Documentation
¶
Index ¶
- type Handler
- func (c *Handler) CanHandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) bool
- func (c *Handler) CanSkipClientAuth(ctx context.Context, requester fosite.AccessRequester) bool
- func (c *Handler) CheckRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
- func (c *Handler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, ...) error
- type RFC7523KeyStorage
- type Session
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct {
Storage RFC7523KeyStorage
Config interface {
fosite.AccessTokenLifespanProvider
fosite.TokenURLProvider
fosite.GrantTypeJWTBearerCanSkipClientAuthProvider
fosite.GrantTypeJWTBearerIDOptionalProvider
fosite.GrantTypeJWTBearerIssuedDateOptionalProvider
fosite.GetJWTMaxDurationProvider
fosite.AudienceStrategyProvider
fosite.ScopeStrategyProvider
}
*oauth2.HandleHelper
}
func (*Handler) CanHandleTokenEndpointRequest ¶
func (*Handler) CanSkipClientAuth ¶
func (*Handler) CheckRequest ¶
func (*Handler) HandleTokenEndpointRequest ¶
func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything) and https://tools.ietf.org/html/rfc7523#section-2.1 (everything)
func (*Handler) PopulateTokenEndpointResponse ¶
func (c *Handler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error
type RFC7523KeyStorage ¶
type RFC7523KeyStorage interface {
// GetPublicKey returns public key, issued by 'issuer', and assigned for subject. Public key is used to check
// signature of jwt assertion in authorization grants.
GetPublicKey(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error)
// GetPublicKeys returns public key, set issued by 'issuer', and assigned for subject.
GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)
// GetPublicKeyScopes returns assigned scope for assertion, identified by public key, issued by 'issuer'.
GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) ([]string, error)
// IsJWTUsed returns true, if JWT is not known yet or it can not be considered valid, because it must be already
// expired.
IsJWTUsed(ctx context.Context, jti string) (bool, error)
// MarkJWTUsedForTime marks JWT as used for a time passed in exp parameter. This helps ensure that JWTs are not
// replayed by maintaining the set of used "jti" values for the length of time for which the JWT would be
// considered valid based on the applicable "exp" instant. (https://tools.ietf.org/html/rfc7523#section-3)
MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error
}
RFC7523KeyStorage holds information needed to validate jwt assertion in authorization grants.
Source Files
Click to show internal directories.
Click to hide internal directories.