Versions in this module Expand all Collapse all v0 v0.0.14 Jan 4, 2026 v0.0.13 Jan 3, 2026 v0.0.12 Jan 3, 2026 v0.0.11 Jan 3, 2026 v0.0.10 Jan 3, 2026 v0.0.9 Jan 3, 2026 v0.0.8 Dec 31, 2025 v0.0.7 Dec 29, 2025 v0.0.6 Dec 17, 2025 v0.0.5 Dec 12, 2025 v0.0.4 Dec 8, 2025 v0.0.3 Dec 8, 2025 v0.0.2 Nov 24, 2025 v0.0.1 Nov 20, 2025 Changes in this version + func GetTokenScopes(scope string) []string + func HasScope(tokenScope, requiredScope string) bool + type AccessTokenClaims struct + ClientID string + Scope string + TokenType string + type AdminHandler struct + func NewAdminHandler(clientRepo *repo.OAuthClientRepository, registrationSvc *RegistrationService) *AdminHandler + func (h *AdminHandler) DeleteClient(c forge.Context) error + func (h *AdminHandler) GetClient(c forge.Context) error + func (h *AdminHandler) ListClients(c forge.Context) error + func (h *AdminHandler) RegisterClient(c forge.Context) error + func (h *AdminHandler) UpdateClient(c forge.Context) error + type AuthorizeRequest struct + ACRValues string + ClientID string + CodeChallenge string + CodeChallengeMethod string + IDTokenHint string + LoginHint string + MaxAge *int + Nonce string + Prompt string + RedirectURI string + ResponseType string + Scope string + State string + UILocales string + type ClientAuthResult struct + Authenticated bool + ClientID string + Method string + type ClientAuthenticator struct + func NewClientAuthenticator(clientRepo *repo.OAuthClientRepository) *ClientAuthenticator + func (c *ClientAuthenticator) AuthenticateClient(ctx context.Context, r *http.Request) (*ClientAuthResult, *schema.OAuthClient, error) + func (c *ClientAuthenticator) IsConfidentialClient(client *schema.OAuthClient) bool + func (c *ClientAuthenticator) IsPublicClient(client *schema.OAuthClient) bool + func (c *ClientAuthenticator) ValidateClientForEndpoint(client *schema.OAuthClient, endpoint string) error + type ClientDetailsResponse struct + AllowedScopes []string + ApplicationType string + ClientID string + Contacts []string + CreatedAt string + GrantTypes []string + IsOrgLevel bool + LogoURI string + Name string + OrganizationID string + PolicyURI string + PostLogoutRedirectURIs []string + RedirectURIs []string + RequireConsent bool + RequirePKCE bool + ResponseTypes []string + TokenEndpointAuthMethod string + TosURI string + TrustedClient bool + UpdatedAt string + type ClientRegistrationRequest struct + ApplicationType string + ClientName string + Contacts []string + GrantTypes []string + LogoURI string + PolicyURI string + PostLogoutRedirectURIs []string + RedirectURIs []string + RequireConsent bool + RequirePKCE bool + ResponseTypes []string + Scope string + TokenEndpointAuthMethod string + TosURI string + TrustedClient bool + type ClientRegistrationResponse struct + ApplicationType string + ClientID string + ClientIDIssuedAt int64 + ClientName string + ClientSecret string + ClientSecretExpiresAt int64 + Contacts []string + GrantTypes []string + LogoURI string + PolicyURI string + PostLogoutRedirectURIs []string + RedirectURIs []string + ResponseTypes []string + Scope string + TokenEndpointAuthMethod string + TosURI string + type ClientSummary struct + ApplicationType string + ClientID string + CreatedAt string + IsOrgLevel bool + Name string + type ClientUpdateRequest struct + AllowedScopes []string + Contacts []string + GrantTypes []string + LogoURI string + Name string + PolicyURI string + PostLogoutRedirectURIs []string + RedirectURIs []string + RequireConsent *bool + RequirePKCE *bool + ResponseTypes []string + TokenEndpointAuthMethod string + TosURI string + TrustedClient *bool + type ClientsListResponse struct + Clients []ClientSummary + Page int + PageSize int + Total int + TotalPages int + type Config struct + Issuer string + Keys struct{ ... } + Tokens struct{ ... } + func DefaultConfig() Config + type ConsentDecision struct + Approved bool + Scopes []string + type ConsentManager struct + func NewConsentManager(consentSvc *ConsentService, enterpriseConsent EnterpriseConsentService) *ConsentManager + func (cm *ConsentManager) CheckConsent(ctx context.Context, userID xid.ID, clientID, scope string, ...) (bool, error) + func (cm *ConsentManager) GenerateConsentHTML(clientName, clientLogoURI, scope string, redirectURL string) string + func (cm *ConsentManager) GetConsentPageData(clientName, clientLogoURI, clientDescription, scope string) map[string]interface{} + func (cm *ConsentManager) RecordConsent(ctx context.Context, userID xid.ID, clientID, scope string, granted bool, ...) error + func (cm *ConsentManager) RevokeConsent(ctx context.Context, userID xid.ID, clientID string) error + func (cm *ConsentManager) ValidateConsentRequest(consentDecision string) error + type ConsentRequest struct + Action string + ClientID string + CodeChallenge string + CodeChallengeMethod string + RedirectURI string + ResponseType string + Scope string + State string + type ConsentService struct + func NewConsentService(consentRepo *repo.OAuthConsentRepository, ...) *ConsentService + func (s *ConsentService) CheckConsent(ctx context.Context, userID xid.ID, clientID string, requestedScopes []string, ...) (bool, error) + func (s *ConsentService) FormatScopes(scopes []string) string + func (s *ConsentService) GetScopeDescriptions(scopes []string) []ScopeInfo + func (s *ConsentService) GrantConsent(ctx context.Context, userID xid.ID, clientID string, scopes []string, ...) error + func (s *ConsentService) ListUserConsents(ctx context.Context, userID xid.ID, appID, envID xid.ID, orgID *xid.ID) ([]*schema.OAuthConsent, error) + func (s *ConsentService) ParseScopes(scopeString string) []string + func (s *ConsentService) RequiresConsent(ctx context.Context, clientID string, scopes []string, appID, envID xid.ID, ...) (bool, error) + func (s *ConsentService) RevokeConsent(ctx context.Context, userID xid.ID, clientID string) error + type DiscoveryResponse struct + AuthorizationEndpoint string + ClaimsParameterSupported bool + ClaimsSupported []string + CodeChallengeMethodsSupported []string + GrantTypesSupported []string + IDTokenSigningAlgValuesSupported []string + IntrospectionEndpoint string + IntrospectionEndpointAuthMethodsSupported []string + Issuer string + JwksURI string + RegistrationEndpoint string + RequestParameterSupported bool + RequestURIParameterSupported bool + RequireRequestURIRegistration bool + ResponseModesSupported []string + ResponseTypesSupported []string + RevocationEndpoint string + RevocationEndpointAuthMethodsSupported []string + ScopesSupported []string + SubjectTypesSupported []string + TokenEndpoint string + TokenEndpointAuthMethodsSupported []string + UserInfoEndpoint string + type DiscoveryService struct + func NewDiscoveryService(config Config) *DiscoveryService + func (s *DiscoveryService) GetDiscoveryDocument(ctx context.Context, baseURL string) *DiscoveryResponse + func (s *DiscoveryService) GetIssuer() string + func (s *DiscoveryService) SupportsGrantType(grantType string) bool + func (s *DiscoveryService) SupportsResponseType(responseType string) bool + func (s *DiscoveryService) SupportsScope(scope string) bool + type EnterpriseConsentService interface + CreateConsent func(ctx context.Context, orgID, userID string, req interface{}) (interface{}, error) + GetConsent func(ctx context.Context, id string) (interface{}, error) + RevokeConsent func(ctx context.Context, id string) error + type ErrorResponse = responses.ErrorResponse + type Handler struct + func NewHandler(svc *Service) *Handler + func (h *Handler) Authorize(c forge.Context) error + func (h *Handler) Discovery(c forge.Context) error + func (h *Handler) HandleConsent(c forge.Context) error + func (h *Handler) IntrospectToken(c forge.Context) error + func (h *Handler) JWKS(c forge.Context) error + func (h *Handler) RevokeToken(c forge.Context) error + func (h *Handler) Token(c forge.Context) error + func (h *Handler) UserInfo(c forge.Context) error + type IDTokenClaims struct + AuthTime int64 + Email string + EmailVerified bool + FamilyName string + GivenName string + Name string + Nonce string + PreferredUsername string + SessionState string + type IntrospectionService struct + func NewIntrospectionService(tokenRepo *repo.OAuthTokenRepository, clientRepo *repo.OAuthClientRepository, ...) *IntrospectionService + func (s *IntrospectionService) IntrospectByJTI(ctx context.Context, jti string, requestingClientID string) (*TokenIntrospectionResponse, error) + func (s *IntrospectionService) IntrospectToken(ctx context.Context, req *TokenIntrospectionRequest, requestingClientID string) (*TokenIntrospectionResponse, error) + func (s *IntrospectionService) ValidateIntrospectionRequest(req *TokenIntrospectionRequest) error + type JWK struct + Algorithm string + E string + KeyID string + KeyType string + N string + Use string + type JWKResponse = JWK + type JWKS struct + Keys []JWK + type JWKSResponse struct + Keys []JWK + type JWKSService struct + func NewJWKSService() (*JWKSService, error) + func NewJWKSServiceFromFiles(privateKeyPath, publicKeyPath, rotationInterval, keyLifetime string) (*JWKSService, error) + func (j *JWKSService) GetActiveKeyPair() *KeyPair + func (j *JWKSService) GetCurrentKeyID() string + func (j *JWKSService) GetCurrentPrivateKey() *rsa.PrivateKey + func (j *JWKSService) GetJWKS() (*JWKS, error) + func (j *JWKSService) GetKeyByID(keyID string) (*JWK, error) + func (j *JWKSService) GetPublicKey(keyID string) (*rsa.PublicKey, error) + func (j *JWKSService) RotateKeys() error + func (j *JWKSService) ShouldRotate() bool + type JWTService struct + func NewJWTService(issuer string, jwksService *JWKSService) (*JWTService, error) + func (j *JWTService) GenerateAccessToken(userID, clientID, scope string) (string, error) + func (j *JWTService) GenerateIDToken(userID, clientID, nonce string, authTime time.Time, ...) (string, error) + func (j *JWTService) VerifyToken(tokenString string) (*jwt.Token, error) + type KeyPair struct + Active bool + CreatedAt time.Time + ExpiresAt time.Time + ID string + PrivateKey *rsa.PrivateKey + PublicKey *rsa.PublicKey + type KeyStore struct + func NewKeyStore() (*KeyStore, error) + func NewKeyStoreFromFiles(privateKeyPath, publicKeyPath, rotationInterval, keyLifetime string) (*KeyStore, error) + func (ks *KeyStore) GetActiveKey() *KeyPair + func (ks *KeyStore) GetAllValidKeys() []*KeyPair + func (ks *KeyStore) GetKeyByID(keyID string) *KeyPair + func (ks *KeyStore) RotateKeys() error + func (ks *KeyStore) ShouldRotate() bool + type OAuthErrorResponse struct + Error string + ErrorDescription string + ErrorURI string + State string + type Plugin struct + func NewPlugin(opts ...PluginOption) *Plugin + func (p *Plugin) ID() string + func (p *Plugin) Init(authInst core.Authsome) error + func (p *Plugin) Migrate() error + func (p *Plugin) RegisterExtensions(reg interface{}) error + func (p *Plugin) RegisterHooks(hooksRegistry *hooks.HookRegistry) error + func (p *Plugin) RegisterRoutes(router forge.Router) error + func (p *Plugin) RegisterServiceDecorators(services *registry.ServiceRegistry) error + func (p *Plugin) Shutdown() error + type PluginOption func(*Plugin) + func WithDefaultConfig(cfg Config) PluginOption + func WithIssuer(issuer string) PluginOption + type RegistrationService struct + func