oauth

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 3, 2018 License: GPL-3.0 Imports: 24 Imported by: 0

Documentation

Overview

* OAuth Module Session Definitions * This session object is used internally to transfer user and expiry information to the storage providers * * AuthPlz Project (https://github.com/authplz/authplz-core) * Copyright 2017 Ryan Kurte

Index

Constants

View Source 
const (
	//OAuthSecretBytes is the length of OAuth secrets
	OAuthSecretBytes int = 32
)

Variables

View Source 
var ErrInternal = errors.New("OAuth internal error")

ErrInternal indicates an internal error in the OAuth controller This is a safe error return for the OAuth API to wrap underlying errors

Functions

func BindOauthContext 

func BindOauthContext(oc *Controller) func(ctx *APICtx, rw web.ResponseWriter, req *web.Request, next web.NextMiddlewareFunc)

BindOauthContext Helper middleware to bind module controller to API context

func NewAccessTokenWrap 

func NewAccessTokenWrap(i interface{}) interface{}

func NewAuthorizeCodeWrap 

func NewAuthorizeCodeWrap(i interface{}) fosite.Requester

func NewClientWrapper 

func NewClientWrapper(c interface{}) fosite.Client

NewClientWrapper creates a client wrapper around a Client interface object to support the methods required by Fosite

func NewRefreshTokenWrap 

func NewRefreshTokenWrap(i interface{}) interface{}

func NewSessionWrap 

func NewSessionWrap(s interface{}) fosite.Session

NewSessionWrap creates a session wrapper around a session object to support the methods required by fosite

func PackRequest 

func PackRequest(req *fosite.Request) (string, error)

func UnpackRequest 

func UnpackRequest(data string) (fosite.Request, error)

Types

type APICtx 

type APICtx struct {
	// Base context required by router
	*appcontext.AuthPlzCtx
	// contains filtered or unexported fields
}

APICtx API context instance

func (*APICtx) AccessTokenInfoGet 

func (c *APICtx) AccessTokenInfoGet(rw web.ResponseWriter, req *web.Request)

AccessTokenInfoGet Access Token Information endpoint

func (*APICtx) AuthorizeConfirmPost 

func (c *APICtx) AuthorizeConfirmPost(rw web.ResponseWriter, req *web.Request)

AuthorizeConfirmPost Confirm authorization of a token This finalises and stores the authentication, and redirects back to the calling service TODO: this endpoint /really/ needs CSRF / CORS protection

func (*APICtx) AuthorizePendingGet 

func (c *APICtx) AuthorizePendingGet(rw web.ResponseWriter, req *web.Request)

AuthorizePendingGet Fetch pending authorizations for a user

func (*APICtx) AuthorizeRequestGet 

func (c *APICtx) AuthorizeRequestGet(rw web.ResponseWriter, req *web.Request)

AuthorizeRequestGet External OAuth authorization endpoint

func (*APICtx) ClientsGet 

func (c *APICtx) ClientsGet(rw web.ResponseWriter, req *web.Request)

ClientsGet Lists clients bound owned by a user account

func (*APICtx) ClientsPost 

func (c *APICtx) ClientsPost(rw web.ResponseWriter, req *web.Request)

ClientsPost creates a new OAuth client

func (*APICtx) IntrospectPost 

func (c *APICtx) IntrospectPost(rw web.ResponseWriter, req *web.Request)

IntrospectPost Token Introspection endpoint

func (*APICtx) OptionsGet 

func (c *APICtx) OptionsGet(rw web.ResponseWriter, req *web.Request)

OptionsGet fetch OAuth client options

func (*APICtx) SessionsInfoGet 

func (c *APICtx) SessionsInfoGet(rw web.ResponseWriter, req *web.Request)

SessionsInfoGet Lists authorized sessions for a user

func (*APICtx) TokenPost 

func (c *APICtx) TokenPost(rw web.ResponseWriter, req *web.Request)

TokenPost Uses an authorization to fetch an access token

type AccessTokenInfo 

type AccessTokenInfo struct {
	RequestedAt time.Time
	ExpiresAt   time.Time
}

AccessTokenInfo is an access token information response

type AccessTokenSession 

type AccessTokenSession interface {
	SessionBase
	GetSignature() string
}

AccessTokenSession is an OAuth Access Token Session

type AccessTokenWrap 

type AccessTokenWrap struct {
	AccessTokenSession
}

func (*AccessTokenWrap) GetClient 

func (s *AccessTokenWrap) GetClient() fosite.Client

func (*AccessTokenWrap) GetGrantedScopes 

func (s *AccessTokenWrap) GetGrantedScopes() fosite.Arguments

func (*AccessTokenWrap) GetID 

func (s *AccessTokenWrap) GetID() string

func (*AccessTokenWrap) GetRequestForm 

func (s *AccessTokenWrap) GetRequestForm() url.Values

func (*AccessTokenWrap) GetRequestedScopes 

func (s *AccessTokenWrap) GetRequestedScopes() fosite.Arguments

func (*AccessTokenWrap) GetSession 

func (s *AccessTokenWrap) GetSession() fosite.Session

func (*AccessTokenWrap) Merge 

func (s *AccessTokenWrap) Merge(requester fosite.Requester)

func (*AccessTokenWrap) SetRequestedScopes 

func (s *AccessTokenWrap) SetRequestedScopes(scopes fosite.Arguments)

func (*AccessTokenWrap) SetSession 

func (s *AccessTokenWrap) SetSession(session fosite.Session)

type AuthorizationRequest 

type AuthorizationRequest struct {
	State       string   `json:"state"`
	Name        string   `json:"name"`
	RedirectURI string   `json:"redirect_uri"`
	Scopes      []string `json:"requested_scopes"`
}

AuthorizationRequest is a pending authorization request to be accepted by the user

type AuthorizeCodeSession 

type AuthorizeCodeSession interface {
	SessionBase
	GetCode() string
}

AuthorizeCodeSession is an OAuth Authorization Code Grant Session

type AuthorizeCodeWrap 

type AuthorizeCodeWrap struct {
	AuthorizeCodeSession
}

func (*AuthorizeCodeWrap) GetClient 

func (s *AuthorizeCodeWrap) GetClient() fosite.Client

func (*AuthorizeCodeWrap) GetGrantedScopes 

func (s *AuthorizeCodeWrap) GetGrantedScopes() fosite.Arguments

func (*AuthorizeCodeWrap) GetID 

func (s *AuthorizeCodeWrap) GetID() string

func (*AuthorizeCodeWrap) GetRequestForm 

func (s *AuthorizeCodeWrap) GetRequestForm() url.Values

func (*AuthorizeCodeWrap) GetRequestedScopes 

func (s *AuthorizeCodeWrap) GetRequestedScopes() fosite.Arguments

func (*AuthorizeCodeWrap) GetSession 

func (s *AuthorizeCodeWrap) GetSession() fosite.Session

func (*AuthorizeCodeWrap) Merge 

func (s *AuthorizeCodeWrap) Merge(requester fosite.Requester)

func (*AuthorizeCodeWrap) SetID 

func (s *AuthorizeCodeWrap) SetID(id string)

func (*AuthorizeCodeWrap) SetRequestedScopes 

func (s *AuthorizeCodeWrap) SetRequestedScopes(scopes fosite.Arguments)

func (*AuthorizeCodeWrap) SetSession 

func (s *AuthorizeCodeWrap) SetSession(session fosite.Session)

type AuthorizeConfirm 

type AuthorizeConfirm struct {
	Accept        bool     `json:"accept"`
	State         string   `json:"state"`
	GrantedScopes []string `json:"granted_scopes"`
}

AuthorizeConfirm is the confirmation for a given authorization request

type Client 

type Client interface {
	GetID() string
	GetName() string
	GetSecret() string
	GetRedirectURIs() []string
	GetUserData() interface{}
	GetScopes() []string
	GetGrantTypes() []string
	GetResponseTypes() []string
	IsPublic() bool
	GetCreatedAt() time.Time
	GetLastUsed() time.Time
	SetLastUsed(time.Time)
}

Client OAuth client application interface

type ClientReq 

type ClientReq struct {
	Name      string   `json:"name"`
	Scopes    []string `json:"scopes"`
	Redirects []string `json:"redirects"`
	Grants    []string `json:"grant_types"`
	Responses []string `json:"response_types"`
}

ClientReq is a client request object used to create an OAuth client

type ClientResp 

type ClientResp struct {
	ClientID      string    `json:"id"`
	Name          string    `json:"name"`
	CreatedAt     time.Time `json:"created_at"`
	LastUsed      time.Time `json:"last_used"`
	Scopes        []string  `json:"allowed_scopes"`
	GrantTypes    []string  `json:"grant_types"`
	ResponseTypes []string  `json:"response_types"`
	RedirectURIs  []string  `json:"redirect_uris"`
	Secret        string    `json:"secret"`
}

ClientResp is the API safe object returned by client requests

type ClientWrapper 

type ClientWrapper struct {
	Client
}

ClientWrapper overrides Client interface with Fosite specific types

func (ClientWrapper) GetGrantTypes 

func (c ClientWrapper) GetGrantTypes() fosite.Arguments

func (ClientWrapper) GetHashedSecret 

func (c ClientWrapper) GetHashedSecret() []byte

func (ClientWrapper) GetRedirectURIs 

func (c ClientWrapper) GetRedirectURIs() []string

func (ClientWrapper) GetResponseTypes 

func (c ClientWrapper) GetResponseTypes() fosite.Arguments

func (ClientWrapper) GetScopes 

func (c ClientWrapper) GetScopes() fosite.Arguments

type Controller 

type Controller struct {
	OAuth2 fosite.OAuth2Provider
	// contains filtered or unexported fields
}

Controller OAuth module controller

func NewController 

func NewController(store Storer, config config.OAuthConfig) *Controller

NewController Creates a new OAuth2 controller instance

func (*Controller) BindAPI 

func (oc *Controller) BindAPI(base *web.Router) *web.Router

BindAPI Binds oauth API endpoints to the provded router

func (*Controller) CreateClient 

func (oc *Controller) CreateClient(userID, clientName string, scopes, redirects, grantTypes, responseTypes []string, public bool) (*ClientResp, error)

CreateClient Creates an OAuth Client Credential grant based client for a given user This is used to authenticate simple devices and must be pre-created

func (*Controller) GetAccessTokenInfo 

func (oc *Controller) GetAccessTokenInfo(tokenString string) (*AccessTokenInfo, error)

GetAccessTokenInfo fetches information for a provided access token

func (*Controller) GetClients 

func (oc *Controller) GetClients(userID string) ([]ClientResp, error)

GetClients Fetch clients owned by a given user

func (*Controller) GetOptions 

func (oc *Controller) GetOptions(userID string) (*OptionResp, error)

func (*Controller) GetUserSessions 

func (oc *Controller) GetUserSessions(userID string) (*UserSessions, error)

GetUserSessions fetches a list of all OAuth sessions for a given user ID

func (*Controller) RemoveClient 

func (oc *Controller) RemoveClient(clientID string) error

RemoveClient Removes a client instance

func (*Controller) UpdateClient 

func (oc *Controller) UpdateClient(client Client) error

UpdateClient Update a client instance

type FositeAdaptor 

type FositeAdaptor struct {
	Storer Storer
}

FositeAdaptor adapts a generic interface for osin compliance

func NewAdaptor 

func NewAdaptor(s Storer) *FositeAdaptor

NewAdaptor creates a new wraper/adaptor around a Storer interface

func (*FositeAdaptor) CreateAccessTokenSession 

func (oa *FositeAdaptor) CreateAccessTokenSession(c context.Context, signature string, request fosite.Requester) (err error)

func (*FositeAdaptor) CreateAuthorizeCodeSession 

func (oa *FositeAdaptor) CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error)

func (*FositeAdaptor) CreateRefreshTokenSession 

func (oa *FositeAdaptor) CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

func (*FositeAdaptor) DeleteAccessTokenSession 

func (oa *FositeAdaptor) DeleteAccessTokenSession(ctx context.Context, signature string) (err error)

func (*FositeAdaptor) DeleteAuthorizeCodeSession 

func (oa *FositeAdaptor) DeleteAuthorizeCodeSession(ctx context.Context, code string) (err error)

func (*FositeAdaptor) DeleteRefreshTokenSession 

func (oa *FositeAdaptor) DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)

func (*FositeAdaptor) GetAccessTokenSession 

func (oa *FositeAdaptor) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

func (*FositeAdaptor) GetAuthorizeCodeSession 

func (oa *FositeAdaptor) GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error)

func (*FositeAdaptor) GetClient 

func (oa *FositeAdaptor) GetClient(ctx context.Context, id string) (fosite.Client, error)

