api

package
v0.0.0-...-e3e9b0f Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2024 License: MIT Imports: 59 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	DefaultHTTPHookTimeout  = 5 * time.Second
	DefaultHTTPHookRetries  = 3
	HTTPHookBackoffDuration = 2 * time.Second
	PayloadLimit            = 200 * 1024 // 200KB
)
View Source 
const (
	InvalidFactorOwnerErrorMessage = "Factor does not belong to user"
	QRCodeGenerationErrorMessage   = "Error generating QR Code"
)
View Source 
const (
	PKCEPrefix                    = "pkce_"
	MinCodeChallengeLength        = 43
	MaxCodeChallengeLength        = 128
	InvalidPKCEParamsErrorMessage = "PKCE flow requires code_challenge_method and code_challenge"
)
View Source 
const APIVersionHeaderName = "X-Supabase-Api-Version"
View Source 
const DefaultQRSize = 3
View Source 
const InvalidChannelError = "Invalid channel, supported values are 'sms' or 'whatsapp'"
View Source 
const InvalidLoginMessage = "Invalid login credentials"
View Source 
const InvalidNonceMessage = "Nonce has expired or is invalid"
View Source 
const (
	SAMLSubjectIDAttributeName = "urn:oasis:names:tc:SAML:attribute:subject-id"
)

Variables

View Source 
var (
	APIVersionInitial  = time.Time{}
	APIVersion20240101 = time.Date(2024, time.January, 1, 0, 0, 0, 0, time.UTC)
)
View Source 
var (
	DuplicateEmailMsg       = "A user with this email address has already been registered"
	DuplicatePhoneMsg       = "A user with this phone number has already been registered"
	UserExistsError   error = errors.New("user already exists")
)

Common error messages during signup flow

View Source 
var (
	MaxFrequencyLimitError error = errors.New("frequency limit reached")
)

Functions

func FormatAPIVersion 

func FormatAPIVersion(apiVersion APIVersion) string

func HandleResponseError 

func HandleResponseError(err error, w http.ResponseWriter, r *http.Request)

func IsSAMLMetadataStale 

func IsSAMLMetadataStale(idpMetadata *saml.EntityDescriptor, samlProvider models.SAMLProvider) bool

func WaitForCleanup 

func WaitForCleanup(ctx context.Context)

WaitForCleanup waits until all API servers are shut down cleanly or until the provided context signals done, whichever comes first.

Types

type API 

type API struct {
	// contains filtered or unexported fields
}

API is the main REST API

func NewAPI 

func NewAPI(globalConfig *conf.GlobalConfiguration, db *storage.Connection) *API

NewAPI instantiates a new REST API

func NewAPIWithVersion 

func NewAPIWithVersion(ctx context.Context, globalConfig *conf.GlobalConfiguration, db *storage.Connection, version string) *API

NewAPIWithVersion creates a new REST API using the specified version

func (*API) ChallengeFactor 

func (a *API) ChallengeFactor(w http.ResponseWriter, r *http.Request) error

func (*API) ClanCreate 

func (a *API) ClanCreate(w http.ResponseWriter, r *http.Request) error

ClanGet returns a clan

func (*API) ClanGet 

func (a *API) ClanGet(w http.ResponseWriter, r *http.Request) error

ClanGet returns a clan

func (*API) ClanUpdate 

func (a *API) ClanUpdate(w http.ResponseWriter, r *http.Request) error

ClanUpdate updates fields on a clan

func (*API) DeleteIdentity 

func (a *API) DeleteIdentity(w http.ResponseWriter, r *http.Request) error

func (*API) EnrollFactor 

func (a *API) EnrollFactor(w http.ResponseWriter, r *http.Request) error

func (*API) ExternalProviderCallback 

func (a *API) ExternalProviderCallback(w http.ResponseWriter, r *http.Request) error

ExternalProviderCallback handles the callback endpoint in the external oauth provider flow

func (*API) ExternalProviderRedirect 

func (a *API) ExternalProviderRedirect(w http.ResponseWriter, r *http.Request) error

ExternalProviderRedirect redirects the request to the oauth provider

func (*API) GetExternalProviderRedirectURL 

func (a *API) GetExternalProviderRedirectURL(w http.ResponseWriter, r *http.Request, linkingTargetUser *models.User) (string, error)

GetExternalProviderRedirectURL returns the URL to start the oauth flow with the corresponding oauth provider

func (*API) HealthCheck 

func (a *API) HealthCheck(w http.ResponseWriter, r *http.Request) error

HealthCheck endpoint indicates if the gotrue api service is available

func (*API) IdTokenGrant 

func (a *API) IdTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error

IdTokenGrant implements the id_token grant type flow

func (*API) Invite 

func (a *API) Invite(w http.ResponseWriter, r *http.Request) error

Invite is the endpoint for inviting a new user

func (*API) LinkIdentity 

func (a *API) LinkIdentity(w http.ResponseWriter, r *http.Request) error

func (*API) ListenAndServe 

func (a *API) ListenAndServe(ctx context.Context, hostAndPort string)

ListenAndServe starts the REST API

func (*API) Logout 

func (a *API) Logout(w http.ResponseWriter, r *http.Request) error

Logout is the endpoint for logging out a user and thereby revoking any refresh tokens 

func (a *API) MagicLink(w http.ResponseWriter, r *http.Request) error

MagicLink sends a recovery email

func (*API) Mailer 

func (a *API) Mailer() mailer.Mailer

Mailer returns NewMailer with the current tenant config

func (*API) Now 

func (a *API) Now() time.Time

func (*API) OAuthProvider 

func (a *API) OAuthProvider(ctx context.Context, name string) (provider.OAuthProvider, error)

OAuthProvider returns the corresponding oauth provider as an OAuthProvider interface

func (*API) Otp 

func (a *API) Otp(w http.ResponseWriter, r *http.Request) error

Otp returns the MagicLink or SmsOtp handler based on the request body params

func (*API) PKCE 

func (a *API) PKCE(ctx context.Context, w http.ResponseWriter, r *http.Request) error

func (*API) ProfileGet 

func (a *API) ProfileGet(w http.ResponseWriter, r *http.Request) error

ProfileGet returns a profile

func (*API) ProfileUpdate 

func (a *API) ProfileUpdate(w http.ResponseWriter, r *http.Request) error

ProfileUpdate updates fields on a profile

func (*API) Provider 

func (a *API) Provider(ctx context.Context, name string, scopes string) (provider.Provider, error)

Provider returns a Provider interface for the given name.

func (*API) Reauthenticate 

func (a *API) Reauthenticate(w http.ResponseWriter, r *http.Request) error

Reauthenticate sends a reauthentication otp to either the user's email or phone

func (*API) Recover 

func (a *API) Recover(w http.ResponseWriter, r *http.Request) error

Recover sends a recovery email

func (*API) RefreshTokenGrant 

func (a *API) RefreshTokenGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error

RefreshTokenGrant implements the refresh_token grant type flow

func (*API) Resend 

func (a *API) Resend(w http.ResponseWriter, r *http.Request) error

Recover sends a recovery email

func (*API) ResourceOwnerPasswordGrant 

func (a *API) ResourceOwnerPasswordGrant(ctx context.Context, w http.ResponseWriter, r *http.Request) error

ResourceOwnerPasswordGrant implements the password grant type flow

func (*API) SAMLACS 

func (a *API) SAMLACS(w http.ResponseWriter, r *http.Request) error

SAMLACS implements the main Assertion Consumer Service endpoint behavior.

func (*API) SAMLMetadata 

func (a *API) SAMLMetadata(w http.ResponseWriter, r *http.Request) error

SAMLMetadata serves GoTrue's SAML Service Provider metadata file.

func (*API) Settings 

func (a *API) Settings(w http.ResponseWriter, r *http.Request) error

func (*API) Signup 

func (a *API) Signup(w http.ResponseWriter, r *http.Request) error

Signup is the endpoint for registering a new user

func (*API) SignupAnonymously 

func (a *API) SignupAnonymously(w http.ResponseWriter, r *http.Request) error

func (*API) SingleSignOn 

func (a *API) SingleSignOn(w http.ResponseWriter, r *http.Request) error

SingleSignOn handles the single-sign-on flow for a provided SSO domain or provider.

func (*API) SmsOtp 

func (a *API) SmsOtp(w http.ResponseWriter, r *http.Request) error

SmsOtp sends the user an otp via sms

func (*API) Token 

func (a *API) Token(w http.ResponseWriter, r *http.Request) error

Token is the endpoint for OAuth access token requests

func (*API) UnenrollFactor 

func (a *API) UnenrollFactor(w http.ResponseWriter, r *http.Request) error

func (*API) UserGet 

func (a *API) UserGet(w http.ResponseWriter, r *http.Request) error

UserGet returns a user

func (*API) UserUpdate 

func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error

UserUpdate updates fields on a user

func (*API) Verify 

func (a *API) Verify(w http.ResponseWriter, r *http.Request) error

Verify exchanges a confirmation or recovery token to a refresh token

func (*API) VerifyFactor 

func (a *API) VerifyFactor(w http.ResponseWriter, r *http.Request) error

type APIVersion 

type APIVersion = time.Time

func DetermineClosestAPIVersion 

func DetermineClosestAPIVersion(date string) (APIVersion, error)

type AccessTokenClaims 

type AccessTokenClaims struct {
	jwt.StandardClaims
	Email                         string                 `json:"email"`
	Phone                         string                 `json:"phone"`
	AppMetaData                   map[string]interface{} `json:"app_metadata"`
	UserMetaData                  map[string]interface{} `json:"user_metadata"`
	Role                          string                 `json:"role"`
	AuthenticatorAssuranceLevel   string                 `json:"aal,omitempty"`
	AuthenticationMethodReference []models.AMREntry      `json:"amr,omitempty"`
	SessionId                     string                 `json:"session_id,omitempty"`
	IsAnonymous                   bool                   `json:"is_anonymous"`
}

AccessTokenClaims is a struct thats used for JWT claims

type AccessTokenResponse 

type AccessTokenResponse struct {
	Token                string             `json:"access_token"`
	TokenType            string             `json:"token_type"` // Bearer
	ExpiresIn            int                `json:"expires_in"`
	ExpiresAt            int64              `json:"expires_at"`
	RefreshToken         string             `json:"refresh_token"`
	User                 *models.User       `json:"user"`
	ProviderAccessToken  string             `json:"provider_token,omitempty"`
	ProviderRefreshToken string             `json:"provider_refresh_token,omitempty"`
	WeakPassword         *WeakPasswordError `json:"weak_password,omitempty"`
}

AccessTokenResponse represents an OAuth2 success response

func (*AccessTokenResponse) AsRedirectURL 

func (r *AccessTokenResponse) AsRedirectURL(redirectURL string, extraParams url.Values) string

AsRedirectURL encodes the AccessTokenResponse as a redirect URL that includes the access token response data in a URL fragment.

type AdminListUsersResponse 

type AdminListUsersResponse struct {
	Users []*models.User `json:"users"`
	Aud   string         `json:"aud"`
}

type AdminUserParams 

type AdminUserParams struct {
	Aud          string                 `json:"aud"`
	Role         string                 `json:"role"`
	Email        string                 `json:"email"`
	Phone        string                 `json:"phone"`
	Password     *string                `json:"password"`
	EmailConfirm bool                   `json:"email_confirm"`
	PhoneConfirm bool                   `json:"phone_confirm"`
	UserMetaData map[string]interface{} `json:"user_metadata"`
	AppMetaData  map[string]interface{} `json:"app_metadata"`
	BanDuration  string                 `json:"ban_duration"`
}

type AuthMicroserviceClaims 

type AuthMicroserviceClaims struct {
	jwt.StandardClaims
	SiteURL       string        `json:"site_url"`
	InstanceID    string        `json:"id"`
	FunctionHooks FunctionHooks `json:"function_hooks"`
}

type ChallengeFactorResponse 

type ChallengeFactorResponse struct {
	ID        uuid.UUID `json:"id"`
	ExpiresAt int64     `json:"expires_at"`
}

type ClanCreateParams 

type ClanCreateParams struct {
	Name        *string    `json:"name"`
	DisplayName *string    `json:"display_name"`
	Slug        *string    `json:"slug"`
	Email       *string    `json:"email"`
	ClanTypeID  *uuid.UUID `json:"clan_type_id"`
}

UserUpdateParams parameters for updating a user

type CreateSSOProviderParams 

type CreateSSOProviderParams struct {
	Type string `json:"type"`

	MetadataURL      string                      `json:"metadata_url"`
	MetadataXML      string                      `json:"metadata_xml"`
	Domains          []string                    `json:"domains"`
	AttributeMapping models.SAMLAttributeMapping `json:"attribute_mapping"`
	NameIDFormat     string                      `json:"name_id_format"`
}

type EnrollFactorParams 

type EnrollFactorParams struct {
	FriendlyName string `json:"friendly_name"`
	FactorType   string `json:"factor_type"`
	Issuer       string `json:"issuer"`
}

type EnrollFactorResponse 

type EnrollFactorResponse struct {
	ID           uuid.UUID  `json:"id"`
	Type         string     `json:"type"`
	FriendlyName string     `json:"friendly_name"`
	TOTP         TOTPObject `json:"totp,omitempty"`
}

type ErrorCause 

type ErrorCause interface {
	Cause() error
}

ErrorCause is an error interface that contains the method Cause() for returning root cause errors

type ErrorCode 

type ErrorCode = string
const (
	// ErrorCodeUnknown should not be used directly, it only indicates a failure in the error handling system in such a way that an error code was not assigned properly.
	ErrorCodeUnknown ErrorCode = "unknown"

	// ErrorCodeUnexpectedFailure signals an unexpected failure such as a 500 Internal Server Error.
	ErrorCodeUnexpectedFailure ErrorCode = "unexpected_failure"

	ErrorCodeValidationFailed                  ErrorCode = "validation_failed"
	ErrorCodeBadJSON                           ErrorCode = "bad_json"
	ErrorCodeEmailExists                       ErrorCode = "email_exists"
	ErrorCodePhoneExists                       ErrorCode = "phone_exists"
	ErrorCodeBadJWT                            ErrorCode = "bad_jwt"
	ErrorCodeNotAdmin                          ErrorCode = "not_admin"
	ErrorCodeNoAuthorization                   ErrorCode = "no_authorization"
	ErrorCodeUserNotFound                      ErrorCode = "user_not_found"
	ErrorCodeProfileNotFound                   ErrorCode = "profile_not_found"
	ErrorCodeSessionNotFound                   ErrorCode = "session_not_found"
	ErrorCodeFlowStateNotFound                 ErrorCode = "flow_state_not_found"
	ErrorCodeFlowStateExpired                  ErrorCode = "flow_state_expired"
	ErrorCodeSignupDisabled                    ErrorCode = "signup_disabled"
	ErrorCodeUserBanned                        ErrorCode = "user_banned"
	ErrorCodeProviderEmailNeedsVerification    ErrorCode = "provider_email_needs_verification"
	ErrorCodeInviteNotFound                    ErrorCode = "invite_not_found"
	ErrorCodeBadOAuthState                     ErrorCode = "bad_oauth_state"
	ErrorCodeBadOAuthCallback                  ErrorCode = "bad_oauth_callback"
	ErrorCodeOAuthProviderNotSupported         ErrorCode = "oauth_provider_not_supported"
	ErrorCodeUnexpectedAudience                ErrorCode = "unexpected_audience"
	ErrorCodeSingleIdentityNotDeletable        ErrorCode = "single_identity_not_deletable"
	ErrorCodeEmailConflictIdentityNotDeletable ErrorCode = "email_conflict_identity_not_deletable"
	ErrorCodeIdentityAlreadyExists             ErrorCode = "identity_already_exists"
	ErrorCodeEmailProviderDisabled             ErrorCode = "email_provider_disabled"
	ErrorCodePhoneProviderDisabled             ErrorCode = "phone_provider_disabled"
	ErrorCodeTooManyEnrolledMFAFactors         ErrorCode = "too_many_enrolled_mfa_factors"
	ErrorCodeMFAFactorNameConflict             ErrorCode = "mfa_factor_name_conflict"
	ErrorCodeMFAFactorNotFound                 ErrorCode = "mfa_factor_not_found"
	ErrorCodeMFAIPAddressMismatch              ErrorCode = "mfa_ip_address_mismatch"
	ErrorCodeMFAChallengeExpired               ErrorCode = "mfa_challenge_expired"
	ErrorCodeMFAVerificationFailed             ErrorCode = "mfa_verification_failed"
	ErrorCodeMFAVerificationRejected           ErrorCode = "mfa_verification_rejected"
	ErrorCodeInsufficientAAL                   ErrorCode = "insufficient_aal"
	ErrorCodeCaptchaFailed                     ErrorCode = "captcha_failed"
	ErrorCodeSAMLProviderDisabled              ErrorCode = "saml_provider_disabled"
	ErrorCodeManualLinkingDisabled             ErrorCode = "manual_linking_disabled"
	ErrorCodeSMSSendFailed                     ErrorCode = "sms_send_failed"
	ErrorCodeEmailNotConfirmed                 ErrorCode = "email_not_confirmed"
	ErrorCodePhoneNotConfirmed                 ErrorCode = "phone_not_confirmed"
	ErrorCodeReauthNonceMissing                ErrorCode = "reauth_nonce_missing"
	ErrorCodeSAMLRelayStateNotFound            ErrorCode = "saml_relay_state_not_found"
	ErrorCodeSAMLRelayStateExpired             ErrorCode = "saml_relay_state_expired"
	ErrorCodeSAMLIdPNotFound                   ErrorCode = "saml_idp_not_found"
	ErrorCodeSAMLAssertionNoUserID             ErrorCode = "saml_assertion_no_user_id"
	ErrorCodeSAMLAssertionNoEmail              ErrorCode = "saml_assertion_no_email"
	ErrorCodeUserAlreadyExists                 ErrorCode = "user_already_exists"
	ErrorCodeSSOProviderNotFound               ErrorCode = "sso_provider_not_found"
	ErrorCodeSAMLMetadataFetchFailed           ErrorCode = "saml_metadata_fetch_failed"
	ErrorCodeSAMLIdPAlreadyExists              ErrorCode = "saml_idp_already_exists"
	ErrorCodeSSODomainAlreadyExists            ErrorCode = "sso_domain_already_exists"
	ErrorCodeSAMLEntityIDMismatch              ErrorCode = "saml_entity_id_mismatch"
	ErrorCodeConflict                          ErrorCode = "conflict"
	ErrorCodeProviderDisabled                  ErrorCode = "provider_disabled"
	ErrorCodeUserSSOManaged                    ErrorCode = "user_sso_managed"
	ErrorCodeReauthenticationNeeded            ErrorCode = "reauthentication_needed"
	ErrorCodeSamePassword                      ErrorCode = "same_password"
	ErrorCodeReauthenticationNotValid          ErrorCode = "reauthentication_not_valid"
	ErrorCodeOTPExpired                        ErrorCode = "otp_expired"
	ErrorCodeOTPDisabled                       ErrorCode = "otp_disabled"
	ErrorCodeIdentityNotFound                  ErrorCode = "identity_not_found"
	ErrorCodeWeakPassword                      ErrorCode = "weak_password"
	ErrorCodeOverRequestRateLimit              ErrorCode = "over_request_rate_limit"
	ErrorCodeOverEmailSendRateLimit            ErrorCode = "over_email_send_rate_limit"
	ErrorCodeOverSMSSendRateLimit              ErrorCode = "over_sms_send_rate_limit"
	ErrorBadCodeVerifier                       ErrorCode = "bad_code_verifier"
	ErrorCodeAnonymousProviderDisabled         ErrorCode = "anonymous_provider_disabled"
	ErrorCodeHookTimeout                       ErrorCode = "hook_timeout"
	ErrorCodeHookTimeoutAfterRetry             ErrorCode = "hook_timeout_after_retry"
	ErrorCodeHookPayloadOverSizeLimit          ErrorCode = "hook_payload_over_size_limit"
	ErrorCodeHookPayloadUnknownSize            ErrorCode = "hook_payload_unknown_size"
)

type ExternalProviderClaims 

type ExternalProviderClaims struct {
	AuthMicroserviceClaims
	Provider        string `json:"provider"`
	InviteToken     string `json:"invite_token,omitempty"`
	Referrer        string `json:"referrer,omitempty"`
	FlowStateID     string `json:"flow_state_id"`
	LinkingTargetID string `json:"linking_target_id,omitempty"`
}

ExternalProviderClaims are the JWT claims sent as the state in the external oauth provider signup flow

type FunctionHooks 

type FunctionHooks map[string][]string

func (*FunctionHooks) UnmarshalJSON 

func (f *FunctionHooks) UnmarshalJSON(b []byte) error

type GenerateLinkParams 

type GenerateLinkParams struct {
	Type       string                 `json:"type"`
	Email      string                 `json:"email"`
	NewEmail   string                 `json:"new_email"`
	Password   string                 `json:"password"`
	Data       map[string]interface{} `json:"data"`
	RedirectTo string                 `json:"redirect_to"`
}

type GenerateLinkResponse 

type GenerateLinkResponse struct {
	models.User
	ActionLink       string `json:"action_link"`
	EmailOtp         string `json:"email_otp"`
	HashedToken      string `json:"hashed_token"`
	VerificationType string `json:"verification_type"`
	RedirectTo       string `json:"redirect_to"`
}

type HTTPError 

type HTTPError struct {
	HTTPStatus      int    `json:"code"`                 // do not rename the JSON tags!
	ErrorCode       string `json:"error_code,omitempty"` // do not rename the JSON tags!
	Message         string `json:"msg"`                  // do not rename the JSON tags!
	InternalError   error  `json:"-"`
	InternalMessage string `json:"-"`
	ErrorID         string `json:"error_id,omitempty"`
}

HTTPError is an error with a message and an HTTP status code.

func (*HTTPError) Cause 

func (e *HTTPError) Cause() error

Cause returns the root cause error

func (*HTTPError) Error 

func (e *HTTPError) Error() string

func (*HTTPError) Is 

func (e *HTTPError) Is(target error) bool

func (*HTTPError) WithInternalError 

func (e *HTTPError) WithInternalError(err error) *HTTPError

WithInternalError adds internal error information to the error

func (*HTTPError) WithInternalMessage 

func (e *HTTPError) WithInternalMessage(fmtString string, args ...interface{}) *HTTPError

WithInternalMessage adds internal message information to the error

type HTTPErrorResponse20240101 

type HTTPErrorResponse20240101 struct {
	Code    ErrorCode `json:"code"`
	Message string    `json:"message"`
}

type HealthCheckResponse 

type HealthCheckResponse struct {
	Version     string `json:"version"`
	Name        string `json:"name"`
	Description string `json:"description"`
}

type IdTokenGrantParams 

type IdTokenGrantParams struct {
	IdToken     string `json:"id_token"`
	AccessToken string `json:"access_token"`
	Nonce       string `json:"nonce"`
	Provider    string `json:"provider"`
	ClientID    string `json:"client_id"`
	Issuer      string `json:"issuer"`
}

IdTokenGrantParams are the parameters the IdTokenGrant method accepts

type InviteParams 

type InviteParams struct {
	Email string                 `json:"email"`
	Data  map[string]interface{} `json:"data"`
}

InviteParams are the parameters the Signup endpoint accepts

type LogoutBehavior 

type LogoutBehavior string
const (
	LogoutGlobal LogoutBehavior = "global"
	LogoutLocal  LogoutBehavior = "local"
	LogoutOthers LogoutBehavior = "others"
)

type MagicLinkParams 

type MagicLinkParams struct {
	Email               string                 `json:"email"`
	Data                map[string]interface{} `json:"data"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

MagicLinkParams holds the parameters for a magic link request

func (*MagicLinkParams) Validate 

func (p *MagicLinkParams) Validate() error

type OAuthError 

type OAuthError struct {
	Err             string `json:"error"`
	Description     string `json:"error_description,omitempty"`
	InternalError   error  `json:"-"`
	InternalMessage string `json:"-"`
}

OAuthError is the JSON handler for OAuth2 error responses

func (*OAuthError) Cause 

func (e *OAuthError) Cause() error

Cause returns the root cause error

func (*OAuthError) Error 

func (e *OAuthError) Error() string

func (*OAuthError) WithInternalError 

func (e *OAuthError) WithInternalError(err error) *OAuthError

WithInternalError adds internal error information to the error

func (*OAuthError) WithInternalMessage 

func (e *OAuthError) WithInternalMessage(fmtString string, args ...interface{}) *OAuthError

WithInternalMessage adds internal message information to the error

type OAuthProviderData 

type OAuthProviderData struct {
	// contains filtered or unexported fields
}

OAuthProviderData contains the userData and token returned by the oauth provider

type OtpParams 

type OtpParams struct {
	Email               string                 `json:"email"`
	Phone               string                 `json:"phone"`
	CreateUser          bool                   `json:"create_user"`
	Data                map[string]interface{} `json:"data"`
	Channel             string                 `json:"channel"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

OtpParams contains the request body params for the otp endpoint

func (*OtpParams) Validate 

func (p *OtpParams) Validate() error

type PKCEGrantParams 

type PKCEGrantParams struct {
	AuthCode     string `json:"auth_code"`
	CodeVerifier string `json:"code_verifier"`
}

PKCEGrantParams are the parameters the PKCEGrant method accepts

type PasswordGrantParams 

type PasswordGrantParams struct {
	Email    string `json:"email"`
	Phone    string `json:"phone"`
	Password string `json:"password"`
}

PasswordGrantParams are the parameters the ResourceOwnerPasswordGrant method accepts

type ProfileUpdateParams 

type ProfileUpdateParams struct {
	FirstName           *string        `json:"first_name"`
	LastName            *string        `json:"last_name"`
	Username            *string        `json:"username"`
	Bio                 *string        `json:"bio"`
	BirthDate           *calendar.Date `json:"birth_date"`
	Channel             string         `json:"channel"`
	CodeChallenge       string         `json:"code_challenge"`
	CodeChallengeMethod string         `json:"code_challenge_method"`
}

UserUpdateParams parameters for updating a user

type ProviderSettings 

type ProviderSettings struct {
	AnonymousUsers bool `json:"anonymous_users"`
	Apple          bool `json:"apple"`
	Azure          bool `json:"azure"`
	Bitbucket      bool `json:"bitbucket"`
	Discord        bool `json:"discord"`
	Facebook       bool `json:"facebook"`
	Figma          bool `json:"figma"`
	Fly            bool `json:"fly"`
	GitHub         bool `json:"github"`
	GitLab         bool `json:"gitlab"`
	Google         bool `json:"google"`
	Keycloak       bool `json:"keycloak"`
	Kakao          bool `json:"kakao"`
	Linkedin       bool `json:"linkedin"`
	LinkedinOIDC   bool `json:"linkedin_oidc"`
	Notion         bool `json:"notion"`
	Spotify        bool `json:"spotify"`
	Slack          bool `json:"slack"`
	WorkOS         bool `json:"workos"`
	Twitch         bool `json:"twitch"`
	Twitter        bool `json:"twitter"`
	Email          bool `json:"email"`
	Phone          bool `json:"phone"`
	Zoom           bool `json:"zoom"`
}

type RecoverParams 

type RecoverParams struct {
	Email               string `json:"email"`
	CodeChallenge       string `json:"code_challenge"`
	CodeChallengeMethod string `json:"code_challenge_method"`
}

RecoverParams holds the parameters for a password recovery request

func (*RecoverParams) Validate 

func (p *RecoverParams) Validate() error

type RefreshTokenGrantParams 

type RefreshTokenGrantParams struct {
	RefreshToken string `json:"refresh_token"`
}

RefreshTokenGrantParams are the parameters the RefreshTokenGrant method accepts

type RequestParams 

type RequestParams interface {
	AdminUserParams |
		CreateSSOProviderParams |
		EnrollFactorParams |
		GenerateLinkParams |
		IdTokenGrantParams |
		InviteParams |
		OtpParams |
		PKCEGrantParams |
		PasswordGrantParams |
		RecoverParams |
		RefreshTokenGrantParams |
		ResendConfirmationParams |
		SignupParams |
		SingleSignOnParams |
		SmsParams |
		UserUpdateParams |
		VerifyFactorParams |
		VerifyParams |
		adminUserUpdateFactorParams |
		ProfileUpdateParams |
		ClanCreateParams |
		struct {
			Email string `json:"email"`
			Phone string `json:"phone"`
		}
}

type ResendConfirmationParams 

type ResendConfirmationParams struct {
	Type  string `json:"type"`
	Email string `json:"email"`
	Phone string `json:"phone"`
}

ResendConfirmationParams holds the parameters for a resend request

func (*ResendConfirmationParams) Validate 

func (p *ResendConfirmationParams) Validate(config *conf.GlobalConfiguration) error

type SAMLAssertion 

type SAMLAssertion struct {
	*saml.Assertion
}

func (*SAMLAssertion) Attribute 

func (a *SAMLAssertion) Attribute(name string) []saml.AttributeValue

Attribute returns the first matching attribute value in the attribute statements where name equals the official SAML attribute Name or FriendlyName. Returns nil if such an attribute can't be found.

func (*SAMLAssertion) Email 

func (a *SAMLAssertion) Email() string

Email returns the best guess for an email address.

func (*SAMLAssertion) NotAfter 

func (a *SAMLAssertion) NotAfter() time.Time

NotAfter extracts the time at which or after this assertion should not be considered.

func (*SAMLAssertion) NotBefore 

func (a *SAMLAssertion) NotBefore() time.Time

NotBefore extracts the time before which this assertion should not be considered.

func (*SAMLAssertion) Process 

func (a *SAMLAssertion) Process(mapping models.SAMLAttributeMapping) map[string]interface{}

Process processes this assertion according to the SAMLAttributeMapping. Never returns nil.

func (*SAMLAssertion) SubjectID 

func (a *SAMLAssertion) SubjectID() (string, bool)

SubjectID returns the user identifier in present in the Subject section of the SAML assertion. Note that this way of identifying the Subject is generally superseded by the SAMLSubjectIDAttributeName assertion attribute; tho must be present in all assertions. It can have a few formats, of which the most important are: saml.EmailAddressNameIDFormat (meaning the user ID is an email address), saml.PersistentNameIDFormat (the user ID is an opaque string that does not change with each assertion, e.g. UUID), saml.TransientNameIDFormat (the user ID changes with each assertion -- can't be used to identify a user). The boolean returned identifies if the user ID is persistent. If it's an email address, it's lowercased just in case.

func (*SAMLAssertion) UserID 

func (a *SAMLAssertion) UserID() string

UserID returns the best choice for a persistent user identifier on the Identity Provider side. Don't assume the format of the string returned, as it's Identity Provider specific.

type Settings 

type Settings struct {
	ExternalProviders ProviderSettings `json:"external"`
	DisableSignup     bool             `json:"disable_signup"`
	MailerAutoconfirm bool             `json:"mailer_autoconfirm"`
	PhoneAutoconfirm  bool             `json:"phone_autoconfirm"`
	SmsProvider       string           `json:"sms_provider"`
	MFAEnabled        bool             `json:"mfa_enabled"`
	SAMLEnabled       bool             `json:"saml_enabled"`
}

type SignupParams 

type SignupParams struct {
	Email               string                 `json:"email"`
	Phone               string                 `json:"phone"`
	Password            string                 `json:"password"`
	Data                map[string]interface{} `json:"data"`
	Provider            string                 `json:"-"`
	Aud                 string                 `json:"-"`
	Channel             string                 `json:"channel"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

SignupParams are the parameters the Signup endpoint accepts

func (*SignupParams) ConfigureDefaults 

func (p *SignupParams) ConfigureDefaults()

func (*SignupParams) ToUserModel 

func (params *SignupParams) ToUserModel(isSSOUser bool) (user *models.User, err error)

type SingleSignOnParams 

type SingleSignOnParams struct {
	ProviderID          uuid.UUID `json:"provider_id"`
	Domain              string    `json:"domain"`
	RedirectTo          string    `json:"redirect_to"`
	SkipHTTPRedirect    *bool     `json:"skip_http_redirect"`
	CodeChallenge       string    `json:"code_challenge"`
	CodeChallengeMethod string    `json:"code_challenge_method"`
}

type SingleSignOnResponse 

type SingleSignOnResponse struct {
	URL string `json:"url"`
}

type SmsOtpResponse 

type SmsOtpResponse struct {
	MessageID string `json:"message_id,omitempty"`
}

type SmsParams 

type SmsParams struct {
	Phone               string                 `json:"phone"`
	Channel             string                 `json:"channel"`
	Data                map[string]interface{} `json:"data"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
	CodeChallenge       string                 `json:"code_challenge"`
}

SmsParams contains the request body params for sms otp

func (*SmsParams) Validate 

func (p *SmsParams) Validate(smsProvider string) error

type TOTPObject 

type TOTPObject struct {
	QRCode string `json:"qr_code"`
	Secret string `json:"secret"`
	URI    string `json:"uri"`
}

type UnenrollFactorResponse 

type UnenrollFactorResponse struct {
	ID uuid.UUID `json:"id"`
}

type UserUpdateParams 

type UserUpdateParams struct {
	Email               string                 `json:"email"`
	Password            *string                `json:"password"`
	Nonce               string                 `json:"nonce"`
	Data                map[string]interface{} `json:"data"`
	AppData             map[string]interface{} `json:"app_metadata,omitempty"`
	Phone               string                 `json:"phone"`
	Channel             string                 `json:"channel"`
	CodeChallenge       string                 `json:"code_challenge"`
	CodeChallengeMethod string                 `json:"code_challenge_method"`
}

UserUpdateParams parameters for updating a user

type VerifyFactorParams 

type VerifyFactorParams struct {
	ChallengeID uuid.UUID `json:"challenge_id"`
	Code        string    `json:"code"`
}

type VerifyParams 

type VerifyParams struct {
	Type       string `json:"type"`
	Token      string `json:"token"`
	TokenHash  string `json:"token_hash"`
	Email      string `json:"email"`
	Phone      string `json:"phone"`
	RedirectTo string `json:"redirect_to"`
}

VerifyParams are the parameters the Verify endpoint accepts

func (*VerifyParams) Validate 

func (p *VerifyParams) Validate(r *http.Request) error

type WeakPasswordError 

type WeakPasswordError struct {
	Message string   `json:"message,omitempty"`
	Reasons []string `json:"reasons,omitempty"`
}

WeakPasswordError encodes an error that a password does not meet strength requirements. It is handled specially in errors.go as it gets transformed to a HTTPError with a special weak_password field that encodes the Reasons slice.

func (*WeakPasswordError) Error 

func (e *WeakPasswordError) Error() string

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.