Documentation ¶
Index ¶
- Constants
- Variables
- func HookStrategyKey(key, strategy string) string
- func NewConfigHashHandler(c Provider, router router)
- func SetValidateIdentitySchemaResilientClientOptions(ctx context.Context, options []httpx.ResilientOptions) context.Context
- func ToCipherSecrets(secrets []string) [][32]byte
- type Argon2
- type Bcrypt
- type CertFunc
- type Config
- func (p *Config) AdminListenOn(ctx context.Context) string
- func (p *Config) AdminSocketPermission(ctx context.Context) *configx.UnixPermission
- func (p *Config) CORS(ctx context.Context, iface string) (cors.Options, bool)
- func (p *Config) CipherAlgorithm(ctx context.Context) string
- func (p *Config) ClientHTTPNoPrivateIPRanges(ctx context.Context) bool
- func (p *Config) ClientHTTPPrivateIPExceptionURLs(ctx context.Context) []string
- func (p *Config) ConfigVersion(ctx context.Context) string
- func (p *Config) CookieDomain(ctx context.Context) string
- func (p *Config) CookiePath(ctx context.Context) string
- func (p *Config) CookieSameSiteMode(ctx context.Context) http.SameSite
- func (p *Config) CourierChannels(ctx context.Context) (ccs []*CourierChannel, _ error)
- func (p *Config) CourierEmailRequestConfig(ctx context.Context) json.RawMessage
- func (p *Config) CourierEmailStrategy(ctx context.Context) string
- func (p *Config) CourierEmailTemplatesHelper(ctx context.Context, key string) *CourierEmailTemplate
- func (p *Config) CourierExposeMetricsPort(ctx context.Context) int
- func (p *Config) CourierMessageRetries(ctx context.Context) int
- func (p *Config) CourierSMSTemplatesHelper(ctx context.Context, key string) *CourierSMSTemplate
- func (p *Config) CourierSMSTemplatesLoginCodeValid(ctx context.Context) *CourierSMSTemplate
- func (p *Config) CourierSMSTemplatesVerificationCodeValid(ctx context.Context) *CourierSMSTemplate
- func (p *Config) CourierSMTPHeaders(ctx context.Context) map[string]string
- func (p *Config) CourierTemplatesLoginCodeValid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesRecoveryCodeInvalid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesRecoveryCodeValid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesRecoveryInvalid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesRecoveryValid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesRegistrationCodeValid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesRoot(ctx context.Context) string
- func (p *Config) CourierTemplatesVerificationCodeInvalid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesVerificationCodeValid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesVerificationInvalid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierTemplatesVerificationValid(ctx context.Context) *CourierEmailTemplate
- func (p *Config) CourierWorkerPullCount(ctx context.Context) int
- func (p *Config) CourierWorkerPullWait(ctx context.Context) time.Duration
- func (p *Config) DSN(ctx context.Context) string
- func (p *Config) DatabaseCleanupBatchSize(ctx context.Context) int
- func (p *Config) DatabaseCleanupSleepTables(ctx context.Context) time.Duration
- func (p *Config) DefaultConsistencyLevel(ctx context.Context) crdbx.ConsistencyLevel
- func (p *Config) DefaultIdentityTraitsSchemaID(ctx context.Context) string
- func (p *Config) DefaultIdentityTraitsSchemaURL(ctx context.Context) (*url.URL, error)
- func (p *Config) DisableAPIFlowEnforcement(ctx context.Context) bool
- func (p *Config) DisableAdminHealthRequestLog(ctx context.Context) bool
- func (p *Config) DisablePublicHealthRequestLog(ctx context.Context) bool
- func (p *Config) FeatureFlagFasterSessionExtend(ctx context.Context) bool
- func (p *Config) GetProvider(ctx context.Context) *configx.Provider
- func (p *Config) GetTLSCertificatesForAdmin(ctx context.Context) CertFunc
- func (p *Config) GetTLSCertificatesForPublic(ctx context.Context) CertFunc
- func (p *Config) HasherArgon2(ctx context.Context) *Argon2
- func (p *Config) HasherBcrypt(ctx context.Context) *Bcrypt
- func (p *Config) HasherPasswordHashingAlgorithm(ctx context.Context) string
- func (p *Config) IdentityTraitsSchemas(ctx context.Context) (ss Schemas, err error)
- func (p *Config) IsBackgroundCourierEnabled(ctx context.Context) bool
- func (p *Config) IsInsecureDevMode(ctx context.Context) bool
- func (p *Config) MetricsListenOn(ctx context.Context) string
- func (p *Config) MustSet(_ context.Context, key string, value interface{})deprecated
- func (p *Config) OAuth2ProviderHeader(ctx context.Context) http.Header
- func (p *Config) OAuth2ProviderOverrideReturnTo(ctx context.Context) bool
- func (p *Config) OAuth2ProviderURL(ctx context.Context) *url.URL
- func (p *Config) OIDCRedirectURIBase(ctx context.Context) *url.URL
- func (p *Config) ParseAbsoluteOrRelativeURI(rawUrl string) (*url.URL, error)
- func (p *Config) ParseAbsoluteOrRelativeURIOrFail(ctx context.Context, key string) *url.URL
- func (p *Config) ParseURI(rawUrl string) (*url.URL, error)
- func (p *Config) ParseURIOrFail(ctx context.Context, key string) *url.URL
- func (p *Config) PasskeyConfig(ctx context.Context) *webauthn.Config
- func (p *Config) PasswordMigrationHook(ctx context.Context) *PasswordMigrationHook
- func (p *Config) PasswordPolicyConfig(ctx context.Context) *PasswordPolicy
- func (p *Config) PublicListenOn(ctx context.Context) string
- func (p *Config) PublicSocketPermission(ctx context.Context) *configx.UnixPermission
- func (p *Config) SecretsCipher(ctx context.Context) [][32]byte
- func (p *Config) SecretsDefault(ctx context.Context) [][]byte
- func (p *Config) SecretsSession(ctx context.Context) [][]byte
- func (p *Config) SecurityAccountEnumerationMitigate(ctx context.Context) bool
- func (p *Config) SelfAdminURL(ctx context.Context) *url.URL
- func (p *Config) SelfPublicURL(ctx context.Context) *url.URL
- func (p *Config) SelfServiceBrowserAllowedReturnToDomains(ctx context.Context) (us []url.URL)
- func (p *Config) SelfServiceBrowserDefaultReturnTo(ctx context.Context) *url.URL
- func (p *Config) SelfServiceCodeMethodLifespan(ctx context.Context) time.Duration
- func (p *Config) SelfServiceCodeMethodMissingCredentialFallbackEnabled(ctx context.Context) bool
- func (p *Config) SelfServiceCodeStrategy(ctx context.Context) *SelfServiceStrategyCode
- func (p *Config) SelfServiceFlowErrorURL(ctx context.Context) *url.URL
- func (p *Config) SelfServiceFlowLoginAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowLoginBeforeHooks(ctx context.Context) []SelfServiceHook
- func (p *Config) SelfServiceFlowLoginRequestLifespan(ctx context.Context) time.Duration
- func (p *Config) SelfServiceFlowLoginReturnTo(ctx context.Context, strategy string) *url.URL
- func (p *Config) SelfServiceFlowLoginUI(ctx context.Context) *url.URL
- func (p *Config) SelfServiceFlowLogoutRedirectURL(ctx context.Context) *url.URL
- func (p *Config) SelfServiceFlowRecoveryAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowRecoveryBeforeHooks(ctx context.Context) []SelfServiceHook
- func (p *Config) SelfServiceFlowRecoveryEnabled(ctx context.Context) bool
- func (p *Config) SelfServiceFlowRecoveryNotifyUnknownRecipients(ctx context.Context) bool
- func (p *Config) SelfServiceFlowRecoveryRequestLifespan(ctx context.Context) time.Duration
- func (p *Config) SelfServiceFlowRecoveryReturnTo(ctx context.Context, defaultReturnTo *url.URL) *url.URL
- func (p *Config) SelfServiceFlowRecoveryUI(ctx context.Context) *url.URL
- func (p *Config) SelfServiceFlowRecoveryUse(ctx context.Context) string
- func (p *Config) SelfServiceFlowRegistrationAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowRegistrationBeforeHooks(ctx context.Context) []SelfServiceHook
- func (p *Config) SelfServiceFlowRegistrationEnabled(ctx context.Context) bool
- func (p *Config) SelfServiceFlowRegistrationLoginHints(ctx context.Context) bool
- func (p *Config) SelfServiceFlowRegistrationRequestLifespan(ctx context.Context) time.Duration
- func (p *Config) SelfServiceFlowRegistrationReturnTo(ctx context.Context, strategy string) *url.URL
- func (p *Config) SelfServiceFlowRegistrationTwoSteps(ctx context.Context) bool
- func (p *Config) SelfServiceFlowRegistrationUI(ctx context.Context) *url.URL
- func (p *Config) SelfServiceFlowSettingsAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowSettingsBeforeHooks(ctx context.Context) []SelfServiceHook
- func (p *Config) SelfServiceFlowSettingsFlowLifespan(ctx context.Context) time.Duration
- func (p *Config) SelfServiceFlowSettingsPrivilegedSessionMaxAge(ctx context.Context) time.Duration
- func (p *Config) SelfServiceFlowSettingsReturnTo(ctx context.Context, strategy string, defaultReturnTo *url.URL) *url.URL
- func (p *Config) SelfServiceFlowSettingsUI(ctx context.Context) *url.URL
- func (p *Config) SelfServiceFlowVerificationAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
- func (p *Config) SelfServiceFlowVerificationBeforeHooks(ctx context.Context) []SelfServiceHook
- func (p *Config) SelfServiceFlowVerificationEnabled(ctx context.Context) bool
- func (p *Config) SelfServiceFlowVerificationNotifyUnknownRecipients(ctx context.Context) bool
- func (p *Config) SelfServiceFlowVerificationRequestLifespan(ctx context.Context) time.Duration
- func (p *Config) SelfServiceFlowVerificationReturnTo(ctx context.Context, defaultReturnTo *url.URL) *url.URL
- func (p *Config) SelfServiceFlowVerificationUI(ctx context.Context) *url.URL
- func (p *Config) SelfServiceFlowVerificationUse(ctx context.Context) string
- func (p *Config) SelfServiceLinkMethodBaseURL(ctx context.Context) *url.URL
- func (p *Config) SelfServiceLinkMethodLifespan(ctx context.Context) time.Duration
- func (p *Config) SelfServiceLoginFlowIdentifierFirstEnabled(ctx context.Context) bool
- func (p *Config) SelfServiceSettingsRequiredAAL(ctx context.Context) string
- func (p *Config) SelfServiceStrategy(ctx context.Context, strategy string) *SelfServiceStrategy
- func (p *Config) SessionDomain(ctx context.Context) string
- func (p *Config) SessionLifespan(ctx context.Context) time.Duration
- func (p *Config) SessionName(ctx context.Context) string
- func (p *Config) SessionPath(ctx context.Context) string
- func (p *Config) SessionPersistentCookie(ctx context.Context) bool
- func (p *Config) SessionRefreshMinTimeLeft(ctx context.Context) time.Duration
- func (p *Config) SessionSameSiteMode(ctx context.Context) http.SameSite
- func (p *Config) SessionWhoAmIAAL(ctx context.Context) string
- func (p *Config) SessionWhoAmICaching(ctx context.Context) bool
- func (p *Config) SessionWhoAmICachingMaxAge(ctx context.Context) time.Duration
- func (p *Config) Set(_ context.Context, key string, value interface{}) errordeprecated
- func (p *Config) TOTPIssuer(ctx context.Context) string
- func (p *Config) TokenizeTemplate(ctx context.Context, key string) (_ *SessionTokenizeFormat, err error)
- func (p *Config) Tracing(ctx context.Context) *otelx.Config
- func (p *Config) UseContinueWithTransitions(ctx context.Context) bool
- func (p *Config) WebAuthnConfig(ctx context.Context) *webauthn.Config
- func (p *Config) WebAuthnForPasswordless(ctx context.Context) bool
- type CourierChannel
- type CourierConfigs
- type CourierEmailBodyTemplate
- type CourierEmailTemplate
- type CourierSMSTemplate
- type CourierSMSTemplateBody
- type PasswordMigrationHook
- type PasswordPolicy
- type Provider
- type SMTPConfig
- type Schema
- type Schemas
- type SelfServiceHook
- type SelfServiceStrategy
- type SelfServiceStrategyCode
- type SessionTokenizeFormat
Constants ¶
View Source
const ( DefaultIdentityTraitsSchemaID = "default" DefaultBrowserReturnURL = "default_browser_return_url" DefaultSQLiteMemoryDSN = "sqlite://file::memory:?_fk=true&cache=shared" DefaultPasswordHashingAlgorithm = "argon2" DefaultCipherAlgorithm = "noop" UnknownVersion = "unknown version" ViperKeyDSN = "dsn" ViperKeyCourierSMTPURL = "courier.smtp.connection_uri" ViperKeyCourierSMTPClientCertPath = "courier.smtp.client_cert_path" ViperKeyCourierSMTPClientKeyPath = "courier.smtp.client_key_path" ViperKeyCourierTemplatesPath = "courier.template_override_path" ViperKeyCourierTemplatesRecoveryInvalidEmail = "courier.templates.recovery.invalid.email" ViperKeyCourierTemplatesRecoveryValidEmail = "courier.templates.recovery.valid.email" ViperKeyCourierTemplatesRecoveryCodeInvalidEmail = "courier.templates.recovery_code.invalid.email" ViperKeyCourierTemplatesRecoveryCodeValidEmail = "courier.templates.recovery_code.valid.email" ViperKeyCourierTemplatesVerificationInvalidEmail = "courier.templates.verification.invalid.email" ViperKeyCourierTemplatesVerificationValidEmail = "courier.templates.verification.valid.email" ViperKeyCourierTemplatesVerificationCodeInvalidEmail = "courier.templates.verification_code.invalid.email" ViperKeyCourierTemplatesVerificationCodeValidEmail = "courier.templates.verification_code.valid.email" ViperKeyCourierTemplatesVerificationCodeValidSMS = "courier.templates.verification_code.valid.sms" ViperKeyCourierTemplatesLoginCodeValidSMS = "courier.templates.login_code.valid.sms" ViperKeyCourierDeliveryStrategy = "courier.delivery_strategy" ViperKeyCourierHTTPRequestConfig = "courier.http.request_config" ViperKeyCourierTemplatesLoginCodeValidEmail = "courier.templates.login_code.valid.email" ViperKeyCourierTemplatesRegistrationCodeValidEmail = "courier.templates.registration_code.valid.email" ViperKeyCourierSMTP = "courier.smtp" ViperKeyCourierSMTPFrom = "courier.smtp.from_address" ViperKeyCourierSMTPFromName = "courier.smtp.from_name" ViperKeyCourierSMTPHeaders = "courier.smtp.headers" ViperKeyCourierSMTPLocalName = "courier.smtp.local_name" ViperKeyCourierMessageRetries = "courier.message_retries" ViperKeyCourierWorkerPullCount = "courier.worker.pull_count" ViperKeyCourierWorkerPullWait = "courier.worker.pull_wait" ViperKeyCourierChannels = "courier.channels" ViperKeySecretsDefault = "secrets.default" ViperKeySecretsCookie = "secrets.cookie" ViperKeySecretsCipher = "secrets.cipher" ViperKeyDisablePublicHealthRequestLog = "serve.public.request_log.disable_for_health" ViperKeyPublicBaseURL = "serve.public.base_url" ViperKeyPublicPort = "serve.public.port" ViperKeyPublicHost = "serve.public.host" ViperKeyPublicSocketOwner = "serve.public.socket.owner" ViperKeyPublicSocketGroup = "serve.public.socket.group" ViperKeyPublicSocketMode = "serve.public.socket.mode" ViperKeyPublicTLSCertBase64 = "serve.public.tls.cert.base64" ViperKeyPublicTLSKeyBase64 = "serve.public.tls.key.base64" ViperKeyPublicTLSCertPath = "serve.public.tls.cert.path" ViperKeyPublicTLSKeyPath = "serve.public.tls.key.path" ViperKeyDisableAdminHealthRequestLog = "serve.admin.request_log.disable_for_health" ViperKeyAdminBaseURL = "serve.admin.base_url" ViperKeyAdminPort = "serve.admin.port" ViperKeyAdminHost = "serve.admin.host" ViperKeyAdminSocketOwner = "serve.admin.socket.owner" ViperKeyAdminSocketGroup = "serve.admin.socket.group" ViperKeyAdminSocketMode = "serve.admin.socket.mode" ViperKeyAdminTLSCertBase64 = "serve.admin.tls.cert.base64" ViperKeyAdminTLSKeyBase64 = "serve.admin.tls.key.base64" ViperKeyAdminTLSCertPath = "serve.admin.tls.cert.path" ViperKeyAdminTLSKeyPath = "serve.admin.tls.key.path" ViperKeySessionLifespan = "session.lifespan" ViperKeySessionSameSite = "session.cookie.same_site" ViperKeySessionDomain = "session.cookie.domain" ViperKeySessionName = "session.cookie.name" ViperKeySessionPath = "session.cookie.path" ViperKeySessionPersistentCookie = "session.cookie.persistent" ViperKeySessionTokenizerTemplates = "session.whoami.tokenizer.templates" ViperKeySessionWhoAmIAAL = "session.whoami.required_aal" ViperKeySessionWhoAmICaching = "feature_flags.cacheable_sessions" ViperKeyFeatureFlagFasterSessionExtend = "feature_flags.faster_session_extend" ViperKeySessionWhoAmICachingMaxAge = "feature_flags.cacheable_sessions_max_age" ViperKeyUseContinueWithTransitions = "feature_flags.use_continue_with_transitions" ViperKeySessionRefreshMinTimeLeft = "session.earliest_possible_extend" ViperKeyCookieSameSite = "cookies.same_site" ViperKeyCookieDomain = "cookies.domain" ViperKeyCookiePath = "cookies.path" ViperKeySelfServiceStrategyConfig = "selfservice.methods" ViperKeySelfServiceBrowserDefaultReturnTo = "selfservice." + DefaultBrowserReturnURL ViperKeyURLsAllowedReturnToDomains = "selfservice.allowed_return_urls" ViperKeySelfServiceRegistrationEnabled = "selfservice.flows.registration.enabled" ViperKeySelfServiceRegistrationLoginHints = "selfservice.flows.registration.login_hints" ViperKeySelfServiceRegistrationEnableLegacyOneStep = "selfservice.flows.registration.enable_legacy_one_step" ViperKeySelfServiceRegistrationUI = "selfservice.flows.registration.ui_url" ViperKeySelfServiceRegistrationRequestLifespan = "selfservice.flows.registration.lifespan" ViperKeySelfServiceRegistrationAfter = "selfservice.flows.registration.after" ViperKeySelfServiceRegistrationBeforeHooks = "selfservice.flows.registration.before.hooks" ViperKeySelfServiceLoginUI = "selfservice.flows.login.ui_url" ViperKeySelfServiceLoginFlowStyle = "selfservice.flows.login.style" ViperKeySecurityAccountEnumerationMitigate = "security.account_enumeration.mitigate" ViperKeySelfServiceLoginRequestLifespan = "selfservice.flows.login.lifespan" ViperKeySelfServiceLoginAfter = "selfservice.flows.login.after" ViperKeySelfServiceLoginBeforeHooks = "selfservice.flows.login.before.hooks" ViperKeySelfServiceErrorUI = "selfservice.flows.error.ui_url" ViperKeySelfServiceLogoutBrowserDefaultReturnTo = "selfservice.flows.logout.after." + DefaultBrowserReturnURL ViperKeySelfServiceSettingsURL = "selfservice.flows.settings.ui_url" ViperKeySelfServiceSettingsAfter = "selfservice.flows.settings.after" ViperKeySelfServiceSettingsBeforeHooks = "selfservice.flows.settings.before.hooks" ViperKeySelfServiceSettingsRequestLifespan = "selfservice.flows.settings.lifespan" ViperKeySelfServiceSettingsPrivilegedAuthenticationAfter = "selfservice.flows.settings.privileged_session_max_age" ViperKeySelfServiceSettingsRequiredAAL = "selfservice.flows.settings.required_aal" ViperKeySelfServiceRecoveryAfter = "selfservice.flows.recovery.after" ViperKeySelfServiceRecoveryBeforeHooks = "selfservice.flows.recovery.before.hooks" ViperKeySelfServiceRecoveryEnabled = "selfservice.flows.recovery.enabled" ViperKeySelfServiceRecoveryUse = "selfservice.flows.recovery.use" ViperKeySelfServiceRecoveryUI = "selfservice.flows.recovery.ui_url" ViperKeySelfServiceRecoveryRequestLifespan = "selfservice.flows.recovery.lifespan" ViperKeySelfServiceRecoveryBrowserDefaultReturnTo = "selfservice.flows.recovery.after." + DefaultBrowserReturnURL ViperKeySelfServiceRecoveryNotifyUnknownRecipients = "selfservice.flows.recovery.notify_unknown_recipients" ViperKeySelfServiceVerificationEnabled = "selfservice.flows.verification.enabled" ViperKeySelfServiceVerificationUI = "selfservice.flows.verification.ui_url" ViperKeySelfServiceVerificationRequestLifespan = "selfservice.flows.verification.lifespan" ViperKeySelfServiceVerificationBrowserDefaultReturnTo = "selfservice.flows.verification.after." + DefaultBrowserReturnURL ViperKeySelfServiceVerificationAfter = "selfservice.flows.verification.after" ViperKeySelfServiceVerificationBeforeHooks = "selfservice.flows.verification.before.hooks" ViperKeySelfServiceVerificationUse = "selfservice.flows.verification.use" ViperKeySelfServiceVerificationNotifyUnknownRecipients = "selfservice.flows.verification.notify_unknown_recipients" ViperKeyDefaultIdentitySchemaID = "identity.default_schema_id" ViperKeyIdentitySchemas = "identity.schemas" ViperKeyHasherAlgorithm = "hashers.algorithm" ViperKeyHasherArgon2ConfigMemory = "hashers.argon2.memory" ViperKeyHasherArgon2ConfigIterations = "hashers.argon2.iterations" ViperKeyHasherArgon2ConfigParallelism = "hashers.argon2.parallelism" ViperKeyHasherArgon2ConfigSaltLength = "hashers.argon2.salt_length" ViperKeyHasherArgon2ConfigKeyLength = "hashers.argon2.key_length" ViperKeyHasherArgon2ConfigExpectedDuration = "hashers.argon2.expected_duration" ViperKeyHasherArgon2ConfigExpectedDeviation = "hashers.argon2.expected_deviation" ViperKeyHasherArgon2ConfigDedicatedMemory = "hashers.argon2.dedicated_memory" ViperKeyHasherBcryptCost = "hashers.bcrypt.cost" ViperKeyCipherAlgorithm = "ciphers.algorithm" ViperKeyDatabaseCleanupSleepTables = "database.cleanup.sleep.tables" ViperKeyDatabaseCleanupBatchSize = "database.cleanup.batch_size" ViperKeyLinkLifespan = "selfservice.methods.link.config.lifespan" ViperKeyLinkBaseURL = "selfservice.methods.link.config.base_url" ViperKeyCodeLifespan = "selfservice.methods.code.config.lifespan" ViperKeyCodeConfigMissingCredentialFallbackEnabled = "selfservice.methods.code.config.missing_credential_fallback_enabled" ViperKeyPasswordHaveIBeenPwnedHost = "selfservice.methods.password.config.haveibeenpwned_host" ViperKeyPasswordHaveIBeenPwnedEnabled = "selfservice.methods.password.config.haveibeenpwned_enabled" ViperKeyPasswordMaxBreaches = "selfservice.methods.password.config.max_breaches" ViperKeyPasswordMinLength = "selfservice.methods.password.config.min_password_length" ViperKeyPasswordIdentifierSimilarityCheckEnabled = "selfservice.methods.password.config.identifier_similarity_check_enabled" ViperKeyIgnoreNetworkErrors = "selfservice.methods.password.config.ignore_network_errors" ViperKeyTOTPIssuer = "selfservice.methods.totp.config.issuer" ViperKeyOIDCBaseRedirectURL = "selfservice.methods.oidc.config.base_redirect_uri" ViperKeyWebAuthnRPDisplayName = "selfservice.methods.webauthn.config.rp.display_name" ViperKeyWebAuthnRPID = "selfservice.methods.webauthn.config.rp.id" ViperKeyWebAuthnRPOrigin = "selfservice.methods.webauthn.config.rp.origin" ViperKeyWebAuthnRPOrigins = "selfservice.methods.webauthn.config.rp.origins" ViperKeyWebAuthnPasswordless = "selfservice.methods.webauthn.config.passwordless" ViperKeyPasskeyEnabled = "selfservice.methods.passkey.enabled" ViperKeyPasskeyRPDisplayName = "selfservice.methods.passkey.config.rp.display_name" ViperKeyPasskeyRPID = "selfservice.methods.passkey.config.rp.id" ViperKeyPasskeyRPOrigins = "selfservice.methods.passkey.config.rp.origins" ViperKeyOAuth2ProviderURL = "oauth2_provider.url" ViperKeyOAuth2ProviderHeader = "oauth2_provider.headers" ViperKeyOAuth2ProviderOverrideReturnTo = "oauth2_provider.override_return_to" ViperKeyClientHTTPNoPrivateIPRanges = "clients.http.disallow_private_ip_ranges" ViperKeyClientHTTPPrivateIPExceptionURLs = "clients.http.private_ip_exception_urls" ViperKeyPreviewDefaultReadConsistencyLevel = "preview.default_read_consistency_level" ViperKeyVersion = "version" ViperKeyPasswordMigrationHook = "selfservice.methods.password.config.migrate_hook" )
View Source
const ( HighestAvailableAAL = "highest_available" Argon2DefaultMemory = 128 * bytesize.MB Argon2DefaultIterations uint32 = 1 Argon2DefaultSaltLength uint32 = 16 Argon2DefaultKeyLength uint32 = 32 Argon2DefaultDuration = 500 * time.Millisecond Argon2DefaultDeviation = 500 * time.Millisecond Argon2DefaultDedicatedMemory = 1 * bytesize.GB BcryptDefaultCost uint32 = 12 )
View Source
const DefaultSessionCookieName = "ory_kratos_session"
DefaultSessionCookieName returns the default cookie name for the kratos session.
View Source
const HookGlobal = "global"
Variables ¶
View Source
var ( Version = "master" Date = "undefined" Commit = "undefined" )
View Source
var Argon2DefaultParallelism = uint8(runtime.NumCPU() * 2)
Functions ¶
func HookStrategyKey ¶
func NewConfigHashHandler ¶
func NewConfigHashHandler(c Provider, router router)
func SetValidateIdentitySchemaResilientClientOptions ¶ added in v0.11.0
func ToCipherSecrets ¶ added in v1.3.0
Types ¶
type Argon2 ¶
type Argon2 struct { Memory bytesize.ByteSize `json:"memory"` Iterations uint32 `json:"iterations"` Parallelism uint8 `json:"parallelism"` SaltLength uint32 `json:"salt_length"` KeyLength uint32 `json:"key_length"` ExpectedDuration time.Duration `json:"expected_duration"` ExpectedDeviation time.Duration `json:"expected_deviation"` DedicatedMemory bytesize.ByteSize `json:"dedicated_memory"` }
func (*Argon2) MarshalJSON ¶
type CertFunc ¶ added in v0.11.0
type CertFunc = func(*tls.ClientHelloInfo) (*tls.Certificate, error)
type Config ¶
type Config struct {
// contains filtered or unexported fields
}
func (*Config) AdminSocketPermission ¶
func (p *Config) AdminSocketPermission(ctx context.Context) *configx.UnixPermission
func (*Config) ClientHTTPNoPrivateIPRanges ¶
func (*Config) ClientHTTPPrivateIPExceptionURLs ¶ added in v0.11.0
func (*Config) CookieSameSiteMode ¶
func (*Config) CourierChannels ¶ added in v1.1.0
func (p *Config) CourierChannels(ctx context.Context) (ccs []*CourierChannel, _ error)
func (*Config) CourierEmailRequestConfig ¶ added in v1.0.0
func (p *Config) CourierEmailRequestConfig(ctx context.Context) json.RawMessage
func (*Config) CourierEmailStrategy ¶ added in v1.0.0
func (*Config) CourierEmailTemplatesHelper ¶ added in v1.1.0
func (p *Config) CourierEmailTemplatesHelper(ctx context.Context, key string) *CourierEmailTemplate
func (*Config) CourierExposeMetricsPort ¶
func (*Config) CourierMessageRetries ¶ added in v0.11.0
func (*Config) CourierSMSTemplatesHelper ¶ added in v1.1.0
func (p *Config) CourierSMSTemplatesHelper(ctx context.Context, key string) *CourierSMSTemplate
func (*Config) CourierSMSTemplatesLoginCodeValid ¶ added in v1.1.0
func (p *Config) CourierSMSTemplatesLoginCodeValid(ctx context.Context) *CourierSMSTemplate
func (*Config) CourierSMSTemplatesVerificationCodeValid ¶ added in v1.1.0
func (p *Config) CourierSMSTemplatesVerificationCodeValid(ctx context.Context) *CourierSMSTemplate
func (*Config) CourierSMTPHeaders ¶
func (*Config) CourierTemplatesLoginCodeValid ¶ added in v1.1.0
func (p *Config) CourierTemplatesLoginCodeValid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesRecoveryCodeInvalid ¶ added in v0.11.0
func (p *Config) CourierTemplatesRecoveryCodeInvalid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesRecoveryCodeValid ¶ added in v0.11.0
func (p *Config) CourierTemplatesRecoveryCodeValid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesRecoveryInvalid ¶
func (p *Config) CourierTemplatesRecoveryInvalid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesRecoveryValid ¶
func (p *Config) CourierTemplatesRecoveryValid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesRegistrationCodeValid ¶ added in v1.1.0
func (p *Config) CourierTemplatesRegistrationCodeValid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesRoot ¶
func (*Config) CourierTemplatesVerificationCodeInvalid ¶ added in v0.11.0
func (p *Config) CourierTemplatesVerificationCodeInvalid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesVerificationCodeValid ¶ added in v0.11.0
func (p *Config) CourierTemplatesVerificationCodeValid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesVerificationInvalid ¶
func (p *Config) CourierTemplatesVerificationInvalid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierTemplatesVerificationValid ¶
func (p *Config) CourierTemplatesVerificationValid(ctx context.Context) *CourierEmailTemplate
func (*Config) CourierWorkerPullCount ¶ added in v1.1.0
func (*Config) CourierWorkerPullWait ¶ added in v1.1.0
func (*Config) DatabaseCleanupBatchSize ¶ added in v0.11.0
func (*Config) DatabaseCleanupSleepTables ¶ added in v0.11.0
func (*Config) DefaultConsistencyLevel ¶ added in v1.1.0
func (p *Config) DefaultConsistencyLevel(ctx context.Context) crdbx.ConsistencyLevel
func (*Config) DefaultIdentityTraitsSchemaID ¶
func (*Config) DefaultIdentityTraitsSchemaURL ¶
func (*Config) DisableAPIFlowEnforcement ¶
func (*Config) DisableAdminHealthRequestLog ¶
func (*Config) DisablePublicHealthRequestLog ¶
func (*Config) FeatureFlagFasterSessionExtend ¶ added in v1.3.0
func (*Config) GetProvider ¶ added in v0.11.0
func (*Config) GetTLSCertificatesForAdmin ¶ added in v0.11.0
func (*Config) GetTLSCertificatesForPublic ¶ added in v0.11.0
func (*Config) HasherPasswordHashingAlgorithm ¶
func (*Config) IdentityTraitsSchemas ¶
func (*Config) IsBackgroundCourierEnabled ¶
func (*Config) OAuth2ProviderHeader ¶ added in v0.11.0
func (*Config) OAuth2ProviderOverrideReturnTo ¶ added in v1.0.0
func (*Config) OAuth2ProviderURL ¶ added in v0.11.0
func (*Config) OIDCRedirectURIBase ¶
func (*Config) ParseAbsoluteOrRelativeURI ¶
func (*Config) ParseAbsoluteOrRelativeURIOrFail ¶
func (*Config) ParseURIOrFail ¶
func (*Config) PasskeyConfig ¶ added in v1.2.0
func (*Config) PasswordMigrationHook ¶ added in v1.3.0
func (p *Config) PasswordMigrationHook(ctx context.Context) *PasswordMigrationHook
func (*Config) PasswordPolicyConfig ¶
func (p *Config) PasswordPolicyConfig(ctx context.Context) *PasswordPolicy
func (*Config) PublicSocketPermission ¶
func (p *Config) PublicSocketPermission(ctx context.Context) *configx.UnixPermission
func (*Config) SecurityAccountEnumerationMitigate ¶ added in v1.3.0
func (*Config) SelfServiceBrowserAllowedReturnToDomains ¶
func (*Config) SelfServiceBrowserDefaultReturnTo ¶
func (*Config) SelfServiceCodeMethodLifespan ¶ added in v0.11.0
func (*Config) SelfServiceCodeMethodMissingCredentialFallbackEnabled ¶ added in v1.3.0
func (*Config) SelfServiceCodeStrategy ¶ added in v1.1.0
func (p *Config) SelfServiceCodeStrategy(ctx context.Context) *SelfServiceStrategyCode
func (*Config) SelfServiceFlowErrorURL ¶
func (*Config) SelfServiceFlowLoginAfterHooks ¶
func (p *Config) SelfServiceFlowLoginAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowLoginBeforeHooks ¶
func (p *Config) SelfServiceFlowLoginBeforeHooks(ctx context.Context) []SelfServiceHook
func (*Config) SelfServiceFlowLoginRequestLifespan ¶
func (*Config) SelfServiceFlowLoginReturnTo ¶
func (*Config) SelfServiceFlowLoginUI ¶
func (*Config) SelfServiceFlowLogoutRedirectURL ¶
func (*Config) SelfServiceFlowRecoveryAfterHooks ¶
func (p *Config) SelfServiceFlowRecoveryAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowRecoveryBeforeHooks ¶ added in v0.11.0
func (p *Config) SelfServiceFlowRecoveryBeforeHooks(ctx context.Context) []SelfServiceHook
func (*Config) SelfServiceFlowRecoveryEnabled ¶
func (*Config) SelfServiceFlowRecoveryNotifyUnknownRecipients ¶ added in v0.13.0
func (*Config) SelfServiceFlowRecoveryRequestLifespan ¶
func (*Config) SelfServiceFlowRecoveryReturnTo ¶
func (*Config) SelfServiceFlowRecoveryUI ¶
func (*Config) SelfServiceFlowRecoveryUse ¶ added in v0.11.0
func (*Config) SelfServiceFlowRegistrationAfterHooks ¶
func (p *Config) SelfServiceFlowRegistrationAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowRegistrationBeforeHooks ¶
func (p *Config) SelfServiceFlowRegistrationBeforeHooks(ctx context.Context) []SelfServiceHook
func (*Config) SelfServiceFlowRegistrationEnabled ¶
func (*Config) SelfServiceFlowRegistrationLoginHints ¶ added in v1.1.0
func (*Config) SelfServiceFlowRegistrationRequestLifespan ¶
func (*Config) SelfServiceFlowRegistrationReturnTo ¶
func (*Config) SelfServiceFlowRegistrationTwoSteps ¶ added in v1.2.0
func (*Config) SelfServiceFlowRegistrationUI ¶
func (*Config) SelfServiceFlowSettingsAfterHooks ¶
func (p *Config) SelfServiceFlowSettingsAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowSettingsBeforeHooks ¶ added in v0.11.0
func (p *Config) SelfServiceFlowSettingsBeforeHooks(ctx context.Context) []SelfServiceHook
func (*Config) SelfServiceFlowSettingsFlowLifespan ¶
func (*Config) SelfServiceFlowSettingsPrivilegedSessionMaxAge ¶
func (*Config) SelfServiceFlowSettingsReturnTo ¶
func (*Config) SelfServiceFlowSettingsUI ¶
func (*Config) SelfServiceFlowVerificationAfterHooks ¶
func (p *Config) SelfServiceFlowVerificationAfterHooks(ctx context.Context, strategy string) []SelfServiceHook
func (*Config) SelfServiceFlowVerificationBeforeHooks ¶ added in v0.11.0
func (p *Config) SelfServiceFlowVerificationBeforeHooks(ctx context.Context) []SelfServiceHook
func (*Config) SelfServiceFlowVerificationEnabled ¶
func (*Config) SelfServiceFlowVerificationNotifyUnknownRecipients ¶ added in v0.13.0
func (*Config) SelfServiceFlowVerificationRequestLifespan ¶
func (*Config) SelfServiceFlowVerificationReturnTo ¶
func (*Config) SelfServiceFlowVerificationUI ¶
func (*Config) SelfServiceFlowVerificationUse ¶ added in v0.11.0
func (*Config) SelfServiceLinkMethodBaseURL ¶
func (*Config) SelfServiceLinkMethodLifespan ¶
func (*Config) SelfServiceLoginFlowIdentifierFirstEnabled ¶ added in v1.3.0
func (*Config) SelfServiceSettingsRequiredAAL ¶
func (*Config) SelfServiceStrategy ¶
func (p *Config) SelfServiceStrategy(ctx context.Context, strategy string) *SelfServiceStrategy
func (*Config) SessionLifespan ¶
SessionLifespan returns time.Hour*24 when the value is not set.
func (*Config) SessionPersistentCookie ¶
func (*Config) SessionRefreshMinTimeLeft ¶
func (*Config) SessionSameSiteMode ¶
func (*Config) SessionWhoAmICaching ¶ added in v0.11.0
func (*Config) SessionWhoAmICachingMaxAge ¶ added in v1.2.0
func (*Config) TokenizeTemplate ¶ added in v1.1.0
func (*Config) UseContinueWithTransitions ¶ added in v1.1.0
func (*Config) WebAuthnConfig ¶
type CourierChannel ¶ added in v1.1.0
type CourierChannel struct { ID string `json:"id" koanf:"id"` Type string `json:"type" koanf:"type"` SMTPConfig *SMTPConfig `json:"smtp_config" koanf:"smtp_config"` RequestConfig json.RawMessage `json:"request_config" koanf:"-"` RequestConfigRaw map[string]any `json:"-" koanf:"request_config"` }
type CourierConfigs ¶
type CourierConfigs interface { CourierTemplatesRoot(ctx context.Context) string CourierTemplatesVerificationInvalid(ctx context.Context) *CourierEmailTemplate CourierTemplatesVerificationValid(ctx context.Context) *CourierEmailTemplate CourierTemplatesRecoveryInvalid(ctx context.Context) *CourierEmailTemplate CourierTemplatesRecoveryValid(ctx context.Context) *CourierEmailTemplate CourierTemplatesRecoveryCodeInvalid(ctx context.Context) *CourierEmailTemplate CourierTemplatesRecoveryCodeValid(ctx context.Context) *CourierEmailTemplate CourierTemplatesVerificationCodeInvalid(ctx context.Context) *CourierEmailTemplate CourierTemplatesVerificationCodeValid(ctx context.Context) *CourierEmailTemplate CourierTemplatesLoginCodeValid(ctx context.Context) *CourierEmailTemplate CourierTemplatesRegistrationCodeValid(ctx context.Context) *CourierEmailTemplate CourierSMSTemplatesVerificationCodeValid(ctx context.Context) *CourierSMSTemplate CourierSMSTemplatesLoginCodeValid(ctx context.Context) *CourierSMSTemplate CourierMessageRetries(ctx context.Context) int CourierWorkerPullCount(ctx context.Context) int CourierWorkerPullWait(ctx context.Context) time.Duration CourierChannels(context.Context) ([]*CourierChannel, error) }
type CourierEmailTemplate ¶
type CourierEmailTemplate struct { Body *CourierEmailBodyTemplate `json:"body"` Subject string `json:"subject"` }
type CourierSMSTemplate ¶ added in v1.1.0
type CourierSMSTemplate struct {
Body *CourierSMSTemplateBody `json:"body"`
}
type CourierSMSTemplateBody ¶ added in v1.1.0
type CourierSMSTemplateBody struct {
PlainText string `json:"plaintext"`
}
type PasswordMigrationHook ¶ added in v1.3.0
type PasswordMigrationHook struct { Enabled bool `json:"enabled" koanf:"enabled"` Config json.RawMessage `json:"config" koanf:"config"` }
type PasswordPolicy ¶
type PasswordPolicy struct { HaveIBeenPwnedHost string `json:"haveibeenpwned_host"` HaveIBeenPwnedEnabled bool `json:"haveibeenpwned_enabled"` MaxBreaches uint `json:"max_breaches"` IgnoreNetworkErrors bool `json:"ignore_network_errors"` MinPasswordLength uint `json:"min_password_length"` IdentifierSimilarityCheckEnabled bool `json:"identifier_similarity_check_enabled"` }
type SMTPConfig ¶ added in v1.1.0
type SMTPConfig struct { ConnectionURI string `json:"connection_uri" koanf:"connection_uri"` ClientCertPath string `json:"client_cert_path" koanf:"client_cert_path"` ClientKeyPath string `json:"client_key_path" koanf:"client_key_path"` FromAddress string `json:"from_address" koanf:"from_address"` FromName string `json:"from_name" koanf:"from_name"` Headers map[string]string `json:"headers" koanf:"headers"` LocalName string `json:"local_name" koanf:"local_name"` }
type SelfServiceHook ¶
type SelfServiceHook struct { Name string `json:"hook"` Config json.RawMessage `json:"config"` }
type SelfServiceStrategy ¶
type SelfServiceStrategy struct { Enabled bool `json:"enabled"` Config json.RawMessage `json:"config"` }
type SelfServiceStrategyCode ¶ added in v1.1.0
type SelfServiceStrategyCode struct { *SelfServiceStrategy PasswordlessEnabled bool `json:"passwordless_enabled"` MFAEnabled bool `json:"mfa_enabled"` }
Click to show internal directories.
Click to hide internal directories.