payload

package
v0.65.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConvertOIDCClaimsRequest

func ConvertOIDCClaimsRequest(value string) reflect.Value

ConvertOIDCClaimsRequest is a converter function for oidc.ClaimsRequest data provided in URL schema.

func DecodeSchema

func DecodeSchema(dst interface{}, src map[string][]string) error

DecodeSchema decodes request form data into the provided dst schema struct.

func EncodeSchema

func EncodeSchema(src interface{}, dst map[string][]string) error

EncodeSchema encodes the provided src schema to the provided map.

func GetScopeForClaim

func GetScopeForClaim(claim string) (string, bool)

GetScopeForClaim returns the known scope if any for the provided claim name.

func ToMap

func ToMap(payload interface{}) (map[string]interface{}, error)

ToMap is a helper function to convert the provided payload struct to a map type which can be used to extend the payload data with additional fields.

Types

type AuthenticationBadRequest

type AuthenticationBadRequest struct {
	ErrorID          string `url:"error" json:"error"`
	ErrorDescription string `url:"error_description,omitempty" json:"error_description,omitempty"`
	State            string `url:"state,omitempty" json:"state,omitempty"`
}

AuthenticationBadRequest holds the outgoing data for a failed OpenID Connect 1.0 authorize request with bad request parameters which make it impossible to continue with normal auth.

func (*AuthenticationBadRequest) Description

func (ae *AuthenticationBadRequest) Description() string

Description implements ErrorWithDescription interface.

func (*AuthenticationBadRequest) Error

func (ae *AuthenticationBadRequest) Error() string

Error interface implementation.

type AuthenticationError

type AuthenticationError struct {
	ErrorID          string `url:"error" json:"error"`
	ErrorDescription string `url:"error_description,omitempty" json:"error_description,omitempty"`
	State            string `url:"state,omitempty" json:"state,omitempty"`
}

AuthenticationError holds the outgoind data for a failed OpenID Connect 1.0 authorize request as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthError and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthError.

func (*AuthenticationError) Description

func (ae *AuthenticationError) Description() string

Description implements ErrorWithDescription interface.

func (*AuthenticationError) Error

func (ae *AuthenticationError) Error() string

Error interface implementation.

type AuthenticationRequest

type AuthenticationRequest struct {
	RawScope        string         `schema:"scope"`
	Claims          *ClaimsRequest `schema:"claims"`
	RawResponseType string         `schema:"response_type"`
	ResponseMode    string         `schema:"response_mode"`
	ClientID        string         `schema:"client_id"`
	RawRedirectURI  string         `schema:"redirect_uri"`
	State           string         `schema:"state"`
	Nonce           string         `schema:"nonce"`
	RawPrompt       string         `schema:"prompt"`
	RawIDTokenHint  string         `schema:"id_token_hint"`
	RawMaxAge       string         `schema:"max_age"`

	RawRequest      string `schema:"request"`
	RawRequestURI   string `schema:"request_uri"`
	RawRegistration string `schema:"registration"`

	CodeChallenge       string `schema:"code_challenge"`
	CodeChallengeMethod string `schema:"code_challenge_method"`

	Scopes        map[string]bool `schema:"-"`
	ResponseTypes map[string]bool `schema:"-"`
	Prompts       map[string]bool `schema:"-"`
	RedirectURI   *url.URL        `schema:"-"`
	IDTokenHint   *jwt.Token      `schema:"-"`
	MaxAge        time.Duration   `schema:"-"`
	Request       *jwt.Token      `schema:"-"`

	UseFragment bool   `schema:"-"`
	Flow        string `schema:"-"`

	Session *Session `schema:"-"`
	// contains filtered or unexported fields
}

AuthenticationRequest holds the incoming parameters and request data for the OpenID Connect 1.0 authorization endpoint as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest

func DecodeAuthenticationRequest

func DecodeAuthenticationRequest(req *http.Request, providerMetadata *oidc.WellKnown, keyFunc jwt.Keyfunc) (*AuthenticationRequest, error)

DecodeAuthenticationRequest returns a AuthenticationRequest holding the provided requests form data.

