Documentation
¶
Index ¶
- func CreateApp(db database.Store, accessURL *url.URL, auditor *audit.Auditor, ...) http.HandlerFunc
- func CreateAppSecret(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func CreateDynamicClientRegistration(db database.Store, accessURL *url.URL, auditor *audit.Auditor, ...) http.HandlerFunc
- func DeleteApp(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func DeleteAppSecret(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func DeleteClientConfiguration(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func GetApp(accessURL *url.URL) http.HandlerFunc
- func GetAppSecrets(db database.Store) http.HandlerFunc
- func GetAuthorizationServerMetadata(accessURL *url.URL) http.HandlerFunc
- func GetClientConfiguration(db database.Store) http.HandlerFunc
- func GetProtectedResourceMetadata(accessURL *url.URL) http.HandlerFunc
- func ListApps(db database.Store, accessURL *url.URL) http.HandlerFunc
- func ProcessAuthorize(db database.Store) http.HandlerFunc
- func RequireRegistrationAccessToken(db database.Store) func(http.Handler) http.Handler
- func RevokeApp(db database.Store) http.HandlerFunc
- func ShowAuthorizePage(accessURL *url.URL) http.HandlerFunc
- func Tokens(db database.Store, lifetimes codersdk.SessionLifetime) http.HandlerFunc
- func UpdateApp(db database.Store, accessURL *url.URL, auditor *audit.Auditor, ...) http.HandlerFunc
- func UpdateClientConfiguration(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
- func VerifyPKCE(challenge, verifier string) bool
- type AppSecret
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateApp ¶
func CreateApp(db database.Store, accessURL *url.URL, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
CreateApp returns an http.HandlerFunc that handles POST /oauth2-provider/apps
func CreateAppSecret ¶
func CreateAppSecret(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
CreateAppSecret returns an http.HandlerFunc that handles POST /oauth2-provider/apps/{app}/secrets
func CreateDynamicClientRegistration ¶
func CreateDynamicClientRegistration(db database.Store, accessURL *url.URL, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
CreateDynamicClientRegistration returns an http.HandlerFunc that handles POST /oauth2/register
func DeleteApp ¶
DeleteApp returns an http.HandlerFunc that handles DELETE /oauth2-provider/apps/{app}
func DeleteAppSecret ¶
func DeleteAppSecret(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
DeleteAppSecret returns an http.HandlerFunc that handles DELETE /oauth2-provider/apps/{app}/secrets/{secretID}
func DeleteClientConfiguration ¶
func DeleteClientConfiguration(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
DeleteClientConfiguration returns an http.HandlerFunc that handles DELETE /oauth2/clients/{client_id}
func GetApp ¶
func GetApp(accessURL *url.URL) http.HandlerFunc
GetApp returns an http.HandlerFunc that handles GET /oauth2-provider/apps/{app}
func GetAppSecrets ¶
func GetAppSecrets(db database.Store) http.HandlerFunc
GetAppSecrets returns an http.HandlerFunc that handles GET /oauth2-provider/apps/{app}/secrets
func GetAuthorizationServerMetadata ¶
func GetAuthorizationServerMetadata(accessURL *url.URL) http.HandlerFunc
GetAuthorizationServerMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-authorization-server
func GetClientConfiguration ¶
func GetClientConfiguration(db database.Store) http.HandlerFunc
GetClientConfiguration returns an http.HandlerFunc that handles GET /oauth2/clients/{client_id}
func GetProtectedResourceMetadata ¶
func GetProtectedResourceMetadata(accessURL *url.URL) http.HandlerFunc
GetProtectedResourceMetadata returns an http.HandlerFunc that handles GET /.well-known/oauth-protected-resource
func ProcessAuthorize ¶
func ProcessAuthorize(db database.Store) http.HandlerFunc
ProcessAuthorize handles POST /oauth2/authorize requests to process the user's authorization decision and generate an authorization code.
func RequireRegistrationAccessToken ¶
RequireRegistrationAccessToken returns middleware that validates the registration access token for RFC 7592 endpoints
func ShowAuthorizePage ¶
func ShowAuthorizePage(accessURL *url.URL) http.HandlerFunc
ShowAuthorizePage handles GET /oauth2/authorize requests to display the HTML authorization page.
func Tokens ¶
func Tokens(db database.Store, lifetimes codersdk.SessionLifetime) http.HandlerFunc
Tokens TODO: the sessions lifetime config passed is for coder api tokens. Should there be a separate config for oauth2 tokens? They are related, but they are not the same.
func UpdateApp ¶
func UpdateApp(db database.Store, accessURL *url.URL, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
UpdateApp returns an http.HandlerFunc that handles PUT /oauth2-provider/apps/{app}
func UpdateClientConfiguration ¶
func UpdateClientConfiguration(db database.Store, auditor *audit.Auditor, logger slog.Logger) http.HandlerFunc
UpdateClientConfiguration returns an http.HandlerFunc that handles PUT /oauth2/clients/{client_id}
func VerifyPKCE ¶
VerifyPKCE verifies that the code_verifier matches the code_challenge using the S256 method as specified in RFC 7636.
Types ¶
type AppSecret ¶
type AppSecret struct { // Formatted contains the secret. This value is owned by the client, not the // server. It is formatted to include the prefix. Formatted string // Prefix is the ID of this secret owned by the server. When a client uses a // secret, this is the matching string to do a lookup on the hashed value. We // cannot use the hashed value directly because the server does not store the // salt. Prefix string // Hashed is the server stored hash(secret,salt,...). Used for verifying a // secret. Hashed string }
func GenerateSecret ¶
GenerateSecret generates a secret to be used as a client secret, refresh token, or authorization code.
Source Files
¶
Directories
¶
Path | Synopsis |
---|---|
Package oauth2providertest provides comprehensive testing utilities for OAuth2 identity provider functionality.
|
Package oauth2providertest provides comprehensive testing utilities for OAuth2 identity provider functionality. |