device

package module

v0.0.5 Latest Latest Go to latest Published: Oct 7, 2023 License: MIT Imports: 16 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/rockset/device-authorization

Links

Open Source Insights

README ¶

OAuth2 Device Authorization Flow go module

This go module is a helper to implement OAuth2 Device authentication in command line interfaces (or any other input constrained device).

This is the authorization flow the AWS cli uses for SSO.

device flow sequence diagram

Providers

The module has two providers, Auth0 and Okta, and a third which is yet to be implemented.

Auth0

This provider is fully functional. Setup instructions.

Okta

This provider is fully functional. Setup instructions.

Google

To be implemented. Setup instructions.

Documentation ¶

Index ¶

Constants
Variables
type Auth0
- func (a Auth0) Config(org, clientID string) *Config
type AuthorizationResponse
type Authorizer
- func NewAuthorizer(config *Config) *Authorizer
- func (a *Authorizer) Refresh(ctx context.Context) error
- func (a *Authorizer) RequestCode(ctx context.Context) (Code, error)
- func (a *Authorizer) Revoke(ctx context.Context) error
- func (a *Authorizer) WaitForAuthorization(ctx context.Context, code Code) (AuthorizationResponse, error)
type Code
type Config
type Error
type Key
type OfflineValidator
- func (v *OfflineValidator) Initialize(ctx context.Context) error
- func (v *OfflineValidator) Validate(_ context.Context, tokenString string) error
type Okta
- func (o Okta) Config(org, clientID string) *Config
type OktaIntrospectionResponse
- func (i OktaIntrospectionResponse) Valid(cfg *Config) error
type OktaOnlineValidator
- func NewOktaOnlineValidator(cfg *Config) *OktaOnlineValidator
- func (o *OktaOnlineValidator) Initialize(_ context.Context) error
- func (o *OktaOnlineValidator) Introspect(ctx context.Context, tokenString string) (OktaIntrospectionResponse, error)
- func (o *OktaOnlineValidator) Validate(ctx context.Context, tokenString string) error
type OnlineValidator
type Provider
- func NewProvider(name string) Provider
type Validator
- func NewOfflineValidator(cfg *Config) Validator

Constants ¶

View Source

const GrantType = "urn:ietf:params:oauth:grant-type:device_code"

Variables ¶

View Source

var (
	// ErrAccessDenied is returned when the user denies the app access to their account.
	ErrAccessDenied   = errors.New("access denied by user")
	ErrAuthPending    = errors.New("authorization pending")
	ErrNotImplemented = errors.New("not implemented")
)

View Source

var DefaultScopes = []string{"openid", "profile", "offline_access"}

Functions ¶

This section is empty.

Types ¶

type Auth0 ¶ added in v0.0.2

type Auth0 struct{}

func (Auth0) Config ¶ added in v0.0.2

func (a Auth0) Config(org, clientID string) *Config

type AuthorizationResponse ¶ added in v0.0.5

type AuthorizationResponse struct {
	AccessToken      string `json:"access_token"`
	IDToken          string `json:"id_token"`
	Scope            string `json:"scope"`
	TokenType        string `json:"token_type"`
	ExpiresIn        int    `json:"expires_in"`
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
}

type Authorizer ¶

type Authorizer struct {
	*Config
	// contains filtered or unexported fields
}

func NewAuthorizer ¶

func NewAuthorizer(config *Config) *Authorizer

func (*Authorizer) Refresh ¶

func (a *Authorizer) Refresh(ctx context.Context) error

func (*Authorizer) RequestCode ¶

func (a *Authorizer) RequestCode(ctx context.Context) (Code, error)

func (*Authorizer) Revoke ¶

func (a *Authorizer) Revoke(ctx context.Context) error

func (*Authorizer) WaitForAuthorization ¶

func (a *Authorizer) WaitForAuthorization(ctx context.Context, code Code) (AuthorizationResponse, error)

