oauth1

package module

v0.0.0-...-f88559e Latest Latest Go to latest Published: Dec 11, 2017 License: BSD-3-Clause Imports: 17 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Projectplace/oauth1

Links

Open Source Insights

README ¶

oauth1

Package oauth1 provides building blocks for implementing an OAuth 1.0 service provider. See the example code for how to implement authentication for protected resources and redirection-based authorization.

Documentation ¶

Overview ¶

Package oauth1 provides building blocks for implementing an OAuth 1.0 server.

Index ¶

Variables
func IsInternal(err error) bool
func WriteError(w http.ResponseWriter, err error)
type ClientCredentials
type Server
type Store
type TempCredentials
- func (t *TempCredentials) Redirect(w http.ResponseWriter, r *http.Request)
- func (t *TempCredentials) WriteTo(w http.ResponseWriter) error
type TokenCredentials
- func (t *TokenCredentials) WriteTo(w http.ResponseWriter) error

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNotFound is the error returned by Store methods if a token or client
	// can not be found.
	ErrNotFound = errors.New("not found")
	// ErrNonceAlreadyUsed is the error returned by ConsumeNonce if a nonce is
	// re-used.
	ErrNonceAlreadyUsed = errors.New("nonce already used")
)

Functions ¶

func IsInternal ¶

func IsInternal(err error) bool

IsInternal returns true if err is caused by an internal server error.

func WriteError ¶

func WriteError(w http.ResponseWriter, err error)

WriteError encodes and writes err to w with the appropriate status code.

Types ¶

type ClientCredentials ¶

type ClientCredentials struct {
	ID     string
	Secret string

	// Callback is an optional pre-configured callback URI for the client.
	// It is only used if Server.FixedCallbacks is set to true.
	Callback *url.URL

	// Custom is an extension slot that is not used internally. An
	// implementation may optionally use it to store for example the
	// application name or author information.
	Custom interface{}
}

ClientCredentials holds the identifier and shared secret used to authenticate a particular client.

type Server ¶

type Server struct {
	// Store is the database used to store credentials and nonces.
	Store Store

	// MaxAge specifies an age limit for timestamps, after (optionally)
	// accounting for clock skew. A request with an older timestamp will be
	// denied with HTTP 401 Unauthorized.
	//
	// A MaxAge of zero means no limit.
	MaxAge time.Duration

	// MaxSkew specifies the allowed difference between client and server time.
	//
	// It is only applied if MaxAge is not zero.
	MaxSkew time.Duration

	// FixedCallbacks controls if the callback URL should be specified via the
	// oauth_callback protocol parameter or pre-configured per client.
	FixedCallbacks bool

	// Realm is the description of the protected area to be included in
	// WWW-Authenticate headers.
	//
	// If Realm is empty WWW-Authenticate headers are suppressed.
	Realm string
	// contains filtered or unexported fields
}

Server provides methods for interacting with OAuth 1.0 clients.

func (*Server) Authenticate ¶

func (s *Server) Authenticate(r *http.Request) (*ClientCredentials, *TokenCredentials, error)

Authenticate verifies that the authenticated request is protocol compliant and valid. The *TokenCredentials returned is nil if the request is signed with only client credentials.

func (*Server) ConcludeAuthorization ¶

func (s *Server) ConcludeAuthorization(r *http.Request) (*TokenCredentials, error)

ConcludeAuthorization consumes the supplied temporary token credentials and returns new token credentials that can be used by the client for authenticated requests.

This is the third and final step for a client to acquire token credentials.

func (*Server) InitiateAuthorization ¶

func (s *Server) InitiateAuthorization(r *http.Request) (*TempCredentials, error)

InitiateAuthorization validates a request for new temporary credentials and creates them if successful.

This is the first step taken by a client to acquire token credentials.

func (*Server) RequestAuthorization ¶

func (s *Server) RequestAuthorization(r *http.Request) (*ClientCredentials, *TempCredentials, error)

RequestAuthorization validates a request made by the client to obtain authorization from the resource owner.

The service provider must ask the resource owner to grant access, and if authorization is given the user agent should be redirected to the token's VerifiedCallback(). If this callback is nil the VerificationCode should instead be displayed together with instructions to manually inform the client that authorization is completed.

This is the second step for a client to acquire token credentials.

type Store ¶

type Store interface {
	// GetClient loads the credentials with the given ID from the database.
	// It returns ErrNotFound if no matching record can be found.
	GetClient(ctx context.Context, id string) (*ClientCredentials, error)

	// GetToken loads the token credentials with the given ID from the
	// database. It returns ErrNotFound if no matching record can be found.
	GetToken(ctx context.Context, id string) (*TokenCredentials, error)

	// GetToken loads the temporary credentials with the given ID from the
	// database. It returns ErrNotFound if no matching record can be found.
	GetTemp(ctx context.Context, id string) (*TempCredentials, error)

	// AddTempCredentials adds new temporary credentials to the database.
	AddTempCredentials(context.Context, *TempCredentials) error

	// ConvertTempCredentials replaces the temporary credentials with token
	// credentials.
	ConvertTempCredentials(ctx context.Context, old *TempCredentials, new *TokenCredentials) error

	// ConsumeNonce validates that a nonce is unique across all requests with
	// the same timestamp, client and token combinations. If the combination
	// has been used before ConsumeNonce returns ErrNonceAlreadyUsed.
	ConsumeNonce(ctx context.Context, nonce string, timestamp time.Time, clientID, tokenID string) error
}

Store is the interface used to manage credentials and nonces.

type TempCredentials ¶

type TempCredentials struct {
	ID               string
	Secret           string
	ClientID         string
	Callback         *url.URL
	VerificationCode string

	// Custom is an extension slot that is not used internally. An
	// implementation may optionally use it to store for example a
	// user association.
	Custom interface{}
}

TempCredentials holds the identifier and shared secret used to make an authorization request to the resource owner.

func (*TempCredentials) Redirect ¶

func (t *TempCredentials) Redirect(w http.ResponseWriter, r *http.Request)

Redirect replies with a redirect to the callback URL, with identifier and verification code added to the query string. It panics if there is no callback.

func (*TempCredentials) WriteTo ¶

func (t *TempCredentials) WriteTo(w http.ResponseWriter) error

WriteTo encodes and writes the identifier and secret to w.

type TokenCredentials ¶

type TokenCredentials struct {
	ID       string
	Secret   string
	ClientID string

	// Custom is an extension slot that is not used internally. An
	// implementation may optionally use it to store for example a
	// user association.
	Custom interface{}
}

TokenCredentials holds the identifier and shared secret used to authenticate a resource owner.

func (*TokenCredentials) WriteTo ¶

func (t *TokenCredentials) WriteTo(w http.ResponseWriter) error

WriteTo encodes and writes the identifier and secret to w.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
_example

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL