Documentation
¶
Index ¶
- Constants
- Variables
- func CredentialsEqual(a, b map[CredentialsType]Credentials) bool
- func DefaultPageToken() keysetpagination.PageToken
- func ManagerAllowWriteProtectedTraits(options *ManagerOptions)
- func ManagerExposeValidationErrorsForInternalTypeAssertion(options *ManagerOptions)
- func OIDCUniqueID(provider, subject string) string
- func UpgradeCodeCredentials(c *Credentials) (err error)
- func UpgradeCredentials(i *Identity) error
- func UpgradeWebAuthnCredentials(i *Identity, c *Credentials) (err error)
- type ActiveCredentialsCounter
- type ActiveCredentialsCounterStrategyProvider
- type AdminCreateIdentityImportCredentialsOidcProvider
- type AdminIdentityImportCredentialsOIDC
- type AdminIdentityImportCredentialsOIDCConfig
- type AdminIdentityImportCredentialsPassword
- type AdminIdentityImportCredentialsPasswordConfig
- type AuthenticatorAssuranceLevel
- type AuthenticatorWebAuthn
- type BatchIdentityPatch
- type BatchIdentityPatchResponse
- type BatchPatchAction
- type BatchPatchIdentitiesBody
- type CodeChannel
- type Configuration
- type CreateIdentitiesError
- func (e *CreateIdentitiesError) AddFailedIdentity(ident *Identity, err *herodot.DefaultError)
- func (e *CreateIdentitiesError) Contains(ident *Identity) bool
- func (e *CreateIdentitiesError) ErrOrNil() error
- func (e *CreateIdentitiesError) Error() string
- func (e *CreateIdentitiesError) Find(ident *Identity) *FailedIdentity
- func (e *CreateIdentitiesError) Merge(other *CreateIdentitiesError)
- func (e *CreateIdentitiesError) Unwrap() []error
- type CreateIdentityBody
- type CredentialIdentifier
- type CredentialWebAuthn
- type CredentialWebAuthnAttestation
- type CredentialWebAuthnFlags
- type Credentials
- type CredentialsCode
- type CredentialsCodeAddress
- type CredentialsLookupConfig
- type CredentialsOIDC
- type CredentialsOIDCEncryptedTokens
- type CredentialsOIDCProvider
- type CredentialsOptions
- type CredentialsPassword
- type CredentialsTOTPConfig
- type CredentialsType
- type CredentialsTypeTable
- type CredentialsWebAuthn
- func (c CredentialsWebAuthn) PasswordlessOnly(authenticatorResponseFlags *protocol.AuthenticatorFlags) (result []webauthn.Credential)
- func (c CredentialsWebAuthn) ToWebAuthn() (result []webauthn.Credential)
- func (c CredentialsWebAuthn) ToWebAuthnFiltered(aal AuthenticatorAssuranceLevel, ...) (result []webauthn.Credential)
- type CredentialsWebAuthnConfig
- type ErrDuplicateCredentials
- func (e *ErrDuplicateCredentials) AddCredentialsType(ct CredentialsType)
- func (e *ErrDuplicateCredentials) AvailableCredentials() []string
- func (e *ErrDuplicateCredentials) AvailableOIDCProviders() []string
- func (e *ErrDuplicateCredentials) HasHints() bool
- func (e *ErrDuplicateCredentials) IdentifierHint() string
- func (e *ErrDuplicateCredentials) SetIdentifierHint(hint string)
- func (e *ErrDuplicateCredentials) Unwrap() error
- type Expandable
- type Expandables
- type FailedIdentity
- type Handler
- type HandlerProvider
- type Identity
- func (i *Identity) CopyWithoutCredentials() *Identity
- func (i *Identity) DeleteCredentialsType(t CredentialsType)
- func (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool)
- func (i *Identity) GetCredentialsOr(t CredentialsType, fallback *Credentials) *Credentials
- func (i Identity) GetID() uuid.UUID
- func (i Identity) GetNID() uuid.UUID
- func (i *Identity) IsActive() bool
- func (i Identity) MarshalJSON() ([]byte, error)
- func (i *Identity) PageToken() keysetpagination.PageToken
- func (i *Identity) ParseCredentials(t CredentialsType, config interface{}) (*Credentials, error)
- func (i *Identity) SetAvailableAAL(ctx context.Context, m *Manager) (err error)
- func (i *Identity) SetCredentials(t CredentialsType, c Credentials)
- func (i *Identity) SetCredentialsWithConfig(t CredentialsType, c Credentials, conf interface{}) (err error)
- func (i Identity) TableName(context.Context) string
- func (i *Identity) UnmarshalJSON(b []byte) error
- func (i *Identity) UpsertCredentialsConfig(t CredentialsType, conf []byte, version int, opt ...CredentialsOptions)
- func (i *Identity) Validate() error
- func (i *Identity) WithDeclassifiedCredentials(ctx context.Context, c cipher.Provider, includeCredentials []CredentialsType) (*Identity, error)
- type IdentityWithCredentials
- type ListIdentityParameters
- type ManagementProvider
- type Manager
- func (m *Manager) ConflictingIdentity(ctx context.Context, i *Identity) (found *Identity, foundConflictAddress string, err error)
- func (m *Manager) CountActiveFirstFactorCredentials(ctx context.Context, i *Identity) (count int, err error)
- func (m *Manager) CountActiveMultiFactorCredentials(ctx context.Context, i *Identity) (count int, err error)
- func (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) (err error)
- func (m *Manager) CreateIdentities(ctx context.Context, identities []*Identity, opts ...ManagerOption) (err error)
- func (m *Manager) RefreshAvailableAAL(ctx context.Context, i *Identity) (err error)
- func (m *Manager) SetTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) (_ *Identity, err error)
- func (m *Manager) Update(ctx context.Context, updated *Identity, opts ...ManagerOption) (err error)
- func (m *Manager) UpdateSchemaID(ctx context.Context, id uuid.UUID, schemaID string, opts ...ManagerOption) (err error)
- func (m *Manager) UpdateTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) (err error)
- func (m *Manager) ValidateIdentity(ctx context.Context, i *Identity, o *ManagerOptions) (err error)
- type ManagerOption
- type ManagerOptions
- type NullableAuthenticatorAssuranceLevel
- type Pool
- type PoolProvider
- type PrivilegedPool
- type PrivilegedPoolProvider
- type RecoveryAddress
- type RecoveryAddressStatus
- type RecoveryAddressType
- type RecoveryCode
- type Registry
- type SchemaExtensionCredentials
- type SchemaExtensionRecovery
- type SchemaExtensionVerification
- type State
- type Traits
- type UpdateIdentityBody
- type ValidationProvider
- type Validator
- type VerifiableAddress
- type VerifiableAddressStatus
- type VerifiableAddressType
- type WithAdminMetadataInJSON
- type WithCredentialsAndAdminMetadataInJSON
- type WithCredentialsMetadataAndAdminMetadataInJSON
Constants ¶
View Source
const ( AddressTypeEmail = "email" AddressTypeSMS = "sms" )
View Source
const ( ChannelTypeEmail = "email" ChannelTypeSMS = "sms" )
View Source
const ( RouteCollection = "/identities" RouteItem = RouteCollection + "/:id" RouteCredentialItem = RouteItem + "/credentials/:type" BatchPatchIdentitiesLimit = 2000 )
View Source
const ( VerifiableAddressTypeEmail VerifiableAddressType = AddressTypeEmail VerifiableAddressStatusPending VerifiableAddressStatus = "pending" VerifiableAddressStatusSent VerifiableAddressStatus = "sent" VerifiableAddressStatusCompleted VerifiableAddressStatus = "completed" )
Variables ¶
View Source
var AllCredentialTypes = []CredentialsType{ CredentialsTypePassword, CredentialsTypeOIDC, CredentialsTypeTOTP, CredentialsTypeLookup, CredentialsTypeWebAuthn, CredentialsTypeCodeAuth, CredentialsTypePasskey, }
View Source
var ErrInvalidCodeAddressType = herodot.ErrInternalServerError.WithReasonf("The address type for sending OTP codes is not supported.")
View Source
var ErrProtectedFieldModified = herodot.ErrForbidden.
WithReasonf(`A field was modified that updates one or more credentials-related settings. This action was blocked because an unprivileged method was used to execute the update. This is either a configuration issue or a bug and should be reported to the system administrator.`)
View Source
var ExpandCredentials = Expandables{ ExpandFieldCredentials, }
ExpandCredentials expands the identity's credentials.
View Source
var ExpandDefault = Expandables{ ExpandFieldVerifiableAddresses, ExpandFieldRecoveryAddresses, }
ExpandDefault expands the default fields:
- Verifiable addresses - Recovery addresses
View Source
var ExpandEverything = Expandables{ ExpandFieldVerifiableAddresses, ExpandFieldRecoveryAddresses, ExpandFieldCredentials, }
ExpandEverything expands all the fields of an identity.
View Source
var ExpandNothing = Expandables{}
ExpandNothing expands nothing
Functions ¶
func CredentialsEqual ¶
func CredentialsEqual(a, b map[CredentialsType]Credentials) bool
func DefaultPageToken ¶ added in v1.1.0
func DefaultPageToken() keysetpagination.PageToken
func ManagerAllowWriteProtectedTraits ¶
func ManagerAllowWriteProtectedTraits(options *ManagerOptions)
func ManagerExposeValidationErrorsForInternalTypeAssertion ¶
func ManagerExposeValidationErrorsForInternalTypeAssertion(options *ManagerOptions)
func OIDCUniqueID ¶
func UpgradeCodeCredentials ¶ added in v1.3.0
func UpgradeCodeCredentials(c *Credentials) (err error)
func UpgradeCredentials ¶ added in v0.11.1
UpgradeCredentials migrates a set of older WebAuthn credentials to newer ones.
func UpgradeWebAuthnCredentials ¶ added in v0.11.1
func UpgradeWebAuthnCredentials(i *Identity, c *Credentials) (err error)
Types ¶
type ActiveCredentialsCounter ¶
type ActiveCredentialsCounter interface {
ID() CredentialsType
CountActiveFirstFactorCredentials(context.Context, map[CredentialsType]Credentials) (int, error)
CountActiveMultiFactorCredentials(context.Context, map[CredentialsType]Credentials) (int, error)
}
swagger:ignore
type ActiveCredentialsCounterStrategyProvider ¶
type ActiveCredentialsCounterStrategyProvider interface {
ActiveCredentialsCounterStrategies(context.Context) []ActiveCredentialsCounter
}
swagger:ignore
type AdminCreateIdentityImportCredentialsOidcProvider ¶
type AdminCreateIdentityImportCredentialsOidcProvider struct {
// The subject (`sub`) of the OpenID Connect connection. Usually the `sub` field of the ID Token.
//
// required: true
Subject string `json:"subject"`
// The OpenID Connect provider to link the subject to. Usually something like `google` or `github`.
//
// required: true
Provider string `json:"provider"`
}
Create Identity and Import Social Sign In Credentials Configuration
swagger:model identityWithCredentialsOidcConfigProvider
type AdminIdentityImportCredentialsOIDC ¶
type AdminIdentityImportCredentialsOIDC struct {
// Configuration options for the import.
Config AdminIdentityImportCredentialsOIDCConfig `json:"config"`
}
Create Identity and Import Social Sign In Credentials
swagger:model identityWithCredentialsOidc
type AdminIdentityImportCredentialsOIDCConfig ¶
type AdminIdentityImportCredentialsOIDCConfig struct {
// Configuration options for the import.
Config AdminIdentityImportCredentialsPasswordConfig `json:"config"`
// A list of OpenID Connect Providers
Providers []AdminCreateIdentityImportCredentialsOidcProvider `json:"providers"`
}
swagger:model identityWithCredentialsOidcConfig
type AdminIdentityImportCredentialsPassword ¶
type AdminIdentityImportCredentialsPassword struct {
// Configuration options for the import.
Config AdminIdentityImportCredentialsPasswordConfig `json:"config"`
}
Create Identity and Import Password Credentials
swagger:model identityWithCredentialsPassword
type AdminIdentityImportCredentialsPasswordConfig ¶
type AdminIdentityImportCredentialsPasswordConfig struct {
// The hashed password in [PHC format](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#hashed-passwords)
HashedPassword string `json:"hashed_password"`
// The password in plain text if no hash is available.
Password string `json:"password"`
// If set to true, the password will be migrated using the password migration hook.
UsePasswordMigrationHook bool `json:"use_password_migration_hook,omitempty"`
}
Create Identity and Import Password Credentials Configuration
swagger:model identityWithCredentialsPasswordConfig
type AuthenticatorAssuranceLevel ¶
type AuthenticatorAssuranceLevel string
Authenticator Assurance Level (AAL)
The authenticator assurance level can be one of "aal1", "aal2", or "aal3". A higher number means that it is harder for an attacker to compromise the account.
Generally, "aal1" implies that one authentication factor was used while AAL2 implies that two factors (e.g. password + TOTP) have been used.
To learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials
swagger:model authenticatorAssuranceLevel
const ( NoAuthenticatorAssuranceLevel AuthenticatorAssuranceLevel = "aal0" AuthenticatorAssuranceLevel1 AuthenticatorAssuranceLevel = "aal1" AuthenticatorAssuranceLevel2 AuthenticatorAssuranceLevel = "aal2" )
type AuthenticatorWebAuthn ¶ added in v0.13.0
type BatchIdentityPatch ¶ added in v0.13.0
type BatchIdentityPatch struct {
// The identity to create.
Create *CreateIdentityBody `json:"create"`
// The ID of this patch.
//
// The patch ID is optional. If specified, the ID will be returned in the
// response, so consumers of this API can correlate the response with the
// patch.
ID *uuid.UUID `json:"patch_id"`
}
Payload for patching an identity
swagger:model identityPatch
type BatchIdentityPatchResponse ¶ added in v0.13.0
type BatchIdentityPatchResponse struct {
// The action for this specific patch
Action BatchPatchAction `json:"action"`
// The identity ID payload of this patch
IdentityID *uuid.UUID `json:"identity,omitempty"`
// The ID of this patch response, if an ID was specified in the patch.
PatchID *uuid.UUID `json:"patch_id,omitempty"`
// The error message, if the action was "error".
Error *herodot.DefaultError `json:"error,omitempty"`
}
Response for a single identity patch
swagger:model identityPatchResponse
type BatchPatchAction ¶ added in v0.13.0
type BatchPatchAction string
swagger:enum BatchPatchAction
const ( // Create this identity. ActionCreate BatchPatchAction = "create" // Error indicates that the patch failed. ActionError BatchPatchAction = "error" )
type BatchPatchIdentitiesBody ¶ added in v0.13.0
type BatchPatchIdentitiesBody struct {
// Identities holds the list of patches to apply
//
// required
Identities []*BatchIdentityPatch `json:"identities"`
}
Patch Identities Body
swagger:model patchIdentitiesBody
type CodeChannel ¶ added in v1.3.0
type CodeChannel string
const ( CodeChannelEmail CodeChannel = AddressTypeEmail CodeChannelSMS CodeChannel = AddressTypeSMS )
func NewCodeChannel ¶ added in v1.3.0
func NewCodeChannel(value string) (CodeChannel, error)
type Configuration ¶
type CreateIdentitiesError ¶ added in v1.3.0
type CreateIdentitiesError struct {
// contains filtered or unexported fields
}
func (*CreateIdentitiesError) AddFailedIdentity ¶ added in v1.3.0
func (e *CreateIdentitiesError) AddFailedIdentity(ident *Identity, err *herodot.DefaultError)
func (*CreateIdentitiesError) Contains ¶ added in v1.3.0
func (e *CreateIdentitiesError) Contains(ident *Identity) bool
func (*CreateIdentitiesError) ErrOrNil ¶ added in v1.3.0
func (e *CreateIdentitiesError) ErrOrNil() error
func (*CreateIdentitiesError) Error ¶ added in v1.3.0
func (e *CreateIdentitiesError) Error() string
func (*CreateIdentitiesError) Find ¶ added in v1.3.0
func (e *CreateIdentitiesError) Find(ident *Identity) *FailedIdentity
func (*CreateIdentitiesError) Merge ¶ added in v1.3.0
func (e *CreateIdentitiesError) Merge(other *CreateIdentitiesError)
func (*CreateIdentitiesError) Unwrap ¶ added in v1.3.0
func (e *CreateIdentitiesError) Unwrap() []error
type CreateIdentityBody ¶ added in v0.11.0
type CreateIdentityBody struct {
// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
//
// required: true
SchemaID string `json:"schema_id"`
// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
// in a self-service manner. The input will always be validated against the JSON Schema defined
// in `schema_url`.
//
// required: true
Traits json.RawMessage `json:"traits"`
// Credentials represents all credentials that can be used for authenticating this identity.
//
// Use this structure to import credentials for a user.
Credentials *IdentityWithCredentials `json:"credentials"`
// VerifiableAddresses contains all the addresses that can be verified by the user.
//
// Use this structure to import verified addresses for an identity. Please keep in mind
// that the address needs to be represented in the Identity Schema or this field will be overwritten
// on the next identity update.
VerifiableAddresses []VerifiableAddress `json:"verifiable_addresses"`
// RecoveryAddresses contains all the addresses that can be used to recover an identity.
//
// Use this structure to import recovery addresses for an identity. Please keep in mind
// that the address needs to be represented in the Identity Schema or this field will be overwritten
// on the next identity update.
RecoveryAddresses []RecoveryAddress `json:"recovery_addresses"`
// Store metadata about the identity which the identity itself can see when calling for example the
// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.
MetadataPublic json.RawMessage `json:"metadata_public"`
// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`.
MetadataAdmin json.RawMessage `json:"metadata_admin,omitempty"`
// State is the identity's state.
//
// required: false
State State `json:"state"`
}
Create Identity Body
swagger:model createIdentityBody
type CredentialIdentifier ¶
type CredentialIdentifier struct {
ID uuid.UUID `db:"id"`
Identifier string `db:"identifier"`
// IdentityCredentialsID is a helper struct field for gobuffalo.pop.
IdentityCredentialsID uuid.UUID `json:"-" db:"identity_credential_id"`
// IdentityCredentialsTypeID is a helper struct field for gobuffalo.pop.
IdentityCredentialsTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"created_at" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
}
swagger:ignore
type CredentialWebAuthn ¶ added in v0.13.0
type CredentialWebAuthn struct {
ID []byte `json:"id"`
PublicKey []byte `json:"public_key"`
AttestationType string `json:"attestation_type"`
Authenticator *AuthenticatorWebAuthn `json:"authenticator,omitempty"`
DisplayName string `json:"display_name"`
AddedAt time.Time `json:"added_at"`
IsPasswordless bool `json:"is_passwordless"`
Flags *CredentialWebAuthnFlags `json:"flags,omitempty"`
Transport []protocol.AuthenticatorTransport `json:"transport,omitempty"`
Attestation *CredentialWebAuthnAttestation `json:"attestation,omitempty"`
}
func CredentialFromWebAuthn ¶ added in v0.13.0
func CredentialFromWebAuthn(credential *webauthn.Credential, isPasswordless bool) *CredentialWebAuthn
func (*CredentialWebAuthn) ToWebAuthn ¶ added in v0.13.0
func (c *CredentialWebAuthn) ToWebAuthn() *webauthn.Credential
type CredentialWebAuthnAttestation ¶ added in v1.3.1
type CredentialWebAuthnFlags ¶ added in v1.3.1
type Credentials ¶
type Credentials struct {
ID uuid.UUID `json:"-" db:"id"`
// Type discriminates between different types of credentials.
Type CredentialsType `json:"type" db:"-"`
IdentityCredentialTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`
// Identifiers represents a list of unique identifiers this credential type matches.
Identifiers []string `json:"identifiers" db:"-"`
// Config contains the concrete credential payload. This might contain the bcrypt-hashed password, the email
// for passwordless authentication or access_token and refresh tokens from OpenID Connect flows.
Config sqlxx.JSONRawMessage `json:"config,omitempty" db:"config"`
// Version refers to the version of the credential. Useful when changing the config schema.
Version int `json:"version" db:"version"`
IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"created_at" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
}
Credentials represents a specific credential type
swagger:model identityCredentials
func NewCredentialsOIDC ¶
func NewCredentialsOIDC(tokens *CredentialsOIDCEncryptedTokens, provider, subject, organization string) (*Credentials, error)
NewCredentialsOIDC creates a new OIDC credential.
func (Credentials) GetID ¶ added in v1.1.0
func (c Credentials) GetID() uuid.UUID
type CredentialsCode ¶ added in v1.1.0
type CredentialsCode struct {
Addresses []CredentialsCodeAddress `json:"addresses"`
}
CredentialsCode represents a one time login/registration code
swagger:model identityCredentialsCode
type CredentialsCodeAddress ¶ added in v1.3.0
type CredentialsCodeAddress struct {
// The type of the address for this code
Channel CodeChannel `json:"channel"`
// The address for this code
Address string `json:"address"`
}
swagger:model identityCredentialsCodeAddress
func (*CredentialsCodeAddress) UnmarshalJSON ¶ added in v1.3.0
func (c *CredentialsCodeAddress) UnmarshalJSON(data []byte) (err error)
type CredentialsLookupConfig ¶ added in v0.13.0
type CredentialsLookupConfig struct {
// List of recovery codes
RecoveryCodes []RecoveryCode `json:"recovery_codes"`
}
CredentialsConfig is the struct that is being used as part of the identity credentials.
func (*CredentialsLookupConfig) ToNode ¶ added in v0.13.0
func (c *CredentialsLookupConfig) ToNode() *node.Node
type CredentialsOIDC ¶
type CredentialsOIDC struct {
Providers []CredentialsOIDCProvider `json:"providers"`
}
CredentialsOIDC is contains the configuration for credentials of the type oidc.
swagger:model identityCredentialsOidc
func (*CredentialsOIDC) Organization ¶ added in v1.1.0
func (c *CredentialsOIDC) Organization() string
type CredentialsOIDCEncryptedTokens ¶ added in v1.2.0
type CredentialsOIDCEncryptedTokens struct {
RefreshToken string `json:"refresh_token,omitempty"`
IDToken string `json:"id_token,omitempty"`
AccessToken string `json:"access_token,omitempty"`
}
swagger:ignore
func (*CredentialsOIDCEncryptedTokens) GetAccessToken ¶ added in v1.2.0
func (c *CredentialsOIDCEncryptedTokens) GetAccessToken() string
func (*CredentialsOIDCEncryptedTokens) GetIDToken ¶ added in v1.2.0
func (c *CredentialsOIDCEncryptedTokens) GetIDToken() string
func (*CredentialsOIDCEncryptedTokens) GetRefreshToken ¶ added in v1.2.0
func (c *CredentialsOIDCEncryptedTokens) GetRefreshToken() string
type CredentialsOIDCProvider ¶
type CredentialsOIDCProvider struct {
Subject string `json:"subject"`
Provider string `json:"provider"`
InitialIDToken string `json:"initial_id_token"`
InitialAccessToken string `json:"initial_access_token"`
InitialRefreshToken string `json:"initial_refresh_token"`
Organization string `json:"organization,omitempty"`
}
CredentialsOIDCProvider is contains a specific OpenID COnnect credential for a particular connection (e.g. Google).
swagger:model identityCredentialsOidcProvider
func (*CredentialsOIDCProvider) GetTokens ¶ added in v1.2.0
func (c *CredentialsOIDCProvider) GetTokens() *CredentialsOIDCEncryptedTokens
type CredentialsOptions ¶ added in v1.2.0
type CredentialsOptions func(c *Credentials)
func WithAdditionalIdentifier ¶ added in v1.2.0
func WithAdditionalIdentifier(identifier string) CredentialsOptions
type CredentialsPassword ¶
type CredentialsPassword struct {
// HashedPassword is a hash-representation of the password.
HashedPassword string `json:"hashed_password"`
// UsePasswordMigrationHook is set to true if the password should be migrated
// using the password migration hook. If set, and the HashedPassword is empty, a
// webhook will be called during login to migrate the password.
UsePasswordMigrationHook bool `json:"use_password_migration_hook,omitempty"`
}
CredentialsPassword is contains the configuration for credentials of the type password.
swagger:model identityCredentialsPassword
func (*CredentialsPassword) ShouldUsePasswordMigrationHook ¶ added in v1.3.0
func (cp *CredentialsPassword) ShouldUsePasswordMigrationHook() bool
type CredentialsTOTPConfig ¶ added in v0.13.0
type CredentialsTOTPConfig struct {
// TOTPURL is the TOTP URL
//
// For more details see: https://github.com/google/google-authenticator/wiki/Key-Uri-Format
TOTPURL string `json:"totp_url"`
}
CredentialsConfig is the struct that is being used as part of the identity credentials.
type CredentialsType ¶
type CredentialsType string
CredentialsType represents several different credential types, like password credentials, passwordless credentials, and so on.
swagger:enum CredentialsType
const ( CredentialsTypePassword CredentialsType = "password" CredentialsTypeOIDC CredentialsType = "oidc" CredentialsTypeTOTP CredentialsType = "totp" CredentialsTypeLookup CredentialsType = "lookup_secret" CredentialsTypeWebAuthn CredentialsType = "webauthn" CredentialsTypeCodeAuth CredentialsType = "code" CredentialsTypePasskey CredentialsType = "passkey" CredentialsTypeProfile CredentialsType = "profile" )
Please make sure to add all of these values to the test that ensures they are created during migration
const ( // CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow). // It is not used within the credentials object itself. CredentialsTypeRecoveryLink CredentialsType = "link_recovery" CredentialsTypeRecoveryCode CredentialsType = "code_recovery" )
func ParseCredentialsType ¶ added in v1.0.0
func ParseCredentialsType(in string) (CredentialsType, bool)
ParseCredentialsType parses a string into a CredentialsType or returns false as the second argument.
func (CredentialsType) String ¶
func (c CredentialsType) String() string
func (CredentialsType) ToUiNodeGroup ¶ added in v0.11.0
func (c CredentialsType) ToUiNodeGroup() node.UiNodeGroup
type CredentialsTypeTable ¶
type CredentialsTypeTable struct {
ID uuid.UUID `json:"-" db:"id"`
Name CredentialsType `json:"-" db:"name"`
}
swagger:ignore
type CredentialsWebAuthn ¶ added in v0.13.0
type CredentialsWebAuthn []CredentialWebAuthn
func (CredentialsWebAuthn) PasswordlessOnly ¶ added in v1.2.0
func (c CredentialsWebAuthn) PasswordlessOnly(authenticatorResponseFlags *protocol.AuthenticatorFlags) (result []webauthn.Credential)
PasswordlessOnly returns only passwordless credentials.
func (CredentialsWebAuthn) ToWebAuthn ¶ added in v0.13.0
func (c CredentialsWebAuthn) ToWebAuthn() (result []webauthn.Credential)
func (CredentialsWebAuthn) ToWebAuthnFiltered ¶ added in v0.13.0
func (c CredentialsWebAuthn) ToWebAuthnFiltered(aal AuthenticatorAssuranceLevel, authenticatorResponseFlags *protocol.AuthenticatorFlags) (result []webauthn.Credential)
ToWebAuthnFiltered returns only the appropriate credentials for the requested AAL. For AAL1, only passwordless credentials are returned, for AAL2, only non-passwordless credentials are returned.
authenticatorResponseFlags should be passed if the response is from an authenticator. It will be used to upgrade legacy webauthn credentials' BackupEligible and BackupState flags.
type CredentialsWebAuthnConfig ¶ added in v0.13.0
type CredentialsWebAuthnConfig struct {
// List of webauthn credentials.
Credentials CredentialsWebAuthn `json:"credentials"`
UserHandle []byte `json:"user_handle"`
}
CredentialsWebAuthnConfig is the struct that is being used as part of the identity credentials.
type ErrDuplicateCredentials ¶ added in v1.1.0
type ErrDuplicateCredentials struct {
// contains filtered or unexported fields
}
func (*ErrDuplicateCredentials) AddCredentialsType ¶ added in v1.2.0
func (e *ErrDuplicateCredentials) AddCredentialsType(ct CredentialsType)
func (*ErrDuplicateCredentials) AvailableCredentials ¶ added in v1.1.0
func (e *ErrDuplicateCredentials) AvailableCredentials() []string
func (*ErrDuplicateCredentials) AvailableOIDCProviders ¶ added in v1.1.0
func (e *ErrDuplicateCredentials) AvailableOIDCProviders() []string
func (*ErrDuplicateCredentials) HasHints ¶ added in v1.1.0
func (e *ErrDuplicateCredentials) HasHints() bool
func (*ErrDuplicateCredentials) IdentifierHint ¶ added in v1.1.0
func (e *ErrDuplicateCredentials) IdentifierHint() string
func (*ErrDuplicateCredentials) SetIdentifierHint ¶ added in v1.2.0
func (e *ErrDuplicateCredentials) SetIdentifierHint(hint string)
func (*ErrDuplicateCredentials) Unwrap ¶ added in v1.1.0
func (e *ErrDuplicateCredentials) Unwrap() error
type Expandable ¶ added in v0.11.1
type Expandable = sqlxx.Expandable
const ( ExpandFieldVerifiableAddresses Expandable = "VerifiableAddresses" ExpandFieldRecoveryAddresses Expandable = "RecoveryAddresses" ExpandFieldCredentials Expandable = "Credentials" )
type Expandables ¶ added in v0.11.1
type Expandables = sqlxx.Expandables
type FailedIdentity ¶ added in v1.3.0
type FailedIdentity struct {
Identity *Identity
Error *herodot.DefaultError
}
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func NewHandler(r handlerDependencies) *Handler
func (*Handler) RegisterAdminRoutes ¶
func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)
func (*Handler) RegisterPublicRoutes ¶
func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)
type HandlerProvider ¶
type HandlerProvider interface {
IdentityHandler() *Handler
}
type Identity ¶
type Identity struct {
// ID is the identity's unique identifier.
//
// The Identity ID can not be changed and can not be chosen. This ensures future
// compatibility and optimization for distributed stores such as CockroachDB.
//
// required: true
ID uuid.UUID `json:"id" faker:"-" db:"id"`
// Credentials represents all credentials that can be used for authenticating this identity.
Credentials map[CredentialsType]Credentials `json:"credentials,omitempty" faker:"-" db:"-"`
// InternalAvailableAAL defines the maximum available AAL for this identity.
//
// - If the user has at least one two-factor authentication method configured, the AAL will be 2.
// - If the user has only a password configured, the AAL will be 1.
//
// This field is AAL2 as soon as a second factor credential is found. A first factor is not required for this
// field to return `aal2`.
//
// This field is primarily used to determine whether the user needs to upgrade to AAL2 without having to check
// all the credentials in the database. Use with caution!
InternalAvailableAAL NullableAuthenticatorAssuranceLevel `json:"-" faker:"-" db:"available_aal"`
// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
//
// required: true
SchemaID string `json:"schema_id" faker:"-" db:"schema_id"`
// SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.
//
// format: url
// required: true
SchemaURL string `json:"schema_url" faker:"-" db:"-"`
// State is the identity's state.
//
// This value has currently no effect.
State State `json:"state" faker:"-" db:"state"`
// StateChangedAt contains the last time when the identity's state changed.
StateChangedAt *sqlxx.NullTime `json:"state_changed_at,omitempty" faker:"-" db:"state_changed_at"`
// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
// in a self-service manner. The input will always be validated against the JSON Schema defined
// in `schema_url`.
//
// required: true
Traits Traits `json:"traits" faker:"-" db:"traits"`
// VerifiableAddresses contains all the addresses that can be verified by the user.
//
// Extensions:
// ---
// x-omitempty: true
// ---
VerifiableAddresses []VerifiableAddress `` /* 126-byte string literal not displayed */
// RecoveryAddresses contains all the addresses that can be used to recover an identity.
//
// Extensions:
// ---
// x-omitempty: true
// ---
RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty" faker:"-" has_many:"identity_recovery_addresses" fk_id:"identity_id" order_by:"id asc"`
// Store metadata about the identity which the identity itself can see when calling for example the
// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.
MetadataPublic sqlxx.NullJSONRawMessage `json:"metadata_public" faker:"-" db:"metadata_public"`
// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`.
MetadataAdmin sqlxx.NullJSONRawMessage `json:"metadata_admin,omitempty" faker:"-" db:"metadata_admin"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"created_at" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
OrganizationID uuid.NullUUID `json:"organization_id,omitempty" faker:"-" db:"organization_id"`
// contains filtered or unexported fields
}
Identity represents an Ory Kratos identity
An identity(https://www.ory.sh/docs/kratos/concepts/identity-user-model) represents a (human) user in Ory.
swagger:model identity
func NewIdentity ¶
func (*Identity) CopyWithoutCredentials ¶
func (*Identity) DeleteCredentialsType ¶
func (i *Identity) DeleteCredentialsType(t CredentialsType)
func (*Identity) GetCredentials ¶
func (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool)
func (*Identity) GetCredentialsOr ¶
func (i *Identity) GetCredentialsOr(t CredentialsType, fallback *Credentials) *Credentials
GetCredentialsOr returns the credentials for a given CredentialsType. If the credentials do not exist, the fallback is returned.
func (Identity) MarshalJSON ¶
func (*Identity) PageToken ¶ added in v1.1.0
func (i *Identity) PageToken() keysetpagination.PageToken
func (*Identity) ParseCredentials ¶
func (i *Identity) ParseCredentials(t CredentialsType, config interface{}) (*Credentials, error)
func (*Identity) SetAvailableAAL ¶ added in v1.1.0
SetAvailableAAL sets the InternalAvailableAAL field based on the credentials stored in the identity.
If a second factor is set up, the AAL will be set to 2. If only a first factor is set up, the AAL will be set to 1.
A first factor is NOT required for the AAL to be set to 2 if a second factor is set up.
func (*Identity) SetCredentials ¶
func (i *Identity) SetCredentials(t CredentialsType, c Credentials)
func (*Identity) SetCredentialsWithConfig ¶
func (i *Identity) SetCredentialsWithConfig(t CredentialsType, c Credentials, conf interface{}) (err error)
func (*Identity) UnmarshalJSON ¶
func (*Identity) UpsertCredentialsConfig ¶
func (i *Identity) UpsertCredentialsConfig(t CredentialsType, conf []byte, version int, opt ...CredentialsOptions)
func (*Identity) WithDeclassifiedCredentials ¶ added in v1.0.0
type IdentityWithCredentials ¶ added in v0.11.0
type IdentityWithCredentials struct {
// Password if set will import a password credential.
Password *AdminIdentityImportCredentialsPassword `json:"password"`
// OIDC if set will import an OIDC credential.
OIDC *AdminIdentityImportCredentialsOIDC `json:"oidc"`
}
Create Identity and Import Credentials
swagger:model identityWithCredentials
type ListIdentityParameters ¶ added in v0.13.0
type ListIdentityParameters struct {
Expand Expandables
IdsFilter []uuid.UUID
CredentialsIdentifier string
CredentialsIdentifierSimilar string
DeclassifyCredentials []CredentialsType
KeySetPagination []keysetpagination.Option
// DEPRECATED
PagePagination *x.Page
ConsistencyLevel crdbx.ConsistencyLevel
}
type ManagementProvider ¶
type ManagementProvider interface {
IdentityManager() *Manager
}
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func NewManager(r managerDependencies) *Manager
func (*Manager) ConflictingIdentity ¶ added in v1.1.0
func (*Manager) CountActiveFirstFactorCredentials ¶
func (*Manager) CountActiveMultiFactorCredentials ¶
func (*Manager) CreateIdentities ¶ added in v0.13.0
func (*Manager) RefreshAvailableAAL ¶ added in v1.3.0
RefreshAvailableAAL refreshes the available AAL for the identity.
This method is a no-op if everything is up-to date.
Please make sure to load all credentials before using this method.
func (*Manager) UpdateSchemaID ¶
func (*Manager) UpdateTraits ¶
func (*Manager) ValidateIdentity ¶ added in v0.11.1
type ManagerOption ¶
type ManagerOption func(*ManagerOptions)
type ManagerOptions ¶ added in v0.11.1
type NullableAuthenticatorAssuranceLevel ¶ added in v1.1.0
type NullableAuthenticatorAssuranceLevel struct {
sql.NullString
}
func NewNullableAuthenticatorAssuranceLevel ¶ added in v1.1.0
func NewNullableAuthenticatorAssuranceLevel(aal AuthenticatorAssuranceLevel) NullableAuthenticatorAssuranceLevel
NewNullableAuthenticatorAssuranceLevel returns a new NullableAuthenticatorAssuranceLevel
func (NullableAuthenticatorAssuranceLevel) ToAAL ¶ added in v1.1.0
func (n NullableAuthenticatorAssuranceLevel) ToAAL() (AuthenticatorAssuranceLevel, bool)
ToAAL returns the AuthenticatorAssuranceLevel value of the given NullableAuthenticatorAssuranceLevel.
type Pool ¶
type Pool interface {
// ListIdentities lists all identities in the store given the page and itemsPerPage.
ListIdentities(ctx context.Context, params ListIdentityParameters) ([]Identity, *keysetpagination.Paginator, error)
// CountIdentities counts the number of identities in the store.
CountIdentities(ctx context.Context) (int64, error)
// GetIdentity returns an identity by its id. Will return an error if the identity does not exist or backend
// connectivity is broken.
