swagger

package
v1.0.0-beta.8 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 10, 2018 License: Apache-2.0 Imports: 12 Imported by: 0

README

Go API client for swagger

Welcome to the ORY Hydra HTTP API documentation. You will find documentation for all HTTP APIs here. Keep in mind that this document reflects the latest branch, always. Support for versioned documentation is coming in the future.

Overview

This API client was generated by the swagger-codegen project. By using the swagger-spec from a remote server, you can easily generate an API client.

  • API version: Latest
  • Package version: 1.0.0
  • Build package: io.swagger.codegen.languages.GoClientCodegen For more information, please visit https://www.ory.sh

Installation

Put the package under your project folder and add the following in import:

    "./swagger"

Documentation for API Endpoints

All URIs are relative to http://localhost

Class Method HTTP request Description
HealthApi IsInstanceAlive Get /health/alive Check the Alive Status
HealthApi IsInstanceReady Get /health/ready Check the Readiness Status
JsonWebKeyApi CreateJsonWebKeySet Post /keys/{set} Generate a new JSON Web Key
JsonWebKeyApi DeleteJsonWebKey Delete /keys/{set}/{kid} Delete a JSON Web Key
JsonWebKeyApi DeleteJsonWebKeySet Delete /keys/{set} Delete a JSON Web Key Set
JsonWebKeyApi GetJsonWebKey Get /keys/{set}/{kid} Retrieve a JSON Web Key
JsonWebKeyApi GetJsonWebKeySet Get /keys/{set} Retrieve a JSON Web Key Set
JsonWebKeyApi UpdateJsonWebKey Put /keys/{set}/{kid} Update a JSON Web Key
JsonWebKeyApi UpdateJsonWebKeySet Put /keys/{set} Update a JSON Web Key Set
MetricsApi GetPrometheusMetrics Get /metrics/prometheus Retrieve Prometheus metrics
OAuth2Api AcceptConsentRequest Put /oauth2/auth/requests/consent/{challenge}/accept Accept an consent request
OAuth2Api AcceptLoginRequest Put /oauth2/auth/requests/login/{challenge}/accept Accept an login request
OAuth2Api CreateOAuth2Client Post /clients Create an OAuth 2.0 client
OAuth2Api DeleteOAuth2Client Delete /clients/{id} Deletes an OAuth 2.0 Client
OAuth2Api FlushInactiveOAuth2Tokens Post /oauth2/flush Flush Expired OAuth2 Access Tokens
OAuth2Api GetConsentRequest Get /oauth2/auth/requests/consent/{challenge} Get consent request information
OAuth2Api GetLoginRequest Get /oauth2/auth/requests/login/{challenge} Get an login request
OAuth2Api GetOAuth2Client Get /clients/{id} Get an OAuth 2.0 Client.
OAuth2Api GetWellKnown Get /.well-known/openid-configuration Server well known configuration
OAuth2Api IntrospectOAuth2Token Post /oauth2/introspect Introspect OAuth2 tokens
OAuth2Api ListOAuth2Clients Get /clients List OAuth 2.0 Clients
OAuth2Api ListUserConsentSessions Get /oauth2/auth/sessions/consent/{user} Lists all consent sessions of a user
OAuth2Api OauthAuth Get /oauth2/auth The OAuth 2.0 authorize endpoint
OAuth2Api OauthToken Post /oauth2/token The OAuth 2.0 token endpoint
OAuth2Api RejectConsentRequest Put /oauth2/auth/requests/consent/{challenge}/reject Reject an consent request
OAuth2Api RejectLoginRequest Put /oauth2/auth/requests/login/{challenge}/reject Reject a login request
OAuth2Api RevokeAllUserConsentSessions Delete /oauth2/auth/sessions/consent/{user} Revokes all previous consent sessions of a user
OAuth2Api RevokeAuthenticationSession Delete /oauth2/auth/sessions/login/{user} Invalidates a user's authentication session
OAuth2Api RevokeOAuth2Token Post /oauth2/revoke Revoke OAuth2 tokens
OAuth2Api RevokeUserClientConsentSessions Delete /oauth2/auth/sessions/consent/{user}/{client} Revokes consent sessions of a user for a specific OAuth 2.0 Client
OAuth2Api RevokeUserLoginCookie Get /oauth2/auth/sessions/login/revoke Logs user out by deleting the session cookie
OAuth2Api UpdateOAuth2Client Put /clients/{id} Update an OAuth 2.0 Client
OAuth2Api Userinfo Post /userinfo OpenID Connect Userinfo
OAuth2Api WellKnown Get /.well-known/jwks.json Get Well-Known JSON Web Keys
VersionApi GetVersion Get /version Get the version of Hydra

Documentation For Models

Documentation For Authorization

basic

  • Type: HTTP basic authentication

oauth2

Author

hi@ory.am

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIClient

type APIClient struct {
	// contains filtered or unexported fields
}

func (*APIClient) CallAPI

func (c *APIClient) CallAPI(path string, method string,
	postBody interface{},
	headerParams map[string]string,
	queryParams url.Values,
	formParams map[string]string,
	fileName string,
	fileBytes []byte) (*resty.Response, error)

func (*APIClient) ParameterToString

func (c *APIClient) ParameterToString(obj interface{}, collectionFormat string) string

func (*APIClient) SelectHeaderAccept

func (c *APIClient) SelectHeaderAccept(accepts []string) string

func (*APIClient) SelectHeaderContentType

func (c *APIClient) SelectHeaderContentType(contentTypes []string) string

type APIResponse

type APIResponse struct {
	*http.Response `json:"-"`
	Message        string `json:"message,omitempty"`
	// Operation is the name of the swagger operation.
	Operation string `json:"operation,omitempty"`
	// RequestURL is the request URL. This value is always available, even if the
	// embedded *http.Response is nil.
	RequestURL string `json:"url,omitempty"`
	// Method is the HTTP method used for the request.  This value is always
	// available, even if the embedded *http.Response is nil.
	Method string `json:"method,omitempty"`
	// Payload holds the contents of the response body (which may be nil or empty).
	// This is provided here as the raw response.Body() reader will have already
	// been drained.
	Payload []byte `json:"-"`
}

func NewAPIResponse

func NewAPIResponse(r *http.Response) *APIResponse

func NewAPIResponseWithError

func NewAPIResponseWithError(errorMessage string) *APIResponse

type AcceptConsentRequest

type AcceptConsentRequest struct {

	// GrantScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope`
	GrantScope []string `json:"grant_scope,omitempty"`

	// Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same client asks the same user for the same, or a subset of, scope.
	Remember bool `json:"remember,omitempty"`

	// RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely.
	RememberFor int64 `json:"remember_for,omitempty"`

	Session ConsentRequestSession `json:"session,omitempty"`
}

type AcceptLoginRequest

type AcceptLoginRequest struct {

	// ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it to express that, for example, a user authenticated using two factor authentication.
	Acr string `json:"acr,omitempty"`

	// ForceSubjectIdentifier forces the \"pairwise\" user ID of the end-user that authenticated. The \"pairwise\" user ID refers to the (Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID Connect specification. It allows you to set an obfuscated subject (\"user\") identifier that is unique to the client.  Please note that this changes the user ID on endpoint /userinfo and sub claim of the ID Token. It does not change the sub claim in the OAuth 2.0 Introspection.  Per default, ORY Hydra handles this value with its own algorithm. In case you want to set this yourself you can use this field. Please note that setting this field has no effect if `pairwise` is not configured in ORY Hydra or the OAuth 2.0 Client does not expect a pairwise identifier (set via `subject_type` key in the client's configuration).  Please also be aware that ORY Hydra is unable to properly compute this value during authentication. This implies that you have to compute this value on every authentication process (probably depending on the client ID or some other unique value).  If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail.
	ForceSubjectIdentifier string `json:"force_subject_identifier,omitempty"`

	// Remember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she will not be asked to log in again.
	Remember bool `json:"remember,omitempty"`

	// RememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely.
	RememberFor int64 `json:"remember_for,omitempty"`

	// Subject is the user ID of the end-user that authenticated.
	Subject string `json:"subject,omitempty"`
}

type AttributeTypeAndValue

type AttributeTypeAndValue struct {
	Type_ ObjectIdentifier `json:"Type,omitempty"`

	Value interface{} `json:"Value,omitempty"`
}

AttributeTypeAndValue mirrors the ASN.1 structure of the same name in http://tools.ietf.org/html/rfc5280#section-4.1.2.4

type AuthenticationSession

type AuthenticationSession struct {
	AuthenticatedAt time.Time `json:"AuthenticatedAt,omitempty"`

	ID string `json:"ID,omitempty"`

	Subject string `json:"Subject,omitempty"`
}

type Certificate

type Certificate struct {
	AuthorityKeyId []int32 `json:"AuthorityKeyId,omitempty"`

	// BasicConstraintsValid indicates whether IsCA, MaxPathLen, and MaxPathLenZero are valid.
	BasicConstraintsValid bool `json:"BasicConstraintsValid,omitempty"`

	// CRL Distribution Points
	CRLDistributionPoints []string `json:"CRLDistributionPoints,omitempty"`

	// Subject Alternate Name values. (Note that these values may not be valid if invalid values were contained within a parsed certificate. For example, an element of DNSNames may not be a valid DNS domain name.)
	DNSNames []string `json:"DNSNames,omitempty"`

	EmailAddresses []string `json:"EmailAddresses,omitempty"`

	ExcludedDNSDomains []string `json:"ExcludedDNSDomains,omitempty"`

	ExcludedEmailAddresses []string `json:"ExcludedEmailAddresses,omitempty"`

	ExcludedIPRanges []IpNet `json:"ExcludedIPRanges,omitempty"`

	ExcludedURIDomains []string `json:"ExcludedURIDomains,omitempty"`

	ExtKeyUsage []ExtKeyUsage `json:"ExtKeyUsage,omitempty"`

	// Extensions contains raw X.509 extensions. When parsing certificates, this can be used to extract non-critical extensions that are not parsed by this package. When marshaling certificates, the Extensions field is ignored, see ExtraExtensions.
	Extensions []Extension `json:"Extensions,omitempty"`

	// ExtraExtensions contains extensions to be copied, raw, into any marshaled certificates. Values override any extensions that would otherwise be produced based on the other fields. The ExtraExtensions field is not populated when parsing certificates, see Extensions.
	ExtraExtensions []Extension `json:"ExtraExtensions,omitempty"`

	IPAddresses []Ip `json:"IPAddresses,omitempty"`

	IsCA bool `json:"IsCA,omitempty"`

	Issuer Name `json:"Issuer,omitempty"`

	IssuingCertificateURL []string `json:"IssuingCertificateURL,omitempty"`

	KeyUsage KeyUsage `json:"KeyUsage,omitempty"`

	// MaxPathLen and MaxPathLenZero indicate the presence and value of the BasicConstraints' \"pathLenConstraint\".  When parsing a certificate, a positive non-zero MaxPathLen means that the field was specified, -1 means it was unset, and MaxPathLenZero being true mean that the field was explicitly set to zero. The case of MaxPathLen==0 with MaxPathLenZero==false should be treated equivalent to -1 (unset).  When generating a certificate, an unset pathLenConstraint can be requested with either MaxPathLen == -1 or using the zero value for both MaxPathLen and MaxPathLenZero.
	MaxPathLen int64 `json:"MaxPathLen,omitempty"`

	// MaxPathLenZero indicates that BasicConstraintsValid==true and MaxPathLen==0 should be interpreted as an actual maximum path length of zero. Otherwise, that combination is interpreted as MaxPathLen not being set.
	MaxPathLenZero bool `json:"MaxPathLenZero,omitempty"`

	NotBefore time.Time `json:"NotBefore,omitempty"`

	// RFC 5280, 4.2.2.1 (Authority Information Access)
	OCSPServer []string `json:"OCSPServer,omitempty"`

	PermittedDNSDomains []string `json:"PermittedDNSDomains,omitempty"`

	// Name constraints
	PermittedDNSDomainsCritical bool `json:"PermittedDNSDomainsCritical,omitempty"`

	PermittedEmailAddresses []string `json:"PermittedEmailAddresses,omitempty"`

	PermittedIPRanges []IpNet `json:"PermittedIPRanges,omitempty"`

	PermittedURIDomains []string `json:"PermittedURIDomains,omitempty"`

	PolicyIdentifiers []ObjectIdentifier `json:"PolicyIdentifiers,omitempty"`

	PublicKey interface{} `json:"PublicKey,omitempty"`

	PublicKeyAlgorithm PublicKeyAlgorithm `json:"PublicKeyAlgorithm,omitempty"`

	Raw []int32 `json:"Raw,omitempty"`

	RawIssuer []int32 `json:"RawIssuer,omitempty"`

	RawSubject []int32 `json:"RawSubject,omitempty"`

	RawSubjectPublicKeyInfo []int32 `json:"RawSubjectPublicKeyInfo,omitempty"`

	RawTBSCertificate []int32 `json:"RawTBSCertificate,omitempty"`

	SerialNumber ModelInt `json:"SerialNumber,omitempty"`

	Signature []int32 `json:"Signature,omitempty"`

	SignatureAlgorithm SignatureAlgorithm `json:"SignatureAlgorithm,omitempty"`

	Subject Name `json:"Subject,omitempty"`

	SubjectKeyId []int32 `json:"SubjectKeyId,omitempty"`

	URIs []Url `json:"URIs,omitempty"`

	// UnhandledCriticalExtensions contains a list of extension IDs that were not (fully) processed when parsing. Verify will fail if this slice is non-empty, unless verification is delegated to an OS library which understands all the critical extensions.  Users can access these extensions using Extensions and can remove elements from this slice if they believe that they have been handled.
	UnhandledCriticalExtensions []ObjectIdentifier `json:"UnhandledCriticalExtensions,omitempty"`

