payload

package
v0.26.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 11, 2019 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ConvertOIDCClaimsRequest 

func ConvertOIDCClaimsRequest(value string) reflect.Value

ConvertOIDCClaimsRequest is a converter function for oidc.ClaimsRequest data provided in URL schema.

func DecodeSchema 

func DecodeSchema(dst interface{}, src map[string][]string) error

DecodeSchema decodes request form data into the provided dst schema struct.

func EncodeSchema 

func EncodeSchema(src interface{}, dst map[string][]string) error

EncodeSchema encodes the provided src schema to the provided map.

func GetScopeForClaim 

func GetScopeForClaim(claim string) (string, bool)

GetScopeForClaim returns the known scope if any for the provided claim name.

func ToMap 

func ToMap(payload interface{}) (map[string]interface{}, error)

ToMap is a helper function to convert the provided payload struct to a map type which can be used to extend the payload data with additional fields.

Types

type AuthenticationBadRequest 

type AuthenticationBadRequest struct {
	ErrorID          string `url:"error" json:"error"`
	ErrorDescription string `url:"error_description,omitempty" json:"error_description,omitempty"`
	State            string `url:"state,omitempty" json:"state,omitempty"`
}

AuthenticationBadRequest holds the outgoing data for a failed OpenID Connect 1.0 authorize request with bad request parameters which make it impossible to continue with normal auth.

func (*AuthenticationBadRequest) Description 

func (ae *AuthenticationBadRequest) Description() string

Description implements ErrorWithDescription interface.

func (*AuthenticationBadRequest) Error 

func (ae *AuthenticationBadRequest) Error() string

Error interface implementation.

type AuthenticationError 

type AuthenticationError struct {
	ErrorID          string `url:"error" json:"error"`
	ErrorDescription string `url:"error_description,omitempty" json:"error_description,omitempty"`
	State            string `url:"state,omitempty" json:"state,omitempty"`
}

AuthenticationError holds the outgoind data for a failed OpenID Connect 1.0 authorize request as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthError and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthError.

func (*AuthenticationError) Description 

func (ae *AuthenticationError) Description() string

Description implements ErrorWithDescription interface.

func (*AuthenticationError) Error 

func (ae *AuthenticationError) Error() string

Error interface implementation.

type AuthenticationRequest 

type AuthenticationRequest struct {
	RawScope        string         `schema:"scope"`
	Claims          *ClaimsRequest `schema:"claims"`
	RawResponseType string         `schema:"response_type"`
	ResponseMode    string         `schema:"response_mode"`
	ClientID        string         `schema:"client_id"`
	RawRedirectURI  string         `schema:"redirect_uri"`
	State           string         `schema:"state"`
	Nonce           string         `schema:"nonce"`
	RawPrompt       string         `schema:"prompt"`
	RawIDTokenHint  string         `schema:"id_token_hint"`
	RawMaxAge       string         `schema:"max_age"`

	RawRequest      string `schema:"request"`
	RawRequestURI   string `schema:"request_uri"`
	RawRegistration string `schema:"registration"`

	CodeChallenge       string `schema:"code_challenge"`
	CodeChallengeMethod string `schema:"code_challenge_method"`

	Scopes        map[string]bool `schema:"-"`
	ResponseTypes map[string]bool `schema:"-"`
	Prompts       map[string]bool `schema:"-"`
	RedirectURI   *url.URL        `schema:"-"`
	IDTokenHint   *jwt.Token      `schema:"-"`
	MaxAge        time.Duration   `schema:"-"`
	Request       *jwt.Token      `schema:"-"`

	UseFragment bool   `schema:"-"`
	Flow        string `schema:"-"`

	Session *Session `schema:"-"`
	// contains filtered or unexported fields
}

AuthenticationRequest holds the incoming parameters and request data for the OpenID Connect 1.0 authorization endpoint as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthRequest and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest

func DecodeAuthenticationRequest 

func DecodeAuthenticationRequest(req *http.Request, providerMetadata *oidc.WellKnown, keyFunc jwt.Keyfunc) (*AuthenticationRequest, error)

DecodeAuthenticationRequest returns a AuthenticationRequest holding the provided requests form data.

func NewAuthenticationRequest 

func NewAuthenticationRequest(values url.Values, providerMetadata *oidc.WellKnown, keyFunc jwt.Keyfunc) (*AuthenticationRequest, error)

NewAuthenticationRequest returns a AuthenticationRequest holding the provided url values.

func (*AuthenticationRequest) ApplyRequestObject 

func (ar *AuthenticationRequest) ApplyRequestObject(roc *RequestObjectClaims, method jwt.SigningMethod) error

ApplyRequestObject applies the provided request object claims to the associated authentication request data with validation as required.

func (*AuthenticationRequest) NewBadRequest 

func (ar *AuthenticationRequest) NewBadRequest(id string, description string) *AuthenticationBadRequest

NewBadRequest creates a new error with id and string and the associated request's state.

func (*AuthenticationRequest) NewError 

func (ar *AuthenticationRequest) NewError(id string, description string) *AuthenticationError

NewError creates a new error with id and string and the associated request's state.

func (*AuthenticationRequest) Validate 

func (ar *AuthenticationRequest) Validate(keyFunc jwt.Keyfunc) error

Validate validates the request data of the accociated authentication request.

func (*AuthenticationRequest) Verify 

func (ar *AuthenticationRequest) Verify(userID string) error

Verify checks that the passed parameters match the accociated requirements.

type AuthenticationSuccess 

type AuthenticationSuccess struct {
	Code        string `url:"code,omitempty"`
	AccessToken string `url:"access_token,omitempty"`
	TokenType   string `url:"token_type,omitempty"`
	IDToken     string `url:"id_token,omitempty"`
	State       string `url:"state"`
	ExpiresIn   int64  `url:"expires_in,omitempty"`

	Scope string `url:"scope,omitempty"`

	SessionState string `url:"session_state,omitempty"`
}

AuthenticationSuccess holds the outgoind data for a successful OpenID Connect 1.0 authorize request as specified at http://openid.net/specs/openid-connect-core-1_0.html#AuthResponse and http://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthResponse. https://openid.net/specs/openid-connect-session-1_0.html#CreatingUpdatingSessions

type ClaimsRequest 

type ClaimsRequest struct {
	UserInfo *ClaimsRequestMap `json:"userinfo,omitempty"`
	IDToken  *ClaimsRequestMap `json:"id_token,omitempty"`
	Passthru json.RawMessage   `json:"passthru,omitempty"`
}

ClaimsRequest define the base claims structure for OpenID Connect claims request parameter value as specified at https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter - in addition a Konnect specific pass thru value can be used to pass through any application specific values to access and reqfresh tokens.

func (*ClaimsRequest) ApplyScopes 

func (cr *ClaimsRequest) ApplyScopes(approvedScopes map[string]bool) error

ApplyScopes removes all claims requests from the accociated claims request which are not mapped to one of the provided approved scopes.

func (*ClaimsRequest) Scopes 

func (cr *ClaimsRequest) Scopes(excludedScopes map[string]bool) []string

Scopes adds all scopes of the accociated claims requests claims to the provied scopes mapping safe the scopes already defined in the provided excluded scopes mapping.

type ClaimsRequestMap 

type ClaimsRequestMap map[string]*ClaimsRequestValue

ClaimsRequestMap defines a mapping of claims request values used with OpenID Connect claims request parameter values.

func (ClaimsRequestMap) Get 

func (crm ClaimsRequestMap) Get(claim string) (*ClaimsRequestValue, bool)

Get returns the accociated maps claim value identified by the provided name.

func (ClaimsRequestMap) GetStringValue 

func (crm ClaimsRequestMap) GetStringValue(claim string) (string, bool)

GetStringValue returns the accociated maps claim value identified by the provided name as string value.

func (*ClaimsRequestMap) ScopesMap 

func (crm *ClaimsRequestMap) ScopesMap(excludedScopes map[string]bool) map[string]bool

ScopesMap returns a map of scopes defined by the claims in tha associated map.

type ClaimsRequestValue 

type ClaimsRequestValue struct {
	Essential bool          `json:"essential,omitempty"`
	Value     interface{}   `json:"value,omitempty"`
	Values    []interface{} `json:"values,omitempty"`
}

ClaimsRequestValue is the claims request detail definition of an OpenID Connect claims request parameter value.

func (*ClaimsRequestValue) Match 

func (crv *ClaimsRequestValue) Match(value interface{}) bool

Match returns true of the provided value is contained inside the accociated request values values or value.

type ClientRegistrationRequest 

type ClientRegistrationRequest struct {
	RedirectURIs    []string `json:"redirect_uris"`
	ResponseTypes   []string `json:"response_types"`
	GrantTypes      []string `json:"grant_types"`
	ApplicationType string   `json:"application_type"`

	Contacts   []string `json:"contacts"`
	ClientName string   `json:"client_name"`
	ClientURI  string   `json:"client_uri"`

	RawJWKS json.RawMessage `json:"jwks"`

	RawIDTokenSignedResponseAlg    string `json:"id_token_signed_response_alg"`
	RawUserInfoSignedResponseAlg   string `json:"userinfo_signed_response_alg"`
	RawRequestObjectSigningAlg     string `json:"request_object_signing_alg"`
	RawTokenEndpointAuthMethod     string `json:"token_endpoint_auth_method"`
	RawTokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg"`

	PostLogoutRedirectURIs []string `json:"post_logout_redirect_uris"`

	JWKS *gojwk.Key `json:"-"`
}

ClientRegistrationRequest holds the incoming request data for the OpenID Connect Dynamic Client Registration 1.0 client registration endpoint as specified at https://openid.net/specs/openid-connect-registration-1_0.html#ClientRegistration and https://openid.net/specs/openid-connect-session-1_0.html#DynRegRegistrations

func DecodeClientRegistrationRequest 

func DecodeClientRegistrationRequest(req *http.Request) (*ClientRegistrationRequest, error)

DecodeClientRegistrationRequest returns a ClientRegistrationRequest holding the provided request's data.

func (*ClientRegistrationRequest) ClientRegistration 

func (crr *ClientRegistrationRequest) ClientRegistration() (*clients.ClientRegistration, error)

ClientRegistration returns new dynamic client registration data for the accociated client registration request.

func (*ClientRegistrationRequest) Validate 

func (crr *ClientRegistrationRequest) Validate() error

Validate validates the request data of the accociated client registration request and fills in default data where required.

type ClientRegistrationResponse 

type ClientRegistrationResponse struct {
	ClientID     string `json:"client_id"`
	ClientSecret string `json:"client_secret,omitempty"`

	ClientIDIssuedAt      int64 `json:"client_id_issued_at,omitempty"`
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at"`

	// Include validated request data.
	ClientRegistrationRequest
}

ClientRegistrationResponse holds the outgoing data for a successful OpenID Connect Dynamic Client Registration 1.0 clientregistration request as specified at https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationResponse

type EndSessionRequest 

type EndSessionRequest struct {
	RawIDTokenHint           string `schema:"id_token_hint"`
	RawPostLogoutRedirectURI string `schema:"post_logout_redirect_uri"`
	State                    string `schema:"state"`

	IDTokenHint           *jwt.Token `schema:"-"`
	PostLogoutRedirectURI *url.URL   `schema:"-"`
	// contains filtered or unexported fields
}

EndSessionRequest holds the incoming parameters and request data for OpenID Connect Session Management 1.0 RP initiaed logout requests as specified at https://openid.net/specs/openid-connect-session-1_0.html#RPLogout

func DecodeEndSessionRequest 

func DecodeEndSessionRequest(req *http.Request, providerMetadata *oidc.WellKnown) (*EndSessionRequest, error)

DecodeEndSessionRequest returns a EndSessionRequest holding the provided requests form data.

func NewEndSessionRequest 

func NewEndSessionRequest(values url.Values, providerMetadata *oidc.WellKnown) (*EndSessionRequest, error)

NewEndSessionRequest returns a EndSessionRequest holding the provided url values.

func (*EndSessionRequest) NewBadRequest 

func (esr *EndSessionRequest) NewBadRequest(id string, description string) *AuthenticationBadRequest

NewBadRequest creates a new error with id and string and the associated request's state.

func (*EndSessionRequest) NewError 

func (esr *EndSessionRequest) NewError(id string, description string) *AuthenticationError

NewError creates a new error with id and string and the associated request's state.

func (*EndSessionRequest) Validate 

func (esr *EndSessionRequest) Validate(keyFunc jwt.Keyfunc) error

Validate validates the request data of the accociated endSession request.

func (*EndSessionRequest) Verify 

func (esr *EndSessionRequest) Verify(userID string) error

Verify checks that the passed parameters match the accociated requirements.

type RequestObjectClaims 

type RequestObjectClaims struct {
	jwt.StandardClaims

	RawScope        string         `json:"scope"`
	Claims          *ClaimsRequest `json:"claims"`
	RawResponseType string         `json:"response_type"`
	ResponseMode    string         `json:"response_mode"`
	ClientID        string         `json:"client_id"`
	RawRedirectURI  string         `json:"redirect_uri"`
	State           string         `json:"state"`
	Nonce           string         `json:"nonce"`
	RawPrompt       string         `json:"prompt"`
	RawIDTokenHint  string         `json:"id_token_hint"`
	RawMaxAge       string         `json:"max_age"`

	RawRegistration string `json:"registration"`

	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
	// contains filtered or unexported fields
}

RequestObjectClaims holds the incoming request object claims provided as JWT via request parameter to OpenID Connect 1.0 authorization endpoint requests specified at https://openid.net/specs/openid-connect-core-1_0.html#JWTRequests

func (*RequestObjectClaims) Secure 

func (roc *RequestObjectClaims) Secure() *clients.Secured

Secure returns the accociated secure client or nil if not secure.

func (*RequestObjectClaims) SetSecure 

func (roc *RequestObjectClaims) SetSecure(client *clients.Secured) error

SetSecure sets the provided client as owner of the accociated claims.

type Session 

type Session struct {
	Version  int
	ID       string
	Sub      string
	Provider string
}

Session defines a Provider's session with a String identifier for a Session. This represents a Session of a User Agent or device for a logged-in End-User at an RP. Different ID values are used to identify distinct sessions. This is implemented as defined in the OIDC Front Channel logout extension https://openid.net/specs/openid-connect-frontchannel-1_0.html#OPLogout

type TokenRequest 

type TokenRequest struct {
	GrantType       string `schema:"grant_type"`
	Code            string `schema:"code"`
	RawRedirectURI  string `schema:"redirect_uri"`
	RawRefreshToken string `schema:"refresh_token"`
	RawScope        string `schema:"scope"`

	ClientID     string `schema:"client_id"`
	ClientSecret string `schema:"client_secret"`

	CodeVerifier string `schema:"code_verifier"`

	RedirectURI  *url.URL        `schema:"-"`
	RefreshToken *jwt.Token      `schema:"-"`
	Scopes       map[string]bool `schema:"-"`
	// contains filtered or unexported fields
}

TokenRequest holds the incoming parameters and request data for the OpenID Connect 1.0 token endpoint as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenRequest

func DecodeTokenRequest 

func DecodeTokenRequest(req *http.Request, providerMetadata *oidc.WellKnown) (*TokenRequest, error)

DecodeTokenRequest return a TokenRequest holding the provided request's form data.

func NewTokenRequest 

func NewTokenRequest(values url.Values, providerMetadata *oidc.WellKnown) (*TokenRequest, error)

NewTokenRequest returns a TokenRequest holding the provided url values.

func (*TokenRequest) Validate 

func (tr *TokenRequest) Validate(keyFunc jwt.Keyfunc, claims jwt.Claims) error

Validate validates the request data of the accociated token request.

type TokenSuccess 

type TokenSuccess struct {
	AccessToken  string `json:"access_token,omitempty"`
	TokenType    string `json:"token_type,omitempty"`
	IDToken      string `json:"id_token,omitempty"`
	RefreshToken string `json:"refresh_token,omitempty"`
	ExpiresIn    int64  `json:"expires_in,omitempty"`
}

TokenSuccess holds the outgoing data for a successful OpenID Connect 1.0 token request as specified at http://openid.net/specs/openid-connect-core-1_0.html#TokenResponse.

type UserInfoResponse 

type UserInfoResponse struct {
	oidc.UserInfoClaims
	*oidc.ProfileClaims
	*oidc.EmailClaims
}

UserInfoResponse defines the data returned from the OIDC UserInfo endpoint.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.