README
¶
oauth2 中间件
适用于 Gin-Gonic 的OAuth 2.0授权服务器和授权中间件
该库提供了基于Gin-Gonic的OAuth 2.0授权服务器以及可在与Gin-Gonic开发的资源服务器中使用的授权中间件。
授权服务器
授权服务器由OAuthBearerServer结构实现,该结构管理两种授权类型的授权(password和client_credentials)。使该授权服务器提供可用于消耗资源API的授权令牌。
密码授予类型
OAuthBearerServer支持密码授予类型,允许为用户名/密码凭证生成令牌。
客户凭证授予类型
OAuthBearerServer支持client_credentials授予类型,允许为appid/secret凭证生成令牌。
授权码和隐式授予类型
实现支持AuthorizationCodeVerifier接口的这些授权类型。ValidateResponseCode一阶段调用,ValidateCode方法在授权代码授予类型评估的第二阶段被调用。
刷新令牌授予类型
如果授权令牌将过期,则客户端可以通过调用授权服务器并使用refresh_token授予类型来重新生成令牌。
授权中间件
Gin-Gonic中间件BearerAuthentication拦截资源服务器调用,并仅授权包含有效承载令牌的资源请求。
令牌格式化程序
授权服务器使用令牌格式化程序对令牌进行加密,而授权中间件使用相同的令牌格式化程序对令牌进行解密。该库包含基于算法SHA256和RC4的名为_ SHA256RC4TokenSecureFormatter_的格式化程序接口的默认实现。程序员可以开发自己的Token Formatter,以实现TokenSecureFormatter接口,在生产环境中发布API之前,确实建议这样做。
凭证验证器
首先调用ValidateUser()或ValidateClient()进行凭据验证
AddClaims()用于将信息添加到将被加密的令牌中
StoreTokenId()的令牌生成之后,但在反应之前被调用,程序员可以使用用于存储生成的ID有一个在另一种方法中此方法CredentialsVerifier它们是在刷新令牌过程涉及接口。在这种情况下,将按以下顺序调用方法:
首先调用TokenId验证的ValidateTokenId(),该方法接收与刷新令牌相关的令牌相关的TokenId
AddClaims()用于将信息添加到将被加密的令牌中
在令牌重新生成之后但在响应之前调用的StoreTokenId(),程序员可以使用此方法存储生成的ID
授权服务器使用示例
有关完整示例,请参见 test.txt
请注意,授权服务器和授权中间件都使用相同的令牌格式化程序和相同的密钥进行加密/解密。
Reference
License
Documentation
¶
Index ¶
- Constants
- func Authorize(secretKey string, formatter TokenSecureFormatter) gin.HandlerFunc
- func Fail(c *gin.Context, code, message interface{})
- func Successful(c *gin.Context, data interface{})
- type Any
- type AuthorizationCodeVerifier
- type BearerAuthentication
- type CredentialsVerifier
- type OAuthBearerServer
- func (s *OAuthBearerServer) AuthAccessToken(ctx *gin.Context)
- func (s *OAuthBearerServer) AuthRefreshToken(ctx *gin.Context)
- func (s *OAuthBearerServer) AuthorizationCode(ctx *gin.Context)
- func (s *OAuthBearerServer) Authorize(ctx *gin.Context)
- func (s *OAuthBearerServer) ClientCredentials(ctx *gin.Context)
- func (s *OAuthBearerServer) UserCredentials(ctx *gin.Context)
- type RC4TokenSecureFormatter
- type RefreshToken
- type SHA256RC4TokenSecureFormatter
- type Token
- type TokenProvider
- func (tp *TokenProvider) CryptRefreshToken(t *RefreshToken) (token string, err error)
- func (tp *TokenProvider) CryptToken(t *Token) (token string, err error)
- func (tp *TokenProvider) DecryptRefreshTokens(refreshToken string) (refresh *RefreshToken, err error)
- func (tp *TokenProvider) DecryptToken(token string) (t *Token, err error)
- type TokenResponse
- type TokenSecureFormatter
Constants ¶
View Source
const (
TOKEN_TYPE = "Bearer"
)
Variables ¶
This section is empty.
Functions ¶
func Authorize ¶
func Authorize(secretKey string, formatter TokenSecureFormatter) gin.HandlerFunc
func Successful ¶
Types ¶
type BearerAuthentication ¶
type BearerAuthentication struct {
// contains filtered or unexported fields
}
func NewBearerAuthentication ¶
func NewBearerAuthentication(secretKey string, formatter TokenSecureFormatter) *BearerAuthentication
func (*BearerAuthentication) Authorize ¶
func (ba *BearerAuthentication) Authorize(ctx *gin.Context)
type CredentialsVerifier ¶
type CredentialsVerifier interface {
ValidateUser(username, password, scope string, req *http.Request) error
ValidateClient(appid, secret, scope string, req *http.Request) error
AddClaims(credential, tokenID, tokenType, scope string) (map[string]string, error)
StoreTokenId(credential, tokenID, refreshTokenID, tokenType string) error
ValidateTokenId(credential, tokenID, refreshTokenID, tokenType string) error
ValidateResponseCode(appid, redirectURI, state, scope string) (int, interface{})
}
type OAuthBearerServer ¶
func NewOAuthBearerServer ¶
func NewOAuthBearerServer(secretKey string, ttl time.Duration, verifier CredentialsVerifier, formatter TokenSecureFormatter) *OAuthBearerServer
func (*OAuthBearerServer) AuthAccessToken ¶
func (s *OAuthBearerServer) AuthAccessToken(ctx *gin.Context)
func (*OAuthBearerServer) AuthRefreshToken ¶
func (s *OAuthBearerServer) AuthRefreshToken(ctx *gin.Context)
func (*OAuthBearerServer) AuthorizationCode ¶
func (s *OAuthBearerServer) AuthorizationCode(ctx *gin.Context)
func (*OAuthBearerServer) Authorize ¶
func (s *OAuthBearerServer) Authorize(ctx *gin.Context)
func (*OAuthBearerServer) ClientCredentials ¶
func (s *OAuthBearerServer) ClientCredentials(ctx *gin.Context)
func (*OAuthBearerServer) UserCredentials ¶
func (s *OAuthBearerServer) UserCredentials(ctx *gin.Context)
type RC4TokenSecureFormatter ¶
type RC4TokenSecureFormatter struct {
// contains filtered or unexported fields
}
func NewRC4TokenSecurityProvider ¶
func NewRC4TokenSecurityProvider(key []byte) *RC4TokenSecureFormatter
func (*RC4TokenSecureFormatter) CryptToken ¶
func (sc *RC4TokenSecureFormatter) CryptToken(source []byte) ([]byte, error)
func (*RC4TokenSecureFormatter) DecryptToken ¶
func (sc *RC4TokenSecureFormatter) DecryptToken(source []byte) ([]byte, error)
type RefreshToken ¶
type SHA256RC4TokenSecureFormatter ¶
type SHA256RC4TokenSecureFormatter struct {
// contains filtered or unexported fields
}
func NewSHA256RC4TokenSecurityProvider ¶
func NewSHA256RC4TokenSecurityProvider(key []byte) *SHA256RC4TokenSecureFormatter
func (*SHA256RC4TokenSecureFormatter) CryptToken ¶
func (sc *SHA256RC4TokenSecureFormatter) CryptToken(source []byte) ([]byte, error)
func (*SHA256RC4TokenSecureFormatter) DecryptToken ¶
func (sc *SHA256RC4TokenSecureFormatter) DecryptToken(source []byte) ([]byte, error)
type TokenProvider ¶
type TokenProvider struct {
// contains filtered or unexported fields
}
func NewTokenProvider ¶
func NewTokenProvider(formatter TokenSecureFormatter) *TokenProvider
func (*TokenProvider) CryptRefreshToken ¶
func (tp *TokenProvider) CryptRefreshToken(t *RefreshToken) (token string, err error)
func (*TokenProvider) CryptToken ¶
func (tp *TokenProvider) CryptToken(t *Token) (token string, err error)
func (*TokenProvider) DecryptRefreshTokens ¶
func (tp *TokenProvider) DecryptRefreshTokens(refreshToken string) (refresh *RefreshToken, err error)
func (*TokenProvider) DecryptToken ¶
func (tp *TokenProvider) DecryptToken(token string) (t *Token, err error)
type TokenResponse ¶
Source Files
Click to show internal directories.
Click to hide internal directories.