Documentation ¶
Index ¶
- Constants
- func IsLocalNativeHTTPURI(uri *url.URL) bool
- func IsLocalNativeHostURI(uri *url.URL) bool
- func NewRegistryContext(ctx context.Context, r *Registry) context.Context
- type ClientRegistration
- type Details
- type RegistrationClaims
- type Registry
- func (r *Registry) Get(ctx context.Context, clientID string) (*ClientRegistration, bool)
- func (r *Registry) Lookup(ctx context.Context, clientID string, clientSecret string, ...) (*Details, error)
- func (r *Registry) Register(client *ClientRegistration) error
- func (r *Registry) Validate(client *ClientRegistration, clientSecret string, redirectURIString string, ...) error
- type RegistryData
- type Secured
Constants ¶
const ( DynamicStatelessClientIDPrefix = "dyn." DynamicStatelessClientStaticSaltV1 = "konnect-client-v1" )
Constat data used with dynamic stateless clients.
Variables ¶
This section is empty.
Functions ¶
func IsLocalNativeHTTPURI ¶
IsLocalNativeHTTPURI returns true if the provided URI qualifies to be used as http redirect URI for a native client.
func IsLocalNativeHostURI ¶
IsLocalNativeHostURI returns true if the provided URI hostname is considered as localhost for a native client.
Types ¶
type ClientRegistration ¶
type ClientRegistration struct { ID string `yaml:"id" json:"-"` Secret string `yaml:"secret" json:"-"` Trusted bool `yaml:"trusted" json:"-"` TrustedScopes []string `yaml:"trusted_scopes" json:"-"` Insecure bool `yaml:"insecure" json:"-"` ImplicitScopes []string `yaml:"implicit_scopes" json:"-"` Dynamic bool `yaml:"-" json:"-"` IDIssuedAt int64 `yaml:"-" json:"-"` SecretExpiresAt int64 `yaml:"-" json:"-"` Contacts []string `yaml:"contacts,flow" json:"contacts,omitempty"` Name string `yaml:"name" json:"name,omitempty"` URI string `yaml:"uri" json:"uri,omitempty"` GrantTypes []string `yaml:"grant_types,flow" json:"grant_types,omitempty"` ApplicationType string `yaml:"application_type" json:"application_type,omitempty"` RedirectURIs []string `yaml:"redirect_uris,flow" json:"redirect_uris,omitempty"` Origins []string `yaml:"origins,flow" json:"-"` JWKS *gojwk.Key `yaml:"jwks" json:"-"` RawIDTokenSignedResponseAlg string `yaml:"id_token_signed_response_alg" json:"id_token_signed_response_alg,omitempty"` RawUserInfoSignedResponseAlg string `yaml:"userinfo_signed_response_alg" json:"userinfo_signed_response_alg,omitempty"` RawRequestObjectSigningAlg string `yaml:"request_object_signing_alg" json:"request_object_signing_alg,omitempty"` RawTokenEndpointAuthMethod string `yaml:"token_endpoint_auth_method" json:"token_endpoint_auth_method,omitempty"` RawTokenEndpointAuthSigningAlg string `yaml:"token_endpoint_auth_signing_alg" json:"token_endpoint_auth_signing_alg,omitempty"` PostLogoutRedirectURIs []string `yaml:"post_logout_redirect_uris,flow" json:"post_logout_redirect_uris,omitempty"` }
ClientRegistration defines a client with its properties.
func (*ClientRegistration) ApplyImplicitScopes ¶ added in v0.56.0
func (cr *ClientRegistration) ApplyImplicitScopes(scopes map[string]bool) error
ApplyImplicitScopes apples the associated registration's implicit scopes to the provided scopes map.
func (*ClientRegistration) Secure ¶
func (cr *ClientRegistration) Secure(rawKid interface{}) (*Secured, error)
Secure looks up the a matching key from the accociated client registration and returns its public key part as a secured client.
func (*ClientRegistration) SetDynamic ¶
func (cr *ClientRegistration) SetDynamic(ctx context.Context, creator func(ctx context.Context, signingMethod jwt.SigningMethod, claims jwt.Claims) (string, error)) error
SetDynamic modifieds the required data for the associated client registration so it becomes a dynamic client.
func (*ClientRegistration) Validate ¶
func (cr *ClientRegistration) Validate() error
Validate validates the associated client registration data and returns error if the data is not valid.
type Details ¶
type Details struct { ID string `json:"id"` DisplayName string `json:"display_name"` RedirectURI string `json:"redirect_uri"` Trusted bool `json:"trusted"` Registration *ClientRegistration `json:"-"` }
Details hold detail information about clients identified by ID.
type RegistrationClaims ¶
type RegistrationClaims struct { jwt.StandardClaims *ClientRegistration }
RegistrationClaims are claims used to with dynamic clients.
func (RegistrationClaims) Valid ¶
func (crc RegistrationClaims) Valid() error
Valid implements the jwt claims interface.
type Registry ¶
type Registry struct { StatelessCreator func(ctx context.Context, signingMethod jwt.SigningMethod, claims jwt.Claims) (string, error) StatelessValidator func(token *jwt.Token) (interface{}, error) // contains filtered or unexported fields }
Registry implements the registry for registered clients.
func FromRegistryContext ¶
FromRegistryContext returns the Registry value stored in ctx, if any.
func NewRegistry ¶
func NewRegistry(ctx context.Context, trustedURI *url.URL, registrationConfFilepath string, allowDynamicClientRegistration bool, dynamicClientSecretDuration time.Duration, logger logrus.FieldLogger) (*Registry, error)
NewRegistry created a new client Registry with the provided parameters.
func (*Registry) Lookup ¶
func (r *Registry) Lookup(ctx context.Context, clientID string, clientSecret string, redirectURI *url.URL, originURIString string, withoutSecret bool) (*Details, error)
Lookup returns and validates the clients Detail information for the provided parameters from the accociated registry.
func (*Registry) Register ¶
func (r *Registry) Register(client *ClientRegistration) error
Register validates the provided client registration and adds the client to the accociated registry if valid. Returns error otherwise.
func (*Registry) Validate ¶
func (r *Registry) Validate(client *ClientRegistration, clientSecret string, redirectURIString string, originURIString string, withoutSecret bool) error
Validate checks if the provided client registration data complies to the provided parameters and returns error when it does not.
type RegistryData ¶
type RegistryData struct {
Clients []*ClientRegistration `yaml:"clients,flow"`
}
RegistryData is the base structur of our client registry configuration file.