auth

Paddy 2014-08-16 Parent:fc5df8e68c7b Child:9fe684b33b3d

16:13568ac73ac3 Go to Latest

auth/storage.go

Note the potential for CSRF attacks. Our auth provider probably shouldn't have security vulnerabilities. Add TODOs to ensure that logging in and authorizing a grant are not susceptible to CSRF attacks, or it becomes pretty easy for an attacker to gain access to user data or to gain access to a user account.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import "secondbit.org/uuid"
4
5 type ClientStore interface {
6 GetClient(id uuid.ID) (Client, error)
7 CreateClient(name, logo, redirectURI string, owner uuid.ID) (Client, error)
8 UpdateClient(client uuid.ID, name, logo, redirectURI *string) error
9 RemoveClient(id uuid.ID) error
10 ListClients(id uuid.ID, page, num int) ([]Client, error)
11 }
12
13 type TokenStore interface {
14 SaveAuthorization(AuthorizeData) error
15 GetAuthorization(code string) (AuthorizeData, error)
16 RemoveAuthorization(code string) error
17
18 SaveAccess(AccessData) error
19 GetAccess(token string) (AccessData, error)
20 RemoveAccess(token string) error
21
22 GetRefresh(token string) (AccessData, error)
23 RemoveRefresh(token string) error
24 }
25
26 type ProfileStore interface {
27 GetProfile(username, password string) (uuid.ID, error)
28 }