Documentation ¶
Index ¶
- Constants
- Variables
- func HookStrategyKey(key, strategy string) string
- type Argon2
- type Bcrypt
- type Config
- func (p *Config) AdminListenOn() string
- func (p *Config) AdminSocketPermission() *configx.UnixPermission
- func (p *Config) CORS(iface string) (cors.Options, bool)
- func (p *Config) CipherAlgorithm() string
- func (p *Config) ClientHTTPNoPrivateIPRanges() bool
- func (p *Config) ConfigVersion() string
- func (p *Config) CookieDomain() string
- func (p *Config) CookiePath() string
- func (p *Config) CookieSameSiteMode() http.SameSite
- func (p *Config) CourierExposeMetricsPort() int
- func (p *Config) CourierSMTPFrom() string
- func (p *Config) CourierSMTPFromName() string
- func (p *Config) CourierSMTPHeaders() map[string]string
- func (p *Config) CourierSMTPURL() *url.URL
- func (p *Config) CourierTemplatesRoot() string
- func (p *Config) DSN() string
- func (p *Config) DefaultIdentityTraitsSchemaURL() *url.URL
- func (p *Config) DisableAPIFlowEnforcement() bool
- func (p *Config) DisableAdminHealthRequestLog() bool
- func (p *Config) DisablePublicHealthRequestLog() bool
- func (p *Config) GetTSLCertificatesForAdmin() []tls.Certificate
- func (p *Config) GetTSLCertificatesForPublic() []tls.Certificate
- func (p *Config) HasherArgon2() *Argon2
- func (p *Config) HasherBcrypt() *Bcrypt
- func (p *Config) HasherPasswordHashingAlgorithm() string
- func (p *Config) IdentityTraitsSchemas() Schemas
- func (p *Config) IsBackgroundCourierEnabled() bool
- func (p *Config) IsInsecureDevMode() bool
- func (p *Config) MetricsListenOn() string
- func (p *Config) MustSet(key string, value interface{})
- func (p *Config) ParseAbsoluteOrRelativeURIOrFail(key string) *url.URL
- func (p *Config) ParseURIOrFail(key string) *url.URL
- func (p *Config) PasswordPolicyConfig() *PasswordPolicy
- func (p *Config) PublicListenOn() string
- func (p *Config) PublicSocketPermission() *configx.UnixPermission
- func (p *Config) SecretsCipher() [][32]byte
- func (p *Config) SecretsDefault() [][]byte
- func (p *Config) SecretsSession() [][]byte
- func (p *Config) SelfAdminURL() *url.URL
- func (p *Config) SelfPublicURL() *url.URL
- func (p *Config) SelfServiceBrowserDefaultReturnTo() *url.URL
- func (p *Config) SelfServiceBrowserWhitelistedReturnToDomains() (us []url.URL)
- func (p *Config) SelfServiceFlowErrorURL() *url.URL
- func (p *Config) SelfServiceFlowLoginAfterHooks(strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowLoginBeforeHooks() []SelfServiceHook
- func (p *Config) SelfServiceFlowLoginRequestLifespan() time.Duration
- func (p *Config) SelfServiceFlowLoginReturnTo(strategy string) *url.URL
- func (p *Config) SelfServiceFlowLoginUI() *url.URL
- func (p *Config) SelfServiceFlowLogoutRedirectURL() *url.URL
- func (p *Config) SelfServiceFlowRecoveryAfterHooks(strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowRecoveryEnabled() bool
- func (p *Config) SelfServiceFlowRecoveryRequestLifespan() time.Duration
- func (p *Config) SelfServiceFlowRecoveryReturnTo() *url.URL
- func (p *Config) SelfServiceFlowRecoveryUI() *url.URL
- func (p *Config) SelfServiceFlowRegistrationAfterHooks(strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowRegistrationBeforeHooks() []SelfServiceHook
- func (p *Config) SelfServiceFlowRegistrationEnabled() bool
- func (p *Config) SelfServiceFlowRegistrationRequestLifespan() time.Duration
- func (p *Config) SelfServiceFlowRegistrationReturnTo(strategy string) *url.URL
- func (p *Config) SelfServiceFlowRegistrationUI() *url.URL
- func (p *Config) SelfServiceFlowSettingsAfterHooks(strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowSettingsFlowLifespan() time.Duration
- func (p *Config) SelfServiceFlowSettingsPrivilegedSessionMaxAge() time.Duration
- func (p *Config) SelfServiceFlowSettingsReturnTo(strategy string, defaultReturnTo *url.URL) *url.URL
- func (p *Config) SelfServiceFlowSettingsUI() *url.URL
- func (p *Config) SelfServiceFlowVerificationAfterHooks(strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowVerificationEnabled() bool
- func (p *Config) SelfServiceFlowVerificationRequestLifespan() time.Duration
- func (p *Config) SelfServiceFlowVerificationReturnTo(defaultReturnTo *url.URL) *url.URL
- func (p *Config) SelfServiceFlowVerificationUI() *url.URL
- func (p *Config) SelfServiceLinkMethodBaseURL() *url.URL
- func (p *Config) SelfServiceLinkMethodLifespan() time.Duration
- func (p *Config) SelfServiceSettingsRequiredAAL() string
- func (p *Config) SelfServiceStrategy(strategy string) *SelfServiceStrategy
- func (p *Config) SessionDomain() string
- func (p *Config) SessionLifespan() time.Duration
- func (p *Config) SessionName() string
- func (p *Config) SessionPath() string
- func (p *Config) SessionPersistentCookie() bool
- func (p *Config) SessionSameSiteMode() http.SameSite
- func (p *Config) SessionWhoAmIAAL() string
- func (p *Config) Set(key string, value interface{}) error
- func (p *Config) Source() *configx.Provider
- func (p *Config) TOTPIssuer() string
- func (p *Config) Tracing() *tracing.Config
- func (p *Config) WebAuthnConfig() *webauthn.Config
- type PasswordPolicy
- type Provider
- type Schema
- type Schemas
- type SelfServiceHook
- type SelfServiceStrategy
Constants ¶
View Source
const ( DefaultIdentityTraitsSchemaID = "default" DefaultBrowserReturnURL = "default_browser_return_url" DefaultSQLiteMemoryDSN = dbal.SQLiteInMemory DefaultPasswordHashingAlgorithm = "argon2" DefaultCipherAlgorithm = "noop" UnknownVersion = "unknown version" ViperKeyDSN = "dsn" ViperKeyCourierSMTPURL = "courier.smtp.connection_uri" ViperKeyCourierTemplatesPath = "courier.template_override_path" ViperKeyCourierSMTPFrom = "courier.smtp.from_address" ViperKeyCourierSMTPFromName = "courier.smtp.from_name" ViperKeyCourierSMTPHeaders = "courier.smtp.headers" ViperKeySecretsDefault = "secrets.default" ViperKeySecretsCookie = "secrets.cookie" ViperKeySecretsCipher = "secrets.cipher" ViperKeyDisablePublicHealthRequestLog = "serve.public.request_log.disable_for_health" ViperKeyPublicBaseURL = "serve.public.base_url" ViperKeyPublicPort = "serve.public.port" ViperKeyPublicHost = "serve.public.host" ViperKeyPublicSocketOwner = "serve.public.socket.owner" ViperKeyPublicSocketGroup = "serve.public.socket.group" ViperKeyPublicSocketMode = "serve.public.socket.mode" ViperKeyPublicTLSCertBase64 = "serve.public.tls.cert.base64" ViperKeyPublicTLSKeyBase64 = "serve.public.tls.key.base64" ViperKeyPublicTLSCertPath = "serve.public.tls.cert.path" ViperKeyPublicTLSKeyPath = "serve.public.tls.key.path" ViperKeyDisableAdminHealthRequestLog = "serve.admin.request_log.disable_for_health" ViperKeyAdminBaseURL = "serve.admin.base_url" ViperKeyAdminPort = "serve.admin.port" ViperKeyAdminHost = "serve.admin.host" ViperKeyAdminSocketOwner = "serve.admin.socket.owner" ViperKeyAdminSocketGroup = "serve.admin.socket.group" ViperKeyAdminSocketMode = "serve.admin.socket.mode" ViperKeyAdminTLSCertBase64 = "serve.admin.tls.cert.base64" ViperKeyAdminTLSKeyBase64 = "serve.admin.tls.key.base64" ViperKeyAdminTLSCertPath = "serve.admin.tls.cert.path" ViperKeyAdminTLSKeyPath = "serve.admin.tls.key.path" ViperKeySessionLifespan = "session.lifespan" ViperKeySessionSameSite = "session.cookie.same_site" ViperKeySessionDomain = "session.cookie.domain" ViperKeySessionName = "session.cookie.name" ViperKeySessionPath = "session.cookie.path" ViperKeySessionPersistentCookie = "session.cookie.persistent" ViperKeySessionWhoAmIAAL = "session.whoami.required_aal" ViperKeyCookieSameSite = "cookies.same_site" ViperKeyCookieDomain = "cookies.domain" ViperKeyCookiePath = "cookies.path" ViperKeySelfServiceStrategyConfig = "selfservice.methods" ViperKeySelfServiceBrowserDefaultReturnTo = "selfservice." + DefaultBrowserReturnURL ViperKeyURLsWhitelistedReturnToDomains = "selfservice.whitelisted_return_urls" ViperKeySelfServiceRegistrationEnabled = "selfservice.flows.registration.enabled" ViperKeySelfServiceRegistrationUI = "selfservice.flows.registration.ui_url" ViperKeySelfServiceRegistrationRequestLifespan = "selfservice.flows.registration.lifespan" ViperKeySelfServiceRegistrationAfter = "selfservice.flows.registration.after" ViperKeySelfServiceRegistrationBeforeHooks = "selfservice.flows.registration.before.hooks" ViperKeySelfServiceLoginUI = "selfservice.flows.login.ui_url" ViperKeySelfServiceLoginRequestLifespan = "selfservice.flows.login.lifespan" ViperKeySelfServiceLoginAfter = "selfservice.flows.login.after" ViperKeySelfServiceLoginBeforeHooks = "selfservice.flows.login.before.hooks" ViperKeySelfServiceErrorUI = "selfservice.flows.error.ui_url" ViperKeySelfServiceLogoutBrowserDefaultReturnTo = "selfservice.flows.logout.after." + DefaultBrowserReturnURL ViperKeySelfServiceSettingsURL = "selfservice.flows.settings.ui_url" ViperKeySelfServiceSettingsAfter = "selfservice.flows.settings.after" ViperKeySelfServiceSettingsRequestLifespan = "selfservice.flows.settings.lifespan" ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter = "selfservice.flows.settings.privileged_session_max_age" ViperKeySelfServiceSettingsRequiredAAL = "selfservice.flows.settings.required_aal" ViperKeySelfServiceRecoveryAfter = "selfservice.flows.recovery.after" ViperKeySelfServiceRecoveryEnabled = "selfservice.flows.recovery.enabled" ViperKeySelfServiceRecoveryUI = "selfservice.flows.recovery.ui_url" ViperKeySelfServiceRecoveryRequestLifespan = "selfservice.flows.recovery.lifespan" ViperKeySelfServiceRecoveryBrowserDefaultReturnTo = "selfservice.flows.recovery.after." + DefaultBrowserReturnURL ViperKeySelfServiceVerificationEnabled = "selfservice.flows.verification.enabled" ViperKeySelfServiceVerificationUI = "selfservice.flows.verification.ui_url" ViperKeySelfServiceVerificationRequestLifespan = "selfservice.flows.verification.lifespan" ViperKeySelfServiceVerificationBrowserDefaultReturnTo = "selfservice.flows.verification.after." + DefaultBrowserReturnURL ViperKeySelfServiceVerificationAfter = "selfservice.flows.verification.after" ViperKeyDefaultIdentitySchemaURL = "identity.default_schema_url" ViperKeyIdentitySchemas = "identity.schemas" ViperKeyHasherAlgorithm = "hashers.algorithm" ViperKeyHasherArgon2ConfigMemory = "hashers.argon2.memory" ViperKeyHasherArgon2ConfigIterations = "hashers.argon2.iterations" ViperKeyHasherArgon2ConfigParallelism = "hashers.argon2.parallelism" ViperKeyHasherArgon2ConfigSaltLength = "hashers.argon2.salt_length" ViperKeyHasherArgon2ConfigKeyLength = "hashers.argon2.key_length" ViperKeyHasherArgon2ConfigExpectedDuration = "hashers.argon2.expected_duration" ViperKeyHasherArgon2ConfigExpectedDeviation = "hashers.argon2.expected_deviation" ViperKeyHasherArgon2ConfigDedicatedMemory = "hashers.argon2.dedicated_memory" ViperKeyHasherBcryptCost = "hashers.bcrypt.cost" ViperKeyCipherAlgorithm = "ciphers.algorithm" ViperKeyLinkLifespan = "selfservice.methods.link.config.lifespan" ViperKeyLinkBaseURL = "selfservice.methods.link.config.base_url" ViperKeyPasswordHaveIBeenPwnedHost = "selfservice.methods.password.config.haveibeenpwned_host" ViperKeyPasswordHaveIBeenPwnedEnabled = "selfservice.methods.password.config.haveibeenpwned_enabled" ViperKeyPasswordMaxBreaches = "selfservice.methods.password.config.max_breaches" ViperKeyPasswordMinLength = "selfservice.methods.password.config.min_password_length" ViperKeyPasswordIdentifierSimilarityCheckEnabled = "selfservice.methods.password.config.identifier_similarity_check_enabled" ViperKeyIgnoreNetworkErrors = "selfservice.methods.password.config.ignore_network_errors" ViperKeyTOTPIssuer = "selfservice.methods.totp.config.issuer" ViperKeyWebAuthnRPDisplayName = "selfservice.methods.webauthn.config.rp.display_name" ViperKeyWebAuthnRPID = "selfservice.methods.webauthn.config.rp.id" ViperKeyWebAuthnRPOrigin = "selfservice.methods.webauthn.config.rp.origin" ViperKeyWebAuthnRPIcon = "selfservice.methods.webauthn.config.rp.issuer" ViperKeyClientHTTPNoPrivateIPRanges = "clients.http.disallow_private_ip_ranges" ViperKeyVersion = "version" )
View Source
const ( HighestAvailableAAL = "highest_available" Argon2DefaultMemory = 128 * bytesize.MB Argon2DefaultIterations uint32 = 1 Argon2DefaultSaltLength uint32 = 16 Argon2DefaultKeyLength uint32 = 32 Argon2DefaultDuration = 500 * time.Millisecond Argon2DefaultDeviation = 500 * time.Millisecond Argon2DefaultDedicatedMemory = 1 * bytesize.GB BcryptDefaultCost uint32 = 12 )
View Source
const DefaultSessionCookieName = "ory_kratos_session"
DefaultSessionCookieName returns the default cookie name for the kratos session.
View Source
const HookGlobal = "global"
Variables ¶
View Source
var ( Version = "master" Date = "undefined" Commit = "undefined" )
View Source
var Argon2DefaultParallelism = uint8(runtime.NumCPU() * 2)
Functions ¶
func HookStrategyKey ¶
Types ¶
type Argon2 ¶
type Argon2 struct { Memory bytesize.ByteSize `json:"memory"` Iterations uint32 `json:"iterations"` Parallelism uint8 `json:"parallelism"` SaltLength uint32 `json:"salt_length"` KeyLength uint32 `json:"key_length"` ExpectedDuration time.Duration `json:"expected_duration"` ExpectedDeviation time.Duration `json:"expected_deviation"` DedicatedMemory bytesize.ByteSize `json:"dedicated_memory"` }
func (*Argon2) MarshalJSON ¶
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
func (*Config) AdminListenOn ¶
func (*Config) AdminSocketPermission ¶
func (p *Config) AdminSocketPermission() *configx.UnixPermission
func (*Config) CipherAlgorithm ¶
func (*Config) ClientHTTPNoPrivateIPRanges ¶
func (*Config) ConfigVersion ¶
func (*Config) CookieDomain ¶
func (*Config) CookiePath ¶
func (*Config) CookieSameSiteMode ¶
func (*Config) CourierExposeMetricsPort ¶
func (*Config) CourierSMTPFrom ¶
func (*Config) CourierSMTPFromName ¶
func (*Config) CourierSMTPHeaders ¶
func (*Config) CourierSMTPURL ¶
func (*Config) CourierTemplatesRoot ¶
func (*Config) DefaultIdentityTraitsSchemaURL ¶
func (*Config) DisableAPIFlowEnforcement ¶
func (*Config) DisableAdminHealthRequestLog ¶
func (*Config) DisablePublicHealthRequestLog ¶
func (*Config) GetTSLCertificatesForAdmin ¶
func (p *Config) GetTSLCertificatesForAdmin() []tls.Certificate
func (*Config) GetTSLCertificatesForPublic ¶
func (p *Config) GetTSLCertificatesForPublic() []tls.Certificate
func (*Config) HasherArgon2 ¶
func (*Config) HasherBcrypt ¶
func (*Config) HasherPasswordHashingAlgorithm ¶
func (*Config) IdentityTraitsSchemas ¶
func (*Config) IsBackgroundCourierEnabled ¶
func (*Config) IsInsecureDevMode ¶
func (*Config) MetricsListenOn ¶
func (*Config) ParseAbsoluteOrRelativeURIOrFail ¶
func (*Config) PasswordPolicyConfig ¶
func (p *Config) PasswordPolicyConfig() *PasswordPolicy
func (*Config) PublicListenOn ¶
func (*Config) PublicSocketPermission ¶
func (p *Config) PublicSocketPermission() *configx.UnixPermission
func (*Config) SecretsCipher ¶
func (*Config) SecretsDefault ¶
func (*Config) SecretsSession ¶
func (*Config) SelfAdminURL ¶
func (*Config) SelfPublicURL ¶
func (*Config) SelfServiceBrowserDefaultReturnTo ¶
func (*Config) SelfServiceBrowserWhitelistedReturnToDomains ¶
func (*Config) SelfServiceFlowErrorURL ¶
func (*Config) SelfServiceFlowLoginAfterHooks ¶
func (p *Config) SelfServiceFlowLoginAfterHooks(strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowLoginBeforeHooks ¶
func (p *Config) SelfServiceFlowLoginBeforeHooks() []SelfServiceHook
func (*Config) SelfServiceFlowLoginRequestLifespan ¶
func (*Config) SelfServiceFlowLoginReturnTo ¶
func (*Config) SelfServiceFlowLoginUI ¶
func (*Config) SelfServiceFlowLogoutRedirectURL ¶
func (*Config) SelfServiceFlowRecoveryAfterHooks ¶
func (p *Config) SelfServiceFlowRecoveryAfterHooks(strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowRecoveryEnabled ¶
func (*Config) SelfServiceFlowRecoveryRequestLifespan ¶
func (*Config) SelfServiceFlowRecoveryReturnTo ¶
func (*Config) SelfServiceFlowRecoveryUI ¶
func (*Config) SelfServiceFlowRegistrationAfterHooks ¶
func (p *Config) SelfServiceFlowRegistrationAfterHooks(strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowRegistrationBeforeHooks ¶
func (p *Config) SelfServiceFlowRegistrationBeforeHooks() []SelfServiceHook
func (*Config) SelfServiceFlowRegistrationEnabled ¶
func (*Config) SelfServiceFlowRegistrationRequestLifespan ¶
func (*Config) SelfServiceFlowRegistrationReturnTo ¶
func (*Config) SelfServiceFlowRegistrationUI ¶
func (*Config) SelfServiceFlowSettingsAfterHooks ¶
func (p *Config) SelfServiceFlowSettingsAfterHooks(strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowSettingsFlowLifespan ¶
func (*Config) SelfServiceFlowSettingsPrivilegedSessionMaxAge ¶
func (*Config) SelfServiceFlowSettingsReturnTo ¶
func (*Config) SelfServiceFlowSettingsUI ¶
func (*Config) SelfServiceFlowVerificationAfterHooks ¶
func (p *Config) SelfServiceFlowVerificationAfterHooks(strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowVerificationEnabled ¶
func (*Config) SelfServiceFlowVerificationRequestLifespan ¶
func (*Config) SelfServiceFlowVerificationReturnTo ¶
func (*Config) SelfServiceFlowVerificationUI ¶
func (*Config) SelfServiceLinkMethodBaseURL ¶
func (*Config) SelfServiceLinkMethodLifespan ¶
func (*Config) SelfServiceSettingsRequiredAAL ¶
func (*Config) SelfServiceStrategy ¶
func (p *Config) SelfServiceStrategy(strategy string) *SelfServiceStrategy
func (*Config) SessionDomain ¶
func (*Config) SessionLifespan ¶
SessionLifespan returns nil when the value is not set.
func (*Config) SessionName ¶
func (*Config) SessionPath ¶
func (*Config) SessionPersistentCookie ¶
func (*Config) SessionSameSiteMode ¶
func (*Config) SessionWhoAmIAAL ¶
func (*Config) TOTPIssuer ¶
func (*Config) WebAuthnConfig ¶
type PasswordPolicy ¶
type PasswordPolicy struct { HaveIBeenPwnedHost string `json:"haveibeenpwned_host"` HaveIBeenPwnedEnabled bool `json:"haveibeenpwned_enabled"` MaxBreaches uint `json:"max_breaches"` IgnoreNetworkErrors bool `json:"ignore_network_errors"` MinPasswordLength uint `json:"min_password_length"` IdentifierSimilarityCheckEnabled bool `json:"identifier_similarity_check_enabled"` }
type SelfServiceHook ¶
type SelfServiceHook struct { Name string `json:"hook"` Config json.RawMessage `json:"config"` }
type SelfServiceStrategy ¶
type SelfServiceStrategy struct { Enabled bool `json:"enabled"` Config json.RawMessage `json:"config"` }
Click to show internal directories.
Click to hide internal directories.