Documentation
¶
Index ¶
- Constants
- Variables
- func GetRecognizedMobileDevice(ua string) (string, bool)
- type Authenticator
- type AuthenticatorKind
- type AuthenticatorOOBChannel
- type AuthenticatorType
- type Authorization
- type ClaimName
- type Domain
- type EthereumNetwork
- type Group
- type Identity
- type IdentityRef
- type IdentityType
- type LoginIDKeyType
- type Meta
- type PageCursor
- type PageItemRef
- type PublicKeyCredentialCreationOptions
- type PublicKeyCredentialDescriptor
- type PublicKeyCredentialParameter
- type PublicKeyCredentialRequestOptions
- type PublicKeyCredentialRpEntity
- type PublicKeyCredentialUserEntity
- type RecognizedMobileDevice
- type Role
- type SIWEPublicKey
- type SIWEVerifiedData
- type SearchUserRaw
- type SearchUserSource
- type Session
- type SessionInfo
- type SessionType
- type SortDirection
- type User
- type UserAgent
- type UserRef
- type WebAuthnCreationOptions
- type WebAuthnRequestOptions
Constants ¶
View Source
const ( // AMRPWD is from https://tools.ietf.org/html/rfc8176#section-2 AMRPWD string = "pwd" // AMROTP is from https://tools.ietf.org/html/rfc8176#section-2 AMROTP string = "otp" // AMRSMS is from https://tools.ietf.org/html/rfc8176#section-2 AMRSMS string = "sms" // AMRMFA is from https://tools.ietf.org/html/rfc8176#section-2 AMRMFA string = "mfa" // AMRXBiometric exists because rfc8176 does not have a general // value for any biometric authentication. AMRXBiometric string = "x_biometric" // AMRXPasskey exists because rfc8176 does not a general // value for passkey. AMRXPasskey string = "x_passkey" )
View Source
const ( RecognizedMobileDeviceIOS = "iOS" RecognizedMobileDeviceChromeAndroid = "ChromeAndroid" RecognizedMobileDeviceChrome = "Chrome" RecognizedMobileDeviceSamsung = "Samsung" )
Variables ¶
View Source
var LoginIDKeyTypes = []LoginIDKeyType{ LoginIDKeyTypeEmail, LoginIDKeyTypePhone, LoginIDKeyTypeUsername, }
Functions ¶
Types ¶
type Authenticator ¶
type Authenticator struct {
Meta
UserID string `json:"user_id"`
Type AuthenticatorType `json:"type"`
IsDefault bool `json:"is_default"`
Kind AuthenticatorKind `json:"kind"`
}
type AuthenticatorKind ¶
type AuthenticatorKind string
const ( AuthenticatorKindPrimary AuthenticatorKind = "primary" AuthenticatorKindSecondary AuthenticatorKind = "secondary" )
type AuthenticatorOOBChannel ¶
type AuthenticatorOOBChannel string
const ( AuthenticatorOOBChannelSMS AuthenticatorOOBChannel = "sms" AuthenticatorOOBChannelEmail AuthenticatorOOBChannel = "email" AuthenticatorOOBChannelWhatsapp AuthenticatorOOBChannel = "whatsapp" )
type AuthenticatorType ¶
type AuthenticatorType string
const ( AuthenticatorTypePassword AuthenticatorType = "password" AuthenticatorTypePasskey AuthenticatorType = "passkey" AuthenticatorTypeTOTP AuthenticatorType = "totp" AuthenticatorTypeOOBEmail AuthenticatorType = "oob_otp_email" AuthenticatorTypeOOBSMS AuthenticatorType = "oob_otp_sms" )
func Deprecated_GetOOBAuthenticatorType ¶
func Deprecated_GetOOBAuthenticatorType(channel AuthenticatorOOBChannel) (AuthenticatorType, error)
Deprecated_GetOOBAuthenticatorType is deprecated because it does not handle AuthenticatorOOBChannelWhatsapp.
func ParseOOBAuthenticatorType ¶
func ParseOOBAuthenticatorType(email_or_sms string) (AuthenticatorType, error)
func (AuthenticatorType) ToClaimName ¶
func (t AuthenticatorType) ToClaimName() ClaimName
type Authorization ¶
type ClaimName ¶
type ClaimName string
const ( ClaimAMR ClaimName = "amr" ClaimSID ClaimName = "sid" ClaimAuthTime ClaimName = "auth_time" ClaimEmail ClaimName = "email" ClaimPhoneNumber ClaimName = "phone_number" ClaimPreferredUsername ClaimName = "preferred_username" ClaimDeviceSecretHash ClaimName = "ds_hash" ClaimAuthgearRoles ClaimName = "https://authgear.com/claims/user/roles" ClaimKeyID ClaimName = "https://authgear.com/claims/user/key_id" ClaimUserIsAnonymous ClaimName = "https://authgear.com/claims/user/is_anonymous" ClaimUserIsVerified ClaimName = "https://authgear.com/claims/user/is_verified" ClaimUserCanReauthenticate ClaimName = "https://authgear.com/claims/user/can_reauthenticate" )
func GetLoginIDKeyTypeClaim ¶
func GetLoginIDKeyTypeClaim(loginIDKeyType LoginIDKeyType) (ClaimName, bool)
type Domain ¶
type Domain struct {
ID string `json:"id"`
AppID string `json:"appID"`
CreatedAt time.Time `json:"createdAt"`
Domain string `json:"domain"`
CookieDomain string `json:"cookieDomain"`
ApexDomain string `json:"apexDomain"`
VerificationDNSRecord string `json:"verificationDNSRecord"`
IsCustom bool `json:"isCustom"`
IsVerified bool `json:"isVerified"`
}
Domain represents a domain of an app. The keys in JSON struct tags are in camel case because this struct is directly returned in the GraphQL endpoint. Making the keys in camel case saves us from writing boilerplate resolver code.
type EthereumNetwork ¶
type EthereumNetwork string
const ( EthereumNetworkEthereumMainnet EthereumNetwork = "1" EthereumNetworkEthereumGoerli EthereumNetwork = "5" EthereumNetworkPolygonMainnet EthereumNetwork = "137" EthereumNetworkPolygonMumbai EthereumNetwork = "80001" )
func ParseEthereumNetwork ¶
func ParseEthereumNetwork(s string) (EthereumNetwork, bool)
type IdentityRef ¶
type IdentityRef struct {
Meta
UserID string
Type IdentityType
}
func (*IdentityRef) ToRef ¶
func (r *IdentityRef) ToRef() *IdentityRef
type IdentityType ¶
type IdentityType string
const ( IdentityTypeLoginID IdentityType = "login_id" IdentityTypeOAuth IdentityType = "oauth" IdentityTypeAnonymous IdentityType = "anonymous" IdentityTypeBiometric IdentityType = "biometric" IdentityTypePasskey IdentityType = "passkey" IdentityTypeSIWE IdentityType = "siwe" IdentityTypeLDAP IdentityType = "ldap" )
func (IdentityType) PrimaryAuthenticatorTypes ¶
func (t IdentityType) PrimaryAuthenticatorTypes(loginIDKeyType LoginIDKeyType) []AuthenticatorType
func (IdentityType) SupportsPassword ¶
func (t IdentityType) SupportsPassword() bool
This indicates whether the identity type can be used for password-related usage e.g. reset password, change password by admin. After account linking is introduced, different users may have different OAuth accounts with same email. To avoid ambiguity, we only allow login ID to be used for password login.
type LoginIDKeyType ¶
type LoginIDKeyType string
const ( LoginIDKeyTypeEmail LoginIDKeyType = "email" LoginIDKeyTypePhone LoginIDKeyType = "phone" LoginIDKeyTypeUsername LoginIDKeyType = "username" )
func GetClaimLoginIDKeyType ¶
func GetClaimLoginIDKeyType(claimName ClaimName) (LoginIDKeyType, bool)
type Meta ¶
type PageCursor ¶
type PageCursor string
type PageItemRef ¶
type PageItemRef struct {
ID string
Cursor PageCursor
}
type PublicKeyCredentialCreationOptions ¶
type PublicKeyCredentialCreationOptions struct {
Challenge protocol.URLEncodedBase64 `json:"challenge"`
RelyingParty PublicKeyCredentialRpEntity `json:"rp"`
User PublicKeyCredentialUserEntity `json:"user"`
PublicKeyCredentialParameters []PublicKeyCredentialParameter `json:"pubKeyCredParams,omitempty"`
Timeout int `json:"timeout"`
ExcludeCredentials []PublicKeyCredentialDescriptor `json:"excludeCredentials,omitempty"`
AuthenticatorSelection protocol.AuthenticatorSelection `json:"authenticatorSelection"`
Attestation protocol.ConveyancePreference `json:"attestation"`
Extensions map[string]interface{} `json:"extensions,omitempty"`
}
type PublicKeyCredentialDescriptor ¶
type PublicKeyCredentialDescriptor struct {
Type protocol.CredentialType `json:"type"`
ID protocol.URLEncodedBase64 `json:"id"`
Transports []string `json:"transports,omitempty"`
}
type PublicKeyCredentialParameter ¶
type PublicKeyCredentialParameter struct {
Type protocol.CredentialType `json:"type"`
Algorithm webauthncose.COSEAlgorithmIdentifier `json:"alg"`
}
type PublicKeyCredentialRequestOptions ¶
type PublicKeyCredentialRequestOptions struct {
Challenge protocol.URLEncodedBase64 `json:"challenge"`
Timeout int `json:"timeout"`
RPID string `json:"rpId"`
UserVerification protocol.UserVerificationRequirement `json:"userVerification"`
// This is a pointer to slice so that omitempty will omit the key if it is nil,
// and it is an array if the value is non-nil.
AllowCredentials *[]PublicKeyCredentialDescriptor `json:"allowCredentials,omitempty"`
Extensions map[string]interface{} `json:"extensions,omitempty"`
}
type PublicKeyCredentialUserEntity ¶
type PublicKeyCredentialUserEntity struct {
ID protocol.URLEncodedBase64 `json:"id"`
Name string `json:"name"`
DisplayName string `json:"displayName"`
}
type RecognizedMobileDevice ¶
type RecognizedMobileDevice string
The name is borrowed from https://github.com/browserslist/browserslist
type SIWEPublicKey ¶
type SIWEPublicKey string
type SIWEVerifiedData ¶
type SIWEVerifiedData struct {
Message string `json:"message"`
Signature string `json:"signature"`
EncodedPublicKey SIWEPublicKey `json:"encoded_public_key"`
}
type SearchUserRaw ¶
type SearchUserSource ¶
type SearchUserSource struct {
ID string `json:"id,omitempty"`
AppID string `json:"app_id,omitempty"`
CreatedAt time.Time `json:"created_at,omitempty"`
UpdatedAt time.Time `json:"updated_at,omitempty"`
LastLoginAt *time.Time `json:"last_login_at,omitempty"`
IsDisabled bool `json:"is_disabled"`
Email []string `json:"email,omitempty"`
EmailText []string `json:"email_text,omitempty"`
EmailLocalPart []string `json:"email_local_part,omitempty"`
EmailLocalPartText []string `json:"email_local_part_text,omitempty"`
EmailDomain []string `json:"email_domain,omitempty"`
EmailDomainText []string `json:"email_domain_text,omitempty"`
PreferredUsername []string `json:"preferred_username,omitempty"`
PreferredUsernameText []string `json:"preferred_username_text,omitempty"`
PhoneNumber []string `json:"phone_number,omitempty"`
PhoneNumberText []string `json:"phone_number_text,omitempty"`
PhoneNumberCountryCode []string `json:"phone_number_country_code,omitempty"`
PhoneNumberNationalNumber []string `json:"phone_number_national_number,omitempty"`
PhoneNumberNationalNumberText []string `json:"phone_number_national_number_text,omitempty"`
OAuthSubjectID []string `json:"oauth_subject_id,omitempty"`
OAuthSubjectIDText []string `json:"oauth_subject_id_text,omitempty"`
FamilyName string `json:"family_name,omitempty"`
GivenName string `json:"given_name,omitempty"`
MiddleName string `json:"middle_name,omitempty"`
Name string `json:"name,omitempty"`
Nickname string `json:"nickname,omitempty"`
Gender string `json:"gender,omitempty"`
Zoneinfo string `json:"zoneinfo,omitempty"`
Locale string `json:"locale,omitempty"`
Formatted string `json:"formatted,omitempty"`
StreetAddress string `json:"street_address,omitempty"`
Locality string `json:"locality,omitempty"`
Region string `json:"region,omitempty"`
PostalCode string `json:"postal_code,omitempty"`
Country string `json:"country,omitempty"`
RoleKey []string `json:"role_key,omitempty"`
RoleName []string `json:"role_name,omitempty"`
GroupKey []string `json:"group_key,omitempty"`
GroupName []string `json:"group_name,omitempty"`
}
type Session ¶
type Session struct {
Meta
Type SessionType `json:"type"`
AMR []string `json:"amr,omitempty"`
LastAccessedAt time.Time `json:"lastAccessedAt"`
CreatedByIP string `json:"createdByIP"`
LastAccessedByIP string `json:"lastAccessedByIP"`
LastAccessedByIPCountryCode string `json:"lastAccessedByIPCountryCode"`
LastAccessedByIPEnglishCountryName string `json:"lastAccessedByIPEnglishCountryName"`
ClientID *string `json:"clientID"`
DisplayName string `json:"displayName"`
ApplicationName string `json:"applicationName,omitempty"`
UserAgent string `json:"userAgent,omitempty"`
}
type SessionInfo ¶
type SessionInfo struct {
IsValid bool
UserID string
UserAnonymous bool
UserVerified bool
AuthenticatedAt time.Time
UserCanReauthenticate bool
EffectiveRoles []string
SessionAMR []string
}
func NewSessionInfoFromHeaders ¶
func NewSessionInfoFromHeaders(hdr http.Header) (info *SessionInfo, err error)
func (*SessionInfo) PopulateHeaders ¶
func (i *SessionInfo) PopulateHeaders(rw http.ResponseWriter)
type SessionType ¶
type SessionType string
const ( SessionTypeIDP SessionType = "idp" SessionTypeOfflineGrant SessionType = "offline_grant" )
type SortDirection ¶
type SortDirection string
const ( SortDirectionDefault SortDirection = "" SortDirectionAsc SortDirection = "asc" SortDirectionDesc SortDirection = "desc" )
type User ¶
type User struct {
Meta
LastLoginAt *time.Time `json:"last_login_at,omitempty"`
IsAnonymous bool `json:"is_anonymous"`
IsVerified bool `json:"is_verified"`
IsDisabled bool `json:"is_disabled"`
DisableReason *string `json:"disable_reason,omitempty"`
IsDeactivated bool `json:"is_deactivated"`
DeleteAt *time.Time `json:"delete_at,omitempty"`
IsAnonymized bool `json:"is_anonymized"`
AnonymizeAt *time.Time `json:"anonymize_at,omitempty"`
CanReauthenticate bool `json:"can_reauthenticate"`
StandardAttributes map[string]interface{} `json:"standard_attributes,omitempty"`
CustomAttributes map[string]interface{} `json:"custom_attributes,omitempty"`
// Web3 is kept for backwards compatibility purpose.
// It is always an empty map.
Web3 map[string]interface{} `json:"x_web3,omitempty"`
Roles []string `json:"roles,omitempty"`
Groups []string `json:"groups,omitempty"`
MFAGracePeriodtEndAt *time.Time `json:"mfa_grace_period_end_at,omitempty"`
EndUserAccountID string `json:"-"`
}
type UserAgent ¶
type UserAgent struct {
Raw string `json:"raw"`
Name string `json:"name"`
Version string `json:"version"`
OS string `json:"os"`
OSVersion string `json:"os_version"`
DeviceName string `json:"device_name"`
DeviceModel string `json:"device_model"`
}
func ParseUserAgent ¶
type WebAuthnCreationOptions ¶
type WebAuthnCreationOptions struct {
PublicKey PublicKeyCredentialCreationOptions `json:"publicKey"`
}
type WebAuthnRequestOptions ¶
type WebAuthnRequestOptions struct {
PublicKey PublicKeyCredentialRequestOptions `json:"publicKey"`
Mediation string `json:"mediation,omitempty"`
}
Source Files
Click to show internal directories.
Click to hide internal directories.