GetIdentity(context.Context, uuid.UUID, sqlxx.Expandables) (*Identity, error)
// FindVerifiableAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
FindVerifiableAddressByValue(ctx context.Context, via string, address string) (*VerifiableAddress, error)
// FindRecoveryAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
FindRecoveryAddressByValue(ctx context.Context, via RecoveryAddressType, address string) (*RecoveryAddress, error)
}
type PoolProvider ¶
type PoolProvider interface {
IdentityPool() Pool
}
type PrivilegedPool ¶
type PrivilegedPool interface {
Pool
// FindByCredentialsIdentifier returns an identity by querying for it's credential identifiers.
FindByCredentialsIdentifier(ctx context.Context, ct CredentialsType, match string) (*Identity, *Credentials, error)
// DeleteIdentity removes an identity by its id. Will return an error
// if identity does not exists, or backend connectivity is broken.
DeleteIdentity(context.Context, uuid.UUID) error
// DeleteIdentities removes identities by its id. Will return an error
// if any identity does not exists, or backend connectivity is broken.
DeleteIdentities(context.Context, []uuid.UUID) error
// UpdateVerifiableAddress updates an identity's verifiable address.
UpdateVerifiableAddress(ctx context.Context, address *VerifiableAddress) error
// CreateIdentity creates an identity. It is capable of setting credentials without encoding. Will return an error
// if identity exists, backend connectivity is broken, or trait validation fails.
CreateIdentity(context.Context, *Identity) error
// CreateIdentities creates multiple identities. It is capable of setting credentials without encoding. Will return an error
// if identity exists, backend connectivity is broken, or trait validation fails.
CreateIdentities(context.Context, ...*Identity) error
// UpdateIdentity updates an identity including its confidential / privileged / protected data.
UpdateIdentity(context.Context, *Identity) error
// UpdateIdentityColumns updates targeted columns of an identity.
UpdateIdentityColumns(ctx context.Context, i *Identity, columns ...string) error
// GetIdentityConfidential returns the identity including it's raw credentials.
//
// This should only be used internally. Please be aware that this method uses HydrateIdentityAssociations
// internally, which must not be executed as part of a transaction.
GetIdentityConfidential(context.Context, uuid.UUID) (*Identity, error)
// ListVerifiableAddresses lists all tracked verifiable addresses, regardless of whether they are already verified
// or not.
ListVerifiableAddresses(ctx context.Context, page, itemsPerPage int) ([]VerifiableAddress, error)
// ListRecoveryAddresses lists all tracked recovery addresses.
ListRecoveryAddresses(ctx context.Context, page, itemsPerPage int) ([]RecoveryAddress, error)
// HydrateIdentityAssociations hydrates the associations of an identity.
//
// Please be aware that this method must not be called within a transaction if more than one element is expanded.
// It may error with "conn busy" otherwise.
HydrateIdentityAssociations(ctx context.Context, i *Identity, expandables Expandables) error
// InjectTraitsSchemaURL sets the identity's traits JSON schema URL from the schema's ID.
InjectTraitsSchemaURL(ctx context.Context, i *Identity) error
// FindIdentityByCredentialIdentifier returns an identity by matching the identifier to any of the identity's credentials.
FindIdentityByCredentialIdentifier(ctx context.Context, identifier string, caseSensitive bool) (*Identity, error)
// FindIdentityByWebauthnUserHandle returns an identity matching a webauthn user handle.
FindIdentityByWebauthnUserHandle(ctx context.Context, userHandle []byte) (*Identity, error)
}
type PrivilegedPoolProvider ¶
type PrivilegedPoolProvider interface {
PrivilegedIdentityPool() PrivilegedPool
}
type RecoveryAddress ¶
type RecoveryAddress struct {
// required: true
ID uuid.UUID `json:"id" db:"id" faker:"-"`
// required: true
Value string `json:"value" db:"value"`
// required: true
Via RecoveryAddressType `json:"via" db:"via"`
// IdentityID is a helper struct field for gobuffalo.pop.
IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
// CreatedAt is a helper struct field for gobuffalo.pop.
CreatedAt time.Time `json:"created_at" faker:"-" db:"created_at"`
// UpdatedAt is a helper struct field for gobuffalo.pop.
UpdatedAt time.Time `json:"updated_at" faker:"-" db:"updated_at"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
}
swagger:model recoveryIdentityAddress
func CollectRecoveryAddresses ¶ added in v0.13.0
func CollectRecoveryAddresses(i []*Identity) (res []RecoveryAddress)
CollectRecoveryAddresses returns a slice of all recovery addresses of the given identities.
func NewRecoveryEmailAddress ¶
func NewRecoveryEmailAddress( value string, identity uuid.UUID, ) *RecoveryAddress
func (RecoveryAddress) GetID ¶ added in v1.1.0
func (a RecoveryAddress) GetID() uuid.UUID
func (RecoveryAddress) Hash ¶ added in v0.11.0
func (a RecoveryAddress) Hash() string
Hash returns a unique string representation for the recovery address.
func (RecoveryAddress) ValidateNID ¶
func (a RecoveryAddress) ValidateNID() error
type RecoveryAddressStatus ¶
type RecoveryAddressStatus string
RecoveryAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.
type RecoveryAddressType ¶
type RecoveryAddressType string
RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.
const (
RecoveryAddressTypeEmail RecoveryAddressType = AddressTypeEmail
)
func (RecoveryAddressType) HTMLFormInputType ¶
func (v RecoveryAddressType) HTMLFormInputType() string
type RecoveryCode ¶ added in v0.13.0
type SchemaExtensionCredentials ¶
type SchemaExtensionCredentials struct {
// contains filtered or unexported fields
}
func NewSchemaExtensionCredentials ¶
func NewSchemaExtensionCredentials(i *Identity) *SchemaExtensionCredentials
func (*SchemaExtensionCredentials) Finish ¶
func (r *SchemaExtensionCredentials) Finish() error
func (*SchemaExtensionCredentials) Run ¶
func (r *SchemaExtensionCredentials) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error
type SchemaExtensionRecovery ¶
type SchemaExtensionRecovery struct {
// contains filtered or unexported fields
}
func NewSchemaExtensionRecovery ¶
func NewSchemaExtensionRecovery(i *Identity) *SchemaExtensionRecovery
func (*SchemaExtensionRecovery) Finish ¶
func (r *SchemaExtensionRecovery) Finish() error
func (*SchemaExtensionRecovery) Run ¶
func (r *SchemaExtensionRecovery) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error
type SchemaExtensionVerification ¶
type SchemaExtensionVerification struct {
// contains filtered or unexported fields
}
func NewSchemaExtensionVerification ¶
func NewSchemaExtensionVerification(i *Identity, lifespan time.Duration) *SchemaExtensionVerification
func (*SchemaExtensionVerification) Finish ¶
func (r *SchemaExtensionVerification) Finish() error
func (*SchemaExtensionVerification) Run ¶
func (r *SchemaExtensionVerification) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error
type State ¶
type State string
An Identity's State
The state can either be `active` or `inactive`.
swagger:enum State
type Traits ¶
type Traits json.RawMessage
Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`.
swagger:model identityTraits
func (Traits) MarshalJSON ¶
MarshalJSON returns m as the JSON encoding of m.
func (*Traits) UnmarshalJSON ¶
UnmarshalJSON sets *m to a copy of data.
type UpdateIdentityBody ¶ added in v0.11.0
type UpdateIdentityBody struct {
// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set
// will update the Identity's SchemaID.
//
// required: true
SchemaID string `json:"schema_id"`
// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
// in a self-service manner. The input will always be validated against the JSON Schema defined
// in `schema_id`.
//
// required: true
Traits json.RawMessage `json:"traits"`
// Credentials represents all credentials that can be used for authenticating this identity.
//
// Use this structure to import credentials for a user.
// Note: this wil override completely identity's credentials. If used incorrectly, this can cause a user to lose
// access to their account!
Credentials *IdentityWithCredentials `json:"credentials"`
// Store metadata about the identity which the identity itself can see when calling for example the
// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.
MetadataPublic json.RawMessage `json:"metadata_public"`
// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`.
MetadataAdmin json.RawMessage `json:"metadata_admin,omitempty"`
// State is the identity's state.
//
// required: true
State State `json:"state"`
}
Update Identity Body
swagger:model updateIdentityBody
type ValidationProvider ¶
type ValidationProvider interface {
IdentityValidator() *Validator
}
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
func NewValidator ¶
func NewValidator(d validatorDependencies) *Validator
func (*Validator) ValidateWithRunner ¶
type VerifiableAddress ¶
type VerifiableAddress struct {
// The ID
//
ID uuid.UUID `json:"id" db:"id" faker:"-"`
// The address value
//
// example foo@user.com
// required: true
Value string `json:"value" db:"value"`
// Indicates if the address has already been verified
//
// example: true
// required: true
Verified bool `json:"verified" db:"verified"`
// The delivery method
//
// enum: email,sms
// example: email
// required: true
Via string `json:"via" db:"via"`
// The verified address status
//
// enum: pending,sent,completed
// example: sent
// required: true
Status VerifiableAddressStatus `json:"status" db:"status"`
// When the address was verified
//
// example: 2014-01-01T23:28:56.782Z
// required: false
VerifiedAt *sqlxx.NullTime `json:"verified_at,omitempty" faker:"-" db:"verified_at"`
// When this entry was created
//
// example: 2014-01-01T23:28:56.782Z
CreatedAt time.Time `json:"created_at" faker:"-" db:"created_at"`
// When this entry was last updated
//
// example: 2014-01-01T23:28:56.782Z
UpdatedAt time.Time `json:"updated_at" faker:"-" db:"updated_at"`
// IdentityID is a helper struct field for gobuffalo.pop.
IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
NID uuid.UUID `json:"-" faker:"-" db:"nid"`
}
VerifiableAddress is an identity's verifiable address
swagger:model verifiableIdentityAddress
func CollectVerifiableAddresses ¶ added in v0.13.0
func CollectVerifiableAddresses(i []*Identity) (res []VerifiableAddress)
CollectVerifiableAddresses returns a slice of all verifiable addresses of the given identities.
func NewVerifiableAddress ¶ added in v1.1.0
func NewVerifiableAddress(value string, identity uuid.UUID, channel string) *VerifiableAddress
func NewVerifiableEmailAddress ¶
func NewVerifiableEmailAddress(value string, identity uuid.UUID) *VerifiableAddress
func (VerifiableAddress) GetID ¶
func (a VerifiableAddress) GetID() uuid.UUID
func (VerifiableAddress) GetNID ¶
func (a VerifiableAddress) GetNID() uuid.UUID
func (VerifiableAddress) Hash ¶ added in v0.11.0
func (a VerifiableAddress) Hash() string
Hash returns a unique string representation for the recovery address.
func (VerifiableAddress) TableName ¶
func (a VerifiableAddress) TableName(ctx context.Context) string
func (VerifiableAddress) ValidateNID ¶
func (a VerifiableAddress) ValidateNID() error
type VerifiableAddressStatus ¶
type VerifiableAddressStatus string
VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema
swagger:model identityVerifiableAddressStatus
type VerifiableAddressType ¶
type VerifiableAddressType = string
VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema
swagger:model identityVerifiableAddressType
type WithAdminMetadataInJSON ¶ added in v0.11.0
type WithAdminMetadataInJSON Identity
func (WithAdminMetadataInJSON) MarshalJSON ¶ added in v0.11.0
func (i WithAdminMetadataInJSON) MarshalJSON() ([]byte, error)
type WithCredentialsAndAdminMetadataInJSON ¶
type WithCredentialsAndAdminMetadataInJSON Identity
func (WithCredentialsAndAdminMetadataInJSON) MarshalJSON ¶
func (i WithCredentialsAndAdminMetadataInJSON) MarshalJSON() ([]byte, error)
type WithCredentialsMetadataAndAdminMetadataInJSON ¶
type WithCredentialsMetadataAndAdminMetadataInJSON Identity
func (WithCredentialsMetadataAndAdminMetadataInJSON) MarshalJSON ¶
func (i WithCredentialsMetadataAndAdminMetadataInJSON) MarshalJSON() ([]byte, error)
Source Files
¶
- address.go
- credentials.go
- credentials_code.go
- credentials_lookup.go
- credentials_migrate.go
- credentials_oidc.go
- credentials_password.go
- credentials_totp.go
- credentials_webauthn.go
- expandables.go
- extension_credentials.go
- extension_recovery.go
- extension_verification.go
- handler.go
- handler_import.go
- identity.go
- identity_recovery.go
- identity_verification.go
- manager.go
- pool.go
- registry.go
- validator.go
Directories
Click to show internal directories.
Click to hide internal directories.