auth
auth/doc.go
Fill out token.CreatedFrom. Add a GrantType.AuditString() string method that will return a string for an audit log. Basically, it returns enough information to identify how the token got created. For client credentials, that's just the string "client_credentials". For user credentials, that's just the string "credentials". For auth codes, that's "authcode:", followed by the code used. For refresh tokens, that's "refresh_token:", followed by the refresh token used.
1 /*
2 Package auth provides an authentication service for managing user accounts and an OAuth2 provider.
4 The service is an opinionated implementation of authentication using passphrases and the
5 code.secondbit.org/pass package to implement user credentials and accounts. Additionally, users
6 are permitted to login using their email address on record or their username interchangeably.
7 Care is also taken to be able to mitigate attacks that have already happened and plan ahead for
8 the worst case scenarios.
10 An OAuth2 provider is also built-in and provided, complete with client registration and management,
11 as well as a specification-based set of handlers for managing the issuing of grants and tokens. Token
12 validiity may be asserted through an API, or a proxy service is provided for stripping auth-specific
13 information from requests and replacing it with a trusted header containing information about the user
14 and client that authorized the request.
15 */
16 package auth