	UnknownExtKeyUsage []ObjectIdentifier `json:"UnknownExtKeyUsage,omitempty"`

	Version int64 `json:"Version,omitempty"`
}

type CompletedRequest

type CompletedRequest struct {

	// RedirectURL is the URL which you should redirect the user to once the authentication process is completed.
	RedirectTo string `json:"redirect_to,omitempty"`
}

type Configuration

type Configuration struct {
	Username      string            `json:"userName,omitempty"`
	Password      string            `json:"password,omitempty"`
	APIKeyPrefix  map[string]string `json:"APIKeyPrefix,omitempty"`
	APIKey        map[string]string `json:"APIKey,omitempty"`
	Debug         bool              `json:"debug,omitempty"`
	DebugFile     string            `json:"debugFile,omitempty"`
	OAuthToken    string            `json:"oAuthToken,omitempty"`
	BasePath      string            `json:"basePath,omitempty"`
	Host          string            `json:"host,omitempty"`
	Scheme        string            `json:"scheme,omitempty"`
	AccessToken   string            `json:"accessToken,omitempty"`
	DefaultHeader map[string]string `json:"defaultHeader,omitempty"`
	UserAgent     string            `json:"userAgent,omitempty"`
	APIClient     *APIClient
	Transport     http.RoundTripper
	Timeout       *time.Duration `json:"timeout,omitempty"`
}

func NewConfiguration

func NewConfiguration() *Configuration

func (*Configuration) AddDefaultHeader

func (c *Configuration) AddDefaultHeader(key string, value string)

func (*Configuration) GetAPIKeyWithPrefix

func (c *Configuration) GetAPIKeyWithPrefix(APIKeyIdentifier string) string

func (*Configuration) GetBasicAuthEncodedString

func (c *Configuration) GetBasicAuthEncodedString() string

type ConsentRequest

type ConsentRequest struct {

	// Challenge is the identifier (\"authorization challenge\") of the consent authorization request. It is used to identify the session.
	Challenge string `json:"challenge,omitempty"`

	Client OAuth2Client `json:"client,omitempty"`

	OidcContext OpenIdConnectContext `json:"oidc_context,omitempty"`

	// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters.
	RequestUrl string `json:"request_url,omitempty"`

	// RequestedScope contains all scopes requested by the OAuth 2.0 client.
	RequestedScope []string `json:"requested_scope,omitempty"`

	// Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the consent request using the usual API call.
	Skip bool `json:"skip,omitempty"`

	// Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client.
	Subject string `json:"subject,omitempty"`
}

type ConsentRequestSession

type ConsentRequestSession struct {

	// AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the refresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection. If only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties can access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!
	AccessToken map[string]interface{} `json:"access_token,omitempty"`

	// IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable by anyone that has access to the ID Challenge. Use with care!
	IdToken map[string]interface{} `json:"id_token,omitempty"`
}

type ExtKeyUsage

type ExtKeyUsage struct {
}

Each of the ExtKeyUsage* constants define a unique action.

type Extension

type Extension struct {
	Critical bool `json:"Critical,omitempty"`

	Id ObjectIdentifier `json:"Id,omitempty"`

	Value []int32 `json:"Value,omitempty"`
}

Extension represents the ASN.1 structure of the same name. See RFC 5280, section 4.2.

type FlushInactiveOAuth2TokensRequest added in v0.11.10

type FlushInactiveOAuth2TokensRequest struct {

	// NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history of recently issued tokens for auditing.
	NotAfter time.Time `json:"notAfter,omitempty"`
}

type HealthApi

type HealthApi struct {
	Configuration *Configuration
}

func NewHealthApi

func NewHealthApi() *HealthApi

func NewHealthApiWithBasePath

func NewHealthApiWithBasePath(basePath string) *HealthApi

func (HealthApi) IsInstanceAlive

func (a HealthApi) IsInstanceAlive() (*HealthStatus, *APIResponse, error)

*

  • Check the Alive Status
  • This endpoint returns a 200 status code when the HTTP server is up running. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Hydra, the health status will never refer to the cluster state, only to a single instance. *
  • @return *HealthStatus

func (HealthApi) IsInstanceReady

func (a HealthApi) IsInstanceReady() (*HealthStatus, *APIResponse, error)

*

  • Check the Readiness Status
  • This endpoint returns a 200 status code when the HTTP server is up running and the environment dependencies (e.g. the database) are responsive as well. This status does currently not include checks whether the database connection is working. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Hydra, the health status will never refer to the cluster state, only to a single instance. *
  • @return *HealthStatus

type HealthNotReadyStatus

type HealthNotReadyStatus struct {

	// Errors contains a list of errors that caused the not ready status.
	Errors map[string]string `json:"errors,omitempty"`
}

type HealthStatus

type HealthStatus struct {

	// Status always contains \"ok\".
	Status string `json:"status,omitempty"`
}

type InlineResponse401

type InlineResponse401 struct {
	Error_ string `json:"error,omitempty"`

	ErrorCode int64 `json:"error_code,omitempty"`

	ErrorDebug int64 `json:"error_debug,omitempty"`

	ErrorHint string `json:"error_hint,omitempty"`
}

type Ip

type Ip struct {
}

Note that in this documentation, referring to an IP address as an IPv4 address or an IPv6 address is a semantic property of the address, not just the length of the byte slice: a 16-byte slice can still be an IPv4 address.

type IpMask

type IpMask struct {
}

type IpNet

type IpNet struct {
	IP Ip `json:"IP,omitempty"`

	Mask IpMask `json:"Mask,omitempty"`
}

type JoseWebKeySetRequest

type JoseWebKeySetRequest struct {
	Keys []RawMessage `json:"keys,omitempty"`
}

type JsonWebKey

type JsonWebKey struct {

	// The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key.  The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name.
	Alg string `json:"alg,omitempty"`

	Crv string `json:"crv,omitempty"`

	D string `json:"d,omitempty"`

	Dp string `json:"dp,omitempty"`

	Dq string `json:"dq,omitempty"`

	E string `json:"e,omitempty"`

	K string `json:"k,omitempty"`

	// The \"kid\" (key ID) parameter is used to match a specific key.  This is used, for instance, to choose among a set of keys within a JWK Set during key rollover.  The structure of the \"kid\" value is unspecified.  When \"kid\" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct \"kid\" values.  (One example in which different keys might use the same \"kid\" value is if they have different \"kty\" (key type) values but are considered to be equivalent alternatives by the application using them.)  The \"kid\" value is a case-sensitive string.
	Kid string `json:"kid,omitempty"`

	// The \"kty\" (key type) parameter identifies the cryptographic algorithm family used with the key, such as \"RSA\" or \"EC\". \"kty\" values should either be registered in the IANA \"JSON Web Key Types\" registry established by [JWA] or be a value that contains a Collision- Resistant Name.  The \"kty\" value is a case-sensitive string.
	Kty string `json:"kty,omitempty"`

	N string `json:"n,omitempty"`

	P string `json:"p,omitempty"`

	Q string `json:"q,omitempty"`

	Qi string `json:"qi,omitempty"`

	// The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly \"sig\" (signature) or \"enc\" (encryption).
	Use string `json:"use,omitempty"`

	X string `json:"x,omitempty"`

	// The \"x5c\" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280].  The certificate chain is represented as a JSON array of certificate value strings.  Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate.
	X5c []string `json:"x5c,omitempty"`

	Y string `json:"y,omitempty"`
}

type JsonWebKeyApi

type JsonWebKeyApi struct {
	Configuration *Configuration
}

func NewJsonWebKeyApi

func NewJsonWebKeyApi() *JsonWebKeyApi

func NewJsonWebKeyApiWithBasePath

func NewJsonWebKeyApiWithBasePath(basePath string) *JsonWebKeyApi

func (JsonWebKeyApi) CreateJsonWebKeySet

func (a JsonWebKeyApi) CreateJsonWebKeySet(set string, body JsonWebKeySetGeneratorRequest) (*JsonWebKeySet, *APIResponse, error)

*

  • Generate a new JSON Web Key
  • This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. *
  • @param set The set
  • @param body
  • @return *JsonWebKeySet

func (JsonWebKeyApi) DeleteJsonWebKey

func (a JsonWebKeyApi) DeleteJsonWebKey(kid string, set string) (*APIResponse, error)

*

  • Delete a JSON Web Key
  • Use this endpoint to delete a single JSON Web Key. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. *
  • @param kid The kid of the desired key
  • @param set The set
  • @return void

func (JsonWebKeyApi) DeleteJsonWebKeySet

func (a JsonWebKeyApi) DeleteJsonWebKeySet(set string) (*APIResponse, error)

*

  • Delete a JSON Web Key Set
  • Use this endpoint to delete a complete JSON Web Key Set and all the keys in that set. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. *
  • @param set The set
  • @return void

func (JsonWebKeyApi) GetJsonWebKey

func (a JsonWebKeyApi) GetJsonWebKey(kid string, set string) (*JsonWebKeySet, *APIResponse, error)

*

  • Retrieve a JSON Web Key
  • This endpoint can be used to retrieve JWKs stored in ORY Hydra. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. *
  • @param kid The kid of the desired key
  • @param set The set
  • @return *JsonWebKeySet

func (JsonWebKeyApi) GetJsonWebKeySet

func (a JsonWebKeyApi) GetJsonWebKeySet(set string) (*JsonWebKeySet, *APIResponse, error)

*

  • Retrieve a JSON Web Key Set
  • This endpoint can be used to retrieve JWK Sets stored in ORY Hydra. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. *
  • @param set The set
  • @return *JsonWebKeySet

func (JsonWebKeyApi) UpdateJsonWebKey

func (a JsonWebKeyApi) UpdateJsonWebKey(kid string, set string, body JsonWebKey) (*JsonWebKey, *APIResponse, error)

*

  • Update a JSON Web Key
  • Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. *
  • @param kid The kid of the desired key
  • @param set The set
  • @param body
  • @return *JsonWebKey

func (JsonWebKeyApi) UpdateJsonWebKeySet

func (a JsonWebKeyApi) UpdateJsonWebKeySet(set string, body JsonWebKeySet) (*JsonWebKeySet, *APIResponse, error)

*

  • Update a JSON Web Key Set
  • Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. *
  • @param set The set
  • @param body
  • @return *JsonWebKeySet

type JsonWebKeySet

type JsonWebKeySet struct {

	// The value of the \"keys\" parameter is an array of JWK values.  By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired.
	Keys []JsonWebKey `json:"keys,omitempty"`
}

type JsonWebKeySetGeneratorRequest

type JsonWebKeySetGeneratorRequest struct {

	// The algorithm to be used for creating the key. Supports \"RS256\", \"ES512\", \"HS512\", and \"HS256\"
	Alg string `json:"alg"`

	// The kid of the key to be created
	Kid string `json:"kid"`

	// The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Valid values are \"enc\" and \"sig\".
	Use string `json:"use"`
}

type KeyUsage

type KeyUsage struct {
}

KeyUsage represents the set of actions that are valid for a given key. It's a bitmap of the KeyUsage* constants.

type LoginRequest

type LoginRequest struct {

	// Challenge is the identifier (\"authentication challenge\") of the consent authentication request. It is used to identify the session.
	Challenge string `json:"challenge,omitempty"`

	Client OAuth2Client `json:"client,omitempty"`

	OidcContext OpenIdConnectContext `json:"oidc_context,omitempty"`

	// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but might come in handy if you want to deal with additional request parameters.
	RequestUrl string `json:"request_url,omitempty"`

	// RequestedScope contains all scopes requested by the OAuth 2.0 client.
	RequestedScope []string `json:"requested_scope,omitempty"`

	// Skip, if true, implies that the client has requested the same scopes from the same user previously. If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.  This feature allows you to update / set session information.
	Skip bool `json:"skip,omitempty"`

	// Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type when accepting the login request, or the request will fail.
	Subject string `json:"subject,omitempty"`
}

type MetricsApi

type MetricsApi struct {
	Configuration *Configuration
}

func NewMetricsApi

func NewMetricsApi() *MetricsApi

func NewMetricsApiWithBasePath

func NewMetricsApiWithBasePath(basePath string) *MetricsApi

func (MetricsApi) GetPrometheusMetrics

func (a MetricsApi) GetPrometheusMetrics() (*APIResponse, error)

*

  • Retrieve Prometheus metrics
  • This endpoint returns metrics formatted for Prometheus. *
  • @return void

type ModelInt

type ModelInt struct {
}

The zero value for an Int represents the value 0.

type Name

type Name struct {
	Country []string `json:"Country,omitempty"`

	ExtraNames []AttributeTypeAndValue `json:"ExtraNames,omitempty"`

	Locality []string `json:"Locality,omitempty"`

	Names []AttributeTypeAndValue `json:"Names,omitempty"`

	SerialNumber string `json:"SerialNumber,omitempty"`

	StreetAddress []string `json:"StreetAddress,omitempty"`
}

Name represents an X.509 distinguished name. This only includes the common elements of a DN. When parsing, all elements are stored in Names and non-standard elements can be extracted from there. When marshaling, elements in ExtraNames are appended and override other values with the same OID.

type OAuth2Api

type OAuth2Api struct {
	Configuration *Configuration
}

func NewOAuth2Api

func NewOAuth2Api() *OAuth2Api

func NewOAuth2ApiWithBasePath

func NewOAuth2ApiWithBasePath(basePath string) *OAuth2Api

func (OAuth2Api) AcceptConsentRequest

func (a OAuth2Api) AcceptConsentRequest(challenge string, body AcceptConsentRequest) (*CompletedRequest, *APIResponse, error)

*

  • Accept an consent request
  • When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider to authenticate the user and then tell ORY Hydra now about it. If the user authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the user's behalf. The consent provider which handles this request and is a web app implemented and hosted by you. It shows a user interface which asks the user to grant or deny the client access to the requested scope (\"Application my-dropbox-app wants write access to all your private files\"). The consent challenge is appended to the consent provider's URL to which the user's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells ORY Hydra if the user accepted or rejected the request. This endpoint tells ORY Hydra that the user has authorized the OAuth 2.0 client to access resources on his/her behalf. The consent provider includes additional information, such as session data for access and ID tokens, and if the consent request should be used as basis for future requests. The response contains a redirect URL which the consent provider should redirect the user-agent to. *
  • @param challenge
  • @param body
  • @return *CompletedRequest

func (OAuth2Api) AcceptLoginRequest

func (a OAuth2Api) AcceptLoginRequest(challenge string, body AcceptLoginRequest) (*CompletedRequest, *APIResponse, error)

*

  • Accept an login request
  • When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider (sometimes called \"identity provider\") to authenticate the user and then tell ORY Hydra now about it. The login provider is an web-app you write and host, and it must be able to authenticate (\"show the user a login screen\") a user (in OAuth2 the proper name for user is \"resource owner\"). The authentication challenge is appended to the login provider URL to which the user's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process. This endpoint tells ORY Hydra that the user has successfully authenticated and includes additional information such as the user's ID and if ORY Hydra should remember the user's user agent for future authentication attempts by setting a cookie. The response contains a redirect URL which the login provider should redirect the user-agent to. *
  • @param challenge
  • @param body
  • @return *CompletedRequest

func (OAuth2Api) CreateOAuth2Client

func (a OAuth2Api) CreateOAuth2Client(body OAuth2Client) (*OAuth2Client, *APIResponse, error)

*

  • Create an OAuth 2.0 client
  • Create a new OAuth 2.0 client If you pass `client_secret` the secret will be used, otherwise a random secret will be generated. The secret will be returned in the response and you will not be able to retrieve it later on. Write the secret down and keep it somwhere safe. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. *
  • @param body
  • @return *OAuth2Client

func (OAuth2Api) DeleteOAuth2Client

func (a OAuth2Api) DeleteOAuth2Client(id string) (*APIResponse, error)

*

  • Deletes an OAuth 2.0 Client
  • Delete an existing OAuth 2.0 Client by its ID. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. *
  • @param id The id of the OAuth 2.0 Client.
  • @return void

func (OAuth2Api) FlushInactiveOAuth2Tokens added in v0.11.10

func (a OAuth2Api) FlushInactiveOAuth2Tokens(body FlushInactiveOAuth2TokensRequest) (*APIResponse, error)

*

  • Flush Expired OAuth2 Access Tokens
  • This endpoint flushes expired OAuth2 access tokens from the database. You can set a time after which no tokens will be not be touched, in case you want to keep recent tokens for auditing. Refresh tokens can not be flushed as they are deleted automatically when performing the refresh flow. *
  • @param body
  • @return void

func (OAuth2Api) GetConsentRequest

func (a OAuth2Api) GetConsentRequest(challenge string) (*ConsentRequest, *APIResponse, error)

*

  • Get consent request information
  • When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider to authenticate the user and then tell ORY Hydra now about it. If the user authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the user's behalf. The consent provider which handles this request and is a web app implemented and hosted by you. It shows a user interface which asks the user to grant or deny the client access to the requested scope (\"Application my-dropbox-app wants write access to all your private files\"). The consent challenge is appended to the consent provider's URL to which the user's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells ORY Hydra if the user accepted or rejected the request. *
  • @param challenge
  • @return *ConsentRequest

func (OAuth2Api) GetLoginRequest

func (a OAuth2Api) GetLoginRequest(challenge string) (*LoginRequest, *APIResponse, error)

*

  • Get an login request
  • When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider (sometimes called \"identity provider\") to authenticate the user and then tell ORY Hydra now about it. The login provider is an web-app you write and host, and it must be able to authenticate (\"show the user a login screen\") a user (in OAuth2 the proper name for user is \"resource owner\"). The authentication challenge is appended to the login provider URL to which the user's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process. *
  • @param challenge
  • @return *LoginRequest

func (OAuth2Api) GetOAuth2Client

func (a OAuth2Api) GetOAuth2Client(id string) (*OAuth2Client, *APIResponse, error)

*

  • Get an OAuth 2.0 Client.
  • Get an OAUth 2.0 client by its ID. This endpoint never returns passwords. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. *
  • @param id The id of the OAuth 2.0 Client.
  • @return *OAuth2Client

func (OAuth2Api) GetWellKnown

func (a OAuth2Api) GetWellKnown() (*WellKnown, *APIResponse, error)

*

  • Server well known configuration
  • The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll your own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this flow at https://openid.net/specs/openid-connect-discovery-1_0.html *
  • @return *WellKnown

func (OAuth2Api) IntrospectOAuth2Token

func (a OAuth2Api) IntrospectOAuth2Token(token string, scope string) (*OAuth2TokenIntrospection, *APIResponse, error)

*

  • Introspect OAuth2 tokens
  • The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token is neither expired nor revoked. If a token is active, additional information on the token will be included. You can set additional data for a token by setting `accessTokenExtra` during the consent flow. *
  • @param token The string value of the token. For access tokens, this is the \"access_token\" value returned from the token endpoint defined in OAuth 2.0 [RFC6749], Section 5.1. This endpoint DOES NOT accept refresh tokens for validation.
  • @param scope An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false.
  • @return *OAuth2TokenIntrospection

func (OAuth2Api) ListOAuth2Clients

func (a OAuth2Api) ListOAuth2Clients(limit int64, offset int64) ([]OAuth2Client, *APIResponse, error)

*

  • List OAuth 2.0 Clients
  • This endpoint lists all clients in the database, and never returns client secrets. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. *
  • @param limit The maximum amount of policies returned.
  • @param offset The offset from where to start looking.
  • @return []OAuth2Client

func (OAuth2Api) ListUserConsentSessions

func (a OAuth2Api) ListUserConsentSessions(user string) ([]PreviousConsentSession, *APIResponse, error)

