Documentation ¶
Overview ¶
nolint:deadcode,unused
nolint:deadcode,unused
Index ¶
- Constants
- Variables
- func CredentialsEqual(a, b map[CredentialsType]Credentials) bool
- func ManagerAllowWriteProtectedTraits(options *managerOptions)
- func ManagerExposeValidationErrors(options *managerOptions)
- func NewVerifyCode() (string, error)
- func TestPool(p PrivilegedPool) func(t *testing.T)
- type ActiveCredentialsCounter
- type ActiveCredentialsCounterStrategyProvider
- type Configuration
- type CredentialIdentifier
- type CredentialIdentifierCollection
- type Credentials
- type CredentialsCollection
- type CredentialsType
- type CredentialsTypeTable
- type Handler
- type HandlerProvider
- type Identity
- func (i *Identity) CopyWithoutCredentials() *Identity
- func (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool)
- func (i *Identity) ParseCredentials(t CredentialsType, config interface{}) (*Credentials, error)
- func (i *Identity) SetCredentials(t CredentialsType, c Credentials)
- func (i Identity) TableName() string
- type ManagementProvider
- type Manager
- func (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) error
- func (m *Manager) RefreshVerifyAddress(ctx context.Context, address *VerifiableAddress) error
- func (m *Manager) Update(ctx context.Context, updated *Identity, opts ...ManagerOption) error
- func (m *Manager) UpdateTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) error
- type ManagerOption
- type Pool
- type PoolProvider
- type PrivilegedPool
- type PrivilegedPoolProvider
- type Registry
- type SchemaExtensionCredentials
- type SchemaExtensionVerify
- type Traits
- type ValidationProvider
- type Validator
- type VerifiableAddress
- type VerifiableAddressStatus
- type VerifiableAddressType
Constants ¶
const ( VerifiableAddressTypeEmail VerifiableAddressType = "email" VerifiableAddressStatusPending VerifiableAddressStatus = "pending" VerifiableAddressStatusCompleted VerifiableAddressStatus = "completed" )
const IdentitiesPath = "/identities"
Variables ¶
var ErrProtectedFieldModified = herodot.ErrForbidden.
WithReasonf(`A field was modified that updates one or more credentials-related settings. This action was blocked because an unprivileged method was used to execute the update. This is either a configuration issue or a bug and should be reported to the system administrator.`)
Functions ¶
func CredentialsEqual ¶
func CredentialsEqual(a, b map[CredentialsType]Credentials) bool
func ManagerAllowWriteProtectedTraits ¶
func ManagerAllowWriteProtectedTraits(options *managerOptions)
func ManagerExposeValidationErrors ¶
func ManagerExposeValidationErrors(options *managerOptions)
func NewVerifyCode ¶
func TestPool ¶
func TestPool(p PrivilegedPool) func(t *testing.T)
Types ¶
type ActiveCredentialsCounter ¶
type ActiveCredentialsCounter interface {
CountActiveCredentials(cc map[CredentialsType]Credentials) (int, error)
}
swagger:ignore
type ActiveCredentialsCounterStrategyProvider ¶
type ActiveCredentialsCounterStrategyProvider interface {
ActiveCredentialsCounterStrategies() []ActiveCredentialsCounter
}
swagger:ignore
type Configuration ¶
type CredentialIdentifier ¶
type CredentialIdentifier struct { ID uuid.UUID `db:"id"` Identifier string `db:"identifier"` // IdentityCredentialsID is a helper struct field for gobuffalo.pop. IdentityCredentialsID uuid.UUID `json:"-" db:"identity_credential_id"` // CreatedAt is a helper struct field for gobuffalo.pop. CreatedAt time.Time `json:"-" db:"created_at"` // UpdatedAt is a helper struct field for gobuffalo.pop. UpdatedAt time.Time `json:"-" db:"updated_at"` }
swagger:ignore
func (CredentialIdentifier) TableName ¶
func (c CredentialIdentifier) TableName() string
type CredentialIdentifierCollection ¶
type CredentialIdentifierCollection []CredentialIdentifier
swagger:ignore
func (CredentialIdentifierCollection) TableName ¶
func (c CredentialIdentifierCollection) TableName() string
type Credentials ¶
type Credentials struct { ID uuid.UUID `json:"-" db:"id"` CredentialTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"` // Type discriminates between different types of credentials. Type CredentialsType `json:"type" db:"-"` // Identifiers represents a list of unique identifiers this credential type matches. Identifiers []string `json:"identifiers" db:"-"` // Config contains the concrete credential payload. This might contain the bcrypt-hashed password, or the email // for passwordless authentication. Config json.RawMessage `json:"config" db:"config"` IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"` CredentialIdentifierCollection CredentialIdentifierCollection `json:"-" faker:"-" has_many:"identity_credential_identifiers" fk_id:"identity_credential_id"` // CreatedAt is a helper struct field for gobuffalo.pop. CreatedAt time.Time `json:"-" db:"created_at"` // UpdatedAt is a helper struct field for gobuffalo.pop. UpdatedAt time.Time `json:"-" db:"updated_at"` }
Credentials represents a specific credential type
swagger:model identityCredentials
func (Credentials) TableName ¶
func (c Credentials) TableName() string
type CredentialsCollection ¶
type CredentialsCollection []Credentials
swagger:ignore
func (CredentialsCollection) TableName ¶
func (c CredentialsCollection) TableName() string
type CredentialsType ¶
type CredentialsType string
CredentialsType represents several different credential types, like password credentials, passwordless credentials, and so on.
const ( CredentialsTypePassword CredentialsType = "password" CredentialsTypeOIDC CredentialsType = "oidc" )
func (CredentialsType) String ¶
func (c CredentialsType) String() string
type CredentialsTypeTable ¶
type CredentialsTypeTable struct { ID uuid.UUID `json:"-" db:"id"` Name CredentialsType `json:"-" db:"name"` }
swagger:ignore
func (CredentialsTypeTable) TableName ¶
func (c CredentialsTypeTable) TableName() string
type Handler ¶
type Handler struct {
// contains filtered or unexported fields
}
func NewHandler ¶
func NewHandler( c Configuration, r handlerDependencies, ) *Handler
func (*Handler) RegisterAdminRoutes ¶
func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)
type HandlerProvider ¶
type HandlerProvider interface {
IdentityHandler() *Handler
}
type Identity ¶
type Identity struct { // ID is a unique identifier chosen by you. It can be a URN (e.g. "arn:aws:iam::123456789012"), // a stringified integer (e.g. "123456789012"), a uuid (e.g. "9f425a8d-7efc-4768-8f23-7647a74fdf13"). It is up to you // to pick a format you'd like. It is discouraged to use a personally identifiable value here, like the username // or the email, as this field is immutable. // // required: true ID uuid.UUID `json:"id" faker:"uuid" db:"id" rw:"r"` // Credentials represents all credentials that can be used for authenticating this identity. Credentials map[CredentialsType]Credentials `json:"-" faker:"-" db:"-"` // TraitsSchemaID is the ID of the JSON Schema to be used for validating the identity's traits. // // required: true TraitsSchemaID string `json:"traits_schema_id" faker:"-" db:"traits_schema_id"` // TraitsSchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from. // // format: url TraitsSchemaURL string `json:"traits_schema_url" faker:"-" db:"-"` // Traits represent an identity's traits. The identity is able to create, modify, and delete traits // in a self-service manner. The input will always be validated against the JSON Schema defined // in `traits_schema_url`. // // required: true Traits Traits `json:"traits" faker:"-" db:"traits"` Addresses []VerifiableAddress `json:"addresses,omitempty" faker:"-" has_many:"identity_verifiable_addresses" fk_id:"identity_id"` // CredentialsCollection is a helper struct field for gobuffalo.pop. CredentialsCollection CredentialsCollection `json:"-" faker:"-" has_many:"identity_credentials" fk_id:"identity_id"` // CreatedAt is a helper struct field for gobuffalo.pop. CreatedAt time.Time `json:"-" db:"created_at"` // UpdatedAt is a helper struct field for gobuffalo.pop. UpdatedAt time.Time `json:"-" db:"updated_at"` // contains filtered or unexported fields }
Identity represents an ORY Kratos identity
An identity can be a real human, a service, an IoT device - everything that can be described as an "actor" in a system.
swagger:model identity
func NewIdentity ¶
func (*Identity) CopyWithoutCredentials ¶
func (*Identity) GetCredentials ¶
func (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool)
func (*Identity) ParseCredentials ¶
func (i *Identity) ParseCredentials(t CredentialsType, config interface{}) (*Credentials, error)
func (*Identity) SetCredentials ¶
func (i *Identity) SetCredentials(t CredentialsType, c Credentials)
type ManagementProvider ¶
type ManagementProvider interface {
IdentityManager() *Manager
}
type Manager ¶
type Manager struct {
// contains filtered or unexported fields
}
func NewManager ¶
func NewManager(r managerDependencies, c configuration.Provider) *Manager
func (*Manager) RefreshVerifyAddress ¶
func (m *Manager) RefreshVerifyAddress(ctx context.Context, address *VerifiableAddress) error
func (*Manager) UpdateTraits ¶
type ManagerOption ¶
type ManagerOption func(*managerOptions)
type Pool ¶
type Pool interface { ListIdentities(ctx context.Context, limit, offset int) ([]Identity, error) // Get returns an identity by its id. Will return an error if the identity does not exist or backend // connectivity is broken. GetIdentity(context.Context, uuid.UUID) (*Identity, error) // FindAddressByCode returns a matching address or sql.ErrNoRows if no address could be found. FindAddressByCode(ctx context.Context, code string) (*VerifiableAddress, error) // FindAddressByValue returns a matching address or sql.ErrNoRows if no address could be found. FindAddressByValue(ctx context.Context, via VerifiableAddressType, address string) (*VerifiableAddress, error) }
type PoolProvider ¶
type PoolProvider interface {
IdentityPool() Pool
}
type PrivilegedPool ¶
type PrivilegedPool interface { Pool // FindByCredentialsIdentifier returns an identity by querying for it's credential identifiers. FindByCredentialsIdentifier(ctx context.Context, ct CredentialsType, match string) (*Identity, *Credentials, error) // Delete removes an identity by its id. Will return an error // if identity exists, backend connectivity is broken, or trait validation fails. DeleteIdentity(context.Context, uuid.UUID) error // VerifyAddress verifies an address by the given code. VerifyAddress(ctx context.Context, code string) error // UpdateVerifiableAddress UpdateVerifiableAddress(ctx context.Context, address *VerifiableAddress) error // Create creates an identity. It is capable of setting credentials without encoding. Will return an error // if identity exists, backend connectivity is broken, or trait validation fails. CreateIdentity(context.Context, *Identity) error // UpdateIdentity updates an identity including its confidential / privileged / protected data. UpdateIdentity(context.Context, *Identity) error // GetClassified returns the identity including it's raw credentials. This should only be used internally. GetIdentityConfidential(context.Context, uuid.UUID) (*Identity, error) }
type PrivilegedPoolProvider ¶
type PrivilegedPoolProvider interface {
PrivilegedIdentityPool() PrivilegedPool
}
type SchemaExtensionCredentials ¶
type SchemaExtensionCredentials struct {
// contains filtered or unexported fields
}
func NewSchemaExtensionCredentials ¶
func NewSchemaExtensionCredentials(i *Identity) *SchemaExtensionCredentials
func (*SchemaExtensionCredentials) Finish ¶
func (r *SchemaExtensionCredentials) Finish() error
func (*SchemaExtensionCredentials) Run ¶
func (r *SchemaExtensionCredentials) Run(_ jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error
type SchemaExtensionVerify ¶
type SchemaExtensionVerify struct {
// contains filtered or unexported fields
}
func NewSchemaExtensionVerify ¶
func NewSchemaExtensionVerify(i *Identity, lifespan time.Duration) *SchemaExtensionVerify
func (*SchemaExtensionVerify) Finish ¶
func (r *SchemaExtensionVerify) Finish() error
func (*SchemaExtensionVerify) Run ¶
func (r *SchemaExtensionVerify) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error
type Traits ¶
type Traits json.RawMessage
func (Traits) MarshalJSON ¶
MarshalJSON returns m as the JSON encoding of m.
func (*Traits) UnmarshalJSON ¶
UnmarshalJSON sets *m to a copy of data.
type ValidationProvider ¶
type ValidationProvider interface {
IdentityValidator() *Validator
}
type Validator ¶
type Validator struct {
// contains filtered or unexported fields
}
func NewValidator ¶
func NewValidator(d validatorDependencies, c configuration.Provider) *Validator
type VerifiableAddress ¶
type VerifiableAddress struct { // required: true ID uuid.UUID `json:"id" db:"id" faker:"uuid" rw:"r"` // required: true Value string `json:"value" db:"value"` // required: true Verified bool `json:"verified" db:"verified"` // required: true Via VerifiableAddressType `json:"via" db:"via"` VerifiedAt *time.Time `json:"verified_at" faker:"-" db:"verified_at"` // required: true ExpiresAt time.Time `json:"expires_at" faker:"time_type" db:"expires_at"` // IdentityID is a helper struct field for gobuffalo.pop. IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"` // CreatedAt is a helper struct field for gobuffalo.pop. CreatedAt time.Time `json:"-" faker:"-" db:"created_at"` // UpdatedAt is a helper struct field for gobuffalo.pop. UpdatedAt time.Time `json:"-" faker:"-" db:"updated_at"` // Code is the verification code, never to be shared as JSON Code string `json:"-" db:"code"` Status VerifiableAddressStatus `json:"-" db:"status"` }
swagger:model verifiableIdentityAddress
func (VerifiableAddress) TableName ¶
func (a VerifiableAddress) TableName() string
type VerifiableAddressStatus ¶
type VerifiableAddressStatus string
VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.
type VerifiableAddressType ¶
type VerifiableAddressType string
VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema.
func (VerifiableAddressType) HTMLFormInputType ¶
func (v VerifiableAddressType) HTMLFormInputType() string