README
¶
securelogin
Go implementation of SecureLogin.pw verification.
Documentation
¶
Overview ¶
Package securelogin implements the SecureLogin protocol.
SecureLogin is an authentication protocol created by Sakurity. The Draft RFC Specification for it can be read at:
https://github.com/sakurity/securelogin-spec/blob/master/index.md
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func MarshalString ¶
MarshalString returns encoded Token as defied by the spec to string.
func WithConnect ¶
func WithConnect(c *Config)
WithConnect enables Connect request (OAuth replacement).
Types ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
Config is used for verification of a token.
type Decoder ¶
type Decoder struct {
// contains filtered or unexported fields
}
Decoder reads and decodes sltoken from an input stream.
Example ¶
package main
import (
"bytes"
"fmt"
"github.com/vladimiroff/securelogin"
)
var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
"OTkTRrVm1xgvxGthABCwCQ8k=,[email protected]")
func main() {
var t securelogin.Token
dec := securelogin.NewDecoder(bytes.NewReader(sltoken))
if err := dec.Decode(&t); err != nil {
fmt.Printf("decode failed: %s", err)
return
}
fmt.Printf("token of %s\n", t.Email)
}
Output: token of [email protected]
func NewDecoder ¶
NewDecoder returns a new decoder that reads from r.
type Encoder ¶
type Encoder struct {
// contains filtered or unexported fields
}
Example ¶
package main
import (
"fmt"
"os"
"github.com/vladimiroff/securelogin"
)
var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
"OTkTRrVm1xgvxGthABCwCQ8k=,[email protected]")
func main() {
t, err := securelogin.Unmarshal(sltoken)
if err != nil {
fmt.Printf("unmarshal failed: %s", err)
return
}
enc := securelogin.NewEncoder(os.Stdout)
if err = enc.Encode(t); err != nil {
fmt.Printf("encode failed: %s", err)
return
}
}
Output: https://cobased.com%2Chttps://cobased.com%2C%2C1498731060,E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6mDAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=,kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6kOTkTRrVm1xgvxGthABCwCQ8k=,[email protected]
func NewEncoder ¶
type Option ¶
type Option func(*Config)
Option modifies the Configuration prior verify.
func WithOrigins ¶
WithOrigins adds origins to the Config.
func WithPublicKey ¶
WithPublicKey overrides PublicKey of the token.
func WithSecret ¶
WithSecret overrides HMACSecret of the token.
type Token ¶
type Token struct {
// Provider is the origin of the app where this token should authenticate for.
Provider string
// Client is the front-end this token should authenticate with. Equals
// to provider unless when used to authorize specific scope or in a
// Connect request.
Client string
// Scope defines what the user is allowed to do with this token. It's
// expected to be empty during sign-(in|up).
Scope url.Values
// ExpireAt is expiration time of the token in order to prevent replay
// attacks. Clients however are allowed to ignore or extend it.
ExpireAt time.Time
//PublicKey for verifying Ed25519 signature. Could be overridden by
//options during verification.
PublicKey []byte
// HMACSecret is the key used to sign the payload. Could be overridden
// by options during verification.
HMACSecret []byte
//Signature to be verified by the Ed25519 signature algorithm.
Signature []byte
// HMACSignature of the signed payload.
HMACSignature []byte
// Email of the user. The protocol does not confirm user email and does
// not intend to do so.
Email string
// contains filtered or unexported fields
}
Token is the core of SecureLogin Protocol.
func UnmarshalString ¶
UnmarshalString parses given string and constructs a Token from it or fails with an error.
func Verify ¶
Verify encoded token.
This is just a convenient function which unmarshals a token and then calls Verify on it with given options.
Example ¶
package main
import (
"fmt"
"github.com/vladimiroff/securelogin"
)
const domain = "https://cobased.com"
var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
"OTkTRrVm1xgvxGthABCwCQ8k=,[email protected]")
func main() {
t, err := securelogin.Verify(sltoken, securelogin.WithOrigins(domain), securelogin.WithoutExpire)
if err != nil {
fmt.Printf("verify failed: %s", err)
return
}
fmt.Printf("logged in as %s\n", t.Email)
}
Output: logged in as [email protected]
func (Token) Verify ¶
Verify token with given options.
Example ¶
package main
import (
"fmt"
"github.com/vladimiroff/securelogin"
)
const domain = "https://cobased.com"
var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
"OTkTRrVm1xgvxGthABCwCQ8k=,[email protected]")
func main() {
t, err := securelogin.Unmarshal(sltoken)
if err != nil {
fmt.Printf("unmarshal failed: %s", err)
return
}
err = t.Verify(securelogin.WithOrigins(domain), securelogin.WithoutExpire)
fmt.Printf("successful verify: %t", err == nil)
}
Output: successful verify: true
Example (Expired) ¶
package main
import (
"fmt"
"time"
"github.com/vladimiroff/securelogin"
)
const domain = "https://cobased.com"
var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
"OTkTRrVm1xgvxGthABCwCQ8k=,[email protected]")
func main() {
t, err := securelogin.Unmarshal(sltoken)
if err != nil {
fmt.Printf("unmarshal failed: %s", err)
return
}
// Expired one hour ago
t.ExpireAt = time.Now().Add(-1 * time.Hour)
err = t.Verify(securelogin.WithOrigins(domain))
fmt.Printf("%s\n", err)
}
Output: expired token
Source Files
Click to show internal directories.
Click to hide internal directories.