type Code ¶

type Code struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete"`
	ExpiresIn               int64  `json:"expires_in"`
	Interval                int64  `json:"interval"`
}

type Config ¶

type Config struct {
	OAuth2Config oauth2.Config
	Audience     string
	Issuer       string
	KeyURI       string
	// contains filtered or unexported fields
}

type Error ¶

type Error struct {
	ErrorCode    string   `json:"ErrorCode"`
	ErrorSummary string   `json:"errorSummary"`
	ErrorCauses  []string `json:"errorCauses"`
}

type Key ¶ added in v0.0.2

type Key struct {
	Alg string   `json:"alg"`
	Kty string   `json:"kty"`
	Use string   `json:"use"`
	N   string   `json:"n"`
	E   string   `json:"e"`
	Kid string   `json:"kid"`
	X5T string   `json:"x5t"`
	X5C []string `json:"x5c"`
}

type OfflineValidator ¶ added in v0.0.4

type OfflineValidator struct {
	*Config
	Keys map[string]*rsa.PublicKey
}

func (*OfflineValidator) Initialize ¶ added in v0.0.4

func (v *OfflineValidator) Initialize(ctx context.Context) error

Initialize loads public keys from the provider

func (*OfflineValidator) Validate ¶ added in v0.0.4

func (v *OfflineValidator) Validate(_ context.Context, tokenString string) error

Validate validates a token against public keys which must be loaded prior.

type Okta ¶ added in v0.0.2

type Okta struct{}

func (Okta) Config ¶ added in v0.0.2

func (o Okta) Config(org, clientID string) *Config

type OktaIntrospectionResponse ¶ added in v0.0.4

type OktaIntrospectionResponse struct {
	Active    bool   `json:"active"`
	Scope     string `json:"scope"`
	Username  string `json:"username"`
	Exp       int64  `json:"exp"`
	Nbf       int64  `json:"nbf"`
	Iat       int64  `json:"iat"`
	Sub       string `json:"sub"`
	Aud       string `json:"aud"`
	Iss       string `json:"iss"`
	Jti       string `json:"jti"`
	TokenType string `json:"token_type"`
	ClientId  string `json:"client_id"`
	DeviceId  string `json:"device_id"`
	Uid       string `json:"uid"`
}

func (OktaIntrospectionResponse) Valid ¶ added in v0.0.4

func (i OktaIntrospectionResponse) Valid(cfg *Config) error

type OktaOnlineValidator ¶ added in v0.0.4

type OktaOnlineValidator struct {
	*Config
	// contains filtered or unexported fields
}

func NewOktaOnlineValidator ¶ added in v0.0.4

func NewOktaOnlineValidator(cfg *Config) *OktaOnlineValidator

func (*OktaOnlineValidator) Initialize ¶ added in v0.0.4

func (o *OktaOnlineValidator) Initialize(_ context.Context) error

func (*OktaOnlineValidator) Introspect ¶ added in v0.0.4

func (o *OktaOnlineValidator) Introspect(ctx context.Context, tokenString string) (OktaIntrospectionResponse, error)

Introspect calls the Okta OAuth2 API to validate the token, see https://developer.okta.com/docs/reference/api/oidc/#introspect

func (*OktaOnlineValidator) Validate ¶ added in v0.0.4

func (o *OktaOnlineValidator) Validate(ctx context.Context, tokenString string) error

type OnlineValidator ¶ added in v0.0.4

type OnlineValidator struct {
	*Config
}

type Provider ¶ added in v0.0.2

type Provider interface {
	Config(org, clientID string) *Config
}

func NewProvider ¶ added in v0.0.2

func NewProvider(name string) Provider

type Validator ¶ added in v0.0.2

type Validator interface {
	Validate(ctx context.Context, tokenString string) error
	Initialize(ctx context.Context) error
}

func NewOfflineValidator ¶ added in v0.0.4

func NewOfflineValidator(cfg *Config) Validator

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
example

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL