models

Documentation

Index

• type CustClaims
• type DiscoveryResponse
• type Permission
• type Permissions
• type RealmRoles
• type RequestScope
• type TokenResponse
• type UserContext
  • func (r *UserContext) IsExpired() bool
  • func (r *UserContext) String() string

Types

type CustClaims

type CustClaims struct {
	Email          string                 `json:"email"`
	Acr            string                 `json:"acr"`
	PrefName       string                 `json:"preferred_username"`
	RealmAccess    RealmRoles             `json:"realm_access"`
	Groups         []string               `json:"groups"`
	ResourceAccess map[string]interface{} `json:"resource_access"`
	FamilyName     string                 `json:"family_name"`
	GivenName      string                 `json:"given_name"`
	Username       string                 `json:"username"`
	Authorization  Permissions            `json:"authorization"`
}

Extract custom claims

type DiscoveryResponse

type DiscoveryResponse struct {
	ExpiredURL string `json:"expired_endpoint"`
	LogoutURL  string `json:"logout_endpoint"`
	TokenURL   string `json:"token_endpoint"`
	LoginURL   string `json:"login_endpoint"`
}

type Permission

type Permission struct {
	Scopes       []string `json:"scopes"`
	ResourceID   string   `json:"rsid"`
	ResourceName string   `json:"rsname"`
}

type Permissions

type Permissions struct {
	Permissions []Permission `json:"permissions"`
}

type RealmRoles

type RealmRoles struct {
	Roles []string `json:"roles"`
}

type RequestScope

type RequestScope struct {
	// AccessDenied indicates the request should not be proxied on
	AccessDenied bool
	// Identity is the user Identity of the request
	Identity *UserContext
	// The parsed (unescaped) value of the request path
	Path string
	// Preserve the original request path: KEYCLOAK-10864, KEYCLOAK-11276, KEYCLOAK-13315
	// The exact path received in the request, if different than Path
	RawPath string
	Logger  *zap.Logger
}

RequestScope is a request level context scope passed between middleware

type TokenResponse

type TokenResponse struct {
	TokenType    string  `json:"token_type"`
	AccessToken  string  `json:"access_token"`
	IDToken      string  `json:"id_token"`
	RefreshToken string  `json:"refresh_token,omitempty"`
	ExpiresIn    float64 `json:"expires_in"`
	Scope        string  `json:"scope,omitempty"`
}

models.TokenResponse

type UserContext

type UserContext struct {
	// the id of the user
	ID string
	// the audience for the token
	Audiences []string
	// whether the context is from a session cookie or authorization header
	BearerToken bool
	// the email associated to the user
	Email string
	// current level of authentication for user
	Acr string
	// the expiration of the access token
	ExpiresAt time.Time
	// groups is a collection of groups where user is member
	Groups []string
	// a name of the user
	Name string
	// preferredName is the name of the user
	PreferredName string
	// roles is a collection of roles the users holds
	Roles []string
	// rawToken
	RawToken string
	// claims
	Claims map[string]interface{}
	// permissions
	Permissions Permissions
}

userContext holds the information extracted the token

func (*UserContext) IsExpired

func (r *UserContext) IsExpired() bool

isExpired checks if the token has expired

func (*UserContext) String

func (r *UserContext) String() string

String returns a string representation of the user context