fosite: github.com/ory/fosite/handler/oauth2 Index | Files

package oauth2

import "github.com/ory/fosite/handler/oauth2"

Index

Package Files

flow_authorize_code_auth.go flow_authorize_code_token.go flow_authorize_implicit.go flow_client_credentials.go flow_client_credentials_storage.go flow_refresh.go flow_resource_owner.go flow_resource_owner_storage.go helper.go introspector.go introspector_jwt.go revocation.go revocation_storage.go storage.go strategy.go strategy_hmacsha.go strategy_jwt.go strategy_jwt_session.go

type AccessTokenStorage Uses

type AccessTokenStorage interface {
    CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

    GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

    DeleteAccessTokenSession(ctx context.Context, signature string) (err error)
}

type AccessTokenStrategy Uses

type AccessTokenStrategy interface {
    AccessTokenSignature(token string) string
    GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
    ValidateAccessToken(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type AuthorizeCodeStorage Uses

type AuthorizeCodeStorage interface {
    // GetAuthorizeCodeSession stores the authorization request for a given authorization code.
    CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error)

    // GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request.
    // If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this
    // method should return the ErrInvalidatedAuthorizeCode error.
    //
    // Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error!
    GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error)

    // InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization
    // code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the
    // ErrInvalidatedAuthorizeCode error.
    InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error)
}

AuthorizeCodeStorage handles storage requests related to authorization codes.

type AuthorizeCodeStrategy Uses

type AuthorizeCodeStrategy interface {
    AuthorizeCodeSignature(token string) string
    GenerateAuthorizeCode(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
    ValidateAuthorizeCode(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type AuthorizeExplicitGrantHandler Uses

type AuthorizeExplicitGrantHandler struct {
    AccessTokenStrategy   AccessTokenStrategy
    RefreshTokenStrategy  RefreshTokenStrategy
    AuthorizeCodeStrategy AuthorizeCodeStrategy
    CoreStorage           CoreStorage

    // AuthCodeLifespan defines the lifetime of an authorize code.
    AuthCodeLifespan time.Duration

    // AccessTokenLifespan defines the lifetime of an access token.
    AccessTokenLifespan time.Duration

    // RefreshTokenLifespan defines the lifetime of a refresh token. Leave to 0 for unlimited lifetime.
    RefreshTokenLifespan time.Duration

    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy

    // SanitationWhiteList is a whitelist of form values that are required by the token endpoint. These values
    // are safe for storage in a database (cleartext).
    SanitationWhiteList []string

    TokenRevocationStorage TokenRevocationStorage

    IsRedirectURISecure func(*url.URL) bool

    RefreshTokenScopes []string
}

AuthorizeExplicitGrantTypeHandler is a response handler for the Authorize Code grant using the explicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.1

func (*AuthorizeExplicitGrantHandler) GetSanitationWhiteList Uses

func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string

func (*AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest Uses

func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest Uses

func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements * https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything)

func (*AuthorizeExplicitGrantHandler) IssueAuthorizeCode Uses

func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse Uses

func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type AuthorizeImplicitGrantTypeHandler Uses

type AuthorizeImplicitGrantTypeHandler struct {
    AccessTokenStrategy AccessTokenStrategy

    // AccessTokenStorage is used to persist session data across requests.
    AccessTokenStorage AccessTokenStorage

    // AccessTokenLifespan defines the lifetime of an access token.
    AccessTokenLifespan time.Duration

    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy
}

AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.2

func (*AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest Uses

func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken Uses

func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

type ClientCredentialsGrantHandler Uses

type ClientCredentialsGrantHandler struct {
    *HandleHelper
    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy
}

func (*ClientCredentialsGrantHandler) HandleTokenEndpointRequest Uses

func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error

IntrospectTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.4.2

func (*ClientCredentialsGrantHandler) PopulateTokenEndpointResponse Uses

func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.4.3

type ClientCredentialsGrantStorage Uses

type ClientCredentialsGrantStorage interface {
    AccessTokenStorage
}

type CoreStorage Uses

type CoreStorage interface {
    AuthorizeCodeStorage
    AccessTokenStorage
    RefreshTokenStorage
}

type CoreStrategy Uses

type CoreStrategy interface {
    AccessTokenStrategy
    RefreshTokenStrategy
    AuthorizeCodeStrategy
}

type CoreValidator Uses

type CoreValidator struct {
    CoreStrategy
    CoreStorage
    ScopeStrategy                 fosite.ScopeStrategy
    DisableRefreshTokenValidation bool
}

func (*CoreValidator) IntrospectToken Uses

func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenType, error)

type DefaultJWTStrategy Uses

type DefaultJWTStrategy struct {
    jwt.JWTStrategy
    HMACSHAStrategy *HMACSHAStrategy
    Issuer          string
}

DefaultJWTStrategy is a JWT RS256 strategy.

func (DefaultJWTStrategy) AccessTokenSignature Uses

func (h DefaultJWTStrategy) AccessTokenSignature(token string) string

func (DefaultJWTStrategy) AuthorizeCodeSignature Uses

func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string

func (*DefaultJWTStrategy) GenerateAccessToken Uses

func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)

func (*DefaultJWTStrategy) GenerateAuthorizeCode Uses

func (h *DefaultJWTStrategy) GenerateAuthorizeCode(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

func (*DefaultJWTStrategy) GenerateRefreshToken Uses

func (h *DefaultJWTStrategy) GenerateRefreshToken(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

func (DefaultJWTStrategy) RefreshTokenSignature Uses

func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string

func (*DefaultJWTStrategy) ValidateAccessToken Uses

func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error

func (*DefaultJWTStrategy) ValidateAuthorizeCode Uses

func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosite.Requester, token string) error

func (*DefaultJWTStrategy) ValidateJWT Uses

func (h *DefaultJWTStrategy) ValidateJWT(ctx context.Context, tokenType fosite.TokenType, token string) (requester fosite.Requester, err error)

func (*DefaultJWTStrategy) ValidateRefreshToken Uses

func (h *DefaultJWTStrategy) ValidateRefreshToken(ctx context.Context, req fosite.Requester, token string) error

type HMACSHAStrategy Uses

type HMACSHAStrategy struct {
    Enigma                *enigma.HMACStrategy
    AccessTokenLifespan   time.Duration
    RefreshTokenLifespan  time.Duration
    AuthorizeCodeLifespan time.Duration
}

func (HMACSHAStrategy) AccessTokenSignature Uses

func (h HMACSHAStrategy) AccessTokenSignature(token string) string

func (HMACSHAStrategy) AuthorizeCodeSignature Uses

func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string

func (HMACSHAStrategy) GenerateAccessToken Uses

func (h HMACSHAStrategy) GenerateAccessToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) GenerateAuthorizeCode Uses

func (h HMACSHAStrategy) GenerateAuthorizeCode(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) GenerateRefreshToken Uses

func (h HMACSHAStrategy) GenerateRefreshToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) RefreshTokenSignature Uses

func (h HMACSHAStrategy) RefreshTokenSignature(token string) string

func (HMACSHAStrategy) ValidateAccessToken Uses

func (h HMACSHAStrategy) ValidateAccessToken(_ context.Context, r fosite.Requester, token string) (err error)

func (HMACSHAStrategy) ValidateAuthorizeCode Uses

func (h HMACSHAStrategy) ValidateAuthorizeCode(_ context.Context, r fosite.Requester, token string) (err error)

func (HMACSHAStrategy) ValidateRefreshToken Uses

func (h HMACSHAStrategy) ValidateRefreshToken(_ context.Context, r fosite.Requester, token string) (err error)

type HandleHelper Uses

type HandleHelper struct {
    AccessTokenStrategy  AccessTokenStrategy
    AccessTokenStorage   AccessTokenStorage
    AccessTokenLifespan  time.Duration
    RefreshTokenLifespan time.Duration
}

func (*HandleHelper) IssueAccessToken Uses

func (h *HandleHelper) IssueAccessToken(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type JWTAccessTokenStrategy Uses

type JWTAccessTokenStrategy interface {
    AccessTokenStrategy
    JWTStrategy
}

type JWTSession Uses

type JWTSession struct {
    JWTClaims *jwt.JWTClaims
    JWTHeader *jwt.Headers
    ExpiresAt map[fosite.TokenType]time.Time
    Username  string
    Subject   string
}

JWTSession Container for the JWT session.

func (*JWTSession) Clone Uses

func (s *JWTSession) Clone() fosite.Session

func (*JWTSession) GetExpiresAt Uses

func (s *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time

func (*JWTSession) GetJWTClaims Uses

func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer

func (*JWTSession) GetJWTHeader Uses

func (j *JWTSession) GetJWTHeader() *jwt.Headers

func (*JWTSession) GetSubject Uses

func (s *JWTSession) GetSubject() string

func (*JWTSession) GetUsername Uses

func (s *JWTSession) GetUsername() string

func (*JWTSession) SetExpiresAt Uses

func (s *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)

type JWTSessionContainer Uses

type JWTSessionContainer interface {
    // GetJWTClaims returns the claims.
    GetJWTClaims() jwt.JWTClaimsContainer

    // GetJWTHeader returns the header.
    GetJWTHeader() *jwt.Headers

    fosite.Session
}

type JWTStrategy Uses

type JWTStrategy interface {
    ValidateJWT(ctx context.Context, tokenType fosite.TokenType, token string) (requester fosite.Requester, err error)
}

type RefreshTokenGrantHandler Uses

type RefreshTokenGrantHandler struct {
    AccessTokenStrategy    AccessTokenStrategy
    RefreshTokenStrategy   RefreshTokenStrategy
    TokenRevocationStorage TokenRevocationStorage

    // AccessTokenLifespan defines the lifetime of an access token.
    AccessTokenLifespan time.Duration

    // RefreshTokenLifespan defines the lifetime of a refresh token.
    RefreshTokenLifespan time.Duration

    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy
    RefreshTokenScopes       []string
}

func (*RefreshTokenGrantHandler) HandleTokenEndpointRequest Uses

func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-6

func (*RefreshTokenGrantHandler) PopulateTokenEndpointResponse Uses

func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-6

type RefreshTokenStorage Uses

type RefreshTokenStorage interface {
    CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

    GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

    DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)
}

type RefreshTokenStrategy Uses

type RefreshTokenStrategy interface {
    RefreshTokenSignature(token string) string
    GenerateRefreshToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
    ValidateRefreshToken(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type ResourceOwnerPasswordCredentialsGrantHandler Uses

type ResourceOwnerPasswordCredentialsGrantHandler struct {
    // ResourceOwnerPasswordCredentialsGrantStorage is used to persist session data across requests.
    ResourceOwnerPasswordCredentialsGrantStorage ResourceOwnerPasswordCredentialsGrantStorage

    RefreshTokenStrategy     RefreshTokenStrategy
    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy
    RefreshTokenScopes       []string

    *HandleHelper
}

func (*ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest Uses

func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.3.2

func (*ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse Uses

func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.3.3

type ResourceOwnerPasswordCredentialsGrantStorage Uses

type ResourceOwnerPasswordCredentialsGrantStorage interface {
    Authenticate(ctx context.Context, name string, secret string) error
    AccessTokenStorage
    RefreshTokenStorage
}

type StatelessJWTValidator Uses

type StatelessJWTValidator struct {
    JWTAccessTokenStrategy
    ScopeStrategy fosite.ScopeStrategy
}

func (*StatelessJWTValidator) IntrospectToken Uses

func (v *StatelessJWTValidator) IntrospectToken(ctx context.Context, token string, tokenType fosite.TokenType, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenType, error)

type TokenRevocationHandler Uses

type TokenRevocationHandler struct {
    TokenRevocationStorage TokenRevocationStorage
    RefreshTokenStrategy   RefreshTokenStrategy
    AccessTokenStrategy    AccessTokenStrategy
}

func (*TokenRevocationHandler) RevokeToken Uses

func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error

RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.

type TokenRevocationStorage Uses

type TokenRevocationStorage interface {
    RefreshTokenStorage
    AccessTokenStorage

    // RevokeRefreshToken revokes a refresh token as specified in:
    // https://tools.ietf.org/html/rfc7009#section-2.1
    // If the particular
    // token is a refresh token and the authorization server supports the
    // revocation of access tokens, then the authorization server SHOULD
    // also invalidate all access tokens based on the same authorization
    // grant (see Implementation Note).
    RevokeRefreshToken(ctx context.Context, requestID string) error

    // RevokeAccessToken revokes an access token as specified in:
    // https://tools.ietf.org/html/rfc7009#section-2.1
    // If the token passed to the request
    // is an access token, the server MAY revoke the respective refresh
    // token as well.
    RevokeAccessToken(ctx context.Context, requestID string) error
}

TokenRevocationStorage provides the storage implementation as specified in: https://tools.ietf.org/html/rfc7009

Package oauth2 imports 13 packages (graph) and is imported by 56 packages. Updated 2019-09-16. Refresh now. Tools for package owners.