oauth2provider
package
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
Documentation¶
Index¶
- Constants
- Variables
- func CreateApp(db database.Store, accessURL *url.URL, auditor *audit.Auditor, ...) http.HandlerFunc
- func CreateAppSecret(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func CreateDynamicClientRegistration(db database.Store, accessURL *url.URL, auditor *audit.Auditor, ...) http.HandlerFunc
- func DeleteApp(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func DeleteAppSecret(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func DeleteClientConfiguration(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func GetApp(accessURL *url.URL) http.HandlerFunc
- func GetAppSecrets(db database.Store) http.HandlerFunc
- func GetAuthorizationServerMetadata(accessURL *url.URL) http.HandlerFunc
- func GetClientConfiguration(db database.Store) http.HandlerFunc
- func GetProtectedResourceMetadata(accessURL *url.URL) http.HandlerFunc
- func ListApps(db database.Store, accessURL *url.URL) http.HandlerFunc
- func ProcessAuthorize(db database.Store) http.HandlerFunc
- func RequireRegistrationAccessToken(db database.Store) func(http.Handler) http.Handler
- func RevokeApp(db database.Store) http.HandlerFunc
- func RevokeToken(db database.Store, logger slog.Logger) http.HandlerFunc
- func ShowAuthorizePage(accessURL *url.URL) http.HandlerFunc
- func Tokens(db database.Store, lifetimes codersdk.SessionLifetime) http.HandlerFunc
- func UpdateApp(db database.Store, accessURL *url.URL, auditor *audit.Auditor, ...) http.HandlerFunc
- func UpdateClientConfiguration(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func VerifyPKCE(challenge, verifier string) bool
- type AppSecret
- type HashedAppSecret
Constants¶
const (// SecretIdentifier is the prefix added to all generated secrets.SecretIdentifier = "coder")Variables¶
var (// ErrTokenNotBelongsToClient is returned when a token does not belong to the requesting clientErrTokenNotBelongsToClient =xerrors.New("token does not belong to requesting client")// ErrInvalidTokenFormat is returned when a token has an invalid formatErrInvalidTokenFormat =xerrors.New("invalid token format"))
Functions¶
funcCreateApp¶
func CreateApp(dbdatabase.Store, accessURL *url.URL, auditor *audit.Auditor, loggerslog.Logger)http.HandlerFunc
CreateApp returns an http.HandlerFunc that handles POST /oauth2-provider/apps
funcCreateAppSecret¶
CreateAppSecret returns an http.HandlerFunc that handles POST /oauth2-provider/apps/{app}/secrets
funcCreateDynamicClientRegistration¶
func CreateDynamicClientRegistration(dbdatabase.Store, accessURL *url.URL, auditor *audit.Auditor, loggerslog.Logger)http.HandlerFunc
CreateDynamicClientRegistration returns an http.HandlerFunc that handles POST /oauth2/register
funcDeleteAppSecret¶
DeleteAppSecret returns an http.HandlerFunc that handles DELETE /oauth2-provider/apps/{app}/secrets/{secretID}
funcDeleteClientConfiguration¶
func DeleteClientConfiguration(dbdatabase.Store, auditor *audit.Auditor, loggerslog.Logger)http.HandlerFunc
DeleteClientConfiguration returns an http.HandlerFunc that handles DELETE /oauth2/clients/{client_id}
funcGetApp¶
func GetApp(accessURL *url.URL)http.HandlerFunc
GetApp returns an http.HandlerFunc that handles GET /oauth2-provider/apps/{app}
funcGetAppSecrets¶
func GetAppSecrets(dbdatabase.Store)http.HandlerFunc
GetAppSecrets returns an http.HandlerFunc that handles GET /oauth2-provider/apps/{app}/secrets
funcGetAuthorizationServerMetadata¶
func GetAuthorizationServerMetadata(accessURL *url.URL)http.HandlerFunc
GetAuthorizationServerMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-authorization-server
funcGetClientConfiguration¶
func GetClientConfiguration(dbdatabase.Store)http.HandlerFunc
GetClientConfiguration returns an http.HandlerFunc that handles GET /oauth2/clients/{client_id}
funcGetProtectedResourceMetadata¶
func GetProtectedResourceMetadata(accessURL *url.URL)http.HandlerFunc
GetProtectedResourceMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-protected-resource
funcProcessAuthorize¶
func ProcessAuthorize(dbdatabase.Store)http.HandlerFunc
ProcessAuthorize handles POST /oauth2/authorize requests to process the user's authorization decisionand generate an authorization code.
funcRequireRegistrationAccessToken¶
RequireRegistrationAccessToken returns middleware that validates the registration access token forRFC 7592 endpoints
funcRevokeToken¶added inv2.28.0
RevokeToken implementsRFC 7009 OAuth2 Token RevocationAuthentication is unique for this endpoint in that it does not use thestandard token authentication middleware. Instead, it expects the token thatis being revoked to be valid.TODO: Currently the token validation occurs in the revocation logic itself.This code should be refactored to share token validation logic with other partsof the OAuth2 provider/http middleware.
funcShowAuthorizePage¶
func ShowAuthorizePage(accessURL *url.URL)http.HandlerFunc
ShowAuthorizePage handles GET /oauth2/authorize requests to display the HTML authorization page.
funcTokens¶
func Tokens(dbdatabase.Store, lifetimescodersdk.SessionLifetime)http.HandlerFunc
TokensUses Sessions.DefaultDuration for access token (API key) TTL andSessions.RefreshDefaultDuration for refresh token TTL.
funcUpdateApp¶
func UpdateApp(dbdatabase.Store, accessURL *url.URL, auditor *audit.Auditor, loggerslog.Logger)http.HandlerFunc
UpdateApp returns an http.HandlerFunc that handles PUT /oauth2-provider/apps/{app}
funcUpdateClientConfiguration¶
func UpdateClientConfiguration(dbdatabase.Store, auditor *audit.Auditor, loggerslog.Logger)http.HandlerFunc
UpdateClientConfiguration returns an http.HandlerFunc that handles PUT /oauth2/clients/{client_id}
funcVerifyPKCE¶
VerifyPKCE verifies that the code_verifier matches the code_challengeusing the S256 method as specified inRFC 7636.
Types¶
typeAppSecret¶
type AppSecret struct {// Formatted contains the secret. This value is owned by the client, not the// server. It is formatted to include the prefix.Formattedstring// Secret is the raw secret value. This value should only be known to the client.Secretstring// Prefix is the ID of this secret owned by the server. When a client uses a// secret, this is the matching string to do a lookup on the hashed value. We// cannot use the hashed value directly because the server does not store the// salt.Prefixstring}funcParseFormattedSecret¶added inv2.28.0
ParseFormattedSecret parses a formatted secret like "coder_<prefix>_<secret"
typeHashedAppSecret¶added inv2.28.0
type HashedAppSecret struct {AppSecret// Hashed is the server stored hash(secret,salt,...). Used for verifying a// secret.Hashed []byte}funcGenerateSecret¶
func GenerateSecret() (HashedAppSecret,error)
GenerateSecret generates a secret to be used as a client secret, refreshtoken, or authorization code.
Source Files¶
Directories¶
| Path | Synopsis |
|---|---|
Package oauth2providertest provides comprehensive testing utilities for OAuth2 identity provider functionality. | Package oauth2providertest provides comprehensive testing utilities for OAuth2 identity provider functionality. |