...

Package rfc7523

import "github.com/ory/fosite/handler/rfc7523"
Overview
Index

Overview ▾

type Handler 

type Handler struct {
    Storage                  RFC7523KeyStorage
    ScopeStrategy            fosite.ScopeStrategy
    AudienceMatchingStrategy fosite.AudienceMatchingStrategy

    // TokenURL is the the URL of the Authorization Server's Token Endpoint.
    TokenURL string
    // SkipClientAuth indicates, if client authentication can be skipped.
    SkipClientAuth bool
    // JWTIDOptional indicates, if jti (JWT ID) claim required or not.
    JWTIDOptional bool
    // JWTIssuedDateOptional indicates, if "iat" (issued at) claim required or not.
    JWTIssuedDateOptional bool
    // JWTMaxDuration sets the maximum time after token issued date (if present), during which the token is
    // considered valid. If "iat" claim is not present, then current time will be used as issued date.
    JWTMaxDuration time.Duration

    *oauth2.HandleHelper
}

func (*Handler) CanHandleTokenEndpointRequest 

func (c *Handler) CanHandleTokenEndpointRequest(requester fosite.AccessRequester) bool

func (*Handler) CanSkipClientAuth 

func (c *Handler) CanSkipClientAuth(requester fosite.AccessRequester) bool

func (*Handler) CheckRequest 

func (c *Handler) CheckRequest(request fosite.AccessRequester) error

func (*Handler) HandleTokenEndpointRequest 

func (c *Handler) HandleTokenEndpointRequest(ctx context.Context, request fosite.AccessRequester) error

HandleTokenEndpointRequest implements https://tools.ietf.org/html/rfc6749#section-4.1.3 (everything) and https://tools.ietf.org/html/rfc7523#section-2.1 (everything)

func (*Handler) PopulateTokenEndpointResponse 

func (c *Handler) PopulateTokenEndpointResponse(ctx context.Context, request fosite.AccessRequester, response fosite.AccessResponder) error

type RFC7523KeyStorage

RFC7523KeyStorage holds information needed to validate jwt assertion in authorization grants. 

type RFC7523KeyStorage interface {
    // GetPublicKey returns public key, issued by 'issuer', and assigned for subject. Public key is used to check
    // signature of jwt assertion in authorization grants.
    GetPublicKey(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error)

    // GetPublicKeys returns public key, set issued by 'issuer', and assigned for subject.
    GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)

    // GetPublicKeyScopes returns assigned scope for assertion, identified by public key, issued by 'issuer'.
    GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) ([]string, error)

    // IsJWTUsed returns true, if JWT is not known yet or it can not be considered valid, because it must be already
    // expired.
    IsJWTUsed(ctx context.Context, jti string) (bool, error)

    // MarkJWTUsedForTime marks JWT as used for a time passed in exp parameter. This helps ensure that JWTs are not
    // replayed by maintaining the set of used "jti" values for the length of time for which the JWT would be
    // considered valid based on the applicable "exp" instant. (https://tools.ietf.org/html/rfc7523#section-3)
    MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error
}

type Session

Session must be implemented by the session if RFC7523 is to be supported. 

type Session interface {
    // SetSubject sets the session's subject.
    SetSubject(subject string)
}