auth

package
v0.1.6-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 13, 2025 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KeyFileTypeServiceAccount = "sn_service_account"
	FILE                      = "file://"
	DATA                      = "data://"
)
View Source 
const (
	ClaimNameUserName = "https://streamnative.io/username"
)

Variables

This section is empty.

Functions

func DumpToken 

func DumpToken(out io.Writer, token oauth2.Token)

func ExtractUserName 

func ExtractUserName(token oauth2.Token) (string, error)

ExtractUserName extracts the username claim from an authorization grant

Types

type AuthorizationCodeExchangeRequest 

type AuthorizationCodeExchangeRequest struct {
	ClientID     string
	CodeVerifier string
	Code         string
	RedirectURI  string
}

AuthorizationCodeExchangeRequest is used to request the exchange of an authorization code for a token

type AuthorizationGrant 

type AuthorizationGrant struct {
	// Type describes the type of authorization grant represented by this structure
	Type AuthorizationGrantType `json:"type"`

	// ClientCredentials is credentials data for the client credentials grant type
	ClientCredentials *KeyFile `json:"client_credentials,omitempty"`

	// Token contains an access token in the client credentials grant type,
	// and a refresh token in the device authorization grant type
	Token *oauth2.Token `json:"token,omitempty"`
}

AuthorizationGrant is a credential representing the resource owner's authorization to access its protected resources, and is used by the client to obtain an access token

type AuthorizationGrantRefresher 

type AuthorizationGrantRefresher interface {
	// Refresh refreshes an authorization grant to contain a fresh access token
	Refresh(grant *AuthorizationGrant) (*AuthorizationGrant, error)
}

AuthorizationGrantRefresher refreshes OAuth 2.0 authorization grant

type AuthorizationGrantType 

type AuthorizationGrantType string
const (
	// GrantTypeClientCredentials represents a client credentials grant
	GrantTypeClientCredentials AuthorizationGrantType = "client_credentials"
)

type AuthorizationTokenResponse 

type AuthorizationTokenResponse struct {
	AccessToken  string `json:"access_token"`
	ExpiresIn    int    `json:"expires_in"`
	IDToken      string `json:"id_token"`
	RefreshToken string `json:"refresh_token"`
	TokenType    string `json:"token_type"`
}

AuthorizationTokenResponse is the HTTP response when asking for a new token. Note that not all fields will contain data based on what kind of request was sent

type ClientCredentialsExchangeRequest 

type ClientCredentialsExchangeRequest struct {
	ClientID     string
	ClientSecret string
	Audience     string
}

ClientCredentialsExchangeRequest is used to request the exchange of client credentials for a token

type ClientCredentialsExchanger 

type ClientCredentialsExchanger interface {
	ExchangeClientCredentials(req ClientCredentialsExchangeRequest) (*TokenResult, error)
}

ClientCredentialsExchanger abstracts exchanging client credentials for tokens

type ClientCredentialsFlow 

type ClientCredentialsFlow struct {
	// contains filtered or unexported fields
}

ClientCredentialsFlow takes care of the mechanics needed for getting an access token using the OAuth 2.0 "Client Credentials Flow"

func NewClientCredentialsFlow 

func NewClientCredentialsFlow(
	issuerData Issuer,
	provider ClientCredentialsProvider,
	exchanger ClientCredentialsExchanger,
	clock clock.Clock) *ClientCredentialsFlow

func NewDefaultClientCredentialsFlow 

func NewDefaultClientCredentialsFlow(issuerData Issuer, keyFile string) (*ClientCredentialsFlow, error)

NewDefaultClientCredentialsFlow provides an easy way to build up a default client credentials flow with all the correct configuration.

func NewDefaultClientCredentialsFlowWithKeyFileStruct 

func NewDefaultClientCredentialsFlowWithKeyFileStruct(issuerData Issuer, keyFile *KeyFile) (*ClientCredentialsFlow, error)

NewDefaultClientCredentialsFlowWithKeyFileStruct provides an easy way to build up a default client credentials flow with all the correct configuration.

func (*ClientCredentialsFlow) Authorize 

func (c *ClientCredentialsFlow) Authorize() (*AuthorizationGrant, error)

type ClientCredentialsGrantRefresher 

type ClientCredentialsGrantRefresher struct {
	// contains filtered or unexported fields
}

func NewDefaultClientCredentialsGrantRefresher 

func NewDefaultClientCredentialsGrantRefresher(issuerData Issuer,
	clock clock.Clock) (*ClientCredentialsGrantRefresher, error)

func (*ClientCredentialsGrantRefresher) Refresh 

func (g *ClientCredentialsGrantRefresher) Refresh(grant *AuthorizationGrant) (*AuthorizationGrant, error)

type ClientCredentialsProvider 

type ClientCredentialsProvider interface {
	GetClientCredentials() (*KeyFile, error)
}

ClientCredentialsProvider abstracts getting client credentials

type ConfigBackedCachingProvider 

type ConfigBackedCachingProvider struct {
	// contains filtered or unexported fields
}

ConfigBackedCachingProvider wraps a configProvider in order to conform to the cachingProvider interface

func NewConfigBackedCachingProvider 

func NewConfigBackedCachingProvider(clientID, audience string, config configProvider) *ConfigBackedCachingProvider

NewConfigBackedCachingProvider builds and returns a CachingTokenProvider that utilizes a configProvider to cache tokens

func (*ConfigBackedCachingProvider) CacheTokens 

func (c *ConfigBackedCachingProvider) CacheTokens(toCache *TokenResult) error

CacheTokens caches the id and refresh token from TokenResult in the configProvider

func (*ConfigBackedCachingProvider) GetTokens 

func (c *ConfigBackedCachingProvider) GetTokens() (*TokenResult, error)

GetTokens gets the tokens from the cache and returns them as a TokenResult

type DeviceCodeExchangeRequest 

type DeviceCodeExchangeRequest struct {
	ClientID     string
	DeviceCode   string
	PollInterval time.Duration
}

DeviceCodeExchangeRequest is used to request the exchange of a device code for a token

type Flow 

type Flow interface {
	// Authorize obtains an authorization grant based on an OAuth 2.0 authorization flow.
	// The method returns a grant which may contain an initial access token.
	Authorize() (*AuthorizationGrant, error)
}

Flow abstracts an OAuth 2.0 authentication and authorization flow

type HTTPAuthTransport 

type HTTPAuthTransport interface {
	Do(request *http.Request) (*http.Response, error)
}

HTTPAuthTransport abstracts how an HTTP exchange request is sent and received

type Issuer 

type Issuer struct {
	IssuerEndpoint string
	ClientID       string
	Audience       string
}

Issuer holds information about the issuer of tokens

type KeyFile 

type KeyFile struct {
	Type         string `json:"type"`
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret"`
	ClientEmail  string `json:"client_email"`
}

type KeyFileProvider 

type KeyFileProvider struct {
	KeyFile string
}

func NewClientCredentialsProviderFromKeyFile 

func NewClientCredentialsProviderFromKeyFile(keyFile string) *KeyFileProvider

func (*KeyFileProvider) GetClientCredentials 

func (k *KeyFileProvider) GetClientCredentials() (*KeyFile, error)

type KeyFileStructProvider 

type KeyFileStructProvider struct {
	KeyFile *KeyFile
}

func NewClientCredentialsProviderFromKeyFileStruct 

func NewClientCredentialsProviderFromKeyFileStruct(keyFile *KeyFile) *KeyFileStructProvider

func (*KeyFileStructProvider) GetClientCredentials 

func (k *KeyFileStructProvider) GetClientCredentials() (*KeyFile, error)

type OIDCWellKnownEndpoints 

type OIDCWellKnownEndpoints struct {
	AuthorizationEndpoint       string `json:"authorization_endpoint"`
	TokenEndpoint               string `json:"token_endpoint"`
	DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
}

OIDCWellKnownEndpoints holds the well known OIDC endpoints

func GetOIDCWellKnownEndpointsFromIssuerURL 

func GetOIDCWellKnownEndpointsFromIssuerURL(issuerURL string) (*OIDCWellKnownEndpoints, error)

GetOIDCWellKnownEndpointsFromIssuerURL gets the well known endpoints for the passed in issuer url

type RefreshTokenExchangeRequest 

type RefreshTokenExchangeRequest struct {
	ClientID     string
	RefreshToken string
}

RefreshTokenExchangeRequest is used to request the exchange of a refresh token for a refreshed token

type TokenError 

type TokenError struct {
	ErrorCode        string
	ErrorDescription string
}

func (*TokenError) Error 

func (e *TokenError) Error() string

type TokenErrorResponse 

type TokenErrorResponse struct {
	Error            string `json:"error"`
	ErrorDescription string `json:"error_description"`
}

TokenErrorResponse is used to parse error responses from the token endpoint

type TokenResult 

type TokenResult struct {
	AccessToken  string `json:"access_token"`
	IDToken      string `json:"id_token"`
	RefreshToken string `json:"refresh_token"`
	ExpiresIn    int    `json:"expires_in"`
}

TokenResult holds token information

type TokenRetriever 

type TokenRetriever struct {
	// contains filtered or unexported fields
}

TokenRetriever implements AuthTokenExchanger in order to facilitate getting Tokens

func NewTokenRetriever 

func NewTokenRetriever(
	oidcWellKnownEndpoints OIDCWellKnownEndpoints,
	authTransport HTTPAuthTransport) *TokenRetriever

NewTokenRetriever allows a TokenRetriever the internal of a new TokenRetriever to be easily set up

func (*TokenRetriever) ExchangeClientCredentials 

func (ce *TokenRetriever) ExchangeClientCredentials(req ClientCredentialsExchangeRequest) (*TokenResult, error)

ExchangeClientCredentials uses the ClientCredentialsExchangeRequest to exchange client credentials for tokens

func (*TokenRetriever) ExchangeCode 

func (ce *TokenRetriever) ExchangeCode(req AuthorizationCodeExchangeRequest) (*TokenResult, error)

ExchangeCode uses the AuthCodeExchangeRequest to exchange an authorization code for tokens

func (*TokenRetriever) ExchangeDeviceCode 

func (ce *TokenRetriever) ExchangeDeviceCode(ctx context.Context, req DeviceCodeExchangeRequest) (*TokenResult, error)

ExchangeDeviceCode uses the DeviceCodeExchangeRequest to exchange a device code for tokens

func (*TokenRetriever) ExchangeRefreshToken 

func (ce *TokenRetriever) ExchangeRefreshToken(req RefreshTokenExchangeRequest) (*TokenResult, error)

ExchangeRefreshToken uses the RefreshTokenExchangeRequest to exchange a refresh token for refreshed tokens

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.