oauth2

package
v0.0.0-...-bf0e83d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 31, 2023 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrInvalidRequest       = &TokenError{Name: "invalid_request", Description: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed."}
	ErrInvalidClient        = &TokenError{Name: "invalid_client", Description: "Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)."}
	ErrInvalidGrant         = &TokenError{Name: "invalid_grant", Description: "The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."}
	ErrUnauthorizedClient   = &TokenError{Name: "unauthorized_client", Description: "The authenticated client is not authorized to use this authorization grant type."}
	ErrUnsupportedGrantType = &TokenError{Name: "unsupported_grant_type", Description: "The authorization grant type is not supported by the authorization server."}
	ErrInvalidScope         = &TokenError{Name: "invalid_scope", Description: "The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner."}
)

Functions

func CreateCodeChallenge 

func CreateCodeChallenge(codeVerifier string) (codeChallenge string)

func VerifyCodeChallenge 

func VerifyCodeChallenge(codeChallenge, codeVerifier string) error

Types

type AccessToken 

type AccessToken struct {
	Issuer     string   `json:"iss"`
	Subject    string   `json:"sub"`
	Audience   []string `json:"aud"`
	JWTID      string   `json:"jti"`
	Expiration int64    `json:"exp"`
	IssuedAt   int64    `json:"iat"`
	// Confirmation jwt.Confirmation `json:"cnf"`
	ClientID string `json:"client_id"`
	Scope    string `json:"scope"`
}

func (*AccessToken) Type 

func (t *AccessToken) Type() string

type IDToken 

type IDToken struct {
	Issuer     string   `json:"iss"`
	Subject    string   `json:"sub"`
	Audience   []string `json:"aud"`
	JWTID      string   `json:"jti"`
	Expiration int64    `json:"exp"`
	IssuedAt   int64    `json:"iat"`
}

func (*IDToken) Type 

func (t *IDToken) Type() string

type ServerConfiguration 

type ServerConfiguration struct {
	// Issuer is the URL of the OpenID Provider
	Issuer string `json:"issuer"`
	// AuthorizationEndpoint is the URL of the OpenID Provider's OAuth 2.0 Authorization Endpoint
	AuthorizationEndpoint string `json:"authorization_endpoint"`
	// TokenEndpoint is the URL of the OpenID Provider's OAuth 2.0 Token Endpoint
	TokenEndpoint string `json:"token_endpoint"`
	// UserInfoEndpoint is the URL of the OpenID Provider's UserInfo Endpoint
	UserInfoEndpoint string `json:"userinfo_endpoint"`
	// JwksURI is the URL of the OpenID Provider's JSON Web Key Set [JWK] document
	JwksURI string `json:"jwks_uri"`
	// RegistrationEndpoint is the URL of the OpenID Provider's Dynamic Client Registration Endpoint
	RegistrationEndpoint string `json:"registration_endpoint"`
	// ScopesSupported is a list of the OAuth 2.0 [RFC6749] scope values that this server supports
	ScopesSupported []string `json:"scopes_supported"`
	// ResponseTypesSupported is a list of the OAuth 2.0 response_type values that this OP supports
	ResponseTypesSupported []string `json:"response_types_supported"`
	// ResponseModesSupported is a list of the OAuth 2.0 response_mode values that this OP supports
	ResponseModesSupported []string `json:"response_modes_supported"`
	// GrantTypesSupported is a list of the OAuth 2.0 Grant Type values that this OP supports
	GrantTypesSupported []string `json:"grant_types_supported"`
	// ACRValuesSupported is a list of the Authentication Context Class References that this OP supports
	ACRValuesSupported []string `json:"acr_values_supported"`
	// SubjectTypesSupported is a list of the Subject Identifier types that this OP supports
	SubjectTypesSupported []string `json:"subject_types_supported"`
	// IDTokenSigningAlgValuesSupported is a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT
	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
}

Openid configuration

type TokenError 

type TokenError struct {
	Name        string `json:"error"`
	Description string `json:"error_description"`
}

TokenError is a JSON response for an error in the token endpoint as per https://www.rfc-editor.org/rfc/rfc6749#section-5.2

func (*TokenError) Error 

func (e *TokenError) Error() string

func (*TokenError) RespondJSON 

func (e *TokenError) RespondJSON(w http.ResponseWriter)

type TokenRequest 

type TokenRequest struct {
	Code         string
	CodeVerifier string
	GrantType    string
	RedirectURI  string
	ClientID     string
}

func ParseTokenRequest 

func ParseTokenRequest(req *http.Request) TokenRequest

func TokenRequestFromValues 

func TokenRequestFromValues(values url.Values) TokenRequest

type TokenResource 

type TokenResource struct {
	PrivateKey   crypto.Signer
	PrivateKeyID string
	Origin       string
	// contains filtered or unexported fields
}

func (*TokenResource) ServeHTTP 

func (t *TokenResource) ServeHTTP(w http.ResponseWriter, req *http.Request)

type TokenResponse 

type TokenResponse struct {
	IDToken     string `json:"id_token"`
	AccessToken string `json:"access_token"`
	TokenType   string `json:"token_type"`
	ExpiresIn   int64  `json:"expires_in"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.