handler

package

v0.0.0-...-122f59b Latest Latest Go to latest Published: Apr 23, 2024 License: Apache-2.0 Imports: 45 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/authgear/authgear-server

Documentation ¶

Index ¶

Constants
Variables
func IsConsentRequiredError(err error) bool
type AccessTokenIssuer
type AnonymousIdentityProvider
type AnonymousUserHandler
- func (h *AnonymousUserHandler) IssuePromotionCode(req *http.Request, sessionType WebSessionType, refreshToken string) (code string, codeObj *anonymous.PromotionCode, err error)
- func (h *AnonymousUserHandler) SignupAnonymousUser(req *http.Request, clientID string, sessionType WebSessionType, ...) (*SignupAnonymousUserResult, error)
type AnonymousUserHandlerLogger
- func NewAnonymousUserHandlerLogger(lf *log.Factory) AnonymousUserHandlerLogger
type App2AppService
type AppSessionTokenService
type AuthenticationInfoService
type AuthorizationHandler
- func (h *AuthorizationHandler) Handle(r protocol.AuthorizationRequest) httputil.Result
- func (h *AuthorizationHandler) HandleConsentWithUserCancel(req *http.Request) httputil.Result
- func (h *AuthorizationHandler) HandleConsentWithUserConsent(req *http.Request) httputil.Result
- func (h *AuthorizationHandler) HandleConsentWithoutUserConsent(req *http.Request) (httputil.Result, *ConsentRequired)
type AuthorizationHandlerLogger
- func NewAuthorizationHandlerLogger(lf *log.Factory) AuthorizationHandlerLogger
type AuthorizationService
type ChallengeProvider
type CodeGrantService
- func (s *CodeGrantService) CreateCodeGrant(opts *CreateCodeGrantOptions) (code string, grant *oauth.CodeGrant, err error)
type ConsentRequired
type CookieManager
type CookiesGetter
type CreateCodeGrantOptions
type CreateSettingsActionGrantOptions
type EventService
type GraphService
type IDTokenIssuer
type IssueOfflineGrantOptions
type OAuthClientResolver
type OAuthSessionService
type PromotionCodeStore
type ProxyRedirectHandler
- func (h *ProxyRedirectHandler) Validate(redirectURIWithQuery string) error
type RevokeHandler
- func (h *RevokeHandler) Handle(r protocol.RevokeRequest) error
type ScopesValidator
type SessionManager
type SettingsActionGrantService
- func (s *SettingsActionGrantService) CreateSettingsActionGrant(opts *CreateSettingsActionGrantOptions) (code string, grant *oauth.SettingsActionGrant, err error)
type SignupAnonymousUserResult
type TokenGenerator
type TokenHandler
- func (h *TokenHandler) Handle(rw http.ResponseWriter, req *http.Request, r protocol.TokenRequest) httputil.Result
- func (h *TokenHandler) IssueAppSessionToken(refreshToken string) (string, *oauth.AppSessionToken, error)
- func (h *TokenHandler) IssueTokensForAuthorizationCode(client *config.OAuthClientConfig, r protocol.TokenRequest) (protocol.TokenResponse, error)
- func (h *TokenHandler) IssueTokensForSettingsActionCode(client *config.OAuthClientConfig, r protocol.TokenRequest) (protocol.TokenResponse, error)
type TokenHandlerLogger
- func NewTokenHandlerLogger(lf *log.Factory) TokenHandlerLogger
type TokenHandlerUserFacade
type TokenService
- func (s *TokenService) IssueAccessGrant(client *config.OAuthClientConfig, scopes []string, authzID string, ...) error
- func (s *TokenService) IssueOfflineGrant(client *config.OAuthClientConfig, opts IssueOfflineGrantOptions, ...) (*oauth.OfflineGrant, error)
- func (s *TokenService) ParseRefreshToken(token string) (*oauth.Authorization, *oauth.OfflineGrant, error)
type UIInfoResolver
type UIURLBuilder
type UserProvider
type WebSessionType

Constants ¶

View Source

const (
	CodeResponseType          = "code"
	NoneResponseType          = "none"
	SettingsActonResponseType = "urn:authgear:params:oauth:response-type:settings-action"
)

View Source

const (
	AnonymousRequestGrantType = "urn:authgear:params:oauth:grant-type:anonymous-request"
	BiometricRequestGrantType = "urn:authgear:params:oauth:grant-type:biometric-request"
	App2AppRequestGrantType   = "urn:authgear:params:oauth:grant-type:app2app-request"
	// nolint:gosec
	IDTokenGrantType        = "urn:authgear:params:oauth:grant-type:id-token"
	SettingsActionGrantType = "urn:authgear:params:oauth:grant-type:settings-action"
)

View Source

const AppSessionTokenDuration = duration.Short

View Source

const CodeGrantValidDuration = duration.Short

View Source

const PromotionCodeDuration = duration.Short

View Source

const SettingsActionGrantValidDuration = duration.Short

Variables ¶

View Source

var DependencySet = wire.NewSet(
	NewAuthorizationHandlerLogger,
	wire.Struct(new(AuthorizationHandler), "*"),
	NewTokenHandlerLogger,
	wire.Struct(new(TokenHandler), "*"),
	wire.Struct(new(RevokeHandler), "*"),
	NewAnonymousUserHandlerLogger,
	wire.Struct(new(AnonymousUserHandler), "*"),
	wire.Struct(new(TokenService), "*"),
	wire.Struct(new(CodeGrantService), "*"),
	wire.Struct(new(SettingsActionGrantService), "*"),
	wire.Struct(new(ProxyRedirectHandler), "*"),
)

View Source

var ErrInvalidRefreshToken = protocol.NewError("invalid_grant", "invalid refresh token")

View Source

var ErrLoggedInAsNormalUser = apierrors.NewInvalid("user logged in as normal user")

View Source

var ErrUnauthenticated = apierrors.NewUnauthorized("authentication required")

Functions ¶

func IsConsentRequiredError ¶

func IsConsentRequiredError(err error) bool

Types ¶

type AccessTokenIssuer ¶

type AccessTokenIssuer interface {
	EncodeAccessToken(client *config.OAuthClientConfig, grant *oauth.AccessGrant, userID string, token string) (string, error)
}

type AnonymousIdentityProvider ¶

type AnonymousIdentityProvider interface {
	List(userID string) ([]*identity.Anonymous, error)
}

type AnonymousUserHandler ¶

type AnonymousUserHandler struct {
	AppID       config.AppID
	OAuthConfig *config.OAuthConfig
	Logger      AnonymousUserHandlerLogger

	Graphs              GraphService
	Authorizations      AuthorizationService
	Clock               clock.Clock
	TokenService        TokenService
	UserProvider        UserProvider
	AnonymousIdentities AnonymousIdentityProvider
	PromotionCodes      PromotionCodeStore
	OAuthClientResolver OAuthClientResolver
}

func (*AnonymousUserHandler) IssuePromotionCode ¶

func (h *AnonymousUserHandler) IssuePromotionCode(
	req *http.Request,
	sessionType WebSessionType,
	refreshToken string,
) (code string, codeObj *anonymous.PromotionCode, err error)

func (*AnonymousUserHandler) SignupAnonymousUser ¶

func (h *AnonymousUserHandler) SignupAnonymousUser(
	req *http.Request,
	clientID string,
	sessionType WebSessionType,
	refreshToken string,
) (*SignupAnonymousUserResult, error)

SignupAnonymousUser return token response or api errors

type AnonymousUserHandlerLogger ¶

type AnonymousUserHandlerLogger struct{ *log.Logger }

func NewAnonymousUserHandlerLogger ¶

func NewAnonymousUserHandlerLogger(lf *log.Factory) AnonymousUserHandlerLogger

type App2AppService ¶

type App2AppService interface {
	ParseTokenUnverified(requestJWT string) (t *app2app.Request, err error)
	ParseToken(requestJWT string, key jwk.Key) (*app2app.Request, error)
}

type AppSessionTokenService ¶

type AppSessionTokenService interface {
	Handle(input oauth.AppSessionTokenInput) (httputil.Result, error)
}

type AuthenticationInfoService ¶

type AuthenticationInfoService interface {
	Get(entryID string) (*authenticationinfo.Entry, error)
	Delete(entryID string) error
}

type AuthorizationHandler ¶

type AuthorizationHandler struct {
	Context    context.Context
	AppID      config.AppID
	Config     *config.OAuthConfig
	HTTPConfig *config.HTTPConfig
	HTTPProto  httputil.HTTPProto
	HTTPOrigin httputil.HTTPOrigin
	AppDomains config.AppDomains
	Logger     AuthorizationHandlerLogger

