identity

package
v0.8.0-alpha.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 27, 2021 License: Apache-2.0 Imports: 29 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	VerifiableAddressTypeEmail VerifiableAddressType = AddressTypeEmail

	VerifiableAddressStatusPending   VerifiableAddressStatus = "pending"
	VerifiableAddressStatusSent      VerifiableAddressStatus = "sent"
	VerifiableAddressStatusCompleted VerifiableAddressStatus = "completed"
)
View Source 
const AddressTypeEmail = "email"
View Source 
const RouteCollection = "/identities"
View Source 
const RouteItem = RouteCollection + "/:id"

Variables

View Source 
var ErrProtectedFieldModified = herodot.ErrForbidden.
	WithReasonf(`A field was modified that updates one or more credentials-related settings. This action was blocked because an unprivileged method was used to execute the update. This is either a configuration issue or a bug and should be reported to the system administrator.`)

Functions

func CredentialsEqual 

func CredentialsEqual(a, b map[CredentialsType]Credentials) bool

func ManagerAllowWriteProtectedTraits 

func ManagerAllowWriteProtectedTraits(options *managerOptions)

func ManagerExposeValidationErrorsForInternalTypeAssertion 

func ManagerExposeValidationErrorsForInternalTypeAssertion(options *managerOptions)

Types

type ActiveCredentialsCounter 

type ActiveCredentialsCounter interface {
	ID() CredentialsType
	CountActiveCredentials(cc map[CredentialsType]Credentials) (int, error)
}

swagger:ignore

type ActiveCredentialsCounterStrategyProvider 

type ActiveCredentialsCounterStrategyProvider interface {
	ActiveCredentialsCounterStrategies(context.Context) []ActiveCredentialsCounter
}

swagger:ignore

type AdminCreateIdentityBody 

type AdminCreateIdentityBody struct {
	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
	//
	// required: true
	SchemaID string `json:"schema_id"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_url`.
	//
	// required: true
	Traits json.RawMessage `json:"traits"`

	// State is the identity's state.
	//
	// required: false
	State State `json:"state"`
}

swagger:model adminCreateIdentityBody

type AdminUpdateIdentityBody 

type AdminUpdateIdentityBody struct {
	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set
	// will update the Identity's SchemaID.
	SchemaID string `json:"schema_id"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_id`.
	//
	// required: true
	Traits json.RawMessage `json:"traits"`

	// State is the identity's state.
	//
	// required: true
	State State `json:"state"`
}

type AuthenticatorAssuranceLevel 

type AuthenticatorAssuranceLevel string

Authenticator Assurance Level (AAL)

The authenticator assurance level can be one of "aal1", "aal2", or "aal3". A higher number means that it is harder for an attacker to compromise the account.

Generally, "aal1" implies that one authentication factor was used while AAL2 implies that two factors (e.g. password + TOTP) have been used.

To learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials

swagger:model authenticatorAssuranceLevel 

const (
	NoAuthenticatorAssuranceLevel AuthenticatorAssuranceLevel = "aal0"
	AuthenticatorAssuranceLevel1  AuthenticatorAssuranceLevel = "aal1"
	AuthenticatorAssuranceLevel2  AuthenticatorAssuranceLevel = "aal2"
	AuthenticatorAssuranceLevel3  AuthenticatorAssuranceLevel = "aal3"
)

func DetermineAAL 

func DetermineAAL(cts []CredentialsType) AuthenticatorAssuranceLevel

type Configuration 

type Configuration interface {
	SelfAdminURL() *url.URL
	DefaultIdentityTraitsSchemaURL() *url.URL
}

type CredentialIdentifier 

type CredentialIdentifier struct {
	ID         uuid.UUID `db:"id"`
	Identifier string    `db:"identifier"`
	// IdentityCredentialsID is a helper struct field for gobuffalo.pop.
	IdentityCredentialsID uuid.UUID `json:"-" db:"identity_credential_id"`
	// IdentityCredentialsTypeID is a helper struct field for gobuffalo.pop.
	IdentityCredentialsTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
	NID       uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

swagger:ignore

func (CredentialIdentifier) TableName 

func (c CredentialIdentifier) TableName(ctx context.Context) string

type CredentialIdentifierCollection 

type CredentialIdentifierCollection []CredentialIdentifier

swagger:ignore

func (CredentialIdentifierCollection) TableName 

func (c CredentialIdentifierCollection) TableName(ctx context.Context) string

type Credentials 

type Credentials struct {
	ID uuid.UUID `json:"-" db:"id"`

	CredentialTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`

	// Type discriminates between different types of credentials.
	Type CredentialsType `json:"type" db:"-"`

	// Identifiers represents a list of unique identifiers this credential type matches.
	Identifiers []string `json:"identifiers" db:"-"`

	// Config contains the concrete credential payload. This might contain the bcrypt-hashed password, the email
	// for passwordless authentication or access_token and refresh tokens from OpenID Connect flows.
	Config sqlxx.JSONRawMessage `json:"config,omitempty" db:"config"`

	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
	NID       uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

Credentials represents a specific credential type

swagger:model identityCredentials

func (Credentials) TableName 

func (c Credentials) TableName(ctx context.Context) string

type CredentialsCollection 

type CredentialsCollection []Credentials

swagger:ignore

func (CredentialsCollection) TableName 

func (c CredentialsCollection) TableName(ctx context.Context) string

type CredentialsType 

type CredentialsType string

CredentialsType represents several different credential types, like password credentials, passwordless credentials, and so on.

swagger:model identityCredentialsType 

const (
	CredentialsTypePassword CredentialsType = "password"
	CredentialsTypeOIDC     CredentialsType = "oidc"
	CredentialsTypeTOTP     CredentialsType = "totp"
	CredentialsTypeLookup   CredentialsType = "lookup_secret"
	CredentialsTypeWebAuthn CredentialsType = "webauthn"
)

Please make sure to add all of these values to the test that ensures they are created during migration 

const (
	// CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).
	// It is not used within the credentials object itself.
	CredentialsTypeRecoveryLink CredentialsType = "link_recovery"
)

func (CredentialsType) String 

func (c CredentialsType) String() string

type CredentialsTypeTable 

type CredentialsTypeTable struct {
	ID   uuid.UUID       `json:"-" db:"id"`
	Name CredentialsType `json:"-" db:"name"`
}

swagger:ignore

func (CredentialsTypeTable) TableName 

func (c CredentialsTypeTable) TableName(ctx context.Context) string

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler 

func NewHandler(r handlerDependencies) *Handler

func (*Handler) Config 

func (h *Handler) Config(ctx context.Context) *config.Config

func (*Handler) RegisterAdminRoutes 

func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)

func (*Handler) RegisterPublicRoutes 

func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)

type HandlerProvider 

type HandlerProvider interface {
	IdentityHandler() *Handler
}

type Identity 

type Identity struct {

	// ID is the identity's unique identifier.
	//
	// The Identity ID can not be changed and can not be chosen. This ensures future
	// compatibility and optimization for distributed stores such as CockroachDB.
	//
	// required: true
	ID uuid.UUID `json:"id" faker:"-" db:"id"`

	// Credentials represents all credentials that can be used for authenticating this identity.
	Credentials map[CredentialsType]Credentials `json:"credentials,omitempty" faker:"-" db:"-"`

	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
	//
	// required: true
	SchemaID string `json:"schema_id" faker:"-" db:"schema_id"`

	// SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.
	//
	// format: url
	// required: true
	SchemaURL string `json:"schema_url" faker:"-" db:"-"`

	// State is the identity's state.
	//
	// This value has currently no effect.
	State State `json:"state" faker:"-" db:"state"`

	// StateChangedAt contains the last time when the identity's state changed.
	StateChangedAt *sqlxx.NullTime `json:"state_changed_at,omitempty" faker:"-" db:"state_changed_at"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_url`.
	//
	// required: true
	Traits Traits `json:"traits" faker:"-" db:"traits"`

	// VerifiableAddresses contains all the addresses that can be verified by the user.
	//
	// Extensions:
	// ---
	// x-omitempty: true
	// ---
	VerifiableAddresses []VerifiableAddress `json:"verifiable_addresses,omitempty" faker:"-" has_many:"identity_verifiable_addresses" fk_id:"identity_id"`

	// RecoveryAddresses contains all the addresses that can be used to recover an identity.
	//
	// Extensions:
	// ---
	// x-omitempty: true
	// ---
	RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty" faker:"-" has_many:"identity_recovery_addresses" fk_id:"identity_id"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
	NID       uuid.UUID `json:"-"  faker:"-" db:"nid"`
	// contains filtered or unexported fields
}

Identity represents an Ory Kratos identity

An identity can be a real human, a service, an IoT device - everything that can be described as an "actor" in a system.

swagger:model identity

func NewIdentity 

func NewIdentity(traitsSchemaID string) *Identity

func (*Identity) CopyWithoutCredentials 

func (i *Identity) CopyWithoutCredentials() *Identity

func (*Identity) DeleteCredentialsType 

func (i *Identity) DeleteCredentialsType(t CredentialsType)

func (*Identity) GetCredentials 

func (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool)

func (Identity) GetID 

func (i Identity) GetID() uuid.UUID

func (Identity) GetNID 

func (i Identity) GetNID() uuid.UUID

func (*Identity) IsActive 

func (i *Identity) IsActive() bool

func (Identity) MarshalJSON 

func (i Identity) MarshalJSON() ([]byte, error)

func (*Identity) ParseCredentials 

func (i *Identity) ParseCredentials(t CredentialsType, config interface{}) (*Credentials, error)

func (*Identity) SetCredentials 

func (i *Identity) SetCredentials(t CredentialsType, c Credentials)

func (Identity) TableName 

func (i Identity) TableName(ctx context.Context) string

func (*Identity) UnmarshalJSON 

func (i *Identity) UnmarshalJSON(b []byte) error

func (*Identity) ValidateNID 

func (i *Identity) ValidateNID() error

func (*Identity) WithDeclassifiedCredentialsOIDC 

func (i *Identity) WithDeclassifiedCredentialsOIDC(ctx context.Context, c cipher.Provider) (*Identity, error)

type ManagementProvider 

type ManagementProvider interface {
	IdentityManager() *Manager
}

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager 

func NewManager(r managerDependencies) *Manager

func (*Manager) Create 

func (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) error

func (*Manager) SetTraits 

func (m *Manager) SetTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) (*Identity, error)

func (*Manager) Update 

func (m *Manager) Update(ctx context.Context, updated *Identity, opts ...ManagerOption) error

func (*Manager) UpdateSchemaID 

func (m *Manager) UpdateSchemaID(ctx context.Context, id uuid.UUID, schemaID string, opts ...ManagerOption) error

func (*Manager) UpdateTraits 

func (m *Manager) UpdateTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) error

type ManagerOption 

type ManagerOption func(*managerOptions)

type Pool 

type Pool interface {
	// ListIdentities lists all identities in the store given the page and itemsPerPage.
	ListIdentities(ctx context.Context, page, itemsPerPage int) ([]Identity, error)

	// CountIdentities counts the number of identities in the store.
	CountIdentities(ctx context.Context) (int64, error)

	// GetIdentity returns an identity by its id. Will return an error if the identity does not exist or backend
	// connectivity is broken.
	GetIdentity(context.Context, uuid.UUID) (*Identity, error)

	// FindVerifiableAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
	FindVerifiableAddressByValue(ctx context.Context, via VerifiableAddressType, address string) (*VerifiableAddress, error)

	// FindRecoveryAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
	FindRecoveryAddressByValue(ctx context.Context, via RecoveryAddressType, address string) (*RecoveryAddress, error)
}

type PoolProvider 

type PoolProvider interface {
	IdentityPool() Pool
}

type PrivilegedPool 

type PrivilegedPool interface {
	Pool

	// FindByCredentialsIdentifier returns an identity by querying for it's credential identifiers.
	FindByCredentialsIdentifier(ctx context.Context, ct CredentialsType, match string) (*Identity, *Credentials, error)

	// DeleteIdentity removes an identity by its id. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	DeleteIdentity(context.Context, uuid.UUID) error

	// UpdateVerifiableAddress updates an identity's verifiable address.
	UpdateVerifiableAddress(ctx context.Context, address *VerifiableAddress) error

	// CreateIdentity creates an identity. It is capable of setting credentials without encoding. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	CreateIdentity(context.Context, *Identity) error

	// UpdateIdentity updates an identity including its confidential / privileged / protected data.
	UpdateIdentity(context.Context, *Identity) error

	// GetIdentityConfidential returns the identity including it's raw credentials. This should only be used internally.
	GetIdentityConfidential(context.Context, uuid.UUID) (*Identity, error)

	// ListVerifiableAddresses lists all tracked verifiable addresses, regardless of whether they are already verified
	// or not.
	ListVerifiableAddresses(ctx context.Context, page, itemsPerPage int) ([]VerifiableAddress, error)

	// ListRecoveryAddresses lists all tracked recovery addresses.
	ListRecoveryAddresses(ctx context.Context, page, itemsPerPage int) ([]RecoveryAddress, error)
}

type PrivilegedPoolProvider 

type PrivilegedPoolProvider interface {
	PrivilegedIdentityPool() PrivilegedPool
}

type RecoveryAddress 

type RecoveryAddress struct {
	// required: true
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// required: true
	Value string `json:"value" db:"value"`

	// required: true
	Via RecoveryAddressType `json:"via" db:"via"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"updated_at" faker:"-" db:"updated_at"`
	NID       uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

swagger:model recoveryIdentityAddress

func NewRecoveryEmailAddress 

func NewRecoveryEmailAddress(
	value string,
	identity uuid.UUID,
) *RecoveryAddress

func (RecoveryAddress) TableName 

func (a RecoveryAddress) TableName(ctx context.Context) string

func (RecoveryAddress) ValidateNID 

func (a RecoveryAddress) ValidateNID() error

type RecoveryAddressStatus 

type RecoveryAddressStatus string

RecoveryAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.

type RecoveryAddressType 

type RecoveryAddressType string

RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema. 

const (
	RecoveryAddressTypeEmail RecoveryAddressType = AddressTypeEmail
)

func (RecoveryAddressType) HTMLFormInputType 

func (v RecoveryAddressType) HTMLFormInputType() string

type Registry 

type Registry interface {
	IdentityPool() Pool
}

type SchemaExtensionCredentials 

type SchemaExtensionCredentials struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionCredentials 

func NewSchemaExtensionCredentials(i *Identity) *SchemaExtensionCredentials

func (*SchemaExtensionCredentials) Finish 

func (r *SchemaExtensionCredentials) Finish() error

func (*SchemaExtensionCredentials) Run 

func (r *SchemaExtensionCredentials) Run(_ jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type SchemaExtensionRecovery 

type SchemaExtensionRecovery struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionRecovery 

func NewSchemaExtensionRecovery(i *Identity) *SchemaExtensionRecovery

func (*SchemaExtensionRecovery) Finish 

func (r *SchemaExtensionRecovery) Finish() error

func (*SchemaExtensionRecovery) Run 

func (r *SchemaExtensionRecovery) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type SchemaExtensionVerification 

type SchemaExtensionVerification struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionVerification 

func NewSchemaExtensionVerification(i *Identity, lifespan time.Duration) *SchemaExtensionVerification

func (*SchemaExtensionVerification) Finish 

func (r *SchemaExtensionVerification) Finish() error

func (*SchemaExtensionVerification) Run 

func (r *SchemaExtensionVerification) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type State 

type State string

An Identity's State

The state can either be `active` or `inactive`.

swagger:model identityState 

const (
	StateActive   State = "active"
	StateInactive State = "inactive"
)

func (State) IsValid 

func (lt State) IsValid() error

type Traits 

type Traits json.RawMessage

Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`.

swagger:model identityTraits

func (Traits) MarshalJSON 

func (t Traits) MarshalJSON() ([]byte, error)

MarshalJSON returns m as the JSON encoding of m.

func (*Traits) Scan 

func (t *Traits) Scan(value interface{}) error

func (*Traits) String 

func (t *Traits) String() string

func (*Traits) UnmarshalJSON 

func (t *Traits) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *m to a copy of data.

func (Traits) Value 

func (t Traits) Value() (driver.Value, error)

type ValidationProvider 

type ValidationProvider interface {
	IdentityValidator() *Validator
}

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

func NewValidator 

func NewValidator(d validatorDependencies) *Validator

func (*Validator) Validate 

func (v *Validator) Validate(ctx context.Context, i *Identity) error

func (*Validator) ValidateWithRunner 

func (v *Validator) ValidateWithRunner(ctx context.Context, i *Identity, runners ...schema.Extension) error

type VerifiableAddress 

type VerifiableAddress struct {
	// The ID
	//
	// required: true
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// The address value
	//
	// example foo@user.com
	// required: true
	Value string `json:"value" db:"value"`

	// Indicates if the address has already been verified
	//
	// example: true
	// required: true
	Verified bool `json:"verified" db:"verified"`

	// The delivery method
	//
	// enum: ["email"]
	// example: email
	// required: true
	Via VerifiableAddressType `json:"via" db:"via"`

	// The verified address status
	//
	// enum: ["pending","sent","completed"]
	// example: sent
	// required: true
	Status VerifiableAddressStatus `json:"status" db:"status"`

	// When the address was verified
	//
	// example: 2014-01-01T23:28:56.782Z
	// required: false
	VerifiedAt *sqlxx.NullTime `json:"verified_at,omitempty" faker:"-" db:"verified_at"`

	// When this entry was created
	//
	// example: 2014-01-01T23:28:56.782Z
	CreatedAt time.Time `json:"created_at" faker:"-" db:"created_at"`

	// When this entry was last updated
	//
	// example: 2014-01-01T23:28:56.782Z
	UpdatedAt time.Time `json:"updated_at" faker:"-" db:"updated_at"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	NID uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

VerifiableAddress is an identity's verifiable address

swagger:model verifiableIdentityAddress

func NewVerifiableEmailAddress 

func NewVerifiableEmailAddress(value string, identity uuid.UUID) *VerifiableAddress

func (VerifiableAddress) GetID 

func (a VerifiableAddress) GetID() uuid.UUID

func (VerifiableAddress) GetNID 

func (a VerifiableAddress) GetNID() uuid.UUID

func (VerifiableAddress) TableName 

func (a VerifiableAddress) TableName(ctx context.Context) string

func (VerifiableAddress) ValidateNID 

func (a VerifiableAddress) ValidateNID() error

type VerifiableAddressStatus 

type VerifiableAddressStatus string

VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema

swagger:model identityVerifiableAddressStatus

type VerifiableAddressType 

type VerifiableAddressType string

VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema

swagger:model identityVerifiableAddressType

func (VerifiableAddressType) HTMLFormInputType 

func (v VerifiableAddressType) HTMLFormInputType() string

type WithCredentialsInJSON 

type WithCredentialsInJSON Identity

func (WithCredentialsInJSON) MarshalJSON 

func (i WithCredentialsInJSON) MarshalJSON() ([]byte, error)

type WithCredentialsMetadataInJSON 

type WithCredentialsMetadataInJSON Identity

func (WithCredentialsMetadataInJSON) MarshalJSON 

func (i WithCredentialsMetadataInJSON) MarshalJSON() ([]byte, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.