NewRegistrationService(clientRepo *repo.OAuthClientRepository, config Config) *RegistrationService + func (s *RegistrationService) RegisterClient(ctx context.Context, req *ClientRegistrationRequest, appID, envID xid.ID, ...) (*ClientRegistrationResponse, error) + func (s *RegistrationService) ValidateRegistrationRequest(req *ClientRegistrationRequest) error + type RevokeTokenService struct + func NewRevokeTokenService(tokenRepo *repo.OAuthTokenRepository) *RevokeTokenService + func (s *RevokeTokenService) AuthenticateClient(r *http.Request, clientRepo *repo.OAuthClientRepository) (*ClientAuthResult, error) + func (s *RevokeTokenService) RevokeByJTI(ctx context.Context, jti string) error + func (s *RevokeTokenService) RevokeToken(ctx context.Context, req *TokenRevocationRequest) error + type ScopeInfo struct + Description string + Name string + type Service struct + func NewService(config Config) *Service + func NewServiceWithRepos(clientRepo *repo.OAuthClientRepository, config Config) *Service + func (s *Service) CreateAuthorizationCode(ctx context.Context, req *AuthorizeRequest, userID xid.ID, sessionID xid.ID) (*schema.AuthorizationCode, error) + func (s *Service) ExchangeCodeForTokens(ctx context.Context, authCode *schema.AuthorizationCode, ...) (*TokenResponse, error) + func (s *Service) ExtractContext(ctx context.Context) (appID, envID xid.ID, orgID *xid.ID, err error) + func (s *Service) GenerateAuthorizationCode() (string, error) + func (s *Service) GenerateClientCredentialsToken(ctx context.Context, client *schema.OAuthClient, scope string) (*TokenResponse, error) + func (s *Service) GetJWKS() (*JWKS, error) + func (s *Service) GetUserInfoFromToken(ctx context.Context, accessToken string) (map[string]interface{}, error) + func (s *Service) MarkCodeAsUsed(ctx context.Context, code string) error + func (s *Service) RefreshAccessToken(ctx context.Context, refreshToken, clientID, requestedScope string) (*TokenResponse, error) + func (s *Service) SetRepositories(clientRepo *repo.OAuthClientRepository, ...) + func (s *Service) SetSessionService(sessionSvc *session.Service) + func (s *Service) SetUserService(userSvc *user.Service) + func (s *Service) StartKeyRotation() + func (s *Service) StopKeyRotation() + func (s *Service) ValidateAuthorizationCode(ctx context.Context, code, clientID, redirectURI, codeVerifier string) (*schema.AuthorizationCode, error) + func (s *Service) ValidateAuthorizeRequest(ctx context.Context, req *AuthorizeRequest) error + type TokenIntrospectionRequest struct + ClientID string + ClientSecret string + Token string + TokenTypeHint string + type TokenIntrospectionResponse struct + Active bool + Aud []string + ClientID string + Exp int64 + Iat int64 + Iss string + Jti string + Nbf int64 + Scope string + Sub string + TokenType string + Username string + type TokenRequest struct + Audience string + ClientID string + ClientSecret string + Code string + CodeVerifier string + GrantType string + RedirectURI string + RefreshToken string + Scope string + type TokenResponse struct + AccessToken string + ExpiresIn int + IDToken string + RefreshToken string + Scope string + TokenType string + type TokenRevocationRequest struct + ClientID string + ClientSecret string + Token string + TokenTypeHint string + type UserInfoResponse struct + Birthdate string + Email string + EmailVerified bool + FamilyName string + Gender string + GivenName string + Locale string + MiddleName string + Name string + Nickname string + PhoneNumber string + PhoneVerified bool + Picture string + PreferredUsername string + Profile string + Sub string + UpdatedAt int64 + Website string + Zoneinfo string + type UserService interface + FindByID func(ctx context.Context, userID xid.ID) (interface{}, error)
Go to main page