forked from fabric8-services/fabric8-wit
-
Notifications
You must be signed in to change notification settings - Fork 0
/
auth.go
151 lines (136 loc) · 5 KB
/
auth.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
package design
import (
d "github.com/goadesign/goa/design"
a "github.com/goadesign/goa/design/apidsl"
)
var _ = a.Resource("login", func() {
a.BasePath("/login")
a.Action("authorize", func() {
a.Routing(
a.GET("authorize"),
)
a.Params(func() {
a.Param("link", d.Boolean, "If true then link all available Identity Providers to the user account after successful login")
a.Param("redirect", d.String, "URL to be redirected to after successful login. If not set then will redirect to the referrer instead.")
a.Param("scope", d.String, func() {
a.Enum("offline_access")
a.Description("If scope=offline_access then an offline token will be issued instead of a regular refresh token")
})
})
a.Description("Authorize with the WIT")
a.Response(d.Unauthorized, JSONAPIErrors)
a.Response(d.TemporaryRedirect)
a.Response(d.InternalServerError, JSONAPIErrors)
a.Response(d.BadRequest, JSONAPIErrors)
})
a.Action("generate", func() {
a.Routing(
a.GET("generate"),
)
a.Description("Generate a set of Tokens for different Auth levels. NOT FOR PRODUCTION. Only available if server is running in dev mode")
a.Response(d.OK, func() {
a.Media(a.CollectionOf(AuthToken))
})
a.Response(d.Unauthorized, JSONAPIErrors)
a.Response(d.InternalServerError, JSONAPIErrors)
})
a.Action("refresh", func() {
a.Routing(
a.POST("refresh"),
)
a.Payload(refreshToken)
a.Description("Refresh access token")
a.Response(d.OK, func() {
a.Media(AuthToken)
})
a.Response(d.Unauthorized, JSONAPIErrors)
a.Response(d.BadRequest, JSONAPIErrors)
a.Response(d.InternalServerError, JSONAPIErrors)
})
a.Action("link", func() {
a.Security("jwt")
a.Routing(
a.GET("/link"),
)
a.Params(func() {
a.Param("provider", d.String, "Identity Provider name to link to the user's account. If not set then link all available providers.")
a.Param("redirect", d.String, "URL to be redirected to after successful account linking. If not set then will redirect to the referrer instead.")
})
a.Description("Link an Identity Provider account to the user account")
a.Response(d.TemporaryRedirect)
a.Response(d.Unauthorized, JSONAPIErrors)
a.Response(d.BadRequest, JSONAPIErrors)
a.Response(d.InternalServerError, JSONAPIErrors)
})
a.Action("linksession", func() {
a.Routing(
a.GET("/linksession"),
)
a.Params(func() {
a.Param("provider", d.String, "Identity Provider name to link to the user's account. If not set then link all available providers.")
a.Param("redirect", d.String, "URL to be redirected to after successful account linking. If not set then will redirect to the referrer instead.")
a.Param("sessionState", d.String, "Session state")
})
a.Description("Link an Identity Provider account to the user account represented by user's session. This endpoint is to be used for auto linking during login.")
a.Response(d.TemporaryRedirect)
a.Response(d.Unauthorized, JSONAPIErrors)
a.Response(d.BadRequest, JSONAPIErrors)
a.Response(d.InternalServerError, JSONAPIErrors)
})
a.Action("linkcallback", func() {
a.Routing(
a.GET("/linkcallback"),
)
a.Params(func() {
a.Param("state", d.String, "State generated by the link request")
a.Param("next", d.String, "Next provider to be linked. If not set then linking is complete.")
a.Param("sessionState", d.String, "Session state")
})
a.Description("Callback from Keyckloak when Identity Provider account successfully linked to the user account")
a.Response(d.TemporaryRedirect)
a.Response(d.Unauthorized, JSONAPIErrors)
a.Response(d.BadRequest, JSONAPIErrors)
a.Response(d.InternalServerError, JSONAPIErrors)
})
})
var _ = a.Resource("logout", func() {
a.BasePath("/logout")
a.Action("logout", func() {
a.Routing(
a.GET(""),
)
a.Params(func() {
a.Param("redirect", d.String, "URL to be redirected to after successful logout. If not set then will redirect to the referrer instead.")
})
a.Description("Logout user")
a.Response(d.BadRequest, JSONAPIErrors)
a.Response(d.TemporaryRedirect)
a.Response(d.InternalServerError, JSONAPIErrors)
})
})
var refreshToken = a.Type("RefreshToken", func() {
a.Attribute("refresh_token", d.String, "Refresh token")
})
// AuthToken represents an authentication JWT Token
var AuthToken = a.MediaType("application/vnd.authtoken+json", func() {
a.TypeName("AuthToken")
a.Description("JWT Token")
a.Attributes(func() {
a.Attribute("token", tokenData)
a.Required("token")
})
a.View("default", func() {
a.Attribute("token")
})
})
var tokenData = a.Type("TokenData", func() {
a.Attribute("access_token", d.String, "Access token")
a.Attribute("expires_in", d.Any, "Access token expires in seconds")
a.Attribute("refresh_expires_in", d.Any, "Refresh token expires in seconds")
a.Attribute("refresh_token", d.String, "Refresh token")
a.Attribute("token_type", d.String, "Token type")
a.Attribute("not-before-policy", d.Any, "Token is not valid if issued before this date")
a.Required("expires_in")
a.Required("refresh_expires_in")
a.Required("not-before-policy")
})