rfc7523

package
v0.39.0-nucleate-test Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 28, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Handler

type Handler struct {
	Storage                  RFC7523KeyStorage
	ScopeStrategy            fosite.ScopeStrategy
	AudienceMatchingStrategy fosite.AudienceMatchingStrategy

	// TokenURL is the the URL of the Authorization Server's Token Endpoint.
	TokenURL string
	// SkipClientAuth indicates, if client authentication can be skipped.
	SkipClientAuth bool
	// JWTIDOptional indicates, if jti (JWT ID) claim required or not.
	JWTIDOptional bool
	// JWTIssuedDateOptional indicates, if "iat" (issued at) claim required or not.
	JWTIssuedDateOptional bool
	// JWTMaxDuration sets the maximum time after token issued date (if present), during which the token is
	// considered valid. If "iat" claim is not present, then current time will be used as issued date.
	JWTMaxDuration time.Duration

	*oauth2.HandleHelper
}

func (*Handler) CanHandleTokenEndpointRequest

func (c *Handler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*Handler) CanSkipClientAuth

func (c *Handler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*Handler) CheckRequest

func (c *Handler) CheckRequest(request fosite.AccessRequester) error

func (*Handler) HandleTokenEndpointRequest

func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything) and https://tools.ietf.org/html/rfc7523#section-2.1 (everything)

func (*Handler) PopulateTokenEndpointResponse

func (c *Handler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error

type RFC7523KeyStorage

type RFC7523KeyStorage interface {
	// GetPublicKey returns public key, issued by 'issuer', and assigned for subject. Public key is used to check
	// signature of jwt assertion in authorization grants.
	GetPublicKey(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error)

	// GetPublicKeys returns public key, set issued by 'issuer', and assigned for subject.
	GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)

	// GetPublicKeyScopes returns assigned scope for assertion, identified by public key, issued by 'issuer'.
	GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) ([]string, error)

	// IsJWTUsed returns true, if JWT is not known yet or it can not be considered valid, because it must be already
	// expired.
	IsJWTUsed(ctx context.Context, jti string) (bool, error)

	// MarkJWTUsedForTime marks JWT as used for a time passed in exp parameter. This helps ensure that JWTs are not
	// replayed by maintaining the set of used "jti" values for the length of time for which the JWT would be
	// considered valid based on the applicable "exp" instant. (https://tools.ietf.org/html/rfc7523#section-3)
	MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error
}

RFC7523KeyStorage holds information needed to validate jwt assertion in authorization grants.

type Session

type Session interface {
	// SetSubject sets the session's subject.
	SetSubject(subject string)
}

Session must be implemented by the session if RFC7523 is to be supported.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL