageAdapter) Get(key string, value any) error

Get retrieves a value (StorageInterface compatibility).

func (*StorageAdapter) GetWithContext 

func (s *StorageAdapter) GetWithContext(ctx context.Context, key string, value any) error

GetWithContext retrieves a value using provided context.

func (*StorageAdapter) Set 

func (s *StorageAdapter) Set(key string, value any, ttl time.Duration) error

Set stores a value with optional TTL (StorageInterface compatibility).

func (*StorageAdapter) SetWithContext 

func (s *StorageAdapter) SetWithContext(ctx context.Context, key string, value any, ttl time.Duration) error

SetWithContext stores a value with optional TTL using provided context.

type StorageInterface 

type StorageInterface interface {
	Set(key string, value any, ttl time.Duration) error
	Get(key string, value any) error
	Delete(key string) error
}

StorageInterface defines what we need from our storage.

type TokenClaims 

type TokenClaims struct {
	ClientID string   `json:"client_id"`
	UserID   string   `json:"user_id,omitempty"`
	Scopes   []string `json:"scopes"`
}

TokenClaims represents token information passed through request context.

type TokenService 

type TokenService struct {
	// contains filtered or unexported fields
}

TokenService manages OAuth tokens.

func NewTokenService 

func NewTokenService(store *storage.Store) *TokenService

NewTokenService creates a new token service.

func (*TokenService) GetProviderToken 

func (s *TokenService) GetProviderToken(ctx context.Context) (*oauth2.Token, error)

GetProviderToken retrieves the current OAuth provider token.

func (*TokenService) NeedsProactiveRefresh 

func (s *TokenService) NeedsProactiveRefresh(ctx context.Context) bool

NeedsProactiveRefresh checks if the token should be refreshed proactively Returns true if the token expires in less than 3 days.

func (*TokenService) StoreProviderToken 

func (s *TokenService) StoreProviderToken(
	ctx context.Context,
	accessToken, tokenType, refreshToken string,
	expiresIn int,
) error

StoreProviderToken stores an OAuth token from a provider.

type TokenServicer 

type TokenServicer interface {
	StoreProviderToken(ctx context.Context, accessToken, tokenType, refreshToken string, expiresIn int) error
	GetProviderToken(ctx context.Context) (*oauth2.Token, error)
	NeedsProactiveRefresh(ctx context.Context) bool
}

TokenServicer defines the interface for token management.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.