Documentation ¶
Index ¶
- Constants
- func Introspect(svc Service) http.Handler
- func IssueToken(svc Service) http.Handler
- func ListKnownSigningKeys(svc Service) http.Handler
- func Onboarding(svc Service) http.Handler
- func RegisterRoutes(router *mux.Router, svc Service, ...)
- type ErrorResponse
- type IntrospectionResponse
- type KeysResponse
- type RepoImpl
- func (r *RepoImpl) CreateTables() error
- func (r *RepoImpl) GetClientSecretAndPrivateKeyByClientID(clientID string) (string, []byte, error)
- func (r *RepoImpl) GetSigningKeyFromAuditedToken(tokenString string) ([]byte, error)
- func (r *RepoImpl) InsertAudit(clientID, accessToken, tokenType string, expiresIn int64) error
- func (r *RepoImpl) InsertClient(clientID string, clientSecret []byte, keyName string) error
- func (r *RepoImpl) ListAllSigningKeys() ([]string, [][]byte, error)
- func (r *RepoImpl) SavePrivateKey(keyName string, keyData []byte) error
- type RepoMock
- func (r *RepoMock) GetClientSecretAndPrivateKeyByClientID(clientID string) (string, []byte, error)
- func (r *RepoMock) GetSigningKeyFromAuditedToken(tokenString string) ([]byte, error)
- func (r *RepoMock) InsertAudit(clientID, accessToken, tokenType string, expiresIn int64) error
- func (r *RepoMock) InsertClient(clientID string, clientSecret []byte, keyName string) error
- func (r *RepoMock) ListAllSigningKeys() ([]string, [][]byte, error)
- func (r *RepoMock) SavePrivateKey(keyName string, keyData []byte) error
- type Repository
- type Service
- type SignKey
- type SvcImpl
- func (s *SvcImpl) DecodeJWTToken(tokenString string) (*jwt.Token, error)
- func (s *SvcImpl) GenerateAndSavePrivateKey(totpKey, keyName string) error
- func (s *SvcImpl) ListKnownSigningKeys() (*KeysResponse, error)
- func (s *SvcImpl) OnboardNewClient(totpKey, clientID, clientSecret, keyName string) error
- func (s *SvcImpl) Sign(clientID, clientSecret string) (*TokenResponse, error)
- type TokenResponse
Constants ¶
const ( TokenRoute = "/v1/oauth2/token" ListRoute = "/v1/oauth2/keys" IntrospectRoute = "/v1/oauth2/introspect" OnboardingRoute = "/v1/oauth2/onboard" )
const ( RS384 = "RS384" RS512 = "RS512" RS256 = "RS256" )
Variables ¶
This section is empty.
Functions ¶
func Introspect ¶
Introspect godoc @Summary Introspection endpoint (rfc7662) to introspect the issued JWT Access Tokens @ID introspect-jwt @Description This endpoint allows introspection of the issued JWT Access Tokens. @Tags token @Produce json @Security BearerAuth @Success 200 {object} IntrospectionResponse @Failure 400 {object} ErrorResponse @Failure 401 {object} ErrorResponse @Failure 500 {object} ErrorResponse @Router /v1/oauth2/introspect [get] @Router /v1/oauth2/introspect [post]
func IssueToken ¶
IssueToken godoc @Summary Issues JWT Access Tokens (rfc7519) using Client Credentials Grant with Basic Authentication (rfc6749) @ID create-token @Description This endpoint issues JWT Access Tokens using the Client Credentials Grant with Basic Authentication. @Tags token @Accept x-www-form-urlencoded @Produce json @Success 200 {object} TokenResponse @Failure 400 {object} ErrorResponse @Failure 401 {object} ErrorResponse @Failure 500 {object} ErrorResponse @Param grant_type formData string true "grant_type" default(client_credentials) @Param client_id formData string true "client_id" default(test) @Param client_secret formData string true "client_secret" default(test) @Router /v1/oauth2/token [post]
func ListKnownSigningKeys ¶
ListKnownSigningKeys godoc @Summary Endpoint to list the signing keys (rfc7517) @ID list-keys @Description This endpoint lists the signing keys. @Tags token @Produce json @Security BearerAuth @Success 200 {object} KeysResponse @Failure 400 {object} ErrorResponse @Failure 401 {object} ErrorResponse @Failure 500 {object} ErrorResponse @Router /v1/oauth2/keys [get]
func Onboarding ¶
Onboarding godoc @Summary Facilitates the creation of signing keys and onboarding new clients (client_id, client_secret and signing key pairs) @ID declare-clients-and-keys @Description This endpoint helps local tests, by creating signing keys and declaring new clients @Tags token @Accept x-www-form-urlencoded @Success 202 @Failure 400 {object} ErrorResponse @Failure 401 {object} ErrorResponse @Failure 500 {object} ErrorResponse @Param totp formData string true "totp code" @Param operation_type formData string true "operation_type can be create_key (should provide key_name) and create_client (should provide client_id, client_secret and associated key_name)." default(create_key) @Param client_id formData string false "client_id" default(test) @Param client_secret formData string false "client_secret" default(test) @Param key_name formData string true "key_name" default(my_key) @Router /v1/oauth2/onboard [post]
Types ¶
type ErrorResponse ¶
type IntrospectionResponse ¶
type IntrospectionResponse struct { ClientID string `json:"client_id"` Subject string `json:"sub"` Scope string `json:"scope"` Audience string `json:"aud"` Type string `json:"token_type"` UUID string `json:"jti"` ExpiresAt int64 `json:"exp"` NotBefore int64 `json:"nbf"` IssuedAt int64 `json:"iat"` Active bool `json:"active"` }
type KeysResponse ¶
type KeysResponse struct {
Keys []SignKey `json:"keys"`
}
type RepoImpl ¶
type RepoImpl struct {
// contains filtered or unexported fields
}
func NewRepository ¶
func (*RepoImpl) CreateTables ¶
func (*RepoImpl) GetClientSecretAndPrivateKeyByClientID ¶
func (*RepoImpl) GetSigningKeyFromAuditedToken ¶
func (*RepoImpl) InsertAudit ¶
func (*RepoImpl) InsertClient ¶
func (*RepoImpl) ListAllSigningKeys ¶
type RepoMock ¶
type RepoMock struct {
// contains filtered or unexported fields
}
func (*RepoMock) GetClientSecretAndPrivateKeyByClientID ¶
func (*RepoMock) GetSigningKeyFromAuditedToken ¶
func (*RepoMock) InsertAudit ¶
func (*RepoMock) InsertClient ¶
func (*RepoMock) ListAllSigningKeys ¶
type Repository ¶
type Repository interface { GetClientSecretAndPrivateKeyByClientID(clientID string) (string, []byte, error) InsertAudit(clientID, accessToken, tokenType string, expiresIn int64) error SavePrivateKey(keyName string, keyData []byte) error InsertClient(clientID string, clientSecret []byte, keyName string) error GetSigningKeyFromAuditedToken(tokenString string) ([]byte, error) ListAllSigningKeys() ([]string, [][]byte, error) }
type Service ¶
type Service interface { Sign(clientID, clientSecret string) (*TokenResponse, error) DecodeJWTToken(tokenString string) (*jwt.Token, error) ListKnownSigningKeys() (*KeysResponse, error) GenerateAndSavePrivateKey(totpKey, keyName string) error OnboardNewClient(totpKey, clientID, clientSecret, keyName string) error }
type SvcImpl ¶
type SvcImpl struct {
// contains filtered or unexported fields
}
func NewService ¶
func (*SvcImpl) DecodeJWTToken ¶
func (*SvcImpl) GenerateAndSavePrivateKey ¶
func (*SvcImpl) ListKnownSigningKeys ¶
func (s *SvcImpl) ListKnownSigningKeys() (*KeysResponse, error)