...

Package oauth2

import "github.com/ory/fosite/handler/oauth2"
Overview
Index

Overview ▾

Index ▾

func AccessTokenJWTToRequest(token *jwt.Token) fosite.Requester
type AccessTokenStorage
type AccessTokenStrategy
type AuthorizeCodeStorage
type AuthorizeCodeStrategy
type AuthorizeExplicitGrantHandler
    func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
    func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
    func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string
    func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
    func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
    func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
    func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) (err error)
type AuthorizeImplicitGrantTypeHandler
    func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
    func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error
type ClientCredentialsGrantHandler
    func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
    func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
    func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error
    func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error
type ClientCredentialsGrantStorage
type CoreStorage
type CoreStrategy
type CoreValidator
    func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)
type DefaultJWTStrategy
    func (h DefaultJWTStrategy) AccessTokenSignature(token string) string
    func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string
    func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
    func (h *DefaultJWTStrategy) GenerateAuthorizeCode(ctx context.Context, req fosite.Requester) (token string, signature string, err error)
    func (h *DefaultJWTStrategy) GenerateRefreshToken(ctx context.Context, req fosite.Requester) (token string, signature string, err error)
    func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string
    func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error
    func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosite.Requester, token string) error
    func (h *DefaultJWTStrategy) ValidateRefreshToken(ctx context.Context, req fosite.Requester, token string) error
    func (h *DefaultJWTStrategy) WithIssuer(issuer string) *DefaultJWTStrategy
    func (h *DefaultJWTStrategy) WithScopeField(scopeField jwt.JWTScopeFieldEnum) *DefaultJWTStrategy
type HMACSHAStrategy
    func (h HMACSHAStrategy) AccessTokenSignature(token string) string
    func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string
    func (h HMACSHAStrategy) GenerateAccessToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
    func (h HMACSHAStrategy) GenerateAuthorizeCode(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
    func (h HMACSHAStrategy) GenerateRefreshToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)
    func (h HMACSHAStrategy) RefreshTokenSignature(token string) string
    func (h HMACSHAStrategy) ValidateAccessToken(_ context.Context, r fosite.Requester, token string) (err error)
    func (h HMACSHAStrategy) ValidateAuthorizeCode(_ context.Context, r fosite.Requester, token string) (err error)
    func (h HMACSHAStrategy) ValidateRefreshToken(_ context.Context, r fosite.Requester, token string) (err error)
type HandleHelper
    func (h *HandleHelper) IssueAccessToken(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
type JWTSession
    func (j *JWTSession) Clone() fosite.Session
    func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time
    func (s *JWTSession) GetExtraClaims() map[string]interface{}
    func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer
    func (j *JWTSession) GetJWTHeader() *jwt.Headers
    func (j *JWTSession) GetSubject() string
    func (j *JWTSession) GetUsername() string
    func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)
    func (j *JWTSession) SetSubject(subject string)
type JWTSessionContainer
type RefreshTokenGrantHandler
    func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
    func (c *RefreshTokenGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
    func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
    func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) (err error)
type RefreshTokenStorage
type RefreshTokenStrategy
type ResourceOwnerPasswordCredentialsGrantHandler
    func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool
    func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool
    func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error
    func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error
type ResourceOwnerPasswordCredentialsGrantStorage
type StatelessJWTValidator
    func (v *StatelessJWTValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)
type TokenRevocationHandler
    func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error
type TokenRevocationStorage

Package files

flow_authorize_code_auth.go flow_authorize_code_token.go flow_authorize_implicit.go flow_client_credentials.go flow_client_credentials_storage.go flow_refresh.go flow_resource_owner.go flow_resource_owner_storage.go helper.go introspector.go introspector_jwt.go revocation.go revocation_storage.go storage.go strategy.go strategy_hmacsha.go strategy_jwt.go strategy_jwt_session.go

func AccessTokenJWTToRequest 

func AccessTokenJWTToRequest(token *jwt.Token) fosite.Requester

AccessTokenJWTToRequest tries to reconstruct fosite.Request from a JWT.

type AccessTokenStorage 

type AccessTokenStorage interface {
    CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

    GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

    DeleteAccessTokenSession(ctx context.Context, signature string) (err error)
}

type AccessTokenStrategy 

type AccessTokenStrategy interface {
    AccessTokenSignature(token string) string
    GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
    ValidateAccessToken(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type AuthorizeCodeStorage

AuthorizeCodeStorage handles storage requests related to authorization codes. 

type AuthorizeCodeStorage interface {
    // GetAuthorizeCodeSession stores the authorization request for a given authorization code.
    CreateAuthorizeCodeSession(ctx context.Context, code string, request fosite.Requester) (err error)

    // GetAuthorizeCodeSession hydrates the session based on the given code and returns the authorization request.
    // If the authorization code has been invalidated with `InvalidateAuthorizeCodeSession`, this
    // method should return the ErrInvalidatedAuthorizeCode error.
    //
    // Make sure to also return the fosite.Requester value when returning the fosite.ErrInvalidatedAuthorizeCode error!
    GetAuthorizeCodeSession(ctx context.Context, code string, session fosite.Session) (request fosite.Requester, err error)

    // InvalidateAuthorizeCodeSession is called when an authorize code is being used. The state of the authorization
    // code should be set to invalid and consecutive requests to GetAuthorizeCodeSession should return the
    // ErrInvalidatedAuthorizeCode error.
    InvalidateAuthorizeCodeSession(ctx context.Context, code string) (err error)
}

type AuthorizeCodeStrategy 

type AuthorizeCodeStrategy interface {
    AuthorizeCodeSignature(token string) string
    GenerateAuthorizeCode(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
    ValidateAuthorizeCode(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type AuthorizeExplicitGrantHandler

AuthorizeExplicitGrantTypeHandler is a response handler for the Authorize Code grant using the explicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.1 

type AuthorizeExplicitGrantHandler struct {
    AccessTokenStrategy   AccessTokenStrategy
    RefreshTokenStrategy  RefreshTokenStrategy
    AuthorizeCodeStrategy AuthorizeCodeStrategy
    CoreStorage           CoreStorage

    // AuthCodeLifespan defines the lifetime of an authorize code.
    AuthCodeLifespan time.Duration

    // AccessTokenLifespan defines the lifetime of an access token.
    AccessTokenLifespan time.Duration

    // RefreshTokenLifespan defines the lifetime of a refresh token. Leave to 0 for unlimited lifetime.
    RefreshTokenLifespan time.Duration

    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy

    // SanitationWhiteList is a whitelist of form values that are required by the token endpoint. These values
    // are safe for storage in a database (cleartext).
    SanitationWhiteList []string

    TokenRevocationStorage TokenRevocationStorage

    IsRedirectURISecure func(*url.URL) bool

    RefreshTokenScopes []string

    // OmitRedirectScopeParam must be set to true if the scope query param is to be omitted
    // in the authorization's redirect URI
    OmitRedirectScopeParam bool
}

func (*AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest 

func (c *AuthorizeExplicitGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*AuthorizeExplicitGrantHandler) CanSkipClientAuth 

func (c *AuthorizeExplicitGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*AuthorizeExplicitGrantHandler) GetSanitationWhiteList 

func (c *AuthorizeExplicitGrantHandler) GetSanitationWhiteList() []string

func (*AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest 

func (c *AuthorizeExplicitGrantHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest 

func (c *AuthorizeExplicitGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements * https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything)

func (*AuthorizeExplicitGrantHandler) IssueAuthorizeCode 

func (c *AuthorizeExplicitGrantHandler) IssueAuthorizeCode(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse 

func (c *AuthorizeExplicitGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) (err error)

type AuthorizeImplicitGrantTypeHandler

AuthorizeImplicitGrantTypeHandler is a response handler for the Authorize Code grant using the implicit grant type as defined in https://tools.ietf.org/html/rfc6749#section-4.2 

type AuthorizeImplicitGrantTypeHandler struct {
    AccessTokenStrategy AccessTokenStrategy

    // AccessTokenStorage is used to persist session data across requests.
    AccessTokenStorage AccessTokenStorage

    // AccessTokenLifespan defines the lifetime of an access token.
    AccessTokenLifespan time.Duration

    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy
}

func (*AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest 

func (c *AuthorizeImplicitGrantTypeHandler) HandleAuthorizeEndpointRequest(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

func (*AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken 

func (c *AuthorizeImplicitGrantTypeHandler) IssueImplicitAccessToken(ctx context.Context, ar fosite.AuthorizeRequester, resp fosite.AuthorizeResponder) error

type ClientCredentialsGrantHandler 

type ClientCredentialsGrantHandler struct {
    *HandleHelper
    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy
}

func (*ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest 

func (c *ClientCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*ClientCredentialsGrantHandler) CanSkipClientAuth 

func (c *ClientCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*ClientCredentialsGrantHandler) HandleTokenEndpointRequest 

func (c *ClientCredentialsGrantHandler) HandleTokenEndpointRequest(_ context.Context, request fosite.AccessRequester) error

IntrospectTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.4.2

func (*ClientCredentialsGrantHandler) PopulateTokenEndpointResponse 

func (c *ClientCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.4.3

type ClientCredentialsGrantStorage 

type ClientCredentialsGrantStorage interface {
    AccessTokenStorage
}

type CoreStorage 

type CoreStorage interface {
    AuthorizeCodeStorage
    AccessTokenStorage
    RefreshTokenStorage
}

type CoreStrategy 

type CoreStrategy interface {
    AccessTokenStrategy
    RefreshTokenStrategy
    AuthorizeCodeStrategy
}

type CoreValidator 

type CoreValidator struct {
    CoreStrategy
    CoreStorage
    ScopeStrategy                 fosite.ScopeStrategy
    DisableRefreshTokenValidation bool
}

func (*CoreValidator) IntrospectToken 

func (c *CoreValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)

type DefaultJWTStrategy

DefaultJWTStrategy is a JWT RS256 strategy. 

type DefaultJWTStrategy struct {
    jwt.JWTStrategy
    HMACSHAStrategy *HMACSHAStrategy
    Issuer          string
    ScopeField      jwt.JWTScopeFieldEnum
}

func (DefaultJWTStrategy) AccessTokenSignature 

func (h DefaultJWTStrategy) AccessTokenSignature(token string) string

func (DefaultJWTStrategy) AuthorizeCodeSignature 

func (h DefaultJWTStrategy) AuthorizeCodeSignature(token string) string

func (*DefaultJWTStrategy) GenerateAccessToken 

func (h *DefaultJWTStrategy) GenerateAccessToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)

func (*DefaultJWTStrategy) GenerateAuthorizeCode 

func (h *DefaultJWTStrategy) GenerateAuthorizeCode(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

func (*DefaultJWTStrategy) GenerateRefreshToken 

func (h *DefaultJWTStrategy) GenerateRefreshToken(ctx context.Context, req fosite.Requester) (token string, signature string, err error)

func (DefaultJWTStrategy) RefreshTokenSignature 

func (h DefaultJWTStrategy) RefreshTokenSignature(token string) string

func (*DefaultJWTStrategy) ValidateAccessToken 

func (h *DefaultJWTStrategy) ValidateAccessToken(ctx context.Context, _ fosite.Requester, token string) error

func (*DefaultJWTStrategy) ValidateAuthorizeCode 

func (h *DefaultJWTStrategy) ValidateAuthorizeCode(ctx context.Context, req fosite.Requester, token string) error

func (*DefaultJWTStrategy) ValidateRefreshToken 

func (h *DefaultJWTStrategy) ValidateRefreshToken(ctx context.Context, req fosite.Requester, token string) error

func (*DefaultJWTStrategy) WithIssuer 

func (h *DefaultJWTStrategy) WithIssuer(issuer string) *DefaultJWTStrategy

func (*DefaultJWTStrategy) WithScopeField 

func (h *DefaultJWTStrategy) WithScopeField(scopeField jwt.JWTScopeFieldEnum) *DefaultJWTStrategy

type HMACSHAStrategy 

type HMACSHAStrategy struct {
    Enigma                *enigma.HMACStrategy
    AccessTokenLifespan   time.Duration
    RefreshTokenLifespan  time.Duration
    AuthorizeCodeLifespan time.Duration
}

func (HMACSHAStrategy) AccessTokenSignature 

func (h HMACSHAStrategy) AccessTokenSignature(token string) string

func (HMACSHAStrategy) AuthorizeCodeSignature 

func (h HMACSHAStrategy) AuthorizeCodeSignature(token string) string

func (HMACSHAStrategy) GenerateAccessToken 

func (h HMACSHAStrategy) GenerateAccessToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) GenerateAuthorizeCode 

func (h HMACSHAStrategy) GenerateAuthorizeCode(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) GenerateRefreshToken 

func (h HMACSHAStrategy) GenerateRefreshToken(_ context.Context, _ fosite.Requester) (token string, signature string, err error)

func (HMACSHAStrategy) RefreshTokenSignature 

func (h HMACSHAStrategy) RefreshTokenSignature(token string) string

func (HMACSHAStrategy) ValidateAccessToken 

func (h HMACSHAStrategy) ValidateAccessToken(_ context.Context, r fosite.Requester, token string) (err error)

func (HMACSHAStrategy) ValidateAuthorizeCode 

func (h HMACSHAStrategy) ValidateAuthorizeCode(_ context.Context, r fosite.Requester, token string) (err error)

func (HMACSHAStrategy) ValidateRefreshToken 

func (h HMACSHAStrategy) ValidateRefreshToken(_ context.Context, r fosite.Requester, token string) (err error)

type HandleHelper 

type HandleHelper struct {
    AccessTokenStrategy  AccessTokenStrategy
    AccessTokenStorage   AccessTokenStorage
    AccessTokenLifespan  time.Duration
    RefreshTokenLifespan time.Duration
}

func (*HandleHelper) IssueAccessToken 

func (h *HandleHelper) IssueAccessToken(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

type JWTSession

JWTSession Container for the JWT session. 

type JWTSession struct {
    JWTClaims *jwt.JWTClaims
    JWTHeader *jwt.Headers
    ExpiresAt map[fosite.TokenType]time.Time
    Username  string
    Subject   string
}

func (*JWTSession) Clone 

func (j *JWTSession) Clone() fosite.Session

func (*JWTSession) GetExpiresAt 

func (j *JWTSession) GetExpiresAt(key fosite.TokenType) time.Time

func (*JWTSession) GetExtraClaims 

func (s *JWTSession) GetExtraClaims() map[string]interface{}

GetExtraClaims implements ExtraClaimsSession for JWTSession. The returned value is a copy of JWTSession claims.

func (*JWTSession) GetJWTClaims 

func (j *JWTSession) GetJWTClaims() jwt.JWTClaimsContainer

func (*JWTSession) GetJWTHeader 

func (j *JWTSession) GetJWTHeader() *jwt.Headers

func (*JWTSession) GetSubject 

func (j *JWTSession) GetSubject() string

func (*JWTSession) GetUsername 

func (j *JWTSession) GetUsername() string

func (*JWTSession) SetExpiresAt 

func (j *JWTSession) SetExpiresAt(key fosite.TokenType, exp time.Time)

func (*JWTSession) SetSubject 

func (j *JWTSession) SetSubject(subject string)

type JWTSessionContainer 

type JWTSessionContainer interface {
    // GetJWTClaims returns the claims.
    GetJWTClaims() jwt.JWTClaimsContainer

    // GetJWTHeader returns the header.
    GetJWTHeader() *jwt.Headers

    fosite.Session
}

type RefreshTokenGrantHandler 

type RefreshTokenGrantHandler struct {
    AccessTokenStrategy    AccessTokenStrategy
    RefreshTokenStrategy   RefreshTokenStrategy
    TokenRevocationStorage TokenRevocationStorage

    // AccessTokenLifespan defines the lifetime of an access token.
    AccessTokenLifespan time.Duration

    // RefreshTokenLifespan defines the lifetime of a refresh token.
    RefreshTokenLifespan time.Duration

    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy
    RefreshTokenScopes       []string
}

func (*RefreshTokenGrantHandler) CanHandleTokenEndpointRequest 

func (c *RefreshTokenGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*RefreshTokenGrantHandler) CanSkipClientAuth 

func (c *RefreshTokenGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*RefreshTokenGrantHandler) HandleTokenEndpointRequest 

func (c *RefreshTokenGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-6

func (*RefreshTokenGrantHandler) PopulateTokenEndpointResponse 

func (c *RefreshTokenGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) (err error)

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-6

type RefreshTokenStorage 

type RefreshTokenStorage interface {
    CreateRefreshTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error)

    GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error)

    DeleteRefreshTokenSession(ctx context.Context, signature string) (err error)
}

type RefreshTokenStrategy 

type RefreshTokenStrategy interface {
    RefreshTokenSignature(token string) string
    GenerateRefreshToken(ctx context.Context, requester fosite.Requester) (token string, signature string, err error)
    ValidateRefreshToken(ctx context.Context, requester fosite.Requester, token string) (err error)
}

type ResourceOwnerPasswordCredentialsGrantHandler

Deprecated: This handler is deprecated as a means to communicate that the ROPC grant type is widely discouraged and is at the time of this writing going to be omitted in the OAuth 2.1 spec. For more information on why this grant type is discouraged see: https://www.scottbrady91.com/oauth/why-the-resource-owner-password-credentials-grant-type-is-not-authentication-nor-suitable-for-modern-applications 

type ResourceOwnerPasswordCredentialsGrantHandler struct {
    // ResourceOwnerPasswordCredentialsGrantStorage is used to persist session data across requests.
    ResourceOwnerPasswordCredentialsGrantStorage ResourceOwnerPasswordCredentialsGrantStorage

    RefreshTokenStrategy     RefreshTokenStrategy
    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy
    RefreshTokenScopes       []string

    *HandleHelper
}

func (*ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.3.2

func (*ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse 

func (c *ResourceOwnerPasswordCredentialsGrantHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

PopulateTokenEndpointResponse implements https://tools.ietf.org/html/rfc6749#section-4.3.3

type ResourceOwnerPasswordCredentialsGrantStorage 

type ResourceOwnerPasswordCredentialsGrantStorage interface {
    Authenticate(ctx context.Context, name string, secret string) error
    AccessTokenStorage
    RefreshTokenStorage
}

type StatelessJWTValidator 

type StatelessJWTValidator struct {
    jwt.JWTStrategy
    ScopeStrategy fosite.ScopeStrategy
}

func (*StatelessJWTValidator) IntrospectToken 

func (v *StatelessJWTValidator) IntrospectToken(ctx context.Context, token string, tokenUse fosite.TokenUse, accessRequest fosite.AccessRequester, scopes []string) (fosite.TokenUse, error)

type TokenRevocationHandler 

type TokenRevocationHandler struct {
    TokenRevocationStorage TokenRevocationStorage
    RefreshTokenStrategy   RefreshTokenStrategy
    AccessTokenStrategy    AccessTokenStrategy
}

func (*TokenRevocationHandler) RevokeToken 

func (r *TokenRevocationHandler) RevokeToken(ctx context.Context, token string, tokenType fosite.TokenType, client fosite.Client) error

RevokeToken implements https://tools.ietf.org/html/rfc7009#section-2.1 The token type hint indicates which token type check should be performed first.

type TokenRevocationStorage

TokenRevocationStorage provides the storage implementation as specified in: https://tools.ietf.org/html/rfc7009 

type TokenRevocationStorage interface {
    RefreshTokenStorage
    AccessTokenStorage

    // RevokeRefreshToken revokes a refresh token as specified in:
    // https://tools.ietf.org/html/rfc7009#section-2.1
    // If the particular
    // token is a refresh token and the authorization server supports the
    // revocation of access tokens, then the authorization server SHOULD
    // also invalidate all access tokens based on the same authorization
    // grant (see Implementation Note).
    RevokeRefreshToken(ctx context.Context, requestID string) error

    // RevokeRefreshTokenMaybeGracePeriod revokes a refresh token as specified in:
    // https://tools.ietf.org/html/rfc7009#section-2.1
    // If the particular
    // token is a refresh token and the authorization server supports the
    // revocation of access tokens, then the authorization server SHOULD
    // also invalidate all access tokens based on the same authorization
    // grant (see Implementation Note).
    //
    // If the Refresh Token grace period is greater than zero in configuration the token
    // will have its expiration time set as UTCNow + GracePeriod.
    RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, requestID string, signature string) error

    // RevokeAccessToken revokes an access token as specified in:
    // https://tools.ietf.org/html/rfc7009#section-2.1
    // If the token passed to the request
    // is an access token, the server MAY revoke the respective refresh
    // token as well.
    RevokeAccessToken(ctx context.Context, requestID string) error
}