Documentation
¶
Index ¶
- Variables
- type AuthorizeRequest
- type JWK
- type JWKSet
- type Service
- func (s *Service) CreateAuthorizationCode(ctx context.Context, userID uuid.UUID, req AuthorizeRequest) (string, error)
- func (s *Service) CreateSession(ctx context.Context, userID uuid.UUID) (*data.Session, error)
- func (s *Service) ExchangeCode(ctx context.Context, req TokenRequest) (string, error)
- func (s *Service) ForgotPassword(ctx context.Context, userEmail string) error
- func (s *Service) GetJWKS() JWKSet
- func (s *Service) Login(ctx context.Context, email, password string) (*data.User, error)
- func (s *Service) Logout(ctx context.Context, sessionID string) error
- func (s *Service) Register(ctx context.Context, email, password string) (*data.User, error)
- func (s *Service) ResetPassword(ctx context.Context, plainToken, newPassword string) error
- func (s *Service) ValidateSession(ctx context.Context, sessionID string) (*data.User, error)
- type TokenRequest
Constants ¶
This section is empty.
Variables ¶
View Source
var ( ErrInvalidSession = errors.New("err.auth.invalid_session") ErrUserAgentMismatch = errors.New("err.auth.user_agent_mismatch") ErrInvalidCredentials = errors.New("err.auth.invalid_credentials") ErrInvalidGrant = errors.New("err.auth.invalid_grant") ErrInvalidCodeVerifier = errors.New("err.auth.invalid_code_verifier") ErrRedirectMismatch = errors.New("err.auth.redirect_uri_mismatch") ErrInvalidEmail = errors.New("err.auth.invalid_email") ErrWeakPassword = errors.New("err.auth.weak_password") ErrEmailTaken = errors.New("err.auth.email_taken") ErrInvalidResetToken = errors.New("err.auth.invalid_reset_token") ErrUnsupportedResponseType = errors.New("err.oauth.unsupported_response_type") ErrUnsupportedChallengeMethod = errors.New("err.oauth.unsupported_challenge_method") ErrMissingCodeChallenge = errors.New("err.oauth.missing_code_challenge") ErrUnsupportedGrantType = errors.New("err.oauth.unsupported_grant_type") )
Functions ¶
This section is empty.
Types ¶
type AuthorizeRequest ¶
type AuthorizeRequest struct {
RedirectURI string // Callback URL to send the code to; must be in the allowlist
ResponseType string // Must be "code"
State string // Opaque value the client uses to maintain request/callback state
CodeChallenge string // base64url(SHA256(code_verifier)); used to bind the code to the token request
CodeChallengeMethod string // Hash method used; only "S256" is accepted
}
AuthorizeRequest holds the parameters from an OAuth2 authorization request.
type JWK ¶
type JWK struct {
Kty string `json:"kty"` // Key type; always "EC"
Crv string `json:"crv"` // Curve; always "P-256"
X string `json:"x"` // Base64url-encoded X coordinate of the public key point
Y string `json:"y"` // Base64url-encoded Y coordinate of the public key point
Kid string `json:"kid"` // Key ID; stable identifier derived from the public key
Use string `json:"use"` // Intended use; always "sig"
Alg string `json:"alg"` // Algorithm; always "ES256"
}
JWK represents a single JSON Web Key (ECDSA P-256 public key).
type JWKSet ¶
type JWKSet struct {
Keys []JWK `json:"keys"`
}
JWKSet is the JSON Web Key Set returned by the JWKS endpoint.
type Service ¶
type Service struct {
// contains filtered or unexported fields
}
func NewService ¶
func (*Service) CreateAuthorizationCode ¶
func (*Service) CreateSession ¶
func (*Service) ExchangeCode ¶
func (*Service) ForgotPassword ¶
func (*Service) ResetPassword ¶
type TokenRequest ¶
type TokenRequest struct {
GrantType string // Must be "authorization_code"
Code string // Authorization code received from the authorize endpoint
RedirectURI string // Must exactly match the redirect_uri used when the code was issued
CodeVerifier string // Plain random string whose SHA256 hash was sent as the code_challenge
}
TokenRequest holds the parameters from an OAuth2 token exchange request.
Source Files
Click to show internal directories.
Click to hide internal directories.