oidc_auth

package
v0.24.413 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 18, 2023 License: Apache-2.0 Imports: 32 Imported by: 0

Documentation

Index

Constants

View Source
const (
	WellKnownOidcConfiguration = "/.well-known/openid-configuration"

	SourceTypeOidc = "oidc_auth"

	AuthMethodPassword = model.AuthMethodPassword
	AuthMethodExtJwt   = model.AuthMethodExtJwt
	AuthMethodCert     = persistence.MethodAuthenticatorCert

	AuthMethodSecondaryTotp   = "totp"
	AuthMethodSecondaryExtJwt = "ejs"

	DefaultNativeClientId = "native"
)
View Source
const (
	ScopeTokenId      = "tid-"
	ScopeApiSessionId = "asid-"
)
View Source
const (
	ClaimAudienceOpenZiti = "openziti"

	CustomClaimApiSessionId      = "z_asid"
	CustomClaimExternalId        = "z_eid"
	CustomClaimIsAdmin           = "z_ia"
	CustomClaimsConfigTypes      = "z_ct"
	CustomClaimsCertFingerprints = "z_cfs"

	DefaultAccessTokenDuration  = 30 * time.Minute
	DefaultIdTokenDuration      = 30 * time.Minute
	DefaultRefreshTokenDuration = 24 * time.Hour

	TokenTypeAccess  = "a"
	TokenTypeRefresh = "r"
)
View Source
const JwtTokenPrefix = "eY"

Variables

This section is empty.

Functions

func HttpRequestFromContext

func HttpRequestFromContext(ctx context.Context) (*http.Request, error)

HttpRequestFromContext returns the initiating http.Request for the current OIDC context

func NewChangeCtx

func NewChangeCtx() *change.Context

NewChangeCtx creates a change.Context scoped to oidc_auth package

func NewHttpChangeCtx

func NewHttpChangeCtx(r *http.Request) *change.Context

NewHttpChangeCtx creates a change.Context scoped to oidc_auth package and supplied http.Request

func NewNativeOnlyOP

func NewNativeOnlyOP(ctx context.Context, env model.Env, config Config) (http.Handler, error)

NewNativeOnlyOP creates an OIDC Provider that allows native clients and only the AutCode PKCE flow.

func NewRevocation

func NewRevocation(tokenId string, expiresAt time.Time) *model.Revocation

Types

type AccessClaims

type AccessClaims struct {
	oidc.AccessTokenClaims
	CustomClaims
}

func (*AccessClaims) GetAudience

func (r *AccessClaims) GetAudience() (jwt.ClaimStrings, error)

func (*AccessClaims) GetExpirationTime

func (r *AccessClaims) GetExpirationTime() (*jwt.NumericDate, error)

func (*AccessClaims) GetIssuedAt

func (r *AccessClaims) GetIssuedAt() (*jwt.NumericDate, error)

func (*AccessClaims) GetIssuer

func (r *AccessClaims) GetIssuer() (string, error)

func (*AccessClaims) GetNotBefore

func (r *AccessClaims) GetNotBefore() (*jwt.NumericDate, error)

func (*AccessClaims) GetSubject

func (r *AccessClaims) GetSubject() (string, error)

func (*AccessClaims) TotpComplete

func (c *AccessClaims) TotpComplete() bool

type AuthRequest

type AuthRequest struct {
	oidc.AuthRequest
	Id                      string
	CreationDate            time.Time
	IdentityId              string
	AuthTime                time.Time
	ApiSessionId            string
	SecondaryTotpRequired   bool
	SecondaryExtJwtRequired bool
	SecondaryExtJwtId       string
	ConfigTypes             []string
	Amr                     map[string]struct{}

	PeerCerts           []*x509.Certificate
	RequestedMethod     string
	BearerTokenDetected bool
}

AuthRequest represents an OIDC authentication request and implements op.AuthRequest

func (*AuthRequest) AddAmr

func (a *AuthRequest) AddAmr(amr string)

AddAmr adds the supplied amr

func (*AuthRequest) Done

func (a *AuthRequest) Done() bool

Done returns true once authentication has been completed and implements op.AuthRequest

func (*AuthRequest) GetACR

func (a *AuthRequest) GetACR() string

GetACR returns the authentication class reference provided by client and implements oidc.AuthRequest All ACRs are currently ignored.

func (*AuthRequest) GetAMR

func (a *AuthRequest) GetAMR() []string

GetAMR returns the authentication method references the authentication has undergone and implements op.AuthRequest

func (*AuthRequest) GetAudience

func (a *AuthRequest) GetAudience() []string

GetAudience returns all current audience targets and implements op.AuthRequest

func (*AuthRequest) GetAuthTime

func (a *AuthRequest) GetAuthTime() time.Time

GetAuthTime returns the time at which authentication has occurred and implements op.AuthRequest

func (*AuthRequest) GetCertFingerprints

func (a *AuthRequest) GetCertFingerprints() []string

func (*AuthRequest) GetClientID

func (a *AuthRequest) GetClientID() string

GetClientID returns the client id requested and implements op.AuthRequest

func (*AuthRequest) GetCodeChallenge

func (a *AuthRequest) GetCodeChallenge() *oidc.CodeChallenge

GetCodeChallenge returns the rp supplied code change and implements op.AuthRequest

func (*AuthRequest) GetID

func (a *AuthRequest) GetID() string

GetID returns an AuthRequest's ID and implements op.AuthRequest

func (*AuthRequest) GetNonce

func (a *AuthRequest) GetNonce() string

GetNonce returns the rp supplied nonce and implements op.AuthRequest

func (*AuthRequest) GetRedirectURI

func (a *AuthRequest) GetRedirectURI() string

GetRedirectURI returns the rp supplied redirect target and implements op.AuthRequest

func (*AuthRequest) GetResponseMode

func (a *AuthRequest) GetResponseMode() oidc.ResponseMode

GetResponseMode is not supported and all tokens are turned via query string and implements op.AuthRequest

func (*AuthRequest) GetResponseType

func (a *AuthRequest) GetResponseType() oidc.ResponseType

GetResponseType returns the rp supplied response type and implements op.AuthRequest

func (*AuthRequest) GetScopes

func (a *AuthRequest) GetScopes() []string

GetScopes returns the current scopes and implements op.AuthRequest Scopes are also used to transport custom claims into access tokens. The zitadel oidc framework does not provide a method for accessing the request object during JWT signing time, and any claims supplied are overwritten.

func (*AuthRequest) GetState

func (a *AuthRequest) GetState() string

GetState returns the rp provided state and implements op.AuthRequest

func (*AuthRequest) GetSubject

func (a *AuthRequest) GetSubject() string

GetSubject returns the target subject and implements op.AuthRequest

func (*AuthRequest) HasAmr

func (a *AuthRequest) HasAmr(amr string) bool

HasAmr returns true if the supplied amr is present

func (*AuthRequest) HasFullAuth

func (a *AuthRequest) HasFullAuth() bool

HasFullAuth returns true if an authentication request has passed all primary and secondary authentications.

func (*AuthRequest) HasPrimaryAuth

func (a *AuthRequest) HasPrimaryAuth() bool

HasPrimaryAuth returns true if a primary authentication mechanism has been passed.

func (*AuthRequest) HasSecondaryAuth

func (a *AuthRequest) HasSecondaryAuth() bool

HasSecondaryAuth returns true if all applicable secondary authentications have been passed

type Client

type Client struct {
	// contains filtered or unexported fields
}

Client represents an OIDC Client and implements op.Client

func NativeClient

func NativeClient(id string, redirectURIs, postlogoutURIs []string) *Client

NativeClient will create a client of type native, which will always use PKCE and allow the use of refresh tokens

func (*Client) AccessTokenType

func (c *Client) AccessTokenType() op.AccessTokenType

AccessTokenType returns the type of access token the client uses (Bearer (opaque) or JWT), implements op.Client

func (*Client) ApplicationType

func (c *Client) ApplicationType() op.ApplicationType

ApplicationType returns the application type (app, native, user agent), implements op.Client

func (*Client) AuthMethod

func (c *Client) AuthMethod() oidc.AuthMethod

AuthMethod returns the authentication method (client_secret_basic, client_secret_post, none, private_key_jwt), implements op.Client

func (*Client) ClockSkew

func (c *Client) ClockSkew() time.Duration

ClockSkew enables clients to instruct the OP to apply a clock skew on the various times and expirations (subtract from issued_at, add to expiration, ...), implements op.Client

func (*Client) DevMode

func (c *Client) DevMode() bool

DevMode enables the use of non-compliant configs such as redirect_uris, implements op.Client

func (*Client) GetID

func (c *Client) GetID() string

GetID returns the clients id, implements op.Client

func (*Client) GrantTypes

func (c *Client) GrantTypes() []oidc.GrantType

GrantTypes returns all allowed grant types (authorization_code, refresh_token, urn:ietf:params:oauth:grant-type:jwt-bearer), implements op.Client

func (*Client) IDTokenLifetime

func (c *Client) IDTokenLifetime() time.Duration

IDTokenLifetime returns the lifetime of the client's id_tokens

func (*Client) IDTokenUserinfoClaimsAssertion

func (c *Client) IDTokenUserinfoClaimsAssertion() bool

IDTokenUserinfoClaimsAssertion allows specifying if claims of scope profile, email, phone and address are asserted into the id_token even if an access token if issued which violates the OIDC Core spec (5.4. Requesting Claims using Scope Values: https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) some clients though require that e.g. email is always in the id_token when requested even if an access_token is issued, implements op.Client

func (*Client) IsScopeAllowed

func (c *Client) IsScopeAllowed(_ string) bool

IsScopeAllowed enables Client custom scopes validation, implements op.Client No custom scopes are currently supported.

func (*Client) LoginURL

func (c *Client) LoginURL(id string) string

LoginURL returns the URL clients should be directed to for login based on authentication request id, implements op.Client

func (*Client) PostLogoutRedirectURIs

func (c *Client) PostLogoutRedirectURIs() []string

PostLogoutRedirectURIs returns an array of post logout redirect URIs, implements op.Client

func (*Client) RedirectURIs

func (c *Client) RedirectURIs() []string

RedirectURIs returns an array of valid redirect URIs, implements op.Client

func (*Client) ResponseTypes

func (c *Client) ResponseTypes() []oidc.ResponseType

ResponseTypes returns all allowed response types (code, id_token token, id_token), these must match with the allowed grant types, implements op.Client

func (*Client) RestrictAdditionalAccessTokenScopes

func (c *Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string

RestrictAdditionalAccessTokenScopes allows specifying which custom scopes shall be asserted into the JWT access_token, implements op.Client

func (*Client) RestrictAdditionalIdTokenScopes

func (c *Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string

RestrictAdditionalIdTokenScopes allows specifying which custom scopes shall be asserted into the id_token, implements op.Client

type Config

type Config struct {
	Issuer               string
	TokenSecret          string
	Storage              Storage
	Certificate          *x509.Certificate
	PrivateKey           crypto.PrivateKey
	IdTokenDuration      time.Duration
	RefreshTokenDuration time.Duration
	AccessTokenDuration  time.Duration
	RedirectURIs         []string
	PostLogoutURIs       []string
	// contains filtered or unexported fields
}

Config represents the configuration necessary to operate an OIDC Provider

func NewConfig

func NewConfig(issuer string, cert *x509.Certificate, key crypto.PrivateKey) Config

NewConfig will create a Config with default values

func (*Config) MaxTokenDuration

func (c *Config) MaxTokenDuration() time.Duration

MaxTokenDuration returns the maximum token lifetime currently configured

func (*Config) Secret

func (c *Config) Secret() [32]byte

Secret returns a sha256 sum of the configured token secret

type CustomClaims

type CustomClaims struct {
	ApiSessionId     string   `json:"z_asid,omitempty"`
	ExternalId       string   `json:"z_eid,omitempty"`
	IsAdmin          bool     `json:"z_ia,omitempty"`
	ConfigTypes      []string `json:"z_ct,omitempty"`
	ApplicationId    string   `json:"z_aid,omitempty"`
	Type             string   `json:"z_t"`
	CertFingerprints []string `json:"z_cfs"`
	Scopes           []string `json:"scopes,omitempty"`
}

type HybridStorage

type HybridStorage struct {
	// contains filtered or unexported fields
}

HybridStorage implements the Storage interface Authentication requests are not synchronized with other controllers. Authentication must happen entirely with one controller. After id, access, and/or refresh tokens are acquired, they may be used at any controller. All token revocations are synchronized with other controllers.

func NewStorage

func NewStorage(kid string, publicKey crypto.PublicKey, privateKey crypto.PrivateKey, singingMethod jwt.SigningMethod, config *Config, env model.Env) *HybridStorage

func (*HybridStorage) AddClient

func (s *HybridStorage) AddClient(client *Client)

func (*HybridStorage) AuthRequestByCode

func (s *HybridStorage) AuthRequestByCode(ctx context.Context, code string) (op.AuthRequest, error)

AuthRequestByCode implements the op.Storage interface

func (*HybridStorage) AuthRequestByID

func (s *HybridStorage) AuthRequestByID(_ context.Context, id string) (op.AuthRequest, error)

AuthRequestByID implements the op.Storage interface

func (*HybridStorage) AuthRequestDone

func (s *HybridStorage) AuthRequestDone(id string) error

AuthRequestDone is used by testing and is not required to implement op.Storage

func (*HybridStorage) Authenticate

func (s *HybridStorage) Authenticate(authCtx model.AuthContext, id string, configTypes []string) (*AuthRequest, error)

Authenticate will verify supplied credentials and update the primary authentication status of an AuthRequest

func (*HybridStorage) AuthorizeClientIDSecret

func (s *HybridStorage) AuthorizeClientIDSecret(_ context.Context, clientID, clientSecret string) error

AuthorizeClientIDSecret implements the op.Storage interface

func (*HybridStorage) Clean

func (s *HybridStorage) Clean()

Clean removes abandoned auth requests and associated data

func (*HybridStorage) ClientCredentials

func (s *HybridStorage) ClientCredentials(_ context.Context, clientID, clientSecret string) (op.Client, error)

ClientCredentials implements op.ClientCredentialsStorage

func (*HybridStorage) ClientCredentialsTokenRequest

func (s *HybridStorage) ClientCredentialsTokenRequest(_ context.Context, clientID string, scopes []string) (op.TokenRequest, error)

ClientCredentialsTokenRequest implements op.ClientCredentialsStorage

func (*HybridStorage) CompleteDeviceAuthorization

func (s *HybridStorage) CompleteDeviceAuthorization(_ context.Context, userCode, subject string) error

CompleteDeviceAuthorization implements op.DeviceAuthorizationStorage

func (*HybridStorage) CreateAccessAndRefreshTokens

func (s *HybridStorage) CreateAccessAndRefreshTokens(_ context.Context, request op.TokenRequest, currentRefreshToken string) (accessTokenID string, newRefreshToken string, expiration time.Time, err error)

CreateAccessAndRefreshTokens implements the op.Storage interface

func (*HybridStorage) CreateAccessToken

func (s *HybridStorage) CreateAccessToken(_ context.Context, request op.TokenRequest) (string, time.Time, error)

CreateAccessToken implements the op.Storage interface

func (*HybridStorage) CreateAuthRequest

func (s *HybridStorage) CreateAuthRequest(ctx context.Context, authReq *oidc.AuthRequest, identityId string) (op.AuthRequest, error)

CreateAuthRequest creates a new AuthRequest based on an incoming request, implements the op.Storage interface

func (*HybridStorage) CreateTokenExchangeRequest

func (s *HybridStorage) CreateTokenExchangeRequest(_ context.Context, _ op.TokenExchangeRequest) error

func (*HybridStorage) DeleteAuthRequest

func (s *HybridStorage) DeleteAuthRequest(_ context.Context, id string) error

DeleteAuthRequest implements the op.Storage interface

func (*HybridStorage) DenyDeviceAuthorization

func (s *HybridStorage) DenyDeviceAuthorization(_ context.Context, userCode string) error

DenyDeviceAuthorization implements op.DeviceAuthorizationStorage

func (*HybridStorage) GetAuthRequest

func (s *HybridStorage) GetAuthRequest(id string) (*AuthRequest, error)

GetAuthRequest returns an AuthRequest by id

func (*HybridStorage) GetClientByClientID

func (s *HybridStorage) GetClientByClientID(_ context.Context, clientID string) (op.Client, error)

GetClientByClientID implements the op.Storage interface

func (*HybridStorage) GetDeviceAuthorizationByUserCode

func (s *HybridStorage) GetDeviceAuthorizationByUserCode(_ context.Context, userCode string) (*op.DeviceAuthorizationState, error)

GetDeviceAuthorizationByUserCode implements op.DeviceAuthorizationStorage

func (*HybridStorage) GetDeviceAuthorizatonState

func (s *HybridStorage) GetDeviceAuthorizatonState(ctx context.Context, clientID, deviceCode string) (*op.DeviceAuthorizationState, error)

GetDeviceAuthorizatonState implements op.DeviceAuthorizationStorage

func (*HybridStorage) GetKeyByIDAndClientID

func (s *HybridStorage) GetKeyByIDAndClientID(_ context.Context, keyID, _ string) (*jose.JSONWebKey, error)

GetKeyByIDAndClientID implements the op.Storage interface

func (*HybridStorage) GetPrivateClaimsFromScopes

func (s *HybridStorage) GetPrivateClaimsFromScopes(ctx context.Context, identityId, clientID string, scopes []string) (claims map[string]interface{}, err error)

GetPrivateClaimsFromScopes implements the op.Storage interface

func (*HybridStorage) GetPrivateClaimsFromTokenExchangeRequest

func (s *HybridStorage) GetPrivateClaimsFromTokenExchangeRequest(ctx context.Context, request op.TokenExchangeRequest) (claims map[string]interface{}, err error)

GetPrivateClaimsFromTokenExchangeRequest implements the op.TokenExchangeStorage interface

func (*HybridStorage) GetRefreshTokenInfo

func (s *HybridStorage) GetRefreshTokenInfo(_ context.Context, _ string, token string) (identityId string, tokenID string, err error)

GetRefreshTokenInfo implements the op.Storage interface

func (*HybridStorage) Health

func (s *HybridStorage) Health(_ context.Context) error

Health implements the op.Storage interface

func (*HybridStorage) IsTokenRevoked

func (s *HybridStorage) IsTokenRevoked(tokenId string) bool

IsTokenRevoked returns true or false if a token has been revoked

func (*HybridStorage) KeySet

func (s *HybridStorage) KeySet(_ context.Context) ([]op.Key, error)

KeySet implements the op.Storage interface

func (*HybridStorage) RevokeToken

func (s *HybridStorage) RevokeToken(_ context.Context, tokenIDOrToken string, _ string, _ string) *oidc.Error

RevokeToken implements the op.Storage interface

func (*HybridStorage) SaveAuthCode

func (s *HybridStorage) SaveAuthCode(_ context.Context, id string, code string) error

SaveAuthCode implements the op.Storage interface

func (*HybridStorage) SetIntrospectionFromToken

func (s *HybridStorage) SetIntrospectionFromToken(_ context.Context, _ *oidc.IntrospectionResponse, _, _, _ string) error

SetIntrospectionFromToken implements the op.Storage interface

func (*HybridStorage) SetUserinfoFromRequest

func (s *HybridStorage) SetUserinfoFromRequest(_ context.Context, userinfo *oidc.UserInfo, token op.IDTokenRequest, scopes []string) error

SetUserinfoFromRequest implements the op.CanSetUserinfoFromRequest interface.

func (*HybridStorage) SetUserinfoFromScopes

func (s *HybridStorage) SetUserinfoFromScopes(_ context.Context, _ *oidc.UserInfo, _, _ string, _ []string) error

SetUserinfoFromScopes implements the op.Storage interface.

func (*HybridStorage) SetUserinfoFromToken

func (s *HybridStorage) SetUserinfoFromToken(ctx context.Context, userinfo *oidc.UserInfo, tokenID, subject, _ string) error

SetUserinfoFromToken implements the op.Storage interface

func (*HybridStorage) SetUserinfoFromTokenExchangeRequest

func (s *HybridStorage) SetUserinfoFromTokenExchangeRequest(ctx context.Context, userinfo *oidc.UserInfo, request op.TokenExchangeRequest) error

SetUserinfoFromTokenExchangeRequest implements the op.TokenExchangeStorage interface

func (*HybridStorage) SignatureAlgorithms

func (s *HybridStorage) SignatureAlgorithms(context.Context) ([]jose.SignatureAlgorithm, error)

SignatureAlgorithms implements the op.Storage interface

func (*HybridStorage) SigningKey

func (s *HybridStorage) SigningKey(_ context.Context) (op.SigningKey, error)

SigningKey implements the op.Storage interface

func (*HybridStorage) StoreDeviceAuthorization

func (s *HybridStorage) StoreDeviceAuthorization(_ context.Context, clientID, deviceCode, userCode string, expires time.Time, scopes []string) error

StoreDeviceAuthorization implements op.DeviceAuthorizationStorage

func (*HybridStorage) TerminateSession

func (s *HybridStorage) TerminateSession(_ context.Context, identityId string, clientID string) error

TerminateSession implements the op.Storage interface

func (*HybridStorage) TokenRequestByRefreshToken

func (s *HybridStorage) TokenRequestByRefreshToken(_ context.Context, refreshToken string) (op.RefreshTokenRequest, error)

TokenRequestByRefreshToken implements the op.Storage interface

func (*HybridStorage) ValidateJWTProfileScopes

func (s *HybridStorage) ValidateJWTProfileScopes(_ context.Context, _ string, scopes []string) ([]string, error)

ValidateJWTProfileScopes implements the op.Storage interface

func (*HybridStorage) ValidateTokenExchangeRequest

func (s *HybridStorage) ValidateTokenExchangeRequest(_ context.Context, request op.TokenExchangeRequest) error

ValidateTokenExchangeRequest implements the op.TokenExchangeStorage interface

func (*HybridStorage) VerifyTotp

func (s *HybridStorage) VerifyTotp(ctx *change.Context, code string, id string) (*AuthRequest, error)

VerifyTotp will update and return the AuthRequest associated with `id`

type IdTokenClaims

type IdTokenClaims struct {
	oidc.IDTokenClaims
	CustomClaims
}

func (*IdTokenClaims) TotpComplete

func (c *IdTokenClaims) TotpComplete() bool

type RefreshClaims

type RefreshClaims struct {
	oidc.IDTokenClaims
	CustomClaims
}

func (*RefreshClaims) GetAudience

func (r *RefreshClaims) GetAudience() (jwt.ClaimStrings, error)

func (*RefreshClaims) GetExpirationTime

func (r *RefreshClaims) GetExpirationTime() (*jwt.NumericDate, error)

func (*RefreshClaims) GetIssuedAt

func (r *RefreshClaims) GetIssuedAt() (*jwt.NumericDate, error)

func (*RefreshClaims) GetIssuer

func (r *RefreshClaims) GetIssuer() (string, error)

func (*RefreshClaims) GetNotBefore

func (r *RefreshClaims) GetNotBefore() (*jwt.NumericDate, error)

func (*RefreshClaims) GetSubject

func (r *RefreshClaims) GetSubject() (string, error)

func (*RefreshClaims) MarshalJSON

func (c *RefreshClaims) MarshalJSON() ([]byte, error)

func (*RefreshClaims) UnmarshalJSON

func (c *RefreshClaims) UnmarshalJSON(data []byte) error

type RefreshTokenRequest

type RefreshTokenRequest struct {
	RefreshClaims
}

RefreshTokenRequest is a wrapper around RefreshClaims to avoid collisions between go-jwt interface requirements and zitadel oidc interface names. Implements zitadel op.RefreshTokenRequest

func (*RefreshTokenRequest) GetAMR

func (r *RefreshTokenRequest) GetAMR() []string

GetAMR implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetAudience

func (r *RefreshTokenRequest) GetAudience() []string

GetAudience implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetAuthTime

func (r *RefreshTokenRequest) GetAuthTime() time.Time

GetAuthTime implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetCertFingerprints

func (r *RefreshTokenRequest) GetCertFingerprints() []string

func (*RefreshTokenRequest) GetClientID

func (r *RefreshTokenRequest) GetClientID() string

GetClientID implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetScopes

func (r *RefreshTokenRequest) GetScopes() []string

GetScopes implements op.RefreshTokenRequest

func (*RefreshTokenRequest) GetSubject

func (r *RefreshTokenRequest) GetSubject() string

GetSubject implements op.RefreshTokenRequest

func (*RefreshTokenRequest) SetCurrentScopes

func (r *RefreshTokenRequest) SetCurrentScopes(scopes []string)

SetCurrentScopes implements op.RefreshTokenRequest

type Storage

type Storage interface {
	op.Storage

	// Authenticate attempts to perform authentication on supplied credentials for all known authentication methods
	Authenticate(authCtx model.AuthContext, id string, configTypes []string) (*AuthRequest, error)

	// VerifyTotp will verify the supplied code for the current authentication request's subject
	// A change context is required for the removal of one-time TOTP recovery codes
	VerifyTotp(ctx *change.Context, code string, id string) (*AuthRequest, error)

	// IsTokenRevoked will return true if a token has been removed.
	// TokenId may be a JWT token id or an identity id
	IsTokenRevoked(tokenId string) bool

	// AddClient adds an OIDC Client to the registry of valid clients.
	AddClient(client *Client)

	// GetAuthRequest returns an *AuthRequest by its id
	GetAuthRequest(id string) (*AuthRequest, error)
}

Storage is a compound interface of op.Storage and custom storage functions

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL