Categorygithub.com/openshift/osin
modulepackage
1.0.1
Repository: https://github.com/openshift/osin.git
Documentation: pkg.go.dev
Versions
1
Dependencies
11
Dependents
33
Files
1.5k SLOC

# README

OSIN

GoDoc

Golang OAuth2 server library

OSIN is an OAuth2 server library for the Go language, as specified at http://tools.ietf.org/html/rfc6749 and http://tools.ietf.org/html/draft-ietf-oauth-v2-10.

It also includes support for PKCE, as specified at https://tools.ietf.org/html/rfc7636, which increases security for code-exchange flows for public OAuth clients.

Using it, you can build your own OAuth2 authentication service.

The library implements the majority of the specification, like authorization and token endpoints, and authorization code, implicit, resource owner and client credentials grant types.

Example Server

import (
	"github.com/RangelReale/osin"
	ex "github.com/RangelReale/osin/example" 
)

// ex.NewTestStorage implements the "osin.Storage" interface
server := osin.NewServer(osin.NewServerConfig(), ex.NewTestStorage())

// Authorization code endpoint
http.HandleFunc("/authorize", func(w http.ResponseWriter, r *http.Request) {
	resp := server.NewResponse()
	defer resp.Close()

	if ar := server.HandleAuthorizeRequest(resp, r); ar != nil {

		// HANDLE LOGIN PAGE HERE

		ar.Authorized = true
		server.FinishAuthorizeRequest(resp, r, ar)
	}
	osin.OutputJSON(resp, w, r)
})

// Access token endpoint
http.HandleFunc("/token", func(w http.ResponseWriter, r *http.Request) {
	resp := server.NewResponse()
	defer resp.Close()

	if ar := server.HandleAccessRequest(resp, r); ar != nil {
		ar.Authorized = true
		server.FinishAccessRequest(resp, r, ar)
	}
	osin.OutputJSON(resp, w, r)
})

http.ListenAndServe(":14000", nil)

Example Access

Open in your web browser:

http://localhost:14000/authorize?response_type=code&client_id=1234&redirect_uri=http%3A%2F%2Flocalhost%3A14000%2Fappauth%2Fcode

Storage backends

There is a mock available at example/teststorage.go which you can use as a guide for writing your own.

You might want to check out other implementations for common database management systems as well:

License

The code is licensed using "New BSD" license.

Author

Rangel Reale [email protected]

Changes

2014-06-25

  • BREAKING CHANGES:

    • Storage interface has 2 new methods, Clone and Close, to better support storages that need to clone / close in each connection (mgo)

    • Client was changed to be an interface instead of an struct. Because of that, the Storage interface also had to change, as interface is already a pointer.

    • HOW TO FIX YOUR CODE:

      • In your Storage, add a Clone function returning itself, and a do nothing Close.

      • In your Storage, replace all *osin.Client with osin.Client (remove the pointer reference)

      • If you used the osin.Client struct directly in your code, change it to osin.DefaultClient, which is a struct with the same fields that implements the interface.

      • Change all accesses using osin.Client to use the methods instead of the fields directly.

      • You MUST defer Response.Close in all your http handlers, otherwise some Storages may not clean correctly.

          resp := server.NewResponse()
  defer resp.Close()

# Packages

# Functions

Return authorization header data.
Return "Bearer" token from request.
CheckClientSecret determines whether the given secret matches a secret held by the client.
Returns the first uri from an uri list.
NewDefaultErrors initializes OAuth2 error codes and descriptions.
NewServer creates a new server instance.
NewServerConfig returns a new ServerConfig with default configuration.
OutputJSON encodes the Response to JSON and writes to the http.ResponseWriter.
Parse urls, resolving uri references to base url.
ValidateUri validates that redirectUri is contained in baseUri.
ValidateUriList validates that redirectUri is contained in baseUriList.

# Constants

# Variables

ErrNotFound is the error returned by Storage Get<...> and Load<...> functions in case no entity is found in the storage.

# Structs

AccessData represents an access grant (tokens, expiration, client, etc).
AccessRequest is a request for access tokens.
AccessTokenGenDefault is the default authorization token generator.
Authorization data.
Authorize request information.
AuthorizeTokenGenDefault is the default authorization token generator.
Parse basic authentication header.
Parse bearer authentication header.
DefaultClient stores all data in struct variables.
Default errors and messages.
InfoRequest is a request for information about some AccessData.
Server response.
Server is an OAuth2 implementation.
ServerConfig contains server configuration information.

# Interfaces

AccessTokenGen generates access tokens.
AuthorizeTokenGen is the token generator interface.
Client information.
ClientSecretMatcher is an optional interface clients can implement which allows them to be the one to determine if a secret matches.
Logger creates a formatted log event.
Storage interface.

# Type aliases

AccessRequestType is the type for OAuth param `grant_type`.
AllowedAccessType is a collection of allowed access request types.
AllowedAuthorizeType is a collection of allowed auth request types.
AuthorizeRequestType is the type for OAuth param `response_type`.
Data for response output.
Response type enum.
error returned when validation don't match.