The highest tagged major version is
Documentation
¶
Index ¶
- Variables
- func FromModel(f *Flow) *flow.Flow
- func NewMemDao() oauth.PatDAO
- func NewPatDAO(db *gorm.DB) oauth.PatDAO
- func NewRegistryDAO(ctx context.Context, db *gorm.DB) oauth.Registry
- type Flow
- type MemDAO
- func (m *MemDAO) Delete(patUuid string) error
- func (m *MemDAO) List(byType auth.PatType, byUser string) ([]*auth.PersonalAccessToken, error)
- func (m *MemDAO) Load(accessToken string) (*auth.PersonalAccessToken, error)
- func (m *MemDAO) PruneExpired() (int, error)
- func (m *MemDAO) Store(accessToken string, token *auth.PersonalAccessToken, _ bool) error
- type OAuth2RequestSQL
- type OAuth2RequestSQLAccess
- type OAuth2RequestSQLCode
- type OAuth2RequestSQLOIDC
- type OAuth2RequestSQLPKCE
- type OAuth2RequestSQLRefresh
- type PersonalToken
- type SqlJWK
Constants ¶
This section is empty.
Variables ¶
View Source
var (
OAuthRegistryError = errors.RegisterBaseSentinel(errors.CellsError, "oauth registry")
)
Functions ¶
Types ¶
type Flow ¶
type Flow struct {
// ID is the identifier ("login challenge") of the login request. It is used to
// identify the session.
//
// required: true
ID string `db:"login_challenge"`
NID uuid.UUID `db:"nid"`
// RequestedScope contains the OAuth 2.0 Scope requested by the OAuth 2.0 Client.
//
// required: true
RequestedScope sqlxx.StringSliceJSONFormat `db:"requested_scope"`
// RequestedAudience contains the access token audience as requested by the OAuth 2.0 Client.
//
// required: true
RequestedAudience sqlxx.StringSliceJSONFormat `db:"requested_at_audience"`
// LoginSkip, if true, implies that the client has requested the same scopes from the same user previously.
// If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.
//
// This feature allows you to update / set session information.
//
// required: true
LoginSkip bool `db:"login_skip"`
// Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope
// requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type
// when accepting the login request, or the request will fail.
//
// required: true
Subject string `db:"subject"`
// OpenIDConnectContext provides context for the (potential) OpenID Connect context. Implementation of these
// values in your app are optional but can be useful if you want to be fully compliant with the OpenID Connect spec.
OpenIDConnectContext *flow.OAuth2ConsentRequestOpenIDConnectContext `db:"oidc_context"`
// Ref to the Client ID
ClientID string `db:"client_id"`
// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which
// initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but
// might come in handy if you want to deal with additional request parameters.
//
// required: true
RequestURL string `db:"request_url"`
// SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag)
// this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false)
// this will be a new random value. This value is used as the "sid" parameter in the ID Token and in OIDC Front-/Back-
// channel logout. Its value can generally be used to associate consecutive login requests by a certain user.
SessionID sqlxx.NullString `db:"login_session_id"`
// IdentityProviderSessionID is the session ID of the end-user that authenticated.
// If specified, we will use this value to propagate the logout.
IdentityProviderSessionID sqlxx.NullString `db:"identity_provider_session_id"`
LoginVerifier string `db:"login_verifier"`
LoginCSRF string `db:"login_csrf"`
LoginInitializedAt sqlxx.NullTime `db:"login_initialized_at"`
RequestedAt time.Time `db:"requested_at"`
State int16 `db:"state"`
// LoginRemember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store
// a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she
// will not be asked to log in again.
LoginRemember bool `db:"login_remember"`
// LoginRememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the
// authorization will be remembered for the duration of the browser session (using a session cookie).
LoginRememberFor int `db:"login_remember_for"`
// LoginExtendSessionLifespan, if set to true, session cookie expiry time will be updated when session is
// refreshed (login skip=true).
LoginExtendSessionLifespan bool `db:"login_extend_session_lifespan"`
// ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
// to express that, for example, a user authenticated using two factor authentication.
ACR string `db:"acr"`
// AMR sets the Authentication Methods References value for this
// authentication session. You can use it to specify the method a user used to
// authenticate. For example, if the acr indicates a user used two factor
// authentication, the amr can express they used a software-secured key.
AMR sqlxx.StringSliceJSONFormat `db:"amr"`
// ForceSubjectIdentifier forces the "pairwise" user ID of the end-user that authenticated. The "pairwise" user ID refers to the
// (Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID
// Connect specification. It allows you to set an obfuscated subject ("user") identifier that is unique to the client.
//
// Please note that this changes the user ID on endpoint /userinfo and sub claim of the ID Token. It does not change the
// sub claim in the OAuth 2.0 Introspection.
//
// Per default, ORY Hydra handles this value with its own algorithm. In case you want to set this yourself
// you can use this field. Please note that setting this field has no effect if `pairwise` is not configured in
// ORY Hydra or the OAuth 2.0 Client does not expect a pairwise identifier (set via `subject_type` key in the client's
// configuration).
//
// Please also be aware that ORY Hydra is unable to properly compute this value during authentication. This implies
// that you have to compute this value on every authentication process (probably depending on the client ID or some
// other unique value).
//
// If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail.
ForceSubjectIdentifier string `db:"forced_subject_identifier"`
// Context is an optional object which can hold arbitrary data. The data will be made available when fetching the
// consent request under the "context" field. This is useful in scenarios where login and consent endpoints share
// data.
Context sqlxx.JSONRawMessage `db:"context"`
// LoginWasUsed set to true means that the login request was already handled.
// This can happen on form double-submit or other errors. If this is set we
// recommend redirecting the user to `request_url` to re-initiate the flow.
LoginWasUsed bool `db:"login_was_used"`
LoginError *flow.RequestDeniedError `db:"login_error"`
LoginAuthenticatedAt sqlxx.NullTime `db:"login_authenticated_at"`
// ConsentChallengeID is the identifier ("authorization challenge") of the consent authorization request. It is used to
// identify the session.
//
// required: true
ConsentChallengeID sqlxx.NullString `db:"consent_challenge_id"`
// ConsentSkip, if true, implies that the client has requested the same scopes from the same user previously.
// If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the
// consent request using the usual API call.
ConsentSkip bool `db:"consent_skip"`
ConsentVerifier sqlxx.NullString `db:"consent_verifier"`
ConsentCSRF sqlxx.NullString `db:"consent_csrf"`
// GrantedScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope`.
GrantedScope sqlxx.StringSliceJSONFormat `db:"granted_scope"`
// GrantedAudience sets the audience the user authorized the client to use. Should be a subset of `requested_access_token_audience`.
GrantedAudience sqlxx.StringSliceJSONFormat `db:"granted_at_audience"`
// ConsentRemember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same
// client asks the same user for the same, or a subset of, scope.
ConsentRemember bool `db:"consent_remember"`
// ConsentRememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the
// authorization will be remembered indefinitely.
ConsentRememberFor *int `db:"consent_remember_for"`
// ConsentHandledAt contains the timestamp the consent request was handled.
ConsentHandledAt sqlxx.NullTime `db:"consent_handled_at"`
// ConsentWasHandled set to true means that the request was already handled.
// This can happen on form double-submit or other errors. If this is set we
// recommend redirecting the user to `request_url` to re-initiate the flow.
ConsentWasHandled bool `db:"consent_was_used"`
ConsentError *flow.RequestDeniedError `db:"consent_error"`
SessionIDToken sqlxx.MapStringInterface `db:"session_id_token" faker:"-"`
SessionAccessToken sqlxx.MapStringInterface `db:"session_access_token" faker:"-"`
}
type MemDAO ¶
type MemDAO struct {
// contains filtered or unexported fields
}
MemDAO is a dev-util for storing tokens in memory
func (*MemDAO) PruneExpired ¶
type OAuth2RequestSQL ¶
type OAuth2RequestSQL hsql.OAuth2RequestSQL
type OAuth2RequestSQLAccess ¶
type OAuth2RequestSQLAccess OAuth2RequestSQL
type OAuth2RequestSQLCode ¶
type OAuth2RequestSQLCode OAuth2RequestSQL
type OAuth2RequestSQLOIDC ¶
type OAuth2RequestSQLOIDC OAuth2RequestSQL
type OAuth2RequestSQLPKCE ¶
type OAuth2RequestSQLPKCE OAuth2RequestSQL
type OAuth2RequestSQLRefresh ¶
type OAuth2RequestSQLRefresh OAuth2RequestSQL
type PersonalToken ¶
type PersonalToken struct {
UUID string `gorm:"column:uuid; primaryKey; type:varchar(36) not null;"`
AccessToken string `gorm:"column:access_token;type:varchar(128) not null;unique;"`
Type auth.PatType `gorm:"column:pat_type;"`
Label string `gorm:"column:label;type:varchar(255) null;"`
UserUUID string `gorm:"column:user_uuid;type:varchar(255) not null;index;"`
UserLogin string `gorm:"column:user_login;type:varchar(255) not null;index;"`
AutoRefreshWindow int32 `gorm:"column:auto_refresh;type: int default 0 null;"`
ExpiresAt time.Time `gorm:"column:expire_at;"`
CreatedBy string `gorm:"column:created_by;type:varchar(128) null;"`
Scopes string `gorm:"column:scopes;"`
UpdatedAt time.Time `gorm:"autoUpdateTime"`
CreatedAt time.Time `gorm:"autoCreateTime"`
}
func (*PersonalToken) As ¶
func (u *PersonalToken) As(res *auth.PersonalAccessToken) (*auth.PersonalAccessToken, error)
func (*PersonalToken) From ¶
func (u *PersonalToken) From(res *auth.PersonalAccessToken) *PersonalToken
Source Files
Click to show internal directories.
Click to hide internal directories.