func (*FositeAdaptor) GetRefreshTokenSession 

func (oa *FositeAdaptor) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

func (*FositeAdaptor) PersistAuthorizeCodeGrantSession 

func (oa *FositeAdaptor) PersistAuthorizeCodeGrantSession(ctx context.Context, authorizeCode, accessSignature, refreshSignature string,
	request fosite.Requester) error

func (*FositeAdaptor) PersistRefreshTokenGrantSession 

func (oa *FositeAdaptor) PersistRefreshTokenGrantSession(ctx context.Context, originalRefreshSignature, accessSignature,
	refreshSignature string, request fosite.Requester) error

func (*FositeAdaptor) RevokeAccessToken 

func (oa *FositeAdaptor) RevokeAccessToken(ctx context.Context, requestID string) error

func (*FositeAdaptor) RevokeRefreshToken 

func (oa *FositeAdaptor) RevokeRefreshToken(ctx context.Context, requestID string) error

type GrantInfo 

type GrantInfo struct {
	ID          string    `json:"id"`
	Type        string    `json:"type"`
	Scopes      []string  `json:"scopes"`
	RequestedAt time.Time `json:"requested_at"`
	ExpiresAt   time.Time `json:"expires_at"`
}

type OptionResp 

type OptionResp struct {
	Scopes        []string `json:"scopes"`
	GrantTypes    []string `json:"grant_types"`
	ResponseTypes []string `json:"response_types"`
}

type RefreshTokenSession 

type RefreshTokenSession interface {
	SessionBase
	GetSignature() string
}

RefreshTokenSession is an OAuth Refresh Token Session

type RefreshTokenWrap 

type RefreshTokenWrap struct {
	RefreshTokenSession
}

func (*RefreshTokenWrap) GetClient 

func (s *RefreshTokenWrap) GetClient() fosite.Client

func (*RefreshTokenWrap) GetGrantedScopes 

func (s *RefreshTokenWrap) GetGrantedScopes() fosite.Arguments

func (*RefreshTokenWrap) GetID 

func (s *RefreshTokenWrap) GetID() string

func (*RefreshTokenWrap) GetRequestForm 

func (s *RefreshTokenWrap) GetRequestForm() url.Values

func (*RefreshTokenWrap) GetRequestedScopes 

func (s *RefreshTokenWrap) GetRequestedScopes() fosite.Arguments

func (*RefreshTokenWrap) GetSession 

func (s *RefreshTokenWrap) GetSession() fosite.Session

func (*RefreshTokenWrap) Merge 

func (s *RefreshTokenWrap) Merge(requester fosite.Requester)

func (*RefreshTokenWrap) SetRequestedScopes 

func (s *RefreshTokenWrap) SetRequestedScopes(scopes fosite.Arguments)

func (*RefreshTokenWrap) SetSession 

func (s *RefreshTokenWrap) SetSession(session fosite.Session)

type Session 

type Session struct {
	UserID          string
	Username        string
	Subject         string
	AccessExpiry    time.Time
	RefreshExpiry   time.Time
	AuthorizeExpiry time.Time
	IDExpiry        time.Time
}

Session is an OAuth session for module use Relevant data is persisted with each grant type object and returned using a similar object meeting the UserSession interface from the datastore

func NewSession 

func NewSession(userID, username string) *Session

NewSession creates a new default session instance for a given user

func (*Session) Clone 

func (s *Session) Clone() interface{}

func (*Session) GetAccessExpiry 

func (s *Session) GetAccessExpiry() time.Time

func (*Session) GetAuthorizeExpiry 

func (s *Session) GetAuthorizeExpiry() time.Time

func (*Session) GetIDExpiry 

func (s *Session) GetIDExpiry() time.Time

func (*Session) GetRefreshExpiry 

func (s *Session) GetRefreshExpiry() time.Time

func (*Session) GetSubject 

func (s *Session) GetSubject() string

func (*Session) GetUserID 

func (s *Session) GetUserID() string

func (*Session) GetUsername 

func (s *Session) GetUsername() string

func (*Session) SetAccessExpiry 

func (s *Session) SetAccessExpiry(t time.Time)

func (*Session) SetAuthorizeExpiry 

func (s *Session) SetAuthorizeExpiry(t time.Time)

func (*Session) SetIDExpiry 

func (s *Session) SetIDExpiry(t time.Time)

func (*Session) SetRefreshExpiry 

func (s *Session) SetRefreshExpiry(t time.Time)

type SessionBase 

type SessionBase interface {
	GetClient() interface{}
	GetSession() interface{}
	SetSession(session interface{})

	GetRequestID() string
	SetRequestID(string)
	GetUserID() string

	GetRequestedAt() time.Time
	GetExpiresAt() time.Time

	GetRequestedScopes() []string
	SetRequestedScopes(scopes []string)
	AppendRequestedScope(scope string)

	GetGrantedScopes() []string
	GrantScope(scope string)

	Merge(interface{})
}

SessionBase defines the common interface across all OAuth sessions

type SessionWrap 

type SessionWrap struct {
	UserSession
}

SessionWrap overrides the Session interface with Fosite specific types

func (*SessionWrap) Clone 

func (s *SessionWrap) Clone() fosite.Session

func (*SessionWrap) GetExpiresAt 

func (session *SessionWrap) GetExpiresAt(key fosite.TokenType) time.Time

GetExpiresAt fetches the expiry date for a given token type

func (*SessionWrap) GetSubject 

func (s *SessionWrap) GetSubject() string

func (*SessionWrap) GetUsername 

func (s *SessionWrap) GetUsername() string

func (*SessionWrap) SetExpiresAt 

func (session *SessionWrap) SetExpiresAt(key fosite.TokenType, exp time.Time)

SetExpiresAt sets the expiry date of a session instance

type Storer 

type Storer interface {
	// User storage
	GetUserByExtID(userid string) (interface{}, error)

	// Client (application) storage
	AddClient(userID, clientID, clientName, secret string, scopes, redirects, grantTypes, responseTypes []string, public bool) (interface{}, error)
	GetClientByID(clientID string) (interface{}, error)
	GetClientsByUserID(userID string) ([]interface{}, error)
	UpdateClient(client interface{}) (interface{}, error)
	RemoveClientByID(clientID string) error

	// Authorization code storage
	AddAuthorizeCodeSession(userID, clientID, code, requestID string, requestedAt, expiresAt time.Time, scopes, grantedScopes []string) (interface{}, error)
	GetAuthorizeCodeSession(code string) (interface{}, error)
	GetAuthorizeCodeSessionByRequestID(requestID string) (interface{}, error)
	GetAuthorizeCodeSessionsByUserID(userID string) ([]interface{}, error)
	RemoveAuthorizeCodeSession(code string) error

	// Access Token storage
	AddAccessTokenSession(userID, clientID, signature, requestID string, requestedAt, expiresAt time.Time,
		scopes, grantedScopes []string) (interface{}, error)
	GetAccessTokenSession(sgnature string) (interface{}, error)
	GetClientByAccessTokenSession(token string) (interface{}, error)
	GetAccessTokenSessionByRequestID(requestID string) (interface{}, error)
	GetAccessTokenSessionsByUserID(userID string) ([]interface{}, error)
	RemoveAccessTokenSession(token string) error

	// Refresh token storage
	AddRefreshTokenSession(userID, clientID, signature, requestID string, requestedAt, expiresAt time.Time, scopes, grantedScopes []string) (interface{}, error)
	GetRefreshTokenBySignature(signature string) (interface{}, error)
	GetRefreshTokenSessionByRequestID(requestID string) (interface{}, error)
	GetRefreshTokenSessionsByUserID(userID string) ([]interface{}, error)
	RemoveRefreshToken(signature string) error
}

Storer OAuth storage interface This must be implemented by the underlying storage device

type User 

type User interface {
	GetExtID() string
	IsAdmin() bool
}

User OAuth user interface

type UserSession 

type UserSession interface {
	GetUserID() string
	GetUsername() string
	GetSubject() string

	// Get and Set expiry times
	SetAccessExpiry(time.Time)
	GetAccessExpiry() time.Time
	SetRefreshExpiry(time.Time)
	GetRefreshExpiry() time.Time
	SetAuthorizeExpiry(time.Time)
	GetAuthorizeExpiry() time.Time
	SetIDExpiry(time.Time)
	GetIDExpiry() time.Time

	Clone() interface{}
}

UserSession is user data associated with an OAuth session

type UserSessions 

type UserSessions struct {
	AuthorizationCodes []GrantInfo `json:"authorization_codes"`
	RefreshTokens      []GrantInfo `json:"refresh_tokens"`
	AccessCodes        []GrantInfo `json:"access_codes"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.