Documentation
¶
Overview ¶
Package oneauth provides a unified authentication framework for Go applications.
OneAuth is organized into subpackages:
- core/ — Foundation types: User, Identity, Channel, store interfaces, tokens, credentials, scopes
- keys/ — Key storage, KID tracking, JWKS serving/fetching, encrypted key storage
- admin/ — Admin auth, app registration API, resource token minting
- apiauth/ — API token auth (JWT + API keys), validation middleware
- localauth/ — Local username/password auth: signup, login, email verify, password reset
- httpauth/ — HTTP middleware, CSRF protection, session-based auth mux
- stores/ — Storage backends: fs/, gorm/, gae/
- utils/ — Crypto helpers (PEM, JWK, key generation)
- client/ — Client SDK
- oauth2/ — OAuth2 provider implementations
- grpc/ — gRPC auth interceptors
See each subpackage's SUMMARY.md for details.
Directories
¶
| Path | Synopsis |
|---|---|
|
Package accounts owns the federated end-user account model — the data shape shared by both username/password (localauth) and provider-mediated (federatedauth) authentication flows.
|
Package accounts owns the federated end-user account model — the data shape shared by both username/password (localauth) and provider-mediated (federatedauth) authentication flows. |
|
Package appstoretest provides a shared contract test suite for all AppRegistrationStore implementations.
|
Package appstoretest provides a shared contract test suite for all AppRegistrationStore implementations. |
|
Package authcodetest provides a shared contract test suite for all core.AuthorizationCodeStore implementations (RFC 6749 §4.1).
|
Package authcodetest provides a shared contract test suite for all core.AuthorizationCodeStore implementations (RFC 6749 §4.1). |
|
cmd
|
|
|
oneauth
module
|
|
|
Package deviceauthtest provides a shared contract test suite for all core.DeviceAuthorizationStore implementations (RFC 8628).
|
Package deviceauthtest provides a shared contract test suite for all core.DeviceAuthorizationStore implementations (RFC 8628). |
|
examples
|
|
|
01-client-credentials
command
Example 01: OAuth 2.0 Client Credentials Flow.
|
Example 01: OAuth 2.0 Client Credentials Flow. |
|
02-resource-token-hs256
command
Example 02: Resource Token with HS256 (Federated Auth).
|
Example 02: Resource Token with HS256 (Federated Auth). |
|
03-resource-token-rs256-jwks
command
Example 03: Resource Token with RS256 + JWKS Discovery.
|
Example 03: Resource Token with RS256 + JWKS Discovery. |
|
04-discovery
command
Example 04: AS Metadata Discovery (RFC 8414).
|
Example 04: AS Metadata Discovery (RFC 8414). |
|
05-introspection
command
Example 05: Token Introspection (RFC 7662).
|
Example 05: Token Introspection (RFC 7662). |
|
06-dynamic-client-registration
command
Example 06: Dynamic Client Registration (RFC 7591).
|
Example 06: Dynamic Client Registration (RFC 7591). |
|
07-client-sdk
command
Example 07: Client SDK — Production Patterns.
|
Example 07: Client SDK — Production Patterns. |
|
08-rich-authorization-requests
command
Example 08: Rich Authorization Requests (RFC 9396).
|
Example 08: Rich Authorization Requests (RFC 9396). |
|
09-key-rotation
command
Example 09: Key Rotation with Grace Periods.
|
Example 09: Key Rotation with Grace Periods. |
|
10-security
command
Example 10: Security — Attack Prevention.
|
Example 10: Security — Attack Prevention. |
|
common
Package common holds helpers shared across oneauth examples — the seam where "every example needs this now" updates land in one place instead of N copy-paste edits.
|
Package common holds helpers shared across oneauth examples — the seam where "every example needs this now" updates land in one place instead of N copy-paste edits. |
|
refs
Package refs provides pre-defined reference constants for OneAuth examples.
|
Package refs provides pre-defined reference constants for OneAuth examples. |
|
Package federatedauth owns provider-mediated authentication orchestration — OAuth and SAML callback handlers plus account-linking helpers — that build on the account model in accounts/ and the session/middleware machinery in httpauth/.
|
Package federatedauth owns provider-mediated authentication orchestration — OAuth and SAML callback handlers plus account-linking helpers — that build on the account model in accounts/ and the session/middleware machinery in httpauth/. |
|
grpc
module
|
|
|
Package keystoretest provides shared test suites for all KeyStore implementations.
|
Package keystoretest provides shared test suites for all KeyStore implementations. |
|
oauth2
module
|
|
|
saml
module
|
|
|
stores
|
|
|
gae
module
|
|
|
gorm
module
|
|
|
Package tracing wires oneauth's HTTP-handling code into OpenTelemetry trace context propagation (W3C Trace Context, https://www.w3.org/TR/trace-context/).
|
Package tracing wires oneauth's HTTP-handling code into OpenTelemetry trace context propagation (W3C Trace Context, https://www.w3.org/TR/trace-context/). |
Click to show internal directories.
Click to hide internal directories.