*

  • Lists all consent sessions of a user
  • This endpoint lists all user's granted consent sessions, including client and granted scope *
  • @param user
  • @return []PreviousConsentSession

func (OAuth2Api) OauthAuth

func (a OAuth2Api) OauthAuth() (*APIResponse, error)

*

  • The OAuth 2.0 authorize endpoint
  • This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows. OAuth2 is a very popular protocol and a library for your programming language will exists. To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749 *
  • @return void

func (OAuth2Api) OauthToken

func (a OAuth2Api) OauthToken() (*OauthTokenResponse, *APIResponse, error)

*

  • The OAuth 2.0 token endpoint
  • This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows. OAuth2 is a very popular protocol and a library for your programming language will exists. To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749 *
  • @return *OauthTokenResponse

func (OAuth2Api) RejectConsentRequest

func (a OAuth2Api) RejectConsentRequest(challenge string, body RejectRequest) (*CompletedRequest, *APIResponse, error)

*

  • Reject an consent request
  • When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider to authenticate the user and then tell ORY Hydra now about it. If the user authenticated, he/she must now be asked if the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the user's behalf. The consent provider which handles this request and is a web app implemented and hosted by you. It shows a user interface which asks the user to grant or deny the client access to the requested scope (\"Application my-dropbox-app wants write access to all your private files\"). The consent challenge is appended to the consent provider's URL to which the user's user-agent (browser) is redirected to. The consent provider uses that challenge to fetch information on the OAuth2 request and then tells ORY Hydra if the user accepted or rejected the request. This endpoint tells ORY Hydra that the user has not authorized the OAuth 2.0 client to access resources on his/her behalf. The consent provider must include a reason why the consent was not granted. The response contains a redirect URL which the consent provider should redirect the user-agent to. *
  • @param challenge
  • @param body
  • @return *CompletedRequest

func (OAuth2Api) RejectLoginRequest

func (a OAuth2Api) RejectLoginRequest(challenge string, body RejectRequest) (*CompletedRequest, *APIResponse, error)

*

  • Reject a login request
  • When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, ORY Hydra asks the login provider (sometimes called \"identity provider\") to authenticate the user and then tell ORY Hydra now about it. The login provider is an web-app you write and host, and it must be able to authenticate (\"show the user a login screen\") a user (in OAuth2 the proper name for user is \"resource owner\"). The authentication challenge is appended to the login provider URL to which the user's user-agent (browser) is redirected to. The login provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process. This endpoint tells ORY Hydra that the user has not authenticated and includes a reason why the authentication was be denied. The response contains a redirect URL which the login provider should redirect the user-agent to. *
  • @param challenge
  • @param body
  • @return *CompletedRequest

func (OAuth2Api) RevokeAllUserConsentSessions

func (a OAuth2Api) RevokeAllUserConsentSessions(user string) (*APIResponse, error)

*

  • Revokes all previous consent sessions of a user
  • This endpoint revokes a user's granted consent sessions and invalidates all associated OAuth 2.0 Access Tokens. *
  • @param user
  • @return void

func (OAuth2Api) RevokeAuthenticationSession

func (a OAuth2Api) RevokeAuthenticationSession(user string) (*APIResponse, error)

*

  • Invalidates a user's authentication session
  • This endpoint invalidates a user's authentication session. After revoking the authentication session, the user has to re-authenticate at ORY Hydra. This endpoint does not invalidate any tokens. *
  • @param user
  • @return void

func (OAuth2Api) RevokeOAuth2Token

func (a OAuth2Api) RevokeOAuth2Token(token string) (*APIResponse, error)

*

  • Revoke OAuth2 tokens
  • Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no longer be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token. Revoking a refresh token also invalidates the access token that was created with it. *
  • @param token
  • @return void

func (OAuth2Api) RevokeUserClientConsentSessions

func (a OAuth2Api) RevokeUserClientConsentSessions(user string, client string) (*APIResponse, error)

*

  • Revokes consent sessions of a user for a specific OAuth 2.0 Client
  • This endpoint revokes a user's granted consent sessions for a specific OAuth 2.0 Client and invalidates all associated OAuth 2.0 Access Tokens. *
  • @param user
  • @param client
  • @return void

func (OAuth2Api) RevokeUserLoginCookie

func (a OAuth2Api) RevokeUserLoginCookie() (*APIResponse, error)

*

  • Logs user out by deleting the session cookie
  • This endpoint deletes ths user's login session cookie and redirects the browser to the url listed in `LOGOUT_REDIRECT_URL` environment variable. This endpoint does not work as an API but has to be called from the user's browser. *
  • @return void

func (OAuth2Api) UpdateOAuth2Client

func (a OAuth2Api) UpdateOAuth2Client(id string, body OAuth2Client) (*OAuth2Client, *APIResponse, error)

*

  • Update an OAuth 2.0 Client
  • Update an existing OAuth 2.0 Client. If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. *
  • @param id
  • @param body
  • @return *OAuth2Client

func (OAuth2Api) Userinfo added in v0.10.4

func (a OAuth2Api) Userinfo() (*UserinfoResponse, *APIResponse, error)

*

func (OAuth2Api) WellKnown

func (a OAuth2Api) WellKnown() (*JsonWebKeySet, *APIResponse, error)

*

  • Get Well-Known JSON Web Keys
  • Returns metadata for discovering important JSON Web Keys. Currently, this endpoint returns the public key for verifying OpenID Connect ID Tokens. A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well. *
  • @return *JsonWebKeySet

type OAuth2Client

type OAuth2Client struct {

	// ClientID  is the id for this client.
	ClientId string `json:"client_id,omitempty"`

	// Name is the human-readable string name of the client to be presented to the end-user during authorization.
	ClientName string `json:"client_name,omitempty"`

	// Secret is the client's secret. The secret will be included in the create request as cleartext, and then never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users that they need to write the secret down as it will not be made available again.
	ClientSecret string `json:"client_secret,omitempty"`

	// SecretExpiresAt is an integer holding the time at which the client secret will expire or 0 if it will not expire. The time is represented as the number of seconds from 1970-01-01T00:00:00Z as measured in UTC until the date/time of expiration.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty"`

	// ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion.
	ClientUri string `json:"client_uri,omitempty"`

	// Contacts is a array of strings representing ways to contact people responsible for this client, typically email addresses.
	Contacts []string `json:"contacts,omitempty"`

	// GrantTypes is an array of grant types the client is allowed to use.
	GrantTypes []string `json:"grant_types,omitempty"`

	Jwks JsonWebKeySet `json:"jwks,omitempty"`

	// URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
	JwksUri string `json:"jwks_uri,omitempty"`

	// LogoURI is an URL string that references a logo for the client.
	LogoUri string `json:"logo_uri,omitempty"`

	// Owner is a string identifying the owner of the OAuth 2.0 Client.
	Owner string `json:"owner,omitempty"`

	// PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data.
	PolicyUri string `json:"policy_uri,omitempty"`

	// RedirectURIs is an array of allowed redirect urls for the client, for example http://mydomain/oauth/callback .
	RedirectUris []string `json:"redirect_uris,omitempty"`

	// JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects from this Client MUST be rejected, if not signed with this algorithm.
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty"`

	// Array of request_uri values that are pre-registered by the RP for use at the OP. Servers MAY cache the contents of the files referenced by these URIs and not retrieve them at the time they are used in a request. OPs can require that request_uri values used be pre-registered with the require_request_uri_registration discovery parameter.
	RequestUris []string `json:"request_uris,omitempty"`

	// ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
	ResponseTypes []string `json:"response_types,omitempty"`

	// Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
	Scope string `json:"scope,omitempty"`

	// URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values.
	SectorIdentifierUri string `json:"sector_identifier_uri,omitempty"`

	// SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.
	SubjectType string `json:"subject_type,omitempty"`

	// Requested Client Authentication method for the Token Endpoint. The options are client_secret_post, client_secret_basic, private_key_jwt, and none.
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`

	// TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client.
	TosUri string `json:"tos_uri,omitempty"`

	// JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims as a UTF-8 encoded JSON object using the application/json content-type.
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty"`
}

type OAuth2TokenIntrospection

type OAuth2TokenIntrospection struct {

	// Active is a boolean indicator of whether or not the presented token is currently active.  The specifics of a token's \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time).
	Active bool `json:"active"`

	Aud []string `json:"aud,omitempty"`

	// ClientID is aclient identifier for the OAuth 2.0 client that requested this token.
	ClientId string `json:"client_id,omitempty"`

	// Expires at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire.
	Exp int64 `json:"exp,omitempty"`

	// Extra is arbitrary data set by the session.
	Ext map[string]interface{} `json:"ext,omitempty"`

	// Issued at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token was originally issued.
	Iat int64 `json:"iat,omitempty"`

	// IssuerURL is a string representing the issuer of this token
	Iss string `json:"iss,omitempty"`

	// NotBefore is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before.
	Nbf int64 `json:"nbf,omitempty"`

	// ObfuscatedSubject is set when the subject identifier algorithm was set to \"pairwise\" during authorization. It is the `sub` value of the ID Token that was issued.
	ObfuscatedSubject string `json:"obfuscated_subject,omitempty"`

	// Scope is a JSON string containing a space-separated list of scopes associated with this token.
	Scope string `json:"scope,omitempty"`

	// Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token.
	Sub string `json:"sub,omitempty"`

	// TokenType is the introspected token's type, for example `access_token` or `refresh_token`.
	TokenType string `json:"token_type,omitempty"`

	// Username is a human-readable identifier for the resource owner who authorized this token.
	Username string `json:"username,omitempty"`
}

https://tools.ietf.org/html/rfc7662

type OauthTokenResponse added in v0.11.10

type OauthTokenResponse struct {

	// The access token issued by the authorization server.
	AccessToken string `json:"access_token,omitempty"`

	// The lifetime in seconds of the access token.  For example, the value \"3600\" denotes that the access token will expire in one hour from the time the response was generated.
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// To retrieve a refresh token request the id_token scope.
	IdToken int64 `json:"id_token,omitempty"`

	// The refresh token, which can be used to obtain new access tokens. To retrieve it add the scope \"offline\" to your access token request.
	RefreshToken string `json:"refresh_token,omitempty"`

	// The scope of the access token
	Scope int64 `json:"scope,omitempty"`

	// The type of the token issued
	TokenType string `json:"token_type,omitempty"`
}

The token response

type ObjectIdentifier

type ObjectIdentifier struct {
}

type OpenIdConnectContext

type OpenIdConnectContext struct {

	// ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.  OpenID Connect defines it as follows: > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter.
	AcrValues []string `json:"acr_values,omitempty"`

	// Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User. The defined values are: page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode. popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over. touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface. wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a \"feature phone\" type display.  The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.
	Display string `json:"display,omitempty"`

	// IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the End-User's current or past authenticated session with the Client.
	IdTokenHintClaims map[string]interface{} `json:"id_token_hint_claims,omitempty"`

	// LoginHint hints about the login identifier the End-User might use to log in (if necessary). This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier) and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a phone number in the format specified for the phone_number Claim. The use of this parameter is optional.
	LoginHint string `json:"login_hint,omitempty"`

	// UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value \"fr-CA fr en\" represents a preference for French as spoken in Canada, then French (without a region designation), followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested locales are not supported by the OpenID Provider.
	UiLocales []string `json:"ui_locales,omitempty"`
}

type PreviousConsentSession

type PreviousConsentSession struct {
	ConsentRequest ConsentRequest `json:"consent_request,omitempty"`

	// GrantScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope`
	GrantScope []string `json:"grant_scope,omitempty"`

	// Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same client asks the same user for the same, or a subset of, scope.
	Remember bool `json:"remember,omitempty"`

	// RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely.
	RememberFor int64 `json:"remember_for,omitempty"`

	Session ConsentRequestSession `json:"session,omitempty"`
}

The response used to return handled consent requests same as HandledAuthenticationRequest, just with consent_request exposed as json

type PublicKeyAlgorithm

type PublicKeyAlgorithm struct {
}

type RawMessage

type RawMessage struct {
}

It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding.

type RejectRequest

type RejectRequest struct {
	Error_ string `json:"error,omitempty"`

	ErrorDebug string `json:"error_debug,omitempty"`

	ErrorDescription string `json:"error_description,omitempty"`

	ErrorHint string `json:"error_hint,omitempty"`

	StatusCode int64 `json:"status_code,omitempty"`
}

type SignatureAlgorithm

type SignatureAlgorithm struct {
}

type SwaggerFlushInactiveAccessTokens added in v0.11.10

type SwaggerFlushInactiveAccessTokens struct {
	Body FlushInactiveOAuth2TokensRequest `json:"Body,omitempty"`
}

type SwaggerJsonWebKeyQuery

type SwaggerJsonWebKeyQuery struct {

	// The kid of the desired key in: path
	Kid string `json:"kid"`

	// The set in: path
	Set string `json:"set"`
}

type SwaggerJwkCreateSet

type SwaggerJwkCreateSet struct {
	Body JsonWebKeySetGeneratorRequest `json:"Body,omitempty"`

	// The set in: path
	Set string `json:"set"`
}

type SwaggerJwkSetQuery

type SwaggerJwkSetQuery struct {

	// The set in: path
	Set string `json:"set"`
}

type SwaggerJwkUpdateSet

type SwaggerJwkUpdateSet struct {
	Body JsonWebKeySet `json:"Body,omitempty"`

	// The set in: path
	Set string `json:"set"`
}

type SwaggerJwkUpdateSetKey

type SwaggerJwkUpdateSetKey struct {
	Body JsonWebKey `json:"Body,omitempty"`

	// The kid of the desired key in: path
	Kid string `json:"kid"`

	// The set in: path
	Set string `json:"set"`
}

type SwaggerOAuthIntrospectionRequest

type SwaggerOAuthIntrospectionRequest struct {

	// An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false.  in: formData
	Scope string `json:"scope,omitempty"`

	// The string value of the token. For access tokens, this is the \"access_token\" value returned from the token endpoint defined in OAuth 2.0 [RFC6749], Section 5.1. This endpoint DOES NOT accept refresh tokens for validation.
	Token string `json:"token"`
}

type SwaggerRevokeOAuth2TokenParameters

type SwaggerRevokeOAuth2TokenParameters struct {

	// in: formData
	Token string `json:"token"`
}

type Url

type Url struct {
	ForceQuery bool `json:"ForceQuery,omitempty"`

	Fragment string `json:"Fragment,omitempty"`

	Host string `json:"Host,omitempty"`

	Opaque string `json:"Opaque,omitempty"`

	Path string `json:"Path,omitempty"`

	RawPath string `json:"RawPath,omitempty"`

	RawQuery string `json:"RawQuery,omitempty"`

	Scheme string `json:"Scheme,omitempty"`

	User Userinfo `json:"User,omitempty"`
}

The general form represented is: [scheme:][//[userinfo@]host][/]path[?query][#fragment] URLs that do not start with a slash after the scheme are interpreted as: scheme:opaque[?query][#fragment] Note that the Path field is stored in decoded form: /%47%6f%2f becomes /Go/. A consequence is that it is impossible to tell which slashes in the Path were slashes in the raw URL and which were %2f. This distinction is rarely important, but when it is, code must not use Path directly. The Parse function sets both Path and RawPath in the URL it returns, and URL's String method uses RawPath if it is a valid encoding of Path, by calling the EscapedPath method.

type Userinfo

type Userinfo struct {
}

The Userinfo type is an immutable encapsulation of username and password details for a URL. An existing Userinfo value is guaranteed to have a username set (potentially empty, as allowed by RFC 2396), and optionally a password.

type UserinfoResponse added in v0.11.10

type UserinfoResponse struct {

	// End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.
	Birthdate string `json:"birthdate,omitempty"`

	// End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.
	Email string `json:"email,omitempty"`

	// True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.
	EmailVerified bool `json:"email_verified,omitempty"`

	// Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
	FamilyName string `json:"family_name,omitempty"`

	// End-User's gender. Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable.
	Gender string `json:"gender,omitempty"`

	// Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
	GivenName string `json:"given_name,omitempty"`

	// End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
	Locale string `json:"locale,omitempty"`

	// Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
	MiddleName string `json:"middle_name,omitempty"`

	// End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
	Name string `json:"name,omitempty"`

	// Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael.
	Nickname string `json:"nickname,omitempty"`

	// End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
	PhoneNumber string `json:"phone_number,omitempty"`

	// True if the End-User's phone number has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this phone number was controlled by the End-User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. When true, the phone_number Claim MUST be in E.164 format and any extensions MUST be represented in RFC 3966 format.
	PhoneNumberVerified bool `json:"phone_number_verified,omitempty"`

	// URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.
	Picture string `json:"picture,omitempty"`

	// Non-unique shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. This value MAY be any valid JSON string including special characters such as @, /, or whitespace.
	PreferredUsername string `json:"preferred_username,omitempty"`

	// URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User.
	Profile string `json:"profile,omitempty"`

	// Subject - Identifier for the End-User at the IssuerURL.
	Sub string `json:"sub,omitempty"`

	// Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
	UpdatedAt int64 `json:"updated_at,omitempty"`

	// URL of the End-User's Web page or blog. This Web page SHOULD contain information published by the End-User or an organization that the End-User is affiliated with.
	Website string `json:"website,omitempty"`

	// String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
	Zoneinfo string `json:"zoneinfo,omitempty"`
}

The userinfo response

type Version

type Version struct {
	Version string `json:"version,omitempty"`
}

type VersionApi

type VersionApi struct {
	Configuration *Configuration
}

func NewVersionApi

func NewVersionApi() *VersionApi

func NewVersionApiWithBasePath

func NewVersionApiWithBasePath(basePath string) *VersionApi

func (VersionApi) GetVersion

func (a VersionApi) GetVersion() (*Version, *APIResponse, error)

*

  • Get the version of Hydra
  • This endpoint returns the version as `{ \"version\": \"VERSION\" }`. The version is only correct with the prebuilt binary and not custom builds. *
  • @return *Version

type WellKnown

type WellKnown struct {

	// URL of the OP's OAuth 2.0 Authorization Endpoint.
	AuthorizationEndpoint string `json:"authorization_endpoint"`

	// Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support.
	ClaimsParameterSupported bool `json:"claims_parameter_supported,omitempty"`

	// JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply values for. Note that for privacy or other reasons, this might not be an exhaustive list.
	ClaimsSupported []string `json:"claims_supported,omitempty"`

	// JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.
	GrantTypesSupported []string `json:"grant_types_supported,omitempty"`

	// JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT.
	IdTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`

	// URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier. If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.
	Issuer string `json:"issuer"`

	// URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
	JwksUri string `json:"jwks_uri"`

	// URL of the OP's Dynamic Client Registration Endpoint.
	RegistrationEndpoint string `json:"registration_endpoint,omitempty"`

	// Boolean value specifying whether the OP supports use of the request parameter, with true indicating support.
	RequestParameterSupported bool `json:"request_parameter_supported,omitempty"`

	// Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.
	RequestUriParameterSupported bool `json:"request_uri_parameter_supported,omitempty"`

	// Boolean value specifying whether the OP requires any request_uri values used to be pre-registered using the request_uris registration parameter.
	RequireRequestUriRegistration bool `json:"require_request_uri_registration,omitempty"`

	// JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports.
	ResponseModesSupported []string `json:"response_modes_supported,omitempty"`

	// JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values.
	ResponseTypesSupported []string `json:"response_types_supported"`

	// SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used
	ScopesSupported []string `json:"scopes_supported,omitempty"`

	// JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include pairwise and public.
	SubjectTypesSupported []string `json:"subject_types_supported"`

	// URL of the OP's OAuth 2.0 Token Endpoint
	TokenEndpoint string `json:"token_endpoint"`

	// JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported,omitempty"`

	// URL of the OP's UserInfo Endpoint.
	UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`

	// JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
	UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL