1 /* 2 * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io> 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 * 16 * @author Aeneas Rekkas <aeneas+oss@aeneas.io> 17 * @copyright 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io> 18 * @license Apache-2.0 19 * 20 */ 21 22 package fosite 23 24 import ( 25 "context" 26 ) 27 28 type AuthorizeEndpointHandler interface { 29 // HandleAuthorizeRequest handles an authorize endpoint request. To extend the handler's capabilities, the http request 30 // is passed along, if further information retrieval is required. If the handler feels that he is not responsible for 31 // the authorize request, he must return nil and NOT modify session nor responder neither requester. 32 // 33 // The following spec is a good example of what HandleAuthorizeRequest should do. 34 // * https://tools.ietf.org/html/rfc6749#section-3.1.1 35 // response_type REQUIRED. 36 // The value MUST be one of "code" for requesting an 37 // authorization code as described by Section 4.1.1, "token" for 38 // requesting an access token (implicit grant) as described by 39 // Section 4.2.1, or a registered extension value as described by Section 8.4. 40 HandleAuthorizeEndpointRequest(ctx context.Context, requester AuthorizeRequester, responder AuthorizeResponder) error 41 } 42 43 type TokenEndpointHandler interface { 44 // PopulateTokenEndpointResponse is responsible for setting return values and should only be executed if 45 // the handler's HandleTokenEndpointRequest did not return ErrUnknownRequest. 46 PopulateTokenEndpointResponse(ctx context.Context, requester AccessRequester, responder AccessResponder) error 47 48 // HandleTokenEndpointRequest handles an authorize request. If the handler is not responsible for handling 49 // the request, this method should return ErrUnknownRequest and otherwise handle the request. 50 HandleTokenEndpointRequest(ctx context.Context, requester AccessRequester) error 51 52 // CanSkipClientAuth indicates if client authentication can be skipped. By default it MUST be false, unless you are 53 // implementing extension grant type, which allows unauthenticated client. CanSkipClientAuth must be called 54 // before HandleTokenEndpointRequest to decide, if AccessRequester will contain authenticated client. 55 CanSkipClientAuth(requester AccessRequester) bool 56 57 // CanHandleRequest indicates, if TokenEndpointHandler can handle this request or not. If true, 58 // HandleTokenEndpointRequest can be called. 59 CanHandleTokenEndpointRequest(requester AccessRequester) bool 60 } 61 62 // RevocationHandler is the interface that allows token revocation for an OAuth2.0 provider. 63 // https://tools.ietf.org/html/rfc7009 64 // 65 // RevokeToken is invoked after a new token revocation request is parsed. 66 // 67 // https://tools.ietf.org/html/rfc7009#section-2.1 68 // If the particular 69 // token is a refresh token and the authorization server supports the 70 // revocation of access tokens, then the authorization server SHOULD 71 // also invalidate all access tokens based on the same authorization 72 // grant (see Implementation Note). If the token passed to the request 73 // is an access token, the server MAY revoke the respective refresh 74 // token as well. 75 type RevocationHandler interface { 76 // RevokeToken handles access and refresh token revocation. 77 RevokeToken(ctx context.Context, token string, tokenType TokenType, client Client) error 78 } 79