func NewAuthenticationRequest

func NewAuthenticationRequest(values url.Values, providerMetadata *oidc.WellKnown, keyFunc jwt.Keyfunc) (*AuthenticationRequest, error)

NewAuthenticationRequest returns a AuthenticationRequest holding the provided url values.

func (*AuthenticationRequest) ApplyRequestObject

func (ar *AuthenticationRequest) ApplyRequestObject(roc *RequestObjectClaims, method jwt.SigningMethod) error

ApplyRequestObject applies the provided request object claims to the associated authentication request data with validation as required.

func (*AuthenticationRequest) NewBadRequest

func (ar *AuthenticationRequest) NewBadRequest(id string, description string) *AuthenticationBadRequest

NewBadRequest creates a new error with id and string and the associated request's state.

func (*AuthenticationRequest) NewError

func (ar *AuthenticationRequest) NewError(id string, description string) *AuthenticationError

NewError creates a new error with id and string and the associated request's state.

func (*AuthenticationRequest) Validate

func (ar *AuthenticationRequest) Validate(keyFunc jwt.Keyfunc) error

Validate validates the request data of the accociated authentication request.

func (*AuthenticationRequest) Verify

func (ar *AuthenticationRequest) Verify(userID string) error

Verify checks that the passed parameters match the accociated requirements.

type AuthenticationSuccess

type AuthenticationSuccess struct {
	Code        string `url:"code,omitempty"`
	AccessToken string `url:"access_token,omitempty"`
	TokenType   string `url:"token_type,omitempty"`
	IDToken     string `url:"id_token,omitempty"`
	State       string `url:"state"`
	ExpiresIn   int64  `url:"expires_in,omitempty"`

	Scope string `url:"scope,omitempty"`

	SessionState string `url:"session_state,omitempty"`
}

AuthenticationSuccess holds the outgoind data for a successful OpenID Connect 1.0 authorize request as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthResponse and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse. https://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions

type ClaimsRequest

type ClaimsRequest struct {
	UserInfo *ClaimsRequestMap `json:"userinfo,omitempty"`
	IDToken  *ClaimsRequestMap `json:"id_token,omitempty"`
	Passthru json.RawMessage   `json:"passthru,omitempty"`
}

ClaimsRequest define the base claims structure for OpenID Connect claims request parameter value as specified at https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter - in addition a Konnect specific pass thru value can be used to pass through any application specific values to access and reqfresh tokens.

func (*ClaimsRequest) ApplyScopes

func (cr *ClaimsRequest) ApplyScopes(approvedScopes map[string]bool) error

ApplyScopes removes all claims requests from the accociated claims request which are not mapped to one of the provided approved scopes.

func (*ClaimsRequest) Scopes

func (cr *ClaimsRequest) Scopes(excludedScopes map[string]bool) []string

Scopes adds all scopes of the accociated claims requests claims to the provied scopes mapping safe the scopes already defined in the provided excluded scopes mapping.

type ClaimsRequestMap

type ClaimsRequestMap map[string]*ClaimsRequestValue

ClaimsRequestMap defines a mapping of claims request values used with OpenID Connect claims request parameter values.

func (ClaimsRequestMap) Get

func (crm ClaimsRequestMap) Get(claim string) (*ClaimsRequestValue, bool)

Get returns the accociated maps claim value identified by the provided name.

func (ClaimsRequestMap) GetStringValue

func (crm ClaimsRequestMap) GetStringValue(claim string) (string, bool)

GetStringValue returns the accociated maps claim value identified by the provided name as string value.

func (*ClaimsRequestMap) ScopesMap

func (crm *ClaimsRequestMap) ScopesMap(excludedScopes map[string]bool) map[string]bool

ScopesMap returns a map of scopes defined by the claims in tha associated map.

type ClaimsRequestValue

type ClaimsRequestValue struct {
	Essential bool          `json:"essential,omitempty"`
	Value     interface{}   `json:"value,omitempty"`
	Values    []interface{} `json:"values,omitempty"`
}

ClaimsRequestValue is the claims request detail definition of an OpenID Connect claims request parameter value.

func (*ClaimsRequestValue) Match

func (crv *ClaimsRequestValue) Match(value interface{}) bool

Match returns true of the provided value is contained inside the accociated request values values or value.

type ClientRegistrationRequest

type ClientRegistrationRequest struct {
	RedirectURIs    []string `json:"redirect_uris"`
	ResponseTypes   []string `json:"response_types"`
	GrantTypes      []string `json:"grant_types"`
	ApplicationType string   `json:"application_type"`

	Contacts   []string `json:"contacts"`
	ClientName string   `json:"client_name"`
	ClientURI  string   `json:"client_uri"`

	RawJWKS json.RawMessage `json:"jwks"`

	RawIDTokenSignedResponseAlg    string `json:"id_token_signed_response_alg"`
	RawUserInfoSignedResponseAlg   string `json:"userinfo_signed_response_alg"`
	RawRequestObjectSigningAlg     string `json:"request_object_signing_alg"`
	RawTokenEndpointAuthMethod     string `json:"token_endpoint_auth_method"`
	RawTokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"`

	PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris"`

	JWKS *gojwk.Key `json:"-"`
}

ClientRegistrationRequest holds the incoming request data for the OpenID Connect Dynamic Client Registration 1.0 client registration endpoint as specified at https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration and https://openid.net/specs/openid-connect-session-1_0.html#DynRegRegistrations

func DecodeClientRegistrationRequest

func DecodeClientRegistrationRequest(req *http.Request) (*ClientRegistrationRequest, error)

DecodeClientRegistrationRequest returns a ClientRegistrationRequest holding the provided request's data.

func (*ClientRegistrationRequest) ClientRegistration

func (crr *ClientRegistrationRequest) ClientRegistration() (*clients.ClientRegistration, error)

ClientRegistration returns new dynamic client registration data for the accociated client registration request.

func (*ClientRegistrationRequest) Validate

func (crr *ClientRegistrationRequest) Validate() error

Validate validates the request data of the accociated client registration request and fills in default data where required.

type ClientRegistrationResponse

type ClientRegistrationResponse struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret,omitempty"`

	ClientIDIssuedAt      int64 `json:"client_id_issued_at,omitempty"`
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at"`

	// Include validated request data.
	ClientRegistrationRequest
}

ClientRegistrationResponse holds the outgoing data for a successful OpenID Connect Dynamic Client Registration 1.0 clientregistration request as specified at https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse

type EndSessionRequest

type EndSessionRequest struct {
	RawIDTokenHint           string `schema:"id_token_hint"`
	RawPostLogoutRedirectURI string `schema:"post_logout_redirect_uri"`
	State                    string `schema:"state"`

	IDTokenHint           *jwt.Token `schema:"-"`
	PostLogoutRedirectURI *url.URL   `schema:"-"`
	// contains filtered or unexported fields
}

EndSessionRequest holds the incoming parameters and request data for OpenID Connect Session Management 1.0 RP initiaed logout requests as specified at https://openid.net/specs/openid-connect-session-1_0.html#RPLogout

func DecodeEndSessionRequest

func DecodeEndSessionRequest(req *http.Request, providerMetadata *oidc.WellKnown) (*EndSessionRequest, error)

DecodeEndSessionRequest returns a EndSessionRequest holding the provided requests form data.

func NewEndSessionRequest

func NewEndSessionRequest(values url.Values, providerMetadata *oidc.WellKnown) (*EndSessionRequest, error)

NewEndSessionRequest returns a EndSessionRequest holding the provided url values.

func (*EndSessionRequest) MakeRedirectEndSessionRequestURL

func (esr *EndSessionRequest) MakeRedirectEndSessionRequestURL() *url.URL

func (*EndSessionRequest) NewBadRequest

func (esr *EndSessionRequest) NewBadRequest(id string, description string) *AuthenticationBadRequest

NewBadRequest creates a new error with id and string and the associated request's state.

func (*EndSessionRequest) NewError

func (esr *EndSessionRequest) NewError(id string, description string) *AuthenticationError

NewError creates a new error with id and string and the associated request's state.

func (*EndSessionRequest) Validate

func (esr *EndSessionRequest) Validate(keyFunc jwt.Keyfunc) error

Validate validates the request data of the accociated endSession request.

func (*EndSessionRequest) Verify

func (esr *EndSessionRequest) Verify(userID string) error

Verify checks that the passed parameters match the accociated requirements.

type RequestObjectClaims

type RequestObjectClaims struct {
	jwt.StandardClaims

	RawScope        string         `json:"scope"`
	Claims          *ClaimsRequest `json:"claims"`
	RawResponseType string         `json:"response_type"`
	ResponseMode    string         `json:"response_mode"`
	ClientID        string         `json:"client_id"`
	RawRedirectURI  string         `json:"redirect_uri"`
	State           string         `json:"state"`
	Nonce           string         `json:"nonce"`
	RawPrompt       string         `json:"prompt"`
	RawIDTokenHint  string         `json:"id_token_hint"`
	RawMaxAge       string         `json:"max_age"`

	RawRegistration string `json:"registration"`

	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
	// contains filtered or unexported fields
}

RequestObjectClaims holds the incoming request object claims provided as JWT via request parameter to OpenID Connect 1.0 authorization endpoint requests specified at https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests

func (*RequestObjectClaims) Secure

func (roc *RequestObjectClaims) Secure() *clients.Secured

Secure returns the accociated secure client or nil if not secure.

func (*RequestObjectClaims) SetSecure

func (roc *RequestObjectClaims) SetSecure(client *clients.Secured) error

SetSecure sets the provided client as owner of the accociated claims.

type ScopesValue added in v0.52.0

type ScopesValue []string

ScopesValue is a string array with JSON marshal to/from a space separated single string value.

func (ScopesValue) MarshalJSON added in v0.52.0

func (sv ScopesValue) MarshalJSON() ([]byte, error)

func (*ScopesValue) UnmarshalJSON added in v0.52.0

func (sv *ScopesValue) UnmarshalJSON(data []byte) error

type Session

type Session struct {
	Version  int
	ID       string
	Sub      string
	Provider string
}

Session defines a Provider's session with a String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different ID values are used to identify distinct sessions. This is implemented as defined in the OIDC Front Channel logout extension https://openid.net/specs/openid-connect-frontchannel-1_0.html#OPLogout

type TokenRequest

type TokenRequest struct {
	GrantType       string `schema:"grant_type"`
	Code            string `schema:"code"`
	RawRedirectURI  string `schema:"redirect_uri"`
	RawRefreshToken string `schema:"refresh_token"`
	RawScope        string `schema:"scope"`

	ClientID     string `schema:"client_id"`
	ClientSecret string `schema:"client_secret"`

	CodeVerifier string `schema:"code_verifier"`

	RedirectURI  *url.URL        `schema:"-"`
	RefreshToken *jwt.Token      `schema:"-"`
	Scopes       map[string]bool `schema:"-"`
	// contains filtered or unexported fields
}

TokenRequest holds the incoming parameters and request data for the OpenID Connect 1.0 token endpoint as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest

func DecodeTokenRequest

func DecodeTokenRequest(req *http.Request, providerMetadata *oidc.WellKnown) (*TokenRequest, error)

DecodeTokenRequest return a TokenRequest holding the provided request's form data.

func NewTokenRequest

func NewTokenRequest(values url.Values, providerMetadata *oidc.WellKnown) (*TokenRequest, error)

NewTokenRequest returns a TokenRequest holding the provided url values.

func (*TokenRequest) Validate

func (tr *TokenRequest) Validate(keyFunc jwt.Keyfunc, claims jwt.Claims) error

Validate validates the request data of the accociated token request.

type TokenSuccess

type TokenSuccess struct {
	AccessToken  string `json:"access_token,omitempty"`
	TokenType    string `json:"token_type,omitempty"`
	IDToken      string `json:"id_token,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int64  `json:"expires_in,omitempty"`
}

TokenSuccess holds the outgoing data for a successful OpenID Connect 1.0 token request as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse.

type UserInfoResponse

type UserInfoResponse struct {
	oidc.UserInfoClaims
	*oidc.ProfileClaims
	*oidc.EmailClaims
}

UserInfoResponse defines the data returned from the OIDC UserInfo endpoint.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL