serverprovider

package
v0.0.0-...-833fa1d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 3, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GetContextSession 

func GetContextSession(ctx context.Context) *model.AuthSession

GetContextSession returns session model object from context

func GetContextTargetClient 

func GetContextTargetClient(ctx context.Context) *model.AuthClient

GetContextTargetClient returns auth client object

func GetContextTargetUserID 

func GetContextTargetUserID(ctx context.Context) uint64

GetContextTargetUserID returns ID of the user

func NewContext 

func NewContext(ctxs ...context.Context) context.Context

NewContext with additional functionality for oauth2 module

func NewProvider 

func NewProvider(config *fosite.Config, store *DatabaseStorage, strat *compose.CommonStrategy, hasher fosite.Hasher) fosite.OAuth2Provider

NewProvider returns oauth2 provider

func SetContextSession 

func SetContextSession(ctx context.Context, session *model.AuthSession)

SetContextSession puts session model into the context

func SetContextTargetClient 

func SetContextTargetClient(ctx context.Context, client *model.AuthClient)

SetContextTargetClient puts user ID into the context to reuse it in future

func SetContextTargetUserID 

func SetContextTargetUserID(ctx context.Context, id uint64)

SetContextTargetUserID puts user ID into the context to reuse it in future

Types

type DatabaseStorage 

type DatabaseStorage struct {
	// contains filtered or unexported fields
}

DatabaseStorage implements fosite.Storage interface to control Oauth2 and OpenID access

func NewDatabaseStorage 

func NewDatabaseStorage(db *gorm.DB, userAccessor userAccessor, cache cacher, cacheLifetime time.Duration) *DatabaseStorage

NewDatabaseStorage object accesor

func (*DatabaseStorage) Authenticate 

func (s *DatabaseStorage) Authenticate(ctx context.Context, email string, secret string) error

Authenticate user by login and secret (:password)

func (*DatabaseStorage) ClientAssertionJWTValid 

func (s *DatabaseStorage) ClientAssertionJWTValid(ctx context.Context, jti string) error

ClientAssertionJWTValid returns an error if the JTI is known or the DB check failed and nil if the JTI is not known.

func (*DatabaseStorage) CreateAccessTokenSession 

func (s *DatabaseStorage) CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) error

CreateAccessTokenSession updates session values

func (*DatabaseStorage) CreateAuthorizeCodeSession 

func (s *DatabaseStorage) CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) error

CreateAuthorizeCodeSession stores the authorization request for a given authorization code.

func (*DatabaseStorage) CreateImplicitAccessTokenSession 

func (s *DatabaseStorage) CreateImplicitAccessTokenSession(ctx context.Context, code string, req fosite.Requester) error

CreateImplicitAccessTokenSession invalid method

func (*DatabaseStorage) CreatePKCERequestSession 

func (s *DatabaseStorage) CreatePKCERequestSession(ctx context.Context, code string, request fosite.Requester) error

CreatePKCERequestSession action

func (*DatabaseStorage) CreateRefreshTokenSession 

func (s *DatabaseStorage) CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) error

CreateRefreshTokenSession updates session values

func (*DatabaseStorage) DeleteAccessTokenSession 

func (s *DatabaseStorage) DeleteAccessTokenSession(ctx context.Context, signature string) error

DeleteAccessTokenSession from DB

func (*DatabaseStorage) DeleteAuthorizeCodeSession 

func (s *DatabaseStorage) DeleteAuthorizeCodeSession(ctx context.Context, code string) error

DeleteAuthorizeCodeSession same as InvalidateAuthorizeCodeSession

func (*DatabaseStorage) DeletePKCERequestSession 

func (s *DatabaseStorage) DeletePKCERequestSession(ctx context.Context, code string) error

DeletePKCERequestSession action

func (*DatabaseStorage) DeleteRefreshTokenSession 

func (s *DatabaseStorage) DeleteRefreshTokenSession(ctx context.Context, signature string) error

DeleteRefreshTokenSession from database

func (*DatabaseStorage) GetAccessTokenSession 

func (s *DatabaseStorage) GetAccessTokenSession(ctx context.Context, signature string, _ fosite.Session) (fosite.Requester, error)

GetAccessTokenSession returns request by access token

func (*DatabaseStorage) GetAuthorizeCodeSession 

func (s *DatabaseStorage) GetAuthorizeCodeSession(ctx context.Context, code string, _ fosite.Session) (fosite.Requester, error)

GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request. If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this method should return the ErrInvalidatedAuthorizeCode error.

Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error!

func (*DatabaseStorage) GetClient 

func (s *DatabaseStorage) GetClient(ctx context.Context, id string) (fosite.Client, error)

GetClient object from database

func (*DatabaseStorage) GetPKCERequestSession 

func (s *DatabaseStorage) GetPKCERequestSession(ctx context.Context, code string, _ fosite.Session) (fosite.Requester, error)

GetPKCERequestSession action

func (*DatabaseStorage) GetRefreshTokenSession 

func (s *DatabaseStorage) GetRefreshTokenSession(ctx context.Context, signature string, _ fosite.Session) (fosite.Requester, error)

GetRefreshTokenSession returns session by refresh token

func (*DatabaseStorage) InvalidateAuthorizeCodeSession 

func (s *DatabaseStorage) InvalidateAuthorizeCodeSession(ctx context.Context, code string) error

InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the ErrInvalidatedAuthorizeCode error.

func (*DatabaseStorage) RevokeAccessToken 

func (s *DatabaseStorage) RevokeAccessToken(ctx context.Context, requestID string) error

RevokeAccessToken revokes an access token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the token passed to the request is an access token, the server MAY revoke the respective refresh token as well.

func (*DatabaseStorage) RevokeRefreshToken 

func (s *DatabaseStorage) RevokeRefreshToken(ctx context.Context, requestID string) error

RevokeRefreshToken revokes a refresh token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the particular token is a refresh token and the authorization server supports the revocation of access tokens, then the authorization server SHOULD also invalidate all access tokens based on the same authorization grant (see Implementation Note).

func (*DatabaseStorage) RevokeRefreshTokenMaybeGracePeriod 

func (s *DatabaseStorage) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) error

RevokeRefreshTokenMaybeGracePeriod revokes a refresh token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the particular token is a refresh token and the authorization server supports the revocation of access tokens, then the authorization server SHOULD also invalidate all access tokens based on the same authorization grant (see Implementation Note).

If the Refresh Token grace period is greater than zero in configuration the token will have its expiration time set as UTCNow + GracePeriod.

func (*DatabaseStorage) SetClientAssertionJWT 

func (s *DatabaseStorage) SetClientAssertionJWT(ctx context.Context, jti string, exp time.Time) error

SetClientAssertionJWT marks a JTI as known for the given expiry time. Before inserting the new JTI, it will clean up any existing JTIs that have expired as those tokens can not be replayed due to the expiry.

type Session 

type Session struct {
	Username string
	Subject  string

	AccessToken           string
	AccessTokenExpiresAt  time.Time
	RefreshToken          string
	RefreshTokenExpiresAt time.Time
	// contains filtered or unexported fields
}

Session object value

func NewSession 

func NewSession(
	ctx context.Context,
	username string,
	subject string,
	accessToken string,
	accessTokenExpiresAt time.Time,
	refreshToken string,
	refreshTokenExpiresAt time.Time,
) *Session

NewSession returns basic session object

func (*Session) Clone 

func (sess *Session) Clone() fosite.Session

Clone clones the session.

func (*Session) Context 

func (sess *Session) Context() context.Context

Context of the

func (*Session) GetExpiresAt 

func (sess *Session) GetExpiresAt(key fosite.TokenType) time.Time

GetExpiresAt returns the expiration time of a token if set, or time.IsZero() if not. 

session.GetExpiresAt(fosite.AccessToken)

func (*Session) GetSubject 

func (sess *Session) GetSubject() string

GetSubject returns the subject, if set. This is optional and only used during token introspection.

func (*Session) GetUsername 

func (sess *Session) GetUsername() string

GetUsername returns the username, if set. This is optional and only used during token introspection.

func (*Session) SetExpiresAt 

func (sess *Session) SetExpiresAt(key fosite.TokenType, exp time.Time)

SetExpiresAt sets the expiration time of a token.

Source Files

View all Source files

Directories

Path Synopsis
Package mocks is a generated GoMock package.
 Package mocks is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.