oauth2

package
v1.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 25, 2024 License: Apache-2.0 Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DPoPHeaderName = "DPoP"
	DPoPHeaderType = "dpop+jwt"
)
View Source 
const (
	ErrAuthorizationPending = "authorization_pending"
	ErrSlowDown             = "slow_down"
)
View Source 
const (
	AuthorizationCodeGrantType string = "authorization_code"
	ClientCredentialsGrantType string = "client_credentials"
	ImplicitGrantType          string = "implicit"
	PasswordGrantType          string = "password"
	RefreshTokenGrantType      string = "refresh_token"
	JWTBearerGrantType         string = "urn:ietf:params:oauth:grant-type:jwt-bearer"
	TokenExchangeGrantType     string = "urn:ietf:params:oauth:grant-type:token-exchange"
	DeviceGrantType            string = "urn:ietf:params:oauth:grant-type:device_code"
)

grant types

View Source 
const (
	ClientSecretBasicAuthMethod string = "client_secret_basic"
	ClientSecretPostAuthMethod  string = "client_secret_post"
	ClientSecretJwtAuthMethod   string = "client_secret_jwt"
	PrivateKeyJwtAuthMethod     string = "private_key_jwt"
	SelfSignedTLSAuthMethod     string = "self_signed_tls_client_auth"
	TLSClientAuthMethod         string = "tls_client_auth"
	NoneAuthMethod              string = "none"
)

auth methods

View Source 
const CodeVerifierLength = 43
View Source 
const (
	JwtBearerClientAssertion string = "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
)

client assertion types

View Source 
const OpenIDConfigurationPath = "/.well-known/openid-configuration"

Variables

View Source 
var CodeChallengeEncoder = base64.RawURLEncoding

Functions

func DPoPSignRequest added in v1.6.0 

func DPoPSignRequest(signingKey string, hc *http.Client, r *http.Request) error

func DPoPThumbprint added in v1.6.0 

func DPoPThumbprint(signingKey string, hc *http.Client) (string, error)

func EncryptJWT added in v1.5.0 

func EncryptJWT(token string, encrypterProvider EncrypterProvider) (nestedJWT string, key interface{}, err error)

func FetchOpenIDConfiguration 

func FetchOpenIDConfiguration(ctx context.Context, issuerURL string, hc *http.Client) (request Request, c ServerConfig, err error)

func ParseError 

func ParseError(resp *http.Response) error

func PlaintextJWT added in v1.5.0 

func PlaintextJWT(claimsProvider ClaimsProvider) (jwt string, key string, err error)

func RandomString 

func RandomString(n int) string

func ReadKey 

func ReadKey(use KeyUse, location string, hc *http.Client) (jose.JSONWebKey, error)

func ReadKeyPair added in v1.1.0 

func ReadKeyPair(cert string, key string, hc *http.Client) (keyPair tls.Certificate, err error)

func ReadRootCA added in v1.1.0 

func ReadRootCA(location string, hc *http.Client) (pool *x509.CertPool, err error)

func ReadURL added in v1.1.0 

func ReadURL(location string, hc *http.Client) (data []byte, err error)

func RequestDeviceAuthorization added in v1.4.0 

func RequestDeviceAuthorization(ctx context.Context, cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (request Request, response DeviceAuthorizationResponse, err error)

func RequestPAR added in v1.4.0 

func RequestPAR(
	ctx context.Context,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
) (parRequest Request, parResponse PARResponse, authorizeRequest Request, codeVerifier string, err error)

func RequestToken 

func RequestToken(
	ctx context.Context,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
	opts ...RequestTokenOption,
) (request Request, response TokenResponse, err error)

func SignJWT 

func SignJWT(claimsProvider ClaimsProvider, signerProvider SignerProvider) (jwt string, key interface{}, err error)

func UnsafeParseJWT added in v1.4.0 

func UnsafeParseJWT(token string) (*jwt.JSONWebToken, map[string]interface{}, error)

func WithAuthorizationCode 

func WithAuthorizationCode(code string) func(*RequestTokenParams)

func WithCodeVerifier 

func WithCodeVerifier(codeVerifier string) func(*RequestTokenParams)

func WithDeviceCode added in v1.4.0 

func WithDeviceCode(deviceCode string) func(*RequestTokenParams)

func WithRedirectURL 

func WithRedirectURL(url string) func(*RequestTokenParams)

Types

type ClaimsProvider added in v1.1.0 

type ClaimsProvider func() (map[string]interface{}, error)

func AssertionClaims added in v1.1.0 

func AssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider

func ClientAssertionClaims added in v1.1.0 

func ClientAssertionClaims(serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider

func RequestObjectClaims added in v1.5.0 

func RequestObjectClaims(params url.Values, serverConfig ServerConfig, clientConfig ClientConfig) ClaimsProvider

type ClientConfig 

type ClientConfig struct {
	IssuerURL              string `validate:"url"`
	RedirectURL            string `validate:"url"`
	GrantType              string `` /* 223-byte string literal not displayed */
	ClientID               string
	ClientSecret           string
	Scopes                 []string
	ACRValues              []string
	Audience               []string
	AuthMethod             string `` /* 148-byte string literal not displayed */
	PKCE                   bool
	PAR                    bool
	RequestObject          bool
	EncryptedRequestObject bool
	Insecure               bool
	ResponseType           []string `validate:"dive,omitempty,oneof=code id_token token"`
	ResponseMode           string   `validate:"omitempty,oneof=query form_post query.jwt form_post.jwt jwt"`
	Username               string
	Password               string
	RefreshToken           string
	Assertion              string `validate:"omitempty,json"`
	SigningKey             string `validate:"omitempty,uri"`
	EncryptionKey          string `validate:"omitempty,uri"`
	SubjectToken           string
	SubjectTokenType       string `validate:"omitempty,oneof=urn:ietf:params:oauth:token-type:access_token"`
	ActorToken             string
	ActorTokenType         string `validate:"omitempty,oneof=urn:ietf:params:oauth:token-type:access_token"`
	IDTokenHint            string
	LoginHint              string
	IDPHint                string
	TLSCert                string `validate:"omitempty,uri"`
	TLSKey                 string `validate:"omitempty,uri"`
	TLSRootCA              string `validate:"omitempty,uri"`
	CallbackTLSCert        string `validate:"omitempty,uri"`
	CallbackTLSKey         string `validate:"omitempty,uri"`
	HTTPTimeout            time.Duration
	BrowserTimeout         time.Duration
	DPoP                   bool
	Claims                 string `validate:"omitempty,json"`
	RAR                    string `validate:"omitempty,json"`
	Purpose                string
}

type DPoPClaims added in v1.6.0 

type DPoPClaims struct {
	Htm      string `json:"htm"`
	Htu      string `json:"htu"`
	Jti      string `json:"jti"`
	IssuedAt int64  `json:"iat"`
}

type DeviceAuthorizationResponse added in v1.4.0 

type DeviceAuthorizationResponse struct {
	DeviceCode              string `json:"device_code"`
	UserCode                string `json:"user_code"`
	VerificationURI         string `json:"verification_uri"`
	VerificationURIComplete string `json:"verification_uri_complete"`
	ExpiresIn               int64  `json:"expires_in"`
	Interval                int64  `json:"interval"`
}

type EncrypterProvider added in v1.5.0 

type EncrypterProvider func() (jose.Encrypter, interface{}, error)

func JWEEncrypter added in v1.5.0 

func JWEEncrypter(keyPath string, hc *http.Client) EncrypterProvider

type Error 

type Error struct {
	StatusCode int    `json:"-"`
	TraceID    string `json:"-"`

	ErrorCode   string `json:"error,omitempty"`
	Description string `json:"error_description,omitempty"`
	Hint        string `json:"error_hint,omitempty"`
	Cause       string `json:"cause,omitempty"`
}

func (*Error) Error 

func (e *Error) Error() string

type KeyUse added in v1.4.0 

type KeyUse string
const (
	SigningKey    KeyUse = "sig"
	EncryptionKey KeyUse = "enc"
)

type PARResponse added in v1.4.0 

type PARResponse struct {
	RequestURI string `json:"request_uri"`
	ExpiresIn  int64  `json:"expires_in"`
}

type Request 

type Request struct {
	Method        string
	URL           *url.URL
	Headers       map[string][]string
	Form          url.Values
	JARM          map[string]interface{}
	RequestObject string
	SigningKey    interface{}
	EncryptionKey interface{}
	Cert          *x509.Certificate
}

func RequestAuthorization 

func RequestAuthorization(cconfig ClientConfig, sconfig ServerConfig, hc *http.Client) (r Request, codeVerifier string, err error)

func WaitForCallback 

func WaitForCallback(clientConfig ClientConfig, serverConfig ServerConfig, hc *http.Client) (request Request, err error)

func (*Request) AuthenticateClient added in v1.4.0 

func (r *Request) AuthenticateClient(
	endpoint string,
	mtlsEndpoint string,
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
) (string, error)

func (*Request) AuthorizeRequest added in v1.5.0 

func (r *Request) AuthorizeRequest(
	cconfig ClientConfig,
	sconfig ServerConfig,
	hc *http.Client,
) (codeVerifier string, err error)

func (*Request) Get 

func (r *Request) Get(key string) string

func (*Request) ParseJARM added in v1.4.0 

func (r *Request) ParseJARM(signingKey interface{}, encryptionKey interface{}) error

type RequestTokenOption 

type RequestTokenOption func(*RequestTokenParams)

type RequestTokenParams 

type RequestTokenParams struct {
	Code         string
	DeviceCode   string
	CodeVerifier string
	RedirectURL  string
}

type ServerConfig 

type ServerConfig struct {
	Issuer                             string   `json:"issuer"`
	JWKsURI                            string   `json:"jwks_uri"`
	SupportedGrantTypes                []string `json:"grant_types_supported"`
	SupportedResponseTypes             []string `json:"response_types_supported"`
	SupportedTokenEndpointAuthMethods  []string `json:"token_endpoint_auth_methods_supported"`
	SupportedScopes                    []string `json:"scopes_supported"`
	SupportedResponseModes             []string `json:"response_modes_supported"`
	AuthorizationEndpoint              string   `json:"authorization_endpoint"`
	DeviceAuthorizationEndpoint        string   `json:"device_authorization_endpoint"`
	PushedAuthorizationRequestEndpoint string   `json:"pushed_authorization_request_endpoint"`
	TokenEndpoint                      string   `json:"token_endpoint"`
	MTLsEndpointAliases                struct {
		TokenEndpoint                      string `json:"token_endpoint"`
		PushedAuthorizationRequestEndpoint string `json:"pushed_authorization_request_endpoint"`
	} `json:"mtls_endpoint_aliases"`
}

type SignerProvider added in v1.1.0 

type SignerProvider func() (jose.Signer, interface{}, error)

func JWKSigner added in v1.1.0 

func JWKSigner(keyPath string, hc *http.Client) SignerProvider

func SecretSigner added in v1.1.0 

func SecretSigner(secret []byte) SignerProvider

type TokenResponse 

type TokenResponse struct {
	AccessToken          string                   `json:"access_token,omitempty"`
	ExpiresIn            int64                    `json:"expires_in,omitempty"`
	IDToken              string                   `json:"id_token,omitempty"`
	IssuedTokenType      string                   `json:"issued_token_type,omitempty"`
	RefreshToken         string                   `json:"refresh_token,omitempty"`
	Scope                string                   `json:"scope,omitempty"`
	TokenType            string                   `json:"token_type,omitempty"`
	AuthorizationDetails []map[string]interface{} `json:"authorization_details,omitempty"`
}

func NewTokenResponseFromForm 

func NewTokenResponseFromForm(f url.Values) TokenResponse

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.