	UIURLBuilder               UIURLBuilder
	UIInfoResolver             UIInfoResolver
	Authorizations             AuthorizationService
	ValidateScopes             ScopesValidator
	AppSessionTokenService     AppSessionTokenService
	AuthenticationInfoService  AuthenticationInfoService
	Clock                      clock.Clock
	Cookies                    CookieManager
	OAuthSessionService        OAuthSessionService
	CodeGrantService           CodeGrantService
	SettingsActionGrantService SettingsActionGrantService
	ClientResolver             OAuthClientResolver
}

func (*AuthorizationHandler) Handle ¶

func (h *AuthorizationHandler) Handle(r protocol.AuthorizationRequest) httputil.Result

func (*AuthorizationHandler) HandleConsentWithUserCancel ¶

func (h *AuthorizationHandler) HandleConsentWithUserCancel(req *http.Request) httputil.Result

func (*AuthorizationHandler) HandleConsentWithUserConsent ¶

func (h *AuthorizationHandler) HandleConsentWithUserConsent(req *http.Request) httputil.Result

func (*AuthorizationHandler) HandleConsentWithoutUserConsent ¶

func (h *AuthorizationHandler) HandleConsentWithoutUserConsent(req *http.Request) (httputil.Result, *ConsentRequired)

type AuthorizationHandlerLogger ¶

type AuthorizationHandlerLogger struct{ *log.Logger }

func NewAuthorizationHandlerLogger ¶

func NewAuthorizationHandlerLogger(lf *log.Factory) AuthorizationHandlerLogger

type AuthorizationService ¶

type AuthorizationService interface {
	GetByID(id string) (*oauth.Authorization, error)
	CheckAndGrant(
		clientID string,
		userID string,
		scopes []string,
	) (*oauth.Authorization, error)
	Check(
		clientID string,
		userID string,
		scopes []string,
	) (*oauth.Authorization, error)
}

type ChallengeProvider ¶

type ChallengeProvider interface {
	Consume(token string) (*challenge.Purpose, error)
}

type CodeGrantService ¶

type CodeGrantService struct {
	AppID         config.AppID
	CodeGenerator TokenGenerator
	Clock         clock.Clock

	CodeGrants oauth.CodeGrantStore
}

func (*CodeGrantService) CreateCodeGrant ¶

func (s *CodeGrantService) CreateCodeGrant(opts *CreateCodeGrantOptions) (code string, grant *oauth.CodeGrant, err error)

type ConsentRequired ¶

type ConsentRequired struct {
	UserID string
	Scopes []string
	Client *config.OAuthClientConfig
}

type CookieManager ¶

type CookieManager interface {
	GetCookie(r *http.Request, def *httputil.CookieDef) (*http.Cookie, error)
	ValueCookie(def *httputil.CookieDef, value string) *http.Cookie
	ClearCookie(def *httputil.CookieDef) *http.Cookie
}

type CookiesGetter ¶

type CookiesGetter interface {
	GetCookies() []*http.Cookie
}

type CreateCodeGrantOptions ¶

type CreateCodeGrantOptions struct {
	Authorization        *oauth.Authorization
	IDPSessionID         string
	AuthenticationInfo   authenticationinfo.T
	IDTokenHintSID       string
	RedirectURI          string
	AuthorizationRequest protocol.AuthorizationRequest
}

type CreateSettingsActionGrantOptions ¶

type CreateSettingsActionGrantOptions struct {
	Authorization        *oauth.Authorization
	IDPSessionID         string
	AuthenticationInfo   authenticationinfo.T
	IDTokenHintSID       string
	RedirectURI          string
	AuthorizationRequest protocol.AuthorizationRequest
}

type EventService ¶

type EventService interface {
	DispatchEventOnCommit(payload event.Payload) error
}

type GraphService ¶

type GraphService interface {
	NewGraph(ctx *interaction.Context, intent interaction.Intent) (*interaction.Graph, error)
	DryRun(contextValue interaction.ContextValues, fn func(*interaction.Context) (*interaction.Graph, error)) error
	Run(contextValue interaction.ContextValues, graph *interaction.Graph) error
	Accept(ctx *interaction.Context, graph *interaction.Graph, input interface{}) (*interaction.Graph, []interaction.Edge, error)
}

type IDTokenIssuer ¶

type IDTokenIssuer interface {
	IssueIDToken(opts oidc.IssueIDTokenOptions) (token string, err error)
}

type IssueOfflineGrantOptions ¶

type IssueOfflineGrantOptions struct {
	AuthenticationInfo authenticationinfo.T
	Scopes             []string
	AuthorizationID    string
	IDPSessionID       string
	DeviceInfo         map[string]interface{}
	IdentityID         string
	SSOEnabled         bool
	App2AppDeviceKey   jwk.Key
}

type OAuthClientResolver ¶

type OAuthClientResolver interface {
	ResolveClient(clientID string) *config.OAuthClientConfig
}

type OAuthSessionService ¶

type OAuthSessionService interface {
	Save(entry *oauthsession.Entry) (err error)
	Get(entryID string) (*oauthsession.Entry, error)
	Delete(entryID string) error
}

type PromotionCodeStore ¶

type PromotionCodeStore interface {
	CreatePromotionCode(code *anonymous.PromotionCode) error
}

type ProxyRedirectHandler ¶

type ProxyRedirectHandler struct {
	OAuthConfig *config.OAuthConfig
	HTTPOrigin  httputil.HTTPOrigin
	HTTPProto   httputil.HTTPProto
	AppDomains  config.AppDomains
}

func (*ProxyRedirectHandler) Validate ¶

func (h *ProxyRedirectHandler) Validate(redirectURIWithQuery string) error

type RevokeHandler ¶

type RevokeHandler struct {
	SessionManager SessionManager
	OfflineGrants  oauth.OfflineGrantStore
	AccessGrants   oauth.AccessGrantStore
}

func (*RevokeHandler) Handle ¶

func (h *RevokeHandler) Handle(r protocol.RevokeRequest) error

type ScopesValidator ¶

type ScopesValidator func(client *config.OAuthClientConfig, scopes []string) error

type SessionManager ¶

type SessionManager interface {
	RevokeWithEvent(session session.Session, isTermination bool, isAdminAPI bool) error
	RevokeWithoutEvent(session session.Session) error
}

type SettingsActionGrantService ¶

type SettingsActionGrantService struct {
	AppID         config.AppID
	CodeGenerator TokenGenerator
	Clock         clock.Clock

	SettingsActionGrants oauth.SettingsActionGrantStore
}

func (*SettingsActionGrantService) CreateSettingsActionGrant ¶

func (s *SettingsActionGrantService) CreateSettingsActionGrant(opts *CreateSettingsActionGrantOptions) (code string, grant *oauth.SettingsActionGrant, err error)

type SignupAnonymousUserResult ¶

type SignupAnonymousUserResult struct {
	TokenResponse interface{}
	Cookies       []*http.Cookie
}

type TokenGenerator ¶

type TokenGenerator func() string

type TokenHandler ¶

type TokenHandler struct {
	Context                context.Context
	AppID                  config.AppID
	Config                 *config.OAuthConfig
	AppDomains             config.AppDomains
	HTTPProto              httputil.HTTPProto
	HTTPOrigin             httputil.HTTPOrigin
	OAuthFeatureConfig     *config.OAuthFeatureConfig
	IdentityFeatureConfig  *config.IdentityFeatureConfig
	OAuthClientCredentials *config.OAuthClientCredentials
	Logger                 TokenHandlerLogger

	Authorizations           AuthorizationService
	CodeGrants               oauth.CodeGrantStore
	SettingsActionGrantStore oauth.SettingsActionGrantStore
	OfflineGrants            oauth.OfflineGrantStore
	AppSessionTokens         oauth.AppSessionTokenStore
	OfflineGrantService      oauth.OfflineGrantService
	Graphs                   GraphService
	IDTokenIssuer            IDTokenIssuer
	Clock                    clock.Clock
	TokenService             TokenService
	Events                   EventService
	SessionManager           SessionManager
	App2App                  App2AppService
	Challenges               ChallengeProvider
	CodeGrantService         CodeGrantService
	ClientResolver           OAuthClientResolver
	UIInfoResolver           UIInfoResolver
}

func (*TokenHandler) Handle ¶

func (h *TokenHandler) Handle(rw http.ResponseWriter, req *http.Request, r protocol.TokenRequest) httputil.Result

TODO: Write some tests

func (*TokenHandler) IssueAppSessionToken ¶

func (h *TokenHandler) IssueAppSessionToken(refreshToken string) (string, *oauth.AppSessionToken, error)

func (*TokenHandler) IssueTokensForAuthorizationCode ¶

func (h *TokenHandler) IssueTokensForAuthorizationCode(
	client *config.OAuthClientConfig,
	r protocol.TokenRequest,
) (protocol.TokenResponse, error)

nolint:gocognit

func (*TokenHandler) IssueTokensForSettingsActionCode ¶

func (h *TokenHandler) IssueTokensForSettingsActionCode(
	client *config.OAuthClientConfig,
	r protocol.TokenRequest,
) (protocol.TokenResponse, error)

nolint:gocognit

type TokenHandlerLogger ¶

type TokenHandlerLogger struct{ *log.Logger }

func NewTokenHandlerLogger ¶

func NewTokenHandlerLogger(lf *log.Factory) TokenHandlerLogger

type TokenHandlerUserFacade ¶

type TokenHandlerUserFacade interface {
	GetRaw(id string) (*user.User, error)
}

type TokenService ¶

type TokenService struct {
	RemoteIP        httputil.RemoteIP
	UserAgentString httputil.UserAgentString
	AppID           config.AppID
	Config          *config.OAuthConfig

	Authorizations      oauth.AuthorizationStore
	OfflineGrants       oauth.OfflineGrantStore
	AccessGrants        oauth.AccessGrantStore
	OfflineGrantService oauth.OfflineGrantService
	AccessEvents        *access.EventProvider
	AccessTokenIssuer   AccessTokenIssuer
	GenerateToken       TokenGenerator
	Clock               clock.Clock
	Users               TokenHandlerUserFacade
}

func (*TokenService) IssueAccessGrant ¶

func (s *TokenService) IssueAccessGrant(
	client *config.OAuthClientConfig,
	scopes []string,
	authzID string,
	userID string,
	sessionID string,
	sessionKind oauth.GrantSessionKind,
	resp protocol.TokenResponse,
) error

func (*TokenService) IssueOfflineGrant ¶

func (s *TokenService) IssueOfflineGrant(
	client *config.OAuthClientConfig,
	opts IssueOfflineGrantOptions,
	resp protocol.TokenResponse,
) (*oauth.OfflineGrant, error)

func (*TokenService) ParseRefreshToken ¶

func (s *TokenService) ParseRefreshToken(token string) (*oauth.Authorization, *oauth.OfflineGrant, error)

type UIInfoResolver ¶

type UIInfoResolver interface {
	ResolveForAuthorizationEndpoint(client *config.OAuthClientConfig, req protocol.AuthorizationRequest) (*oidc.UIInfo, *oidc.UIInfoByProduct, error)
	GetAuthenticationInfoID(req *http.Request) (string, bool)
}

type UIURLBuilder ¶

type UIURLBuilder interface {
	BuildAuthenticationURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry) (*url.URL, error)
	BuildSettingsActionURL(client *config.OAuthClientConfig, r protocol.AuthorizationRequest, e *oauthsession.Entry, redirectURI *url.URL) (*url.URL, error)
}

type UserProvider ¶

type UserProvider interface {
	Get(id string, role accesscontrol.Role) (*model.User, error)
}

type WebSessionType ¶

type WebSessionType string

const (
	WebSessionTypeCookie       WebSessionType = "cookie"
	WebSessionTypeRefreshToken WebSessionType = "refresh_token"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL