...

Package oauth2

import "github.com/palantir/go-baseapp/baseapp/auth/oauth2"
Overview
Index

Overview ▾

Package oauth2 implements an http.Handler that performs the 3-leg OAuth2 authentication flow.

Variables

var (
    DefaultSessionName = "oauth2"
)
var (
    ErrInvalidState = errors.New("oauth2: invalid state value")
)

func DefaultErrorCallback 

func DefaultErrorCallback(w http.ResponseWriter, r *http.Request, err error)

func DefaultLoginCallback 

func DefaultLoginCallback(w http.ResponseWriter, r *http.Request, login *Login)

func NewHandler 

func NewHandler(c *oauth2.Config, params ...Param) http.Handler

NewHandler returns an http.Hander that implements the 3-leg OAuth2 flow on a single endpoint. It accepts callbacks for both error and success conditions so that clients can take action after the auth flow is complete.

type ErrorCallback 

type ErrorCallback func(w http.ResponseWriter, r *http.Request, err error)

type Login

Login contains information about the result of a successful auth flow. 

type Login struct {
    Token  *oauth2.Token
    Client *http.Client
}

type LoginCallback 

type LoginCallback func(w http.ResponseWriter, r *http.Request, login *Login)

type LoginError

LoginError is an error returned as a parameter by the OAuth provider. 

type LoginError string

func (LoginError) Error 

func (err LoginError) Error() string

type Param 

type Param func(*handler)

func ForceTLS 

func ForceTLS(forceTLS bool) Param

ForceTLS determines if generated URLs always use HTTPS. By default, the protocol of the request is used.

func OnError 

func OnError(c ErrorCallback) Param

OnError sets the error callback.

func OnLogin 

func OnLogin(c LoginCallback) Param

OnLogin sets the login callback.

func WithStore 

func WithStore(ss StateStore) Param

WithStore sets the StateStore used to create and verify OAuth2 states. The default state store uses a static value, is insecure, and is not suitable for production use.

type SessionStateStore 

type SessionStateStore struct {
    Sessions sessions.Store
}

func (*SessionStateStore) GenerateState 

func (s *SessionStateStore) GenerateState(w http.ResponseWriter, r *http.Request) (string, error)

func (*SessionStateStore) VerifyState 

func (s *SessionStateStore) VerifyState(r *http.Request, expected string) (bool, error)

type StateStore

StateStore generates and verifies the state parameter for OAuth2 flows. 

type StateStore interface {
    // GenerateState creates a new state value, storing it in a way that can be
    // retrieved by VerifyState at a later point.
    GenerateState(w http.ResponseWriter, r *http.Request) (string, error)

    // VerifyState checks that the state associated with the request matches
    // the given state. To avoid timing attacks, implementations should use
    // constant-time comparisons if possible.
    VerifyState(r *http.Request, state string) (bool, error)
}