Documentation
¶
Index ¶
- Constants
- Variables
- func Error(w http.ResponseWriter, error string, statusCode int)
- func GenerateCodeChallenge(verifier string) string
- func GenerateSecret() string
- func RedirectError(w http.ResponseWriter, r *http.Request, redirectURI string, error string, ...)
- type AuthCodeOption
- type AuthStyle
- type AuthorizationServer
- func (srv *AuthorizationServer) GenerateToken(clientID string, userID string, signingKeyID int, refreshKeyID int) (token *Token, err error)
- func (srv *AuthorizationServer) GetClient(clientID string) (*Client, error)
- func (srv *AuthorizationServer) IssueCode(challenge string, userID string) (code string)
- func (srv *AuthorizationServer) PublicKeys() map[int]*ecdsa.PublicKey
- func (srv *AuthorizationServer) ValidateCode(verifier string, code string) bool
- type AuthorizationServerOption
- func WithAllowedOrigins(origin string) AuthorizationServerOption
- func WithClient(clientID string, clientSecret string, redirectURI string) AuthorizationServerOption
- func WithPublicURL(publicURL string) AuthorizationServerOption
- func WithSigningKeysFunc(f signingKeysFunc) AuthorizationServerOption
- func WithTokenClaimsFunc(f func(clientID string, userID string) map[string]interface{}) AuthorizationServerOption
- type Client
- type CodeIssuer
- type Config
- type Endpoint
- type JSONWebKey
- type JSONWebKeySet
- type Logger
- type RetrieveError
- type ServerMetadata
- type Token
- type TokenSource
- type Transport
Examples ¶
Constants ¶
const ( ErrorInvalidRequest = "invalid_request" ErrorInvalidClient = "invalid_client" ErrorInvalidGrant = "invalid_grant" DefaultExpireIn = time.Hour * 24 DefaultAddress = "http://localhost:8000" )
Variables ¶
var ( ErrClientNotFound = errors.New("client not found") ErrInvalidBasicAuthentication = errors.New("invalid or missing basic authentication") )
var ReuseTokenSource = oauth2.ReuseTokenSource
ReuseTokenSource is a function alias for https://pkg.go.dev/golang.org/x/oauth2#ReuseTokenSource.
var SetAuthURLParam = oauth2.SetAuthURLParam
SetAuthURLParam is a function alias for https://pkg.go.dev/golang.org/x/oauth2#SetAuthURLParam.
var StaticTokenSource = oauth2.StaticTokenSource
StaticTokenSource is a function alias for https://pkg.go.dev/golang.org/x/oauth2#StaticTokenSource.
Functions ¶
func GenerateCodeChallenge ¶ added in v0.5.3
func GenerateSecret ¶ added in v0.5.0
func GenerateSecret() string
func RedirectError ¶ added in v0.5.0
Types ¶
type AuthCodeOption ¶ added in v0.3.0
type AuthCodeOption = oauth2.AuthCodeOption
AuthCodeOption is a type alias for https://pkg.go.dev/golang.org/x/oauth2#AuthCodeOption.
type AuthStyle ¶ added in v0.2.0
AuthStyle is a type alias for https://pkg.go.dev/golang.org/x/oauth2#AuthStyle.
type AuthorizationServer ¶ added in v0.2.0
AuthorizationServer is an OAuth 2.0 authorization server
Example ¶
ExampleLoginPage sets up an OAuth 2.0 authorization server with an integrated login page (acting as an authentication server).
package main
import (
"fmt"
oauth2 "github.com/oxisto/oauth2go"
"github.com/oxisto/oauth2go/login"
)
func main() {
var srv *oauth2.AuthorizationServer
var port = 8000
srv = oauth2.NewServer(fmt.Sprintf(":%d", port),
login.WithLoginPage(login.WithUser("admin", "admin")),
)
fmt.Printf("Creating new OAuth 2.0 server on %d", port)
go srv.ListenAndServe()
defer srv.Close()
}
Output: Creating new OAuth 2.0 server on 8000
func NewServer ¶
func NewServer(addr string, opts ...AuthorizationServerOption) *AuthorizationServer
func (*AuthorizationServer) GenerateToken ¶ added in v0.5.4
func (srv *AuthorizationServer) GenerateToken(clientID string, userID string, signingKeyID int, refreshKeyID int) (token *Token, err error)
GenerateToken generates a Token (comprising at least an acesss token) for a specific client, as specified by its ID and optional userID. A signingKey needs to be specified, otherwise an error is thrown. Optionally, if a refreshKey is specified, that key is used to also create a refresh token. The generated access token always has subject=clientID and can include user-specific claims using the "preferred_username" claim and the optional custom claims callback.
func (*AuthorizationServer) GetClient ¶ added in v0.5.0
func (srv *AuthorizationServer) GetClient(clientID string) (*Client, error)
GetClient returns the client for the given ID or ErrClientNotFound.
func (*AuthorizationServer) IssueCode ¶ added in v0.5.0
func (srv *AuthorizationServer) IssueCode(challenge string, userID string) (code string)
IssueCode implements CodeIssuer and binds the code to a user.
func (*AuthorizationServer) PublicKeys ¶ added in v0.5.0
func (srv *AuthorizationServer) PublicKeys() map[int]*ecdsa.PublicKey
PublicKey returns the public keys of the signing key of this authorization server in a map, indexed by its kid.
func (*AuthorizationServer) ValidateCode ¶ added in v0.5.0
func (srv *AuthorizationServer) ValidateCode(verifier string, code string) bool
ValidateCode implements CodeIssuer. It checks if the code exists and is not expired. If the code exists, it will be invalidated after this call.
type AuthorizationServerOption ¶ added in v0.2.0
type AuthorizationServerOption func(srv *AuthorizationServer)
func WithAllowedOrigins ¶ added in v0.5.13
func WithAllowedOrigins(origin string) AuthorizationServerOption
func WithClient ¶
func WithClient( clientID string, clientSecret string, redirectURI string, ) AuthorizationServerOption
func WithPublicURL ¶ added in v0.7.0
func WithPublicURL(publicURL string) AuthorizationServerOption
func WithSigningKeysFunc ¶ added in v0.5.5
func WithSigningKeysFunc(f signingKeysFunc) AuthorizationServerOption
func WithTokenClaimsFunc ¶ added in v0.16.0
func WithTokenClaimsFunc(f func(clientID string, userID string) map[string]interface{}) AuthorizationServerOption
WithTokenClaimsFunc sets a callback that can inject custom claims into access tokens. The callback receives clientID and userID.
The userID is set for the authorization code flow (when used with the optional login package) and empty for client credentials.
type CodeIssuer ¶ added in v0.5.0
type Config ¶ added in v0.2.0
Config is a type alias for https://pkg.go.dev/golang.org/x/oauth2#Config.
type Endpoint ¶ added in v0.2.0
Endpoint is a type alias for https://pkg.go.dev/golang.org/x/oauth2#Endpoint.
type JSONWebKey ¶
type JSONWebKey struct {
Kid string `json:"kid"`
Kty string `json:"kty"`
Crv string `json:"crv"`
X string `json:"x"`
Y string `json:"y"`
}
JSONWebKey is a JSON Web Key that only supports elliptic curve keys for now.
type JSONWebKeySet ¶ added in v0.3.0
type JSONWebKeySet struct {
Keys []JSONWebKey `json:"keys"`
}
JSONWebKeySet is a JSON Web Key Set.
type RetrieveError ¶ added in v0.3.0
type RetrieveError = oauth2.RetrieveError
RetrieveError is a type alias for https://pkg.go.dev/golang.org/x/oauth2#RetrieveError.
type ServerMetadata ¶ added in v0.7.0
type ServerMetadata struct {
Issuer string `json:"issuer"`
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
JWKSURI string `json:"jwks_uri"`
SupportedScopes []string `json:"scopes_supported"`
SupportedResponseTypes []string `json:"response_types_supported"`
SupportedGrantTypes []string `json:"grant_types_supported"`
}
ServerMetadata is a struct that contains metadata according to RFC 8414.
type Token ¶ added in v0.3.0
Token is a type alias for https://pkg.go.dev/golang.org/x/oauth2#Token.
type TokenSource ¶ added in v0.3.0
type TokenSource = oauth2.TokenSource
TokenSource is a type alias for https://pkg.go.dev/golang.org/x/oauth2#TokenSource.
type Transport ¶ added in v0.3.0
Transport is a type alias for https://pkg.go.dev/golang.org/x/oauth2#Transport.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
server
command
|
|
|
internal
|
|
|
mock
package mock contains several structs that are used in various unit tests
|
package mock contains several structs that are used in various unit tests |
|
package login contains an optional "login" (authentication) server that can be used.
|
package login contains an optional "login" (authentication) server that can be used. |