flow

package
v0.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2020 License: MIT Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AuthCode 

type AuthCode struct {
	Provider             *pkg.Provider
	CodeStrategy         grant.CodeStrategy
	AccessTokenStrategy  grant.AccessTokenStrategy
	RefreshTokenStrategy grant.RefreshTokenStrategy
	IdTokenStrategy      grant.IdTokenStrategy
	SessionStorage       grant.SessionStorage
}

func (*AuthCode) Authorize 

func (f *AuthCode) Authorize(ctx context.Context, req *auth.Request, session *grant.Session) (*auth.Response, error)

func (*AuthCode) CanAuthorize 

func (f *AuthCode) CanAuthorize(req *auth.Request) bool

func (*AuthCode) CanIssue 

func (f *AuthCode) CanIssue(req *token.Request) bool

func (*AuthCode) Issue 

func (f *AuthCode) Issue(ctx context.Context, req *token.Request) (*token.Response, error)

type AuthorizeFlow 

type AuthorizeFlow interface {
	// CanAuthorize returns true if the request can be processed by this handler
	CanAuthorize(req *auth.Request) bool

	// Authorize carries out the main logic for authorization. Implementation shall assume CanAuthorize returned true.
	Authorize(ctx context.Context, req *auth.Request, session *grant.Session) (*auth.Response, error)
}

AuthorizeFlow handles the OpenID Connect authentication request, which piggybacks an OAuth authorization request. Before invoking Authorize, callers should check with CanAuthorize to see if the handler can process the request at all. Flow implementations need to be exclusive with each other as the caller will select the first flow whose CanIssue returns true to process the request. However, implementation may use composition pattern to enhance each other's functions.

type ClientCredentials 

type ClientCredentials struct {
	Provider             *pkg.Provider
	AccessTokenStrategy  grant.AccessTokenStrategy
	RefreshTokenStrategy grant.RefreshTokenStrategy
	SessionStorage       grant.SessionStorage
}

func (*ClientCredentials) CanIssue 

func (f *ClientCredentials) CanIssue(req *token.Request) bool

func (*ClientCredentials) Issue 

func (f *ClientCredentials) Issue(ctx context.Context, req *token.Request) (*token.Response, error)

type Hybrid 

type Hybrid struct {
	Provider          *pkg.Provider
	CodeStrategy      grant.CodeStrategy
	IdTokenStrategy   grant.IdTokenStrategy
	SessionStorage    grant.SessionStorage
	AuthorizeCodeFlow *AuthCode
}

Hybrid models the OpenID Connect Hybrid flow. The token leg is exactly the same as the Authorization Code Flow. Per recommendation of the best practices, Hybrid flow will not issue access token on the authorization endpoint, therefore, it does not support response_type="code token id_token"

func (*Hybrid) Authorize 

func (f *Hybrid) Authorize(ctx context.Context, req *auth.Request, session *grant.Session) (resp *auth.Response, err error)

func (*Hybrid) CanAuthorize 

func (f *Hybrid) CanAuthorize(req *auth.Request) bool

func (*Hybrid) CanIssue 

func (f *Hybrid) CanIssue(req *token.Request) bool

func (*Hybrid) Issue 

func (f *Hybrid) Issue(ctx context.Context, req *token.Request) (*token.Response, error)

type Implicit 

type Implicit struct {
	Provider        *pkg.Provider
	IdTokenStrategy grant.IdTokenStrategy
}

Implicit models the OpenID Connect implicit flow. Per best practices, it will not issue access token on the authorization endpoint, therefore, response_type="token id_token" will not work. Because users using this flow will only receive an id token and has no chance to visiting userinfo endpoint to retrieve userinfo claims. All userinfo claims will be added to the id token.

func (*Implicit) Authorize 

func (f *Implicit) Authorize(ctx context.Context, req *auth.Request, session *grant.Session) (resp *auth.Response, err error)

func (*Implicit) CanAuthorize 

func (f *Implicit) CanAuthorize(req *auth.Request) bool

type Refresh 

type Refresh struct {
	Provider             *pkg.Provider
	AccessTokenStrategy  grant.AccessTokenStrategy
	RefreshTokenStrategy grant.RefreshTokenStrategy
	Logger               *zerolog.Logger
}

func (*Refresh) CanIssue 

func (f *Refresh) CanIssue(req *token.Request) bool

func (*Refresh) Issue 

func (f *Refresh) Issue(ctx context.Context, req *token.Request) (*token.Response, error)

Note: session will not be extended here since we are not extending the validity of the refresh token.

type RuleSet 

type RuleSet struct{}

func (RuleSet) Authorization 

func (_ RuleSet) Authorization(session *grant.Session) auth.Rule

type TokenFlow 

type TokenFlow interface {
	// CanIssue returns true if the request can be processed by this handler
	CanIssue(req *token.Request) bool

	// Issue carries out the main logic for token issuing. Implementation shall assume CanIssue returned true.
	Issue(ctx context.Context, req *token.Request) (*token.Response, error)
}

Flow handles the OpenID Connect token request. Before invoking Issue, callers should check with CanIssue to see if the handler can process the request at all. Flow implementations need to be exclusive with each other as the caller will select the first flow whose CanIssue returns true to process the request. However, implementation may use composition pattern to enhance each other's functions.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.