...

Package oauth2

import "github.com/palantir/go-githubapp/oauth2"
Overview
Index

Overview ▾

Package oauth2 implements an http.Handler that performs the 3-leg OAuth2 authentication flow. While it can be used with all OAuth2 providers, functions are provided specifically for GitHub integration.

Constants

const (
    DefaultRoute = "/api/github/auth"
)

Variables

var (
    DefaultSessionKey = "oauth2.state"
)
var (
    ErrInvalidState = errors.New("oauth2: invalid state value")
)

func DefaultErrorCallback 

func DefaultErrorCallback(w http.ResponseWriter, r *http.Request, err error)

func DefaultLoginCallback 

func DefaultLoginCallback(w http.ResponseWriter, r *http.Request, login *Login)

func GetConfig 

func GetConfig(c githubapp.Config, scopes []string) *oauth2.Config

func NewHandler 

func NewHandler(c *oauth2.Config, params ...Param) http.Handler

NewHandler returns an http.Hander that implements the 3-leg OAuth2 flow on a single endpoint. It accepts callbacks for both error and success conditions so that clients can take action after the auth flow is complete.

type ErrorCallback 

type ErrorCallback func(w http.ResponseWriter, r *http.Request, err error)

type Login

Login contains information about the result of a successful auth flow. 

type Login struct {
    Token  *oauth2.Token
    Client *http.Client
}

type LoginCallback 

type LoginCallback func(w http.ResponseWriter, r *http.Request, login *Login)

type LoginError

LoginError is an error returned as a parameter by the OAuth provider. 

type LoginError string

func (LoginError) Error 

func (err LoginError) Error() string

type Param 

type Param func(*handler)

func ForceTLS 

func ForceTLS(forceTLS bool) Param

ForceTLS determines if generated URLs always use HTTPS. By default, the protocol of the request is used.

func OnError 

func OnError(c ErrorCallback) Param

OnError sets the error callback.

func OnLogin 

func OnLogin(c LoginCallback) Param

OnLogin sets the login callback.

func WithRedirectURL 

func WithRedirectURL(uri string) Param

WithRedirectURL sets a static redirect URL. By default, the redirect URL is generated using the request path, the Host header, and the ForceTLS option.

func WithStore 

func WithStore(ss StateStore) Param

WithStore sets the StateStore used to create and verify OAuth2 states. The default state store uses a static value, is insecure, and is not suitable for production use.

type SessionStateStore 

type SessionStateStore struct {
    Sessions *scs.Manager
}

func (*SessionStateStore) GenerateState 

func (s *SessionStateStore) GenerateState(w http.ResponseWriter, r *http.Request) (string, error)

func (*SessionStateStore) VerifyState 

func (s *SessionStateStore) VerifyState(r *http.Request, expected string) (bool, error)

type StateStore

StateStore generates and verifies the state parameter for OAuth2 flows. 

type StateStore interface {
    // GenerateState creates a new state value, storing it in a way that can be
    // retrieved by VerifyState at a later point.
    GenerateState(w http.ResponseWriter, r *http.Request) (string, error)

    // VerifyState checks that the state associated with the request matches
    // the given state. To avoid timing attacks, implementations should use
    // constant-time comparisons if possible.
    VerifyState(r *http.Request, state string) (bool, error)
}