misc

package
v0.15.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 16, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (
	JwkTypeRSA = "RSA"
)

Variables

This section is empty.

Functions

func JwtResponseEncoder

func JwtResponseEncoder() web.EncodeResponseFunc

func StringResponseEncoder

func StringResponseEncoder() web.EncodeResponseFunc

Types

type CheckTokenClaims

type CheckTokenClaims struct {
	oauth2.FieldClaimsMapper

	/*******************************
	 * Standard Check Token claims
	 *******************************/
	oauth2.BasicClaims
	Active   *bool  `claim:"active"`
	Username string `claim:"username"`

	/*******************************
	* Standard OIDC claims
	*******************************/
	FirstName string    `claim:"given_name"`
	LastName  string    `claim:"family_name"`
	Email     string    `claim:"email"`
	Locale    string    `claim:"locale"` // Typically ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1
	AuthTime  time.Time `claim:"auth_time"`

	/*******************************
	 * NFV Additional Claims
	 *******************************/
	UserId                   string          `claim:"user_id"`
	AccountType              string          `claim:"account_type"`
	Currency                 string          `claim:"currency"`
	TenantId                 string          `claim:"tenant_id"`
	TenantExternalId         string          `claim:"tenant_name"` //This maps to Tenant's ExternalId for backward compatibility
	TenantSuspended          *bool           `claim:"tenant_suspended"`
	ProviderId               string          `claim:"provider_id"`
	ProviderName             string          `claim:"provider_name"`
	ProviderDisplayName      string          `claim:"provider_display_name"`
	ProviderDescription      string          `claim:"provider_description"`
	ProviderNotificationType string          `claim:"provider_notification_type"`
	ProviderEmail            string          `claim:"provider_email"`
	AssignedTenants          utils.StringSet `claim:"assigned_tenants"`
	Roles                    utils.StringSet `claim:"roles"`
	Permissions              utils.StringSet `claim:"permissions"`
	OrigUsername             string          `claim:"original_username"`
}

CheckTokenClaims implemnts oauth2.Claims

func (*CheckTokenClaims) Get

func (c *CheckTokenClaims) Get(claim string) interface{}

func (*CheckTokenClaims) Has

func (c *CheckTokenClaims) Has(claim string) bool

func (*CheckTokenClaims) MarshalJSON

func (c *CheckTokenClaims) MarshalJSON() ([]byte, error)

func (*CheckTokenClaims) Set

func (c *CheckTokenClaims) Set(claim string, value interface{})

func (*CheckTokenClaims) UnmarshalJSON

func (c *CheckTokenClaims) UnmarshalJSON(bytes []byte) error

func (*CheckTokenClaims) Values

func (c *CheckTokenClaims) Values() map[string]interface{}

type CheckTokenEndpoint

type CheckTokenEndpoint struct {
	// contains filtered or unexported fields
}

func NewCheckTokenEndpoint

func NewCheckTokenEndpoint(issuer security.Issuer, tokenStoreReader oauth2.TokenStoreReader) *CheckTokenEndpoint

func (*CheckTokenEndpoint) CheckToken

func (ep *CheckTokenEndpoint) CheckToken(c context.Context, request *CheckTokenRequest) (response *CheckTokenClaims, err error)

CheckToken is the token introspection end point as defined in https://datatracker.ietf.org/doc/html/rfc7662 This endpoint is used by protected resources to query the authorization server to determine the state and metadata of a token. Because this request is issued by a protected resource, the client used by the protected resource is not going to be the same as the client the token is issued for. The auth server require the protected resource to be specifically authorized to call this endpoint by means of client authentication and client scope (token_details). This end point is not meant to be used for other means. Any client that's not a protected resource should not be given this scope.

type CheckTokenRequest

type CheckTokenRequest struct {
	Token     string `form:"token"`
	Hint      string `form:"token_type_hint"`
	NoDetails bool   `form:"no_details"`
}

type HierarchyRequest

type HierarchyRequest struct {
	TenantId string `form:"tenantId"`
}

type JwkSetEndpoint

type JwkSetEndpoint struct {
	// contains filtered or unexported fields
}

func NewJwkSetEndpoint

func NewJwkSetEndpoint(jwkStore jwt.JwkStore) *JwkSetEndpoint

func (*JwkSetEndpoint) JwkByKid added in v0.15.0

func (ep *JwkSetEndpoint) JwkByKid(ctx context.Context, req *JwkSetRequest) (resp jwt.Jwk, err error)

func (*JwkSetEndpoint) JwkSet

func (ep *JwkSetEndpoint) JwkSet(ctx context.Context, _ *JwkSetRequest) (resp *JwkSetResponse, err error)

type JwkSetRequest

type JwkSetRequest struct {
	Kid string `uri:"kid"`
}

type JwkSetResponse

type JwkSetResponse struct {
	Keys []jwt.Jwk `json:"keys"`
}

type TenantHierarchyEndpoint

type TenantHierarchyEndpoint struct {
}

func NewTenantHierarchyEndpoint

func NewTenantHierarchyEndpoint() *TenantHierarchyEndpoint

func (*TenantHierarchyEndpoint) GetAncestors

func (endpoint *TenantHierarchyEndpoint) GetAncestors(ctx context.Context, req *HierarchyRequest) (interface{}, error)

func (*TenantHierarchyEndpoint) GetChildren

func (endpoint *TenantHierarchyEndpoint) GetChildren(ctx context.Context, req *HierarchyRequest) (interface{}, error)

func (*TenantHierarchyEndpoint) GetDescendants

func (endpoint *TenantHierarchyEndpoint) GetDescendants(ctx context.Context, req *HierarchyRequest) (interface{}, error)

func (*TenantHierarchyEndpoint) GetParent

func (endpoint *TenantHierarchyEndpoint) GetParent(ctx context.Context, req *HierarchyRequest) (string, error)

func (*TenantHierarchyEndpoint) GetRoot

func (endpoint *TenantHierarchyEndpoint) GetRoot(ctx context.Context, _ *web.EmptyRequest) (string, error)

type UserInfoClaims

type UserInfoClaims struct {
	oauth2.FieldClaimsMapper

	/*******************************
	 * Standard JWT claims
	 *******************************/
	Issuer   string                `claim:"iss"`
	Audience oauth2.StringSetClaim `claim:"aud"`
	Subject  string                `claim:"sub"`

	/*******************************
	* Standard OIDC claims
	*******************************/
	FullName          string               `claim:"name"`
	FirstName         string               `claim:"given_name"`
	LastName          string               `claim:"family_name"`
	MiddleName        string               `claim:"middle_name"`
	Nickname          string               `claim:"nickname"`
	PreferredUsername string               `claim:"preferred_username"`
	ProfileUrl        string               `claim:"profile"`
	PictureUrl        string               `claim:"picture"`
	Website           string               `claim:"website"`
	Email             string               `claim:"email"`
	EmailVerified     *bool                `claim:"email_verified"`
	Gender            string               `claim:"gender"`
	Birthday          string               `claim:"birthdate"`    // ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format
	ZoneInfo          string               `claim:"zoneinfo"`     // Europe/Paris or America/Los_Angeles
	Locale            string               `claim:"locale"`       // Typically ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1
	PhoneNumber       string               `claim:"phone_number"` // RFC 3966 [RFC3966] e.g. +1 (604) 555-1234;ext=5678
	PhoneNumVerified  *bool                `claim:"phone_number_verified"`
	Address           *claims.AddressClaim `claim:"address"`
	UpdatedAt         time.Time            `claim:"updated_at"`

	/*******************************
	 * NFV Additional Claims
	 *******************************/
	AccountType     string          `claim:"account_type"`
	DefaultTenantId string          `claim:"default_tenant_id"`
	AssignedTenants utils.StringSet `claim:"assigned_tenants"`
	Roles           utils.StringSet `claim:"roles"`
	Permissions     utils.StringSet `claim:"permissions"`
}

func (UserInfoClaims) Get

func (c UserInfoClaims) Get(claim string) interface{}

func (UserInfoClaims) Has

func (c UserInfoClaims) Has(claim string) bool

func (UserInfoClaims) MarshalJSON

func (c UserInfoClaims) MarshalJSON() ([]byte, error)

func (*UserInfoClaims) Set

func (c *UserInfoClaims) Set(claim string, value interface{})

func (*UserInfoClaims) UnmarshalJSON

func (c *UserInfoClaims) UnmarshalJSON(bytes []byte) error

func (UserInfoClaims) Values

func (c UserInfoClaims) Values() map[string]interface{}

type UserInfoEndpoint

type UserInfoEndpoint struct {
	// contains filtered or unexported fields
}

func NewUserInfoEndpoint

func NewUserInfoEndpoint(issuer security.Issuer, accountStore security.AccountStore, jwtEncoder jwt.JwtEncoder) *UserInfoEndpoint

func (*UserInfoEndpoint) JwtUserInfo

func (ep *UserInfoEndpoint) JwtUserInfo(ctx context.Context, _ UserInfoRequest) (resp UserInfoJwtResponse, err error)

func (*UserInfoEndpoint) PlainUserInfo

func (ep *UserInfoEndpoint) PlainUserInfo(ctx context.Context, _ UserInfoRequest) (resp *UserInfoPlainResponse, err error)

type UserInfoJwtResponse

type UserInfoJwtResponse string

func (UserInfoJwtResponse) MarshalText

func (r UserInfoJwtResponse) MarshalText() (text []byte, err error)

MarshalText implements encoding.TextMarshaler

type UserInfoPlainResponse

type UserInfoPlainResponse struct {
	UserInfoClaims
}

type UserInfoRequest

type UserInfoRequest struct{}

type WellKnownEndpoint

type WellKnownEndpoint struct {
	// contains filtered or unexported fields
}

WellKnownEndpoint provide "/.well-known/**" HTTP endpoints

func NewWellKnownEndpoint

func NewWellKnownEndpoint(issuer security.Issuer, idpManager idp.IdentityProviderManager, extra map[string]interface{}) *WellKnownEndpoint

func (*WellKnownEndpoint) OpenIDConfig

func (ep *WellKnownEndpoint) OpenIDConfig(ctx context.Context, _ *http.Request) (resp *openid.OPMetadata, err error)

OpenIDConfig should mapped to GET /.well-known/openid-configuration

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL