Improve API sanity #20
Conversation
aeneasr
added
feat
| @@ -0,0 +1,22 @@ | |||
| package core | |||
There was a problem hiding this comment.
the core package (basically all oauth2 things) now defines what the different strategies must implement. this is an upside because if we have a "supersecure" package, it could use it's own strategy signatures
|
This all seems good! But i think we'll need to expose (or at least discuss alternate solutions to) at least one callback the developers can "subscribe" to by passing in a function that is called right before the ACCESS token is generated. A little like Osin does, but not the whole genration, just a little part of it. Since there is no way for a developer right now to actually modify the claims (for example) that is to be returned to the callee. What i mean is that for example one resource owner grants acces to his data, the developer might just, right before that access token is returned, fetch the resource owner data from DB and inject parts of that data into the JWT claims. I really don't want to hardcode any behavior except lease times and expire times in the lib. What would be counterintuitive with regards of the actual power and core strength of Fosite. I think i'll add such callback to the JWT mechanism by adding it to the JWTEnigma struct since probably no other auth method (except open id connect) can return data in the token. |
|
I think this is already solved because we pass the user session object which is of type interface! func (h HMACSHAStrategy) GenerateAccessToken(ctx context.Context, r *http.Request, ar fosite.AccessRequester, session interface{})If the developer wants to use JWT, he needs to choose a session that implements for example some interface. In the JWT strategy you could do: func (h jwt.JWTStrategy) GenerateAccessToken(ctx context.Context, r *http.Request, ar fosite.AccessRequester, session interface{}) {
jwtSession, ok := session.(*jwt.Session)
if ; !ok {
return err
}
GenerateJWTToken(jwtSession.GetClaims())
}The developer then might do: // in token endpoint
// ... NewAuthorizeRequest
session := jwt.NewJWTSession()
session.SetSub("peter")
// ... NewAuthorizeResponse(..., session)
// ... WriteresponseWould that not be enough? |
|
Yes, that will do for sure! :) Totally didn't think of that use for the |
|
ok cool, i will implement this then :) thanks for your continued feedback, i honestly appreciate it! |
|
The method signatures are in gernal too long and complex. I will replace them with context variables instead |
|
gob interface magic: http://play.golang.org/p/iq7iZfhiHm |
aeneasr
force-pushed
the
enigma-refactor
branch
from
ea5d75e
to
d936c91
Compare
Improve API sanity
dep: upgrade protobuf and go-jose versions
This PR is aimed at resolving API inconsitencies and giving more power to signing methods