claims

package
v0.14.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	ProfileScopeSpecs = map[string]ClaimSpec{

		oauth2.ClaimFullName:          Optional(FullName),
		oauth2.ClaimFirstName:         Optional(FirstName),
		oauth2.ClaimLastName:          Optional(LastName),
		oauth2.ClaimMiddleName:        Unsupported(),
		oauth2.ClaimNickname:          Unsupported(),
		oauth2.ClaimPreferredUsername: Optional(Username),
		oauth2.ClaimProfileUrl:        Unsupported(),
		oauth2.ClaimPictureUrl:        Unsupported(),
		oauth2.ClaimWebsite:           Unsupported(),
		oauth2.ClaimGender:            Unsupported(),
		oauth2.ClaimBirthday:          Unsupported(),
		oauth2.ClaimZoneInfo:          Optional(ZoneInfo),
		oauth2.ClaimLocale:            Optional(Locale),
		oauth2.ClaimCurrency:          Optional(Currency),
		oauth2.ClaimUpdatedAt:         Unsupported(),
		oauth2.ClaimDefaultTenantId:   Optional(DefaultTenantId),
		oauth2.ClaimRoles:             Optional(Roles),
		oauth2.ClaimPermissions:       Optional(Permissions),
	}

	EmailScopeSpecs = map[string]ClaimSpec{
		oauth2.ClaimEmail:         Optional(Email),
		oauth2.ClaimEmailVerified: Optional(EmailVerified),
	}

	PhoneScopeSpecs = map[string]ClaimSpec{
		oauth2.ClaimPhoneNumber:      Unsupported(),
		oauth2.ClaimPhoneNumVerified: Unsupported(),
	}

	AddressScopeSpecs = map[string]ClaimSpec{
		oauth2.ClaimAddress: Optional(Address),
	}
)
View Source 
var (
	CheckTokenClaimSpecs = map[string]ClaimSpec{

		oauth2.ClaimAudience:  Required(Audience),
		oauth2.ClaimExpire:    Optional(ExpiresAt),
		oauth2.ClaimJwtId:     Optional(JwtId),
		oauth2.ClaimIssueAt:   Optional(IssuedAt),
		oauth2.ClaimIssuer:    Required(Issuer),
		oauth2.ClaimNotBefore: Optional(NotBefore),
		oauth2.ClaimSubject:   Optional(Subject),
		oauth2.ClaimScope:     Optional(Scopes),
		oauth2.ClaimClientId:  Required(ClientId),
		oauth2.ClaimUsername:  Optional(Username),

		oauth2.ClaimAuthTime:  Optional(AuthenticationTime),
		oauth2.ClaimFirstName: Optional(FirstName),
		oauth2.ClaimLastName:  Optional(LastName),
		oauth2.ClaimEmail:     Optional(Email),
		oauth2.ClaimLocale:    Optional(Locale),

		oauth2.ClaimUserId:                   Optional(UserId),
		oauth2.ClaimAccountType:              Optional(AccountType),
		oauth2.ClaimCurrency:                 Optional(Currency),
		oauth2.ClaimDefaultTenantId:          Optional(DefaultTenantId),
		oauth2.ClaimTenantId:                 Optional(TenantId),
		oauth2.ClaimTenantExternalId:         Optional(TenantExternalId),
		oauth2.ClaimTenantSuspended:          Optional(TenantSuspended),
		oauth2.ClaimProviderId:               Optional(ProviderId),
		oauth2.ClaimProviderName:             Optional(ProviderName),
		oauth2.ClaimProviderDisplayName:      Optional(ProviderDisplayName),
		oauth2.ClaimProviderDescription:      Optional(ProviderDescription),
		oauth2.ClaimProviderEmail:            Optional(ProviderEmail),
		oauth2.ClaimProviderNotificationType: Optional(ProviderNotificationType),

		oauth2.ClaimRoles:        Optional(Roles),
		oauth2.ClaimPermissions:  Optional(Permissions),
		oauth2.ClaimOrigUsername: Optional(OriginalUsername),
	}
)
View Source 
var (
	IdTokenBasicSpecs = map[string]ClaimSpec{

		oauth2.ClaimIssuer:          Required(Issuer),
		oauth2.ClaimSubject:         Required(Subject),
		oauth2.ClaimAudience:        Required(Audience),
		oauth2.ClaimExpire:          Required(ExpiresAt),
		oauth2.ClaimIssueAt:         Required(IssuedAt),
		oauth2.ClaimAuthTime:        RequiredIfParamsExists(AuthenticationTime, oauth2.ParameterMaxAge),
		oauth2.ClaimNonce:           RequiredIfParamsExists(Nonce, oauth2.ParameterNonce),
		oauth2.ClaimAuthCtxClassRef: Optional(AuthContextClassRef),
		oauth2.ClaimAuthMethodRef:   Optional(AuthMethodRef),
		oauth2.ClaimAuthorizedParty: Optional(ClientId),
		oauth2.ClaimAccessTokenHash: RequiredIfImplicitFlow(AccessTokenHash),

		oauth2.ClaimUserId:           Optional(UserId),
		oauth2.ClaimAccountType:      Optional(AccountType),
		oauth2.ClaimTenantId:         Optional(TenantId),
		oauth2.ClaimTenantExternalId: Optional(TenantExternalId),
		oauth2.ClaimTenantSuspended:  Optional(TenantSuspended),
		oauth2.ClaimProviderId:       Optional(ProviderId),
		oauth2.ClaimProviderName:     Optional(ProviderName),
		oauth2.ClaimOrigUsername:     Optional(OriginalUsername),
		oauth2.ClaimRoles:            Optional(Roles),
	}
)
View Source 
var (
	UserInfoBasicSpecs = map[string]ClaimSpec{
		oauth2.ClaimIssuer:   Required(Issuer),
		oauth2.ClaimSubject:  Optional(Subject),
		oauth2.ClaimAudience: Required(Audience),

		oauth2.ClaimAccountType: Optional(AccountType),
	}
)

Functions

func AccessTokenHash 

func AccessTokenHash(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func AccountType 

func AccountType(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func Address 

func Address(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func Audience 

func Audience(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func AuthContextClassRef 

func AuthContextClassRef(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func AuthMethodRef 

func AuthMethodRef(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func AuthenticationTime 

func AuthenticationTime(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func ClientId 

func ClientId(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func Currency 

func Currency(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func DefaultTenantId 

func DefaultTenantId(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func Email 

func Email(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func EmailVerified 

func EmailVerified(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func ExpiresAt 

func ExpiresAt(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func FirstName 

func FirstName(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func FullName 

func FullName(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func IssuedAt 

func IssuedAt(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func Issuer 

func Issuer(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func JwtId 

func JwtId(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func LastName 

func LastName(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func LegacyAudience 

func LegacyAudience(ctx context.Context, opt *FactoryOption) utils.StringSet

func Locale 

func Locale(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func Nonce 

func Nonce(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func NotBefore 

func NotBefore(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func OriginalUsername 

func OriginalUsername(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func Permissions 

func Permissions(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func Populate 

func Populate(ctx context.Context, claims oauth2.Claims, opts ...FactoryOptions) error

func ProviderDescription 

func ProviderDescription(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func ProviderDisplayName 

func ProviderDisplayName(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func ProviderEmail 

func ProviderEmail(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func ProviderId 

func ProviderId(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func ProviderName 

func ProviderName(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func ProviderNotificationType 

func ProviderNotificationType(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func Roles 

func Roles(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func Scopes 

func Scopes(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func Subject 

func Subject(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func TenantExternalId 

func TenantExternalId(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func TenantId 

func TenantId(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func TenantSuspended 

func TenantSuspended(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func UserId 

func UserId(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

func Username 

func Username(_ context.Context, opt *FactoryOption) (v interface{}, err error)

func ZoneInfo 

func ZoneInfo(_ context.Context, _ *FactoryOption) (v interface{}, err error)

Types

type AddressClaim 

type AddressClaim struct {
	Formatted  string `json:"formatted,omitempty"`
	StreetAddr string `json:"street_address,omitempty"`
	City       string `json:"locality,omitempty"`
	Region     string `json:"region,omitempty"`
	PostalCode string `json:"postal_code,omitempty"`
	Country    string `json:"country,omitempty"`
}

AddressClaim is defined at https://openid.net/specs/openid-connect-core-1_0.html#AddressClaim

type ClaimFactoryFunc 

type ClaimFactoryFunc func(ctx context.Context, opt *FactoryOption) (v interface{}, err error)

type ClaimRequirementFunc 

type ClaimRequirementFunc func(ctx context.Context, opt *FactoryOption) bool

type ClaimSpec 

type ClaimSpec interface {
	Calculate(ctx context.Context, opt *FactoryOption) (v interface{}, err error)
	Required(ctx context.Context, opt *FactoryOption) bool
}

func Optional 

func Optional(fn ClaimFactoryFunc) ClaimSpec

func Required 

func Required(fn ClaimFactoryFunc) ClaimSpec

func RequiredIfImplicitFlow 

func RequiredIfImplicitFlow(fn ClaimFactoryFunc) ClaimSpec

func RequiredIfParamsExists 

func RequiredIfParamsExists(fn ClaimFactoryFunc, requestParams ...string) ClaimSpec

func Unsupported 

func Unsupported() ClaimSpec

type FactoryOption 

type FactoryOption struct {
	Specs           []map[string]ClaimSpec
	Source          oauth2.Authentication
	Issuer          security.Issuer
	AccountStore    security.AccountStore
	AccessToken     oauth2.AccessToken
	RequestedClaims RequestedClaims
	ClaimsFormula   []map[string]ClaimSpec
	ExtraSource     map[string]interface{}
}

type FactoryOptions 

type FactoryOptions func(opt *FactoryOption)

func WithAccessToken 

func WithAccessToken(token oauth2.AccessToken) FactoryOptions

func WithAccountStore 

func WithAccountStore(accountStore security.AccountStore) FactoryOptions

func WithExtraSource 

func WithExtraSource(extra map[string]interface{}) FactoryOptions

func WithIssuer 

func WithIssuer(issuer security.Issuer) FactoryOptions

func WithRequestedClaims 

func WithRequestedClaims(requested RequestedClaims, formula ...map[string]ClaimSpec) FactoryOptions

func WithSource 

func WithSource(oauth oauth2.Authentication) FactoryOptions

WithSource is a FactoryOptions

func WithSpecs 

func WithSpecs(specs ...map[string]ClaimSpec) FactoryOptions

type RequestedClaim 

type RequestedClaim interface {
	Essential() bool
	Values() []string
	IsDefault() bool
}

type RequestedClaims 

type RequestedClaims interface {
	Get(claim string) (RequestedClaim, bool)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.