identity

package
v1.2.0-pre.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2024 License: Apache-2.0 Imports: 51 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	ChannelTypeEmail = "email"
	ChannelTypeSMS   = "sms"
)
View Source 
const (
	RouteCollection     = "/identities"
	RouteItem           = RouteCollection + "/:id"
	RouteCredentialItem = RouteItem + "/credentials/:type"

	BatchPatchIdentitiesLimit = 2000
)
View Source 
const (
	VerifiableAddressTypeEmail VerifiableAddressType = AddressTypeEmail

	VerifiableAddressStatusPending   VerifiableAddressStatus = "pending"
	VerifiableAddressStatusSent      VerifiableAddressStatus = "sent"
	VerifiableAddressStatusCompleted VerifiableAddressStatus = "completed"
)
View Source 
const (
	AddressTypeEmail = "email"
)

Variables

View Source 
var AllCredentialTypes = []CredentialsType{
	CredentialsTypePassword,
	CredentialsTypeOIDC,
	CredentialsTypeTOTP,
	CredentialsTypeLookup,
	CredentialsTypeWebAuthn,
	CredentialsTypeCodeAuth,
	CredentialsTypePasskey,
}
View Source 
var ErrProtectedFieldModified = herodot.ErrForbidden.
	WithReasonf(`A field was modified that updates one or more credentials-related settings. This action was blocked because an unprivileged method was used to execute the update. This is either a configuration issue or a bug and should be reported to the system administrator.`)
View Source 
var ExpandCredentials = Expandables{
	ExpandFieldCredentials,
}

ExpandCredentials expands the identity's credentials.

View Source 
var ExpandDefault = Expandables{
	ExpandFieldVerifiableAddresses,
	ExpandFieldRecoveryAddresses,
}

ExpandDefault expands the default fields:

- Verifiable addresses - Recovery addresses

View Source 
var ExpandEverything = Expandables{
	ExpandFieldVerifiableAddresses,
	ExpandFieldRecoveryAddresses,
	ExpandFieldCredentials,
}

ExpandEverything expands all the fields of an identity.

View Source 
var ExpandNothing = Expandables{}

ExpandNothing expands nothing

Functions

func CredentialsEqual 

func CredentialsEqual(a, b map[CredentialsType]Credentials) bool

func DefaultPageToken added in v1.1.0 

func DefaultPageToken() keysetpagination.PageToken

func ManagerAllowWriteProtectedTraits 

func ManagerAllowWriteProtectedTraits(options *ManagerOptions)

func ManagerExposeValidationErrorsForInternalTypeAssertion 

func ManagerExposeValidationErrorsForInternalTypeAssertion(options *ManagerOptions)

func OIDCUniqueID 

func OIDCUniqueID(provider, subject string) string

func UpgradeCredentials added in v0.11.1 

func UpgradeCredentials(i *Identity) error

UpgradeCredentials migrates a set of older WebAuthn credentials to newer ones.

func UpgradeWebAuthnCredentials added in v0.11.1 

func UpgradeWebAuthnCredentials(i *Identity, c *Credentials) (err error)

Types

type ActiveCredentialsCounter 

type ActiveCredentialsCounter interface {
	ID() CredentialsType
	CountActiveFirstFactorCredentials(cc map[CredentialsType]Credentials) (int, error)
	CountActiveMultiFactorCredentials(cc map[CredentialsType]Credentials) (int, error)
}

swagger:ignore

type ActiveCredentialsCounterStrategyProvider 

type ActiveCredentialsCounterStrategyProvider interface {
	ActiveCredentialsCounterStrategies(context.Context) []ActiveCredentialsCounter
}

swagger:ignore

type AdminCreateIdentityImportCredentialsOidcProvider 

type AdminCreateIdentityImportCredentialsOidcProvider struct {
	// The subject (`sub`) of the OpenID Connect connection. Usually the `sub` field of the ID Token.
	//
	// required: true
	Subject string `json:"subject"`

	// The OpenID Connect provider to link the subject to. Usually something like `google` or `github`.
	//
	// required: true
	Provider string `json:"provider"`
}

Create Identity and Import Social Sign In Credentials Configuration

swagger:model identityWithCredentialsOidcConfigProvider

type AdminIdentityImportCredentialsOIDC 

type AdminIdentityImportCredentialsOIDC struct {
	// Configuration options for the import.
	Config AdminIdentityImportCredentialsOIDCConfig `json:"config"`
}

Create Identity and Import Social Sign In Credentials

swagger:model identityWithCredentialsOidc

type AdminIdentityImportCredentialsOIDCConfig 

type AdminIdentityImportCredentialsOIDCConfig struct {
	// Configuration options for the import.
	Config AdminIdentityImportCredentialsPasswordConfig `json:"config"`
	// A list of OpenID Connect Providers
	Providers []AdminCreateIdentityImportCredentialsOidcProvider `json:"providers"`
}

swagger:model identityWithCredentialsOidcConfig

type AdminIdentityImportCredentialsPassword 

type AdminIdentityImportCredentialsPassword struct {
	// Configuration options for the import.
	Config AdminIdentityImportCredentialsPasswordConfig `json:"config"`
}

Create Identity and Import Password Credentials

swagger:model identityWithCredentialsPassword

type AdminIdentityImportCredentialsPasswordConfig 

type AdminIdentityImportCredentialsPasswordConfig struct {
	// The hashed password in [PHC format](https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities#hashed-passwords)
	HashedPassword string `json:"hashed_password"`

	// The password in plain text if no hash is available.
	Password string `json:"password"`
}

Create Identity and Import Password Credentials Configuration

swagger:model identityWithCredentialsPasswordConfig

type AuthenticatorAssuranceLevel 

type AuthenticatorAssuranceLevel string

Authenticator Assurance Level (AAL)

The authenticator assurance level can be one of "aal1", "aal2", or "aal3". A higher number means that it is harder for an attacker to compromise the account.

Generally, "aal1" implies that one authentication factor was used while AAL2 implies that two factors (e.g. password + TOTP) have been used.

To learn more about these levels please head over to: https://www.ory.sh/kratos/docs/concepts/credentials

swagger:model authenticatorAssuranceLevel 

const (
	NoAuthenticatorAssuranceLevel AuthenticatorAssuranceLevel = "aal0"
	AuthenticatorAssuranceLevel1  AuthenticatorAssuranceLevel = "aal1"
	AuthenticatorAssuranceLevel2  AuthenticatorAssuranceLevel = "aal2"
)

type AuthenticatorWebAuthn added in v0.13.0 

type AuthenticatorWebAuthn struct {
	AAGUID       []byte `json:"aaguid"`
	SignCount    uint32 `json:"sign_count"`
	CloneWarning bool   `json:"clone_warning"`
}

type BatchIdentityPatch added in v0.13.0 

type BatchIdentityPatch struct {
	// The identity to create.
	Create *CreateIdentityBody `json:"create"`

	// The ID of this patch.
	//
	// The patch ID is optional. If specified, the ID will be returned in the
	// response, so consumers of this API can correlate the response with the
	// patch.
	ID *uuid.UUID `json:"patch_id"`
}

Payload for patching an identity

swagger:model identityPatch

type BatchIdentityPatchResponse added in v0.13.0 

type BatchIdentityPatchResponse struct {
	// The action for this specific patch
	Action BatchPatchAction `json:"action"`

	// The identity ID payload of this patch
	IdentityID *uuid.UUID `json:"identity,omitempty"`

	// The ID of this patch response, if an ID was specified in the patch.
	PatchID *uuid.UUID `json:"patch_id,omitempty"`
}

Response for a single identity patch

swagger:model identityPatchResponse

type BatchPatchAction added in v0.13.0 

type BatchPatchAction string

swagger:enum BatchPatchAction 

const (
	// Create this identity.
	ActionCreate BatchPatchAction = "create"
)

type BatchPatchIdentitiesBody added in v0.13.0 

type BatchPatchIdentitiesBody struct {
	// Identities holds the list of patches to apply
	//
	// required
	Identities []*BatchIdentityPatch `json:"identities"`
}

Patch Identities Body

swagger:model patchIdentitiesBody

type CodeAddressType added in v1.1.0 

type CodeAddressType = string
const (
	CodeAddressTypeEmail CodeAddressType = AddressTypeEmail
)

type Configuration 

type Configuration interface {
	SelfAdminURL() *url.URL
	DefaultIdentityTraitsSchemaURL() *url.URL
}

type CreateIdentityBody added in v0.11.0 

type CreateIdentityBody struct {
	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
	//
	// required: true
	SchemaID string `json:"schema_id"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_url`.
	//
	// required: true
	Traits json.RawMessage `json:"traits"`

	// Credentials represents all credentials that can be used for authenticating this identity.
	//
	// Use this structure to import credentials for a user.
	Credentials *IdentityWithCredentials `json:"credentials"`

	// VerifiableAddresses contains all the addresses that can be verified by the user.
	//
	// Use this structure to import verified addresses for an identity. Please keep in mind
	// that the address needs to be represented in the Identity Schema or this field will be overwritten
	// on the next identity update.
	VerifiableAddresses []VerifiableAddress `json:"verifiable_addresses"`

	// RecoveryAddresses contains all the addresses that can be used to recover an identity.
	//
	// Use this structure to import recovery addresses for an identity. Please keep in mind
	// that the address needs to be represented in the Identity Schema or this field will be overwritten
	// on the next identity update.
	RecoveryAddresses []RecoveryAddress `json:"recovery_addresses"`

	// Store metadata about the identity which the identity itself can see when calling for example the
	// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.
	MetadataPublic json.RawMessage `json:"metadata_public"`

	// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`.
	MetadataAdmin json.RawMessage `json:"metadata_admin,omitempty"`

	// State is the identity's state.
	//
	// required: false
	State State `json:"state"`
}

Create Identity Body

swagger:model createIdentityBody

type CredentialIdentifier 

type CredentialIdentifier struct {
	ID         uuid.UUID `db:"id"`
	Identifier string    `db:"identifier"`
	// IdentityCredentialsID is a helper struct field for gobuffalo.pop.
	IdentityCredentialsID uuid.UUID `json:"-" db:"identity_credential_id"`
	// IdentityCredentialsTypeID is a helper struct field for gobuffalo.pop.
	IdentityCredentialsTypeID uuid.UUID `json:"-" db:"identity_credential_type_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
	NID       uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

swagger:ignore

func (CredentialIdentifier) TableName 

func (c CredentialIdentifier) TableName(context.Context) string

type CredentialWebAuthn added in v0.13.0 

type CredentialWebAuthn struct {
	ID              []byte                `json:"id"`
	PublicKey       []byte                `json:"public_key"`
	AttestationType string                `json:"attestation_type"`
	Authenticator   AuthenticatorWebAuthn `json:"authenticator"`
	DisplayName     string                `json:"display_name"`
	AddedAt         time.Time             `json:"added_at"`
	IsPasswordless  bool                  `json:"is_passwordless"`
}

func CredentialFromWebAuthn added in v0.13.0 

func CredentialFromWebAuthn(credential *webauthn.Credential, isPasswordless bool) *CredentialWebAuthn

func (*CredentialWebAuthn) ToWebAuthn added in v0.13.0 

func (c *CredentialWebAuthn) ToWebAuthn() *webauthn.Credential

type Credentials 

type Credentials struct {
	ID uuid.UUID `json:"-" db:"id"`

	// Type discriminates between different types of credentials.
	Type                     CredentialsType `json:"type" db:"-"`
	IdentityCredentialTypeID uuid.UUID       `json:"-" db:"identity_credential_type_id"`

	// Identifiers represents a list of unique identifiers this credential type matches.
	Identifiers []string `json:"identifiers" db:"-"`

	// Config contains the concrete credential payload. This might contain the bcrypt-hashed password, the email
	// for passwordless authentication or access_token and refresh tokens from OpenID Connect flows.
	Config sqlxx.JSONRawMessage `json:"config,omitempty" db:"config"`

	// Version refers to the version of the credential. Useful when changing the config schema.
	Version int `json:"version" db:"version"`

	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"updated_at" db:"updated_at"`
	NID       uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

Credentials represents a specific credential type

swagger:model identityCredentials

func NewCredentialsOIDC 

func NewCredentialsOIDC(tokens *CredentialsOIDCEncryptedTokens, provider, subject, organization string) (*Credentials, error)

NewCredentialsOIDC creates a new OIDC credential.

func (Credentials) GetID added in v1.1.0 

func (c Credentials) GetID() uuid.UUID

func (Credentials) TableName 

func (c Credentials) TableName(context.Context) string

type CredentialsCode added in v1.1.0 

type CredentialsCode struct {
	// The type of the address for this code
	AddressType CodeAddressType `json:"address_type"`

	// UsedAt indicates whether and when a recovery code was used.
	UsedAt sql.NullTime `json:"used_at,omitempty"`
}

CredentialsCode represents a one time login/registration code

swagger:model identityCredentialsCode

type CredentialsLookupConfig added in v0.13.0 

type CredentialsLookupConfig struct {
	// List of recovery codes
	RecoveryCodes []RecoveryCode `json:"recovery_codes"`
}

CredentialsConfig is the struct that is being used as part of the identity credentials.

func (*CredentialsLookupConfig) ToNode added in v0.13.0 

func (c *CredentialsLookupConfig) ToNode() *node.Node

type CredentialsOIDC 

type CredentialsOIDC struct {
	Providers []CredentialsOIDCProvider `json:"providers"`
}

CredentialsOIDC is contains the configuration for credentials of the type oidc.

swagger:model identityCredentialsOidc

func (*CredentialsOIDC) Organization added in v1.1.0 

func (c *CredentialsOIDC) Organization() string

type CredentialsOIDCEncryptedTokens added in v1.2.0 

type CredentialsOIDCEncryptedTokens struct {
	RefreshToken string `json:"refresh_token,omitempty"`
	IDToken      string `json:"id_token,omitempty"`
	AccessToken  string `json:"access_token,omitempty"`
}

swagger:ignore

func (*CredentialsOIDCEncryptedTokens) GetAccessToken added in v1.2.0 

func (c *CredentialsOIDCEncryptedTokens) GetAccessToken() string

func (*CredentialsOIDCEncryptedTokens) GetIDToken added in v1.2.0 

func (c *CredentialsOIDCEncryptedTokens) GetIDToken() string

func (*CredentialsOIDCEncryptedTokens) GetRefreshToken added in v1.2.0 

func (c *CredentialsOIDCEncryptedTokens) GetRefreshToken() string

type CredentialsOIDCProvider 

type CredentialsOIDCProvider struct {
	Subject             string `json:"subject"`
	Provider            string `json:"provider"`
	InitialIDToken      string `json:"initial_id_token"`
	InitialAccessToken  string `json:"initial_access_token"`
	InitialRefreshToken string `json:"initial_refresh_token"`
	Organization        string `json:"organization,omitempty"`
}

CredentialsOIDCProvider is contains a specific OpenID COnnect credential for a particular connection (e.g. Google).

swagger:model identityCredentialsOidcProvider

func (*CredentialsOIDCProvider) GetTokens added in v1.2.0 

func (c *CredentialsOIDCProvider) GetTokens() *CredentialsOIDCEncryptedTokens

type CredentialsOptions added in v1.2.0 

type CredentialsOptions func(c *Credentials)

func WithAdditionalIdentifier added in v1.2.0 

func WithAdditionalIdentifier(identifier string) CredentialsOptions

type CredentialsPassword 

type CredentialsPassword struct {
	// HashedPassword is a hash-representation of the password.
	HashedPassword string `json:"hashed_password"`
}

CredentialsPassword is contains the configuration for credentials of the type password.

swagger:model identityCredentialsPassword

type CredentialsTOTPConfig added in v0.13.0 

type CredentialsTOTPConfig struct {
	// TOTPURL is the TOTP URL
	//
	// For more details see: https://github.com/google/google-authenticator/wiki/Key-Uri-Format
	TOTPURL string `json:"totp_url"`
}

CredentialsConfig is the struct that is being used as part of the identity credentials.

type CredentialsType 

type CredentialsType string

CredentialsType represents several different credential types, like password credentials, passwordless credentials, and so on.

swagger:enum CredentialsType 

const (
	CredentialsTypePassword CredentialsType = "password"
	CredentialsTypeOIDC     CredentialsType = "oidc"
	CredentialsTypeTOTP     CredentialsType = "totp"
	CredentialsTypeLookup   CredentialsType = "lookup_secret"
	CredentialsTypeWebAuthn CredentialsType = "webauthn"
	CredentialsTypeCodeAuth CredentialsType = "code"
	CredentialsTypePasskey  CredentialsType = "passkey"
	CredentialsTypeProfile  CredentialsType = "profile"
)

Please make sure to add all of these values to the test that ensures they are created during migration 

const (
	// CredentialsTypeRecoveryLink is a special credential type linked to the link strategy (recovery flow).
	// It is not used within the credentials object itself.
	CredentialsTypeRecoveryLink CredentialsType = "link_recovery"
	CredentialsTypeRecoveryCode CredentialsType = "code_recovery"
)

func ParseCredentialsType added in v1.0.0 

func ParseCredentialsType(in string) (CredentialsType, bool)

ParseCredentialsType parses a string into a CredentialsType or returns false as the second argument.

func (CredentialsType) String 

func (c CredentialsType) String() string

func (CredentialsType) ToUiNodeGroup added in v0.11.0 

func (c CredentialsType) ToUiNodeGroup() node.UiNodeGroup

type CredentialsTypeTable 

type CredentialsTypeTable struct {
	ID   uuid.UUID       `json:"-" db:"id"`
	Name CredentialsType `json:"-" db:"name"`
}

swagger:ignore

func (CredentialsTypeTable) TableName 

func (c CredentialsTypeTable) TableName(context.Context) string

type CredentialsWebAuthn added in v0.13.0 

type CredentialsWebAuthn []CredentialWebAuthn

func (CredentialsWebAuthn) PasswordlessOnly added in v1.2.0 

func (c CredentialsWebAuthn) PasswordlessOnly() (result []webauthn.Credential)

PasswordlessOnly returns only passwordless credentials.

func (CredentialsWebAuthn) ToWebAuthn added in v0.13.0 

func (c CredentialsWebAuthn) ToWebAuthn() (result []webauthn.Credential)

func (CredentialsWebAuthn) ToWebAuthnFiltered added in v0.13.0 

func (c CredentialsWebAuthn) ToWebAuthnFiltered(aal AuthenticatorAssuranceLevel) (result []webauthn.Credential)

ToWebAuthnFiltered returns only the appropriate credentials for the requested AAL. For AAL1, only passwordless credentials are returned, for AAL2, only non-passwordless credentials are returned.

type CredentialsWebAuthnConfig added in v0.13.0 

type CredentialsWebAuthnConfig struct {
	// List of webauthn credentials.
	Credentials CredentialsWebAuthn `json:"credentials"`
	UserHandle  []byte              `json:"user_handle"`
}

CredentialsWebAuthnConfig is the struct that is being used as part of the identity credentials.

type ErrDuplicateCredentials added in v1.1.0 

type ErrDuplicateCredentials struct {
	// contains filtered or unexported fields
}

func (*ErrDuplicateCredentials) AddCredentialsType added in v1.2.0 

func (e *ErrDuplicateCredentials) AddCredentialsType(ct CredentialsType)

func (*ErrDuplicateCredentials) AvailableCredentials added in v1.1.0 

func (e *ErrDuplicateCredentials) AvailableCredentials() []string

func (*ErrDuplicateCredentials) AvailableOIDCProviders added in v1.1.0 

func (e *ErrDuplicateCredentials) AvailableOIDCProviders() []string

func (*ErrDuplicateCredentials) HasHints added in v1.1.0 

func (e *ErrDuplicateCredentials) HasHints() bool

func (*ErrDuplicateCredentials) IdentifierHint added in v1.1.0 

func (e *ErrDuplicateCredentials) IdentifierHint() string

func (*ErrDuplicateCredentials) SetIdentifierHint added in v1.2.0 

func (e *ErrDuplicateCredentials) SetIdentifierHint(hint string)

func (*ErrDuplicateCredentials) Unwrap added in v1.1.0 

func (e *ErrDuplicateCredentials) Unwrap() error

type Expandable added in v0.11.1 

type Expandable = sqlxx.Expandable
const (
	ExpandFieldVerifiableAddresses Expandable = "VerifiableAddresses"
	ExpandFieldRecoveryAddresses   Expandable = "RecoveryAddresses"
	ExpandFieldCredentials         Expandable = "Credentials"
)

type Expandables added in v0.11.1 

type Expandables = sqlxx.Expandables

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

func NewHandler 

func NewHandler(r handlerDependencies) *Handler

func (*Handler) Config 

func (h *Handler) Config(ctx context.Context) *config.Config

func (*Handler) RegisterAdminRoutes 

func (h *Handler) RegisterAdminRoutes(admin *x.RouterAdmin)

func (*Handler) RegisterPublicRoutes 

func (h *Handler) RegisterPublicRoutes(public *x.RouterPublic)

type HandlerProvider 

type HandlerProvider interface {
	IdentityHandler() *Handler
}

type Identity 

type Identity struct {

	// ID is the identity's unique identifier.
	//
	// The Identity ID can not be changed and can not be chosen. This ensures future
	// compatibility and optimization for distributed stores such as CockroachDB.
	//
	// required: true
	ID uuid.UUID `json:"id" faker:"-" db:"id"`

	// Credentials represents all credentials that can be used for authenticating this identity.
	Credentials map[CredentialsType]Credentials `json:"credentials,omitempty" faker:"-" db:"-"`

	// AvailableAAL defines the maximum available AAL for this identity. If the user has only a password
	// configured, the AAL will be 1. If the user has a password and a TOTP configured, the AAL will be 2.
	AvailableAAL NullableAuthenticatorAssuranceLevel `json:"-" faker:"-" db:"available_aal"`

	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits.
	//
	// required: true
	SchemaID string `json:"schema_id" faker:"-" db:"schema_id"`

	// SchemaURL is the URL of the endpoint where the identity's traits schema can be fetched from.
	//
	// format: url
	// required: true
	SchemaURL string `json:"schema_url" faker:"-" db:"-"`

	// State is the identity's state.
	//
	// This value has currently no effect.
	State State `json:"state" faker:"-" db:"state"`

	// StateChangedAt contains the last time when the identity's state changed.
	StateChangedAt *sqlxx.NullTime `json:"state_changed_at,omitempty" faker:"-" db:"state_changed_at"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_url`.
	//
	// required: true
	Traits Traits `json:"traits" faker:"-" db:"traits"`

	// VerifiableAddresses contains all the addresses that can be verified by the user.
	//
	// Extensions:
	// ---
	// x-omitempty: true
	// ---
	VerifiableAddresses []VerifiableAddress `` /* 126-byte string literal not displayed */

	// RecoveryAddresses contains all the addresses that can be used to recover an identity.
	//
	// Extensions:
	// ---
	// x-omitempty: true
	// ---
	RecoveryAddresses []RecoveryAddress `json:"recovery_addresses,omitempty" faker:"-" has_many:"identity_recovery_addresses" fk_id:"identity_id" order_by:"id asc"`

	// Store metadata about the identity which the identity itself can see when calling for example the
	// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.
	MetadataPublic sqlxx.NullJSONRawMessage `json:"metadata_public" faker:"-" db:"metadata_public"`

	// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`.
	MetadataAdmin sqlxx.NullJSONRawMessage `json:"metadata_admin,omitempty" faker:"-" db:"metadata_admin"`

	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" db:"created_at"`

	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt      time.Time     `json:"updated_at" db:"updated_at"`
	NID            uuid.UUID     `json:"-"  faker:"-" db:"nid"`
	OrganizationID uuid.NullUUID `json:"organization_id,omitempty"  faker:"-" db:"organization_id"`
	// contains filtered or unexported fields
}

Identity represents an Ory Kratos identity

An identity(https://www.ory.sh/docs/kratos/concepts/identity-user-model) represents a (human) user in Ory.

swagger:model identity

func NewIdentity 

func NewIdentity(traitsSchemaID string) *Identity

func (*Identity) CopyWithoutCredentials 

func (i *Identity) CopyWithoutCredentials() *Identity

func (*Identity) DeleteCredentialsType 

func (i *Identity) DeleteCredentialsType(t CredentialsType)

func (*Identity) GetCredentials 

func (i *Identity) GetCredentials(t CredentialsType) (*Credentials, bool)

func (*Identity) GetCredentialsOr 

func (i *Identity) GetCredentialsOr(t CredentialsType, fallback *Credentials) *Credentials

GetCredentialsOr returns the credentials for a given CredentialsType. If the credentials do not exist, the fallback is returned.

func (Identity) GetID 

func (i Identity) GetID() uuid.UUID

func (Identity) GetNID 

func (i Identity) GetNID() uuid.UUID

func (*Identity) IsActive 

func (i *Identity) IsActive() bool

func (Identity) MarshalJSON 

func (i Identity) MarshalJSON() ([]byte, error)

func (*Identity) PageToken added in v1.1.0 

func (i *Identity) PageToken() keysetpagination.PageToken

func (*Identity) ParseCredentials 

func (i *Identity) ParseCredentials(t CredentialsType, config interface{}) (*Credentials, error)

func (*Identity) SetAvailableAAL added in v1.1.0 

func (i *Identity) SetAvailableAAL(ctx context.Context, m *Manager) (err error)

func (*Identity) SetCredentials 

func (i *Identity) SetCredentials(t CredentialsType, c Credentials)

func (*Identity) SetCredentialsWithConfig 

func (i *Identity) SetCredentialsWithConfig(t CredentialsType, c Credentials, conf interface{}) (err error)

func (Identity) TableName 

func (i Identity) TableName(context.Context) string

func (*Identity) UnmarshalJSON 

func (i *Identity) UnmarshalJSON(b []byte) error

func (*Identity) UpsertCredentialsConfig 

func (i *Identity) UpsertCredentialsConfig(t CredentialsType, conf []byte, version int, opt ...CredentialsOptions)

func (*Identity) Validate added in v0.13.0 

func (i *Identity) Validate() error

func (*Identity) WithDeclassifiedCredentials added in v1.0.0 

func (i *Identity) WithDeclassifiedCredentials(ctx context.Context, c cipher.Provider, includeCredentials []CredentialsType) (*Identity, error)

type IdentityWithCredentials added in v0.11.0 

type IdentityWithCredentials struct {
	// Password if set will import a password credential.
	Password *AdminIdentityImportCredentialsPassword `json:"password"`

	// OIDC if set will import an OIDC credential.
	OIDC *AdminIdentityImportCredentialsOIDC `json:"oidc"`
}

Create Identity and Import Credentials

swagger:model identityWithCredentials

type ListIdentityParameters added in v0.13.0 

type ListIdentityParameters struct {
	Expand                       Expandables
	IdsFilter                    []string
	CredentialsIdentifier        string
	CredentialsIdentifierSimilar string
	DeclassifyCredentials        []CredentialsType
	KeySetPagination             []keysetpagination.Option
	// DEPRECATED
	PagePagination   *x.Page
	ConsistencyLevel crdbx.ConsistencyLevel
}

type ManagementProvider 

type ManagementProvider interface {
	IdentityManager() *Manager
}

type Manager 

type Manager struct {
	// contains filtered or unexported fields
}

func NewManager 

func NewManager(r managerDependencies) *Manager

func (*Manager) ConflictingIdentity added in v1.1.0 

func (m *Manager) ConflictingIdentity(ctx context.Context, i *Identity) (found *Identity, foundConflictAddress string, err error)

func (*Manager) CountActiveFirstFactorCredentials 

func (m *Manager) CountActiveFirstFactorCredentials(ctx context.Context, i *Identity) (count int, err error)

func (*Manager) CountActiveMultiFactorCredentials 

func (m *Manager) CountActiveMultiFactorCredentials(ctx context.Context, i *Identity) (count int, err error)

func (*Manager) Create 

func (m *Manager) Create(ctx context.Context, i *Identity, opts ...ManagerOption) (err error)

func (*Manager) CreateIdentities added in v0.13.0 

func (m *Manager) CreateIdentities(ctx context.Context, identities []*Identity, opts ...ManagerOption) (err error)

func (*Manager) SetTraits 

func (m *Manager) SetTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) (_ *Identity, err error)

func (*Manager) Update 

func (m *Manager) Update(ctx context.Context, updated *Identity, opts ...ManagerOption) (err error)

func (*Manager) UpdateSchemaID 

func (m *Manager) UpdateSchemaID(ctx context.Context, id uuid.UUID, schemaID string, opts ...ManagerOption) (err error)

func (*Manager) UpdateTraits 

func (m *Manager) UpdateTraits(ctx context.Context, id uuid.UUID, traits Traits, opts ...ManagerOption) (err error)

func (*Manager) ValidateIdentity added in v0.11.1 

func (m *Manager) ValidateIdentity(ctx context.Context, i *Identity, o *ManagerOptions) (err error)

type ManagerOption 

type ManagerOption func(*ManagerOptions)

type ManagerOptions added in v0.11.1 

type ManagerOptions struct {
	ExposeValidationErrors    bool
	AllowWriteProtectedTraits bool
}

type NullableAuthenticatorAssuranceLevel added in v1.1.0 

type NullableAuthenticatorAssuranceLevel struct {
	sql.NullString
}

func NewNullableAuthenticatorAssuranceLevel added in v1.1.0 

func NewNullableAuthenticatorAssuranceLevel(aal AuthenticatorAssuranceLevel) NullableAuthenticatorAssuranceLevel

NewNullableAuthenticatorAssuranceLevel returns a new NullableAuthenticatorAssuranceLevel

func (NullableAuthenticatorAssuranceLevel) ToAAL added in v1.1.0 

func (n NullableAuthenticatorAssuranceLevel) ToAAL() (AuthenticatorAssuranceLevel, bool)

ToAAL returns the AuthenticatorAssuranceLevel value of the given NullableAuthenticatorAssuranceLevel.

type Pool 

type Pool interface {
	// ListIdentities lists all identities in the store given the page and itemsPerPage.
	ListIdentities(ctx context.Context, params ListIdentityParameters) ([]Identity, *keysetpagination.Paginator, error)

	// CountIdentities counts the number of identities in the store.
	CountIdentities(ctx context.Context) (int64, error)

	// GetIdentity returns an identity by its id. Will return an error if the identity does not exist or backend
	// connectivity is broken.
	GetIdentity(context.Context, uuid.UUID, sqlxx.Expandables) (*Identity, error)

	// FindVerifiableAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
	FindVerifiableAddressByValue(ctx context.Context, via string, address string) (*VerifiableAddress, error)

	// FindRecoveryAddressByValue returns a matching address or sql.ErrNoRows if no address could be found.
	FindRecoveryAddressByValue(ctx context.Context, via RecoveryAddressType, address string) (*RecoveryAddress, error)
}

type PoolProvider 

type PoolProvider interface {
	IdentityPool() Pool
}

type PrivilegedPool 

type PrivilegedPool interface {
	Pool

	// FindByCredentialsIdentifier returns an identity by querying for it's credential identifiers.
	FindByCredentialsIdentifier(ctx context.Context, ct CredentialsType, match string) (*Identity, *Credentials, error)

	// DeleteIdentity removes an identity by its id. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	DeleteIdentity(context.Context, uuid.UUID) error

	// UpdateVerifiableAddress updates an identity's verifiable address.
	UpdateVerifiableAddress(ctx context.Context, address *VerifiableAddress) error

	// CreateIdentity creates an identity. It is capable of setting credentials without encoding. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	CreateIdentity(context.Context, *Identity) error

	// CreateIdentities creates multiple identities. It is capable of setting credentials without encoding. Will return an error
	// if identity exists, backend connectivity is broken, or trait validation fails.
	CreateIdentities(context.Context, ...*Identity) error

	// UpdateIdentity updates an identity including its confidential / privileged / protected data.
	UpdateIdentity(context.Context, *Identity) error

	// GetIdentityConfidential returns the identity including it's raw credentials. This should only be used internally.
	GetIdentityConfidential(context.Context, uuid.UUID) (*Identity, error)

	// ListVerifiableAddresses lists all tracked verifiable addresses, regardless of whether they are already verified
	// or not.
	ListVerifiableAddresses(ctx context.Context, page, itemsPerPage int) ([]VerifiableAddress, error)

	// ListRecoveryAddresses lists all tracked recovery addresses.
	ListRecoveryAddresses(ctx context.Context, page, itemsPerPage int) ([]RecoveryAddress, error)

	// HydrateIdentityAssociations hydrates the associations of an identity.
	HydrateIdentityAssociations(ctx context.Context, i *Identity, expandables Expandables) error

	// InjectTraitsSchemaURL sets the identity's traits JSON schema URL from the schema's ID.
	InjectTraitsSchemaURL(ctx context.Context, i *Identity) error

	// FindIdentityByCredentialIdentifier returns an identity by matching the identifier to any of the identity's credentials.
	FindIdentityByCredentialIdentifier(ctx context.Context, identifier string, caseSensitive bool) (*Identity, error)

	// FindIdentityByWebauthnUserHandle returns an identity matching a webauthn user handle.
	FindIdentityByWebauthnUserHandle(ctx context.Context, userHandle []byte) (*Identity, error)
}

type PrivilegedPoolProvider 

type PrivilegedPoolProvider interface {
	PrivilegedIdentityPool() PrivilegedPool
}

type RecoveryAddress 

type RecoveryAddress struct {
	// required: true
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// required: true
	Value string `json:"value" db:"value"`

	// required: true
	Via RecoveryAddressType `json:"via" db:"via"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	// CreatedAt is a helper struct field for gobuffalo.pop.
	CreatedAt time.Time `json:"created_at" faker:"-" db:"created_at"`
	// UpdatedAt is a helper struct field for gobuffalo.pop.
	UpdatedAt time.Time `json:"updated_at" faker:"-" db:"updated_at"`
	NID       uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

swagger:model recoveryIdentityAddress

func CollectRecoveryAddresses added in v0.13.0 

func CollectRecoveryAddresses(i []*Identity) (res []RecoveryAddress)

CollectRecoveryAddresses returns a slice of all recovery addresses of the given identities.

func NewRecoveryEmailAddress 

func NewRecoveryEmailAddress(
	value string,
	identity uuid.UUID,
) *RecoveryAddress

func (RecoveryAddress) GetID added in v1.1.0 

func (a RecoveryAddress) GetID() uuid.UUID

func (RecoveryAddress) Hash added in v0.11.0 

func (a RecoveryAddress) Hash() string

Hash returns a unique string representation for the recovery address.

func (RecoveryAddress) TableName 

func (a RecoveryAddress) TableName(ctx context.Context) string

func (RecoveryAddress) ValidateNID 

func (a RecoveryAddress) ValidateNID() error

type RecoveryAddressStatus 

type RecoveryAddressStatus string

RecoveryAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema.

type RecoveryAddressType 

type RecoveryAddressType string

RecoveryAddressType must not exceed 16 characters as that is the limitation in the SQL Schema. 

const (
	RecoveryAddressTypeEmail RecoveryAddressType = AddressTypeEmail
)

func (RecoveryAddressType) HTMLFormInputType 

func (v RecoveryAddressType) HTMLFormInputType() string

type RecoveryCode added in v0.13.0 

type RecoveryCode struct {
	// A recovery code
	Code string `json:"code"`

	// UsedAt indicates whether and when a recovery code was used.
	UsedAt sqlxx.NullTime `json:"used_at,omitempty"`
}

type Registry 

type Registry interface {
	IdentityPool() Pool
}

type SchemaExtensionCredentials 

type SchemaExtensionCredentials struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionCredentials 

func NewSchemaExtensionCredentials(i *Identity) *SchemaExtensionCredentials

func (*SchemaExtensionCredentials) Finish 

func (r *SchemaExtensionCredentials) Finish() error

func (*SchemaExtensionCredentials) Run 

func (r *SchemaExtensionCredentials) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type SchemaExtensionRecovery 

type SchemaExtensionRecovery struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionRecovery 

func NewSchemaExtensionRecovery(i *Identity) *SchemaExtensionRecovery

func (*SchemaExtensionRecovery) Finish 

func (r *SchemaExtensionRecovery) Finish() error

func (*SchemaExtensionRecovery) Run 

func (r *SchemaExtensionRecovery) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type SchemaExtensionVerification 

type SchemaExtensionVerification struct {
	// contains filtered or unexported fields
}

func NewSchemaExtensionVerification 

func NewSchemaExtensionVerification(i *Identity, lifespan time.Duration) *SchemaExtensionVerification

func (*SchemaExtensionVerification) Finish 

func (r *SchemaExtensionVerification) Finish() error

func (*SchemaExtensionVerification) Run 

func (r *SchemaExtensionVerification) Run(ctx jsonschema.ValidationContext, s schema.ExtensionConfig, value interface{}) error

type State 

type State string

An Identity's State

The state can either be `active` or `inactive`.

swagger:enum State 

const (
	StateActive   State = "active"
	StateInactive State = "inactive"
)

func (State) IsValid 

func (lt State) IsValid() error

type Traits 

type Traits json.RawMessage

Traits represent an identity's traits. The identity is able to create, modify, and delete traits in a self-service manner. The input will always be validated against the JSON Schema defined in `schema_url`.

swagger:model identityTraits

func (Traits) MarshalJSON 

func (t Traits) MarshalJSON() ([]byte, error)

MarshalJSON returns m as the JSON encoding of m.

func (*Traits) Scan 

func (t *Traits) Scan(value interface{}) error

func (*Traits) String 

func (t *Traits) String() string

func (*Traits) UnmarshalJSON 

func (t *Traits) UnmarshalJSON(data []byte) error

UnmarshalJSON sets *m to a copy of data.

func (Traits) Value 

func (t Traits) Value() (driver.Value, error)

type UpdateIdentityBody added in v0.11.0 

type UpdateIdentityBody struct {
	// SchemaID is the ID of the JSON Schema to be used for validating the identity's traits. If set
	// will update the Identity's SchemaID.
	//
	// required: true
	SchemaID string `json:"schema_id"`

	// Traits represent an identity's traits. The identity is able to create, modify, and delete traits
	// in a self-service manner. The input will always be validated against the JSON Schema defined
	// in `schema_id`.
	//
	// required: true
	Traits json.RawMessage `json:"traits"`

	// Credentials represents all credentials that can be used for authenticating this identity.
	//
	// Use this structure to import credentials for a user.
	// Note: this wil override completely identity's credentials. If used incorrectly, this can cause a user to lose
	// access to their account!
	Credentials *IdentityWithCredentials `json:"credentials"`

	// Store metadata about the identity which the identity itself can see when calling for example the
	// session endpoint. Do not store sensitive information (e.g. credit score) about the identity in this field.
	MetadataPublic json.RawMessage `json:"metadata_public"`

	// Store metadata about the user which is only accessible through admin APIs such as `GET /admin/identities/<id>`.
	MetadataAdmin json.RawMessage `json:"metadata_admin,omitempty"`

	// State is the identity's state.
	//
	// required: true
	State State `json:"state"`
}

Update Identity Body

swagger:model updateIdentityBody

type ValidationProvider 

type ValidationProvider interface {
	IdentityValidator() *Validator
}

type Validator 

type Validator struct {
	// contains filtered or unexported fields
}

func NewValidator 

func NewValidator(d validatorDependencies) *Validator

func (*Validator) Validate 

func (v *Validator) Validate(ctx context.Context, i *Identity) error

func (*Validator) ValidateWithRunner 

func (v *Validator) ValidateWithRunner(ctx context.Context, i *Identity, runners ...schema.ValidateExtension) error

type VerifiableAddress 

type VerifiableAddress struct {
	// The ID
	//
	ID uuid.UUID `json:"id" db:"id" faker:"-"`

	// The address value
	//
	// example foo@user.com
	// required: true
	Value string `json:"value" db:"value"`

	// Indicates if the address has already been verified
	//
	// example: true
	// required: true
	Verified bool `json:"verified" db:"verified"`

	// The delivery method
	//
	// enum: email,sms
	// example: email
	// required: true
	Via string `json:"via" db:"via"`

	// The verified address status
	//
	// enum: pending,sent,completed
	// example: sent
	// required: true
	Status VerifiableAddressStatus `json:"status" db:"status"`

	// When the address was verified
	//
	// example: 2014-01-01T23:28:56.782Z
	// required: false
	VerifiedAt *sqlxx.NullTime `json:"verified_at,omitempty" faker:"-" db:"verified_at"`

	// When this entry was created
	//
	// example: 2014-01-01T23:28:56.782Z
	CreatedAt time.Time `json:"created_at" faker:"-" db:"created_at"`

	// When this entry was last updated
	//
	// example: 2014-01-01T23:28:56.782Z
	UpdatedAt time.Time `json:"updated_at" faker:"-" db:"updated_at"`

	// IdentityID is a helper struct field for gobuffalo.pop.
	IdentityID uuid.UUID `json:"-" faker:"-" db:"identity_id"`
	NID        uuid.UUID `json:"-"  faker:"-" db:"nid"`
}

VerifiableAddress is an identity's verifiable address

swagger:model verifiableIdentityAddress

func CollectVerifiableAddresses added in v0.13.0 

func CollectVerifiableAddresses(i []*Identity) (res []VerifiableAddress)

CollectVerifiableAddresses returns a slice of all verifiable addresses of the given identities.

func NewVerifiableAddress added in v1.1.0 

func NewVerifiableAddress(value string, identity uuid.UUID, channel string) *VerifiableAddress

func NewVerifiableEmailAddress 

func NewVerifiableEmailAddress(value string, identity uuid.UUID) *VerifiableAddress

func (VerifiableAddress) GetID 

func (a VerifiableAddress) GetID() uuid.UUID

func (VerifiableAddress) GetNID 

func (a VerifiableAddress) GetNID() uuid.UUID

func (VerifiableAddress) Hash added in v0.11.0 

func (a VerifiableAddress) Hash() string

Hash returns a unique string representation for the recovery address.

func (VerifiableAddress) TableName 

func (a VerifiableAddress) TableName(ctx context.Context) string

func (VerifiableAddress) ValidateNID 

func (a VerifiableAddress) ValidateNID() error

type VerifiableAddressStatus 

type VerifiableAddressStatus string

VerifiableAddressStatus must not exceed 16 characters as that is the limitation in the SQL Schema

swagger:model identityVerifiableAddressStatus

type VerifiableAddressType 

type VerifiableAddressType = string

VerifiableAddressType must not exceed 16 characters as that is the limitation in the SQL Schema

swagger:model identityVerifiableAddressType

type WithAdminMetadataInJSON added in v0.11.0 

type WithAdminMetadataInJSON Identity

func (WithAdminMetadataInJSON) MarshalJSON added in v0.11.0 

func (i WithAdminMetadataInJSON) MarshalJSON() ([]byte, error)

type WithCredentialsAndAdminMetadataInJSON 

type WithCredentialsAndAdminMetadataInJSON Identity

func (WithCredentialsAndAdminMetadataInJSON) MarshalJSON 

func (i WithCredentialsAndAdminMetadataInJSON) MarshalJSON() ([]byte, error)

type WithCredentialsMetadataAndAdminMetadataInJSON 

type WithCredentialsMetadataAndAdminMetadataInJSON Identity

func (WithCredentialsMetadataAndAdminMetadataInJSON) MarshalJSON 

func (i WithCredentialsMetadataAndAdminMetadataInJSON) MarshalJSON() ([]byte, error)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.