goauth2: github.com/yanatan16/goauth2 Index | Files | Directories

package goauth2

import "github.com/yanatan16/goauth2"

Index

Package Files

error.go handler.go randstr.go request.go server.go store.go

Constants

const (
    // Error codes returned by the server, following the OAuth specification.
    ErrorCodeAccessDenied            errorCode = "access_denied"
    ErrorCodeInvalidRequest          errorCode = "invalid_request"
    ErrorCodeInvalidScope            errorCode = "invalid_scope"
    ErrorCodeServerError             errorCode = "server_error"
    ErrorCodeTemporarilyUnavailable  errorCode = "temporarily_unavailable"
    ErrorCodeUnauthorizedClient      errorCode = "unauthorized_client"
    ErrorCodeUnsupportedResponseType errorCode = "unsupported_response_type"
    ErrorCodeUnsupportedGrantType    errorCode = "unsupported_grant_type"
    ErrorCodeInvalidToken            errorCode = "invalid_token"
    ErrorCodeBadRedirectURI          errorCode = "bad_redirect_uri" //FIXME
)

Variables

var RandStr <-chan string

func RandomStrings Uses

func RandomStrings() <-chan string

type AccessTokenRequest Uses

type AccessTokenRequest struct {
    GrantType   string
    Code        string
    RedirectURI string
}

AccessTokenRequest [...]

type AuthCache Uses

type AuthCache interface {
    // Register an authorization code into the cache
    // ClientID is the client requesting
    // Scope is the requested access scope
    // Redirect_uri is the redirect URI to save for checking on lookup
    // Code is a generated random string to register with the request
    RegisterAuthCode(clientID, scope, redirect_uri, code string) error

    // Register an access token into the cache
    // ClientID is the client requesting
    // Scope is the requested access scope
    // Token is a generated random string to register with the request
    // Returns the token type, expiration time (in seconds), and possibly an error
    RegisterAccessToken(clientID, scope, token string) (ttype string, expiry int64, err error)

    // Lookup access token
    // Code is the code passed from the user
    // Returns the clientID, scope, and redirect URI registered with that code
    LookupAuthCode(code string) (clientID, scope, redirect_uri string, err error)

    // Lookup an Access Token
    // Token is the token passed from the client
    // Return whether the token is valid
    LookupAccessToken(token string) (bool, error)
}

Authorization Cache This is an interface that registers and looks up authorization codes and access tokens with corresponding information.

type AuthHandler Uses

type AuthHandler interface {
    // Authorize a client using the Authorization Code Grant Flow
    // After authorization, the server should redirect using
    // oar.AuthCodeRedirect()
    Authorize(w http.ResponseWriter, r *http.Request, oar *OAuthRequest)
    // Authorize a client using the Implicit Grant Flow
    // After authorization, the server should redirect using
    // oar.AuthCodeRedirect()
    AuthorizeImplicit(w http.ResponseWriter, r *http.Request, oar *OAuthRequest)
}

AuthHandler performs authentication with the resource owner It is important they follow OAuth 2.0 specification. For ease of use, A reference to the Store is passed in the OAuthRequest.

type OAuthRequest Uses

type OAuthRequest struct {
    ClientID     string
    ResponseType string

    RedirectURI *url.URL
    Scope       string
    State       string

    // For accessing store functions, such as creating auth codes
    Store Store
    // contains filtered or unexported fields
}

OAuthRequest [...]

func (*OAuthRequest) AuthCodeRedirect Uses

func (req *OAuthRequest) AuthCodeRedirect(w http.ResponseWriter, r *http.Request, err error)

Redirect an OAuth Authorization Code Flow Request If err is nil, the request is successful If err is not nil, then the error will be included in the redirect

func (*OAuthRequest) ImplicitRedirect Uses

func (req *OAuthRequest) ImplicitRedirect(w http.ResponseWriter, r *http.Request, err error)

Redirect an OAuth Implicit Grant Flow Request If err is nil, the request is successful If err is not nil, then the error will be included in the redirect

type Server Uses

type Server struct {
    Store Store
    Auth  AuthHandler
    // contains filtered or unexported fields
}

Server [...]

func NewServer Uses

func NewServer(cache AuthCache, auth AuthHandler) *Server

NewServer Create a new OAuth 2.0 Server cache is an AuthCache interface to hold the code and token

func (*Server) HandleAccessTokenRequest Uses

func (s *Server) HandleAccessTokenRequest(w http.ResponseWriter, r *http.Request) error

HandleAccessTokenRequest [...]

func (*Server) HandleOAuthRequest Uses

func (s *Server) HandleOAuthRequest(w http.ResponseWriter, r *http.Request) error

HandleOAuthRequest [...]

func (*Server) InterpretError Uses

func (s *Server) InterpretError(err error) ServerError

func (*Server) MasterHandler Uses

func (s *Server) MasterHandler() http.Handler

MasterHandler Differentiate between an OAuth request (implicit, auth codes) and an Access Token request

func (*Server) NewAccessTokenRequest Uses

func (s *Server) NewAccessTokenRequest(r *http.Request) *AccessTokenRequest

NewAccessTokenRequest [...]

func (*Server) NewError Uses

func (s *Server) NewError(code errorCode, description string) ServerError

NewError [...]

func (*Server) NewOAuthRequest Uses

func (s *Server) NewOAuthRequest(r *http.Request) *OAuthRequest

NewOAuthRequest [...]

func (*Server) RegisterErrorURI Uses

func (s *Server) RegisterErrorURI(code errorCode, uri string)

RegisterErrorURI [...]

func (*Server) TokenVerifier Uses

func (server *Server) TokenVerifier(handler http.Handler) http.Handler

Decorate a http.Handler with an OAuth Access Token Verification

func (*Server) VerifyToken Uses

func (s *Server) VerifyToken(r *http.Request) (err error)

VerifyToken Validate an Access Token in the request. If the request is invalid, return an error If the token is valid, return nil

type ServerError Uses

type ServerError struct {
    // contains filtered or unexported fields
}

ServerError [...]

func NewServerError Uses

func NewServerError(code errorCode, description, uri string) ServerError

NewServerError [...]

func (ServerError) Code Uses

func (e ServerError) Code() errorCode

Code [...]

func (ServerError) Description Uses

func (e ServerError) Description() string

Description [...]

func (ServerError) Error Uses

func (e ServerError) Error() string

Error [...]

func (ServerError) URI Uses

func (e ServerError) URI() string

URI [...]

type Setter Uses

type Setter interface {
    Set(a, b string)
}

type Store Uses

type Store interface {
    // Create the authorization code for the Authorization Code Grant flow
    // Return a ServerError if the authorization code cannot be requested
    // http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-4.1.1
    CreateAuthCode(r *OAuthRequest) (string, error)
    // Create an access token for the Implicit Token Grant flow
    // The token type, token and expiry should conform to the response guidelines/
    // If expiry is 0, then it will be considered to not have an expiration time, although
    // out-of-band events may make it expire.
    // http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-4.2.2
    CreateImplicitAccessToken(r *OAuthRequest) (token, token_type string, expiry int64, err error)
    // Validate an authorization code is valid and generate access token
    // The token type, token and expiry should conform to the response guidelines/
    // If expiry is 0, then it will be considered to not have an expiration time, although
    // out-of-band events may make it expire.
    // Return true if valid, false otherwise.
    CreateAccessToken(r *AccessTokenRequest) (token, token_type string, expiry int64, err error)
    // Validate an access token is valid
    // Return true if valid, false otherwise.
    ValidateAccessToken(authorization_field string) (bool, error)
}

Store [...]

type StoreImpl Uses

type StoreImpl struct {
    Backend AuthCache
}

An implementation of the goauth2 store that abstracts away the work into 3 parts:

1: Token/Code generation and error handling is done for the user
2: Caching active tokens and codes into an AuthCache interface
3: Looking up clients into the ClientStore interface

Note: Currently only supports public clients with bearer tokens

func NewStore Uses

func NewStore(backend AuthCache) *StoreImpl

func (*StoreImpl) CreateAccessToken Uses

func (s *StoreImpl) CreateAccessToken(r *AccessTokenRequest) (token, token_type string, expiry int64, err error)

Validate an authorization code is valid and generate access token Return true if valid, false otherwise.

func (*StoreImpl) CreateAuthCode Uses

func (s *StoreImpl) CreateAuthCode(r *OAuthRequest) (string, error)

Create the authorization code for the Authorization Code Grant flow Return a ServerError if the authorization code cannot be requested http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-4.1.1

func (*StoreImpl) CreateImplicitAccessToken Uses

func (s *StoreImpl) CreateImplicitAccessToken(r *OAuthRequest) (token, token_type string, expiry int64, err error)

Create an access token for the Implicit Token Gr`ant flow The token type, token and expiry should conform to the response guidelines http://tools.ietf.org/html/draft-ietf-oauth-v2-28#section-4.2.2

func (*StoreImpl) ValidateAccessToken Uses

func (s *StoreImpl) ValidateAccessToken(authorization_field string) (bool, error)

Validate an access token is valid Return true if valid, false otherwise. Note: Supports only bearer tokens

Directories

PathSynopsis
authcachePackage goauth2/authcache provides a basic implementation of an AuthCache as defined in package goauth2.
authcache/redis
authhandlerThis package provides a few implementations of goauth2.AuthHandler for use in embedding the goauth2 server.
testsThis package provides a few ways to test a server implementing goauth2 with their specific AuthCache implementation

Package goauth2 imports 7 packages (graph) and is imported by 2 packages. Updated 2016-07-22. Refresh now. Tools for package owners.