go.auth: github.com/bradrydzewski/go.auth Index | Files | Directories

package auth

import "github.com/bradrydzewski/go.auth"

Index

Package Files

auth.go bitbucket.go cookie.go oauth1.go oauth2.go oauth2_github.go oauth2_google.go openid.go twitter.go

Constants

const (
    GoogleOpenIdEndpoint = "https://accounts.google.com/o/openid2/auth"
)

Variables

var (
    ErrSessionExpired      = errors.New("User session Expired")
    ErrInvalidCookieFormat = errors.New("Invalid Cookie Format")
)

Error messages related to the Secure Cookie parsing and verification

var Config = &AuthConfig{
    CookieName:           "_sess",
    CookieExp:            time.Hour * 24 * 14,
    CookieMaxAge:         0,
    CookieSecure:         true,
    CookieHttpOnly:       true,
    LoginRedirect:        "/auth/login",
    LoginSuccessRedirect: "/",
}

Config is the default implementation of Config, and is used by DetaultAuthCallback, Secure, and SecureFunc.

var DefaultFailure = func(w http.ResponseWriter, r *http.Request, err error) {
    http.Error(w, err.Error(), http.StatusForbidden)
}

DefaultFailure will return an http Forbidden code indicating a failed authentication.

var DefaultSuccess = func(w http.ResponseWriter, r *http.Request, u User, t Token) {
    SetUserCookie(w, r, u)
    http.Redirect(w, r, Config.LoginSuccessRedirect, http.StatusSeeOther)
}

DefaultSuccess will redirect a User, using an http.Redirect, to the Config.LoginSuccessRedirect url upon successful authentication.

var (
    ErrAuthDeclined = errors.New("Login was unsuccessful or cancelled by User")
)

func DeleteUserCookie Uses

func DeleteUserCookie(w http.ResponseWriter, r *http.Request)

DeleteUserCookie removes a secure cookie that was created for the user's login session. This effectively logs a user out of the system.

func DeleteUserCookieName Uses

func DeleteUserCookieName(w http.ResponseWriter, r *http.Request, name string)

DeleteUserCookieName removes a secure cookie with the specified name.

func SecureFunc Uses

func SecureFunc(handler http.HandlerFunc) http.HandlerFunc

SecureFunc will attempt to verify a user session exists prior to executing the http.HandlerFunc. If no valid sessions exists, the user will be redirected to the Config.LoginRedirect Url.

func SecureGuest Uses

func SecureGuest(handler SecureHandlerFunc) http.HandlerFunc

SecureGuest will attempt to retireve authenticated User details from the current session when invoking the auth.SecureHandlerFunc function. If no User details are found the handler will allow the user to proceed as a guest, which means the User details will be nil.

This function is intended for pages that are Publicly visible, but display additional details for authenticated users.

func SecureUser Uses

func SecureUser(handler SecureHandlerFunc) http.HandlerFunc

SecureUser will attempt to verify a user session exists prior to executing the auth.SecureHandlerFunc function. If no valid sessions exists, the user will be redirected to a login URL.

func SetUserCookie Uses

func SetUserCookie(w http.ResponseWriter, r *http.Request, user User)

SetUserCookie creates a secure cookie for the given username, indicating the user is authenticated.

func SetUserCookieOpts Uses

func SetUserCookieOpts(w http.ResponseWriter, cookie *http.Cookie, user User)

SetUserCookieOpts creates a secure cookie for the given User and with the specified cookie options.

type AuthConfig Uses

type AuthConfig struct {
    CookieSecret         []byte
    CookieName           string
    CookieExp            time.Duration
    CookieMaxAge         int
    CookieSecure         bool
    CookieHttpOnly       bool
    LoginRedirect        string
    LoginSuccessRedirect string
}

AuthConfig holds configuration parameters used when authenticating a user and creating a secure cookie user session.

type AuthHandler Uses

type AuthHandler struct {

    // Success specifies a function to execute upon successful authentication.
    // If Success is nil, the DefaultSuccess func is used.
    Success func(w http.ResponseWriter, r *http.Request, u User, t Token)

    // Failure specifies a function to execute upon failing authentication.
    // If Failure is nil, the DefaultFailure func is used.
    Failure func(w http.ResponseWriter, r *http.Request, err error)
    // contains filtered or unexported fields
}

AuthHandler is an HTTP Handler that authenticates an http.Request using the specified AuthProvider.

func Bitbucket Uses

func Bitbucket(key, secret, callback string) *AuthHandler

Bitbucket allocates and returns a new AuthHandler, using the BitbucketProvider.

func Github Uses

func Github(client, secret, scope string) *AuthHandler

Github allocates and returns a new AuthHandler, using the GithubProvider.

func Google Uses

func Google(client, secret, redirect string) *AuthHandler

Google allocates and returns a new AuthHandler, using the GoogleProvider.

func New Uses

func New(p AuthProvider) *AuthHandler

New allocates and returns a new AuthHandler, using the specified AuthProvider.

func OpenId Uses

func OpenId(url string) *AuthHandler

OpenId allocates and returns a new AuthHandler, using the OpenIdProvider.

func Twitter Uses

func Twitter(key, secret, callback string) *AuthHandler

Twitter allocates and returns a new AuthHandler, using the TwitterProvider.

func (*AuthHandler) ServeHTTP Uses

func (self *AuthHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP handles the authentication request and manages the authentication flow.

type AuthProvider Uses

type AuthProvider interface {

    // RedirectRequired returns a boolean value indicating if the request
    // should be redirected to the authentication provider's login screen.
    RedirectRequired(r *http.Request) bool

    // Redirect will do an http.Redirect, sending the user to the authentication
    // provider's login screen.
    Redirect(w http.ResponseWriter, r *http.Request)

    // GetAuthenticatedUser will retrieve the authenticated User from the
    // http.Request object.
    GetAuthenticatedUser(w http.ResponseWriter, r *http.Request) (User, Token, error)
}

An AuthProvider interface is used by an AuthHandler to authenticate a user over HTTP. Example implementations of an AuthProvider might be OAuth, OpenId, or SAML.

type BitbucketProvider Uses

type BitbucketProvider struct {
    OAuth1Mixin
}

BitbucketProvider is an implementation of Bitbucket's Oauth1.0a protocol. See https://confluence.atlassian.com/display/BITBUCKET/OAuth+on+Bitbucket

func NewBitbucketProvider Uses

func NewBitbucketProvider(key, secret, callback string) *BitbucketProvider

NewBitbucketProvider allocates and returns a new BitbucketProvider.

func (*BitbucketProvider) GetAuthenticatedUser Uses

func (self *BitbucketProvider) GetAuthenticatedUser(w http.ResponseWriter, r *http.Request) (User, Token, error)

GetAuthenticatedUser will upgrade the oauth_token to an access token, and invoke the appropriate Bitbucket REST API call to get the User's information.

type BitbucketUser Uses

type BitbucketUser struct {
    UserId        string `json:"username"`
    UserPicture   string `json:"avatar"`
    UserLastName  string `json:"last_name"`
    UserFirstName string `json:"first_name"`
}

func (*BitbucketUser) Email Uses

func (u *BitbucketUser) Email() string

func (*BitbucketUser) Id Uses

func (u *BitbucketUser) Id() string
func (u *BitbucketUser) Link() string

func (*BitbucketUser) Name Uses

func (u *BitbucketUser) Name() string

func (*BitbucketUser) Org Uses

func (u *BitbucketUser) Org() string

func (*BitbucketUser) Picture Uses

func (u *BitbucketUser) Picture() string

func (*BitbucketUser) Provider Uses

func (u *BitbucketUser) Provider() string

type GitHubUser Uses

type GitHubUser struct {
    UserEmail    interface{} `json:"email"`
    UserName     interface{} `json:"name"`
    UserGravatar interface{} `json:"gravatar_id"`
    UserCompany  interface{} `json:"company"`
    UserLink     interface{} `json:"html_url"`
    UserLogin    string      `json:"login"`
}

func (*GitHubUser) Email Uses

func (u *GitHubUser) Email() string

func (*GitHubUser) Id Uses

func (u *GitHubUser) Id() string
func (u *GitHubUser) Link() string

func (*GitHubUser) Name Uses

func (u *GitHubUser) Name() string

func (*GitHubUser) Org Uses

func (u *GitHubUser) Org() string

func (*GitHubUser) Picture Uses

func (u *GitHubUser) Picture() string

func (*GitHubUser) Provider Uses

func (u *GitHubUser) Provider() string

type GithubProvider Uses

type GithubProvider struct {
    OAuth2Mixin
    Scope string
}

GithubProvider is an implementation of Github's Oauth2 protocol. See http://developer.github.com/v3/oauth/

func NewGithubProvider Uses

func NewGithubProvider(clientId, clientSecret, scope string) *GithubProvider

NewGithubProvider allocates and returns a new GithubProvider.

func (*GithubProvider) GetAuthenticatedUser Uses

func (self *GithubProvider) GetAuthenticatedUser(w http.ResponseWriter, r *http.Request) (User, Token, error)

GetAuthenticatedUser will retrieve the Authentication User from the http.Request object.

func (*GithubProvider) Redirect Uses

func (self *GithubProvider) Redirect(w http.ResponseWriter, r *http.Request)

Redirect will do an http.Redirect, sending the user to the Github login screen.

type GoogleProvider Uses

type GoogleProvider struct {
    OAuth2Mixin
}

GoogleProvider is an implementation of Google's Oauth2 for web application flow. See https://developers.google.com/accounts/docs/OAuth2WebServer

func NewGoogleProvider Uses

func NewGoogleProvider(client, secret, redirect string) *GoogleProvider

NewGoogleProvider allocates and returns a new GoogleProvider.

func (*GoogleProvider) GetAuthenticatedUser Uses

func (self *GoogleProvider) GetAuthenticatedUser(w http.ResponseWriter, r *http.Request) (User, Token, error)

GetAuthenticatedUser will retrieve the Authentication User from the http.Request object.

func (*GoogleProvider) Redirect Uses

func (self *GoogleProvider) Redirect(w http.ResponseWriter, r *http.Request)

Redirect will do an http.Redirect, sending the user to the Google login screen.

type GoogleUser Uses

type GoogleUser struct {
    UserId      string `json:"id"`
    UserEmail   string `json:"email"`
    UserPicture string `json:"picture"`
    UserName    string `json:"name"`
    UserLink    string `json:"link"`
}

GoogleUser represents a Google user object returned by the OAuth2 service.

func (*GoogleUser) Email Uses

func (u *GoogleUser) Email() string

func (*GoogleUser) Id Uses

func (u *GoogleUser) Id() string
func (u *GoogleUser) Link() string

func (*GoogleUser) Name Uses

func (u *GoogleUser) Name() string

func (*GoogleUser) Org Uses

func (u *GoogleUser) Org() string

func (*GoogleUser) Picture Uses

func (u *GoogleUser) Picture() string

func (*GoogleUser) Provider Uses

func (u *GoogleUser) Provider() string

type OAuth1Mixin Uses

type OAuth1Mixin struct {
    oauth1.Consumer
}

Abstract implementation of OAuth2 for user authentication.

func (*OAuth1Mixin) AuthorizeRedirect Uses

func (self *OAuth1Mixin) AuthorizeRedirect(w http.ResponseWriter, r *http.Request, endpoint string) error

Redirects the User to the OAuth1.0a provider's Login Screen. A RequestToken is requested from the Provider, and included in the URL's oauth_token param.

A Successful Login / Authorization should return both the oauth_token and the oauth_verifier to the callback URL.

func (*OAuth1Mixin) AuthorizeToken Uses

func (self *OAuth1Mixin) AuthorizeToken(w http.ResponseWriter, r *http.Request) (*oauth1.AccessToken, error)

AuthorizeToken trades the Verification Code (oauth_verification) for an Access Token.

func (*OAuth1Mixin) GetAuthenticatedUser Uses

func (self *OAuth1Mixin) GetAuthenticatedUser(endpoint string, token *oauth1.AccessToken, resp interface{}) error

func (*OAuth1Mixin) Redirect Uses

func (self *OAuth1Mixin) Redirect(w http.ResponseWriter, r *http.Request)

Redirect will do an http.Redirect, sending the user to the Provider's login screen.

func (*OAuth1Mixin) RedirectRequired Uses

func (self *OAuth1Mixin) RedirectRequired(r *http.Request) bool

RedirectRequired returns a boolean value indicating if the request should be redirected to the Provider's login screen, in order to provide an OAuth Verifier Token.

type OAuth2Mixin Uses

type OAuth2Mixin struct {
    oauth2.Client
}

Abstract implementation of OAuth2 for user authentication.

func (*OAuth2Mixin) AuthorizeRedirect Uses

func (self *OAuth2Mixin) AuthorizeRedirect(w http.ResponseWriter, r *http.Request, scope string)

Redirects the User to the Login Screen

func (*OAuth2Mixin) GetAccessToken Uses

func (self *OAuth2Mixin) GetAccessToken(r *http.Request) (*oauth2.Token, error)

Exchanges the verifier for an OAuth2 Access Token.

func (*OAuth2Mixin) GetAuthenticatedUser Uses

func (self *OAuth2Mixin) GetAuthenticatedUser(endpoint string, accessToken string, resp interface{}) error

Gets the Authenticated User

func (*OAuth2Mixin) RedirectRequired Uses

func (self *OAuth2Mixin) RedirectRequired(r *http.Request) bool

RedirectRequired returns a boolean value indicating if the request should be redirected to the Provider's login screen, in order to provide an OAuth Access Token.

type OpenIdProvider Uses

type OpenIdProvider struct {
    // contains filtered or unexported fields
}

Base implementation of OpenID for user authentication.

func NewOpenIdProvider Uses

func NewOpenIdProvider(endpoint string) *OpenIdProvider

NewOpenIdProvider allocates and returns a new OpenIdProvider.

func (*OpenIdProvider) GetAuthenticatedUser Uses

func (self *OpenIdProvider) GetAuthenticatedUser(w http.ResponseWriter, r *http.Request) (User, Token, error)

GetAuthenticatedUser will retrieve the User information from the URL query parameters, per the OpenID specification. If the authentication failed, the function will return an error.

func (*OpenIdProvider) Redirect Uses

func (self *OpenIdProvider) Redirect(w http.ResponseWriter, r *http.Request)

Redirect will send the user to the OpenId Authentication URL

func (*OpenIdProvider) RedirectRequired Uses

func (self *OpenIdProvider) RedirectRequired(r *http.Request) bool

type SecureHandlerFunc Uses

type SecureHandlerFunc func(w http.ResponseWriter, r *http.Request, u User)

SecureHandlerFunc type is an adapter that extends the standard http.HandlerFunc to include the authenticated User details.

type Token Uses

type Token interface {
    Token() string
}

Passes back the OAuth Token. This will likely be the oauth2.Token or the oauth1.AccessToken... will need to cast to the appropriate value if you need specific fields (for now).

type TwitterProvider Uses

type TwitterProvider struct {
    OAuth1Mixin
}

TwitterProvider is an implementation of Twitters's Oauth1.0a protocol. See https://dev.twitter.com/docs/auth/implementing-sign-twitter

func NewTwitterProvider Uses

func NewTwitterProvider(key, secret, callback string) *TwitterProvider

NewTwitterProvider allocates and returns a new BitbucketProvider.

func (*TwitterProvider) GetAuthenticatedUser Uses

func (self *TwitterProvider) GetAuthenticatedUser(w http.ResponseWriter, r *http.Request) (User, Token, error)

GetAuthenticatedUser will upgrade the oauth_token to an access token, and invoke the appropriate Twitter REST API call to get the User's information.

type TwitterUser Uses

type TwitterUser struct {
    UserId string `json:"screen_name"`
}

func (*TwitterUser) Email Uses

func (u *TwitterUser) Email() string

func (*TwitterUser) Id Uses

func (u *TwitterUser) Id() string
func (u *TwitterUser) Link() string

func (*TwitterUser) Name Uses

func (u *TwitterUser) Name() string

func (*TwitterUser) Org Uses

func (u *TwitterUser) Org() string

func (*TwitterUser) Picture Uses

func (u *TwitterUser) Picture() string

func (*TwitterUser) Provider Uses

func (u *TwitterUser) Provider() string

type User Uses

type User interface {
    Id() string       // Unique identifier of the user
    Provider() string // Name of the Authentication Provider (ie google, github)
    Name() string     // Name of the User (ie lastname, firstname)
    Email() string    // Email Address of the User
    Org() string      // Company or Organization the User belongs to
    Picture() string  // URL of the User's Profile picture
    Link() string     // URL of the User's Profile page
}

A User is returned by the AuthProvider upon success authentication.

func GetUserCookie Uses

func GetUserCookie(r *http.Request) (User, error)

GetUserCookie will get the User data from the http session. If the session is inactive, or if the session has expired, then an error will be returned.

func GetUserCookieName Uses

func GetUserCookieName(r *http.Request, name string) (User, error)

GetUserCookieName will get the User data from the http session for the specified secure cookie. If the session is inactive, or if the session has expired, then an error will be returned.

Directories

PathSynopsis
examples/bitbucket
examples/github
examples/google
examples/multiple
examples/openid
examples/twitter
examples/twitter/old
oauth1
oauth2

Package auth imports 13 packages (graph) and is imported by 20 packages. Updated 2016-07-19. Refresh now. Tools for package owners.