Documentation ¶
Overview ¶
Package securelogin implements the SecureLogin protocol.
SecureLogin is an authentication protocol created by Sakurity. The Draft RFC Specification for it can be read at:
https://github.com/sakurity/securelogin-spec/blob/master/index.md
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MarshalString ¶
MarshalString returns encoded Token as defied by the spec to string.
func WithConnect ¶
func WithConnect(c *Config)
WithConnect enables Connect request (OAuth replacement).
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config is used for verification of a token.
type Decoder ¶
type Decoder struct {
// contains filtered or unexported fields
}
Decoder reads and decodes sltoken from an input stream.
Example ¶
package main import ( "bytes" "fmt" "github.com/vladimiroff/securelogin" ) var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," + "E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" + "DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," + "kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" + "OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com") func main() { var t securelogin.Token dec := securelogin.NewDecoder(bytes.NewReader(sltoken)) if err := dec.Decode(&t); err != nil { fmt.Printf("decode failed: %s", err) return } fmt.Printf("token of %s\n", t.Email) }
Output: token of homakov@gmail.com
func NewDecoder ¶
NewDecoder returns a new decoder that reads from r.
type Encoder ¶
type Encoder struct {
// contains filtered or unexported fields
}
Example ¶
package main import ( "fmt" "os" "github.com/vladimiroff/securelogin" ) var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," + "E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" + "DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," + "kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" + "OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com") func main() { t, err := securelogin.Unmarshal(sltoken) if err != nil { fmt.Printf("unmarshal failed: %s", err) return } enc := securelogin.NewEncoder(os.Stdout) if err = enc.Encode(t); err != nil { fmt.Printf("encode failed: %s", err) return } }
Output: https://cobased.com%2Chttps://cobased.com%2C%2C1498731060,E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6mDAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=,kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6kOTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com
func NewEncoder ¶
type Option ¶
type Option func(*Config)
Option modifies the Configuration prior verify.
func WithOrigins ¶
WithOrigins adds origins to the Config.
func WithPublicKey ¶
WithPublicKey overrides PublicKey of the token.
func WithSecret ¶
WithSecret overrides HMACSecret of the token.
type Token ¶
type Token struct { // Provider is the origin of the app where this token should authenticate for. Provider string // Client is the front-end this token should authenticate with. Equals // to provider unless when used to authorize specific scope or in a // Connect request. Client string // Scope defines what the user is allowed to do with this token. It's // expected to be empty during sign-(in|up). Scope url.Values // ExpireAt is expiration time of the token in order to prevent replay // attacks. Clients however are allowed to ignore or extend it. ExpireAt time.Time //PublicKey for verifying Ed25519 signature. Could be overridden by //options during verification. PublicKey []byte // HMACSecret is the key used to sign the payload. Could be overridden // by options during verification. HMACSecret []byte //Signature to be verified by the Ed25519 signature algorithm. Signature []byte // HMACSignature of the signed payload. HMACSignature []byte // Email of the user. The protocol does not confirm user email and does // not intend to do so. Email string // contains filtered or unexported fields }
Token is the core of SecureLogin Protocol.
func UnmarshalString ¶
UnmarshalString parses given string and constructs a Token from it or fails with an error.
func Verify ¶
Verify encoded token.
This is just a convenient function which unmarshals a token and then calls Verify on it with given options.
Example ¶
package main import ( "fmt" "github.com/vladimiroff/securelogin" ) const domain = "https://cobased.com" var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," + "E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" + "DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," + "kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" + "OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com") func main() { t, err := securelogin.Verify(sltoken, securelogin.WithOrigins(domain), securelogin.WithoutExpire) if err != nil { fmt.Printf("verify failed: %s", err) return } fmt.Printf("logged in as %s\n", t.Email) }
Output: logged in as homakov@gmail.com
func (Token) Verify ¶
Verify token with given options.
Example ¶
package main import ( "fmt" "github.com/vladimiroff/securelogin" ) const domain = "https://cobased.com" var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," + "E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" + "DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," + "kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" + "OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com") func main() { t, err := securelogin.Unmarshal(sltoken) if err != nil { fmt.Printf("unmarshal failed: %s", err) return } err = t.Verify(securelogin.WithOrigins(domain), securelogin.WithoutExpire) fmt.Printf("successful verify: %t", err == nil) }
Output: successful verify: true
Example (Expired) ¶
package main import ( "fmt" "time" "github.com/vladimiroff/securelogin" ) const domain = "https://cobased.com" var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," + "E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" + "DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," + "kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" + "OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com") func main() { t, err := securelogin.Unmarshal(sltoken) if err != nil { fmt.Printf("unmarshal failed: %s", err) return } // Expired one hour ago t.ExpireAt = time.Now().Add(-1 * time.Hour) err = t.Verify(securelogin.WithOrigins(domain)) fmt.Printf("%s\n", err) }
Output: expired token