Documentation ¶
Index ¶
- Constants
- Variables
- func IsErrDuplicatedIdentity(err error) bool
- func IsOAuthSSOProviderTypeDisabled(cfg oauthrelyingparty.ProviderConfig, ...) bool
- func NewErrDuplicatedIdentity(incoming *Spec, existing *Spec) error
- func NewErrDuplicatedIdentityMany(incoming *Spec, existings []*Spec) error
- func RenderAttribute(attributeName string, attributeValue []byte) string
- func ToPrintable(b []byte) (str string, ok bool)
- type Anonymous
- type AnonymousSpec
- type Biometric
- type BiometricSpec
- type Candidate
- type Filter
- type FilterFunc
- type Info
- func (i *Info) AMR() []string
- func (i *Info) AllStandardClaims() map[string]interface{}
- func (i *Info) CreateDisabled(c *config.IdentityConfig) bool
- func (i *Info) DeleteDisabled(c *config.IdentityConfig) bool
- func (i *Info) DisplayID() string
- func (i *Info) GetMeta() model.Meta
- func (i *Info) IdentityAwareStandardClaims() map[model.ClaimName]string
- func (i *Info) PrimaryAuthenticatorTypes() []model.AuthenticatorType
- func (i *Info) ToModel() model.Identity
- func (i *Info) ToRef() *model.IdentityRef
- func (i *Info) ToSpec() Spec
- func (i *Info) UpdateDisabled(c *config.IdentityConfig) bool
- func (i *Info) UpdateUserID(newUserID string) *Info
- type LDAP
- type LDAPSpec
- type LoginID
- type LoginIDMigrateSpec
- type LoginIDSpec
- type MigrateSpec
- type NewIdentityOptions
- type OAuth
- type OAuthSpec
- type Passkey
- type PasskeySpec
- type SIWE
- type SIWESpec
- type Spec
Constants ¶
const ( CandidateKeyIdentityID = "identity_id" CandidateKeyType = "type" CandidateKeyProviderType = "provider_type" CandidateKeyProviderAlias = "provider_alias" CandidateKeyProviderSubjectID = "provider_subject_id" CandidateKeyProviderAppType = "provider_app_type" CandidateKeyLoginIDType = "login_id_type" CandidateKeyLoginIDKey = "login_id_key" CandidateKeyLoginIDValue = "login_id_value" CandidateKeyDisplayID = "display_id" CandidateKeyCreateDisabled = "create_disabled" CandidateKeyUpdateDisabled = "update_disabled" CandidateKeyDeleteDisabled = "delete_disabled" )
const ( // IdentityClaimOAuthProviderType is a claim with a string value. IdentityClaimOAuthProviderType string = "https://authgear.com/claims/oauth/provider_type" // IdentityClaimOAuthProviderAlias is a claim with a string value. IdentityClaimOAuthProviderAlias string = "https://authgear.com/claims/oauth/provider_alias" // IdentityClaimOAuthSubjectID is a claim with a string value like `1098765432`. IdentityClaimOAuthSubjectID string = "https://authgear.com/claims/oauth/subject_id" // IdentityClaimOAuthData is a claim with a map value containing raw OAuth provider profile. IdentityClaimOAuthProfile string = "https://authgear.com/claims/oauth/profile" // IdentityClaimLoginIDType is a claim with a string value indicating the type of login ID. IdentityClaimLoginIDType string = "https://authgear.com/claims/login_id/type" // IdentityClaimLoginIDValue is a claim with a string value indicating the key of login ID. IdentityClaimLoginIDKey string = "https://authgear.com/claims/login_id/key" // IdentityClaimLoginIDOriginalValue is a claim with a string value indicating the value of original login ID. IdentityClaimLoginIDOriginalValue string = "https://authgear.com/claims/login_id/original_value" // IdentityClaimLoginIDValue is a claim with a string value indicating the value of login ID. IdentityClaimLoginIDValue string = "https://authgear.com/claims/login_id/value" // IdentityClaimAnonymousKeyID is a claim with a string value containing anonymous key ID. IdentityClaimAnonymousKeyID string = "https://authgear.com/claims/anonymous/key_id" // IdentityClaimBiometricKeyID is a claim with a string value containing biometric key ID. IdentityClaimBiometricKeyID string = "https://authgear.com/claims/biometric/key_id" // IdentityClaimBiometricDeviceInfo is a claim with a map value containing device info. IdentityClaimBiometricDeviceInfo string = "https://authgear.com/claims/biometric/device_info" // IdentityClaimBiometricFormattedDeviceInfo is a claim with a string value indicating formatted device info for display. IdentityClaimBiometricFormattedDeviceInfo string = "https://authgear.com/claims/biometric/formatted_device_info" // IdentityClaimPasskeyCredentialID is a claim with a string value. // nolint: gosec IdentityClaimPasskeyCredentialID string = "https://authgear.com/claims/passkey/credential_id" // nolint: gosec IdentityClaimPasskeyDisplayName string = "https://authgear.com/claims/passkey/display_name" // IdentityClaimSIWEAddress is a claim with a string value. IdentityClaimSIWEAddress string = "https://authgear.com/claims/siwe/address" // IdentityClaimSIWEChainID is a claim with an interger value. IdentityClaimSIWEChainID string = "https://authgear.com/claims/siwe/chain_id" // IdentityClaimLDAPServerName is a claim with a string value. IdentityClaimLDAPServerName string = "https://authgear.com/claims/ldap/server_name" // IdentityClaimLDAPLastLoginUserName is a claim with a string value. IdentityClaimLDAPLastLoginUserName string = "https://authgear.com/claims/ldap/last_login_username" // IdentityClaimLDAPUserIDAttributeName is a claim with a string value. IdentityClaimLDAPUserIDAttributeName string = "https://authgear.com/claims/ldap/user_id_attribute_name" // IdentityClaimLDAPUserIDAttributeValue is a claim with a string value. IdentityClaimLDAPUserIDAttributeValue string = "https://authgear.com/claims/ldap/user_id_attribute_value" // IdentityClaimLDAPRawUserIDAttributeValue is a claim with a string value. IdentityClaimLDAPRawUserIDAttributeValue string = "https://authgear.com/claims/ldap/raw_user_id_attribute_value" // IdentityClaimLDAPAttributes is a claim with a map value. IdentityClaimLDAPAttributes string = "https://authgear.com/claims/ldap/attributes" // IdentityClaimLDAPRawAttributes is a claim with a map value. IdentityClaimLDAPRawAttributes string = "https://authgear.com/claims/ldap/raw_attributes" )
Variables ¶
var Deprecated_ErrDuplicatedIdentity = api.NewInvariantViolated("DuplicatedIdentity", "identity already exists", nil)
Functions ¶
func IsErrDuplicatedIdentity ¶
func IsOAuthSSOProviderTypeDisabled ¶
func IsOAuthSSOProviderTypeDisabled(cfg oauthrelyingparty.ProviderConfig, featureConfig *config.OAuthSSOProvidersFeatureConfig) bool
func RenderAttribute ¶
func ToPrintable ¶
Types ¶
type Anonymous ¶
type AnonymousSpec ¶
type Biometric ¶
type Biometric struct { ID string `json:"id"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` UserID string `json:"user_id"` KeyID string `json:"key_id"` Key []byte `json:"key"` DeviceInfo map[string]interface{} `json:"device_info"` }
func (*Biometric) FormattedDeviceInfo ¶
type BiometricSpec ¶
type Candidate ¶
type Candidate map[string]interface{}
func NewLoginIDCandidate ¶
func NewLoginIDCandidate(c *config.LoginIDKeyConfig) Candidate
func NewOAuthCandidate ¶
func NewOAuthCandidate(cfg config.OAuthSSOProviderConfig) Candidate
func NewSIWECandidate ¶
func NewSIWECandidate() Candidate
type FilterFunc ¶
var KeepIdentifiable FilterFunc = func(ii *Info) bool { switch ii.Type { case model.IdentityTypeLoginID: return true case model.IdentityTypeOAuth: return true case model.IdentityTypeAnonymous: return false case model.IdentityTypeBiometric: return false case model.IdentityTypePasskey: return false case model.IdentityTypeSIWE: return false case model.IdentityTypeLDAP: return false default: panic(fmt.Sprintf("identity: unexpected identity type: %s", ii.Type)) } }
KeepIdentifiable keeps Login ID identity and OAuth identity.
func (FilterFunc) Keep ¶
func (f FilterFunc) Keep(ii *Info) bool
type Info ¶
type Info struct { ID string `json:"id"` UserID string `json:"user_id"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` Type model.IdentityType `json:"type"` LoginID *LoginID `json:"login_id,omitempty"` OAuth *OAuth `json:"oauth,omitempty"` Anonymous *Anonymous `json:"anonymous,omitempty"` Biometric *Biometric `json:"biometric,omitempty"` Passkey *Passkey `json:"passkey,omitempty"` SIWE *SIWE `json:"siwe,omitempty"` LDAP *LDAP `json:"ldap,omitempty"` }
func ApplyFilters ¶
func (*Info) AllStandardClaims ¶
func (*Info) CreateDisabled ¶
func (i *Info) CreateDisabled(c *config.IdentityConfig) bool
func (*Info) DeleteDisabled ¶
func (i *Info) DeleteDisabled(c *config.IdentityConfig) bool
func (*Info) DisplayID ¶
DisplayID returns a string that is suitable for the owner to identify the identity. If it is a Login ID identity, the original login ID value is returned. If it is a OAuth identity, email, phone_number or preferred_username is returned. If it is a anonymous identity, the kid is returned. If it is a biometric identity, the kid is returned. If it is a passkey identity, the name is returned. If it is a SIWE identity, EIP681 of the address and chainID is returned If it is a LDAP identity, dn or user id attribute value is returned
func (*Info) IdentityAwareStandardClaims ¶
IdentityAwareStandardClaims means attributes that may related to other identities Most likely will be used in account linking or duplication check
func (*Info) PrimaryAuthenticatorTypes ¶
func (i *Info) PrimaryAuthenticatorTypes() []model.AuthenticatorType
func (*Info) ToRef ¶
func (i *Info) ToRef() *model.IdentityRef
func (*Info) UpdateDisabled ¶
func (i *Info) UpdateDisabled(c *config.IdentityConfig) bool
func (*Info) UpdateUserID ¶
type LDAP ¶
type LDAP struct { ID string `json:"id"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` UserID string `json:"user_id"` ServerName string `json:"server_name"` UserIDAttributeName string `json:"user_id_attribute_name"` UserIDAttributeValue []byte `json:"user_id_attribute_value"` Claims map[string]interface{} `json:"claims,omitempty"` RawEntryJSON map[string]interface{} `json:"raw_entry_json,omitempty"` LastLoginUserName *string `json:"last_login_username"` }
func (*LDAP) IdentityAwareStandardClaims ¶
TODO(DEV-1668): Support attributes mapping in LDAP We need to convert ldap entry attribute to identity aware standard claims Expected to return ClaimEmail or ClaimPhoneNumber or ClaimPreferredUsername
func (*LDAP) ToLDAPSpec ¶
func (*LDAP) UserIDAttributeValueDisplayValue ¶
type LDAPSpec ¶
type LDAPSpec struct { ServerName string `json:"server_name"` UserIDAttributeName string `json:"user_id_attribute_name"` UserIDAttributeValue []byte `json:"user_id_attribute_value"` Claims map[string]interface{} `json:"claims,omitempty"` RawEntryJSON map[string]interface{} `json:"raw_entry_json,omitempty"` LastLoginUserName *string `json:"last_login_username"` }
type LoginID ¶
type LoginID struct { ID string `json:"id"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` UserID string `json:"user_id"` LoginIDKey string `json:"login_id_key"` LoginIDType model.LoginIDKeyType `json:"login_id_type"` LoginID string `json:"login_id"` OriginalLoginID string `json:"original_login_id"` UniqueKey string `json:"unique_key"` Claims map[string]interface{} `json:"claims,omitempty"` }
func (*LoginID) Deprecated_ToChannelTarget ¶
func (i *LoginID) Deprecated_ToChannelTarget() (model.AuthenticatorOOBChannel, string)
Deprecated_ToChannelTarget is deprecated because it does not support model.AuthenticatorOOBChannelWhatsapp.
func (*LoginID) IdentityAwareStandardClaims ¶
type LoginIDMigrateSpec ¶
type LoginIDMigrateSpec struct { Key string `json:"key"` Type model.LoginIDKeyType `json:"type"` Value string `json:"value"` }
type LoginIDSpec ¶
type LoginIDSpec struct { Key string `json:"key"` Type model.LoginIDKeyType `json:"type"` Value stringutil.UserInputString `json:"value"` }
type MigrateSpec ¶
type MigrateSpec struct { Type model.IdentityType `json:"type"` LoginID *LoginIDMigrateSpec `json:"login_id,omitempty"` }
func (*MigrateSpec) GetSpec ¶
func (s *MigrateSpec) GetSpec() *Spec
type NewIdentityOptions ¶
type NewIdentityOptions struct {
LoginIDEmailByPassBlocklistAllowlist bool
}
type OAuth ¶
type OAuth struct { ID string `json:"id"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` UserID string `json:"user_id"` ProviderID oauthrelyingparty.ProviderID `json:"provider_id"` ProviderSubjectID string `json:"provider_subject_id"` UserProfile map[string]interface{} `json:"user_profile,omitempty"` Claims map[string]interface{} `json:"claims,omitempty"` // This is a derived field and NOT persisted to database. // We still include it in JSON serialization so it can be persisted in the graph. ProviderAlias string `json:"provider_alias,omitempty"` }
func (*OAuth) GetDisplayName ¶
func (*OAuth) IdentityAwareStandardClaims ¶
type OAuthSpec ¶
type OAuthSpec struct { ProviderID oauthrelyingparty.ProviderID `json:"provider_id"` SubjectID string `json:"subject_id"` RawProfile map[string]interface{} `json:"raw_profile,omitempty"` StandardClaims map[string]interface{} `json:"standard_claims,omitempty"` }
type Passkey ¶
type Passkey struct { ID string `json:"id"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` UserID string `json:"user_id"` CredentialID string `json:"credential_id"` CreationOptions *model.WebAuthnCreationOptions `json:"creation_options,omitempty"` AttestationResponse []byte `json:"attestation_response,omitempty"` }
type PasskeySpec ¶
type SIWE ¶
type SIWE struct { ID string `json:"id"` CreatedAt time.Time `json:"created_at"` UpdatedAt time.Time `json:"updated_at"` UserID string `json:"user_id"` ChainID int `json:"chain_id"` Address web3.EIP55 `json:"address"` Data *model.SIWEVerifiedData `json:"data"` }
func (*SIWE) ToContractID ¶
func (i *SIWE) ToContractID() (*web3.ContractID, error)
type Spec ¶
type Spec struct { Type model.IdentityType `json:"type"` LoginID *LoginIDSpec `json:"login_id,omitempty"` OAuth *OAuthSpec `json:"oauth,omitempty"` Anonymous *AnonymousSpec `json:"anonymous,omitempty"` Biometric *BiometricSpec `json:"biometric,omitempty"` Passkey *PasskeySpec `json:"passkey,omitempty"` SIWE *SIWESpec `json:"siwe,omitempty"` LDAP *LDAPSpec `json:"ldap,omitempty"` }
Source Files ¶
- anonymous_identity.go
- anonymous_spec.go
- biometric_identity.go
- biometric_spec.go
- candidate.go
- claim_key.go
- errors.go
- filters.go
- info.go
- ldap_identity.go
- ldap_spec.go
- loginid_identity.go
- loginid_spec.go
- migrate_spec.go
- oauth_identity.go
- oauth_spec.go
- options.go
- passkey_identity.go
- passkey_spec.go
- siwe_identity.go
- siwe_spec.go
- spec.go