x

package
v2.2.0-rc.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 16, 2023 License: Apache-2.0 Imports: 42 Imported by: 0

Documentation

Overview

ORY Hydra

Welcome to the ORY Hydra HTTP API documentation. You will find documentation for all HTTP APIs here. 

Schemes: http, https
Host:
BasePath: /
Version: latest

Consumes:
- application/json
- application/x-www-form-urlencoded

Produces:
- application/json

SecurityDefinitions:
oauth2:
    type: oauth2
    authorizationUrl: https://hydra.demo.ory.sh/oauth2/auth
    tokenUrl: https://hydra.demo.ory.sh/oauth2/token
    flow: accessCode
    scopes:
      offline: "A scope required when requesting refresh tokens (alias for `offline_access`)"
      offline_access: "A scope required when requesting refresh tokens"
      openid: "Request an OpenID Connect ID Token"
basic:
    type: basic
bearer:
    type: basic

Extensions:
---
x-request-id: string
x-forwarded-proto: string
---

swagger:meta

Index

Constants

View Source 
const (
	OpenIDConnectKeyName = "hydra.openid.id-token"
	OAuth2JWTKeyName     = "hydra.jwt.access-token"
)
View Source 
const (
	HashAlgorithmBCrypt = HashAlgorithm("bcrypt")
	HashAlgorithmPBKDF2 = HashAlgorithm("pbkdf2")
)

Variables

View Source 
var (
	ErrNotFound = &fosite.RFC6749Error{
		CodeField:        http.StatusNotFound,
		ErrorField:       http.StatusText(http.StatusNotFound),
		DescriptionField: "Unable to locate the requested resource",
	}
	ErrConflict = &fosite.RFC6749Error{
		CodeField:        http.StatusConflict,
		ErrorField:       http.StatusText(http.StatusConflict),
		DescriptionField: "Unable to process the requested resource because of conflict in the current state",
	}
)

Functions

func BasicAuth 

func BasicAuth(username, password string) string

func BytesToInt added in v2.2.0 

func BytesToInt(b []byte) (int64, error)

BytesToInt converts a byte slice to an int64. It is the inverse of IntToBytes.

func CleanSQLPop 

func CleanSQLPop(t *testing.T, c *pop.Connection)

func DecodeSegment 

func DecodeSegment(seg string) ([]byte, error)

Decode JWT specific base64url encoding with padding stripped

func DeleteHydraRows 

func DeleteHydraRows(t *testing.T, c *pop.Connection)

func ErrorEnhancer 

func ErrorEnhancer(r *http.Request, err error) interface{}

func FositeStore 

func FositeStore() *storage.MemoryStore

func FromPointer 

func FromPointer[T any, TT *T](val *T) (zero T)

FromPointer returns the dereferenced value or if the pointer is nil the zero value.

func GenerateSecret 

func GenerateSecret(length int) ([]byte, error)

func HashByteSecret 

func HashByteSecret(secret []byte) []byte

HashByteSecret hashes the secret for consumption by the AEAD encryption algorithm which expects exactly 32 bytes.

The system secret is being hashed to always match exactly the 32 bytes required by AEAD, even if the secret is long or shorter.

func HashStringSecret 

func HashStringSecret(secret string) []byte

HashStringSecret hashes the secret for consumption by the AEAD encryption algorithm which expects exactly 32 bytes.

The system secret is being hashed to always match exactly the 32 bytes required by AEAD, even if the secret is long or shorter.

func IntToBytes added in v2.2.0 

func IntToBytes(i int64) []byte

IntToBytes converts an int64 to a byte slice. It is the inverse of BytesToInt.

func IsRedirectURISecure 

func IsRedirectURISecure(rc redirectConfiguration) func(context.Context, *url.URL) bool

func LogAudit 

func LogAudit(r *http.Request, message interface{}, logger *logrusx.Logger)

func LogError 

func LogError(r *http.Request, err error, logger *logrusx.Logger)

func MatchesRange 

func MatchesRange(r *http.Request, ranges []string) error

func Must added in v2.2.0 

func Must[T any](t T, err error) T

func NewRouterAdmin 

func NewRouterAdmin(f func(context.Context) *url.URL) *httprouterx.RouterAdmin

func NewRouterPublic 

func NewRouterPublic() *httprouterx.RouterPublic

func PaginationHeader 

func PaginationHeader(w http.ResponseWriter, u *url.URL, total int64, page, itemsPerPage int)

func ParsePagination 

func ParsePagination(r *http.Request) (page, itemsPerPage int)

ParsePagination parses limit and page from *http.Request with given limits and defaults.

func RejectInsecureRequests 

func RejectInsecureRequests(reg tlsRegistry, c tlsConfig) negroni.HandlerFunc

func ToPointer 

func ToPointer[T any](val T) *T

ToPointer returns the pointer to the value.

Types

type ClientAuthenticator 

type ClientAuthenticator interface {
	AuthenticateClient(ctx context.Context, r *http.Request, form url.Values) (fosite.Client, error)
}

type ClientAuthenticatorProvider 

type ClientAuthenticatorProvider interface {
	ClientAuthenticator() ClientAuthenticator
}

type CookieConfigProvider 

type CookieConfigProvider interface {
	CookieDomain(ctx context.Context) string
	IsDevelopmentMode(ctx context.Context) bool
	CookieSameSiteMode(ctx context.Context) http.SameSite
	CookieSameSiteLegacyWorkaround(ctx context.Context) bool
	CookieSecure(ctx context.Context) bool
}

type Duration 

type Duration time.Duration

func (Duration) MarshalJSON 

func (ns Duration) MarshalJSON() ([]byte, error)

MarshalJSON returns m as the JSON encoding of m.

func (*Duration) UnmarshalJSON 

func (ns *Duration) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *m to a copy of data.

type FositeStorer 

type FositeStorer interface {
	fosite.Storage
	oauth2.CoreStorage
	openid.OpenIDConnectRequestStorage
	pkce.PKCERequestStorage
	rfc7523.RFC7523KeyStorage
	verifiable.NonceManager

	RevokeRefreshToken(ctx context.Context, requestID string) error

	RevokeAccessToken(ctx context.Context, requestID string) error

	// flush the access token requests from the database.
	// no data will be deleted after the 'notAfter' timeframe.
	FlushInactiveAccessTokens(ctx context.Context, notAfter time.Time, limit int, batchSize int) error

	// flush the login requests from the database.
	// this will address the database long-term growth issues discussed in https://github.com/ory/hydra/issues/1574.
	// no data will be deleted after the 'notAfter' timeframe.
	FlushInactiveLoginConsentRequests(ctx context.Context, notAfter time.Time, limit int, batchSize int) error

	DeleteAccessTokens(ctx context.Context, clientID string) error

	FlushInactiveRefreshTokens(ctx context.Context, notAfter time.Time, limit int, batchSize int) error

	// DeleteOpenIDConnectSession deletes an OpenID Connect session.
	// This is duplicated from Ory Fosite to help against deprecation linting errors.
	DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
}

type HTTPClientProvider 

type HTTPClientProvider interface {
	HTTPClient(ctx context.Context, opts ...httpx.ResilientOptions) *retryablehttp.Client
}

type HashAlgorithm 

type HashAlgorithm string

func (HashAlgorithm) String 

func (a HashAlgorithm) String() string

type Hasher 

type Hasher struct {
	// contains filtered or unexported fields
}

Hasher implements fosite.Hasher.

func NewHasher 

func NewHasher(c config) *Hasher

NewHasher returns a new BCrypt instance.

func (*Hasher) Compare 

func (b *Hasher) Compare(ctx context.Context, hash, data []byte) error

func (*Hasher) Hash 

func (b *Hasher) Hash(ctx context.Context, data []byte) ([]byte, error)

type JSONWebKey 

type JSONWebKey struct {
	// Use ("public key use") identifies the intended use of
	// the public key. The "use" parameter is employed to indicate whether
	// a public key is used for encrypting data or verifying the signature
	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
	//
	// required: true
	// example: sig
	Use string `json:"use,omitempty"`

	// The "kty" (key type) parameter identifies the cryptographic algorithm
	// family used with the key, such as "RSA" or "EC". "kty" values should
	// either be registered in the IANA "JSON Web Key Types" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.  The "kty" value is a case-sensitive string.
	//
	// required: true
	// example: RSA
	Kty string `json:"kty,omitempty"`

	// The "kid" (key ID) parameter is used to match a specific key.  This
	// is used, for instance, to choose among a set of keys within a JWK Set
	// during key rollover.  The structure of the "kid" value is
	// unspecified.  When "kid" values are used within a JWK Set, different
	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
	// example in which different keys might use the same "kid" value is if
	// they have different "kty" (key type) values but are considered to be
	// equivalent alternatives by the application using them.)  The "kid"
	// value is a case-sensitive string.
	//
	// required: true
	// example: 1603dfe0af8f4596
	Kid string `json:"kid,omitempty"`

	//  The "alg" (algorithm) parameter identifies the algorithm intended for
	// use with the key.  The values used should either be registered in the
	// IANA "JSON Web Signature and Encryption Algorithms" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.
	//
	// required: true
	// example: RS256
	Alg string `json:"alg,omitempty"`

	// The "x5c" (X.509 certificate chain) parameter contains a chain of one
	// or more PKIX certificates [RFC5280].  The certificate chain is
	// represented as a JSON array of certificate value strings.  Each
	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
	// The PKIX certificate containing the key value MUST be the first
	// certificate.
	X5c []string `json:"x5c,omitempty"`

	// example: vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0
	N string `json:"n,omitempty"`

	// example: AQAB
	E string `json:"e,omitempty"`

	// example: T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE
	D string `json:"d,omitempty"`

	// example: 6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ
	P string `json:"p,omitempty"`

	// example: 0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ
	Q string `json:"q,omitempty"`

	// example: P-256
	Crv string `json:"crv,omitempty"`

	// example: G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0
	Dp string `json:"dp,omitempty"`

	// example: s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk
	Dq string `json:"dq,omitempty"`

	// example: GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU
	Qi string `json:"qi,omitempty"`

	// example: GawgguFyGrWKav7AX4VKUg
	K string `json:"k,omitempty"`

	// example: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU
	X string `json:"x,omitempty"`

	// example: x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0
	Y string `json:"y,omitempty"`
}

swagger:model jsonWebKey

type JoseJSONWebKeySet 

type JoseJSONWebKeySet struct {
	// swagger:ignore
	*jose.JSONWebKeySet
}

swagger:type JSONWebKeySet

func (*JoseJSONWebKeySet) Scan 

func (n *JoseJSONWebKeySet) Scan(value interface{}) error

func (*JoseJSONWebKeySet) Value 

func (n *JoseJSONWebKeySet) Value() (driver.Value, error)

type NullDuration 

type NullDuration struct {
	Duration time.Duration
	Valid    bool
}

NullDuration represents a nullable JSON and SQL compatible time.Duration.

TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x

swagger:ignore

func (NullDuration) MarshalJSON 

func (ns NullDuration) MarshalJSON() ([]byte, error)

MarshalJSON returns m as the JSON encoding of m.

func (*NullDuration) Scan 

func (ns *NullDuration) Scan(value interface{}) error

Scan implements the Scanner interface.

func (*NullDuration) UnmarshalJSON 

func (ns *NullDuration) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *m to a copy of data.

func (NullDuration) Value 

func (ns NullDuration) Value() (driver.Value, error)

Value implements the driver Valuer interface.

type PaginationHeaders 

type PaginationHeaders struct {
	// The link header contains pagination links.
	//
	// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
	//
	// in: header
	Link string `json:"link"`

	// The total number of clients.
	//
	// in: header
	XTotalCount string `json:"x-total-count"`
}

swagger:model paginationHeaders

type PaginationParams 

type PaginationParams struct {
	// Items per page
	//
	// This is the number of items per page to return.
	// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
	//
	// required: false
	// in: query
	// default: 250
	// min: 1
	// max: 1000
	PageSize int `json:"page_size"`

	// Next Page Token
	//
	// The next page token.
	// For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
	//
	// required: false
	// in: query
	// default: 1
	// min: 1
	PageToken string `json:"page_token"`
}

swagger:model pagination

type RegistryCookieStore 

type RegistryCookieStore interface {
	CookieStore(ctx context.Context) (sessions.Store, error)
}

type RegistryLogger 

type RegistryLogger interface {
	Logger() *logrusx.Logger
	AuditLogger() *logrusx.Logger
}

type RegistryWriter 

type RegistryWriter interface {
	Writer() herodot.Writer
}

type TracingProvider 

type TracingProvider interface {
	Tracer(ctx context.Context) *otelx.Tracer
}

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.