auth
auth/doc.go
Require full URLs for Endpoints. The spec says that we SHOULD require full URLs for redirection, but we _can_ offer the ability to set a URL as a "partial URL" if we really must. I see no particular reason to do this, so I've simplified the code by pulling that option out. This means that URLs (as long as they're normalized, which I've filed a bug in the codebase to do) can be checked using simple string comparison, which makes the likelihood of bugs across clientStorage implementations a lot lower.
| paddy@57 | 1 /* |
| paddy@57 | 2 Package auth provides an authentication service for managing user accounts and an OAuth2 provider. |
| paddy@57 | 3 |
| paddy@57 | 4 The service is an opinionated implementation of authentication using passphrases and the |
| paddy@57 | 5 code.secondbit.org/pass package to implement user credentials and accounts. Additionally, users |
| paddy@57 | 6 are permitted to login using their email address on record or their username interchangeably. |
| paddy@57 | 7 Care is also taken to be able to mitigate attacks that have already happened and plan ahead for |
| paddy@57 | 8 the worst case scenarios. |
| paddy@57 | 9 |
| paddy@57 | 10 An OAuth2 provider is also built-in and provided, complete with client registration and management, |
| paddy@57 | 11 as well as a specification-based set of handlers for managing the issuing of grants and tokens. Token |
| paddy@57 | 12 validiity may be asserted through an API, or a proxy service is provided for stripping auth-specific |
| paddy@57 | 13 information from requests and replacing it with a trusted header containing information about the user |
| paddy@57 | 14 and client that authorized the request. |
| paddy@57 | 15 */ |
| paddy@57 | 16 package auth |