Documentation
¶
Index ¶
- Constants
- Variables
- func BlockAccount(ctx context.Context, realm, clientID string) error
- func ConfirmLoginChallenge(ctx context.Context, token string) (*account.Account, int, error)
- func CreateAuthorization(ctx context.Context, auth *Authorization) error
- func CreateSimpleToken() string
- func GetBearerToken(r *http.Request) (string, error)
- func GetClientID(ctx context.Context, r *http.Request) (string, error)
- func LogoutAccount(ctx context.Context, realm, clientID string) (int, error)
- func UpdateAuthorization(ctx context.Context, auth *Authorization) error
- type Authorization
- func CheckAuthorization(ctx context.Context, c echo.Context, scope string) (*Authorization, error)
- func ExchangeToken(ctx context.Context, req *AuthorizationRequest, expires int, loginFrom string) (*Authorization, int, error)
- func FindAuthorizationByToken(ctx context.Context, token string) (*Authorization, error)
- func LookupAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
- func NewAuthorization(account *account.Account, req *AuthorizationRequest, expires int) *Authorization
- type AuthorizationProvider
- type AuthorizationRequest
Constants ¶
View Source
const ( // AuthTypeSimpleToken constant token AuthTypeSimpleToken = "token" // AuthTypeJWT constant jwt AuthTypeJWT = "jwt" // AuthTypeSlack constant slack AuthTypeSlack = "slack" // other defaults DefaultTokenType = "user" // other possibilities: app, bot, ... // default scopes DefaultScope = "api:read,api:write" ScopeAPIAdmin = "api:admin" // DefaultAuthenticationExpiration in minutes. Used when sending an account challenge or the temporary token. DefaultAuthenticationExpiration = 10 // DefaultAuthorizationExpiration in days DefaultAuthorizationExpiration = 90 // DefaultEndpoint is used to build the urls in the notifications DefaultEndpoint = "http://localhost" // error messages MsgAuthenticationNotFound = "account '%s' not found" )
Variables ¶
View Source
var ( // ErrNotAuthorized indicates that the API caller is not authorized ErrNotAuthorized = errors.New("not authorized") // ErrNoToken indicates that no bearer token was provided ErrNoToken = errors.New("no token provided") // ErrNoScope indicates that no scope was provided ErrNoScope = errors.New("no scope provided") // ErrInvalidRoute indicates that the route and/or its parameters are not valid ErrInvalidRoute = errors.New("invalid route") )
Functions ¶
func ConfirmLoginChallenge ¶
ConfirmLoginChallenge confirms the account
func CreateAuthorization ¶
func CreateAuthorization(ctx context.Context, auth *Authorization) error
CreateAuthorization creates all data needed for the auth fu
func CreateSimpleToken ¶
func CreateSimpleToken() string
func GetBearerToken ¶
GetBearerToken extracts the bearer token
func GetClientID ¶
GetClientID extracts the ClientID from the token
func UpdateAuthorization ¶
func UpdateAuthorization(ctx context.Context, auth *Authorization) error
UpdateAuthorization updates all data needed for the auth fu
Types ¶
type Authorization ¶
type Authorization struct {
ClientID string `json:"client_id" binding:"required"` // UNIQUE
Realm string `json:"realm"`
Token string `json:"token" binding:"required"`
TokenType string `json:"token_type" binding:"required"` // user,app,bot
UserID string `json:"user_id"` // depends on TokenType. UserID could equal ClientID or BotUSerID in Slack
Scope string `json:"scope"` // a comma separated list of scopes, see below
Expires int64 `json:"expires"` // 0 = never
// internal
Revoked bool `json:"-"`
Created int64 `json:"-"`
Updated int64 `json:"-"`
}
Authorization represents a user, app or bot and its permissions
func CheckAuthorization ¶
CheckAuthorization relies on the presence of a bearer token and validates the matching authorization against a list of requested scopes. If everything checks out, the function returns the authorization or an error otherwise.
func ExchangeToken ¶ added in v2.4.0
func ExchangeToken(ctx context.Context, req *AuthorizationRequest, expires int, loginFrom string) (*Authorization, int, error)
ExchangeToken confirms the temporary auth token and creates the permanent one
func FindAuthorizationByToken ¶
func FindAuthorizationByToken(ctx context.Context, token string) (*Authorization, error)
FindAuthorizationByToken looks for an authorization by the token
func LookupAuthorization ¶
func LookupAuthorization(ctx context.Context, realm, clientID string) (*Authorization, error)
LookupAuthorization looks for an authorization
func NewAuthorization ¶ added in v2.4.0
func NewAuthorization(account *account.Account, req *AuthorizationRequest, expires int) *Authorization
func (*Authorization) HasAdminScope ¶
func (a *Authorization) HasAdminScope() bool
HasAdminScope checks if the authorization includes scope 'api:admin'
func (*Authorization) IsValid ¶
func (a *Authorization) IsValid() bool
IsValid verifies that the Authorization is still valid, i.e. is not expired and not revoked.
type AuthorizationProvider ¶
type AuthorizationProvider interface {
// Send an account challenge to confirm the account
AccountChallengeNotification(context.Context, *account.Account) error
// Send the new token
ProvideAuthorizationToken(context.Context, *account.Account) error
// Scope returns the default scope
Scope() string
// Endpoint returns the default endpoint url
Endpoint() string
// AuthenticationExpiration in minutes
AuthenticationExpiration() int
// AuthorizationExpiration in days
AuthorizationExpiration() int
}
type AuthorizationRequest ¶
type AuthorizationRequest struct {
Realm string `json:"realm" binding:"required"`
UserID string `json:"user_id" binding:"required"`
ClientID string `json:"client_id"`
Token string `json:"token"`
Scope string `json:"scope"`
}
AuthorizationRequest represents a login/authorization request from a user, app, or bot
Source Files
Click to show internal directories.
Click to hide internal directories.