Documentation
¶
Index ¶
- Constants
- func BuildLinkedAppScope(slug string) string
- func GetLinkedAppSlug(softwareID string) string
- func IsLinkedApp(softwareID string) bool
- func ValidTokenWithSStamp(i *instance.Instance, audience, token string) (permission.Claims, bool)
- type AccessCode
- type CleanMessage
- type Client
- func FindClient(i *instance.Instance, id string) (*Client, error)
- func FindClientByOnBoardingSecret(i *instance.Instance, onboardingSecret string) (*Client, error)
- func FindClientBySoftwareID(i *instance.Instance, softwareID string) (*Client, error)
- func FindOnboardingClient(i *instance.Instance) (*Client, error)
- func GetAll(inst *instance.Instance, limit int, bookmark string) ([]*Client, string, error)
- func GetNotifiables(i *instance.Instance) ([]*Client, error)
- func (c *Client) AcceptRedirectURI(u string) bool
- func (c *Client) CheckSoftwareID(instance *instance.Instance) *ClientRegistrationError
- func (c *Client) Clone() couchdb.Doc
- func (c *Client) Create(i *instance.Instance, opts ...CreateOptions) *ClientRegistrationError
- func (c *Client) CreateJWT(i *instance.Instance, audience, scope string) (string, error)
- func (c *Client) Delete(i *instance.Instance) *ClientRegistrationError
- func (c *Client) DocType() string
- func (c *Client) ID() string
- func (c *Client) Rev() string
- func (c *Client) SetID(id string)
- func (c *Client) SetRev(rev string)
- func (c *Client) TransformIDAndRev()
- func (c *Client) Update(i *instance.Instance, old *Client) *ClientRegistrationError
- func (c *Client) ValidToken(i *instance.Instance, audience, token string) (permission.Claims, bool)
- type ClientRegistrationError
- type CreateOptions
Constants ¶
const ( // PlatformFirebase platform using Firebase Cloud Messaging (FCM) PlatformFirebase = "firebase" // PlatformAPNS platform using APNS/2 PlatformAPNS = "apns" )
const ClientSecretLen = 24
ClientSecretLen is the number of random bytes used for generating the client secret
const DocTypeVersion = "1"
DocTypeVersion represents the doctype version. Each time this document structure is modified, update this value
const ScopeLogin = "login"
ScopeLogin is the special scope used by the manager or any other client for login/authentication purposes.
Variables ¶
This section is empty.
Functions ¶
func BuildLinkedAppScope ¶
BuildLinkedAppScope returns a formatted scope for a linked app
func GetLinkedAppSlug ¶
GetLinkedAppSlug returns a linked app slug from a softwareID
func IsLinkedApp ¶
IsLinkedApp checks if an OAuth client has a linked app
func ValidTokenWithSStamp ¶
ValidTokenWithSStamp checks that the JWT is valid and returns the associate claims. You should use client.ValidToken if you know the client, as it also checks that the claims are associated to this client.
Types ¶
type AccessCode ¶
type AccessCode struct {
Code string `json:"_id,omitempty"`
CouchRev string `json:"_rev,omitempty"`
ClientID string `json:"client_id"`
IssuedAt int64 `json:"issued_at"`
Scope string `json:"scope"`
}
AccessCode is struct used during the OAuth2 flow. It has to be persisted in CouchDB, not just sent as a JSON Web Token, because it can be used only once (no replay attacks).
func CreateAccessCode ¶
CreateAccessCode an access code for the given clientID, persisted in CouchDB
func (*AccessCode) DocType ¶
func (ac *AccessCode) DocType() string
DocType returns the access code document type
func (*AccessCode) ID ¶
func (ac *AccessCode) ID() string
ID returns the access code qualified identifier
func (*AccessCode) SetID ¶
func (ac *AccessCode) SetID(id string)
SetID changes the access code qualified identifier
func (*AccessCode) SetRev ¶
func (ac *AccessCode) SetRev(rev string)
SetRev changes the access code revision
type CleanMessage ¶
type CleanMessage struct {
ClientID string `json:"client_id"`
}
CleanMessage is used for messages to the clean-clients worker.
type Client ¶
type Client struct {
CouchID string `json:"_id,omitempty"` // Generated by CouchDB
CouchRev string `json:"_rev,omitempty"` // Generated by CouchDB
ClientID string `json:"client_id,omitempty"` // Same as CouchID
ClientSecret string `json:"client_secret,omitempty"` // Generated by the server
SecretExpiresAt int `json:"client_secret_expires_at"` // Forced by the server to 0 (no expiration)
RegistrationToken string `json:"registration_access_token,omitempty"` // Generated by the server
AllowLoginScope bool `json:"allow_login_scope,omitempty"` // Allow to generate token for a "login" scope (no permissions)
Pending bool `json:"pending,omitempty"` // True until a token is generated
RedirectURIs []string `json:"redirect_uris"` // Declared by the client (mandatory)
GrantTypes []string `json:"grant_types"` // Forced by the server to ["authorization_code", "refresh_token"]
ResponseTypes []string `json:"response_types"` // Forced by the server to ["code"]
ClientName string `json:"client_name"` // Declared by the client (mandatory)
ClientKind string `json:"client_kind,omitempty"` // Declared by the client (optional, can be "desktop", "mobile", "browser", etc.)
ClientURI string `json:"client_uri,omitempty"` // Declared by the client (optional)
LogoURI string `json:"logo_uri,omitempty"` // Declared by the client (optional)
PolicyURI string `json:"policy_uri,omitempty"` // Declared by the client (optional)
SoftwareID string `json:"software_id"` // Declared by the client (mandatory)
SoftwareVersion string `json:"software_version,omitempty"` // Declared by the client (optional)
// Notifications parameters
Notifications map[string]notification.Properties `json:"notifications,omitempty"`
NotificationPlatform string `json:"notification_platform,omitempty"` // Declared by the client (optional)
NotificationDeviceToken string `json:"notification_device_token,omitempty"` // Declared by the client (optional)
// XXX omitempty does not work for time.Time, thus the interface{} type
SynchronizedAt interface{} `json:"synchronized_at,omitempty"` // Date of the last synchronization, updated by /settings/synchronized
OnboardingSecret string `json:"onboarding_secret,omitempty"`
OnboardingApp string `json:"onboarding_app,omitempty"`
OnboardingPermissions string `json:"onboarding_permissions,omitempty"`
OnboardingState string `json:"onboarding_state,omitempty"`
Metadata *metadata.CozyMetadata `json:"cozyMetadata,omitempty"`
}
Client is a struct for OAuth2 client. Most of the fields are described in the OAuth 2.0 Dynamic Client Registration Protocol. The exception is `client_kind`, and it is an optional field. See https://tools.ietf.org/html/rfc7591
CouchID and ClientID are the same. They are just two ways to serialize to JSON, one for CouchDB and the other for the Dynamic Client Registration Protocol.
func FindClient ¶
FindClient loads a client from the database
func FindClientByOnBoardingSecret ¶
FindClientByOnBoardingSecret loads a client from the database with an OnboardingSecret
func FindClientBySoftwareID ¶
FindClientBySoftwareID loads a client from the database
func FindOnboardingClient ¶
FindOnboardingClient loads a client from the database with an OnboardingSecret
func GetNotifiables ¶
GetNotifiables loads al the clients from the database containing a non-empty `notification_plaform` field.
func (*Client) AcceptRedirectURI ¶
AcceptRedirectURI returns true if the given URI matches the registered redirect_uris
func (*Client) CheckSoftwareID ¶
func (c *Client) CheckSoftwareID(instance *instance.Instance) *ClientRegistrationError
CheckSoftwareID checks if a SoftwareID is valid
func (*Client) Create ¶
func (c *Client) Create(i *instance.Instance, opts ...CreateOptions) *ClientRegistrationError
Create is a function that sets some fields, and then save it in Couch.
func (*Client) CreateJWT ¶
CreateJWT returns a new JSON Web Token for the given instance and audience
func (*Client) Delete ¶
func (c *Client) Delete(i *instance.Instance) *ClientRegistrationError
Delete is a function that unregister a client
func (*Client) TransformIDAndRev ¶
func (c *Client) TransformIDAndRev()
TransformIDAndRev makes the translation from the JSON of CouchDB to the one used in the dynamic client registration protocol
func (*Client) Update ¶
func (c *Client) Update(i *instance.Instance, old *Client) *ClientRegistrationError
Update will update the client metadata
func (*Client) ValidToken ¶
ValidToken checks that the JWT is valid and returns the associate claims. It is expected to be used for registration token and refresh token, and it doesn't check when they were issued as they don't expire.
type ClientRegistrationError ¶
type ClientRegistrationError struct {
Code int `json:"-"`
Error string `json:"error"`
Description string `json:"error_description,omitempty"`
}
ClientRegistrationError is a Client Registration Error Response, as described in the Client Dynamic Registration Protocol See https://tools.ietf.org/html/rfc7591#section-3.2.2 for errors
type CreateOptions ¶
type CreateOptions int
CreateOptions can be used to give options when creating an OAuth client
const ( // NotPending option won't set the pending flag, and will avoid creating a // trigger to check if the client should be cleaned. It is used for // sharings by example, as a token is created just after the client // creation. NotPending CreateOptions = iota + 1 )
Source Files