acpclient

package module
v0.0.0-...-6316459 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 4, 2024 License: Apache-2.0 Imports: 67 Imported by: 19

README

Cloudentity ACP OpenAPI Go Client

This repository contains a generated OpenAPI client for Go

It's generated from OpenAPI 2.0 specification.

Sample usage

Client secret basic or client secret post authentication
import "github.com/cloudentity/acp-client-go"

var client = acpclient.New(acpclient.Config{
    ClientID:     "your-clients-id",
    ClientSecret: "your-clients-secret",
    AuthMethod:   acpclient.ClientSecretBasicAuthnMethod,
    IssuerURL:    "https://localhost:8443/default/default",
    Scopes:       []string{"introspect_tokens"},
})
Client secret basic or client secret post authentication with per-tenant vanity domain
import "github.com/cloudentity/acp-client-go"

var client = acpclient.New(acpclient.Config{
    ClientID:          "your-clients-id",
    ClientSecret:      "your-clients-secret",
    AuthMethod:        acpclient.ClientSecretBasicAuthnMethod,
    IssuerURL:         "https://acp.local:8443/default",
    VanityDomainType:  "tenant",
    TenantID:          "default",
    Scopes:            []string{"introspect_tokens"},
})
Client secret basic or client secret post authentication with per-server vanity domain
import "github.com/cloudentity/acp-client-go"

var client = acpclient.New(acpclient.Config{
    ClientID:          "your-clients-id",
    ClientSecret:      "your-clients-secret",
    AuthMethod:        acpclient.ClientSecretBasicAuthnMethod,
    IssuerURL:         "https://default.acp.local:8443",
    VanityDomainType:  "server",
    TenantID:          "default",
    ServerID:          "default",
    Scopes:            []string{"introspect_tokens"},
})
TLS client authentication
import "github.com/cloudentity/acp-client-go"

var client = acpclient.New(acpclient.Config{
    ClientID:  "your-clients-id",
    AuthMethod: acpclient.TLSClientAuthnMethod,
    IssuerURL: "https://localhost:8443/default/default",
    CertFile:  "./cert.pem",
    KeyFile:   "./key.pem",
    RootCA:    "./ca.pem",
    Scopes:    []string{"accounts"},
})

Documentation

Index

Constants

View Source 
const (
	NonceLength    = 20
	StateLength    = 8
	VerifierLength = 43
)

Variables

This section is empty.

Functions

func NewAuthenticator 

func NewAuthenticator(config clientcredentials.Config, client *http.Client) *http.Client

Types

type Admin 

type Admin struct {
	*adminClient.Acp
}

type AuthMethod 

type AuthMethod string
const (
	ClientSecretBasicAuthnMethod AuthMethod = "client_secret_basic"
	ClientSecretPostAuthnMethod  AuthMethod = "client_secret_post"
	ClientSecretJwtAuthnMethod   AuthMethod = "client_secret_jwt"
	PrivateKeyJwtAuthnMethod     AuthMethod = "private_key_jwt"
	SelfSignedTLSAuthnMethod     AuthMethod = "self_signed_tls_client_auth"
	TLSClientAuthnMethod         AuthMethod = "tls_client_auth"
	NoneAuthnMethod              AuthMethod = "none"
)

type Authenticator 

type Authenticator struct {
	// contains filtered or unexported fields
}

func (*Authenticator) RoundTrip 

func (t *Authenticator) RoundTrip(req *http.Request) (res *http.Response, err error)

type AuthorizeOption 

type AuthorizeOption interface {
	// contains filtered or unexported methods
}

func WithAuthorizationDetails 

func WithAuthorizationDetails(authorizationDetails string) AuthorizeOption

func WithOpenbankingACR 

func WithOpenbankingACR(acr []string) AuthorizeOption

func WithOpenbankingIntentID 

func WithOpenbankingIntentID(intentID string, acr []string) AuthorizeOption

func WithPAR 

func WithPAR(clientID string, requestURI string) AuthorizeOption

func WithPKCE 

func WithPKCE() AuthorizeOption

func WithRequestObjectEncryption 

func WithRequestObjectEncryption(key jose.JSONWebKey) AuthorizeOption

func WithResponseMode 

func WithResponseMode(responseMode string) AuthorizeOption

func WithResponseType 

func WithResponseType(responseTypes ...string) AuthorizeOption

func WithSignedRequestObject 

func WithSignedRequestObject(claims jwt.MapClaims) AuthorizeOption

type CSRF 

type CSRF struct {
	// State is an opaque value used by the client to maintain
	// state between the request and callback.  The authorization
	// server includes this value when redirecting the user-agent back
	// to the client.  The parameter SHOULD be used for preventing
	// cross-site request forgery
	State string

	// Nonce is a string value used to associate a client session with
	// an ID Token, and to mitigate replay attacks
	Nonce string

	// PKCE code verifier
	Verifier string
}

CSRF contains state, nonce and/or PKCEverifier which are used to mitigate replay attacks and cross-site request forgery.

func NewCSRF 

func NewCSRF() (csrf CSRF, err error)

type Cdr 

type Cdr struct {
	*cdr.Acp
}

type ClaimRequest 

type ClaimRequest struct {
	Essential bool     `json:"essential"`
	Value     string   `json:"value"`
	Values    []string `json:"values"`
}

type ClaimRequests 

type ClaimRequests struct {
	Userinfo map[string]*ClaimRequest `json:"userinfo"`
	IDToken  map[string]*ClaimRequest `json:"id_token"`
}

type Client 

type Client struct {
	Oauth2    *Oauth2
	Admin     *Admin
	Developer *Developer
	Public    *Public
	System    *System
	Web       *Web
	Root      *Root
	Fdx       *Fdx
	Cdr       *Cdr
	Obuk      *Obuk
	Obbr      *Obbr
	Opin      *Opin
	Ksa       *Ksa
	Hub       *Hub

	*OpenbankingUK
	*OpenbankingBrasil

	Identity       *Identity
	IdentitySelf   *IdentitySelf
	IdentityRoot   *IdentityRoot
	IdentitySystem *IdentitySystem

	// Client configuration
	Config Config

	// Tenant id read from the IssuerURL
	TenantID string

	// Authorization server id read from the IssuerURL
	ServerID string

	// Base path read from the IssuerURL
	BasePath string
	// contains filtered or unexported fields
}

Client provides a client to the ACP API

func New 

func New(cfg Config) (c Client, err error)

Create a new ACP client instance based on config.

func (*Client) AuthorizeURL 

func (c *Client) AuthorizeURL(options ...AuthorizeOption) (authorizeURL string, csrf CSRF, err error)

func (*Client) AuthorizeURLWithPAR 

func (c *Client) AuthorizeURLWithPAR(requestURI string) (authorizeURL string, err error)

func (*Client) DoPAR 

func (c *Client) DoPAR(options ...AuthorizeOption) (pr PARResponse, csrf CSRF, err error)

func (*Client) DoRequest 

func (c *Client) DoRequest(request *http.Request) (*http.Response, error)

func (*Client) Exchange 

func (c *Client) Exchange(code string, state string, csrf CSRF) (token Token, err error)

func (*Client) GenerateClientAssertion 

func (c *Client) GenerateClientAssertion() (assertion string, err error)

func (*Client) IntrospectToken 

func (c *Client) IntrospectToken(ctx context.Context, token string) (*o2models.IntrospectResponse, error)

func (*Client) Userinfo 

func (c *Client) Userinfo(token string) (body map[string]interface{}, err error)

type Config 

type Config struct {
	// ClientID is the application's ID.
	ClientID string `json:"client_id"`

	// AuthMethod represents how requests for tokens are authenticated to the server.
	AuthMethod AuthMethod

	// ClientSecret is the application's secret.
	ClientSecret string `json:"client_secret"`

	// RedirectURL is the URL to redirect users after authentication.
	RedirectURL *url.URL `json:"redirect_url"`

	// IssuerURL is the authorization server's url.
	// example: https://localhost:8443/default/default
	IssuerURL *url.URL `json:"issuer_url"`

	// TokenURL is the authorization server's token url.
	// Optional if issuerURL provided
	TokenURL *url.URL

	// AuthorizeURL is the authorization server's authorize url.
	// Optional if issuerURL provided
	AuthorizeURL *url.URL

	// PushedAuthorizationRequestEndpoint is URL of the pushed authorization request endpoint
	// at which a client can post an authorization request to exchange
	// for a "request_uri" value usable at the authorization server.
	PushedAuthorizationRequestEndpoint *url.URL

	// UserinfoURL is the authorization server's userinfo url.
	// Optional if issuerURL provided
	UserinfoURL *url.URL

	// Scope specifies optional requested permissions.
	Scopes []string `json:"scopes"`

	// Path to the file with private key for signing request object.
	RequestObjectSigningKeyFile string `json:"request_object_signing_key_file"`

	// Request object signing algorithm
	// If empty RS256 will be used
	RequestObjectSigningAlg string `json:"request_object_signing_alg"`

	// Path to the file with private key for private_key_jwt token authentication
	ClientAssertionSigningKeyFile string `json:"client_assertion_signing_key_file"`

	// Client assertion signing algorithm
	// If empty RS256 will be used
	ClientAssertionSigningAlg string `json:"client_assertion_signing_alg"`

	// Path to the file with private key for encrypting request object.
	RequestObjectEncryptionKeyFile string `json:"request_object_encryption_key_file"`

	// Optional request object expiration time
	// If not provided, it will be se to 1 minute
	RequestObjectExpiration *time.Duration `json:"request_object_expiration"`

	// Default HttpClient timeout.
	// Ignored if HttpClient is provided.
	Timeout time.Duration `json:"timeout"`

	// Optional path to the file with certificate for tls authentication.
	// Ignored if HttpClient is provided.
	CertFile string `json:"cert_file"`

	// Optional path to the file with private key for tls authentication.
	// Ignored if HttpClient is provided.
	KeyFile string `json:"key_file"`

	// Optional path to the file with root CAs.
	// Ignored if HttpClient is provided.
	RootCA string `json:"root_ca"`

	// HttpClient is the client to use. Default will be used if not provided.
	HttpClient *http.Client `json:"-"`

	// Optional vanity domain type, one of "", "tenant" or "server".
	VanityDomainType string `json:"vanity_domain_type"`

	// Tenant id required when VanityDomainType is "tenant" or "server"
	TenantID string `json:"tenant_id"`

	// Authorization server id required when VanityDomainType is "server".
	ServerID string `json:"server_id"`

	// If enabled, client credentials flow won't be applied
	SkipClientCredentialsAuthn bool `json:"skip_client_credentials_authn"`
}

ACP client configuration

func (*Config) GetAuthorizeURL 

func (c *Config) GetAuthorizeURL() string

func (*Config) GetPARURL 

func (c *Config) GetPARURL() string

func (*Config) GetTokenURL 

func (c *Config) GetTokenURL() string

func (*Config) GetUserinfoURL 

func (c *Config) GetUserinfoURL() string

type Developer 

type Developer struct {
	*developerClient.Acp
}

type Fdx 

type Fdx struct {
	*fdx.Acp
}

type Hub 

type Hub struct {
	*hub.Acp
}

type Identity 

type Identity struct {
	*identity.Acp
}

type IdentityRoot 

type IdentityRoot struct {
	*identityroot.Acp
}

type IdentitySelf 

type IdentitySelf struct {
	*identityself.Acp
}

type IdentitySystem 

type IdentitySystem struct {
	*identitysystem.Acp
}

type JWTClaims 

type JWTClaims map[string]interface{}

func (*JWTClaims) Valid 

func (j *JWTClaims) Valid() error

type JWTConsumer 

type JWTConsumer struct{}

func (*JWTConsumer) Consume 

func (c *JWTConsumer) Consume(r io.Reader, out interface{}) error

type Ksa 

type Ksa struct {
	*ksa.Acp
}

type Oauth2 

type Oauth2 struct {
	*o2Client.Acp
}

type Obbr 

type Obbr struct {
	*obbr.Acp
}

type Obuk 

type Obuk struct {
	*obuk.Acp
}

type OpenbankingBrasil 

type OpenbankingBrasil struct {
	Consents *obbrConsents.OpenbankingBRClient
	Payments *obbrPayments.OpenbankingBRClient
}

type OpenbankingUK 

type OpenbankingUK struct {
	Accounts *obukAccounts.OpenbankingUKClient
	Payments *obukPayments.OpenbankingUKClient
}

type Opin 

type Opin struct {
	*opin.Acp
}

type PARResponse 

type PARResponse struct {
	ExpiresIn  int64  `json:"expires_in,omitempty"`
	RequestURI string `json:"request_uri,omitempty"`
}

type Public 

type Public struct {
	*publicClient.Acp
}

type Root 

type Root struct {
	*rootClient.Acp
}

type System 

type System struct {
	*systemClient.Acp
}

type Token 

type Token struct {
	AccessToken  string `json:"access_token"`
	IDToken      string `json:"id_token"`
	RefreshToken string `json:"refresh_token"`
	TokenType    string `json:"token_type"`
	Scope        string `json:"scope"`
	ExpiresIn    int    `json:"expires_in"`
	GrantID      string `json:"grant_id,omitempty"`
}

type Web 

type Web struct {
	*webClient.Acp
}

Source Files

View all Source files

Directories

Path Synopsis
clients
admin/client
admin/client/a_c_rs
admin/client/apis
admin/client/audit_events
admin/client/authorization_details
admin/client/brute_force_limits
admin/client/claims
admin/client/clients
admin/client/consents
admin/client/custom_apps
admin/client/environment
admin/client/features
admin/client/gateways
admin/client/idps
admin/client/images
admin/client/keys
admin/client/license
admin/client/mfa_methods
admin/client/openbanking
admin/client/organizations
admin/client/permissions
admin/client/policies
admin/client/recent_activities
admin/client/roles
admin/client/scopes
admin/client/scripts
admin/client/secrets
admin/client/servers
admin/client/services
admin/client/system
admin/client/templates
admin/client/tenants
admin/client/themes
admin/client/tokens
admin/client/vanity_domains
admin/client/webhooks
admin/client/workspaces
admin/models
cdr/client
cdr/client/c_d_r
cdr/client/c_o_n_s_e_n_t_p_a_g_e
cdr/client/d_c_r
cdr/client/m_a_n_a_g_e_m_e_n_t
cdr/models
developer/client
developer/client/clients
developer/client/environment
developer/client/servers
developer/models
fdx/client
fdx/client/c_o_n_s_e_n_t_p_a_g_e
fdx/client/d_c_r
fdx/client/f_d_x
fdx/client/m_a_n_a_g_e_m_e_n_t
fdx/models
hub/client
hub/client/root_configuration
hub/client/tenant_configuration
hub/client/workspace_configuration
hub/models
identity/client
identity/client/b2_b_users
identity/client/o_t_p
identity/client/permissions
identity/client/pools
identity/client/schemas
identity/client/users
identity/models
identityroot/client
identityroot/client/configuration
identityroot/client/system
identityroot/models
identityself/client
identityself/client/mfa
identityself/client/o_t_p
identityself/client/users
identityself/models
identitysystem/client
identitysystem/client/o_t_p
identitysystem/client/pools
identitysystem/client/schemas
identitysystem/client/tenants
identitysystem/client/users
identitysystem/models
ksa/client
ksa/client/c_o_n_s_e_n_t_p_a_g_e
ksa/models
oauth2/client
oauth2/client/oauth2
oauth2/models
obbr/client
obbr/client/c_o_n_s_e_n_t_p_a_g_e
obbr/client/d_c_r
obbr/client/m_a_n_a_g_e_m_e_n_t
obbr/client/o_b_b_r
obbr/models
obuk/client
obuk/client/c_o_n_s_e_n_t_p_a_g_e
obuk/client/d_c_r
obuk/client/m_a_n_a_g_e_m_e_n_t
obuk/client/o_b_u_k
obuk/models
openbankingBR/consents/client
openbankingBR/consents/client/consents
openbankingBR/consents/models
openbankingBR/payments/client
openbankingBR/payments/client/pagamentos
openbankingBR/payments/models
openbankingUK/accounts/client
openbankingUK/accounts/client/account_access
openbankingUK/accounts/models
openbankingUK/payments/client
openbankingUK/payments/client/domestic_payments
openbankingUK/payments/client/domestic_scheduled_payments
openbankingUK/payments/client/domestic_standing_orders
openbankingUK/payments/client/file_payments
openbankingUK/payments/client/international_payments
openbankingUK/payments/client/international_scheduled_payments
openbankingUK/payments/client/international_standing_orders
openbankingUK/payments/models
opin/client
opin/client/o_p_i_n
opin/models
public/client
public/client/clients
public/client/consents
public/client/environment
public/client/sessions
public/client/tokens
public/client/transient_otp
public/models
root/client
root/client/configuration
root/client/features
root/client/licenses
root/client/limits
root/client/security
root/client/tenants
root/client/workspaces
root/models
system/client
system/client/audit_events
system/client/clients
system/client/consents
system/client/gateways
system/client/logins
system/client/organizations
system/client/post_authn
system/client/scopes
system/client/servers
system/client/system
system/client/tenants
system/client/tokens
system/models
web/client
web/client/web
web/models

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.