Documentation
¶
Overview ¶
Package handlers provides HTTP handlers for the OAuth 2.0 authorization server endpoints.
This package implements the HTTP layer for the authorization server, including:
- OIDC Discovery endpoint (/.well-known/openid-configuration)
- JWKS endpoint (/.well-known/jwks.json)
- OAuth endpoints (authorize, token, callback, register) - to be implemented
The Handler struct coordinates all handlers and provides route registration methods for integrating with standard Go HTTP servers.
Index ¶
- Constants
- type Handler
- func (h *Handler) JWKSHandler(w http.ResponseWriter, _ *http.Request)
- func (h *Handler) OAuthDiscoveryHandler(w http.ResponseWriter, _ *http.Request)
- func (*Handler) OAuthRoutes(_ chi.Router)
- func (h *Handler) OIDCDiscoveryHandler(w http.ResponseWriter, _ *http.Request)
- func (h *Handler) Routes() http.Handler
- func (h *Handler) WellKnownRoutes(r chi.Router)
Constants ¶
const ( // DefaultJWKSCacheMaxAge is the Cache-Control max-age for the JWKS endpoint (1 hour). // This balances caching efficiency with timely key rotation propagation. DefaultJWKSCacheMaxAge = 3600 // DefaultDiscoveryCacheMaxAge is the Cache-Control max-age for the discovery endpoint (1 hour). // Aligned with Google's OIDC discovery cache policy. DefaultDiscoveryCacheMaxAge = 3600 )
Cache-Control max-age values for discovery endpoints. These are not exposed to users but extracted as constants for documentation and maintainability.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
Handler provides HTTP handlers for the OAuth authorization server endpoints.
func NewHandler ¶
func NewHandler( provider fosite.OAuth2Provider, config *server.AuthorizationServerConfig, stor storage.Storage, upstreamIDP upstream.OAuth2Provider, ) *Handler
NewHandler creates a new Handler with the given dependencies. The upstream IDP provider is required for the auth server to function.
func (*Handler) JWKSHandler ¶
func (h *Handler) JWKSHandler(w http.ResponseWriter, _ *http.Request)
JWKSHandler handles GET /.well-known/jwks.json requests. It returns the public keys used for verifying JWTs.
func (*Handler) OAuthDiscoveryHandler ¶
func (h *Handler) OAuthDiscoveryHandler(w http.ResponseWriter, _ *http.Request)
OAuthDiscoveryHandler handles GET /.well-known/oauth-authorization-server requests. It returns the OAuth 2.0 Authorization Server Metadata per RFC 8414. This endpoint is useful for non-OIDC OAuth clients.
func (*Handler) OAuthRoutes ¶
OAuthRoutes registers OAuth endpoints (authorize, callback, token, register) on the provided router.
func (*Handler) OIDCDiscoveryHandler ¶
func (h *Handler) OIDCDiscoveryHandler(w http.ResponseWriter, _ *http.Request)
OIDCDiscoveryHandler handles GET /.well-known/openid-configuration requests. It returns the OIDC discovery document describing the authorization server capabilities. This extends the OAuth 2.0 AS Metadata (RFC 8414) with OIDC-specific fields.
func (*Handler) WellKnownRoutes ¶
WellKnownRoutes registers well-known endpoints (JWKS, OAuth/OIDC discovery) on the provided router. Both discovery endpoints are registered per the MCP specification requirement to provide at least one discovery mechanism, with both supported for maximum interoperability: - /.well-known/oauth-authorization-server (RFC 8414) for OAuth-only clients - /.well-known/openid-configuration (OIDC Discovery 1.0) for OIDC clients
Source Files