Documentation ¶
Index ¶
- type Restriction
- type Restrictions
- func (r *Restrictions) ClearUnsupportedKeys()
- func (r *Restrictions) EnforceMaxLifetime(issuer string) (changed bool)
- func (r *Restrictions) GetAudiences() (auds []string)
- func (r *Restrictions) GetExpires() unixtime.UnixTime
- func (r *Restrictions) GetNotBefore() unixtime.UnixTime
- func (r *Restrictions) GetScopes() (scopes []string)
- func (r Restrictions) GetValidForAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, myID mtid.MTID) (ret Restrictions)
- func (r Restrictions) GetValidForOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, myID mtid.MTID) (ret Restrictions)
- func (r *Restrictions) ReplaceThisIp(ip string)
- func (r *Restrictions) Scan(src interface{}) error
- func (r *Restrictions) SetMaxAudiences(mAud []string)
- func (r *Restrictions) SetMaxScopes(mScopes []string)
- func (r Restrictions) ToUsedRestrictions(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) (ur []UsedRestriction, err error)
- func (r Restrictions) Value() (driver.Value, error)
- func (r Restrictions) VerifyForAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, id mtid.MTID) bool
- func (r Restrictions) VerifyForOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, id mtid.MTID) bool
- func (r Restrictions) WithAudiences(rlog log.Ext1FieldLogger, audiences []string) (ret Restrictions)
- func (r Restrictions) WithScopes(rlog log.Ext1FieldLogger, scopes []string) (ret Restrictions)
- type UsedRestriction
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Restriction ¶
type Restriction struct { NotBefore unixtime.UnixTime `json:"nbf,omitempty"` ExpiresAt unixtime.UnixTime `json:"exp,omitempty"` api.Restriction `json:",inline"` }
Restriction describes a token usage restriction
func (Restriction) ToUsedRestriction ¶
func (r Restriction) ToUsedRestriction(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) (UsedRestriction, error)
ToUsedRestriction turns a Restriction into an UsedRestriction
func (*Restriction) UsedAT ¶
func (r *Restriction) UsedAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) error
UsedAT will update the usages_AT value for this restriction; it should be called after this restriction was used to obtain an access token;
func (*Restriction) UsedOther ¶
func (r *Restriction) UsedOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) error
UsedOther will update the usages_other value for this restriction; it should be called after this restriction was used for other reasons than obtaining an access token;
type Restrictions ¶
type Restrictions []*Restriction
Restrictions is a slice of Restriction
func Tighten ¶
func Tighten(rlog log.Ext1FieldLogger, old, wanted Restrictions) (res Restrictions, ok bool)
Tighten tightens/restricts a Restrictions with another set; if the wanted Restrictions are not tighter the original ones are returned
func (*Restrictions) ClearUnsupportedKeys ¶ added in v0.3.0
func (r *Restrictions) ClearUnsupportedKeys()
ClearUnsupportedKeys sets default values for the keys that are not supported by this instance
func (*Restrictions) EnforceMaxLifetime ¶ added in v0.3.0
func (r *Restrictions) EnforceMaxLifetime(issuer string) (changed bool)
EnforceMaxLifetime enforces the maximum mytoken lifetime set by server admins. Returns true if the restrictions was changed.
func (*Restrictions) GetAudiences ¶
func (r *Restrictions) GetAudiences() (auds []string)
GetAudiences returns the union of all audiences, i.e. all audiences that must be requested at the issuer
func (*Restrictions) GetExpires ¶
func (r *Restrictions) GetExpires() unixtime.UnixTime
GetExpires gets the maximum (latest) expiration time of all restrictions
func (*Restrictions) GetNotBefore ¶
func (r *Restrictions) GetNotBefore() unixtime.UnixTime
GetNotBefore gets the minimal (earliest) nbf time of all restrictions
func (*Restrictions) GetScopes ¶
func (r *Restrictions) GetScopes() (scopes []string)
GetScopes returns the union of all scopes, i.e. all scopes that must be requested at the issuer
func (Restrictions) GetValidForAT ¶
func (r Restrictions) GetValidForAT( rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, myID mtid.MTID, ) (ret Restrictions)
GetValidForAT returns the subset of Restrictions that can be used to obtain an access token
func (Restrictions) GetValidForOther ¶
func (r Restrictions) GetValidForOther( rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, myID mtid.MTID, ) (ret Restrictions)
GetValidForOther returns the subset of Restrictions that can be used for other actions than obtaining an access token
func (*Restrictions) ReplaceThisIp ¶
func (r *Restrictions) ReplaceThisIp(ip string)
ReplaceThisIp replaces the special value 'this' with the given ip.
func (*Restrictions) Scan ¶
func (r *Restrictions) Scan(src interface{}) error
Scan implements the sql.Scanner interface.
func (*Restrictions) SetMaxAudiences ¶
func (r *Restrictions) SetMaxAudiences(mAud []string)
SetMaxAudiences sets the maximum audiences, i.e. all audiences are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested audiences that are dropped by the provider.
func (*Restrictions) SetMaxScopes ¶
func (r *Restrictions) SetMaxScopes(mScopes []string)
SetMaxScopes sets the maximum scopes, i.e. all scopes are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested scopes that are dropped by the provider. Don't use it to eliminate scopes that are not enabled for the oidc client, because it also could be a custom scope.
func (Restrictions) ToUsedRestrictions ¶
func (r Restrictions) ToUsedRestrictions(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) ( ur []UsedRestriction, err error, )
ToUsedRestrictions turns a Restrictions into a slice of UsedRestriction
func (Restrictions) Value ¶
func (r Restrictions) Value() (driver.Value, error)
Value implements the driver.Valuer interface
func (Restrictions) VerifyForAT ¶
func (r Restrictions) VerifyForAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, id mtid.MTID) bool
VerifyForAT verifies if this restrictions can be used to obtain an access token
func (Restrictions) VerifyForOther ¶
func (r Restrictions) VerifyForOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, id mtid.MTID) bool
VerifyForOther verifies if this restrictions can be used for other actions than obtaining an access token
func (Restrictions) WithAudiences ¶
func (r Restrictions) WithAudiences(rlog log.Ext1FieldLogger, audiences []string) (ret Restrictions)
WithAudiences returns the subset of Restrictions that can be used with the specified audiences
func (Restrictions) WithScopes ¶
func (r Restrictions) WithScopes(rlog log.Ext1FieldLogger, scopes []string) (ret Restrictions)
WithScopes returns the subset of Restrictions that can be used with the specified scopes
type UsedRestriction ¶
type UsedRestriction struct { Restriction UsagesATDone *int64 `json:"usages_AT_done,omitempty"` UsagesOtherDone *int64 `json:"usages_other_done,omitempty"` }
UsedRestriction is a type for a restriction that has been used and additionally has information how often is has been used