oasimpl

package

v0.0.0-...-fb7f86c Latest Latest Go to latest Published: Aug 18, 2023 License: AGPL-3.0 Imports: 42 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ldpliu/grafana

Links

Open Source Insights

Documentation ¶

Index ¶

func NewAuthSession() *oauth2.JWTSession
type OAuth2ServiceImpl
- func ProvideService(router routing.RouteRegister, db db.DB, cfg *setting.Cfg, ...) (*OAuth2ServiceImpl, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewAuthSession ¶

func NewAuthSession() *oauth2.JWTSession

Types ¶

type OAuth2ServiceImpl ¶

type OAuth2ServiceImpl struct {
	// contains filtered or unexported fields
}

func ProvideService ¶

func ProvideService(router routing.RouteRegister, db db.DB, cfg *setting.Cfg,
	svcAccSvc serviceaccounts.Service, accessControl ac.AccessControl, acSvc ac.Service, userSvc user.Service,
	teamSvc team.Service, keySvc signingkeys.Service, fmgmt *featuremgmt.FeatureManager) (*OAuth2ServiceImpl, error)

func (*OAuth2ServiceImpl) ClientAssertionJWTValid ¶

func (s *OAuth2ServiceImpl) ClientAssertionJWTValid(ctx context.Context, jti string) error

ClientAssertionJWTValid returns an error if the JTI is known or the DB check failed and nil if the JTI is not known.

func (*OAuth2ServiceImpl) CreateAccessTokenSession ¶

func (s *OAuth2ServiceImpl) CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

func (*OAuth2ServiceImpl) CreateAuthorizeCodeSession ¶

func (s *OAuth2ServiceImpl) CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error)

GetAuthorizeCodeSession stores the authorization request for a given authorization code.

func (*OAuth2ServiceImpl) CreateRefreshTokenSession ¶

func (s *OAuth2ServiceImpl) CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

func (*OAuth2ServiceImpl) DeleteAccessTokenSession ¶

func (s *OAuth2ServiceImpl) DeleteAccessTokenSession(ctx context.Context, signature string) (err error)

func (*OAuth2ServiceImpl) DeleteRefreshTokenSession ¶

func (s *OAuth2ServiceImpl) DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)

func (*OAuth2ServiceImpl) GetAccessTokenSession ¶

func (s *OAuth2ServiceImpl) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

func (*OAuth2ServiceImpl) GetAuthorizeCodeSession ¶

func (s *OAuth2ServiceImpl) GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error)

GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request. If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this method should return the ErrInvalidatedAuthorizeCode error.

Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error!

func (*OAuth2ServiceImpl) GetClient ¶

func (s *OAuth2ServiceImpl) GetClient(ctx context.Context, id string) (fosite.Client, error)

GetClient loads the client by its ID or returns an error if the client does not exist or another error occurred.

func (*OAuth2ServiceImpl) GetExternalService ¶

func (s *OAuth2ServiceImpl) GetExternalService(ctx context.Context, id string) (*oauthserver.ExternalService, error)

GetExternalService retrieves an external service from store by client_id. It populates the SelfPermissions and SignedInUser from the associated service account. For performance reason, the service uses caching.

func (*OAuth2ServiceImpl) GetPublicKey ¶

func (s *OAuth2ServiceImpl) GetPublicKey(ctx context.Context, issuer string, subject string, kid string) (*jose.JSONWebKey, error)

GetPublicKey returns public key, issued by 'issuer', and assigned for subject. Public key is used to check signature of jwt assertion in authorization grants.

func (*OAuth2ServiceImpl) GetPublicKeyScopes ¶

func (s *OAuth2ServiceImpl) GetPublicKeyScopes(ctx context.Context, issuer string, subject string, kid string) ([]string, error)

GetPublicKeyScopes returns assigned scope for assertion, identified by public key, issued by 'issuer'.

func (*OAuth2ServiceImpl) GetPublicKeys ¶

func (s *OAuth2ServiceImpl) GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)

GetPublicKeys returns public key, set issued by 'issuer', and assigned for subject.

func (*OAuth2ServiceImpl) GetRefreshTokenSession ¶

func (s *OAuth2ServiceImpl) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

func (*OAuth2ServiceImpl) HandleIntrospectionRequest ¶

func (s *OAuth2ServiceImpl) HandleIntrospectionRequest(rw http.ResponseWriter, req *http.Request)

HandleIntrospectionRequest handles the OAuth2 query to determine the active state of an OAuth 2.0 token and to determine meta-information about this token

func (*OAuth2ServiceImpl) HandleTokenRequest ¶

func (s *OAuth2ServiceImpl) HandleTokenRequest(rw http.ResponseWriter, req *http.Request)

HandleTokenRequest handles the client's OAuth2 query to obtain an access_token by presenting its authorization grant (ex: client_credentials, jwtbearer)

func (*OAuth2ServiceImpl) InvalidateAuthorizeCodeSession ¶

func (s *OAuth2ServiceImpl) InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error)

InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the ErrInvalidatedAuthorizeCode error.

func (*OAuth2ServiceImpl) IsJWTUsed ¶

func (s *OAuth2ServiceImpl) IsJWTUsed(ctx context.Context, jti string) (bool, error)

IsJWTUsed returns true, if JWT is not known yet or it can not be considered valid, because it must be already expired.

func (*OAuth2ServiceImpl) MarkJWTUsedForTime ¶

func (s *OAuth2ServiceImpl) MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error

MarkJWTUsedForTime marks JWT as used for a time passed in exp parameter. This helps ensure that JWTs are not replayed by maintaining the set of used "jti" values for the length of time for which the JWT would be considered valid based on the applicable "exp" instant. (https://tools.ietf.org/html/rfc7523#section-3)

func (*OAuth2ServiceImpl) RevokeAccessToken ¶

func (s *OAuth2ServiceImpl) RevokeAccessToken(ctx context.Context, requestID string) error

RevokeAccessToken revokes an access token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the token passed to the request is an access token, the server MAY revoke the respective refresh token as well.

func (*OAuth2ServiceImpl) RevokeRefreshToken ¶

func (s *OAuth2ServiceImpl) RevokeRefreshToken(ctx context.Context, requestID string) error

RevokeRefreshToken revokes a refresh token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the particular token is a refresh token and the authorization server supports the revocation of access tokens, then the authorization server SHOULD also invalidate all access tokens based on the same authorization grant (see Implementation Note).

func (*OAuth2ServiceImpl) RevokeRefreshTokenMaybeGracePeriod ¶

func (s *OAuth2ServiceImpl) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) error

RevokeRefreshTokenMaybeGracePeriod revokes a refresh token as specified in: https://tools.ietf.org/html/rfc7009#section-2.1 If the particular token is a refresh token and the authorization server supports the revocation of access tokens, then the authorization server SHOULD also invalidate all access tokens based on the same authorization grant (see Implementation Note).

If the Refresh Token grace period is greater than zero in configuration the token will have its expiration time set as UTCNow + GracePeriod.

func (*OAuth2ServiceImpl) SaveExternalService ¶

func (s *OAuth2ServiceImpl) SaveExternalService(ctx context.Context, registration *oauthserver.ExternalServiceRegistration) (*oauthserver.ExternalServiceDTO, error)

SaveExternalService creates or updates an external service in the database, it generates client_id and secrets and it ensures that the associated service account has the correct permissions. Database consistency is not guaranteed, consider changing this in the future.

func (*OAuth2ServiceImpl) SetClientAssertionJWT ¶

func (s *OAuth2ServiceImpl) SetClientAssertionJWT(ctx context.Context, jti string, exp time.Time) error

SetClientAssertionJWT marks a JTI as known for the given expiry time. Before inserting the new JTI, it will clean up any existing JTIs that have expired as those tokens can not be replayed due to the expiry.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL