restrictions

package

v0.6.1 Latest Latest Go to latest Published: Nov 11, 2022 License: MIT Imports: 20 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/oidc-mytoken/server

Links

Open Source Insights

Documentation ¶

Index ¶

type Restriction
type Restrictions
- func Tighten(rlog log.Ext1FieldLogger, old, wanted Restrictions) (res Restrictions, ok bool)
type UsedRestriction

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Restriction ¶

type Restriction struct {
	NotBefore       unixtime.UnixTime `json:"nbf,omitempty"`
	ExpiresAt       unixtime.UnixTime `json:"exp,omitempty"`
	api.Restriction `json:",inline"`
}

Restriction describes a token usage restriction

func (Restriction) ToUsedRestriction ¶

func (r Restriction) ToUsedRestriction(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) (UsedRestriction, error)

ToUsedRestriction turns a Restriction into an UsedRestriction

func (*Restriction) UsedAT ¶

func (r *Restriction) UsedAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) error

UsedAT will update the usages_AT value for this restriction; it should be called after this restriction was used to obtain an access token;

func (*Restriction) UsedOther ¶

func (r *Restriction) UsedOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) error

UsedOther will update the usages_other value for this restriction; it should be called after this restriction was used for other reasons than obtaining an access token;

func Tighten ¶

func Tighten(rlog log.Ext1FieldLogger, old, wanted Restrictions) (res Restrictions, ok bool)

Tighten tightens/restricts a Restrictions with another set; if the wanted Restrictions are not tighter the original ones are returned

func (*Restrictions) ClearUnsupportedKeys ¶ added in v0.3.0

func (r *Restrictions) ClearUnsupportedKeys()

ClearUnsupportedKeys sets default values for the keys that are not supported by this instance

func (*Restrictions) EnforceMaxLifetime ¶ added in v0.3.0

func (r *Restrictions) EnforceMaxLifetime(issuer string) (changed bool)

EnforceMaxLifetime enforces the maximum mytoken lifetime set by server admins. Returns true if the restrictions was changed.

func (*Restrictions) GetAudiences ¶

func (r *Restrictions) GetAudiences() (auds []string)

GetAudiences returns the union of all audiences, i.e. all audiences that must be requested at the issuer

func (*Restrictions) GetExpires ¶

func (r *Restrictions) GetExpires() unixtime.UnixTime

GetExpires gets the maximum (latest) expiration time of all restrictions

func (*Restrictions) GetNotBefore ¶

func (r *Restrictions) GetNotBefore() unixtime.UnixTime

GetNotBefore gets the minimal (earliest) nbf time of all restrictions

func (*Restrictions) GetScopes ¶

func (r *Restrictions) GetScopes() (scopes []string)

GetScopes returns the union of all scopes, i.e. all scopes that must be requested at the issuer

func (Restrictions) GetValidForAT ¶

func (r Restrictions) GetValidForAT(
	rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, myID mtid.MTID,
) (ret Restrictions)

GetValidForAT returns the subset of Restrictions that can be used to obtain an access token

func (Restrictions) GetValidForOther ¶

func (r Restrictions) GetValidForOther(
	rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, myID mtid.MTID,
) (ret Restrictions)

GetValidForOther returns the subset of Restrictions that can be used for other actions than obtaining an access token

func (*Restrictions) ReplaceThisIP ¶ added in v0.6.1

func (r *Restrictions) ReplaceThisIP(ip string)

ReplaceThisIP replaces the special value 'this' with the given ip.

func (*Restrictions) Scan ¶

func (r *Restrictions) Scan(src interface{}) error

Scan implements the sql.Scanner interface.

func (*Restrictions) SetMaxAudiences ¶

func (r *Restrictions) SetMaxAudiences(mAud []string)

SetMaxAudiences sets the maximum audiences, i.e. all audiences are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested audiences that are dropped by the provider.

func (*Restrictions) SetMaxScopes ¶

func (r *Restrictions) SetMaxScopes(mScopes []string)

SetMaxScopes sets the maximum scopes, i.e. all scopes are stripped from the restrictions if not included in the passed argument. This is used to eliminate requested scopes that are dropped by the provider. Don't use it to eliminate scopes that are not enabled for the oidc client, because it also could be a custom scope.

func (Restrictions) ToUsedRestrictions ¶

func (r Restrictions) ToUsedRestrictions(rlog log.Ext1FieldLogger, tx *sqlx.Tx, id mtid.MTID) (
	ur []UsedRestriction, err error,
)

ToUsedRestrictions turns a Restrictions into a slice of UsedRestriction

func (Restrictions) Value ¶

func (r Restrictions) Value() (driver.Value, error)

Value implements the driver.Valuer interface

func (Restrictions) VerifyForAT ¶

func (r Restrictions) VerifyForAT(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, id mtid.MTID) bool

VerifyForAT verifies if this restrictions can be used to obtain an access token

func (Restrictions) VerifyForOther ¶

func (r Restrictions) VerifyForOther(rlog log.Ext1FieldLogger, tx *sqlx.Tx, ip string, id mtid.MTID) bool

VerifyForOther verifies if this restrictions can be used for other actions than obtaining an access token

func (Restrictions) WithAudiences ¶

func (r Restrictions) WithAudiences(rlog log.Ext1FieldLogger, audiences []string) (ret Restrictions)

WithAudiences returns the subset of Restrictions that can be used with the specified audiences

func (Restrictions) WithScopes ¶

func (r Restrictions) WithScopes(rlog log.Ext1FieldLogger, scopes []string) (ret Restrictions)

WithScopes returns the subset of Restrictions that can be used with the specified scopes

type UsedRestriction ¶

type UsedRestriction struct {
	Restriction
	UsagesATDone    *int64 `json:"usages_AT_done,omitempty"`
	UsagesOtherDone *int64 `json:"usages_other_done,omitempty"`
}

UsedRestriction is a type for a restriction that has been used and additionally has information how often is has been used

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Documentation ¶

Index ¶

Constants ¶

Variables ¶

Functions ¶

Types ¶

type Restriction ¶

func (Restriction) ToUsedRestriction ¶

func (*Restriction) UsedAT ¶

func (*Restriction) UsedOther ¶

type Restrictions ¶

func Tighten ¶

func (*Restrictions) ClearUnsupportedKeys ¶ added in v0.3.0

func (*Restrictions) EnforceMaxLifetime ¶ added in v0.3.0

func (*Restrictions) GetAudiences ¶

func (*Restrictions) GetExpires ¶

func (*Restrictions) GetNotBefore ¶

func (*Restrictions) GetScopes ¶

func (Restrictions) GetValidForAT ¶

func (Restrictions) GetValidForOther ¶

func (*Restrictions) ReplaceThisIP ¶ added in v0.6.1

func (*Restrictions) Scan ¶

func (*Restrictions) SetMaxAudiences ¶

func (*Restrictions) SetMaxScopes ¶

func (Restrictions) ToUsedRestrictions ¶

func (Restrictions) Value ¶

func (Restrictions) VerifyForAT ¶

func (Restrictions) VerifyForOther ¶

func (Restrictions) WithAudiences ¶

func (Restrictions) WithScopes ¶

type UsedRestriction ¶

Source Files ¶