golazy.dev golazy.dev / lazyoauth Index | Files

package lazyoauth

import "golazy.dev/lazyoauth"

Package lazyoauth provides OAuth server and resource-server primitives.

It is intentionally independent from specific account databases and from MCP. Applications provide lazyauth authenticators, token stores, and claim mapping policy. lazyapp can then use the same OAuth server for MCP clients such as Codex or Claude, browser-integrated companion applications, or other dependent clients.

Variables

Types

type AuthCode

AuthCode is an authorization code record.

type AuthCode struct {
	Code			string		`json:"code"`
	ClientID		string		`json:"client_id"`
	RedirectURI		string		`json:"redirect_uri"`
	CodeChallenge		string		`json:"code_challenge,omitempty"`
	CodeChallengeMethod	string		`json:"code_challenge_method,omitempty"`
	User			lazyauth.User	`json:"user"`
	Scope			[]string	`json:"scope,omitempty"`
	ExpiresAt		time.Time	`json:"expires_at"`
}

type Client

Client is an OAuth client.

type Client struct {
	ID		string		`json:"id"`
	Name		string		`json:"name,omitempty"`
	RedirectURIs	[]string	`json:"redirect_uris"`
	Domain		string		`json:"domain,omitempty"`
}

type Config

Config configures an OAuth authorization server and resource server.

type Config struct {
	Issuer		string
	Resource	string
	Auth		lazyauth.Config
	Store		Store
	Signer		lazyjwt.Signer
	// Validator overrides the resource-server JWT validator. When empty, a
	// validator is derived from Signer, Issuer, and Resource.
	Validator	lazyjwt.ValidatorConfig

	ClaimsMapper	ClaimsMapper

	AuthorizePath	string
	TokenPath	string
	RegisterPath	string
	JWKSPath	string

	AccessTokenTTL	time.Duration
	RefreshTokenTTL	time.Duration

	AllowDynamicClients	bool
}

type MemoryStore

MemoryStore is an in-memory OAuth store.

type MemoryStore struct {
	Clients	map[string]Client	`json:"clients"`
	Codes	map[string]AuthCode	`json:"codes"`
	Refresh	map[string]RefreshToken	`json:"refresh"`
	// contains filtered or unexported fields
}
func NewDiskStore

NewDiskStore loads or creates a JSON OAuth store at path.

func NewDiskStore(path string) (*MemoryStore, error)
func NewMemoryStore

NewMemoryStore creates an empty in-memory store.

func NewMemoryStore() *MemoryStore
func (store *MemoryStore) GetClient
func (store *MemoryStore) GetClient(_ context.Context, id string) (Client, error)
func (store *MemoryStore) GetRefreshToken
func (store *MemoryStore) GetRefreshToken(_ context.Context, token string) (RefreshToken, error)
func (store *MemoryStore) SaveAuthCode
func (store *MemoryStore) SaveAuthCode(_ context.Context, code AuthCode) error
func (store *MemoryStore) SaveClient
func (store *MemoryStore) SaveClient(_ context.Context, client Client) error
func (store *MemoryStore) SaveRefreshToken
func (store *MemoryStore) SaveRefreshToken(_ context.Context, token RefreshToken) error
func (store *MemoryStore) TakeAuthCode
func (store *MemoryStore) TakeAuthCode(_ context.Context, code string) (AuthCode, error)

type RefreshToken

RefreshToken is a refresh token record.

type RefreshToken struct {
	Token		string		`json:"token"`
	ClientID	string		`json:"client_id"`
	User		lazyauth.User	`json:"user"`
	Scope		[]string	`json:"scope,omitempty"`
	ExpiresAt	time.Time	`json:"expires_at"`
}

type Server

Server serves OAuth endpoints and validates bearer tokens.

type Server struct {
	// contains filtered or unexported fields
}
func New

New creates an OAuth server.

func New(config Config) (*Server, error)
func (server *Server) Handler

Handler serves OAuth endpoints and protects non-OAuth requests with bearer token validation.

func (server *Server) Handler(next http.Handler) http.Handler
func (server *Server) HandlesPath

HandlesPath reports whether path belongs to this OAuth server.

func (server *Server) HandlesPath(path string) bool
func (server *Server) Protect

Protect validates bearer tokens before calling next.

func (server *Server) Protect(next http.Handler) http.Handler
func (server *Server) ServeHTTP

ServeHTTP serves OAuth metadata and endpoint requests.

func (server *Server) ServeHTTP(w http.ResponseWriter, r *http.Request)

type Store

Store persists OAuth clients and transient tokens.

type Store interface {
	SaveClient(context.Context, Client) error
	GetClient(context.Context, string) (Client, error)
	SaveAuthCode(context.Context, AuthCode) error
	TakeAuthCode(context.Context, string) (AuthCode, error)
	SaveRefreshToken(context.Context, RefreshToken) error
	GetRefreshToken(context.Context, string) (RefreshToken, error)
}