auth

Paddy 2014-08-16 Parent:fc5df8e68c7b Child:9fe684b33b3d

17:1f04b1146cad Go to Latest

auth/storage.go

Implement CSRF prevention and pass info to confirmation. Implement CSRF prevention using the nosurf package. Note that the handler still needs to be wrapped before this will work. Pass info on the authorization being requested (namely the client and the scope) to the RenderConfirmation page so that the user can make an educated decision.

Download raw file
View source Diff to previous Annotate
History
1 package auth
2
3 import "secondbit.org/uuid"
4
5 type ClientStore interface {
6 GetClient(id uuid.ID) (Client, error)
7 CreateClient(name, logo, redirectURI string, owner uuid.ID) (Client, error)
8 UpdateClient(client uuid.ID, name, logo, redirectURI *string) error
9 RemoveClient(id uuid.ID) error
10 ListClients(id uuid.ID, page, num int) ([]Client, error)
11 }
12
13 type TokenStore interface {
14 SaveAuthorization(AuthorizeData) error
15 GetAuthorization(code string) (AuthorizeData, error)
16 RemoveAuthorization(code string) error
17
18 SaveAccess(AccessData) error
19 GetAccess(token string) (AccessData, error)
20 RemoveAccess(token string) error
21
22 GetRefresh(token string) (AccessData, error)
23 RemoveRefresh(token string) error
24 }
25
26 type ProfileStore interface {
27 GetProfile(username, password string) (uuid.ID, error)
28 }