// // Copyright (C) 2024 veypi // 2025-07-24 15:27:31 // Distributed under terms of the MIT license. // package oauth import "time" // OAuth 2.0 相关常量 const ( // Grant Types GrantTypeAuthorizationCode = "authorization_code" GrantTypeRefreshToken = "refresh_token" GrantTypeClientCredentials = "client_credentials" GrantTypePassword = "password" GrantTypeImplicit = "implicit" // Response Types ResponseTypeCode = "code" ResponseTypeToken = "token" // Token Types TokenTypeBearer = "Bearer" // PKCE Challenge Methods CodeChallengeMethodPlain = "plain" CodeChallengeMethodS256 = "S256" // Default Scopes ScopeRead = "read" ScopeWrite = "write" ScopeProfile = "profile" ScopeEmail = "email" ScopePhone = "phone" ScopeAdmin = "admin" // Token 生存时间 DefaultAuthorizationCodeExpiry = 10 * time.Minute // 授权码10分钟过期 DefaultAccessTokenExpiry = 1 * time.Hour // 访问令牌1小时过期 DefaultRefreshTokenExpiry = 30 * 24 * time.Hour // 刷新令牌30天过期 DefaultSessionExpiry = 24 * time.Hour // 会话24小时过期 // Error Codes (RFC 6749) ErrorInvalidRequest = "invalid_request" ErrorInvalidClient = "invalid_client" ErrorInvalidGrant = "invalid_grant" ErrorUnauthorizedClient = "unauthorized_client" ErrorUnsupportedGrantType = "unsupported_grant_type" ErrorInvalidScope = "invalid_scope" ErrorAccessDenied = "access_denied" ErrorUnsupportedResponseType = "unsupported_response_type" ErrorServerError = "server_error" ErrorTemporarilyUnavailable = "temporarily_unavailable" // PKCE Error Codes (RFC 7636) ErrorInvalidGrant2 = "invalid_grant" // Token 类型 UserTokenTypeAPI = "api" // API 令牌 UserTokenTypeSession = "session" // 会话令牌 UserTokenTypePersonal = "personal" // 个人访问令牌 ) // 默认作用域定义 var DefaultScopes = []struct { Name string DisplayName string Description string IsDefault bool IsSystem bool }{ { Name: ScopeProfile, DisplayName: "基本资料", Description: "访问您的基本资料信息,如用户名、昵称等", IsDefault: true, IsSystem: true, }, { Name: ScopeEmail, DisplayName: "邮箱地址", Description: "访问您的邮箱地址", IsDefault: false, IsSystem: true, }, { Name: ScopePhone, DisplayName: "手机号码", Description: "访问您的手机号码", IsDefault: false, IsSystem: true, }, { Name: ScopeRead, DisplayName: "读取权限", Description: "读取您的数据", IsDefault: true, IsSystem: false, }, { Name: ScopeWrite, DisplayName: "写入权限", Description: "修改您的数据", IsDefault: false, IsSystem: false, }, { Name: ScopeAdmin, DisplayName: "管理员权限", Description: "完全的管理员权限", IsDefault: false, IsSystem: true, }, } // 预定义的第三方OAuth提供商 var DefaultOAuthProviders = []struct { Name string DisplayName string AuthURL string TokenURL string UserInfoURL string Scope string }{ { Name: "github", DisplayName: "GitHub", AuthURL: "https://github.com/login/oauth/authorize", TokenURL: "https://github.com/login/oauth/access_token", UserInfoURL: "https://api.github.com/user", Scope: "user:email", }, { Name: "google", DisplayName: "Google", AuthURL: "https://accounts.google.com/o/oauth2/v2/auth", TokenURL: "https://oauth2.googleapis.com/token", UserInfoURL: "https://www.googleapis.com/oauth2/v2/userinfo", Scope: "openid profile email", }, { Name: "wechat", DisplayName: "微信", AuthURL: "https://open.weixin.qq.com/connect/oauth2/authorize", TokenURL: "https://api.weixin.qq.com/sns/oauth2/access_token", UserInfoURL: "https://api.weixin.qq.com/sns/userinfo", Scope: "snsapi_userinfo", }, { Name: "dingtalk", DisplayName: "钉钉", AuthURL: "https://oapi.dingtalk.com/connect/oauth2/sns_authorize", TokenURL: "https://oapi.dingtalk.com/sns/gettoken", UserInfoURL: "https://oapi.dingtalk.com/sns/getuserinfo", Scope: "snsapi_login", }, }