root/golib
1
0
Fork 0
mirror of https://github.com/therootcompany/golib.git synced 2026-03-13 12:27:59 +00:00
Code Issues Projects Releases Wiki Activity

feat(auth): add TokenCookies to BasicRequestAuthenticator

Browse Source 
Add a TokenCookies []string field checked after query params (step 5).
Each named cookie's value is passed directly to Authenticator.Authenticate
as a token, enabling cookie-based token flows alongside Bearer and query params.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
AJ ONeal 2026-03-02 13:43:09 -07:00
parent c8a95588ff
commit 189df418a2
No known key found for this signature in database
1 changed files with 13 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
auth/request.go
View File

@ -25,7 +25,7 @@ var ErrNoCredentials = errors.New("no credentials provided")
// BasicRequestAuthenticator extracts credentials from an HTTP request and delegates
// verification to a BasicAuthenticator. It supports Basic Auth, Authorization
// header tokens, custom token headers, and query-parameter tokens.
// header tokens, custom token headers, query-parameter tokens, and cookies.
//
// Use NewBasicRequestAuthenticator for sane defaults.
type BasicRequestAuthenticator struct {
@ -62,6 +62,10 @@ type BasicRequestAuthenticator struct {
// TokenQueryParams lists query parameter names checked for tokens,
// e.g. []string{"access_token", "token"}.
TokenQueryParams []string
// TokenCookies lists cookie names whose values are passed directly as
// tokens, e.g. []string{"id_token", "session"}.
TokenCookies []string
}
// NewBasicRequestAuthenticator returns a BasicRequestAuthenticator with sane defaults:
@ -92,6 +96,7 @@ func NewBasicRequestAuthenticator(auth BasicAuthenticator) *BasicRequestAuthenti
// 2. Authorization: <scheme> <token> (filtered by AuthorizationSchemes)
// 3. Token headers (TokenHeaders)
// 4. Query parameters (TokenQueryParams)
// 5. Cookies (TokenCookies)
//
// Returns ErrNoCredentials if no credential form is present in the request.
func (ra *BasicRequestAuthenticator) Authenticate(r *http.Request) (BasicPrinciple, error) {
@ -135,5 +140,12 @@ func (ra *BasicRequestAuthenticator) Authenticate(r *http.Request) (BasicPrincip
}
}
// 5. Cookies
for _, name := range ra.TokenCookies {
if cookie, err := r.Cookie(name); err == nil && cookie.Value != "" {
return a.Authenticate("", cookie.Value)
}
}
return nil, ErrNoCredentials
}