Skip to content

event-modeling/goauth2

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

23 Commits
.idea/runConfigurations
.idea/runConfigurations
 
 
build
build
 
 
cmd/goauth2
cmd/goauth2
 
 
gen/eventgenerator
gen/eventgenerator
 
 
goauth2test
goauth2test
 
 
pkg
pkg
 
 
projection
projection
 
 
provider/uuidtoken
provider/uuidtoken
 
 
web
web
 
 
.gitignore
.gitignore
 
 
.travis.yml
.travis.yml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
authorization_code.go
authorization_code.go
 
 
authorization_code_commands.go
authorization_code_commands.go
 
 
authorization_code_events.go
authorization_code_events.go
 
 
client_application.go
client_application.go
 
 
client_application_command_authorization.go
client_application_command_authorization.go
 
 
client_application_commands.go
client_application_commands.go
 
 
client_application_events.go
client_application_events.go
 
 
commands.go
commands.go
 
 
events.go
events.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
goauth2.go
goauth2.go
 
 
goauth2_test.go
goauth2_test.go
 
 
helper_test.go
helper_test.go
 
 
passwords.go
passwords.go
 
 
passwords_test.go
passwords_test.go
 
 
refresh_token.go
refresh_token.go
 
 
refresh_token_commands.go
refresh_token_commands.go
 
 
refresh_token_events.go
refresh_token_events.go
 
 
refresh_token_process_manager.go
refresh_token_process_manager.go
 
 
resource_owner.go
resource_owner.go
 
 
resource_owner_command_authorization.go
resource_owner_command_authorization.go
 
 
resource_owner_commands.go
resource_owner_commands.go
 
 
resource_owner_events.go
resource_owner_events.go
 
 
token_generator.go
token_generator.go
 
 

Repository files navigation

Go OAuth2 Server

Build Status Go Report Card Test Coverage Maintainability GoDoc Go Version Release License

An OAuth2 server in Go. This project uses an embedded RangeDB event store.

Docker

docker run -p 8080:8080 inklabs/goauth2

Client Credentials Grant

http://tools.ietf.org/html/rfc6749#section-4.4

+---------+                                  +---------------+
|         |                                  |               |
|         |>--(A)- Client Authentication --->| Authorization |
| Client  |                                  |     Server    |
|         |<--(B)---- Access Token ---------<|               |
|         |                                  |               |
+---------+                                  +---------------+

curl localhost:8080/token \
    -u client_id_hash:client_secret_hash \
    -d "grant_type=client_credentials" \
    -d "scope=read_write"
{
  "access_token": "d5f4985587ea46028c0946e4a240a9c1",
  "expires_at": 1574371565,
  "token_type": "Bearer",
  "scope": "read_write"
}

Resource Owner Password Credentials

http://tools.ietf.org/html/rfc6749#section-4.3

+----------+
| Resource |
|  Owner   |
|          |
+----------+
     v
     |    Resource Owner
     (A) Password Credentials
     |
     v
+---------+                                  +---------------+
|         |>--(B)---- Resource Owner ------->|               |
|         |         Password Credentials     | Authorization |
| Client  |                                  |     Server    |
|         |<--(C)---- Access Token ---------<|               |
|         |    (w/ Optional Refresh Token)   |               |
+---------+                                  +---------------+

curl localhost:8080/token \
    -u client_id_hash:client_secret_hash \
    -d "grant_type=password" \
    -d "username=john@example.com" \
    -d "password=p45w0rd" \
    -d "scope=read_write"
{
  "access_token": "a3c5300be4d24e65a68176c7ba521c50",
  "expires_at": 1574371565,
  "token_type": "Bearer",
  "scope": "read_write",
  "refresh_token": "3a801b1fc3d847599b3d5719d82bca7b"
}

Refresh Token

https://tools.ietf.org/html/rfc6749#section-1.5 http://tools.ietf.org/html/rfc6749#section-6

+--------+                                           +---------------+
|        |--(A)------- Authorization Grant --------->|               |
|        |                                           |               |
|        |<-(B)----------- Access Token -------------|               |
|        |               & Refresh Token             |               |
|        |                                           |               |
|        |                            +----------+   |               |
|        |--(C)---- Access Token ---->|          |   |               |
|        |                            |          |   |               |
|        |<-(D)- Protected Resource --| Resource |   | Authorization |
| Client |                            |  Server  |   |     Server    |
|        |--(E)---- Access Token ---->|          |   |               |
|        |                            |          |   |               |
|        |<-(F)- Invalid Token Error -|          |   |               |
|        |                            +----------+   |               |
|        |                                           |               |
|        |--(G)----------- Refresh Token ----------->|               |
|        |                                           |               |
|        |<-(H)----------- Access Token -------------|               |
+--------+           & Optional Refresh Token        +---------------+

curl localhost:8080/token \
    -u client_id_hash:client_secret_hash \
    -d "grant_type=refresh_token" \
    -d "refresh_token=3a801b1fc3d847599b3d5719d82bca7b"
{
  "access_token": "97ed11d0d399454eb5ab2cab8b29f600",
  "expires_at": 1574371565,
  "token_type": "Bearer",
  "scope": "read_write",
  "refresh_token": "b4c69a71124641739f6a83b786b332d3"
}

About

GOAuth2 - An OAuth2 Server in Go

Resources

Readme

License

BSD-3-Clause license
Activity
Custom properties

Stars

0 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 98.6%
  • Other 1.4%