auth

package
v0.0.0-...-677a216 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 15, 2022 License: MIT Imports: 11 Imported by: 0

Documentation

Overview

Package auth is copied almost verbatim from golang.org/x/oauth2/clientcredentials

This is because the package above doesn't allow overwriting the grant_type key TODO: Clean up and implement/reuse a true keycloak auth

Index

Examples

Constants

View Source 
const (
	// ClientCredentialsGrant applies to client credentials
	ClientCredentialsGrant = "client_credentials"

	// PasswordGrant is for the password grant
	PasswordGrant = "password"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	// ClientID is the application's ID. This should be set for both
	// password and client credentials grants
	ClientID string

	// ClientSecret is the application's secret.
	ClientSecret string

	// Username is the username (if using the password grant).
	Username string

	// Password is user's password (if using the password grant).
	Password string

	// GrantType is the auth grant type
	GrantType string

	// TokenURL is the resource server's token endpoint
	// URL. This is a constant specific to each server.
	TokenURL string

	// Scope specifies optional requested permissions.
	Scopes []string

	// EndpointParams specifies additional parameters for requests to the token endpoint.
	EndpointParams url.Values

	HTTPClient *http.Client
}

Config describes a 2-legged OAuth2 flow, with both the client application information and the server's endpoint URLs.

func (*Config) Client 

func (c *Config) Client(ctx context.Context) *http.Client

Client returns an HTTP client using the provided token. The token will auto-refresh as necessary. The underlying HTTP transport will be obtained using the provided context. The returned client and its Transport should not be modified.

Example 
package main

import (
	"context"

	"github.com/Azuka/keycloak-admin-go/keycloak/auth"
)

func main() {
	config := auth.Config{
		ClientID:  "admin-cli",
		TokenURL:  "https://keycloak.local/auth/realms/master/protocol/openid-connect/token",
		Username:  "keycloak",
		Password:  "password",
		GrantType: auth.PasswordGrant,
	}

	client := config.Client(context.Background())

	// This will make an authenticated request
	_, _ = client.Get("https://keycloak.local/auth/admin/realms/master/users?username=keycloak-admin")
}

Output:
Example (Client_credentials) 
package main

import (
	"context"

	"github.com/Azuka/keycloak-admin-go/keycloak/auth"
)

func main() {
	config := auth.Config{
		ClientID:     "admin-cli",
		TokenURL:     "https://keycloak.local/auth/realms/master/protocol/openid-connect/token",
		ClientSecret: "my-secret",
		GrantType:    auth.ClientCredentialsGrant,
	}

	client := config.Client(context.Background())

	// This will make an authenticated request
	_, _ = client.Get("https://keycloak.local/auth/admin/realms/master/users?username=keycloak-admin")
}

Output:

func (*Config) Token 

func (c *Config) Token(ctx context.Context) (*oauth2.Token, error)

Token uses client credentials to retrieve a token. The HTTP client to use is derived from the context. If nil, http.DefaultClient is used.

func (*Config) TokenSource 

func (c *Config) TokenSource(ctx context.Context) oauth2.TokenSource

TokenSource returns a TokenSource that returns t until t expires, automatically refreshing it as necessary using the provided context and the client ID and client secret.

Most users will use Config.Client instead.

type Token 

type Token struct {
	// AccessToken is the token that authorizes and authenticates
	// the requests.
	AccessToken string `json:"access_token"`

	// TokenType is the type of token.
	// The Type method returns either this or "Bearer", the default.
	TokenType string `json:"token_type,omitempty"`

	// RefreshToken is a token that's used by the application
	// (as opposed to the user) to refresh the access token
	// if it expires.
	RefreshToken string `json:"refresh_token,omitempty"`

	// Expiry is the optional expiration time of the access token.
	//
	// If zero, TokenSource implementations will reuse the same
	// token forever and RefreshToken or equivalent
	// mechanisms for that TokenSource will not be used.
	Expiry time.Time `json:"expiry,omitempty"`

	// ExpiresIn is the time this token is valid for, per Keycloak
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// RefreshExpiresIn is the time the refresh token expires
	RefreshExpiresIn int64 `json:"refresh_expires_in,omitempty"`

	// NotBeforePolicy is likely the Keycloak clock skew
	NotBeforePolicy int64 `json:"not_before_policy,,omitempty"`

	// SessionState means something in keycloak
	SessionState string `json:"session_state,omitempty"`

	// Scope is the token scope
	Scope string `json:"scope,omitempty"`
}

Token is the token as received from keycloak

func Extract 

func Extract(o *oauth2.Token) *Token

Extract extracts a keycloak token from an oauth one

func (*Token) Oauth2Token 

func (t *Token) Oauth2Token() *oauth2.Token

Oauth2Token returns an oauth2 token with the underlying original keycloak token

type TokenSource 

type TokenSource interface {
	oauth2.TokenSource

	// KeycloakToken returns a keycloak token
	KeycloakToken() (*Token, error)
}

TokenSource builds on the existing oauth.TokenSource with an additional method for fetching a raw keycloak token

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.