jawsauth

package module
v1.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 19, 2026 License: MIT Imports: 19 Imported by: 1

README

build coverage goreport Docs

jawsauth

OAuth2 integration with JaWS sessions using "golang.org/x/oauth2".

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var ErrConfigURLMissingHost = errors.New("url host is missing")
View Source 
var ErrConfigURLNotAbsolute = errors.New("url is not absolute")
View Source 
var ErrInconsistentState = errors.New("oauth2 inconsistent state")
View Source 
var ErrOAuth2Callback = errors.New("oauth2 callback error")

ErrOAuth2Callback matches OAuth2 callback errors returned by the identity provider.

View Source 
var ErrOAuth2MissingIssuer = errors.New("oauth2 missing issuer")

ErrOAuth2MissingIssuer means the callback did not include the required "iss" parameter.

View Source 
var ErrOAuth2MissingSession = errors.New("oauth2 missing session")
View Source 
var ErrOAuth2MissingState = errors.New("oauth2 missing state")
View Source 
var ErrOAuth2NotConfigured = errors.New("oauth2 not configured")
View Source 
var ErrOAuth2WrongIssuer = errors.New("oauth2 wrong issuer")

ErrOAuth2WrongIssuer means the callback "iss" parameter does not match the expected issuer.

View Source 
var ErrOAuth2WrongState = errors.New("oauth2 wrong state")
View Source 
var WriteHeaders = DefaultWriteHeaders

WriteHeaders is called to write HTTP headers for all OAuth endpoint responses

Functions

func DefaultWriteHeaders added in v1.0.1 

func DefaultWriteHeaders(hw http.ResponseWriter, ishttps bool)

Types

type Config 

type Config struct {
	RedirectURL string   // e.g. "https://application.example.com/oauth2/callback"
	AuthURL     string   // e.g. "https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/oauth2/v2.0/authorize"
	TokenURL    string   // e.g. "https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/oauth2/v2.0/token"
	Issuer      string   // e.g. "https://login.microsoftonline.com/00000000-0000-0000-0000-000000000000/v2.0": optional, if empty callback "iss" is ignored
	UserInfoURL string   // e.g. "https://graph.microsoft.com/v1.0/me?$select=displayName,mail"
	Scopes      []string // e.g. []string{"user.read"}
	ClientID    string
	//gosec:disable G117
	ClientSecret string
}

func (*Config) Build 

func (cfg *Config) Build(overrideUrl string) (oauth2cfg *oauth2.Config, err error)

Build creates a oauth2.Config. If overrideUrl is provided, it's scheme, host and port are used instead of the ones in RedirectURL. This is useful when testing.

func (*Config) Validate 

func (cfg *Config) Validate() (err error)

type EventFunc added in v0.3.0 

type EventFunc func(sess *jaws.Session, hr *http.Request)

type FailedFunc added in v0.9.0 

type FailedFunc func(hw http.ResponseWriter, hr *http.Request, httpCode int, err error, email string) (wroteresponse bool)

type HandleFunc 

type HandleFunc func(uri string, handler http.Handler)

type JawsAuth added in v0.6.0 

type JawsAuth struct {
	// contains filtered or unexported fields
}

func (*JawsAuth) Data added in v0.6.0 

func (a *JawsAuth) Data() (x map[string]any)

func (*JawsAuth) Email added in v0.6.0 

func (a *JawsAuth) Email() (s string)

func (*JawsAuth) IsAdmin added in v0.6.0 

func (a *JawsAuth) IsAdmin() (yes bool)

type OAuth2CallbackError added in v1.0.0 

type OAuth2CallbackError struct {
	Code        string // OAuth2 error code from the callback.
	Description string // Optional error description from the callback.
	URI         string // Optional URI with details about the callback error.
}

OAuth2CallbackError describes an OAuth2 callback error response.

func (*OAuth2CallbackError) Error added in v1.0.0 

func (err *OAuth2CallbackError) Error() string

func (*OAuth2CallbackError) Is added in v1.0.0 

func (err *OAuth2CallbackError) Is(target error) bool

type Server 

type Server struct {
	Jaws *jaws.Jaws
	//gosec:disable G117
	SessionKey      string                  // default is "oauth2userinfo", value will be of type map[string]any // #nosec G117
	SessionTokenKey string                  // default is "oauth2token", value will be of type oauth2.TokenSource
	SessionEmailKey string                  // default is "email", value will be of type string
	HandledPaths    map[string]struct{}     // URI paths we have registered handlers for
	LoginEvent      EventFunc               // if not nil, called after a successful login
	LogoutEvent     EventFunc               // if not nil, called before logout
	LoginFailed     FailedFunc              // if not nil, called on failed login
	Options         []oauth2.AuthCodeOption // options to use, see https://pkg.go.dev/golang.org/x/oauth2#AuthCodeOption
	PKCE            bool                    // if true, use RFC 7636 PKCE with S256 challenge/verifier
	// contains filtered or unexported fields
}

func New 

func New(jw *jaws.Jaws, cfg *Config, handleFn HandleFunc) (srv *Server, err error)

func NewDebug added in v0.2.0 

func NewDebug(jw *jaws.Jaws, cfg *Config, handleFn HandleFunc, overrideUrl string) (srv *Server, err error)

func (*Server) GetAdmins added in v0.6.0 

func (srv *Server) GetAdmins() (emails []string)

GetAdmins returns a sorted list of the administrator emails. If empty, everyone is considered an administrator.

func (*Server) HandleAuthResponse 

func (srv *Server) HandleAuthResponse(hw http.ResponseWriter, hr *http.Request)

func (*Server) HandleLogin 

func (srv *Server) HandleLogin(hw http.ResponseWriter, hr *http.Request)

func (*Server) HandleLogout 

func (srv *Server) HandleLogout(hw http.ResponseWriter, hr *http.Request)

func (*Server) Handler 

func (srv *Server) Handler(name string, dot any) http.Handler

Handler returns a http.Handler using a jaws.Template that requires an authenticated user. Sets the jaws Session value srv.SessionKey to what UserInfoURL returned.

func (*Server) HandlerAdmin added in v0.6.0 

func (srv *Server) HandlerAdmin(name string, dot any) http.Handler

HandlerAdmin returns a http.Handler using a jaws.Template that requires an authenticated user having an email set using SetAdmins() before invoking h. Sets the jaws Session value srv.SessionKey to what UserInfoURL returned.

func (*Server) IsAdmin added in v0.6.0 

func (srv *Server) IsAdmin(email string) (yes bool)

IsAdmin returns true if email belongs to an admin or if the list of admins is empty or the server is not valod.

func (*Server) Set403Handler added in v0.6.0 

func (srv *Server) Set403Handler(h http.Handler)

func (*Server) SetAdmins added in v0.6.0 

func (srv *Server) SetAdmins(emails []string)

SetAdmins sets the emails of administrators. If empty, everyone is considered an administrator.

func (*Server) Valid added in v0.2.0 

func (srv *Server) Valid() bool

Valid returns true if OAuth2 is configured.

func (*Server) Wrap 

func (srv *Server) Wrap(h http.Handler) (rh http.Handler)

Wrap returns a http.Handler that requires an authenticated user before invoking h. Sets the jaws Session value srv.SessionKey to what UserInfoURL returned. If the Server is not Valid, returns h.

func (*Server) WrapAdmin added in v0.6.0 

func (srv *Server) WrapAdmin(h http.Handler) (rh http.Handler)

WrapAdmin returns a http.Handler that requires an authenticated user having an email set using SetAdmins() before invoking h. Sets the jaws Session value srv.SessionKey to what UserInfoURL returned. If the Server is not Valid, returns h.

Source Files

View all Source files

Directories

Path Synopsis
cmd
demo command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.