Further Refactoring

auth/auth.go

@@ -32,9 +32,7 @@ type Auth interface {
 	// Options set for auth
 	Options() Options
 	// Generate a new account
-	Generate(id string, opts ...GenerateOption) (*Account, error)
-	// Login to an existing account
-	Login(id string, opts ...LoginOption) (*Account, error)
+	Generate(id, secret string, opts ...GenerateOption) (*Account, error)
 	// Grant access to a resource
 	Grant(role string, res *Resource) error
 	// Revoke access to a resource
@@ -44,7 +42,7 @@ type Auth interface {
 	// Inspect a token
 	Inspect(token string) (*Account, error)
 	// Token generated using refresh token
-	Token(id, refreshToken string, opts ...TokenOption) (*Token, error)
+	Token(opts ...TokenOption) (*Token, error)
 	// String returns the name of the implementation
 	String() string
 }
@@ -67,8 +65,6 @@ type Account struct {
 	Type string `json:"type"`
 	// Provider who issued the account
 	Provider string `json:"provider"`
-	// RefreshToken used to renew the account
-	RefreshToken string `json:"refresh_token"`
 	// Roles associated with the Account
 	Roles []string `json:"roles"`
 	// Any other associated metadata
@@ -81,22 +77,14 @@ type Account struct {
 
 // Token can be short or long lived
 type Token struct {
-	// The token itself
-	Token string `json:"token"`
-	// Type of token, e.g. JWT
-	Type string `json:"type"`
+	// The token to be used for accessing resources
+	AccessToken string `json:"access_token"`
+	// RefreshToken to be used to generate a new token
+	RefreshToken string `json:"refresh_token"`
 	// Time of token creation
 	Created time.Time `json:"created"`
 	// Time of token expiry
 	Expiry time.Time `json:"expiry"`
-	// Subject of the token, e.g. the account ID
-	Subject string `json:"subject"`
-	// Roles granted to the token
-	Roles []string `json:"roles"`
-	// Metadata embedded in the token
-	Metadata map[string]string `json:"metadata"`
-	// Namespace the token belongs to
-	Namespace string `json:"namespace"`
 }
 
 const (

auth/default.go

@@ -34,20 +34,19 @@ func (n *noop) Options() Options {
 }
 
 // Generate a new account
-func (n *noop) Generate(id string, opts ...GenerateOption) (*Account, error) {
+func (n *noop) Generate(id, secret string, opts ...GenerateOption) (*Account, error) {
 	options := NewGenerateOptions(opts...)
 
 	return &Account{
-		ID:           id,
-		Roles:        options.Roles,
-		Metadata:     options.Metadata,
-		RefreshToken: uuid.New().String(),
+		ID:       id,
+		Roles:    options.Roles,
+		Metadata: options.Metadata,
 	}, nil
 }
 
 // Login to an existing account
-func (n *noop) Login(id string, opts ...LoginOption) (*Account, error) {
-	return &Account{ID: id}, nil
+func (n *noop) Login(opts ...LoginOption) (*Account, error) {
+	return &Account{}, nil
 }
 
 // Grant access to a resource
@@ -73,6 +72,6 @@ func (n *noop) Inspect(token string) (*Account, error) {
 }
 
 // Token generation using an account id and secret
-func (n *noop) Token(id, tok string, opts ...TokenOption) (*Token, error) {
+func (n *noop) Token(opts ...TokenOption) (*Token, error) {
 	return &Token{}, nil
 }

auth/options.go

@@ -10,14 +10,12 @@ import (
 type Options struct {
 	// ID is the services auth ID
 	ID string
-	// RefreshToken is used to generate new tokens
-	RefreshToken string
+	// Secret is used to authenticate the service
+	Secret string
 	// Token is the services token used to authenticate itself
 	Token *Token
-	// Public key base64 encoded
+	// PublicKey for decoding JWTs
 	PublicKey string
-	// Private key base64 encoded
-	PrivateKey string
 	// Provider is an auth provider
 	Provider provider.Provider
 	// LoginURL is the relative url path where a user can login
@@ -42,18 +40,11 @@ func PublicKey(key string) Option {
 	}
 }
 
-// PrivateKey is the JWT private key
-func PrivateKey(key string) Option {
-	return func(o *Options) {
-		o.PrivateKey = key
-	}
-}
-
 // Credentials sets the auth credentials
-func Credentials(id, refresh string) Option {
+func Credentials(id, secret string) Option {
 	return func(o *Options) {
 		o.ID = id
-		o.RefreshToken = refresh
+		o.Secret = secret
 	}
 }
 
@@ -78,8 +69,6 @@ type GenerateOptions struct {
 	Roles []string
 	// Namespace the account belongs too
 	Namespace string
-	// Secret to use with the account
-	Secret string
 	// Provider of the account, e.g. oauth
 	Provider string
 	// Type of the account, e.g. user
@@ -116,13 +105,6 @@ func WithNamespace(n string) GenerateOption {
 	}
 }
 
-// WithSecret for the generated account
-func WithSecret(s string) GenerateOption {
-	return func(o *GenerateOptions) {
-		o.Secret = s
-	}
-}
-
 // WithProvider for the generated account
 func WithProvider(p string) GenerateOption {
 	return func(o *GenerateOptions) {
@@ -163,16 +145,35 @@ func NewLoginOptions(opts ...LoginOption) LoginOptions {
 }
 
 type TokenOptions struct {
-	// TokenExpiry is the time the token should live for
-	TokenExpiry time.Duration
+	// ID for the account
+	ID string
+	// Secret for the account
+	Secret string
+	// RefreshToken is used to refesh a token
+	RefreshToken string
+	// Expiry is the time the token should live for
+	Expiry time.Duration
 }
 
 type TokenOption func(o *TokenOptions)
 
-// WithTokenExpiry for the token
-func WithTokenExpiry(ex time.Duration) TokenOption {
+// WithExpiry for the token
+func WithExpiry(ex time.Duration) TokenOption {
+	return func(o *TokenOptions) {
+		o.Expiry = ex
+	}
+}
+
+func WithCredentials(id, secret string) TokenOption {
+	return func(o *TokenOptions) {
+		o.ID = id
+		o.Secret = secret
+	}
+}
+
+func WithToken(rt string) TokenOption {
 	return func(o *TokenOptions) {
-		o.TokenExpiry = ex
+		o.RefreshToken = rt
 	}
 }
 
@@ -184,8 +185,8 @@ func NewTokenOptions(opts ...TokenOption) TokenOptions {
 	}
 
 	// set defualt expiry of token
-	if options.TokenExpiry == 0 {
-		options.TokenExpiry = time.Minute
+	if options.Expiry == 0 {
+		options.Expiry = time.Minute
 	}
 
 	return options