Documentation ¶
Index ¶
- Constants
- func ACRValuesToBusiness(values []string) []domain.LevelOfAssurance
- func AMRFromMFAType(mfaType domain.MFAType) string
- func AuthRequestFromBusiness(authReq *domain.AuthRequest) (_ op.AuthRequest, err error)
- func ClientFromBusiness(app *query.App, defaultLoginURL string, ...) (op.Client, error)
- func CodeChallengeToBusiness(challenge string, method oidc.CodeChallengeMethod) *domain.OIDCCodeChallenge
- func CodeChallengeToOIDC(challenge *domain.OIDCCodeChallenge) *oidc.CodeChallenge
- func CreateAuthRequestToBusiness(ctx context.Context, authReq *oidc.AuthRequest, userAgentID, userID string) *domain.AuthRequest
- func GetSelectedIDPIDFromScopes(scopes oidc.SpaceDelimitedArray) string
- func HttpHeadersFromContext(ctx context.Context) (userAgent, acceptLang string)
- func IpFromContext(ctx context.Context) net.IP
- func MaxAgeToBusiness(maxAge *uint) *time.Duration
- func NewProvider(ctx context.Context, config Config, defaultLogoutRedirectURI string, ...) (op.OpenIDProvider, error)
- func ParseBrowserInfoFromContext(ctx context.Context) *domain.BrowserInfo
- func PromptToBusiness(oidcPrompt []string) []domain.Prompt
- func RefreshTokenRequestFromBusiness(tokenView *model.RefreshTokenView) op.RefreshTokenRequest
- func ResponseTypeToBusiness(responseType oidc.ResponseType) domain.OIDCResponseType
- func ResponseTypeToOIDC(responseType domain.OIDCResponseType) oidc.ResponseType
- func UILocalesToBusiness(tags []language.Tag) []string
- type AuthRequest
- func (a *AuthRequest) Done() bool
- func (a *AuthRequest) GetACR() string
- func (a *AuthRequest) GetAMR() []string
- func (a *AuthRequest) GetAudience() []string
- func (a *AuthRequest) GetAuthTime() time.Time
- func (a *AuthRequest) GetClientID() string
- func (a *AuthRequest) GetCodeChallenge() *oidc.CodeChallenge
- func (a *AuthRequest) GetID() string
- func (a *AuthRequest) GetNonce() string
- func (a *AuthRequest) GetRedirectURI() string
- func (a *AuthRequest) GetResponseMode() oidc.ResponseMode
- func (a *AuthRequest) GetResponseType() oidc.ResponseType
- func (a *AuthRequest) GetScopes() []string
- func (a *AuthRequest) GetState() string
- func (a *AuthRequest) GetSubject() string
- type Client
- func (c *Client) AccessTokenLifetime() time.Duration
- func (c *Client) AccessTokenType() op.AccessTokenType
- func (c *Client) ApplicationType() op.ApplicationType
- func (c *Client) AuthMethod() oidc.AuthMethod
- func (c *Client) ClockSkew() time.Duration
- func (c *Client) DevMode() bool
- func (c *Client) GetID() string
- func (c *Client) GrantTypes() []oidc.GrantType
- func (c *Client) IDTokenLifetime() time.Duration
- func (c *Client) IDTokenUserinfoClaimsAssertion() bool
- func (c *Client) IsScopeAllowed(scope string) bool
- func (c *Client) LoginURL(id string) string
- func (c *Client) PostLogoutRedirectURIs() []string
- func (c *Client) RedirectURIs() []string
- func (c *Client) ResponseTypes() []oidc.ResponseType
- func (c *Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string
- func (c *Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string
- type Config
- type Endpoint
- type EndpointConfig
- type OPStorage
- func (o *OPStorage) AuthRequestByCode(ctx context.Context, code string) (_ op.AuthRequest, err error)
- func (o *OPStorage) AuthRequestByID(ctx context.Context, id string) (_ op.AuthRequest, err error)
- func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secret string) (err error)
- func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.TokenRequest, refreshToken string) (_, _ string, _ time.Time, err error)
- func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest) (_ string, _ time.Time, err error)
- func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (_ op.AuthRequest, err error)
- func (o *OPStorage) DeleteAuthRequest(ctx context.Context, id string) (err error)
- func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (_ op.Client, err error)
- func (o *OPStorage) GetKeyByIDAndIssuer(ctx context.Context, keyID, issuer string) (_ *jose.JSONWebKey, err error)
- func (o *OPStorage) GetKeyByIDAndUserID(ctx context.Context, keyID, userID string) (_ *jose.JSONWebKey, err error)
- func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (claims map[string]interface{}, err error)
- func (o *OPStorage) Health(ctx context.Context) error
- func (o *OPStorage) KeySet(ctx context.Context) (keys []op.Key, err error)
- func (o *OPStorage) RevokeToken(ctx context.Context, token, userID, clientID string) *oidc.Error
- func (o *OPStorage) SaveAuthCode(ctx context.Context, id, code string) (err error)
- func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection oidc.IntrospectionResponse, ...) error
- func (o *OPStorage) SetUserinfoFromScopes(ctx context.Context, userInfo oidc.UserInfoSetter, ...) (err error)
- func (o *OPStorage) SetUserinfoFromToken(ctx context.Context, userInfo oidc.UserInfoSetter, ...) (err error)
- func (o *OPStorage) SignatureAlgorithms(ctx context.Context) ([]jose.SignatureAlgorithm, error)
- func (o *OPStorage) SigningKey(ctx context.Context) (key op.SigningKey, err error)
- func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID string) (err error)
- func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken string) (op.RefreshTokenRequest, error)
- func (o *OPStorage) ValidateJWTProfileScopes(ctx context.Context, subject string, scopes []string) ([]string, error)
- type PublicKey
- type RefreshTokenRequest
- func (r *RefreshTokenRequest) GetAMR() []string
- func (r *RefreshTokenRequest) GetAudience() []string
- func (r *RefreshTokenRequest) GetAuthTime() time.Time
- func (r *RefreshTokenRequest) GetClientID() string
- func (r *RefreshTokenRequest) GetScopes() []string
- func (r *RefreshTokenRequest) GetSubject() string
- func (r *RefreshTokenRequest) SetCurrentScopes(scopes []string)
- type SigningKey
Constants ¶
View Source
const ( ScopeProjectRolePrefix = "urn:zitadel:iam:org:project:role:" ClaimProjectRoles = "urn:zitadel:iam:org:project:roles" ScopeUserMetaData = "urn:zitadel:iam:user:metadata" ClaimUserMetaData = ScopeUserMetaData ScopeResourceOwner = "urn:zitadel:iam:user:resourceowner" ClaimResourceOwner = ScopeResourceOwner + ":" ClaimActionLogFormat = "urn:zitadel:iam:action:%s:log" )
Variables ¶
This section is empty.
Functions ¶
func ACRValuesToBusiness ¶
func ACRValuesToBusiness(values []string) []domain.LevelOfAssurance
func AMRFromMFAType ¶
func AuthRequestFromBusiness ¶
func AuthRequestFromBusiness(authReq *domain.AuthRequest) (_ op.AuthRequest, err error)
func ClientFromBusiness ¶
func CodeChallengeToBusiness ¶
func CodeChallengeToBusiness(challenge string, method oidc.CodeChallengeMethod) *domain.OIDCCodeChallenge
func CodeChallengeToOIDC ¶
func CodeChallengeToOIDC(challenge *domain.OIDCCodeChallenge) *oidc.CodeChallenge
func CreateAuthRequestToBusiness ¶
func CreateAuthRequestToBusiness(ctx context.Context, authReq *oidc.AuthRequest, userAgentID, userID string) *domain.AuthRequest
func GetSelectedIDPIDFromScopes ¶
func GetSelectedIDPIDFromScopes(scopes oidc.SpaceDelimitedArray) string
func HttpHeadersFromContext ¶
func MaxAgeToBusiness ¶
func NewProvider ¶
func NewProvider(ctx context.Context, config Config, defaultLogoutRedirectURI string, externalSecure bool, command *command.Commands, query *query.Queries, repo repository.Repository, encryptionAlg crypto.EncryptionAlgorithm, cryptoKey []byte, es *eventstore.Eventstore, projections *sql.DB, userAgentCookie, instanceHandler func(http.Handler) http.Handler) (op.OpenIDProvider, error)
func ParseBrowserInfoFromContext ¶
func ParseBrowserInfoFromContext(ctx context.Context) *domain.BrowserInfo
func PromptToBusiness ¶
func RefreshTokenRequestFromBusiness ¶
func RefreshTokenRequestFromBusiness(tokenView *model.RefreshTokenView) op.RefreshTokenRequest
func ResponseTypeToBusiness ¶
func ResponseTypeToBusiness(responseType oidc.ResponseType) domain.OIDCResponseType
func ResponseTypeToOIDC ¶
func ResponseTypeToOIDC(responseType domain.OIDCResponseType) oidc.ResponseType
func UILocalesToBusiness ¶
Types ¶
type AuthRequest ¶
type AuthRequest struct {
*domain.AuthRequest
}
func (*AuthRequest) Done ¶
func (a *AuthRequest) Done() bool
func (*AuthRequest) GetACR ¶
func (a *AuthRequest) GetACR() string
func (*AuthRequest) GetAMR ¶
func (a *AuthRequest) GetAMR() []string
func (*AuthRequest) GetAudience ¶
func (a *AuthRequest) GetAudience() []string
func (*AuthRequest) GetAuthTime ¶
func (a *AuthRequest) GetAuthTime() time.Time
func (*AuthRequest) GetClientID ¶
func (a *AuthRequest) GetClientID() string
func (*AuthRequest) GetCodeChallenge ¶
func (a *AuthRequest) GetCodeChallenge() *oidc.CodeChallenge
func (*AuthRequest) GetID ¶
func (a *AuthRequest) GetID() string
func (*AuthRequest) GetNonce ¶
func (a *AuthRequest) GetNonce() string
func (*AuthRequest) GetRedirectURI ¶
func (a *AuthRequest) GetRedirectURI() string
func (*AuthRequest) GetResponseMode ¶
func (a *AuthRequest) GetResponseMode() oidc.ResponseMode
func (*AuthRequest) GetResponseType ¶
func (a *AuthRequest) GetResponseType() oidc.ResponseType
func (*AuthRequest) GetScopes ¶
func (a *AuthRequest) GetScopes() []string
func (*AuthRequest) GetState ¶
func (a *AuthRequest) GetState() string
func (*AuthRequest) GetSubject ¶
func (a *AuthRequest) GetSubject() string
type Client ¶
type Client struct {
// contains filtered or unexported fields
}
func (*Client) AccessTokenLifetime ¶
func (*Client) AccessTokenType ¶
func (c *Client) AccessTokenType() op.AccessTokenType
func (*Client) ApplicationType ¶
func (c *Client) ApplicationType() op.ApplicationType
func (*Client) AuthMethod ¶
func (c *Client) AuthMethod() oidc.AuthMethod
func (*Client) GrantTypes ¶
func (*Client) IDTokenLifetime ¶
func (*Client) IDTokenUserinfoClaimsAssertion ¶
func (*Client) IsScopeAllowed ¶
func (*Client) PostLogoutRedirectURIs ¶
func (*Client) RedirectURIs ¶
func (*Client) ResponseTypes ¶
func (c *Client) ResponseTypes() []oidc.ResponseType
func (*Client) RestrictAdditionalAccessTokenScopes ¶
func (*Client) RestrictAdditionalIdTokenScopes ¶
type Config ¶
type Config struct { CodeMethodS256 bool AuthMethodPost bool AuthMethodPrivateKeyJWT bool GrantTypeRefreshToken bool RequestObjectSupported bool SigningKeyAlgorithm string DefaultAccessTokenLifetime time.Duration DefaultIdTokenLifetime time.Duration DefaultRefreshTokenIdleExpiration time.Duration DefaultRefreshTokenExpiration time.Duration UserAgentCookieConfig *middleware.UserAgentCookieConfig Cache *middleware.CacheConfig CustomEndpoints *EndpointConfig }
type EndpointConfig ¶
type OPStorage ¶
type OPStorage struct {
// contains filtered or unexported fields
}
func (*OPStorage) AuthRequestByCode ¶
func (*OPStorage) AuthRequestByID ¶
func (*OPStorage) AuthorizeClientIDSecret ¶
func (*OPStorage) CreateAccessAndRefreshTokens ¶
func (*OPStorage) CreateAccessToken ¶
func (*OPStorage) CreateAuthRequest ¶
func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (_ op.AuthRequest, err error)
func (*OPStorage) DeleteAuthRequest ¶
func (*OPStorage) GetClientByClientID ¶
func (*OPStorage) GetKeyByIDAndIssuer ¶
func (*OPStorage) GetKeyByIDAndUserID ¶
func (*OPStorage) GetPrivateClaimsFromScopes ¶
func (*OPStorage) RevokeToken ¶
func (*OPStorage) SaveAuthCode ¶
func (*OPStorage) SetIntrospectionFromToken ¶
func (*OPStorage) SetUserinfoFromScopes ¶
func (*OPStorage) SetUserinfoFromToken ¶
func (*OPStorage) SignatureAlgorithms ¶
SignatureAlgorithms implements the op.Storage interface
func (*OPStorage) SigningKey ¶
SigningKey implements the op.Storage interface
func (*OPStorage) TerminateSession ¶
func (*OPStorage) TokenRequestByRefreshToken ¶
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey wraps the query.PublicKey to implement the op.Key interface
type RefreshTokenRequest ¶
type RefreshTokenRequest struct {
*model.RefreshTokenView
}
func (*RefreshTokenRequest) GetAMR ¶
func (r *RefreshTokenRequest) GetAMR() []string
func (*RefreshTokenRequest) GetAudience ¶
func (r *RefreshTokenRequest) GetAudience() []string
func (*RefreshTokenRequest) GetAuthTime ¶
func (r *RefreshTokenRequest) GetAuthTime() time.Time
func (*RefreshTokenRequest) GetClientID ¶
func (r *RefreshTokenRequest) GetClientID() string
func (*RefreshTokenRequest) GetScopes ¶
func (r *RefreshTokenRequest) GetScopes() []string
func (*RefreshTokenRequest) GetSubject ¶
func (r *RefreshTokenRequest) GetSubject() string
func (*RefreshTokenRequest) SetCurrentScopes ¶
func (r *RefreshTokenRequest) SetCurrentScopes(scopes []string)
type SigningKey ¶
type SigningKey struct {
// contains filtered or unexported fields
}
SigningKey wraps the query.PrivateKey to implement the op.SigningKey interface
func (*SigningKey) ID ¶
func (s *SigningKey) ID() string
func (*SigningKey) Key ¶
func (s *SigningKey) Key() interface{}
func (*SigningKey) SignatureAlgorithm ¶
func (s *SigningKey) SignatureAlgorithm() jose.SignatureAlgorithm
Click to show internal directories.
Click to hide internal directories.