Documentation
¶
Overview ¶
Package types contains domain types internal to identity-api.
Package types defines all non-http types used in the STS.
Index ¶
- Constants
- Variables
- type ClaimsMapping
- type Issuer
- type IssuerService
- type IssuerUpdate
- type OAuthClient
- func (c OAuthClient) GetAudience() fosite.Arguments
- func (OAuthClient) GetGrantTypes() fosite.Arguments
- func (c OAuthClient) GetHashedSecret() []byte
- func (c OAuthClient) GetID() string
- func (OAuthClient) GetRedirectURIs() []string
- func (OAuthClient) GetResponseTypes() fosite.Arguments
- func (c OAuthClient) GetScopes() fosite.Arguments
- func (OAuthClient) IsPublic() bool
- func (c OAuthClient) ToV1OAuthClient() v1.OAuthClient
- type OAuthClientManager
- type UserInfo
- type UserInfoService
Constants ¶
View Source
const ( // IdentityService represents the service portion of the prefix. IdentityService = "idnt" // IdentityUserResource represents the resource portion of the prefix. IdentityUserResource = "usr" // IdentityUserIDPrefix represents the full identity id prefix for a user resource. IdentityUserIDPrefix = IdentityService + IdentityUserResource // IdentityClientResource represents the client resource type in a ID. IdentityClientResource = "cli" // IdentityClientIDPrefix represents the full identity id prefix for a client resource. IdentityClientIDPrefix = IdentityService + IdentityClientResource // IdentityIssuerResource represents the issuer resource type in an ID. IdentityIssuerResource = "iss" // IdentityIssuerIDPrefix represents the full identity id prefix for an issuer resource. IdentityIssuerIDPrefix = IdentityService + IdentityIssuerResource )
Variables ¶
View Source
var ( // ErrorIssuerNotFound represents an error condition where an issuer was not found. ErrorIssuerNotFound = errors.New("issuer not found") // ErrUserInfoNotFound is returned if we attempt to fetch user info // from the storage backend and no info exists for that user. ErrUserInfoNotFound = errors.New("user info does not exist") // ErrFetchUserInfo represents a failure when making a /userinfo request. ErrFetchUserInfo = errors.New("could not fetch user info") // ErrInvalidUserInfo represents an error condition where the // UserInfo provided fails validation prior to storage. ErrInvalidUserInfo = errors.New("failed to store user info") // ErrOAuthClientNotFound is returned if the OAuthClient doesn't exist. ErrOAuthClientNotFound = errors.New("oauth client does not exist") )
Functions ¶
This section is empty.
Types ¶
type ClaimsMapping ¶
ClaimsMapping represents a map of claims to a CEL expression that will be evaluated
func BuildClaimsMappingFromMap ¶
func BuildClaimsMappingFromMap(in map[string]*exprpb.CheckedExpr) ClaimsMapping
BuildClaimsMappingFromMap builds a ClaimsMapping from a map of strings.
func NewClaimsMapping ¶
func NewClaimsMapping(exprs map[string]string) (ClaimsMapping, error)
NewClaimsMapping creates a ClaimsMapping from the given map of CEL expressions.
func (ClaimsMapping) MarshalJSON ¶
func (c ClaimsMapping) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface.
func (ClaimsMapping) Repr ¶
func (c ClaimsMapping) Repr() (map[string]string, error)
Repr produces a representation of the claim map using human-readable CEL expressions.
func (*ClaimsMapping) UnmarshalJSON ¶
func (c *ClaimsMapping) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface.
type Issuer ¶
type Issuer struct {
// OwnerID represents the ID of the owner the issuer belongs to.
OwnerID gidx.PrefixedID
// ID represents the ID of the issuer in identity-api.
ID gidx.PrefixedID
// Name represents the human-readable name of the issuer.
Name string
// URI represents the issuer URI as found in the "iss" claim of a JWT.
URI string
// JWKSURI represents the URI where the issuer's JWKS lives. Must be accessible by identity-api.
JWKSURI string
// ClaimMappings represents a map of claims to a CEL expression that will be evaluated
ClaimMappings ClaimsMapping
}
Issuer represents a token issuer.
type IssuerService ¶
type IssuerService interface {
CreateIssuer(ctx context.Context, iss Issuer) (*Issuer, error)
GetIssuerByID(ctx context.Context, id gidx.PrefixedID) (*Issuer, error)
GetIssuerByURI(ctx context.Context, uri string) (*Issuer, error)
UpdateIssuer(ctx context.Context, id gidx.PrefixedID, update IssuerUpdate) (*Issuer, error)
DeleteIssuer(ctx context.Context, id gidx.PrefixedID) error
}
IssuerService represents a service for managing issuers.
type IssuerUpdate ¶
type IssuerUpdate struct {
Name *string
URI *string
JWKSURI *string
ClaimMappings ClaimsMapping
}
IssuerUpdate represents an update operation on an issuer.
type OAuthClient ¶ added in v0.0.8
type OAuthClient struct {
ID gidx.PrefixedID
OwnerID gidx.PrefixedID
Name string
Secret string
Audience []string
}
OAuthClient is an OAuth 2.0 Client
func (OAuthClient) GetAudience ¶ added in v0.0.8
func (c OAuthClient) GetAudience() fosite.Arguments
GetAudience implements fosite.Client
func (OAuthClient) GetGrantTypes ¶ added in v0.0.8
func (OAuthClient) GetGrantTypes() fosite.Arguments
GetGrantTypes implements fosite.Client
func (OAuthClient) GetHashedSecret ¶ added in v0.0.8
func (c OAuthClient) GetHashedSecret() []byte
GetHashedSecret implements fosite.Client
func (OAuthClient) GetID ¶ added in v0.0.8
func (c OAuthClient) GetID() string
GetID implements fosite.Client
func (OAuthClient) GetRedirectURIs ¶ added in v0.0.8
func (OAuthClient) GetRedirectURIs() []string
GetRedirectURIs implements fosite.Client
func (OAuthClient) GetResponseTypes ¶ added in v0.0.8
func (OAuthClient) GetResponseTypes() fosite.Arguments
GetResponseTypes implements fosite.Client
func (OAuthClient) GetScopes ¶ added in v0.0.8
func (c OAuthClient) GetScopes() fosite.Arguments
GetScopes implements fosite.Client
func (OAuthClient) IsPublic ¶ added in v0.0.8
func (OAuthClient) IsPublic() bool
IsPublic implements fosite.Client
func (OAuthClient) ToV1OAuthClient ¶ added in v0.0.8
func (c OAuthClient) ToV1OAuthClient() v1.OAuthClient
ToV1OAuthClient converts to the OAS OAuth Client type.
type OAuthClientManager ¶ added in v0.0.8
type OAuthClientManager interface {
CreateOAuthClient(ctx context.Context, client OAuthClient) (OAuthClient, error)
LookupOAuthClientByID(ctx context.Context, clientID gidx.PrefixedID) (OAuthClient, error)
DeleteOAuthClient(ctx context.Context, clientID gidx.PrefixedID) error
}
OAuthClientManager defines the storage interface for OAuth clients.
type UserInfo ¶
type UserInfo struct {
ID gidx.PrefixedID `json:"-"`
Name string `json:"name,omitempty"`
Email string `json:"email,omitempty"`
Issuer string `json:"iss"`
Subject string `json:"sub"`
}
UserInfo contains information about the user from the source OIDC provider. As defined in https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
type UserInfoService ¶
type UserInfoService interface {
// LookupUserInfoByClaims returns the User information object for a issuer, subject pair.
LookupUserInfoByClaims(ctx context.Context, iss, sub string) (UserInfo, error)
// LookupUserInfoByID returns the user info for a STS user ID
LookupUserInfoByID(ctx context.Context, id gidx.PrefixedID) (UserInfo, error)
// StoreUserInfo stores the userInfo into the storage backend.
StoreUserInfo(ctx context.Context, userInfo UserInfo) (UserInfo, error)
// ParseUserInfoFromClaims parses OIDC ID token claims from the given claim map.
ParseUserInfoFromClaims(claims map[string]any) (UserInfo, error)
}
UserInfoService defines the storage class for storing User information related to the subject tokens.
Source Files
Click to show internal directories.
Click to hide internal directories.