Documentation
¶
Index ¶
- Constants
- func ExtractUserName(token oauth2.Token) (string, error)
- type AuthorizationCodeExchangeRequest
- type AuthorizationGrant
- type AuthorizationGrantRefresher
- type AuthorizationGrantType
- type AuthorizationTokenResponse
- type ClientCredentialsExchangeRequest
- type ClientCredentialsExchanger
- type ClientCredentialsFlow
- type ClientCredentialsFlowOptions
- type ClientCredentialsGrantRefresher
- type ClientCredentialsProvider
- type ConfigBackedCachingProvider
- type DeviceAuthorizationGrantRefresher
- type DeviceCodeCallback
- type DeviceCodeExchangeRequest
- type DeviceCodeFlow
- type DeviceCodeFlowOptions
- type DeviceCodeProvider
- type DeviceCodeRequest
- type DeviceCodeResult
- type DeviceTokenExchanger
- type Flow
- type HTTPAuthTransport
- type Issuer
- type KeyFile
- type KeyFileProvider
- type LocalDeviceCodeProvider
- type LocalDeviceCodeProviderOptions
- type OIDCWellKnownEndpoints
- type RefreshTokenExchangeRequest
- type TokenError
- type TokenErrorResponse
- type TokenResult
- type TokenRetriever
- func (ce *TokenRetriever) ExchangeClientCredentials(req ClientCredentialsExchangeRequest) (*TokenResult, error)
- func (ce *TokenRetriever) ExchangeCode(req AuthorizationCodeExchangeRequest) (*TokenResult, error)
- func (ce *TokenRetriever) ExchangeDeviceCode(ctx context.Context, req DeviceCodeExchangeRequest) (*TokenResult, error)
- func (ce *TokenRetriever) ExchangeRefreshToken(req RefreshTokenExchangeRequest) (*TokenResult, error)
Constants ¶
const ( ClaimNameUserName = "https://pulsar.apache.org/username" ClaimNameName = "name" ClaimNameSubject = "sub" )
const ( FILE = "file://" DATA = "data://" )
Variables ¶
This section is empty.
Functions ¶
Types ¶
type AuthorizationCodeExchangeRequest ¶
type AuthorizationCodeExchangeRequest struct {
TokenEndpoint string
ClientID string
CodeVerifier string
Code string
RedirectURI string
}
AuthorizationCodeExchangeRequest is used to request the exchange of an authorization code for a token
type AuthorizationGrant ¶
type AuthorizationGrant struct {
// Type describes the type of authorization grant represented by this structure
Type AuthorizationGrantType `json:"type"`
// Audience is the intended audience of the access tokens
Audience string `json:"audience,omitempty"`
// ClientID is an OAuth2 client identifier used by some flows
ClientID string `json:"client_id,omitempty"`
// ClientCredentials is credentials data for the client credentials grant type
ClientCredentials *KeyFile `json:"client_credentials,omitempty"`
// the token endpoint
TokenEndpoint string `json:"token_endpoint"`
// Token contains an access token in the client credentials grant type,
// and a refresh token in the device authorization grant type
Token *oauth2.Token `json:"token,omitempty"`
// Scopes contains the scopes associated with the grant, or the scopes
// to request in the client credentials grant type
Scopes []string `json:"scopes,omitempty"`
}
AuthorizationGrant is a credential representing the resource owner's authorization to access its protected resources, and is used by the client to obtain an access token
type AuthorizationGrantRefresher ¶
type AuthorizationGrantRefresher interface {
// Refresh refreshes an authorization grant to contain a fresh access token
Refresh(grant *AuthorizationGrant) (*AuthorizationGrant, error)
}
AuthorizationGrantRefresher refreshes OAuth 2.0 authorization grant
type AuthorizationGrantType ¶
type AuthorizationGrantType string
const ( // GrantTypeClientCredentials represents a client credentials grant GrantTypeClientCredentials AuthorizationGrantType = "client_credentials" // GrantTypeDeviceCode represents a device code grant GrantTypeDeviceCode AuthorizationGrantType = "device_code" )
type AuthorizationTokenResponse ¶
type AuthorizationTokenResponse struct {
AccessToken string `json:"access_token"`
ExpiresIn int `json:"expires_in"`
IDToken string `json:"id_token"`
RefreshToken string `json:"refresh_token"`
TokenType string `json:"token_type"`
}
AuthorizationTokenResponse is the HTTP response when asking for a new token. Note that not all fields will contain data based on what kind of request was sent
type ClientCredentialsExchangeRequest ¶
type ClientCredentialsExchangeRequest struct {
TokenEndpoint string
ClientID string
ClientSecret string
Audience string
Scopes []string
}
ClientCredentialsExchangeRequest is used to request the exchange of client credentials for a token
type ClientCredentialsExchanger ¶
type ClientCredentialsExchanger interface {
ExchangeClientCredentials(req ClientCredentialsExchangeRequest) (*TokenResult, error)
}
ClientCredentialsExchanger abstracts exchanging client credentials for tokens
type ClientCredentialsFlow ¶
type ClientCredentialsFlow struct {
// contains filtered or unexported fields
}
ClientCredentialsFlow takes care of the mechanics needed for getting an access token using the OAuth 2.0 "Client Credentials Flow"
func NewDefaultClientCredentialsFlow ¶
func NewDefaultClientCredentialsFlow(options ClientCredentialsFlowOptions) (*ClientCredentialsFlow, error)
NewDefaultClientCredentialsFlow provides an easy way to build up a default client credentials flow with all the correct configuration.
func (*ClientCredentialsFlow) Authorize ¶
func (c *ClientCredentialsFlow) Authorize(audience string) (*AuthorizationGrant, error)
type ClientCredentialsGrantRefresher ¶
type ClientCredentialsGrantRefresher struct {
// contains filtered or unexported fields
}
func NewDefaultClientCredentialsGrantRefresher ¶
func NewDefaultClientCredentialsGrantRefresher(clock clock.Clock) (*ClientCredentialsGrantRefresher, error)
func (*ClientCredentialsGrantRefresher) Refresh ¶
func (g *ClientCredentialsGrantRefresher) Refresh(grant *AuthorizationGrant) (*AuthorizationGrant, error)
type ClientCredentialsProvider ¶
ClientCredentialsProvider abstracts getting client credentials
type ConfigBackedCachingProvider ¶
type ConfigBackedCachingProvider struct {
// contains filtered or unexported fields
}
ConfigBackedCachingProvider wraps a configProvider in order to conform to the cachingProvider interface
func NewConfigBackedCachingProvider ¶
func NewConfigBackedCachingProvider(clientID, audience string, config configProvider) *ConfigBackedCachingProvider
NewConfigBackedCachingProvider builds and returns a CachingTokenProvider that utilizes a configProvider to cache tokens
func (*ConfigBackedCachingProvider) CacheTokens ¶
func (c *ConfigBackedCachingProvider) CacheTokens(toCache *TokenResult) error
CacheTokens caches the id and refresh token from TokenResult in the configProvider
func (*ConfigBackedCachingProvider) GetTokens ¶
func (c *ConfigBackedCachingProvider) GetTokens() (*TokenResult, error)
GetTokens gets the tokens from the cache and returns them as a TokenResult
type DeviceAuthorizationGrantRefresher ¶
type DeviceAuthorizationGrantRefresher struct {
// contains filtered or unexported fields
}
func NewDefaultDeviceAuthorizationGrantRefresher ¶
func NewDefaultDeviceAuthorizationGrantRefresher(clock clock.Clock) (*DeviceAuthorizationGrantRefresher, error)
NewDefaultDeviceAuthorizationGrantRefresher constructs a grant refresher based on the result of the device authorization flow.
func (*DeviceAuthorizationGrantRefresher) Refresh ¶
func (g *DeviceAuthorizationGrantRefresher) Refresh(grant *AuthorizationGrant) (*AuthorizationGrant, error)
type DeviceCodeCallback ¶
type DeviceCodeCallback func(code *DeviceCodeResult) error
type DeviceCodeExchangeRequest ¶
type DeviceCodeExchangeRequest struct {
TokenEndpoint string
ClientID string
DeviceCode string
PollInterval time.Duration
}
DeviceCodeExchangeRequest is used to request the exchange of a device code for a token
type DeviceCodeFlow ¶
type DeviceCodeFlow struct {
// contains filtered or unexported fields
}
DeviceCodeFlow takes care of the mechanics needed for getting an access token using the OAuth 2.0 "Device Code Flow"
func NewDefaultDeviceCodeFlow ¶
func NewDefaultDeviceCodeFlow(options DeviceCodeFlowOptions, callback DeviceCodeCallback) (*DeviceCodeFlow, error)
NewDefaultDeviceCodeFlow provides an easy way to build up a default device code flow with all the correct configuration. If refresh tokens should be allowed pass in true for <allowRefresh>
func (*DeviceCodeFlow) Authorize ¶
func (p *DeviceCodeFlow) Authorize(audience string) (*AuthorizationGrant, error)
type DeviceCodeFlowOptions ¶
type DeviceCodeProvider ¶
type DeviceCodeProvider interface {
GetCode(audience string, additionalScopes ...string) (*DeviceCodeResult, error)
}
AuthorizationCodeProvider abstracts getting an authorization code
type DeviceCodeRequest ¶
type DeviceCodeResult ¶
type DeviceCodeResult struct {
DeviceCode string `json:"device_code"`
UserCode string `json:"user_code"`
VerificationURI string `json:"verification_uri"`
VerificationURIComplete string `json:"verification_uri_complete"`
ExpiresIn int `json:"expires_in"`
Interval int `json:"interval"`
}
DeviceCodeResult holds the device code gotten from the device code URL.
type DeviceTokenExchanger ¶
type DeviceTokenExchanger interface {
ExchangeDeviceCode(ctx context.Context, req DeviceCodeExchangeRequest) (*TokenResult, error)
ExchangeRefreshToken(req RefreshTokenExchangeRequest) (*TokenResult, error)
}
DeviceTokenExchanger abstracts exchanging for tokens
type Flow ¶
type Flow interface {
// Authorize obtains an authorization grant based on an OAuth 2.0 authorization flow.
// The method returns a grant which may contain an initial access token.
Authorize(audience string) (*AuthorizationGrant, error)
}
Flow abstracts an OAuth 2.0 authentication and authorization flow
type HTTPAuthTransport ¶
HTTPAuthTransport abstracts how an HTTP exchange request is sent and received
type KeyFileProvider ¶
type KeyFileProvider struct {
KeyFile string
}
func NewClientCredentialsProviderFromKeyFile ¶
func NewClientCredentialsProviderFromKeyFile(keyFile string) *KeyFileProvider
func (*KeyFileProvider) GetClientCredentials ¶
func (k *KeyFileProvider) GetClientCredentials() (*KeyFile, error)
type LocalDeviceCodeProvider ¶
type LocalDeviceCodeProvider struct {
// contains filtered or unexported fields
}
DeviceCodeProvider holds the information needed to easily get a device code locally.
func NewLocalDeviceCodeProvider ¶
func NewLocalDeviceCodeProvider( options LocalDeviceCodeProviderOptions, oidcWellKnownEndpoints OIDCWellKnownEndpoints, authTransport HTTPAuthTransport) *LocalDeviceCodeProvider
NewLocalDeviceCodeProvider allows for the easy setup of LocalDeviceCodeProvider
func (*LocalDeviceCodeProvider) GetCode ¶
func (cp *LocalDeviceCodeProvider) GetCode(audience string, additionalScopes ...string) (*DeviceCodeResult, error)
GetCode obtains a new device code. Additional scopes beyond openid and email can be sent by passing in arguments for <additionalScopes>.
type LocalDeviceCodeProviderOptions ¶
type LocalDeviceCodeProviderOptions struct {
ClientID string
}
type OIDCWellKnownEndpoints ¶
type OIDCWellKnownEndpoints struct {
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
}
OIDCWellKnownEndpoints holds the well known OIDC endpoints
func GetOIDCWellKnownEndpointsFromIssuerURL ¶
func GetOIDCWellKnownEndpointsFromIssuerURL(issuerURL string) (*OIDCWellKnownEndpoints, error)
GetOIDCWellKnownEndpointsFromIssuerURL gets the well known endpoints for the passed in issuer url
type RefreshTokenExchangeRequest ¶
type RefreshTokenExchangeRequest struct {
TokenEndpoint string
ClientID string
RefreshToken string
}
RefreshTokenExchangeRequest is used to request the exchange of a refresh token for a refreshed token
type TokenError ¶
func (*TokenError) Error ¶
func (e *TokenError) Error() string
type TokenErrorResponse ¶
type TokenErrorResponse struct {
Error string `json:"error"`
ErrorDescription string `json:"error_description"`
}
TokenErrorResponse is used to parse error responses from the token endpoint
type TokenResult ¶
type TokenResult struct {
AccessToken string `json:"access_token"`
IDToken string `json:"id_token"`
RefreshToken string `json:"refresh_token"`
ExpiresIn int `json:"expires_in"`
}
TokenResult holds token information
type TokenRetriever ¶
type TokenRetriever struct {
// contains filtered or unexported fields
}
TokenRetriever implements AuthTokenExchanger in order to facilitate getting Tokens
func NewTokenRetriever ¶
func NewTokenRetriever(authTransport HTTPAuthTransport) *TokenRetriever
NewTokenRetriever allows a TokenRetriever the internal of a new TokenRetriever to be easily set up
func (*TokenRetriever) ExchangeClientCredentials ¶
func (ce *TokenRetriever) ExchangeClientCredentials(req ClientCredentialsExchangeRequest) (*TokenResult, error)
ExchangeClientCredentials uses the ClientCredentialsExchangeRequest to exchange client credentials for tokens
func (*TokenRetriever) ExchangeCode ¶
func (ce *TokenRetriever) ExchangeCode(req AuthorizationCodeExchangeRequest) (*TokenResult, error)
ExchangeCode uses the AuthCodeExchangeRequest to exchange an authorization code for tokens
func (*TokenRetriever) ExchangeDeviceCode ¶
func (ce *TokenRetriever) ExchangeDeviceCode(ctx context.Context, req DeviceCodeExchangeRequest) (*TokenResult, error)
ExchangeDeviceCode uses the DeviceCodeExchangeRequest to exchange a device code for tokens
func (*TokenRetriever) ExchangeRefreshToken ¶
func (ce *TokenRetriever) ExchangeRefreshToken(req RefreshTokenExchangeRequest) (*TokenResult, error)
ExchangeRefreshToken uses the RefreshTokenExchangeRequest to exchange a refresh token for refreshed tokens
Source Files
Directories