web.auth.tokens #
Tokens
A library for creating, authenticating, and revoking access and refresh tokens
struct AccessTokenParams #
@[params]
struct AccessTokenParams {
expiration time.Time = time.now().add(15 * time.minute)
refresh_token SignedJWT @[required]
}
struct AuthTokens #
struct AuthTokens {
pub:
access_token string
refresh_token string
}
secret := os.getenv('SECRET_KEY')
struct RefreshTokenParams #
@[params]
struct RefreshTokenParams {
TokenParams
pub:
expiration time.Time = time.now().add_days(30)
}
struct TokenParams #
@[params]
struct TokenParams {
pub:
user_id string
subject string
issuer string
audience string
}
struct Tokens #
struct Tokens {
refresh_secret string = jwt.create_secret() // secret used for signing/verifying refresh tokens
access_secret string = jwt.create_secret() // secret used for signing/verifying refresh tokens
mut:
logger &log.Logger = &log.Logger(&log.Log{
level: .debug
})
}
Authenticator deals and authenticates refresh and access tokens
fn (Tokens) authenticate_access_token #
fn (mut auth Tokens) authenticate_access_token(token SignedJWT) !
authenticate_access_token authenticates an access token and verifies that the session which issued the token is still valid
fn (Tokens) new_access_token #
fn (mut auth Tokens) new_access_token(params AccessTokenParams) !string
fn (Tokens) new_auth_tokens #
fn (mut auth Tokens) new_auth_tokens(params RefreshTokenParams) AuthTokens
fn (Tokens) new_refresh_token #
fn (mut auth Tokens) new_refresh_token(params RefreshTokenParams) string
fn (Tokens) revoke_refresh_token #
fn (mut auth Tokens) revoke_refresh_token(token SignedJWT) !
struct TokensConfig #
@[params]
struct TokensConfig {
refresh_secret string = jwt.create_secret() // secret used for signing/verifying refresh tokens
access_secret string = jwt.create_secret() // secret used for signing/verifying refresh tokens
logger &log.Logger = &log.Logger(&log.Log{
level: .debug
})
}