core

package
v1.0.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 2, 2026 License: MIT Imports: 23 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func LegacyPKCEFactory 

func LegacyPKCEFactory(config fosite.Configurator, storage interface{}, strategy interface{}) interface{}

Types

type Config 

type Config struct {
	AccessTokenLifespan   time.Duration
	RefreshTokenLifespan  time.Duration
	AuthorizeCodeLifespan time.Duration
	IDTokenLifespan       time.Duration

	HashCost            int
	HMACSecret          []byte
	AllowInsecureHTTP   bool
	EnforcePKCE         bool
	EnableOpenIDConnect bool

	IssuerURL  string
	LoginURL   string
	ConsentURL string

	ClientSecretsHasher fosite.Hasher
	JwkProvider         jwk.Provider
}

func NewOAuthConfigFromConfig 

func NewOAuthConfigFromConfig(cfg authconfig.OAuthServerConfig) *Config

type FositeStorage 

type FositeStorage interface {
	fosite.ClientManager
	oauth2.AuthorizeCodeStorage
	oauth2.AccessTokenStorage
	oauth2.RefreshTokenStorage
	oauth2.TokenRevocationStorage
	openid.OpenIDConnectRequestStorage
	pkce.PKCERequestStorage
}

FositeStorage is the union of fosite storage interfaces that the OAuth provider needs to drive the authorize and token endpoints. It lives here (rather than in the concrete storage package) so the provider depends on the contract, not on a specific storage implementation.

type Issuer 

type Issuer struct {
	// contains filtered or unexported fields
}

Issuer turns a resolved user identity into an OAuth authorization-code redirect. It is the small slice of the authorize flow that runs after the user has been authenticated — granting requested scopes, attaching a session to the request, and writing the response that carries the code back to the client.

Flows that already have a user identity in hand — notably the federated login callback — use the Issuer to emit a code directly, without round-tripping the user agent through /oauth2/authorize.

func (*Issuer) IssueAuthorizationCode 

func (i *Issuer) IssueAuthorizationCode(ctx context.Context, w http.ResponseWriter, ar fosite.AuthorizeRequester, userInfo identity.UserInfo) error

func (*Issuer) IssueFromFederationSession 

func (i *Issuer) IssueFromFederationSession(ctx context.Context, w http.ResponseWriter, session *federation.Session, userInfo identity.UserInfo, additionalParams map[string]string) error

IssueFromFederationSession synthesizes an authorize request from the stored federation session and issues an authorization code for userInfo. Callers use this to skip the extra /oauth2/authorize round trip that would otherwise be needed after a federated login completes.

type LegacyPKCEHandler 

type LegacyPKCEHandler struct {
	AuthorizeCodeStrategy oauth2.AuthorizeCodeStrategy
	Storage               pkce.PKCERequestStorage
	Config                interface{}
	// contains filtered or unexported fields
}

func (*LegacyPKCEHandler) CanHandleTokenEndpointRequest 

func (c *LegacyPKCEHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) bool

func (*LegacyPKCEHandler) CanSkipClientAuth 

func (c *LegacyPKCEHandler) CanSkipClientAuth(ctx context.Context, requester fosite.AccessRequester) bool

func (*LegacyPKCEHandler) HandleAuthorizeEndpointRequest 

func (c *LegacyPKCEHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*LegacyPKCEHandler) HandleTokenEndpointRequest 

func (c *LegacyPKCEHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

func (*LegacyPKCEHandler) PopulateTokenEndpointResponse 

func (c *LegacyPKCEHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type Provider 

type Provider struct {
	fosite.OAuth2Provider
	// contains filtered or unexported fields
}

func NewOAuthProviderWithConfig 

func NewOAuthProviderWithConfig(store FositeStorage, oauthConfig Config) (*Provider, error)

func (*Provider) CreateSession 

func (p *Provider) CreateSession(userInfo identity.UserInfo, scopes []string) *Session

func (*Provider) GetConfig 

func (p *Provider) GetConfig() *fosite.Config

func (*Provider) NewIssuer 

func (p *Provider) NewIssuer() *Issuer

NewIssuer returns an authorization-code issuer wired up against this provider. The handler packages call this so they don't need to construct the issuer (or know how this provider builds sessions) themselves.

type Session 

type Session struct {
	*openid.DefaultSession
	JWTClaims *jwt.JWTClaims
	JWTHeader *jwt.Headers
}

func NewEmptySession 

func NewEmptySession() *Session

NewEmptySession returns a zero-valued Session with nested pointer fields pre-allocated. It is used as the unmarshal target when restoring a stored session from the authorization-code store — the session type must implement JWTSessionContainer so fosite's JWT strategy can mint access tokens.

func NewSessionWithClaims 

func NewSessionWithClaims(userInfo identity.UserInfo, scopes []string, kid string) *Session

func (*Session) GetJWTClaims 

func (s *Session) GetJWTClaims() jwt.JWTClaimsContainer

func (*Session) GetJWTHeader 

func (s *Session) GetJWTHeader() *jwt.Headers

func (*Session) SetExtraClaim 

func (s *Session) SetExtraClaim(key string, value interface{})

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.