handlers

package
v0.3.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 21, 2015 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

View Source
const GrantDeniedError = "grant_denied"

If a user denies a grant, a grant handler can return control to the /authorize handler with an error=grant_denied parameter and the denial will be returned to the client, rather than re-calling GrantNeeded

Variables

View Source
var Allow = &fixedAuthenticator{true}

Allow implements Password, Assertion, and Client authentication to allow all requests

View Source
var Deny = &fixedAuthenticator{false}

Deny implements Password, Assertion, and Client authentication to deny all requests

Functions

This section is empty.

Types

type AccessAuthenticator

type AccessAuthenticator struct {
	// contains filtered or unexported fields
}

AccessAuthenticator implements osinserver.AccessHandler to ensure non-token requests are authenticated

func NewAccessAuthenticator

func NewAccessAuthenticator(password authenticator.Password, assertion authenticator.Assertion, client authenticator.Client) *AccessAuthenticator

NewAccessAuthenticator returns a new AccessAuthenticator

func NewDenyAccessAuthenticator

func NewDenyAccessAuthenticator() *AccessAuthenticator

NewDenyAccessAuthenticator returns an AccessAuthenticator which rejects all non-token access requests

func (*AccessAuthenticator) HandleAccess

HandleAccess implements osinserver.AccessHandler

type AuthenticationChallenger

type AuthenticationChallenger interface {
	// AuthenticationChallenge take a request and return whatever challenge headers are appropriate.  If none are appropriate, it should return an empty map, not nil.
	AuthenticationChallenge(req *http.Request) (header http.Header, err error)
}

AuthenticationChallenger reacts to unauthenticated requests with challenges

type AuthenticationErrorHandler

type AuthenticationErrorHandler interface {
	// AuthenticationNeeded reacts to authentication errors, returns true if the response was written,
	// and returns any unhandled error (which could be the original error)
	AuthenticationError(error, http.ResponseWriter, *http.Request) (handled bool, err error)
}

AuthenticationErrorHandler reacts to authentication errors

type AuthenticationHandler

type AuthenticationHandler interface {
	// AuthenticationNeeded reacts to unauthenticated requests, and returns true if the response was written,
	AuthenticationNeeded(client api.Client, w http.ResponseWriter, req *http.Request) (handled bool, err error)
}

AuthenticationHandler reacts to unauthenticated requests

func NewUnionAuthenticationHandler

func NewUnionAuthenticationHandler(passedChallengers map[string]AuthenticationChallenger, passedRedirectors map[string]AuthenticationRedirector, errorHandler AuthenticationErrorHandler) AuthenticationHandler

NewUnionAuthenticationHandler returns an oauth.AuthenticationHandler that muxes multiple challenge handlers and redirect handlers

type AuthenticationRedirector

type AuthenticationRedirector interface {
	// AuthenticationRedirect is expected to write a redirect to the ResponseWriter or to return an error.
	AuthenticationRedirect(w http.ResponseWriter, req *http.Request) (err error)
}

AuthenticationRedirector reacts to unauthenticated requests with redirects

type AuthenticationSuccessHandler

type AuthenticationSuccessHandler interface {
	// AuthenticationSucceeded reacts to a user authenticating, returns true if the response was written,
	// and returns false if the response was not written.
	AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)
}

AuthenticationSuccessHandler reacts to a user authenticating

type AuthenticationSuccessHandlers

type AuthenticationSuccessHandlers []AuthenticationSuccessHandler

AuthenticationSuccessHandlers combines multiple AuthenticationSuccessHandler objects into a chain. On success, each handler is called. If any handler writes the response or returns an error, the chain is aborted.

func (AuthenticationSuccessHandlers) AuthenticationSucceeded

func (all AuthenticationSuccessHandlers) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)

type AuthorizeAuthenticator

type AuthorizeAuthenticator struct {
	// contains filtered or unexported fields
}

AuthorizeAuthenticator implements osinserver.AuthorizeHandler to ensure requests are authenticated

func NewAuthorizeAuthenticator

func NewAuthorizeAuthenticator(request authenticator.Request, handler AuthenticationHandler, errorHandler AuthenticationErrorHandler) *AuthorizeAuthenticator

NewAuthorizeAuthenticator returns a new Authenticator

func (*AuthorizeAuthenticator) HandleAuthorize

HandleAuthorize implements osinserver.AuthorizeHandler to ensure the AuthorizeRequest is authenticated. If the request is authenticated, UserData and Authorized are set and false is returned. If the request is not authenticated, the auth handler is called and the request is not authorized

type EmptyAuth

type EmptyAuth struct{}

func (EmptyAuth) AuthenticationNeeded

func (EmptyAuth) AuthenticationNeeded(client authapi.Client, w http.ResponseWriter, req *http.Request) (bool, error)

type EmptyError

type EmptyError struct{}

func (EmptyError) AuthenticationError

func (EmptyError) AuthenticationError(err error, w http.ResponseWriter, req *http.Request) (bool, error)

func (EmptyError) GrantError

func (EmptyError) GrantError(err error, w http.ResponseWriter, req *http.Request) (bool, error)

type EmptySuccess

type EmptySuccess struct{}

func (EmptySuccess) AuthenticationSucceeded

func (EmptySuccess) AuthenticationSucceeded(user user.Info, state string, w http.ResponseWriter, req *http.Request) (bool, error)

type GrantCheck

type GrantCheck struct {
	// contains filtered or unexported fields
}

GrantCheck implements osinserver.AuthorizeHandler to ensure requested scopes have been authorized

func NewGrantCheck

func NewGrantCheck(check GrantChecker, handler GrantHandler, errorHandler GrantErrorHandler) *GrantCheck

NewGrantCheck returns a new GrantCheck

func (*GrantCheck) HandleAuthorize

func (h *GrantCheck) HandleAuthorize(ar *osin.AuthorizeRequest, w http.ResponseWriter) (bool, error)

HandleAuthorize implements osinserver.AuthorizeHandler to ensure the requested scopes have been authorized. The AuthorizeRequest.Authorized field must already be set to true for the grant check to occur. If the requested scopes are authorized, the AuthorizeRequest is unchanged. If the requested scopes are not authorized, or an error occurs, AuthorizeRequest.Authorized is set to false. If the response is written, true is returned. If the response is not written, false is returned.

type GrantChecker

type GrantChecker interface {
	// HasAuthorizedClient returns true if the user has authorized the client for the requested grant
	HasAuthorizedClient(user user.Info, grant *api.Grant) (bool, error)
}

GrantChecker is responsible for determining if a user has authorized a client for a requested grant

type GrantErrorHandler

type GrantErrorHandler interface {
	// AuthenticationNeeded reacts to grant errors, returns true if the response was written,
	// and returns any unhandled error (which could be the original error)
	GrantError(error, http.ResponseWriter, *http.Request) (handled bool, err error)
}

GrantErrorHandler reacts to grant errors

type GrantHandler

type GrantHandler interface {
	// GrantNeeded reacts when a client requests an unauthorized grant, and returns true if the response was written
	GrantNeeded(user user.Info, grant *api.Grant, w http.ResponseWriter, req *http.Request) (handled bool, err error)
}

GrantHandler handles errors during the grant process, or the client requests an unauthorized grant

func NewAutoGrant

func NewAutoGrant(authregistry clientauthorization.Registry) GrantHandler

NewAutoGrant returns a grant handler that automatically creates client authorizations when a grant is needed, then retries the original request

func NewEmptyGrant

func NewEmptyGrant() GrantHandler

NewEmptyGrant returns a no-op grant handler

func NewRedirectGrant

func NewRedirectGrant(url string) GrantHandler

NewRedirectGrant returns a grant handler that redirects to the given URL when a grant is needed. The following query parameters are added to the URL:

then - original request URL
client_id - requesting client's ID
scopes - grant scope requested
redirect_uri - original authorize request redirect_uri

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL