clients

package
v0.64.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 19, 2024 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DynamicStatelessClientIDPrefix     = "dyn."
	DynamicStatelessClientStaticSaltV1 = "konnect-client-v1"
)

Constat data used with dynamic stateless clients.

Variables

This section is empty.

Functions

func IsLocalNativeHTTPURI

func IsLocalNativeHTTPURI(uri *url.URL) bool

IsLocalNativeHTTPURI returns true if the provided URI qualifies to be used as http redirect URI for a native client.

func IsLocalNativeHostURI

func IsLocalNativeHostURI(uri *url.URL) bool

IsLocalNativeHostURI returns true if the provided URI hostname is considered as localhost for a native client.

func NewRegistryContext

func NewRegistryContext(ctx context.Context, r *Registry) context.Context

NewRegistryContext returns a new Context that carries value provided Registry.

Types

type ClientRegistration

type ClientRegistration struct {
	ID     string `yaml:"id" json:"-"`
	Secret string `yaml:"secret" json:"-"`

	Trusted       bool     `yaml:"trusted" json:"-"`
	TrustedScopes []string `yaml:"trusted_scopes" json:"-"`
	Insecure      bool     `yaml:"insecure" json:"-"`

	ImplicitScopes []string `yaml:"implicit_scopes" json:"-"`

	Dynamic         bool  `yaml:"-" json:"-"`
	IDIssuedAt      int64 `yaml:"-" json:"-"`
	SecretExpiresAt int64 `yaml:"-" json:"-"`

	Contacts        []string `yaml:"contacts,flow" json:"contacts,omitempty"`
	Name            string   `yaml:"name" json:"name,omitempty"`
	URI             string   `yaml:"uri"  json:"uri,omitempty"`
	GrantTypes      []string `yaml:"grant_types,flow" json:"grant_types,omitempty"`
	ApplicationType string   `yaml:"application_type"  json:"application_type,omitempty"`

	RedirectURIs []string `yaml:"redirect_uris,flow" json:"redirect_uris,omitempty"`
	Origins      []string `yaml:"origins,flow" json:"-"`

	JWKS *gojwk.Key `yaml:"jwks" json:"-"`

	RawIDTokenSignedResponseAlg    string `yaml:"id_token_signed_response_alg" json:"id_token_signed_response_alg,omitempty"`
	RawUserInfoSignedResponseAlg   string `yaml:"userinfo_signed_response_alg" json:"userinfo_signed_response_alg,omitempty"`
	RawRequestObjectSigningAlg     string `yaml:"request_object_signing_alg" json:"request_object_signing_alg,omitempty"`
	RawTokenEndpointAuthMethod     string `yaml:"token_endpoint_auth_method" json:"token_endpoint_auth_method,omitempty"`
	RawTokenEndpointAuthSigningAlg string `yaml:"token_endpoint_auth_signing_alg"  json:"token_endpoint_auth_signing_alg,omitempty"`

	PostLogoutRedirectURIs []string `yaml:"post_logout_redirect_uris,flow" json:"post_logout_redirect_uris,omitempty"`
}

ClientRegistration defines a client with its properties.

func (*ClientRegistration) ApplyImplicitScopes added in v0.56.0

func (cr *ClientRegistration) ApplyImplicitScopes(scopes map[string]bool) error

ApplyImplicitScopes apples the associated registration's implicit scopes to the provided scopes map.

func (*ClientRegistration) Secure

func (cr *ClientRegistration) Secure(rawKid interface{}) (*Secured, error)

Secure looks up the a matching key from the accociated client registration and returns its public key part as a secured client.

func (*ClientRegistration) SetDynamic

func (cr *ClientRegistration) SetDynamic(ctx context.Context, creator func(ctx context.Context, signingMethod jwt.SigningMethod, claims jwt.Claims) (string, error)) error

SetDynamic modifieds the required data for the associated client registration so it becomes a dynamic client.

func (*ClientRegistration) Validate

func (cr *ClientRegistration) Validate() error

Validate validates the associated client registration data and returns error if the data is not valid.

type Details

type Details struct {
	ID          string `json:"id"`
	DisplayName string `json:"display_name"`
	RedirectURI string `json:"redirect_uri"`
	Trusted     bool   `json:"trusted"`

	Registration *ClientRegistration `json:"-"`
}

Details hold detail information about clients identified by ID.

type RegistrationClaims

type RegistrationClaims struct {
	jwt.StandardClaims

	*ClientRegistration
}

RegistrationClaims are claims used to with dynamic clients.

func (RegistrationClaims) Valid

func (crc RegistrationClaims) Valid() error

Valid implements the jwt claims interface.

type Registry

type Registry struct {
	StatelessCreator   func(ctx context.Context, signingMethod jwt.SigningMethod, claims jwt.Claims) (string, error)
	StatelessValidator func(token *jwt.Token) (interface{}, error)
	// contains filtered or unexported fields
}

Registry implements the registry for registered clients.

func FromRegistryContext

func FromRegistryContext(ctx context.Context) (*Registry, bool)

FromRegistryContext returns the Registry value stored in ctx, if any.

func NewRegistry

func NewRegistry(ctx context.Context, trustedURI *url.URL, registrationConfFilepath string, allowDynamicClientRegistration bool, dynamicClientSecretDuration time.Duration, logger logrus.FieldLogger) (*Registry, error)

NewRegistry created a new client Registry with the provided parameters.

func (*Registry) Get

func (r *Registry) Get(ctx context.Context, clientID string) (*ClientRegistration, bool)

Get returns the registered clients registration for the provided client ID.

func (*Registry) Lookup

func (r *Registry) Lookup(ctx context.Context, clientID string, clientSecret string, redirectURI *url.URL, originURIString string, withoutSecret bool) (*Details, error)

Lookup returns and validates the clients Detail information for the provided parameters from the accociated registry.

func (*Registry) Register

func (r *Registry) Register(client *ClientRegistration) error

Register validates the provided client registration and adds the client to the accociated registry if valid. Returns error otherwise.

func (*Registry) Validate

func (r *Registry) Validate(client *ClientRegistration, clientSecret string, redirectURIString string, originURIString string, withoutSecret bool) error

Validate checks if the provided client registration data complies to the provided parameters and returns error when it does not.

type RegistryData

type RegistryData struct {
	Clients []*ClientRegistration `yaml:"clients,flow"`
}

RegistryData is the base structur of our client registry configuration file.

type Secured

type Secured struct {
	ID              string
	DisplayName     string
	ApplicationType string

	Kid       string
	PublicKey crypto.PublicKey

	TrustedScopes []string

	Registration *ClientRegistration
}

A Secured is a client records public key identified by ID.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL