identity

package
v0.0.0-...-61a1afd Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2024 License: Apache-2.0 Imports: 20 Imported by: 1

Documentation

Index

Constants

View Source
const (
	CandidateKeyIdentityID = "identity_id"
	CandidateKeyType       = "type"

	CandidateKeyProviderType      = "provider_type"
	CandidateKeyProviderAlias     = "provider_alias"
	CandidateKeyProviderSubjectID = "provider_subject_id"
	CandidateKeyProviderAppType   = "provider_app_type"

	CandidateKeyLoginIDType  = "login_id_type"
	CandidateKeyLoginIDKey   = "login_id_key"
	CandidateKeyLoginIDValue = "login_id_value"

	CandidateKeyDisplayID = "display_id"

	CandidateKeyCreateDisabled = "create_disabled"
	CandidateKeyUpdateDisabled = "update_disabled"
	CandidateKeyDeleteDisabled = "delete_disabled"
)
View Source
const (
	// IdentityClaimOAuthProviderType is a claim with a string value.
	IdentityClaimOAuthProviderType string = "https://authgear.com/claims/oauth/provider_type"
	// IdentityClaimOAuthProviderAlias is a claim with a string value.
	IdentityClaimOAuthProviderAlias string = "https://authgear.com/claims/oauth/provider_alias"
	// IdentityClaimOAuthSubjectID is a claim with a string value like `1098765432`.
	IdentityClaimOAuthSubjectID string = "https://authgear.com/claims/oauth/subject_id"
	// IdentityClaimOAuthData is a claim with a map value containing raw OAuth provider profile.
	IdentityClaimOAuthProfile string = "https://authgear.com/claims/oauth/profile"

	// IdentityClaimLoginIDType is a claim with a string value indicating the type of login ID.
	IdentityClaimLoginIDType string = "https://authgear.com/claims/login_id/type"
	// IdentityClaimLoginIDValue is a claim with a string value indicating the key of login ID.
	IdentityClaimLoginIDKey string = "https://authgear.com/claims/login_id/key"
	// IdentityClaimLoginIDOriginalValue is a claim with a string value indicating the value of original login ID.
	IdentityClaimLoginIDOriginalValue string = "https://authgear.com/claims/login_id/original_value"
	// IdentityClaimLoginIDValue is a claim with a string value indicating the value of login ID.
	IdentityClaimLoginIDValue string = "https://authgear.com/claims/login_id/value"

	// IdentityClaimAnonymousKeyID is a claim with a string value containing anonymous key ID.
	IdentityClaimAnonymousKeyID string = "https://authgear.com/claims/anonymous/key_id"

	// IdentityClaimBiometricKeyID is a claim with a string value containing biometric key ID.
	IdentityClaimBiometricKeyID string = "https://authgear.com/claims/biometric/key_id"
	// IdentityClaimBiometricDeviceInfo is a claim with a map value containing device info.
	IdentityClaimBiometricDeviceInfo string = "https://authgear.com/claims/biometric/device_info"
	// IdentityClaimBiometricFormattedDeviceInfo is a claim with a string value indicating formatted device info for display.
	IdentityClaimBiometricFormattedDeviceInfo string = "https://authgear.com/claims/biometric/formatted_device_info"

	// IdentityClaimPasskeyCredentialID is a claim with a string value.
	// nolint: gosec
	IdentityClaimPasskeyCredentialID string = "https://authgear.com/claims/passkey/credential_id"
	// nolint: gosec
	IdentityClaimPasskeyDisplayName string = "https://authgear.com/claims/passkey/display_name"

	// IdentityClaimSIWEAddress is a claim with a string value.
	IdentityClaimSIWEAddress string = "https://authgear.com/claims/siwe/address"
	// IdentityClaimSIWEChainID is a claim with an interger value.
	IdentityClaimSIWEChainID string = "https://authgear.com/claims/siwe/chain_id"

	// IdentityClaimLDAPServerName is a claim with a string value.
	IdentityClaimLDAPServerName string = "https://authgear.com/claims/ldap/server_name"
	// IdentityClaimLDAPLastLoginUserName is a claim with a string value.
	IdentityClaimLDAPLastLoginUserName string = "https://authgear.com/claims/ldap/last_login_username"
	// IdentityClaimLDAPUserIDAttributeName is a claim with a string value.
	IdentityClaimLDAPUserIDAttributeName string = "https://authgear.com/claims/ldap/user_id_attribute_name"
	// IdentityClaimLDAPUserIDAttributeValue is a claim with a string value.
	IdentityClaimLDAPUserIDAttributeValue string = "https://authgear.com/claims/ldap/user_id_attribute_value"
	// IdentityClaimLDAPRawUserIDAttributeValue is a claim with a string value.
	IdentityClaimLDAPRawUserIDAttributeValue string = "https://authgear.com/claims/ldap/raw_user_id_attribute_value"
	// IdentityClaimLDAPAttributes is a claim with a map value.
	IdentityClaimLDAPAttributes string = "https://authgear.com/claims/ldap/attributes"
	// IdentityClaimLDAPRawAttributes is a claim with a map value.
	IdentityClaimLDAPRawAttributes string = "https://authgear.com/claims/ldap/raw_attributes"
)

Variables

View Source
var Deprecated_ErrDuplicatedIdentity = api.NewInvariantViolated("DuplicatedIdentity", "identity already exists", nil)

Functions

func IsErrDuplicatedIdentity

func IsErrDuplicatedIdentity(err error) bool

func IsOAuthSSOProviderTypeDisabled

func IsOAuthSSOProviderTypeDisabled(cfg oauthrelyingparty.ProviderConfig, featureConfig *config.OAuthSSOProvidersFeatureConfig) bool

func NewErrDuplicatedIdentity

func NewErrDuplicatedIdentity(incoming *Spec, existing *Spec) error

func NewErrDuplicatedIdentityMany

func NewErrDuplicatedIdentityMany(incoming *Spec, existings []*Spec) error

func RenderAttribute

func RenderAttribute(attributeName string, attributeValue []byte) string

func ToPrintable

func ToPrintable(b []byte) (str string, ok bool)

Types

type Anonymous

type Anonymous struct {
	ID        string    `json:"id"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
	UserID    string    `json:"user_id"`
	KeyID     string    `json:"key_id"`
	Key       []byte    `json:"key"`
}

func (*Anonymous) ToInfo

func (i *Anonymous) ToInfo() *Info

func (*Anonymous) ToJWK

func (i *Anonymous) ToJWK() (jwk.Key, error)

type AnonymousSpec

type AnonymousSpec struct {
	KeyID              string `json:"key_id,omitempty"`
	Key                string `json:"key,omitempty"`
	ExistingUserID     string `json:"existing_user_id,omitempty"`
	ExistingIdentityID string `json:"existing_identity_id,omitempty"`
}

type Biometric

type Biometric struct {
	ID         string                 `json:"id"`
	CreatedAt  time.Time              `json:"created_at"`
	UpdatedAt  time.Time              `json:"updated_at"`
	UserID     string                 `json:"user_id"`
	KeyID      string                 `json:"key_id"`
	Key        []byte                 `json:"key"`
	DeviceInfo map[string]interface{} `json:"device_info"`
}

func (*Biometric) FormattedDeviceInfo

func (i *Biometric) FormattedDeviceInfo() string

func (*Biometric) ToInfo

func (i *Biometric) ToInfo() *Info

func (*Biometric) ToJWK

func (i *Biometric) ToJWK() (jwk.Key, error)

type BiometricSpec

type BiometricSpec struct {
	KeyID      string                 `json:"key_id,omitempty"`
	Key        string                 `json:"key,omitempty"`
	DeviceInfo map[string]interface{} `json:"device_info,omitempty"`
}

type Candidate

type Candidate map[string]interface{}

func NewLoginIDCandidate

func NewLoginIDCandidate(c *config.LoginIDKeyConfig) Candidate

func NewOAuthCandidate

func NewOAuthCandidate(cfg config.OAuthSSOProviderConfig) Candidate

func NewSIWECandidate

func NewSIWECandidate() Candidate

type Filter

type Filter interface {
	Keep(ii *Info) bool
}

func KeepType

func KeepType(types ...model.IdentityType) Filter

type FilterFunc

type FilterFunc func(ii *Info) bool
var KeepIdentifiable FilterFunc = func(ii *Info) bool {
	switch ii.Type {
	case model.IdentityTypeLoginID:
		return true
	case model.IdentityTypeOAuth:
		return true
	case model.IdentityTypeAnonymous:
		return false
	case model.IdentityTypeBiometric:
		return false
	case model.IdentityTypePasskey:
		return false
	case model.IdentityTypeSIWE:
		return false
	case model.IdentityTypeLDAP:
		return false
	default:
		panic(fmt.Sprintf("identity: unexpected identity type: %s", ii.Type))
	}
}

KeepIdentifiable keeps Login ID identity and OAuth identity.

func (FilterFunc) Keep

func (f FilterFunc) Keep(ii *Info) bool

type Info

type Info struct {
	ID        string             `json:"id"`
	UserID    string             `json:"user_id"`
	CreatedAt time.Time          `json:"created_at"`
	UpdatedAt time.Time          `json:"updated_at"`
	Type      model.IdentityType `json:"type"`

	LoginID   *LoginID   `json:"login_id,omitempty"`
	OAuth     *OAuth     `json:"oauth,omitempty"`
	Anonymous *Anonymous `json:"anonymous,omitempty"`
	Biometric *Biometric `json:"biometric,omitempty"`
	Passkey   *Passkey   `json:"passkey,omitempty"`
	SIWE      *SIWE      `json:"siwe,omitempty"`
	LDAP      *LDAP      `json:"ldap,omitempty"`
}

func ApplyFilters

func ApplyFilters(iis []*Info, filters ...Filter) (out []*Info)

func (*Info) AMR

func (i *Info) AMR() []string

func (*Info) AllStandardClaims

func (i *Info) AllStandardClaims() map[string]interface{}

func (*Info) CreateDisabled

func (i *Info) CreateDisabled(c *config.IdentityConfig) bool

func (*Info) DeleteDisabled

func (i *Info) DeleteDisabled(c *config.IdentityConfig) bool

func (*Info) DisplayID

func (i *Info) DisplayID() string

DisplayID returns a string that is suitable for the owner to identify the identity. If it is a Login ID identity, the original login ID value is returned. If it is a OAuth identity, email, phone_number or preferred_username is returned. If it is a anonymous identity, the kid is returned. If it is a biometric identity, the kid is returned. If it is a passkey identity, the name is returned. If it is a SIWE identity, EIP681 of the address and chainID is returned If it is a LDAP identity, dn or user id attribute value is returned

func (*Info) GetMeta

func (i *Info) GetMeta() model.Meta

func (*Info) IdentityAwareStandardClaims

func (i *Info) IdentityAwareStandardClaims() map[model.ClaimName]string

IdentityAwareStandardClaims means attributes that may related to other identities Most likely will be used in account linking or duplication check

func (*Info) PrimaryAuthenticatorTypes

func (i *Info) PrimaryAuthenticatorTypes() []model.AuthenticatorType

func (*Info) ToModel

func (i *Info) ToModel() model.Identity

func (*Info) ToRef

func (i *Info) ToRef() *model.IdentityRef

func (*Info) ToSpec

func (i *Info) ToSpec() Spec

func (*Info) UpdateDisabled

func (i *Info) UpdateDisabled(c *config.IdentityConfig) bool

func (*Info) UpdateUserID

func (i *Info) UpdateUserID(newUserID string) *Info

type LDAP

type LDAP struct {
	ID                   string                 `json:"id"`
	CreatedAt            time.Time              `json:"created_at"`
	UpdatedAt            time.Time              `json:"updated_at"`
	UserID               string                 `json:"user_id"`
	ServerName           string                 `json:"server_name"`
	UserIDAttributeName  string                 `json:"user_id_attribute_name"`
	UserIDAttributeValue []byte                 `json:"user_id_attribute_value"`
	Claims               map[string]interface{} `json:"claims,omitempty"`
	RawEntryJSON         map[string]interface{} `json:"raw_entry_json,omitempty"`
	LastLoginUserName    *string                `json:"last_login_username"`
}

func (*LDAP) DisplayID

func (i *LDAP) DisplayID() string

func (*LDAP) EntryJSON

func (i *LDAP) EntryJSON() map[string]interface{}

EntryJSON returns a map that with attributes rendered.

func (*LDAP) IdentityAwareStandardClaims

func (i *LDAP) IdentityAwareStandardClaims() map[model.ClaimName]string

TODO(DEV-1668): Support attributes mapping in LDAP We need to convert ldap entry attribute to identity aware standard claims Expected to return ClaimEmail or ClaimPhoneNumber or ClaimPreferredUsername

func (*LDAP) ToInfo

func (i *LDAP) ToInfo() *Info

func (*LDAP) ToLDAPSpec

func (i *LDAP) ToLDAPSpec() *LDAPSpec

func (*LDAP) UserIDAttributeValueDisplayValue

func (i *LDAP) UserIDAttributeValueDisplayValue() string

type LDAPSpec

type LDAPSpec struct {
	ServerName           string                 `json:"server_name"`
	UserIDAttributeName  string                 `json:"user_id_attribute_name"`
	UserIDAttributeValue []byte                 `json:"user_id_attribute_value"`
	Claims               map[string]interface{} `json:"claims,omitempty"`
	RawEntryJSON         map[string]interface{} `json:"raw_entry_json,omitempty"`
	LastLoginUserName    *string                `json:"last_login_username"`
}

type LoginID

type LoginID struct {
	ID              string                 `json:"id"`
	CreatedAt       time.Time              `json:"created_at"`
	UpdatedAt       time.Time              `json:"updated_at"`
	UserID          string                 `json:"user_id"`
	LoginIDKey      string                 `json:"login_id_key"`
	LoginIDType     model.LoginIDKeyType   `json:"login_id_type"`
	LoginID         string                 `json:"login_id"`
	OriginalLoginID string                 `json:"original_login_id"`
	UniqueKey       string                 `json:"unique_key"`
	Claims          map[string]interface{} `json:"claims,omitempty"`
}

func (*LoginID) Deprecated_ToChannelTarget

func (i *LoginID) Deprecated_ToChannelTarget() (model.AuthenticatorOOBChannel, string)

Deprecated_ToChannelTarget is deprecated because it does not support model.AuthenticatorOOBChannelWhatsapp.

func (*LoginID) IdentityAwareStandardClaims

func (i *LoginID) IdentityAwareStandardClaims() map[model.ClaimName]string

func (*LoginID) ToInfo

func (i *LoginID) ToInfo() *Info

type LoginIDMigrateSpec

type LoginIDMigrateSpec struct {
	Key   string               `json:"key"`
	Type  model.LoginIDKeyType `json:"type"`
	Value string               `json:"value"`
}

type LoginIDSpec

type LoginIDSpec struct {
	Key   string               `json:"key"`
	Type  model.LoginIDKeyType `json:"type"`
	Value string               `json:"value"`
}

type MigrateSpec

type MigrateSpec struct {
	Type model.IdentityType `json:"type"`

	LoginID *LoginIDMigrateSpec `json:"login_id,omitempty"`
}

func (*MigrateSpec) GetSpec

func (s *MigrateSpec) GetSpec() *Spec

type NewIdentityOptions

type NewIdentityOptions struct {
	LoginIDEmailByPassBlocklistAllowlist bool
}

type OAuth

type OAuth struct {
	ID                string                       `json:"id"`
	CreatedAt         time.Time                    `json:"created_at"`
	UpdatedAt         time.Time                    `json:"updated_at"`
	UserID            string                       `json:"user_id"`
	ProviderID        oauthrelyingparty.ProviderID `json:"provider_id"`
	ProviderSubjectID string                       `json:"provider_subject_id"`
	UserProfile       map[string]interface{}       `json:"user_profile,omitempty"`
	Claims            map[string]interface{}       `json:"claims,omitempty"`
	// This is a derived field and NOT persisted to database.
	// We still include it in JSON serialization so it can be persisted in the graph.
	ProviderAlias string `json:"provider_alias,omitempty"`
}

func (*OAuth) GetDisplayName

func (i *OAuth) GetDisplayName() string

func (*OAuth) IdentityAwareStandardClaims

func (i *OAuth) IdentityAwareStandardClaims() map[model.ClaimName]string

func (*OAuth) ToInfo

func (i *OAuth) ToInfo() *Info

type OAuthSpec

type OAuthSpec struct {
	ProviderID     oauthrelyingparty.ProviderID `json:"provider_id"`
	SubjectID      string                       `json:"subject_id"`
	RawProfile     map[string]interface{}       `json:"raw_profile,omitempty"`
	StandardClaims map[string]interface{}       `json:"standard_claims,omitempty"`
}

type Passkey

type Passkey struct {
	ID                  string                         `json:"id"`
	CreatedAt           time.Time                      `json:"created_at"`
	UpdatedAt           time.Time                      `json:"updated_at"`
	UserID              string                         `json:"user_id"`
	CredentialID        string                         `json:"credential_id"`
	CreationOptions     *model.WebAuthnCreationOptions `json:"creation_options,omitempty"`
	AttestationResponse []byte                         `json:"attestation_response,omitempty"`
}

func (*Passkey) ToInfo

func (i *Passkey) ToInfo() *Info

type PasskeySpec

type PasskeySpec struct {
	AttestationResponse []byte `json:"attestation_response,omitempty"`
	AssertionResponse   []byte `json:"assertion_response,omitempty"`
}

type SIWE

type SIWE struct {
	ID        string     `json:"id"`
	CreatedAt time.Time  `json:"created_at"`
	UpdatedAt time.Time  `json:"updated_at"`
	UserID    string     `json:"user_id"`
	ChainID   int        `json:"chain_id"`
	Address   web3.EIP55 `json:"address"`

	Data *model.SIWEVerifiedData `json:"data"`
}

func (*SIWE) ToContractID

func (i *SIWE) ToContractID() (*web3.ContractID, error)

func (*SIWE) ToERC681

func (i *SIWE) ToERC681() (*web3.EIP681, error)

func (*SIWE) ToInfo

func (i *SIWE) ToInfo() *Info

type SIWESpec

type SIWESpec struct {
	Message   string `json:"message"`
	Signature string `json:"signature"`
}

type Spec

type Spec struct {
	Type model.IdentityType `json:"type"`

	LoginID   *LoginIDSpec   `json:"login_id,omitempty"`
	OAuth     *OAuthSpec     `json:"oauth,omitempty"`
	Anonymous *AnonymousSpec `json:"anonymous,omitempty"`
	Biometric *BiometricSpec `json:"biometric,omitempty"`
	Passkey   *PasskeySpec   `json:"passkey,omitempty"`
	SIWE      *SIWESpec      `json:"siwe,omitempty"`
	LDAP      *LDAPSpec      `json:"ldap,omitempty"`
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL