oauth2provider

package

v2.25.0 Latest Latest Go to latest Published: Aug 5, 2025 License: AGPL-3.0 Imports: 32 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/coder/coder

Links

Open Source Insights

Documentation ¶

Index ¶

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func CreateApp ¶

func CreateApp(db database.Store, accessURL *url.URL, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc

CreateApp returns an http.HandlerFunc that handles POST /oauth2-provider/apps

func CreateAppSecret ¶

func CreateAppSecret(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc

CreateAppSecret returns an http.HandlerFunc that handles POST /oauth2-provider/apps/{app}/secrets

func CreateDynamicClientRegistration ¶

func CreateDynamicClientRegistration(db database.Store, accessURL *url.URL, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc

CreateDynamicClientRegistration returns an http.HandlerFunc that handles POST /oauth2/register

func DeleteApp ¶

func DeleteApp(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc

DeleteApp returns an http.HandlerFunc that handles DELETE /oauth2-provider/apps/{app}

func DeleteAppSecret ¶

func DeleteAppSecret(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc

DeleteAppSecret returns an http.HandlerFunc that handles DELETE /oauth2-provider/apps/{app}/secrets/{secretID}

func DeleteClientConfiguration ¶

func DeleteClientConfiguration(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc

DeleteClientConfiguration returns an http.HandlerFunc that handles DELETE /oauth2/clients/{client_id}

func GetApp ¶

func GetApp(accessURL *url.URL) http.HandlerFunc

GetApp returns an http.HandlerFunc that handles GET /oauth2-provider/apps/{app}

func GetAppSecrets ¶

func GetAppSecrets(db database.Store) http.HandlerFunc

GetAppSecrets returns an http.HandlerFunc that handles GET /oauth2-provider/apps/{app}/secrets

func GetAuthorizationServerMetadata ¶

func GetAuthorizationServerMetadata(accessURL *url.URL) http.HandlerFunc

GetAuthorizationServerMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-authorization-server

func GetClientConfiguration ¶

func GetClientConfiguration(db database.Store) http.HandlerFunc

GetClientConfiguration returns an http.HandlerFunc that handles GET /oauth2/clients/{client_id}

func GetProtectedResourceMetadata ¶

func GetProtectedResourceMetadata(accessURL *url.URL) http.HandlerFunc

GetProtectedResourceMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-protected-resource

func ListApps ¶

func ListApps(db database.Store, accessURL *url.URL) http.HandlerFunc

ListApps returns an http.HandlerFunc that handles GET /oauth2-provider/apps

func ProcessAuthorize ¶

func ProcessAuthorize(db database.Store) http.HandlerFunc

ProcessAuthorize handles POST /oauth2/authorize requests to process the user's authorization decision and generate an authorization code.

func RequireRegistrationAccessToken ¶

func RequireRegistrationAccessToken(db database.Store) func(http.Handler) http.Handler

RequireRegistrationAccessToken returns middleware that validates the registration access token for RFC 7592 endpoints

func RevokeApp ¶

func RevokeApp(db database.Store) http.HandlerFunc

func ShowAuthorizePage ¶

func ShowAuthorizePage(accessURL *url.URL) http.HandlerFunc

ShowAuthorizePage handles GET /oauth2/authorize requests to display the HTML authorization page.

func Tokens ¶

func Tokens(db database.Store, lifetimes codersdk.SessionLifetime) http.HandlerFunc

Tokens TODO: the sessions lifetime config passed is for coder api tokens. Should there be a separate config for oauth2 tokens? They are related, but they are not the same.

func UpdateApp ¶

func UpdateApp(db database.Store, accessURL *url.URL, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc

UpdateApp returns an http.HandlerFunc that handles PUT /oauth2-provider/apps/{app}

func UpdateClientConfiguration ¶

func UpdateClientConfiguration(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc

UpdateClientConfiguration returns an http.HandlerFunc that handles PUT /oauth2/clients/{client_id}

func VerifyPKCE ¶

func VerifyPKCE(challenge, verifier string) bool

VerifyPKCE verifies that the code_verifier matches the code_challenge using the S256 method as specified in RFC 7636.

Types ¶

type AppSecret ¶

type AppSecret struct {
	// Formatted contains the secret. This value is owned by the client, not the
	// server.  It is formatted to include the prefix.
	Formatted string
	// Prefix is the ID of this secret owned by the server. When a client uses a
	// secret, this is the matching string to do a lookup on the hashed value.  We
	// cannot use the hashed value directly because the server does not store the
	// salt.
	Prefix string
	// Hashed is the server stored hash(secret,salt,...). Used for verifying a
	// secret.
	Hashed string
}

func GenerateSecret ¶

func GenerateSecret() (AppSecret, error)

GenerateSecret generates a secret to be used as a client secret, refresh token, or authorization code.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
oauth2providertest Package oauth2providertest provides comprehensive testing utilities for OAuth2 identity provider functionality.	Package oauth2providertest provides comprehensive testing utilities for OAuth2 identity provider functionality.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL