model

package
v0.0.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 25, 2023 License: CC0-1.0 Imports: 5 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DefaultAccessTokenLifetime is the default lifetime of an access token.
	DefaultAccessTokenLifetime = 24 * time.Hour
	// DefaultIDTokenLifetime is the default lifetime of an ID token.
	DefaultIDTokenLifetime = 24 * time.Hour
	// DefaultRefreshTokenLifetime is the default lifetime of a refresh token.
	DefaultRefreshTokenLifetime = 720 * time.Hour
)
View Source 
const (
	GrantTypeAuthorizationCode = "authorization_code"
	GrantTypeClientCredentials = "client_credentials"
	GrantTypeRefreshToken      = "refresh_token"
)
View Source 
const (
	// PKCECodeChallengeMethodPlain is the plain code challenge method.
	PKCECodeChallengeMethodPlain = "plain"
	// PKCECodeChallengeMethodS256 is the S256 code challenge method.
	PKCECodeChallengeMethodS256 = "S256"
)
View Source 
const (
	ScopeOpenID        = "openid"
	ScopeProfile       = "profile"
	ScopeEmail         = "email"
	ScopeAddress       = "address"
	ScopePhone         = "phone"
	ScopeOfflineAccess = "offline_access"
)
View Source 
const AuthorizationCodeExpiration = 10 * time.Minute
View Source 
const (
	// KeyTypeRSA is used to represent an RSA key.
	KeyTypeRSA = "rsa"
)

Variables

This section is empty.

Functions

func AccessTokenLifetime 

func AccessTokenLifetime(server OAuthServer, client OAuthClient) time.Duration

AccessTokenLifetime returns the access token lifetime for the given client/server pair. If the client did not set a lifetime, we return the one set on the server.

func IDTokenLifetime 

func IDTokenLifetime(server OAuthServer, client OAuthClient) time.Duration

IDTokenLifetime returns the ID token lifetime for the given client/server pair. If the client did not set a lifetime, we return the one set on the server.

func RefreshTokenLifetime 

func RefreshTokenLifetime(server OAuthServer, client OAuthClient) time.Duration

RefreshTokenLifetime returns the refresh token lifetime for the given client. If the client did not set a lifetime, we return the one set on the server.

Types

type AuthorizationCode 

type AuthorizationCode struct {
	// ID is the code itself
	ID                  string    `json:"id"`
	ClientName          string    `json:"client_name"`
	CodeChallenge       string    `json:"code_challenge"`
	CodeChallengeMethod string    `json:"code_challenge_method"`
	CreatedAt           time.Time `json:"created_at"`
	AuthTime            time.Time `json:"auth_time"`
	RedirectURI         string    `json:"redirect_uri"`
	Nonce               string    `json:"nonce"`
	ServerName          string    `json:"server_name"`
	State               string    `json:"state"`
	Subject             string    `json:"subject"`
	GrantedScopes       string    `json:"granted_scopes"`
}

func (AuthorizationCode) IsExpired 

func (a AuthorizationCode) IsExpired(now time.Time) bool

IsExpired returns true if the authorization code expired.

func (AuthorizationCode) Model 

func (a AuthorizationCode) Model() string

type AuthorizationPayload 

type AuthorizationPayload struct {
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
	ClientID            string `json:"client_id"`
	Nonce               string `json:"nonce"`
	RedirectURI         string `json:"redirect_uri"`
	ResponseType        string `json:"response_type"`
	Scope               string `json:"scope"`
	ServerName          string `json:"server_name"`
	State               string `json:"state"`
	ResponseMode        string `json:"response_mode"`
}

AuthorizationPayload is the data structure that holds the data relative to a request to the authorization endpoint.

func (*AuthorizationPayload) PKCE 

func (a *AuthorizationPayload) PKCE(publicClient bool, logger hclog.Logger) (*AuthorizationPayload, error)

PKCE returns a new AuthorizationPayload setting the code challenge and the code challenge method as appropriate. If the client is public, the code challenge is mandatory, however confidential clients may want to use PKCE too.

type CodeGrant 

type CodeGrant struct {
	Server    string   `json:"server" hcl:"server"`
	Scopes    []string `json:"scopes" hcl:"scopes"`
	Callbacks []string `json:"callbacks" hcl:"callbacks"`
}

CodeGrant grants the scopes to a client against the given server. Used in the `authorization_code` grant type.

type ConnectionSet 

type ConnectionSet struct {
	ID                     string              `json:"id" hcl:"id"`
	MockConnection         *MockConnection     `json:"mock_connection" hcl:"mock_connection,block"`
	UserPasswordConnection *UserPassConnection `json:"user_password_connection" hcl:"user_pass_connection,block"`
}

ConnectionSet is a set of connections that can be shared across servers.

func (ConnectionSet) Model 

func (c ConnectionSet) Model() string

type ConnectionSets 

type ConnectionSets []*ConnectionSet

func (ConnectionSets) FilterByAbsent 

func (a ConnectionSets) FilterByAbsent(b []ConnectionSet) []*ConnectionSet

FilterByAbsent returns the connection sets present in A that are absent in B.

type Credentials 

type Credentials struct {
	Name   string `json:"client_name"`
	ID     string `json:"client_id"`
	Secret string `json:"client_secret"`
}

Credentials is the data structure used to store/retrieve a client ID/client secret.

func (Credentials) Model 

func (c Credentials) Model() string

Model implements the Modeler interface.

type Key 

type Key struct {
	ID   string `json:"id" hcl:"id"`
	Type string `json:"type" hcl:"type"`
}

Key holds the configuration of a signing key.

type M2MGrant 

type M2MGrant struct {
	Server string   `json:"server" hcl:"server"`
	Scopes []string `json:"scopes" hcl:"scopes"`
}

M2MGrant grants the scopes to a client against the given server. Used in the `client_credentials` grant type.

type MaxAccessTokenLifetime 

type MaxAccessTokenLifetime struct {
	Value string `json:"value" hcl:"value"`
}

MaxAccessTokenLifetime is the maximum lifetime of an access token.

func (*MaxAccessTokenLifetime) Lifetime 

func (m *MaxAccessTokenLifetime) Lifetime() (time.Duration, bool)

Lifetime returns the time.Duration representation of the access token lifetime. and a boolean indicating whether the value was found or not.

func (*MaxAccessTokenLifetime) Validate 

func (m *MaxAccessTokenLifetime) Validate() error

Validate returns an error if the lifetime is not valid.

type MaxIDTokenLifetime 

type MaxIDTokenLifetime struct {
	Value string `json:"value" hcl:"value"`
}

MaxIDTokenLifetime is the maximum lifetime of an ID token.

func (*MaxIDTokenLifetime) Lifetime 

func (m *MaxIDTokenLifetime) Lifetime() (time.Duration, bool)

Lifetime returns the time.Duration representation of the ID token lifetime and a boolean indicating whether the value was found or not.

func (*MaxIDTokenLifetime) Validate 

func (m *MaxIDTokenLifetime) Validate() error

Validate returns an error if the ID token lifetime is not valid.

type MaxRefreshTokenLifetime 

type MaxRefreshTokenLifetime struct {
	Value string `json:"value" hcl:"value"`
}

MaxRefreshTokenLifetime is the maximum lifetime of a refresh token.

func (*MaxRefreshTokenLifetime) Lifetime 

func (m *MaxRefreshTokenLifetime) Lifetime() (time.Duration, bool)

Lifetime returns the time.Duration representation of the refresh token lifetime and a boolean indicating whether the value was found or not.

func (*MaxRefreshTokenLifetime) Validate 

func (m *MaxRefreshTokenLifetime) Validate() error

Validate returns an error if the refresh token lifetime is not valid.

type MockConnection 

type MockConnection struct{}

MockConnection is the configuration of a mock connection. A mock connection is not secure and should not be used if not for dev/testing purposes.

type OAuthClient 

type OAuthClient struct {
	Name                 string                   `json:"name" hcl:"name"`
	M2MGrants            []M2MGrant               `json:"m2m_grants" hcl:"m2m_grant,block"`
	CodeGrant            []CodeGrant              `json:"code_grants" hcl:"code_grant,block"`
	Public               *PublicClient            `json:"public" hcl:"public,block"`
	AccessTokenLifetime  *MaxAccessTokenLifetime  `json:"max_access_token_lifetime" hcl:"max_access_token_lifetime,block"`
	IDTokenLifetime      *MaxIDTokenLifetime      `json:"max_id_token_lifetime" hcl:"max_id_token_lifetime,block"`
	RefreshTokenLifetime *MaxRefreshTokenLifetime `json:"max_refresh_token_lifetime" hcl:"max_refresh_token_lifetime,block"`
}

OAuthClient represents an OAuth Client ID configuration.

func (OAuthClient) IsPublic 

func (o OAuthClient) IsPublic() bool

IsPublic returns true if the client is public. A public client must use PKCE, and cannot use m2m_grants.

func (OAuthClient) MaxAccessTokenLifetime 

func (o OAuthClient) MaxAccessTokenLifetime() (time.Duration, bool)

MaxAccessTokenLifetime returns the maximum lifetime of an access token.

func (OAuthClient) MaxIDTokenLifetime 

func (o OAuthClient) MaxIDTokenLifetime() (time.Duration, bool)

func (OAuthClient) MaxRefreshTokenLifetime 

func (o OAuthClient) MaxRefreshTokenLifetime() (time.Duration, bool)

MaxRefreshTokenLifetime returns the maximum lifetime of a refresh token.

func (OAuthClient) Model 

func (o OAuthClient) Model() string

Model implements the raft.Modeler interface.

type OAuthClients 

type OAuthClients []*OAuthClient

OAuthClients is an alias for []*OAuthClient

func (OAuthClients) FilterByAbsent 

func (a OAuthClients) FilterByAbsent(b []OAuthClient) []*OAuthClient

FilterByAbsent returns the set of clients present in A that are absent in B.

type OAuthServer 

type OAuthServer struct {
	Name                 string                   `json:"name" hcl:"name"`
	ConnectionSetID      string                   `json:"connection_set_id" hcl:"connection_set_id"`
	Issuer               string                   `json:"issuer" hcl:"issuer"`
	Scopes               []string                 `json:"scopes" hcl:"scopes"`
	Keys                 []Key                    `json:"key" hcl:"key,block"`
	AccessTokenLifetime  *MaxAccessTokenLifetime  `json:"max_access_token_lifetime" hcl:"max_access_token_lifetime,block"`
	IDTokenLifetime      *MaxIDTokenLifetime      `json:"max_id_token_lifetime" hcl:"max_id_token_lifetime,block"`
	RefreshTokenLifetime *MaxRefreshTokenLifetime `json:"max_refresh_token_lifetime" hcl:"max_refresh_token_lifetime,block"`
}

OAuthServer stores an OAuth authorization server configuration.

func (OAuthServer) MaxAccessTokenLifetime 

func (s OAuthServer) MaxAccessTokenLifetime() time.Duration

MaxAccessTokenLifetime returns the maximum lifetime of an access token.

func (OAuthServer) MaxIDTokenLifetime 

func (s OAuthServer) MaxIDTokenLifetime() time.Duration

func (OAuthServer) MaxRefreshTokenLifetime 

func (s OAuthServer) MaxRefreshTokenLifetime() time.Duration

MaxRefreshTokenLifetime returns the maximum lifetime of a refresh token.

func (OAuthServer) Model 

func (s OAuthServer) Model() string

Model implement the Modeler interface.

type OAuthServers 

type OAuthServers []*OAuthServer

OAuthServers is an alias for []*OAuthServer

func (OAuthServers) FilterByAbsent 

func (a OAuthServers) FilterByAbsent(b []OAuthServer) []*OAuthServer

FilterByAbsent returns the set of resource servers present in A that are absent in B.

type PublicClient 

type PublicClient struct{}

PublicClient is an empty struct used to represent a public client.

type RefreshToken 

type RefreshToken struct {
	// ID is the unique identifier of the refresh token.
	ID            string `json:"id"`
	ClientName    string `json:"client_name"`
	ServerName    string `json:"server_name"`
	Scopes        string `json:"scopes"`
	CreatedAt     int64  `json:"created_at"`
	AccessTokenID string `json:"access_token_id"`

	// Lifetime is the lifetime of the refresh token.
	Lifetime time.Duration `json:"lifetime"`
	// The subject of the end user who owns the refresh token.
	Subject string `json:"subject"`
	// KeyID is the ID of the key used to encrypt the refresh token.
	KeyID    string    `json:"key_id"`
	AuthTime time.Time `json:"auth_time"`
}

RefreshToken stores all the required information for a refresh token.

func (RefreshToken) IsExpired 

func (r RefreshToken) IsExpired(now time.Time) bool

func (RefreshToken) Model 

func (r RefreshToken) Model() string

Model implements the Modeler interface.

type Session 

type Session struct {
	ID                   string               `json:"id"`
	CreatedAt            int64                `json:"created_at"`
	ServerName           string               `json:"server_name"`
	AuthorizationPayload AuthorizationPayload `json:"authorization_payload"`
}

Session is the data structure that holds the data relative to a login flow.

func (Session) IsExpired 

func (s Session) IsExpired(now time.Time) bool

IsExpired returns true if the session is expired.

func (Session) Model 

func (s Session) Model() string

Model implements the raft.Model interface.

type SigningKey 

type SigningKey struct {
	PEM []byte `json:"pem"`
}

SigningKey stores an OAuth server signing key.

func (SigningKey) Model 

func (r SigningKey) Model() string

Model implements the Modeler interface.

type StandardClaims 

type StandardClaims struct {
	// Subject is the unique identifier of the end user.
	Subject             string `json:"sub"`
	Name                string `json:"name,omitempty"`
	GivenName           string `json:"given_name,omitempty"`
	FamilyName          string `json:"family_name,omitempty"`
	MiddleName          string `json:"middle_name,omitempty"`
	Nickname            string `json:"nickname,omitempty"`
	PreferredUsername   string `json:"preferred_username,omitempty"`
	Profile             string `json:"profile,omitempty"`
	Picture             string `json:"picture,omitempty"`
	Website             string `json:"website,omitempty"`
	Email               string `json:"email,omitempty"`
	EmailVerified       bool   `json:"email_verified,omitempty"`
	Gender              string `json:"gender,omitempty"`
	Birthdate           string `json:"birthdate,omitempty"`
	ZoneInfo            string `json:"zoneinfo,omitempty"`
	Locale              string `json:"locale,omitempty"`
	PhoneNumber         string `json:"phone_number,omitempty"`
	PhoneNumberVerified bool   `json:"phone_number_verified,omitempty"`
	Address             string `json:"address,omitempty"`
	UpdatedAt           int64  `json:"updated_at,omitempty"`
}

StandardClaims are the claims of a user as per https://openid.net/specs/openid-connect-basic-1_0.html#StandardClaims These are the claims returned in the UserInfo endpoint.

func (StandardClaims) DefaultClaims 

func (s StandardClaims) DefaultClaims() StandardClaims

DefaultClaims returns all the default claims of a user. The default claims are defined in the OpenID Connect specification. https://openid.net/specs/openid-connect-basic-1_0.html#Scopes

func (StandardClaims) GetRequestedClaims 

func (s StandardClaims) GetRequestedClaims(allowedScopes string) (StandardClaims, error)

GetRequestedClaims returns the claims of a user based on the scopes requested.

func (StandardClaims) Model 

func (s StandardClaims) Model() string

Model implements the Modeler interface.

type User 

type User struct {
	Username       string `json:"username"`
	HashedPassword string `json:"hashed_password"`
	ServerName     string `json:"server_name"`
}

User is a user stored in the raft backend.

func (User) Model 

func (u User) Model() string

Model implements the Modeler interface.

type UserPassConnection 

type UserPassConnection struct{}

UserPassConnection is the configuration block for an user pass connection.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.