...

Source file src/github.com/ory/fosite/compose/compose_oauth2.go

Documentation: github.com/ory/fosite/compose 

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package compose
    23  
    24  import (
    25  	"github.com/ory/fosite/handler/oauth2"
    26  	"github.com/ory/fosite/token/jwt"
    27  )
    28  
    29  // OAuth2AuthorizeExplicitFactory creates an OAuth2 authorize code grant ("authorize explicit flow") handler and registers
    30  // an access token, refresh token and authorize code validator.
    31  func OAuth2AuthorizeExplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    32  	return &oauth2.AuthorizeExplicitGrantHandler{
    33  		AccessTokenStrategy:      strategy.(oauth2.AccessTokenStrategy),
    34  		RefreshTokenStrategy:     strategy.(oauth2.RefreshTokenStrategy),
    35  		AuthorizeCodeStrategy:    strategy.(oauth2.AuthorizeCodeStrategy),
    36  		CoreStorage:              storage.(oauth2.CoreStorage),
    37  		AuthCodeLifespan:         config.GetAuthorizeCodeLifespan(),
    38  		RefreshTokenLifespan:     config.GetRefreshTokenLifespan(),
    39  		AccessTokenLifespan:      config.GetAccessTokenLifespan(),
    40  		ScopeStrategy:            config.GetScopeStrategy(),
    41  		AudienceMatchingStrategy: config.GetAudienceStrategy(),
    42  		TokenRevocationStorage:   storage.(oauth2.TokenRevocationStorage),
    43  		IsRedirectURISecure:      config.GetRedirectSecureChecker(),
    44  		RefreshTokenScopes:       config.GetRefreshTokenScopes(),
    45  	}
    46  }
    47  
    48  // OAuth2ClientCredentialsGrantFactory creates an OAuth2 client credentials grant handler and registers
    49  // an access token, refresh token and authorize code validator.
    50  func OAuth2ClientCredentialsGrantFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    51  	return &oauth2.ClientCredentialsGrantHandler{
    52  		HandleHelper: &oauth2.HandleHelper{
    53  			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
    54  			AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
    55  			AccessTokenLifespan: config.GetAccessTokenLifespan(),
    56  		},
    57  		ScopeStrategy:            config.GetScopeStrategy(),
    58  		AudienceMatchingStrategy: config.GetAudienceStrategy(),
    59  	}
    60  }
    61  
    62  // OAuth2RefreshTokenGrantFactory creates an OAuth2 refresh grant handler and registers
    63  // an access token, refresh token and authorize code validator.
    64  func OAuth2RefreshTokenGrantFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    65  	return &oauth2.RefreshTokenGrantHandler{
    66  		AccessTokenStrategy:      strategy.(oauth2.AccessTokenStrategy),
    67  		RefreshTokenStrategy:     strategy.(oauth2.RefreshTokenStrategy),
    68  		TokenRevocationStorage:   storage.(oauth2.TokenRevocationStorage),
    69  		AccessTokenLifespan:      config.GetAccessTokenLifespan(),
    70  		RefreshTokenLifespan:     config.GetRefreshTokenLifespan(),
    71  		ScopeStrategy:            config.GetScopeStrategy(),
    72  		AudienceMatchingStrategy: config.GetAudienceStrategy(),
    73  		RefreshTokenScopes:       config.GetRefreshTokenScopes(),
    74  	}
    75  }
    76  
    77  // OAuth2AuthorizeImplicitFactory creates an OAuth2 implicit grant ("authorize implicit flow") handler and registers
    78  // an access token, refresh token and authorize code validator.
    79  func OAuth2AuthorizeImplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    80  	return &oauth2.AuthorizeImplicitGrantTypeHandler{
    81  		AccessTokenStrategy:      strategy.(oauth2.AccessTokenStrategy),
    82  		AccessTokenStorage:       storage.(oauth2.AccessTokenStorage),
    83  		AccessTokenLifespan:      config.GetAccessTokenLifespan(),
    84  		ScopeStrategy:            config.GetScopeStrategy(),
    85  		AudienceMatchingStrategy: config.GetAudienceStrategy(),
    86  	}
    87  }
    88  
    89  // OAuth2ResourceOwnerPasswordCredentialsFactory creates an OAuth2 resource owner password credentials grant handler and registers
    90  // an access token, refresh token and authorize code validator.
    91  //
    92  // Deprecated: This factory is deprecated as a means to communicate that the ROPC grant type is widely discouraged and
    93  // is at the time of this writing going to be omitted in the OAuth 2.1 spec. For more information on why this grant type
    94  // is discouraged see: https://www.scottbrady91.com/oauth/why-the-resource-owner-password-credentials-grant-type-is-not-authentication-nor-suitable-for-modern-applications
    95  func OAuth2ResourceOwnerPasswordCredentialsFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    96  	return &oauth2.ResourceOwnerPasswordCredentialsGrantHandler{
    97  		ResourceOwnerPasswordCredentialsGrantStorage: storage.(oauth2.ResourceOwnerPasswordCredentialsGrantStorage),
    98  		HandleHelper: &oauth2.HandleHelper{
    99  			AccessTokenStrategy:  strategy.(oauth2.AccessTokenStrategy),
   100  			AccessTokenStorage:   storage.(oauth2.AccessTokenStorage),
   101  			AccessTokenLifespan:  config.GetAccessTokenLifespan(),
   102  			RefreshTokenLifespan: config.GetRefreshTokenLifespan(),
   103  		},
   104  		RefreshTokenStrategy:     strategy.(oauth2.RefreshTokenStrategy),
   105  		ScopeStrategy:            config.GetScopeStrategy(),
   106  		AudienceMatchingStrategy: config.GetAudienceStrategy(),
   107  		RefreshTokenScopes:       config.GetRefreshTokenScopes(),
   108  	}
   109  }
   110  
   111  // OAuth2TokenRevocationFactory creates an OAuth2 token revocation handler.
   112  func OAuth2TokenRevocationFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
   113  	return &oauth2.TokenRevocationHandler{
   114  		TokenRevocationStorage: storage.(oauth2.TokenRevocationStorage),
   115  		AccessTokenStrategy:    strategy.(oauth2.AccessTokenStrategy),
   116  		RefreshTokenStrategy:   strategy.(oauth2.RefreshTokenStrategy),
   117  	}
   118  }
   119  
   120  // OAuth2TokenIntrospectionFactory creates an OAuth2 token introspection handler and registers
   121  // an access token and refresh token validator.
   122  func OAuth2TokenIntrospectionFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
   123  	return &oauth2.CoreValidator{
   124  		CoreStrategy:                  strategy.(oauth2.CoreStrategy),
   125  		CoreStorage:                   storage.(oauth2.CoreStorage),
   126  		ScopeStrategy:                 config.GetScopeStrategy(),
   127  		DisableRefreshTokenValidation: config.DisableRefreshTokenValidation,
   128  	}
   129  }
   130  
   131  // OAuth2StatelessJWTIntrospectionFactory creates an OAuth2 token introspection handler and
   132  // registers an access token validator. This can only be used to validate JWTs and does so
   133  // statelessly, meaning it uses only the data available in the JWT itself, and does not access the
   134  // storage implementation at all.
   135  //
   136  // Due to the stateless nature of this factory, THE BUILT-IN REVOCATION MECHANISMS WILL NOT WORK.
   137  // If you need revocation, you can validate JWTs statefully, using the other factories.
   138  func OAuth2StatelessJWTIntrospectionFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
   139  	return &oauth2.StatelessJWTValidator{
   140  		JWTStrategy:   strategy.(jwt.JWTStrategy),
   141  		ScopeStrategy: config.GetScopeStrategy(),
   142  	}
   143  }
   144  

View as plain text