oidc

package
v0.0.0-...-860e413 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 21, 2022 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ScopeProjectRolePrefix = "urn:zitadel:iam:org:project:role:"
	ClaimProjectRoles      = "urn:zitadel:iam:org:project:roles"
	ScopeUserMetaData      = "urn:zitadel:iam:user:metadata"
	ClaimUserMetaData      = ScopeUserMetaData
	ScopeResourceOwner     = "urn:zitadel:iam:user:resourceowner"
	ClaimResourceOwner     = ScopeResourceOwner + ":"
	ClaimActionLogFormat   = "urn:zitadel:iam:action:%s:log"
)

Variables

This section is empty.

Functions

func ACRValuesToBusiness

func ACRValuesToBusiness(values []string) []domain.LevelOfAssurance

func AMRFromMFAType

func AMRFromMFAType(mfaType domain.MFAType) string

func AuthRequestFromBusiness

func AuthRequestFromBusiness(authReq *domain.AuthRequest) (_ op.AuthRequest, err error)

func ClientFromBusiness

func ClientFromBusiness(app *query.App, defaultLoginURL string, defaultAccessTokenLifetime, defaultIdTokenLifetime time.Duration, allowedScopes []string) (op.Client, error)

func CodeChallengeToBusiness

func CodeChallengeToBusiness(challenge string, method oidc.CodeChallengeMethod) *domain.OIDCCodeChallenge

func CodeChallengeToOIDC

func CodeChallengeToOIDC(challenge *domain.OIDCCodeChallenge) *oidc.CodeChallenge

func CreateAuthRequestToBusiness

func CreateAuthRequestToBusiness(ctx context.Context, authReq *oidc.AuthRequest, userAgentID, userID string) *domain.AuthRequest

func GetSelectedIDPIDFromScopes

func GetSelectedIDPIDFromScopes(scopes oidc.SpaceDelimitedArray) string

func HttpHeadersFromContext

func HttpHeadersFromContext(ctx context.Context) (userAgent, acceptLang string)

func IpFromContext

func IpFromContext(ctx context.Context) net.IP

func MaxAgeToBusiness

func MaxAgeToBusiness(maxAge *uint) *time.Duration

func NewProvider

func NewProvider(ctx context.Context, config Config, defaultLogoutRedirectURI string, externalSecure bool, command *command.Commands, query *query.Queries, repo repository.Repository, encryptionAlg crypto.EncryptionAlgorithm, cryptoKey []byte, es *eventstore.Eventstore, projections *sql.DB, userAgentCookie, instanceHandler func(http.Handler) http.Handler) (op.OpenIDProvider, error)

func ParseBrowserInfoFromContext

func ParseBrowserInfoFromContext(ctx context.Context) *domain.BrowserInfo

func PromptToBusiness

func PromptToBusiness(oidcPrompt []string) []domain.Prompt

func RefreshTokenRequestFromBusiness

func RefreshTokenRequestFromBusiness(tokenView *model.RefreshTokenView) op.RefreshTokenRequest

func ResponseTypeToBusiness

func ResponseTypeToBusiness(responseType oidc.ResponseType) domain.OIDCResponseType

func ResponseTypeToOIDC

func ResponseTypeToOIDC(responseType domain.OIDCResponseType) oidc.ResponseType

func UILocalesToBusiness

func UILocalesToBusiness(tags []language.Tag) []string

Types

type AuthRequest

type AuthRequest struct {
	*domain.AuthRequest
}

func (*AuthRequest) Done

func (a *AuthRequest) Done() bool

func (*AuthRequest) GetACR

func (a *AuthRequest) GetACR() string

func (*AuthRequest) GetAMR

func (a *AuthRequest) GetAMR() []string

func (*AuthRequest) GetAudience

func (a *AuthRequest) GetAudience() []string

func (*AuthRequest) GetAuthTime

func (a *AuthRequest) GetAuthTime() time.Time

func (*AuthRequest) GetClientID

func (a *AuthRequest) GetClientID() string

func (*AuthRequest) GetCodeChallenge

func (a *AuthRequest) GetCodeChallenge() *oidc.CodeChallenge

func (*AuthRequest) GetID

func (a *AuthRequest) GetID() string

func (*AuthRequest) GetNonce

func (a *AuthRequest) GetNonce() string

func (*AuthRequest) GetRedirectURI

func (a *AuthRequest) GetRedirectURI() string

func (*AuthRequest) GetResponseMode

func (a *AuthRequest) GetResponseMode() oidc.ResponseMode

func (*AuthRequest) GetResponseType

func (a *AuthRequest) GetResponseType() oidc.ResponseType

func (*AuthRequest) GetScopes

func (a *AuthRequest) GetScopes() []string

func (*AuthRequest) GetState

func (a *AuthRequest) GetState() string

func (*AuthRequest) GetSubject

func (a *AuthRequest) GetSubject() string

type Client

type Client struct {
	// contains filtered or unexported fields
}

func (*Client) AccessTokenLifetime

func (c *Client) AccessTokenLifetime() time.Duration

func (*Client) AccessTokenType

func (c *Client) AccessTokenType() op.AccessTokenType

func (*Client) ApplicationType

func (c *Client) ApplicationType() op.ApplicationType

func (*Client) AuthMethod

func (c *Client) AuthMethod() oidc.AuthMethod

func (*Client) ClockSkew

func (c *Client) ClockSkew() time.Duration

func (*Client) DevMode

func (c *Client) DevMode() bool

func (*Client) GetID

func (c *Client) GetID() string

func (*Client) GrantTypes

func (c *Client) GrantTypes() []oidc.GrantType

func (*Client) IDTokenLifetime

func (c *Client) IDTokenLifetime() time.Duration

func (*Client) IDTokenUserinfoClaimsAssertion

func (c *Client) IDTokenUserinfoClaimsAssertion() bool

func (*Client) IsScopeAllowed

func (c *Client) IsScopeAllowed(scope string) bool

func (*Client) LoginURL

func (c *Client) LoginURL(id string) string

func (*Client) PostLogoutRedirectURIs

func (c *Client) PostLogoutRedirectURIs() []string

func (*Client) RedirectURIs

func (c *Client) RedirectURIs() []string

func (*Client) ResponseTypes

func (c *Client) ResponseTypes() []oidc.ResponseType

func (*Client) RestrictAdditionalAccessTokenScopes

func (c *Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string

func (*Client) RestrictAdditionalIdTokenScopes

func (c *Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string

type Config

type Config struct {
	CodeMethodS256                    bool
	AuthMethodPost                    bool
	AuthMethodPrivateKeyJWT           bool
	GrantTypeRefreshToken             bool
	RequestObjectSupported            bool
	SigningKeyAlgorithm               string
	DefaultAccessTokenLifetime        time.Duration
	DefaultIdTokenLifetime            time.Duration
	DefaultRefreshTokenIdleExpiration time.Duration
	DefaultRefreshTokenExpiration     time.Duration
	UserAgentCookieConfig             *middleware.UserAgentCookieConfig
	Cache                             *middleware.CacheConfig
	CustomEndpoints                   *EndpointConfig
}

type Endpoint

type Endpoint struct {
	Path string
	URL  string
}

type EndpointConfig

type EndpointConfig struct {
	Auth          *Endpoint
	Token         *Endpoint
	Introspection *Endpoint
	Userinfo      *Endpoint
	Revocation    *Endpoint
	EndSession    *Endpoint
	Keys          *Endpoint
}

type OPStorage

type OPStorage struct {
	// contains filtered or unexported fields
}

func (*OPStorage) AuthRequestByCode

func (o *OPStorage) AuthRequestByCode(ctx context.Context, code string) (_ op.AuthRequest, err error)

func (*OPStorage) AuthRequestByID

func (o *OPStorage) AuthRequestByID(ctx context.Context, id string) (_ op.AuthRequest, err error)

func (*OPStorage) AuthorizeClientIDSecret

func (o *OPStorage) AuthorizeClientIDSecret(ctx context.Context, id string, secret string) (err error)

func (*OPStorage) CreateAccessAndRefreshTokens

func (o *OPStorage) CreateAccessAndRefreshTokens(ctx context.Context, req op.TokenRequest, refreshToken string) (_, _ string, _ time.Time, err error)

func (*OPStorage) CreateAccessToken

func (o *OPStorage) CreateAccessToken(ctx context.Context, req op.TokenRequest) (_ string, _ time.Time, err error)

func (*OPStorage) CreateAuthRequest

func (o *OPStorage) CreateAuthRequest(ctx context.Context, req *oidc.AuthRequest, userID string) (_ op.AuthRequest, err error)

func (*OPStorage) DeleteAuthRequest

func (o *OPStorage) DeleteAuthRequest(ctx context.Context, id string) (err error)

func (*OPStorage) GetClientByClientID

func (o *OPStorage) GetClientByClientID(ctx context.Context, id string) (_ op.Client, err error)

func (*OPStorage) GetKeyByIDAndIssuer

func (o *OPStorage) GetKeyByIDAndIssuer(ctx context.Context, keyID, issuer string) (_ *jose.JSONWebKey, err error)

func (*OPStorage) GetKeyByIDAndUserID

func (o *OPStorage) GetKeyByIDAndUserID(ctx context.Context, keyID, userID string) (_ *jose.JSONWebKey, err error)

func (*OPStorage) GetPrivateClaimsFromScopes

func (o *OPStorage) GetPrivateClaimsFromScopes(ctx context.Context, userID, clientID string, scopes []string) (claims map[string]interface{}, err error)

func (*OPStorage) Health

func (o *OPStorage) Health(ctx context.Context) error

func (*OPStorage) KeySet

func (o *OPStorage) KeySet(ctx context.Context) (keys []op.Key, err error)

KeySet implements the op.Storage interface

func (*OPStorage) RevokeToken

func (o *OPStorage) RevokeToken(ctx context.Context, token, userID, clientID string) *oidc.Error

func (*OPStorage) SaveAuthCode

func (o *OPStorage) SaveAuthCode(ctx context.Context, id, code string) (err error)

func (*OPStorage) SetIntrospectionFromToken

func (o *OPStorage) SetIntrospectionFromToken(ctx context.Context, introspection oidc.IntrospectionResponse, tokenID, subject, clientID string) error

func (*OPStorage) SetUserinfoFromScopes

func (o *OPStorage) SetUserinfoFromScopes(ctx context.Context, userInfo oidc.UserInfoSetter, userID, applicationID string, scopes []string) (err error)

func (*OPStorage) SetUserinfoFromToken

func (o *OPStorage) SetUserinfoFromToken(ctx context.Context, userInfo oidc.UserInfoSetter, tokenID, subject, origin string) (err error)

func (*OPStorage) SignatureAlgorithms

func (o *OPStorage) SignatureAlgorithms(ctx context.Context) ([]jose.SignatureAlgorithm, error)

SignatureAlgorithms implements the op.Storage interface

func (*OPStorage) SigningKey

func (o *OPStorage) SigningKey(ctx context.Context) (key op.SigningKey, err error)

SigningKey implements the op.Storage interface

func (*OPStorage) TerminateSession

func (o *OPStorage) TerminateSession(ctx context.Context, userID, clientID string) (err error)

func (*OPStorage) TokenRequestByRefreshToken

func (o *OPStorage) TokenRequestByRefreshToken(ctx context.Context, refreshToken string) (op.RefreshTokenRequest, error)

func (*OPStorage) ValidateJWTProfileScopes

func (o *OPStorage) ValidateJWTProfileScopes(ctx context.Context, subject string, scopes []string) ([]string, error)

type PublicKey

type PublicKey struct {
	// contains filtered or unexported fields
}

PublicKey wraps the query.PublicKey to implement the op.Key interface

func (*PublicKey) Algorithm

func (s *PublicKey) Algorithm() jose.SignatureAlgorithm

func (*PublicKey) ID

func (s *PublicKey) ID() string

func (*PublicKey) Key

func (s *PublicKey) Key() interface{}

func (*PublicKey) Use

func (s *PublicKey) Use() string

type RefreshTokenRequest

type RefreshTokenRequest struct {
	*model.RefreshTokenView
}

func (*RefreshTokenRequest) GetAMR

func (r *RefreshTokenRequest) GetAMR() []string

func (*RefreshTokenRequest) GetAudience

func (r *RefreshTokenRequest) GetAudience() []string

func (*RefreshTokenRequest) GetAuthTime

func (r *RefreshTokenRequest) GetAuthTime() time.Time

func (*RefreshTokenRequest) GetClientID

func (r *RefreshTokenRequest) GetClientID() string

func (*RefreshTokenRequest) GetScopes

func (r *RefreshTokenRequest) GetScopes() []string

func (*RefreshTokenRequest) GetSubject

func (r *RefreshTokenRequest) GetSubject() string

func (*RefreshTokenRequest) SetCurrentScopes

func (r *RefreshTokenRequest) SetCurrentScopes(scopes []string)

type SigningKey

type SigningKey struct {
	// contains filtered or unexported fields
}

SigningKey wraps the query.PrivateKey to implement the op.SigningKey interface

func (*SigningKey) ID

func (s *SigningKey) ID() string

func (*SigningKey) Key

func (s *SigningKey) Key() interface{}

func (*SigningKey) SignatureAlgorithm

func (s *SigningKey) SignatureAlgorithm() jose.SignatureAlgorithm

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL