Documentation ¶
Index ¶
- Constants
- Variables
- func FormatAPIVersion(apiVersion APIVersion) string
- func HandleResponseError(err error, w http.ResponseWriter, r *http.Request)
- func IsSAMLMetadataStale(idpMetadata *saml.EntityDescriptor, samlProvider models.SAMLProvider) bool
- func WaitForCleanup(ctx context.Context)
- type API
- func (a *API) ChallengeFactor(w http.ResponseWriter, r *http.Request) error
- func (a *API) ClanCreate(w http.ResponseWriter, r *http.Request) error
- func (a *API) ClanGet(w http.ResponseWriter, r *http.Request) error
- func (a *API) ClanUpdate(w http.ResponseWriter, r *http.Request) error
- func (a *API) DeleteIdentity(w http.ResponseWriter, r *http.Request) error
- func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error
- func (a *API) ExternalProviderCallback(w http.ResponseWriter, r *http.Request) error
- func (a *API) ExternalProviderRedirect(w http.ResponseWriter, r *http.Request) error
- func (a *API) GetExternalProviderRedirectURL(w http.ResponseWriter, r *http.Request, linkingTargetUser *models.User) (string, error)
- func (a *API) HealthCheck(w http.ResponseWriter, r *http.Request) error
- func (a *API) IdTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error
- func (a *API) Invite(w http.ResponseWriter, r *http.Request) error
- func (a *API) LinkIdentity(w http.ResponseWriter, r *http.Request) error
- func (a *API) ListenAndServe(ctx context.Context, hostAndPort string)
- func (a *API) Logout(w http.ResponseWriter, r *http.Request) error
- func (a *API) MagicLink(w http.ResponseWriter, r *http.Request) error
- func (a *API) Mailer() mailer.Mailer
- func (a *API) Now() time.Time
- func (a *API) OAuthProvider(ctx context.Context, name string) (provider.OAuthProvider, error)
- func (a *API) Otp(w http.ResponseWriter, r *http.Request) error
- func (a *API) PKCE(ctx context.Context, w http.ResponseWriter, r *http.Request) error
- func (a *API) ProfileGet(w http.ResponseWriter, r *http.Request) error
- func (a *API) ProfileUpdate(w http.ResponseWriter, r *http.Request) error
- func (a *API) Provider(ctx context.Context, name string, scopes string) (provider.Provider, error)
- func (a *API) Reauthenticate(w http.ResponseWriter, r *http.Request) error
- func (a *API) Recover(w http.ResponseWriter, r *http.Request) error
- func (a *API) RefreshTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error
- func (a *API) Resend(w http.ResponseWriter, r *http.Request) error
- func (a *API) ResourceOwnerPasswordGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error
- func (a *API) SAMLACS(w http.ResponseWriter, r *http.Request) error
- func (a *API) SAMLMetadata(w http.ResponseWriter, r *http.Request) error
- func (a *API) Settings(w http.ResponseWriter, r *http.Request) error
- func (a *API) Signup(w http.ResponseWriter, r *http.Request) error
- func (a *API) SignupAnonymously(w http.ResponseWriter, r *http.Request) error
- func (a *API) SingleSignOn(w http.ResponseWriter, r *http.Request) error
- func (a *API) SmsOtp(w http.ResponseWriter, r *http.Request) error
- func (a *API) Token(w http.ResponseWriter, r *http.Request) error
- func (a *API) UnenrollFactor(w http.ResponseWriter, r *http.Request) error
- func (a *API) UserGet(w http.ResponseWriter, r *http.Request) error
- func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error
- func (a *API) Verify(w http.ResponseWriter, r *http.Request) error
- func (a *API) VerifyFactor(w http.ResponseWriter, r *http.Request) error
- type APIVersion
- type AccessTokenClaims
- type AccessTokenResponse
- type AdminListUsersResponse
- type AdminUserParams
- type AuthMicroserviceClaims
- type ChallengeFactorResponse
- type ClanCreateParams
- type CreateSSOProviderParams
- type EnrollFactorParams
- type EnrollFactorResponse
- type ErrorCause
- type ErrorCode
- type ExternalProviderClaims
- type FunctionHooks
- type GenerateLinkParams
- type GenerateLinkResponse
- type HTTPError
- type HTTPErrorResponse20240101
- type HealthCheckResponse
- type IdTokenGrantParams
- type InviteParams
- type LogoutBehavior
- type MagicLinkParams
- type OAuthError
- type OAuthProviderData
- type OtpParams
- type PKCEGrantParams
- type PasswordGrantParams
- type ProfileUpdateParams
- type ProviderSettings
- type RecoverParams
- type RefreshTokenGrantParams
- type RequestParams
- type ResendConfirmationParams
- type SAMLAssertion
- func (a *SAMLAssertion) Attribute(name string) []saml.AttributeValue
- func (a *SAMLAssertion) Email() string
- func (a *SAMLAssertion) NotAfter() time.Time
- func (a *SAMLAssertion) NotBefore() time.Time
- func (a *SAMLAssertion) Process(mapping models.SAMLAttributeMapping) map[string]interface{}
- func (a *SAMLAssertion) SubjectID() (string, bool)
- func (a *SAMLAssertion) UserID() string
- type Settings
- type SignupParams
- type SingleSignOnParams
- type SingleSignOnResponse
- type SmsOtpResponse
- type SmsParams
- type TOTPObject
- type UnenrollFactorResponse
- type UserUpdateParams
- type VerifyFactorParams
- type VerifyParams
- type WeakPasswordError
Constants ¶
const ( DefaultHTTPHookTimeout = 5 * time.Second DefaultHTTPHookRetries = 3 HTTPHookBackoffDuration = 2 * time.Second PayloadLimit = 200 * 1024 // 200KB )
const ( InvalidFactorOwnerErrorMessage = "Factor does not belong to user" QRCodeGenerationErrorMessage = "Error generating QR Code" )
const ( PKCEPrefix = "pkce_" MinCodeChallengeLength = 43 MaxCodeChallengeLength = 128 InvalidPKCEParamsErrorMessage = "PKCE flow requires code_challenge_method and code_challenge" )
const APIVersionHeaderName = "X-Supabase-Api-Version"
const DefaultQRSize = 3
const InvalidChannelError = "Invalid channel, supported values are 'sms' or 'whatsapp'"
const InvalidLoginMessage = "Invalid login credentials"
const InvalidNonceMessage = "Nonce has expired or is invalid"
const (
SAMLSubjectIDAttributeName = "urn:oasis:names:tc:SAML:attribute:subject-id"
)
Variables ¶
var ( APIVersionInitial = time.Time{} APIVersion20240101 = time.Date(2024, time.January, 1, 0, 0, 0, 0, time.UTC) )
var ( DuplicateEmailMsg = "A user with this email address has already been registered" DuplicatePhoneMsg = "A user with this phone number has already been registered" UserExistsError error = errors.New("user already exists") )
Common error messages during signup flow
var (
MaxFrequencyLimitError error = errors.New("frequency limit reached")
)
Functions ¶
func FormatAPIVersion ¶
func FormatAPIVersion(apiVersion APIVersion) string
func HandleResponseError ¶
func HandleResponseError(err error, w http.ResponseWriter, r *http.Request)
func IsSAMLMetadataStale ¶
func IsSAMLMetadataStale(idpMetadata *saml.EntityDescriptor, samlProvider models.SAMLProvider) bool
func WaitForCleanup ¶
WaitForCleanup waits until all API servers are shut down cleanly or until the provided context signals done, whichever comes first.
Types ¶
type API ¶
type API struct {
// contains filtered or unexported fields
}
API is the main REST API
func NewAPI ¶
func NewAPI(globalConfig *conf.GlobalConfiguration, db *storage.Connection) *API
NewAPI instantiates a new REST API
func NewAPIWithVersion ¶
func NewAPIWithVersion(ctx context.Context, globalConfig *conf.GlobalConfiguration, db *storage.Connection, version string) *API
NewAPIWithVersion creates a new REST API using the specified version
func (*API) ChallengeFactor ¶
func (*API) ClanCreate ¶
ClanGet returns a clan
func (*API) ClanUpdate ¶
ClanUpdate updates fields on a clan
func (*API) DeleteIdentity ¶
func (*API) EnrollFactor ¶
func (*API) ExternalProviderCallback ¶
ExternalProviderCallback handles the callback endpoint in the external oauth provider flow
func (*API) ExternalProviderRedirect ¶
ExternalProviderRedirect redirects the request to the oauth provider
func (*API) GetExternalProviderRedirectURL ¶
func (a *API) GetExternalProviderRedirectURL(w http.ResponseWriter, r *http.Request, linkingTargetUser *models.User) (string, error)
GetExternalProviderRedirectURL returns the URL to start the oauth flow with the corresponding oauth provider
func (*API) HealthCheck ¶
HealthCheck endpoint indicates if the gotrue api service is available
func (*API) IdTokenGrant ¶
IdTokenGrant implements the id_token grant type flow
func (*API) LinkIdentity ¶
func (*API) ListenAndServe ¶
ListenAndServe starts the REST API
func (*API) Logout ¶
Logout is the endpoint for logging out a user and thereby revoking any refresh tokens
func (*API) OAuthProvider ¶
OAuthProvider returns the corresponding oauth provider as an OAuthProvider interface
func (*API) ProfileGet ¶
ProfileGet returns a profile
func (*API) ProfileUpdate ¶
ProfileUpdate updates fields on a profile
func (*API) Reauthenticate ¶
Reauthenticate sends a reauthentication otp to either the user's email or phone
func (*API) RefreshTokenGrant ¶
RefreshTokenGrant implements the refresh_token grant type flow
func (*API) ResourceOwnerPasswordGrant ¶
func (a *API) ResourceOwnerPasswordGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error
ResourceOwnerPasswordGrant implements the password grant type flow
func (*API) SAMLMetadata ¶
SAMLMetadata serves GoTrue's SAML Service Provider metadata file.
func (*API) SignupAnonymously ¶
func (*API) SingleSignOn ¶
SingleSignOn handles the single-sign-on flow for a provided SSO domain or provider.
func (*API) UnenrollFactor ¶
func (*API) UserUpdate ¶
UserUpdate updates fields on a user
func (*API) VerifyFactor ¶
type APIVersion ¶
func DetermineClosestAPIVersion ¶
func DetermineClosestAPIVersion(date string) (APIVersion, error)
type AccessTokenClaims ¶
type AccessTokenClaims struct { jwt.StandardClaims Email string `json:"email"` Phone string `json:"phone"` AppMetaData map[string]interface{} `json:"app_metadata"` UserMetaData map[string]interface{} `json:"user_metadata"` Role string `json:"role"` AuthenticatorAssuranceLevel string `json:"aal,omitempty"` AuthenticationMethodReference []models.AMREntry `json:"amr,omitempty"` SessionId string `json:"session_id,omitempty"` IsAnonymous bool `json:"is_anonymous"` }
AccessTokenClaims is a struct thats used for JWT claims
type AccessTokenResponse ¶
type AccessTokenResponse struct { Token string `json:"access_token"` TokenType string `json:"token_type"` // Bearer ExpiresIn int `json:"expires_in"` ExpiresAt int64 `json:"expires_at"` RefreshToken string `json:"refresh_token"` User *models.User `json:"user"` ProviderAccessToken string `json:"provider_token,omitempty"` ProviderRefreshToken string `json:"provider_refresh_token,omitempty"` WeakPassword *WeakPasswordError `json:"weak_password,omitempty"` }
AccessTokenResponse represents an OAuth2 success response
func (*AccessTokenResponse) AsRedirectURL ¶
func (r *AccessTokenResponse) AsRedirectURL(redirectURL string, extraParams url.Values) string
AsRedirectURL encodes the AccessTokenResponse as a redirect URL that includes the access token response data in a URL fragment.
type AdminListUsersResponse ¶
type AdminUserParams ¶
type AdminUserParams struct { Aud string `json:"aud"` Role string `json:"role"` Email string `json:"email"` Phone string `json:"phone"` Password *string `json:"password"` EmailConfirm bool `json:"email_confirm"` PhoneConfirm bool `json:"phone_confirm"` UserMetaData map[string]interface{} `json:"user_metadata"` AppMetaData map[string]interface{} `json:"app_metadata"` BanDuration string `json:"ban_duration"` }
type AuthMicroserviceClaims ¶
type AuthMicroserviceClaims struct { jwt.StandardClaims SiteURL string `json:"site_url"` InstanceID string `json:"id"` FunctionHooks FunctionHooks `json:"function_hooks"` }
type ChallengeFactorResponse ¶
type ClanCreateParams ¶
type ClanCreateParams struct { Name *string `json:"name"` DisplayName *string `json:"display_name"` Slug *string `json:"slug"` Email *string `json:"email"` ClanTypeID *uuid.UUID `json:"clan_type_id"` }
UserUpdateParams parameters for updating a user
type CreateSSOProviderParams ¶
type EnrollFactorParams ¶
type EnrollFactorResponse ¶
type EnrollFactorResponse struct { ID uuid.UUID `json:"id"` Type string `json:"type"` FriendlyName string `json:"friendly_name"` TOTP TOTPObject `json:"totp,omitempty"` }
type ErrorCause ¶
type ErrorCause interface {
Cause() error
}
ErrorCause is an error interface that contains the method Cause() for returning root cause errors
type ErrorCode ¶
type ErrorCode = string
const ( // ErrorCodeUnknown should not be used directly, it only indicates a failure in the error handling system in such a way that an error code was not assigned properly. ErrorCodeUnknown ErrorCode = "unknown" // ErrorCodeUnexpectedFailure signals an unexpected failure such as a 500 Internal Server Error. ErrorCodeUnexpectedFailure ErrorCode = "unexpected_failure" ErrorCodeValidationFailed ErrorCode = "validation_failed" ErrorCodeBadJSON ErrorCode = "bad_json" ErrorCodeEmailExists ErrorCode = "email_exists" ErrorCodePhoneExists ErrorCode = "phone_exists" ErrorCodeBadJWT ErrorCode = "bad_jwt" ErrorCodeNotAdmin ErrorCode = "not_admin" ErrorCodeNoAuthorization ErrorCode = "no_authorization" ErrorCodeUserNotFound ErrorCode = "user_not_found" ErrorCodeProfileNotFound ErrorCode = "profile_not_found" ErrorCodeSessionNotFound ErrorCode = "session_not_found" ErrorCodeFlowStateNotFound ErrorCode = "flow_state_not_found" ErrorCodeFlowStateExpired ErrorCode = "flow_state_expired" ErrorCodeSignupDisabled ErrorCode = "signup_disabled" ErrorCodeUserBanned ErrorCode = "user_banned" ErrorCodeProviderEmailNeedsVerification ErrorCode = "provider_email_needs_verification" ErrorCodeInviteNotFound ErrorCode = "invite_not_found" ErrorCodeBadOAuthState ErrorCode = "bad_oauth_state" ErrorCodeBadOAuthCallback ErrorCode = "bad_oauth_callback" ErrorCodeOAuthProviderNotSupported ErrorCode = "oauth_provider_not_supported" ErrorCodeUnexpectedAudience ErrorCode = "unexpected_audience" ErrorCodeSingleIdentityNotDeletable ErrorCode = "single_identity_not_deletable" ErrorCodeEmailConflictIdentityNotDeletable ErrorCode = "email_conflict_identity_not_deletable" ErrorCodeIdentityAlreadyExists ErrorCode = "identity_already_exists" ErrorCodeEmailProviderDisabled ErrorCode = "email_provider_disabled" ErrorCodePhoneProviderDisabled ErrorCode = "phone_provider_disabled" ErrorCodeTooManyEnrolledMFAFactors ErrorCode = "too_many_enrolled_mfa_factors" ErrorCodeMFAFactorNameConflict ErrorCode = "mfa_factor_name_conflict" ErrorCodeMFAFactorNotFound ErrorCode = "mfa_factor_not_found" ErrorCodeMFAIPAddressMismatch ErrorCode = "mfa_ip_address_mismatch" ErrorCodeMFAChallengeExpired ErrorCode = "mfa_challenge_expired" ErrorCodeMFAVerificationFailed ErrorCode = "mfa_verification_failed" ErrorCodeMFAVerificationRejected ErrorCode = "mfa_verification_rejected" ErrorCodeInsufficientAAL ErrorCode = "insufficient_aal" ErrorCodeCaptchaFailed ErrorCode = "captcha_failed" ErrorCodeSAMLProviderDisabled ErrorCode = "saml_provider_disabled" ErrorCodeManualLinkingDisabled ErrorCode = "manual_linking_disabled" ErrorCodeSMSSendFailed ErrorCode = "sms_send_failed" ErrorCodeEmailNotConfirmed ErrorCode = "email_not_confirmed" ErrorCodePhoneNotConfirmed ErrorCode = "phone_not_confirmed" ErrorCodeReauthNonceMissing ErrorCode = "reauth_nonce_missing" ErrorCodeSAMLRelayStateNotFound ErrorCode = "saml_relay_state_not_found" ErrorCodeSAMLRelayStateExpired ErrorCode = "saml_relay_state_expired" ErrorCodeSAMLIdPNotFound ErrorCode = "saml_idp_not_found" ErrorCodeSAMLAssertionNoUserID ErrorCode = "saml_assertion_no_user_id" ErrorCodeSAMLAssertionNoEmail ErrorCode = "saml_assertion_no_email" ErrorCodeUserAlreadyExists ErrorCode = "user_already_exists" ErrorCodeSSOProviderNotFound ErrorCode = "sso_provider_not_found" ErrorCodeSAMLMetadataFetchFailed ErrorCode = "saml_metadata_fetch_failed" ErrorCodeSAMLIdPAlreadyExists ErrorCode = "saml_idp_already_exists" ErrorCodeSSODomainAlreadyExists ErrorCode = "sso_domain_already_exists" ErrorCodeSAMLEntityIDMismatch ErrorCode = "saml_entity_id_mismatch" ErrorCodeConflict ErrorCode = "conflict" ErrorCodeProviderDisabled ErrorCode = "provider_disabled" ErrorCodeUserSSOManaged ErrorCode = "user_sso_managed" ErrorCodeReauthenticationNeeded ErrorCode = "reauthentication_needed" ErrorCodeSamePassword ErrorCode = "same_password" ErrorCodeReauthenticationNotValid ErrorCode = "reauthentication_not_valid" ErrorCodeOTPExpired ErrorCode = "otp_expired" ErrorCodeOTPDisabled ErrorCode = "otp_disabled" ErrorCodeIdentityNotFound ErrorCode = "identity_not_found" ErrorCodeWeakPassword ErrorCode = "weak_password" ErrorCodeOverRequestRateLimit ErrorCode = "over_request_rate_limit" ErrorCodeOverEmailSendRateLimit ErrorCode = "over_email_send_rate_limit" ErrorCodeOverSMSSendRateLimit ErrorCode = "over_sms_send_rate_limit" ErrorBadCodeVerifier ErrorCode = "bad_code_verifier" ErrorCodeAnonymousProviderDisabled ErrorCode = "anonymous_provider_disabled" ErrorCodeHookTimeout ErrorCode = "hook_timeout" ErrorCodeHookTimeoutAfterRetry ErrorCode = "hook_timeout_after_retry" ErrorCodeHookPayloadOverSizeLimit ErrorCode = "hook_payload_over_size_limit" ErrorCodeHookPayloadUnknownSize ErrorCode = "hook_payload_unknown_size" )
type ExternalProviderClaims ¶
type ExternalProviderClaims struct { AuthMicroserviceClaims Provider string `json:"provider"` InviteToken string `json:"invite_token,omitempty"` Referrer string `json:"referrer,omitempty"` FlowStateID string `json:"flow_state_id"` LinkingTargetID string `json:"linking_target_id,omitempty"` }
ExternalProviderClaims are the JWT claims sent as the state in the external oauth provider signup flow
type FunctionHooks ¶
func (*FunctionHooks) UnmarshalJSON ¶
func (f *FunctionHooks) UnmarshalJSON(b []byte) error
type GenerateLinkParams ¶
type GenerateLinkResponse ¶
type HTTPError ¶
type HTTPError struct { HTTPStatus int `json:"code"` // do not rename the JSON tags! ErrorCode string `json:"error_code,omitempty"` // do not rename the JSON tags! Message string `json:"msg"` // do not rename the JSON tags! InternalError error `json:"-"` InternalMessage string `json:"-"` ErrorID string `json:"error_id,omitempty"` }
HTTPError is an error with a message and an HTTP status code.
func (*HTTPError) WithInternalError ¶
WithInternalError adds internal error information to the error
func (*HTTPError) WithInternalMessage ¶
WithInternalMessage adds internal message information to the error
type HealthCheckResponse ¶
type IdTokenGrantParams ¶
type IdTokenGrantParams struct { IdToken string `json:"id_token"` AccessToken string `json:"access_token"` Nonce string `json:"nonce"` Provider string `json:"provider"` ClientID string `json:"client_id"` Issuer string `json:"issuer"` }
IdTokenGrantParams are the parameters the IdTokenGrant method accepts
type InviteParams ¶
InviteParams are the parameters the Signup endpoint accepts
type LogoutBehavior ¶
type LogoutBehavior string
const ( LogoutGlobal LogoutBehavior = "global" LogoutLocal LogoutBehavior = "local" LogoutOthers LogoutBehavior = "others" )
type MagicLinkParams ¶
type MagicLinkParams struct { Email string `json:"email"` Data map[string]interface{} `json:"data"` CodeChallengeMethod string `json:"code_challenge_method"` CodeChallenge string `json:"code_challenge"` }
MagicLinkParams holds the parameters for a magic link request
func (*MagicLinkParams) Validate ¶
func (p *MagicLinkParams) Validate() error
type OAuthError ¶
type OAuthError struct { Err string `json:"error"` Description string `json:"error_description,omitempty"` InternalError error `json:"-"` InternalMessage string `json:"-"` }
OAuthError is the JSON handler for OAuth2 error responses
func (*OAuthError) Error ¶
func (e *OAuthError) Error() string
func (*OAuthError) WithInternalError ¶
func (e *OAuthError) WithInternalError(err error) *OAuthError
WithInternalError adds internal error information to the error
func (*OAuthError) WithInternalMessage ¶
func (e *OAuthError) WithInternalMessage(fmtString string, args ...interface{}) *OAuthError
WithInternalMessage adds internal message information to the error
type OAuthProviderData ¶
type OAuthProviderData struct {
// contains filtered or unexported fields
}
OAuthProviderData contains the userData and token returned by the oauth provider
type OtpParams ¶
type OtpParams struct { Email string `json:"email"` Phone string `json:"phone"` CreateUser bool `json:"create_user"` Data map[string]interface{} `json:"data"` Channel string `json:"channel"` CodeChallengeMethod string `json:"code_challenge_method"` CodeChallenge string `json:"code_challenge"` }
OtpParams contains the request body params for the otp endpoint
type PKCEGrantParams ¶
type PKCEGrantParams struct { AuthCode string `json:"auth_code"` CodeVerifier string `json:"code_verifier"` }
PKCEGrantParams are the parameters the PKCEGrant method accepts
type PasswordGrantParams ¶
type PasswordGrantParams struct { Email string `json:"email"` Phone string `json:"phone"` Password string `json:"password"` }
PasswordGrantParams are the parameters the ResourceOwnerPasswordGrant method accepts
type ProfileUpdateParams ¶
type ProfileUpdateParams struct { FirstName *string `json:"first_name"` LastName *string `json:"last_name"` Username *string `json:"username"` Bio *string `json:"bio"` BirthDate *calendar.Date `json:"birth_date"` Channel string `json:"channel"` CodeChallenge string `json:"code_challenge"` CodeChallengeMethod string `json:"code_challenge_method"` }
UserUpdateParams parameters for updating a user
type ProviderSettings ¶
type ProviderSettings struct { AnonymousUsers bool `json:"anonymous_users"` Apple bool `json:"apple"` Azure bool `json:"azure"` Bitbucket bool `json:"bitbucket"` Discord bool `json:"discord"` Facebook bool `json:"facebook"` Figma bool `json:"figma"` Fly bool `json:"fly"` GitHub bool `json:"github"` GitLab bool `json:"gitlab"` Google bool `json:"google"` Keycloak bool `json:"keycloak"` Kakao bool `json:"kakao"` Linkedin bool `json:"linkedin"` LinkedinOIDC bool `json:"linkedin_oidc"` Notion bool `json:"notion"` Spotify bool `json:"spotify"` Slack bool `json:"slack"` WorkOS bool `json:"workos"` Twitch bool `json:"twitch"` Twitter bool `json:"twitter"` Email bool `json:"email"` Phone bool `json:"phone"` Zoom bool `json:"zoom"` }
type RecoverParams ¶
type RecoverParams struct { Email string `json:"email"` CodeChallenge string `json:"code_challenge"` CodeChallengeMethod string `json:"code_challenge_method"` }
RecoverParams holds the parameters for a password recovery request
func (*RecoverParams) Validate ¶
func (p *RecoverParams) Validate() error
type RefreshTokenGrantParams ¶
type RefreshTokenGrantParams struct {
RefreshToken string `json:"refresh_token"`
}
RefreshTokenGrantParams are the parameters the RefreshTokenGrant method accepts
type RequestParams ¶
type RequestParams interface { AdminUserParams | CreateSSOProviderParams | EnrollFactorParams | GenerateLinkParams | IdTokenGrantParams | InviteParams | OtpParams | PKCEGrantParams | PasswordGrantParams | RecoverParams | RefreshTokenGrantParams | ResendConfirmationParams | SignupParams | SingleSignOnParams | SmsParams | UserUpdateParams | VerifyFactorParams | VerifyParams | adminUserUpdateFactorParams | ProfileUpdateParams | ClanCreateParams | struct { Email string `json:"email"` Phone string `json:"phone"` } }
type ResendConfirmationParams ¶
type ResendConfirmationParams struct { Type string `json:"type"` Email string `json:"email"` Phone string `json:"phone"` }
ResendConfirmationParams holds the parameters for a resend request
func (*ResendConfirmationParams) Validate ¶
func (p *ResendConfirmationParams) Validate(config *conf.GlobalConfiguration) error
type SAMLAssertion ¶
func (*SAMLAssertion) Attribute ¶
func (a *SAMLAssertion) Attribute(name string) []saml.AttributeValue
Attribute returns the first matching attribute value in the attribute statements where name equals the official SAML attribute Name or FriendlyName. Returns nil if such an attribute can't be found.
func (*SAMLAssertion) Email ¶
func (a *SAMLAssertion) Email() string
Email returns the best guess for an email address.
func (*SAMLAssertion) NotAfter ¶
func (a *SAMLAssertion) NotAfter() time.Time
NotAfter extracts the time at which or after this assertion should not be considered.
func (*SAMLAssertion) NotBefore ¶
func (a *SAMLAssertion) NotBefore() time.Time
NotBefore extracts the time before which this assertion should not be considered.
func (*SAMLAssertion) Process ¶
func (a *SAMLAssertion) Process(mapping models.SAMLAttributeMapping) map[string]interface{}
Process processes this assertion according to the SAMLAttributeMapping. Never returns nil.
func (*SAMLAssertion) SubjectID ¶
func (a *SAMLAssertion) SubjectID() (string, bool)
SubjectID returns the user identifier in present in the Subject section of the SAML assertion. Note that this way of identifying the Subject is generally superseded by the SAMLSubjectIDAttributeName assertion attribute; tho must be present in all assertions. It can have a few formats, of which the most important are: saml.EmailAddressNameIDFormat (meaning the user ID is an email address), saml.PersistentNameIDFormat (the user ID is an opaque string that does not change with each assertion, e.g. UUID), saml.TransientNameIDFormat (the user ID changes with each assertion -- can't be used to identify a user). The boolean returned identifies if the user ID is persistent. If it's an email address, it's lowercased just in case.
func (*SAMLAssertion) UserID ¶
func (a *SAMLAssertion) UserID() string
UserID returns the best choice for a persistent user identifier on the Identity Provider side. Don't assume the format of the string returned, as it's Identity Provider specific.
type Settings ¶
type Settings struct { ExternalProviders ProviderSettings `json:"external"` DisableSignup bool `json:"disable_signup"` MailerAutoconfirm bool `json:"mailer_autoconfirm"` PhoneAutoconfirm bool `json:"phone_autoconfirm"` SmsProvider string `json:"sms_provider"` MFAEnabled bool `json:"mfa_enabled"` SAMLEnabled bool `json:"saml_enabled"` }
type SignupParams ¶
type SignupParams struct { Email string `json:"email"` Phone string `json:"phone"` Password string `json:"password"` Data map[string]interface{} `json:"data"` Provider string `json:"-"` Aud string `json:"-"` Channel string `json:"channel"` CodeChallengeMethod string `json:"code_challenge_method"` CodeChallenge string `json:"code_challenge"` }
SignupParams are the parameters the Signup endpoint accepts
func (*SignupParams) ConfigureDefaults ¶
func (p *SignupParams) ConfigureDefaults()
func (*SignupParams) ToUserModel ¶
func (params *SignupParams) ToUserModel(isSSOUser bool) (user *models.User, err error)
type SingleSignOnParams ¶
type SingleSignOnResponse ¶
type SingleSignOnResponse struct {
URL string `json:"url"`
}
type SmsOtpResponse ¶
type SmsOtpResponse struct {
MessageID string `json:"message_id,omitempty"`
}
type SmsParams ¶
type SmsParams struct { Phone string `json:"phone"` Channel string `json:"channel"` Data map[string]interface{} `json:"data"` CodeChallengeMethod string `json:"code_challenge_method"` CodeChallenge string `json:"code_challenge"` }
SmsParams contains the request body params for sms otp
type TOTPObject ¶
type UnenrollFactorResponse ¶
type UserUpdateParams ¶
type UserUpdateParams struct { Email string `json:"email"` Password *string `json:"password"` Nonce string `json:"nonce"` Data map[string]interface{} `json:"data"` AppData map[string]interface{} `json:"app_metadata,omitempty"` Phone string `json:"phone"` Channel string `json:"channel"` CodeChallenge string `json:"code_challenge"` CodeChallengeMethod string `json:"code_challenge_method"` }
UserUpdateParams parameters for updating a user
type VerifyFactorParams ¶
type VerifyParams ¶
type VerifyParams struct { Type string `json:"type"` Token string `json:"token"` TokenHash string `json:"token_hash"` Email string `json:"email"` Phone string `json:"phone"` RedirectTo string `json:"redirect_to"` }
VerifyParams are the parameters the Verify endpoint accepts
type WeakPasswordError ¶
type WeakPasswordError struct { Message string `json:"message,omitempty"` Reasons []string `json:"reasons,omitempty"` }
WeakPasswordError encodes an error that a password does not meet strength requirements. It is handled specially in errors.go as it gets transformed to a HTTPError with a special weak_password field that encodes the Reasons slice.
func (*WeakPasswordError) Error ¶
func (e *WeakPasswordError) Error() string
Source Files ¶
- admin.go
- anonymous.go
- api.go
- apiversions.go
- audit.go
- auth.go
- clan.go
- cleanup.go
- context.go
- errorcodes.go
- errors.go
- external.go
- external_oauth.go
- helpers.go
- hooks.go
- identity.go
- invite.go
- listener.go
- logout.go
- magic_link.go
- mail.go
- mfa.go
- middleware.go
- otp.go
- pagination.go
- password.go
- phone.go
- pkce.go
- profile.go
- reauthenticate.go
- recover.go
- resend.go
- router.go
- saml.go
- samlacs.go
- samlassertion.go
- settings.go
- signup.go
- sorting.go
- sso.go
- ssoadmin.go
- token.go
- token_oidc.go
- token_refresh.go
- user.go
- verify.go