api

package
v0.0.0-...-e3e9b0f Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 29, 2024 License: MIT Imports: 59 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultHTTPHookTimeout  = 5 * time.Second
	DefaultHTTPHookRetries  = 3
	HTTPHookBackoffDuration = 2 * time.Second
	PayloadLimit            = 200 * 1024 // 200KB
)
View Source
const (
	InvalidFactorOwnerErrorMessage = "Factor does not belong to user"
	QRCodeGenerationErrorMessage   = "Error generating QR Code"
)
View Source
const (
	PKCEPrefix                    = "pkce_"
	MinCodeChallengeLength        = 43
	MaxCodeChallengeLength        = 128
	InvalidPKCEParamsErrorMessage = "PKCE flow requires code_challenge_method and code_challenge"
)
View Source
const APIVersionHeaderName = "X-Supabase-Api-Version"
View Source
const DefaultQRSize = 3
View Source
const InvalidChannelError = "Invalid channel, supported values are 'sms' or 'whatsapp'"
View Source
const InvalidLoginMessage = "Invalid login credentials"
View Source
const InvalidNonceMessage = "Nonce has expired or is invalid"
View Source
const (
	SAMLSubjectIDAttributeName = "urn:oasis:names:tc:SAML:attribute:subject-id"
)

Variables

View Source
var (
	APIVersionInitial  = time.Time{}
	APIVersion20240101 = time.Date(2024, time.January, 1, 0, 0, 0, 0, time.UTC)
)
View Source
var (
	DuplicateEmailMsg       = "A user with this email address has already been registered"
	DuplicatePhoneMsg       = "A user with this phone number has already been registered"
	UserExistsError   error = errors.New("user already exists")
)

Common error messages during signup flow

View Source
var (
	MaxFrequencyLimitError error = errors.New("frequency limit reached")
)

Functions

func FormatAPIVersion

func FormatAPIVersion(apiVersion APIVersion) string

func HandleResponseError

func HandleResponseError(err error, w http.ResponseWriter, r *http.Request)

func IsSAMLMetadataStale

func IsSAMLMetadataStale(idpMetadata *saml.EntityDescriptor, samlProvider models.SAMLProvider) bool

func WaitForCleanup

func WaitForCleanup(ctx context.Context)

WaitForCleanup waits until all API servers are shut down cleanly or until the provided context signals done, whichever comes first.

Types

type API

type API struct {
	// contains filtered or unexported fields
}

API is the main REST API

func NewAPI

func NewAPI(globalConfig *conf.GlobalConfiguration, db *storage.Connection) *API

NewAPI instantiates a new REST API

func NewAPIWithVersion

func NewAPIWithVersion(ctx context.Context, globalConfig *conf.GlobalConfiguration, db *storage.Connection, version string) *API

NewAPIWithVersion creates a new REST API using the specified version

func (*API) ChallengeFactor

func (a *API) ChallengeFactor(w http.ResponseWriter, r *http.Request) error

func (*API) ClanCreate

func (a *API) ClanCreate(w http.ResponseWriter, r *http.Request) error

ClanGet returns a clan

func (*API) ClanGet

func (a *API) ClanGet(w http.ResponseWriter, r *http.Request) error

ClanGet returns a clan

func (*API) ClanUpdate

func (a *API) ClanUpdate(w http.ResponseWriter, r *http.Request) error

ClanUpdate updates fields on a clan

func (*API) DeleteIdentity

func (a *API) DeleteIdentity(w http.ResponseWriter, r *http.Request) error

func (*API) EnrollFactor

func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error

func (*API) ExternalProviderCallback

func (a *API) ExternalProviderCallback(w http.ResponseWriter, r *http.Request) error

ExternalProviderCallback handles the callback endpoint in the external oauth provider flow

func (*API) ExternalProviderRedirect

func (a *API) ExternalProviderRedirect(w http.ResponseWriter, r *http.Request) error

ExternalProviderRedirect redirects the request to the oauth provider

func (*API) GetExternalProviderRedirectURL

func (a *API) GetExternalProviderRedirectURL(w http.ResponseWriter, r *http.Request, linkingTargetUser *models.User) (string, error)

GetExternalProviderRedirectURL returns the URL to start the oauth flow with the corresponding oauth provider

func (*API) HealthCheck

func (a *API) HealthCheck(w http.ResponseWriter, r *http.Request) error

HealthCheck endpoint indicates if the gotrue api service is available

func (*API) IdTokenGrant

func (a *API) IdTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error

IdTokenGrant implements the id_token grant type flow

func (*API) Invite

func (a *API) Invite(w http.ResponseWriter, r *http.Request) error

Invite is the endpoint for inviting a new user

func (*API) LinkIdentity

func (a *API) LinkIdentity(w http.ResponseWriter, r *http.Request) error

func (*API) ListenAndServe

func (a *API) ListenAndServe(ctx context.Context, hostAndPort string)

ListenAndServe starts the REST API

func (*API) Logout

func (a *API) Logout(w http.ResponseWriter, r *http.Request) error

Logout is the endpoint for logging out a user and thereby revoking any refresh tokens

func (a *API) MagicLink(w http.ResponseWriter, r *http.Request) error

MagicLink sends a recovery email

func (*API) Mailer

func (a *API) Mailer() mailer.Mailer

Mailer returns NewMailer with the current tenant config

func (*API) Now

func (a *API) Now() time.Time

func (*API) OAuthProvider

func (a *API) OAuthProvider(ctx context.Context, name string) (provider.OAuthProvider, error)

OAuthProvider returns the corresponding oauth provider as an OAuthProvider interface

func (*API) Otp

func (a *API) Otp(w http.ResponseWriter, r *http.Request) error

Otp returns the MagicLink or SmsOtp handler based on the request body params

func (*API) PKCE

func (a *API) PKCE(ctx context.Context, w http.ResponseWriter, r *http.Request) error

func (*API) ProfileGet

func (a *API) ProfileGet(w http.ResponseWriter, r *http.Request) error

ProfileGet returns a profile

func (*API) ProfileUpdate

func (a *API) ProfileUpdate(w http.ResponseWriter, r *http.Request) error

ProfileUpdate updates fields on a profile

func (*API) Provider

func (a *API) Provider(ctx context.Context, name string, scopes string) (provider.Provider, error)

Provider returns a Provider interface for the given name.

func (*API) Reauthenticate

func (a *API) Reauthenticate(w http.ResponseWriter, r *http.Request) error

Reauthenticate sends a reauthentication otp to either the user's email or phone

func (*API) Recover

func (a *API) Recover(w http.ResponseWriter, r *http.Request) error

Recover sends a recovery email

func (*API) RefreshTokenGrant

func (a *API) RefreshTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error

RefreshTokenGrant implements the refresh_token grant type flow

func (*API) Resend

func (a *API) Resend(w http.ResponseWriter, r *http.Request) error

Recover sends a recovery email

func (*API) ResourceOwnerPasswordGrant

func (a *API) ResourceOwnerPasswordGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error

ResourceOwnerPasswordGrant implements the password grant type flow

func (*API) SAMLACS

func (a *API) SAMLACS(w http.ResponseWriter, r *http.Request) error

SAMLACS implements the main Assertion Consumer Service endpoint behavior.

func (*API) SAMLMetadata

func (a *API) SAMLMetadata(w http.ResponseWriter, r *http.Request) error

SAMLMetadata serves GoTrue's SAML Service Provider metadata file.

func (*API) Settings

func (a *API) Settings(w http.ResponseWriter, r *http.Request) error

func (*API) Signup

func (a *API) Signup(w http.ResponseWriter, r *http.Request) error

Signup is the endpoint for registering a new user

func (*API) SignupAnonymously

func (a *API) SignupAnonymously(w http.ResponseWriter, r *http.Request) error

func (*API) SingleSignOn

func (a *API) SingleSignOn(w http.ResponseWriter, r *http.Request) error

SingleSignOn handles the single-sign-on flow for a provided SSO domain or provider.

func (*API) SmsOtp

func (a *API) SmsOtp(w http.ResponseWriter, r *http.Request) error

SmsOtp sends the user an otp via sms

func (*API) Token

func (a *API) Token(w http.ResponseWriter, r *http.Request) error

Token is the endpoint for OAuth access token requests

func (*API) UnenrollFactor

func (a *API) UnenrollFactor(w http.ResponseWriter, r *http.Request) error

func (*API) UserGet

func (a *API) UserGet(w http.ResponseWriter, r *http.Request) error

UserGet returns a user

func (*API) UserUpdate

func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error

UserUpdate updates fields on a user

func (*API) Verify

func (a *API) Verify(w http.ResponseWriter, r *http.Request) error

Verify exchanges a confirmation or recovery token to a refresh token

func (*API) VerifyFactor

func (a *API) VerifyFactor(w http.ResponseWriter, r *http.Request) error

type APIVersion

type APIVersion = time.Time

func DetermineClosestAPIVersion

func DetermineClosestAPIVersion(date string) (APIVersion, error)

type AccessTokenClaims

type AccessTokenClaims struct {
	jwt.StandardClaims
	Email                         string                 `json:"email"`
	Phone                         string                 `json:"phone"`
	AppMetaData                   map[string]interface{} `json:"app_metadata"`
	UserMetaData                  map[string]interface{} `json:"user_metadata"`
	Role                          string                 `json:"role"`
	AuthenticatorAssuranceLevel   string                 `json:"aal,omitempty"`
	AuthenticationMethodReference []models.AMREntry      `json:"amr,omitempty"`
	SessionId                     string                 `json:"session_id,omitempty"`
	IsAnonymous                   bool                   `json:"is_anonymous"`
}

AccessTokenClaims is a struct thats used for JWT claims

type AccessTokenResponse

type AccessTokenResponse struct {
	Token                string             `json:"access_token"`
	TokenType            string             `json:"token_type"` // Bearer
	ExpiresIn            int                `json:"expires_in"`
	ExpiresAt            int64              `json:"expires_at"`
	RefreshToken         string             `json:"refresh_token"`
	User                 *models.User       `json:"user"`
	ProviderAccessToken  string             `json:"provider_token,omitempty"`
	ProviderRefreshToken string             `json:"provider_refresh_token,omitempty"`
	WeakPassword         *WeakPasswordError `json:"weak_password,omitempty"`
}

AccessTokenResponse represents an OAuth2 success response

func (*AccessTokenResponse) AsRedirectURL

func (r *AccessTokenResponse) AsRedirectURL(redirectURL string, extraParams url.Values) string

AsRedirectURL encodes the AccessTokenResponse as a redirect URL that includes the access token response data in a URL fragment.

type AdminListUsersResponse

type AdminListUsersResponse struct {
	Users []*models.User `json:"users"`
	Aud   string         `json:"aud"`
}

type AdminUserParams

type AdminUserParams struct {
	Aud          string                 `json:"aud"`
	Role         string                 `json:"role"`
	Email        string                 `json:"email"`
	Phone        string                 `json:"phone"`
	Password     *string                `json:"password"`
	EmailConfirm bool                   `json:"email_confirm"`
	PhoneConfirm bool                   `json:"phone_confirm"`
	UserMetaData map[string]interface{} `json:"user_metadata"`
	AppMetaData  map[string]interface{} `json:"app_metadata"`
	BanDuration  string                 `json:"ban_duration"`
}

type AuthMicroserviceClaims

type AuthMicroserviceClaims struct {
	jwt.StandardClaims
	SiteURL       string        `json:"site_url"`
	InstanceID    string        `json:"id"`
	FunctionHooks FunctionHooks `json:"function_hooks"`
}

type ChallengeFactorResponse

type ChallengeFactorResponse struct {
	ID        uuid.UUID `json:"id"`
	ExpiresAt int64     `json:"expires_at"`
}

type ClanCreateParams

type ClanCreateParams struct {
	Name        *string    `json:"name"`
	DisplayName *string    `json:"display_name"`
	Slug        *string    `json:"slug"`
	Email       *string    `json:"email"`
	ClanTypeID  *uuid.UUID `json:"clan_type_id"`
}

UserUpdateParams parameters for updating a user

type CreateSSOProviderParams

type CreateSSOProviderParams struct {
	Type string `json:"type"`

	MetadataURL      string                      `json:"metadata_url"`
	MetadataXML      string                      `json:"metadata_xml"`
	Domains          []string                    `json:"domains"`
	AttributeMapping models.SAMLAttributeMapping `json:"attribute_mapping"`
	NameIDFormat     string                      `json:"name_id_format"`
}

type EnrollFactorParams

type EnrollFactorParams struct {
	FriendlyName string `json:"friendly_name"`
	FactorType   string `json:"factor_type"`
	Issuer       string `json:"issuer"`
}

type EnrollFactorResponse

type EnrollFactorResponse struct {
	ID           uuid.UUID  `json:"id"`
	Type         string     `json:"type"`
	FriendlyName string     `json:"friendly_name"`
	TOTP         TOTPObject `json:"totp,omitempty"`
}

type ErrorCause

type ErrorCause interface {
	Cause() error
}

ErrorCause is an error interface that contains the method Cause() for returning root cause errors

type ErrorCode

type ErrorCode = string
const (
	// ErrorCodeUnknown should not be used directly, it only indicates a failure in the error handling system in such a way that an error code was not assigned properly.
	ErrorCodeUnknown ErrorCode = "unknown"

	// ErrorCodeUnexpectedFailure signals an unexpected failure such as a 500 Internal Server Error.
	ErrorCodeUnexpectedFailure ErrorCode = "unexpected_failure"

	ErrorCodeValidationFailed                  ErrorCode = "validation_failed"
	ErrorCodeBadJSON                           ErrorCode = "bad_json"
	ErrorCodeEmailExists                       ErrorCode = "email_exists"
	ErrorCodePhoneExists                       ErrorCode = "phone_exists"
	ErrorCodeBadJWT                            ErrorCode = "bad_jwt"
	ErrorCodeNotAdmin                          ErrorCode = "not_admin"
	ErrorCodeNoAuthorization                   ErrorCode = "no_authorization"
	ErrorCodeUserNotFound                      ErrorCode = "user_not_found"
	ErrorCodeProfileNotFound                   ErrorCode = "profile_not_found"
	ErrorCodeSessionNotFound                   ErrorCode = "session_not_found"
	ErrorCodeFlowStateNotFound                 ErrorCode = "flow_state_not_found"
	ErrorCodeFlowStateExpired                  ErrorCode = "flow_state_expired"
	ErrorCodeSignupDisabled                    ErrorCode = "signup_disabled"
	ErrorCodeUserBanned                        ErrorCode = "user_banned"
	ErrorCodeProviderEmailNeedsVerification    ErrorCode = "provider_email_needs_verification"
	ErrorCodeInviteNotFound                    ErrorCode = "invite_not_found"
	ErrorCodeBadOAuthState                     ErrorCode = "bad_oauth_state"
	ErrorCodeBadOAuthCallback                  ErrorCode = "bad_oauth_callback"
	ErrorCodeOAuthProviderNotSupported         ErrorCode = "oauth_provider_not_supported"
	ErrorCodeUnexpectedAudience                ErrorCode = "unexpected_audience"
	ErrorCodeSingleIdentityNotDeletable        ErrorCode = "single_identity_not_deletable"
	ErrorCodeEmailConflictIdentityNotDeletable ErrorCode = "email_conflict_identity_not_deletable"
	ErrorCodeIdentityAlreadyExists             ErrorCode = "identity_already_exists"
	ErrorCodeEmailProviderDisabled             ErrorCode = "email_provider_disabled"
	ErrorCodePhoneProviderDisabled             ErrorCode = "phone_provider_disabled"
	ErrorCodeTooManyEnrolledMFAFactors         ErrorCode = "too_many_enrolled_mfa_factors"
	ErrorCodeMFAFactorNameConflict             ErrorCode = "mfa_factor_name_conflict"
	ErrorCodeMFAFactorNotFound                 ErrorCode = "mfa_factor_not_found"
	ErrorCodeMFAIPAddressMismatch              ErrorCode = "mfa_ip_address_mismatch"
	ErrorCodeMFAChallengeExpired               ErrorCode = "mfa_challenge_expired"
	ErrorCodeMFAVerificationFailed             ErrorCode = "mfa_verification_failed"
	ErrorCodeMFAVerificationRejected           ErrorCode = "mfa_verification_rejected"
	ErrorCodeInsufficientAAL                   ErrorCode = "insufficient_aal"
	ErrorCodeCaptchaFailed                     ErrorCode = "captcha_failed"
	ErrorCodeSAMLProviderDisabled              ErrorCode = "saml_provider_disabled"
	ErrorCodeManualLinkingDisabled             ErrorCode = "manual_linking_disabled"
	ErrorCodeSMSSendFailed                     ErrorCode = "sms_send_failed"
	ErrorCodeEmailNotConfirmed                 ErrorCode = "email_not_confirmed"
	ErrorCodePhoneNotConfirmed                 ErrorCode = "phone_not_confirmed"
	ErrorCodeReauthNonceMissing                ErrorCode = "reauth_nonce_missing"
	ErrorCodeSAMLRelayStateNotFound            ErrorCode = "saml_relay_state_not_found"
	ErrorCodeSAMLRelayStateExpired             ErrorCode = "saml_relay_state_expired"
	ErrorCodeSAMLIdPNotFound                   ErrorCode = "saml_idp_not_found"
	ErrorCodeSAMLAssertionNoUserID             ErrorCode = "saml_assertion_no_user_id"
	ErrorCodeSAMLAssertionNoEmail              ErrorCode = "saml_assertion_no_email"
	ErrorCodeUserAlreadyExists                 ErrorCode = "user_already_exists"
	ErrorCodeSSOProviderNotFound               ErrorCode = "sso_provider_not_found"
	ErrorCodeSAMLMetadataFetchFailed           ErrorCode = "saml_metadata_fetch_failed"
	ErrorCodeSAMLIdPAlreadyExists              ErrorCode = "saml_idp_already_exists"
	ErrorCodeSSODomainAlreadyExists            ErrorCode = "sso_domain_already_exists"
	ErrorCodeSAMLEntityIDMismatch              ErrorCode = "saml_entity_id_mismatch"
	ErrorCodeConflict                          ErrorCode = "conflict"
	ErrorCodeProviderDisabled                  ErrorCode = "provider_disabled"
	ErrorCodeUserSSOManaged                    ErrorCode = "user_sso_managed"
	ErrorCodeReauthenticationNeeded            ErrorCode = "reauthentication_needed"
	ErrorCodeSamePassword                      ErrorCode = "same_password"
	ErrorCodeReauthenticationNotValid          ErrorCode = "reauthentication_not_valid"
	ErrorCodeOTPExpired                        ErrorCode = "otp_expired"
	ErrorCodeOTPDisabled                       ErrorCode = "otp_disabled"
	ErrorCodeIdentityNotFound                  ErrorCode = "identity_not_found"
	ErrorCodeWeakPassword                      ErrorCode = "weak_password"
	ErrorCodeOverRequestRateLimit              ErrorCode = "over_request_rate_limit"
	ErrorCodeOverEmailSendRateLimit            ErrorCode = "over_email_send_rate_limit"
	ErrorCodeOverSMSSendRateLimit              ErrorCode = "over_sms_send_rate_limit"
	ErrorBadCodeVerifier                       ErrorCode = "bad_code_verifier"
	ErrorCodeAnonymousProviderDisabled         ErrorCode = "anonymous_provider_disabled"
	ErrorCodeHookTimeout                       ErrorCode = "hook_timeout"
	ErrorCodeHookTimeoutAfterRetry             ErrorCode = "hook_timeout_after_retry"
	ErrorCodeHookPayloadOverSizeLimit          ErrorCode = "hook_payload_over_size_limit"
	ErrorCodeHookPayloadUnknownSize            ErrorCode = "hook_payload_unknown_size"
)

type ExternalProviderClaims

type ExternalProviderClaims struct {
	AuthMicroserviceClaims
	Provider        string `json:"provider"`
	InviteToken     string `json:"invite_token,omitempty"`
	Referrer        string `json:"referrer,omitempty"`
	FlowStateID     string `json:"flow_state_id"`
	LinkingTargetID string `json:"linking_target_id,omitempty"`
}

ExternalProviderClaims are the JWT claims sent as the state in the external oauth provider signup flow

type FunctionHooks

type FunctionHooks map[string][]string

func (*FunctionHooks) UnmarshalJSON

func (f *FunctionHooks) UnmarshalJSON(b []byte) error

type GenerateLinkParams

type GenerateLinkParams struct {
	Type       string                 `json:"type"`
	Email      string                 `json:"email"`
	NewEmail   string                 `json:"new_email"`
	Password   string                 `json:"password"`
	Data       map[string]interface{} `json:"data"`
	RedirectTo string                 `json:"redirect_to"`
}

type GenerateLinkResponse

type GenerateLinkResponse struct {
	models.User
	ActionLink       string `json:"action_link"`
	EmailOtp         string `json:"email_otp"`
	HashedToken      string `json:"hashed_token"`
	VerificationType string `json:"verification_type"`
	RedirectTo       string `json:"redirect_to"`
}

type HTTPError

type HTTPError struct {
	HTTPStatus      int    `json:"code"`                 // do not rename the JSON tags!
	ErrorCode       string `json:"error_code,omitempty"` // do not rename the JSON tags!
	Message         string `json:"msg"`                  // do not rename the JSON tags!
	InternalError   error  `json:"-"`
	InternalMessage string `json:"-"`
	ErrorID         string `json:"error_id,omitempty"`
}

HTTPError is an error with a message and an HTTP status code.

func (*HTTPError) Cause

func (e *HTTPError) Cause() error

Cause returns the root cause error

func (*HTTPError) Error

func (e *HTTPError) Error() string

func (*HTTPError) Is

func (e *HTTPError) Is(target error) bool

func (*HTTPError) WithInternalError

func (e *HTTPError) WithInternalError(err error) *HTTPError

WithInternalError adds internal error information to the error

func (*HTTPError) WithInternalMessage

func (e *HTTPError) WithInternalMessage(fmtString string, args ...interface{}) *HTTPError

WithInternalMessage adds internal message information to the error

type HTTPErrorResponse20240101

type HTTPErrorResponse20240101 struct {
	Code    ErrorCode `json:"code"`
	Message string    `json:"message"`
}

type HealthCheckResponse

type HealthCheckResponse struct {
	Version     string `json:"version"`
	Name        string `json:"name"`
	Description string `json:"description"`
}

type IdTokenGrantParams

type IdTokenGrantParams struct {
	IdToken     string `json:"id_token"`
	AccessToken string `json:"access_token"`
	Nonce       string `json:"nonce"`
	Provider    string `json:"provider"`
	ClientID    string `json:"client_id"`
	Issuer      string `json:"issuer"`
}

IdTokenGrantParams are the parameters the IdTokenGrant method accepts

type InviteParams

type InviteParams struct {
	Email string                 `json:"email"`
	Data  map[string]interface{} `json:"data"`
}

InviteParams are the parameters the Signup endpoint accepts

type LogoutBehavior

type LogoutBehavior string
const (
	LogoutGlobal LogoutBehavior = "global"
	LogoutLocal  LogoutBehavior = "local"
	LogoutOthers LogoutBehavior = "others"
)

type MagicLinkParams

type MagicLinkParams struct {
	Email               string                 `json:"email"`
	Data                map[string]interface{} `json:"data"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

MagicLinkParams holds the parameters for a magic link request

func (*MagicLinkParams) Validate

func (p *MagicLinkParams) Validate() error

type OAuthError

type OAuthError struct {
	Err             string `json:"error"`
	Description     string `json:"error_description,omitempty"`
	InternalError   error  `json:"-"`
	InternalMessage string `json:"-"`
}

OAuthError is the JSON handler for OAuth2 error responses

func (*OAuthError) Cause

func (e *OAuthError) Cause() error

Cause returns the root cause error

func (*OAuthError) Error

func (e *OAuthError) Error() string

func (*OAuthError) WithInternalError

func (e *OAuthError) WithInternalError(err error) *OAuthError

WithInternalError adds internal error information to the error

func (*OAuthError) WithInternalMessage

func (e *OAuthError) WithInternalMessage(fmtString string, args ...interface{}) *OAuthError

WithInternalMessage adds internal message information to the error

type OAuthProviderData

type OAuthProviderData struct {
	// contains filtered or unexported fields
}

OAuthProviderData contains the userData and token returned by the oauth provider

type OtpParams

type OtpParams struct {
	Email               string                 `json:"email"`
	Phone               string                 `json:"phone"`
	CreateUser          bool                   `json:"create_user"`
	Data                map[string]interface{} `json:"data"`
	Channel             string                 `json:"channel"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

OtpParams contains the request body params for the otp endpoint

func (*OtpParams) Validate

func (p *OtpParams) Validate() error

type PKCEGrantParams

type PKCEGrantParams struct {
	AuthCode     string `json:"auth_code"`
	CodeVerifier string `json:"code_verifier"`
}

PKCEGrantParams are the parameters the PKCEGrant method accepts

type PasswordGrantParams

type PasswordGrantParams struct {
	Email    string `json:"email"`
	Phone    string `json:"phone"`
	Password string `json:"password"`
}

PasswordGrantParams are the parameters the ResourceOwnerPasswordGrant method accepts

type ProfileUpdateParams

type ProfileUpdateParams struct {
	FirstName           *string        `json:"first_name"`
	LastName            *string        `json:"last_name"`
	Username            *string        `json:"username"`
	Bio                 *string        `json:"bio"`
	BirthDate           *calendar.Date `json:"birth_date"`
	Channel             string         `json:"channel"`
	CodeChallenge       string         `json:"code_challenge"`
	CodeChallengeMethod string         `json:"code_challenge_method"`
}

UserUpdateParams parameters for updating a user

type ProviderSettings

type ProviderSettings struct {
	AnonymousUsers bool `json:"anonymous_users"`
	Apple          bool `json:"apple"`
	Azure          bool `json:"azure"`
	Bitbucket      bool `json:"bitbucket"`
	Discord        bool `json:"discord"`
	Facebook       bool `json:"facebook"`
	Figma          bool `json:"figma"`
	Fly            bool `json:"fly"`
	GitHub         bool `json:"github"`
	GitLab         bool `json:"gitlab"`
	Google         bool `json:"google"`
	Keycloak       bool `json:"keycloak"`
	Kakao          bool `json:"kakao"`
	Linkedin       bool `json:"linkedin"`
	LinkedinOIDC   bool `json:"linkedin_oidc"`
	Notion         bool `json:"notion"`
	Spotify        bool `json:"spotify"`
	Slack          bool `json:"slack"`
	WorkOS         bool `json:"workos"`
	Twitch         bool `json:"twitch"`
	Twitter        bool `json:"twitter"`
	Email          bool `json:"email"`
	Phone          bool `json:"phone"`
	Zoom           bool `json:"zoom"`
}

type RecoverParams

type RecoverParams struct {
	Email               string `json:"email"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
}

RecoverParams holds the parameters for a password recovery request

func (*RecoverParams) Validate

func (p *RecoverParams) Validate() error

type RefreshTokenGrantParams

type RefreshTokenGrantParams struct {
	RefreshToken string `json:"refresh_token"`
}

RefreshTokenGrantParams are the parameters the RefreshTokenGrant method accepts

type ResendConfirmationParams

type ResendConfirmationParams struct {
	Type  string `json:"type"`
	Email string `json:"email"`
	Phone string `json:"phone"`
}

ResendConfirmationParams holds the parameters for a resend request

func (*ResendConfirmationParams) Validate

type SAMLAssertion

type SAMLAssertion struct {
	*saml.Assertion
}

func (*SAMLAssertion) Attribute

func (a *SAMLAssertion) Attribute(name string) []saml.AttributeValue

Attribute returns the first matching attribute value in the attribute statements where name equals the official SAML attribute Name or FriendlyName. Returns nil if such an attribute can't be found.

func (*SAMLAssertion) Email

func (a *SAMLAssertion) Email() string

Email returns the best guess for an email address.

func (*SAMLAssertion) NotAfter

func (a *SAMLAssertion) NotAfter() time.Time

NotAfter extracts the time at which or after this assertion should not be considered.

func (*SAMLAssertion) NotBefore

func (a *SAMLAssertion) NotBefore() time.Time

NotBefore extracts the time before which this assertion should not be considered.

func (*SAMLAssertion) Process

func (a *SAMLAssertion) Process(mapping models.SAMLAttributeMapping) map[string]interface{}

Process processes this assertion according to the SAMLAttributeMapping. Never returns nil.

func (*SAMLAssertion) SubjectID

func (a *SAMLAssertion) SubjectID() (string, bool)

SubjectID returns the user identifier in present in the Subject section of the SAML assertion. Note that this way of identifying the Subject is generally superseded by the SAMLSubjectIDAttributeName assertion attribute; tho must be present in all assertions. It can have a few formats, of which the most important are: saml.EmailAddressNameIDFormat (meaning the user ID is an email address), saml.PersistentNameIDFormat (the user ID is an opaque string that does not change with each assertion, e.g. UUID), saml.TransientNameIDFormat (the user ID changes with each assertion -- can't be used to identify a user). The boolean returned identifies if the user ID is persistent. If it's an email address, it's lowercased just in case.

func (*SAMLAssertion) UserID

func (a *SAMLAssertion) UserID() string

UserID returns the best choice for a persistent user identifier on the Identity Provider side. Don't assume the format of the string returned, as it's Identity Provider specific.

type Settings

type Settings struct {
	ExternalProviders ProviderSettings `json:"external"`
	DisableSignup     bool             `json:"disable_signup"`
	MailerAutoconfirm bool             `json:"mailer_autoconfirm"`
	PhoneAutoconfirm  bool             `json:"phone_autoconfirm"`
	SmsProvider       string           `json:"sms_provider"`
	MFAEnabled        bool             `json:"mfa_enabled"`
	SAMLEnabled       bool             `json:"saml_enabled"`
}

type SignupParams

type SignupParams struct {
	Email               string                 `json:"email"`
	Phone               string                 `json:"phone"`
	Password            string                 `json:"password"`
	Data                map[string]interface{} `json:"data"`
	Provider            string                 `json:"-"`
	Aud                 string                 `json:"-"`
	Channel             string                 `json:"channel"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

SignupParams are the parameters the Signup endpoint accepts

func (*SignupParams) ConfigureDefaults

func (p *SignupParams) ConfigureDefaults()

func (*SignupParams) ToUserModel

func (params *SignupParams) ToUserModel(isSSOUser bool) (user *models.User, err error)

type SingleSignOnParams

type SingleSignOnParams struct {
	ProviderID          uuid.UUID `json:"provider_id"`
	Domain              string    `json:"domain"`
	RedirectTo          string    `json:"redirect_to"`
	SkipHTTPRedirect    *bool     `json:"skip_http_redirect"`
	CodeChallenge       string    `json:"code_challenge"`
	CodeChallengeMethod string    `json:"code_challenge_method"`
}

type SingleSignOnResponse

type SingleSignOnResponse struct {
	URL string `json:"url"`
}

type SmsOtpResponse

type SmsOtpResponse struct {
	MessageID string `json:"message_id,omitempty"`
}

type SmsParams

type SmsParams struct {
	Phone               string                 `json:"phone"`
	Channel             string                 `json:"channel"`
	Data                map[string]interface{} `json:"data"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

SmsParams contains the request body params for sms otp

func (*SmsParams) Validate

func (p *SmsParams) Validate(smsProvider string) error

type TOTPObject

type TOTPObject struct {
	QRCode string `json:"qr_code"`
	Secret string `json:"secret"`
	URI    string `json:"uri"`
}

type UnenrollFactorResponse

type UnenrollFactorResponse struct {
	ID uuid.UUID `json:"id"`
}

type UserUpdateParams

type UserUpdateParams struct {
	Email               string                 `json:"email"`
	Password            *string                `json:"password"`
	Nonce               string                 `json:"nonce"`
	Data                map[string]interface{} `json:"data"`
	AppData             map[string]interface{} `json:"app_metadata,omitempty"`
	Phone               string                 `json:"phone"`
	Channel             string                 `json:"channel"`
	CodeChallenge       string                 `json:"code_challenge"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
}

UserUpdateParams parameters for updating a user

type VerifyFactorParams

type VerifyFactorParams struct {
	ChallengeID uuid.UUID `json:"challenge_id"`
	Code        string    `json:"code"`
}

type VerifyParams

type VerifyParams struct {
	Type       string `json:"type"`
	Token      string `json:"token"`
	TokenHash  string `json:"token_hash"`
	Email      string `json:"email"`
	Phone      string `json:"phone"`
	RedirectTo string `json:"redirect_to"`
}

VerifyParams are the parameters the Verify endpoint accepts

func (*VerifyParams) Validate

func (p *VerifyParams) Validate(r *http.Request) error

type WeakPasswordError

type WeakPasswordError struct {
	Message string   `json:"message,omitempty"`
	Reasons []string `json:"reasons,omitempty"`
}

WeakPasswordError encodes an error that a password does not meet strength requirements. It is handled specially in errors.go as it gets transformed to a HTTPError with a special weak_password field that encodes the Reasons slice.

func (*WeakPasswordError) Error

func (e *WeakPasswordError) Error() string

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL