Documentation ¶
Index ¶
- Constants
- Variables
- func IsNotFoundError(err error) bool
- func IsUnauthorizedError(err error) bool
- type AccessKeyLoginOptions
- type AccessKeyResponse
- type AssociatedTenant
- type AttributeMapping
- type AuditCreateOptions
- type AuditRecord
- type AuditSearchOptions
- type AuthFactor
- type AuthenticationInfo
- type AuthzModified
- type AuthzNamespace
- type AuthzNode
- type AuthzNodeExpression
- type AuthzNodeExpressionType
- type AuthzNodeType
- type AuthzRelation
- type AuthzRelationDefinition
- type AuthzRelationQuery
- type AuthzSchema
- type AuthzUserQuery
- type BatchUser
- type BatchUserPassword
- type BatchUserPasswordBcrypt
- type BatchUserPasswordDjango
- type BatchUserPasswordFirebase
- type BatchUserPasswordHashed
- type BatchUserPasswordPbkdf2
- type BatchUserPasswordPhpass
- type CloneProjectResponse
- type ContextKey
- type DeliveryMethod
- type EnchantedLinkResponse
- type Error
- type ExportSnapshotResponse
- type Flow
- type FlowMetadata
- type FlowResponse
- type FlowsResponse
- type GenerateSSOConfigurationLinkResponse
- type Group
- type GroupMember
- type GroupsMapping
- type ImportSnapshotRequest
- type InviteOptions
- type JWTResponse
- type LoginOptions
- type NOTPResponse
- type OAuthProvider
- type OIDCApplicationRequest
- type OIDCAttributeMapping
- type PasswordPolicy
- type PasswordSettings
- type PatchUserRequest
- type Permission
- type Project
- type ProjectEnvironment
- type ProviderTokenOptions
- type ProviderTokenResponse
- type Role
- type RoleItem
- type RoleMapping
- type RoleSearchOptions
- type SAMLApplicationRequest
- type SAMLIDPAttributeMappingInfo
- type SAMLIDPGroupsMappingInfo
- type SAMLIDPRoleGroupMappingInfo
- type SSOApplication
- type SSOApplicationOIDCSettings
- type SSOApplicationSAMLSettings
- type SSOApplicationSearchOptions
- type SSOOIDCSettings
- type SSOSAMLSettings
- type SSOSAMLSettingsByMetadata
- type SSOSAMLSettingsResponse
- type SSOSettingsResponse
- type SSOTenantSettingsResponse
- type Screen
- type SignUpOptions
- type SnapshotSecret
- type SnapshotSecrets
- type TOTPResponse
- type Tenant
- type TenantRequest
- type TenantSearchOptions
- type TenantSettings
- type Theme
- type Token
- func (to *Token) AuthFactors() []AuthFactor
- func (to *Token) CustomClaim(value string) interface{}
- func (to *Token) GetTenantValue(tenant, key string) any
- func (to *Token) GetTenants() []string
- func (to *Token) IsMFA() bool
- func (to *Token) IsPermitted(permission string) bool
- func (to *Token) IsPermittedPerTenant(tenant string, permission string) bool
- type UpdateOptions
- type User
- type UserHistoryResponse
- type UserImportFailure
- type UserImportResponse
- type UserMapping
- type UserRequest
- type UserResponse
- type UserSearchOptions
- type UserSearchSort
- type UserStatus
- type UsersBatchResponse
- type UsersFailedResponse
- type ValidateSnapshotRequest
- type ValidateSnapshotResponse
- type WebAuthnFinishRequest
- type WebAuthnTransactionResponse
Constants ¶
const ( MethodWhatsApp DeliveryMethod = "whatsapp" MethodSMS DeliveryMethod = "sms" MethodVoice DeliveryMethod = "voice" MethodEmail DeliveryMethod = "email" MethodEmbedded DeliveryMethod = "Embedded" OAuthFacebook OAuthProvider = "facebook" OAuthGithub OAuthProvider = "github" OAuthGoogle OAuthProvider = "google" OAuthMicrosoft OAuthProvider = "microsoft" OAuthGitlab OAuthProvider = "gitlab" OAuthApple OAuthProvider = "apple" ProjectEnvironmentNone ProjectEnvironment = "" ProjectEnvironmentProduction ProjectEnvironment = "production" SessionCookieName = "DS" RefreshCookieName = "DSR" RedirectLocationCookieName = "Location" ContextUserIDProperty = "DESCOPE_USER_ID" ContextUserIDPropertyKey ContextKey = ContextUserIDProperty ClaimAuthorizedTenants = "tenants" ClaimAuthorizedGlobalPermissions = "permissions" ClaimDescopeCurrentTenant = "dct" EnvironmentVariableProjectID = "DESCOPE_PROJECT_ID" EnvironmentVariablePublicKey = "DESCOPE_PUBLIC_KEY" EnvironmentVariableManagementKey = "DESCOPE_MANAGEMENT_KEY" EnvironmentVariableBaseURL = "DESCOPE_BASE_URL" )
Variables ¶
var ( // server common ErrBadRequest = newServerError("E011001") ErrMissingArguments = newServerError("E011002") ErrValidationFailure = newServerError("E011003") ErrInvalidArguments = newServerError("E011004") // server authentication ErrUserAlreadyExists = newServerError("E062107") ErrInvalidOneTimeCode = newServerError("E061102") ErrPasswordExpired = newServerError("E062909") ErrTokenExpiredByLoggedOut = newServerError("E064001") // server management ErrManagementUserNotFound = newServerError("E112102") // server infra ErrRateLimitExceeded = newServerError("E130429") // client setup ErrMissingProjectID = newClientError("G010001", "Missing project ID") // client service error ErrUnexpectedResponse = newClientError("G020001", "Unexpected server response") ErrInvalidResponse = newClientError("G020002", "Invalid server response") // client functional errors ErrPublicKey = newClientError("G030001", "Missing or invalid public key") ErrInvalidToken = newClientError("G030002", "Invalid token") ErrRefreshToken = newClientError("G030003", "Missing or invalid refresh token") ErrInvalidStepUpJWT = newClientError("G030004", "Refresh token must be provided for stepup actions") )
var ErrorInfoKeys = errorInfoKeys{
HTTPResponseStatusCode: "Status-Code",
RateLimitExceededRetryAfter: "Retry-After",
}
Additional information that might be available in the Error struct's Info map for specific errors
Functions ¶
func IsNotFoundError ¶ added in v0.9.4
func IsUnauthorizedError ¶ added in v0.9.4
Types ¶
type AccessKeyLoginOptions ¶ added in v1.6.3
type AccessKeyLoginOptions struct {
CustomClaims map[string]interface{} `json:"customClaims,omitempty"`
}
type AccessKeyResponse ¶ added in v0.9.4
type AccessKeyResponse struct { ID string `json:"id,omitempty"` Name string `json:"name,omitempty"` RoleNames []string `json:"roleNames,omitempty"` KeyTenants []*AssociatedTenant `json:"keyTenants,omitempty"` Status string `json:"status,omitempty"` CreatedTime int32 `json:"createdTime,omitempty"` ExpireTime int32 `json:"expireTime,omitempty"` CreatedBy string `json:"createdBy,omitempty"` ClientID string `json:"clientId,omitempty"` UserID string `json:"boundUserId,omitempty"` CustomClaims map[string]any `json:"customClaims,omitempty"` Description string `json:"description,omitempty"` PermittedIPs []string `json:"permittedIps,omitempty"` }
type AssociatedTenant ¶ added in v0.9.4
type AssociatedTenant struct { TenantID string `json:"tenantId"` TenantName string `json:"tenantName"` Roles []string `json:"roleNames,omitempty"` }
Represents a tenant association for a User or an Access Key. The tenant ID is required to denote which tenant the user / access key belongs to. Roles is an optional list of roles for the user / access key in this specific tenant.
type AttributeMapping ¶ added in v0.9.4
type AttributeMapping struct { Name string `json:"name,omitempty"` GivenName string `json:"givenName,omitempty"` MiddleName string `json:"middleName,omitempty"` FamilyName string `json:"familyName,omitempty"` Picture string `json:"picture,omitempty"` Email string `json:"email,omitempty"` PhoneNumber string `json:"phoneNumber,omitempty"` Group string `json:"group,omitempty"` CustomAttributes map[string]string `json:"customAttributes,omitempty"` }
Represents a SAML mapping between Descope and IDP user attributes
type AuditCreateOptions ¶ added in v1.6.4
type AuditCreateOptions struct { UserID string `json:"userId,omitempty"` Action string `json:"action,omitempty"` Type string `json:"type,omitempty"` // info/warn/error ActorID string `json:"actorId,omitempty"` Data map[string]interface{} `json:"data,omitempty"` TenantID string `json:"tenantId,omitempty"` }
type AuditRecord ¶ added in v1.5.3
type AuditRecord struct { ProjectID string `json:"projectId,omitempty"` UserID string `json:"userId,omitempty"` Action string `json:"action,omitempty"` Type string `json:"type,omitempty"` ActorID string `json:"actorId,omitempty"` Occurred time.Time `json:"occurred,omitempty"` Device string `json:"device,omitempty"` Method string `json:"method,omitempty"` Geo string `json:"geo,omitempty"` RemoteAddress string `json:"remoteAddress,omitempty"` LoginIDs []string `json:"loginIds,omitempty"` Tenants []string Data map[string]interface{} `json:"data,omitempty"` }
type AuditSearchOptions ¶ added in v1.5.3
type AuditSearchOptions struct { UserIDs []string `json:"userIds,omitempty"` // List of user IDs to filter by Actions []string `json:"actions,omitempty"` // List of actions to filter by ExcludedActions []string `json:"excludedActions"` // List of actions to exclude From time.Time `json:"from,omitempty"` // Retrieve records newer than given time. Limited to no older than 30 days. To time.Time `json:"to,omitempty"` // Retrieve records older than given time. Devices []string `json:"devices,omitempty"` // List of devices to filter by. Current devices supported are "Bot"/"Mobile"/"Desktop"/"Tablet"/"Unknown" Methods []string `json:"methods,omitempty"` // List of methods to filter by. Current auth methods are "otp"/"totp"/"magiclink"/"oauth"/"saml"/"password" Geos []string `json:"geos,omitempty"` // List of geos to filter by. Geo is currently country code like "US", "IL", etc. RemoteAddresses []string `json:"remoteAddresses,omitempty"` // List of remote addresses to filter by LoginIDs []string `json:"loginIds,omitempty"` // List of login IDs to filter by Tenants []string `json:"tenants"` // List of tenants to filter by NoTenants bool `json:"noTenants"` // Should audits without any tenants always be included Text string `json:"text"` // Free text search across all fields }
AuditSearchOptions to filter which audits we should retrieve. All parameters are optional. `From` is currently limited to 30 days
type AuthFactor ¶ added in v0.9.4
type AuthFactor string
const ( AuthFactorUnknown AuthFactor = "" AuthFactorEmail AuthFactor = "email" AuthFactorPhone AuthFactor = "sms" AuthFactorSaml AuthFactor = "fed" AuthFactorOAuth AuthFactor = "oauth" AuthFactorWebauthn AuthFactor = "webauthn" AuthFactorTOTP AuthFactor = "totp" AuthFactorMFA AuthFactor = "mfa" AuthFactorPassword AuthFactor = "pwd" )
type AuthenticationInfo ¶ added in v0.9.4
type AuthenticationInfo struct { SessionToken *Token `json:"token,omitempty"` RefreshToken *Token `json:"refreshToken,omitempty"` User *UserResponse `json:"user,omitempty"` FirstSeen bool `json:"firstSeen,omitempty"` }
func NewAuthenticationInfo ¶ added in v0.9.4
func NewAuthenticationInfo(jRes *JWTResponse, sessionToken, refreshToken *Token) *AuthenticationInfo
type AuthzModified ¶ added in v1.6.1
type AuthzModified struct { Resources []string `json:"resources"` Targets []string `json:"targets"` SchemaChanged bool `json:"schemaChanged"` }
AuthzModified resources and targets since given timestamp
type AuthzNamespace ¶ added in v1.5.7
type AuthzNamespace struct { Name string `json:"name"` RelationDefinitions []*AuthzRelationDefinition `json:"relationDefinitions"` }
AuthzNamespace defines an entity in the authorization schema
type AuthzNode ¶ added in v1.5.7
type AuthzNode struct { NType AuthzNodeType `json:"nType"` Children []*AuthzNode `json:"children,omitempty"` Expression *AuthzNodeExpression `json:"expression,omitempty"` }
AuthzNode holds the definition of a complex relation definition
type AuthzNodeExpression ¶ added in v1.5.7
type AuthzNodeExpression struct { NEType AuthzNodeExpressionType `json:"neType"` RelationDefinition string `json:"relationDefinition,omitempty"` RelationDefinitionNamespace string `json:"relationDefinitionNamespace,omitempty"` TargetRelationDefinition string `json:"targetRelationDefinition,omitempty"` TargetRelationDefinitionNamespace string `json:"targetRelationDefinitionNamespace,omitempty"` }
AuthzNodeExpression holds the definition of a child node
type AuthzNodeExpressionType ¶ added in v1.5.7
type AuthzNodeExpressionType string
const ( AuthzNodeExpressionTypeSelf AuthzNodeExpressionType = "self" AuthzNodeExpressionTypeTargetSet AuthzNodeExpressionType = "targetSet" AuthzNodeExpressionTypeRelationLeft AuthzNodeExpressionType = "relationLeft" AuthzNodeExpressionTypeRelationRight AuthzNodeExpressionType = "relationRight" )
type AuthzNodeType ¶ added in v1.5.7
type AuthzNodeType string
const ( AuthzNodeTypeChild AuthzNodeType = "child" AuthzNodeTypeUnion AuthzNodeType = "union" AuthzNodeTypeIntersect AuthzNodeType = "intersect" AuthzNodeTypeSub AuthzNodeType = "sub" )
type AuthzRelation ¶ added in v1.5.7
type AuthzRelation struct { Resource string `json:"resource"` RelationDefinition string `json:"relationDefinition"` Namespace string `json:"namespace"` Target string `json:"target,omitempty"` TargetSetResource string `json:"targetSetResource,omitempty"` TargetSetRelationDefinition string `json:"targetSetRelationDefinition,omitempty"` TargetSetRelationDefinitionNamespace string `json:"targetSetRelationDefinitionNamespace,omitempty"` Query *AuthzUserQuery `json:"query,omitempty"` }
AuthzRelation defines a relation between resource and target
type AuthzRelationDefinition ¶ added in v1.5.7
type AuthzRelationDefinition struct { Name string `json:"name"` ComplexDefinition *AuthzNode `json:"complexDefinition,omitempty"` }
AuthzRelationDefinition defines a relation within a namespace
type AuthzRelationQuery ¶ added in v1.5.7
type AuthzRelationQuery struct { Resource string `json:"resource"` RelationDefinition string `json:"relationDefinition"` Namespace string `json:"namespace"` Target string `json:"target"` HasRelation bool `json:"hasRelation"` }
AuthzRelationQuery queries the service if a given relation exists
type AuthzSchema ¶ added in v1.5.7
type AuthzSchema struct { Name string `json:"name,omitempty"` Namespaces []*AuthzNamespace `json:"namespaces"` }
AuthzSchema holds the full schema (all namespaces) for a project
type AuthzUserQuery ¶ added in v1.5.7
type AuthzUserQuery struct { Tenants []string `json:"tenants,omitempty"` Roles []string `json:"roles,omitempty"` Text string `json:"text,omitempty"` Statuses []UserStatus `json:"userStatus,omitempty"` SSOOnly bool `json:"ssoOnly"` WithTestUser bool `json:"withTestUser,omitempty"` CustomAttributes map[string]any `json:"customAttributes,omitempty"` }
AuthzUserQuery represents a target of a relation for ABAC (query on users)
type BatchUser ¶ added in v1.5.7
type BatchUser struct { LoginID string `json:"loginId,omitempty"` Password *BatchUserPassword `json:"password,omitempty"` Seed *string `json:"seed,omitempty"` UserRequest `json:",inline"` }
type BatchUserPassword ¶ added in v1.5.7
type BatchUserPassword struct { Cleartext string Hashed *BatchUserPasswordHashed }
Set a cleartext or prehashed password for a new user (only one should be set).
type BatchUserPasswordBcrypt ¶ added in v1.6.1
type BatchUserPasswordBcrypt struct {
Hash string `json:"hash"` // the bcrypt hash in plaintext format, for example "$2a$..."
}
type BatchUserPasswordDjango ¶ added in v1.6.1
type BatchUserPasswordDjango struct {
Hash string `json:"hash"` // the django hash in plaintext format, for example "pbkdf2_sha256$..."
}
type BatchUserPasswordFirebase ¶ added in v1.6.1
type BatchUserPasswordFirebase struct { Hash []byte `json:"hash"` // the hash in raw bytes (base64 strings should be decoded first) Salt []byte `json:"salt"` // the salt in raw bytes (base64 strings should be decoded first) SaltSeparator []byte `json:"saltSeparator"` // the salt separator (usually 1 byte long) SignerKey []byte `json:"signerKey"` // the signer key (base64 strings should be decoded first) Memory int `json:"memory"` // the memory cost value (usually between 12 to 17) Rounds int `json:"rounds"` // the rounds cost value (usually between 6 to 10) }
type BatchUserPasswordHashed ¶ added in v1.5.7
type BatchUserPasswordHashed struct { Bcrypt *BatchUserPasswordBcrypt `json:"bcrypt,omitempty"` Firebase *BatchUserPasswordFirebase `json:"firebase,omitempty"` Pbkdf2 *BatchUserPasswordPbkdf2 `json:"pbkdf2,omitempty"` Django *BatchUserPasswordDjango `json:"django,omitempty"` Phpass *BatchUserPasswordPhpass `json:"phpass,omitempty"` }
Set the kind of prehashed password for a user (only one should be set).
type BatchUserPasswordPbkdf2 ¶ added in v1.6.1
type BatchUserPasswordPbkdf2 struct { Hash []byte `json:"hash"` // the hash in raw bytes (base64 strings should be decoded first) Salt []byte `json:"salt"` // the salt in raw bytes (base64 strings should be decoded first) Iterations int `json:"iterations"` // the iterations cost value (usually in the thousands) Type string `json:"type"` // the hash name (sha1, sha256, sha512) }
type BatchUserPasswordPhpass ¶ added in v1.6.4
type BatchUserPasswordPhpass struct { Hash string `json:"hash"` // the hash as base64 encoded string with . and / characters Salt string `json:"salt"` // the salt as base64 encoded string with . and / characters Iterations int `json:"iterations"` // the iterations cost value (usually in the tens of thousands) Type string `json:"type"` // the hash name (md5, sha512) }
type CloneProjectResponse ¶ added in v1.6.1
type ContextKey ¶ added in v0.9.4
type ContextKey string
type DeliveryMethod ¶ added in v0.9.4
type DeliveryMethod string
type EnchantedLinkResponse ¶ added in v0.9.4
type EnchantedLinkResponse struct { PendingRef string `json:"pendingRef,omitempty"` // Pending referral code used to poll enchanted link authentication status LinkID string `json:"linkId,omitempty"` // Link id, on which link the user should click MaskedEmail string `json:"maskedEmail,omitempty"` // Masked email to which the email was sent }
type Error ¶ added in v0.9.4
type Error struct { Code string `json:"errorCode,omitempty"` Description string `json:"errorDescription,omitempty"` Message string `json:"errorMessage,omitempty"` Info map[string]any `json:"-"` }
func (*Error) IsNotFound ¶ added in v0.9.4
func (*Error) IsUnauthorized ¶ added in v0.9.4
type ExportSnapshotResponse ¶ added in v1.6.3
type Flow ¶ added in v1.1.0
type Flow struct { FlowMetadata DSL any `json:"dsl"` ETag string `json:"etag,omitempty"` }
type FlowMetadata ¶ added in v1.5.3
type FlowResponse ¶ added in v1.1.0
type FlowsResponse ¶ added in v1.5.3
type FlowsResponse struct { Flows []*FlowMetadata `json:"flows"` Total int `json:"total"` }
type GenerateSSOConfigurationLinkResponse ¶ added in v1.6.6
type GenerateSSOConfigurationLinkResponse struct {
AdminSSOConfigurationLink string `json:"adminSSOConfigurationLink,omitempty"`
}
type Group ¶ added in v0.9.4
type Group struct { ID string `json:"id"` Display string `json:"display,omitempty"` Members []GroupMember `json:"members,omitempty"` }
type GroupMember ¶ added in v0.9.4
type GroupsMapping ¶ added in v1.5.0
type ImportSnapshotRequest ¶ added in v1.6.3
type ImportSnapshotRequest struct { // All project settings and configurations represented as JSON files Files map[string]any `json:"files"` // An optional map of project entities and their secrets that will be // injected into the snapshot before import (see below) InputSecrets *SnapshotSecrets `json:"inputSecrets,omitempty"` }
type InviteOptions ¶ added in v1.5.6
type InviteOptions struct { InviteURL string `json:"inviteUrl,omitempty"` SendMail *bool `json:"sendMail,omitempty"` // send invite via mail, default is according to project settings SendSMS *bool `json:"sendSMS,omitempty"` // send invite via text message, default is according to project settings TemplateOptions map[string]string `json:"templateOptions,omitempty"` // for providing messaging template options (templates that are being sent via email / text message) }
type JWTResponse ¶ added in v0.9.4
type JWTResponse struct { SessionJwt string `json:"sessionJwt,omitempty"` RefreshJwt string `json:"refreshJwt,omitempty"` CookieDomain string `json:"cookieDomain,omitempty"` CookiePath string `json:"cookiePath,omitempty"` CookieMaxAge int32 `json:"cookieMaxAge,omitempty"` CookieExpiration int32 `json:"cookieExpiration,omitempty"` User *UserResponse `json:"user,omitempty"` FirstSeen bool `json:"firstSeen,omitempty"` }
type LoginOptions ¶ added in v0.9.4
type LoginOptions struct { Stepup bool `json:"stepup,omitempty"` MFA bool `json:"mfa,omitempty"` CustomClaims map[string]interface{} `json:"customClaims,omitempty"` TemplateOptions map[string]string `json:"templateOptions,omitempty"` // for providing messaging template options (templates that are being sent via email / text message) }
func (*LoginOptions) IsJWTRequired ¶ added in v0.9.4
func (lo *LoginOptions) IsJWTRequired() bool
type NOTPResponse ¶ added in v1.6.5
type OAuthProvider ¶ added in v0.9.4
type OAuthProvider string
type OIDCApplicationRequest ¶ added in v1.6.1
type OIDCAttributeMapping ¶ added in v1.6.1
type OIDCAttributeMapping struct { LoginID string `json:"loginId,omitempty"` Name string `json:"name,omitempty"` GivenName string `json:"givenName,omitempty"` MiddleName string `json:"middleName,omitempty"` FamilyName string `json:"familyName,omitempty"` Email string `json:"email,omitempty"` VerifiedEmail string `json:"verifiedEmail,omitempty"` Username string `json:"username,omitempty"` PhoneNumber string `json:"phoneNumber,omitempty"` VerifiedPhone string `json:"verifiedPhone,omitempty"` Picture string `json:"picture,omitempty"` }
type PasswordPolicy ¶ added in v1.1.0
type PasswordPolicy struct { MinLength int32 `json:"minLength,omitempty"` Lowercase bool `json:"lowercase,omitempty"` Uppercase bool `json:"uppercase,omitempty"` Number bool `json:"number,omitempty"` NonAlphanumeric bool `json:"nonAlphanumeric,omitempty"` }
PasswordPolicy - represents the rules for valid passwords configured in the policy in the Descope console. This can be used to implement client-side validation of new user passwords for a better user experience. Either way, the comprehensive policy is always enforced by Descope on the server side.
type PasswordSettings ¶ added in v1.6.1
type PasswordSettings struct { Enabled bool `json:"enabled,omitempty"` MinLength int32 `json:"minLength,omitempty"` Lowercase bool `json:"lowercase,omitempty"` Uppercase bool `json:"uppercase,omitempty"` Number bool `json:"number,omitempty"` NonAlphanumeric bool `json:"nonAlphanumeric,omitempty"` Expiration bool `json:"expiration,omitempty"` ExpirationWeeks int32 `json:"expirationWeeks,omitempty"` Reuse bool `json:"reuse,omitempty"` ReuseAmount int32 `json:"reuseAmount,omitempty"` Lock bool `json:"lock,omitempty"` LockAttempts int32 `json:"lockAttempts,omitempty"` }
type PatchUserRequest ¶ added in v1.6.5
type PatchUserRequest struct { Name *string `json:"name,omitempty"` GivenName *string `json:"givenName,omitempty"` MiddleName *string `json:"middleName,omitempty"` FamilyName *string `json:"familyName,omitempty"` Phone *string `json:"phone,omitempty"` Email *string `json:"email,omitempty"` Roles *[]string `json:"roles,omitempty"` Tenants *[]*AssociatedTenant `json:"tenants,omitempty"` CustomAttributes map[string]any `json:"customAttributes,omitempty"` Picture *string `json:"picture,omitempty"` VerifiedEmail *bool `json:"verifiedEmail,omitempty"` VerifiedPhone *bool `json:"verifiedPhone,omitempty"` SSOAppIDs *[]string `json:"ssoAppIds,omitempty"` }
type Permission ¶ added in v0.9.4
type ProjectEnvironment ¶ added in v1.6.6
type ProjectEnvironment string
type ProviderTokenOptions ¶ added in v1.6.6
type ProviderTokenResponse ¶ added in v1.5.3
type ProviderTokenResponse struct { Provider string `json:"provider,omitempty"` ProviderUserID string `json:"providerUserID,omitempty"` AccessToken string `json:"accessToken,omitempty"` Expiration uint32 `json:"expiration,omitempty"` Scopes []string `json:"scopes,omitempty"` RefreshToken string `json:"refreshToken,omitempty"` }
type Role ¶ added in v0.9.4
type Role struct { Name string `json:"name"` Description string `json:"description,omitempty"` PermissionNames []string `json:"permissionNames,omitempty"` CreatedTime int32 `json:"createdTime,omitempty"` TenantID string `json:"tenantId,omitempty"` }
func (*Role) GetCreatedTime ¶ added in v1.5.0
type RoleMapping ¶ added in v0.9.4
Represents a mapping between a set of groups of users and a role that will be assigned to them.
type RoleSearchOptions ¶ added in v1.6.3
type SAMLApplicationRequest ¶ added in v1.6.1
type SAMLApplicationRequest struct { ID string `json:"id"` Name string `json:"name"` Description string `json:"description"` Enabled bool `json:"enabled"` Logo string `json:"logo"` LoginPageURL string `json:"loginPageUrl"` UseMetadataInfo bool `json:"useMetadataInfo"` MetadataURL string `json:"metadataUrl"` EntityID string `json:"entityId"` AcsURL string `json:"acsUrl"` Certificate string `json:"certificate"` AttributeMapping []SAMLIDPAttributeMappingInfo `json:"attributeMapping"` GroupsMapping []SAMLIDPGroupsMappingInfo `json:"groupsMapping"` AcsAllowedCallbacks []string `json:"acsAllowedCallbacks"` DefaultRelayState string `json:"defaultRelayState"` SubjectNameIDType string `json:"subjectNameIdType"` SubjectNameIDFormat string `json:"subjectNameIdFormat"` ForceAuthentication bool `json:"forceAuthentication"` LogoutRedirectURL string `json:"logoutRedirectUrl"` }
type SAMLIDPAttributeMappingInfo ¶ added in v1.6.1
type SAMLIDPGroupsMappingInfo ¶ added in v1.6.1
type SAMLIDPGroupsMappingInfo struct { Name string `json:"name"` Type string `json:"type"` FilterType string `json:"filterType"` Value string `json:"value"` Roles []SAMLIDPRoleGroupMappingInfo `json:"roles"` }
type SAMLIDPRoleGroupMappingInfo ¶ added in v1.6.1
type SSOApplication ¶ added in v1.6.1
type SSOApplication struct { ID string `json:"id"` Name string `json:"name"` Description string `json:"description"` Enabled bool `json:"enabled"` Logo string `json:"logo"` AppType string `json:"appType"` SAMLSettings *SSOApplicationSAMLSettings `json:"samlSettings"` OIDCSettings *SSOApplicationOIDCSettings `json:"oidcSettings"` }
type SSOApplicationOIDCSettings ¶ added in v1.6.1
type SSOApplicationSAMLSettings ¶ added in v1.6.1
type SSOApplicationSAMLSettings struct { LoginPageURL string `json:"loginPageUrl"` IdpCert string `json:"idpCert"` UseMetadataInfo bool `json:"useMetadataInfo"` MetadataURL string `json:"metadataUrl"` EntityID string `json:"entityId"` AcsURL string `json:"acsUrl"` Certificate string `json:"certificate"` AttributeMapping []SAMLIDPAttributeMappingInfo `json:"attributeMapping"` GroupsMapping []SAMLIDPGroupsMappingInfo `json:"groupsMapping"` IdpMetadataURL string `json:"idpMetadataUrl"` IdpEntityID string `json:"idpEntityId"` IdpSSOURL string `json:"idpSsoUrl"` AcsAllowedCallbacks []string `json:"acsAllowedCallbacks"` DefaultRelayState string `json:"defaultRelayState"` IdpInitiatedURL string `json:"idpInitiatedUrl"` SubjectNameIDType string `json:"subjectNameIdType"` SubjectNameIDFormat string `json:"subjectNameIdFormat"` ForceAuthentication bool `json:"forceAuthentication"` IdpLogoutURL string `json:"idpLogoutUrl"` LogoutRedirectURL string `json:"logoutRedirectUrl"` }
type SSOApplicationSearchOptions ¶ added in v1.6.1
type SSOOIDCSettings ¶ added in v1.6.1
type SSOOIDCSettings struct { Name string `json:"name,omitempty"` ClientID string `json:"clientId,omitempty"` ClientSecret string `json:"clientSecret,omitempty"` // will be empty on response RedirectURL string `json:"redirectUrl,omitempty"` AuthURL string `json:"authUrl,omitempty"` TokenURL string `json:"tokenUrl,omitempty"` UserDataURL string `json:"userDataUrl,omitempty"` Scope []string `json:"scope,omitempty"` JWKsURL string `json:"JWKsUrl,omitempty"` AttributeMapping *OIDCAttributeMapping `json:"userAttrMapping,omitempty"` ManageProviderTokens bool `json:"manageProviderTokens,omitempty"` CallbackDomain string `json:"callbackDomain,omitempty"` Prompt []string `json:"prompt,omitempty"` GrantType string `json:"grantType,omitempty"` Issuer string `json:"issuer,omitempty"` }
type SSOSAMLSettings ¶ added in v1.6.1
type SSOSAMLSettings struct { IdpURL string `json:"idpUrl,omitempty"` IdpEntityID string `json:"entityId,omitempty"` IdpCert string `json:"idpCert,omitempty"` AttributeMapping *AttributeMapping `json:"attributeMapping,omitempty"` RoleMappings []*RoleMapping `json:"roleMappings,omitempty"` }
type SSOSAMLSettingsByMetadata ¶ added in v1.6.1
type SSOSAMLSettingsByMetadata struct { IdpMetadataURL string `json:"idpMetadataUrl,omitempty"` AttributeMapping *AttributeMapping `json:"attributeMapping,omitempty"` RoleMappings []*RoleMapping `json:"roleMappings,omitempty"` }
type SSOSAMLSettingsResponse ¶ added in v1.6.1
type SSOSAMLSettingsResponse struct { IdpEntityID string `json:"idpEntityId,omitempty"` IdpSSOURL string `json:"idpSSOUrl,omitempty"` IdpCertificate string `json:"idpCertificate,omitempty"` IdpMetadataURL string `json:"idpMetadataUrl,omitempty"` SpEntityID string `json:"spEntityId,omitempty"` SpACSUrl string `json:"spACSUrl,omitempty"` SpCertificate string `json:"spCertificate,omitempty"` AttributeMapping *AttributeMapping `json:"attributeMapping,omitempty"` GroupsMapping []*GroupsMapping `json:"groupsMapping,omitempty"` RedirectURL string `json:"redirectUrl,omitempty"` }
type SSOSettingsResponse ¶ added in v1.5.0
type SSOSettingsResponse struct { TenantID string `json:"tenantId,omitempty"` IdpEntityID string `json:"idpEntityId,omitempty"` IdpSSOURL string `json:"idpSSOUrl,omitempty"` IdpCertificate string `json:"idpCertificate,omitempty"` IdpMetadataURL string `json:"idpMetadataUrl,omitempty"` SpEntityID string `json:"spEntityId,omitempty"` SpACSUrl string `json:"spACSUrl,omitempty"` SpCertificate string `json:"spCertificate,omitempty"` UserMapping *UserMapping `json:"userMapping,omitempty"` GroupsMapping []*GroupsMapping `json:"groupsMapping,omitempty"` RedirectURL string `json:"redirectUrl,omitempty"` Domains []string `json:"domains,omitempty"` // Deprecated - prefer using domains Domain string `json:"domain,omitempty"` }
type SSOTenantSettingsResponse ¶ added in v1.6.1
type SSOTenantSettingsResponse struct { Tenant *Tenant `json:"tenant,omitempty"` Saml *SSOSAMLSettingsResponse `json:"saml,omitempty"` Oidc *SSOOIDCSettings `json:"oidc,omitempty"` }
type SignUpOptions ¶ added in v1.6.1
type SnapshotSecret ¶ added in v1.6.3
type SnapshotSecret struct { // The id of the project entity that requires this secret ID string `json:"id"` // The name of the project entity that requires this secret Name string `json:"name"` // The type of secret, e.g., "bearertoken", "password" Type string `json:"type"` // The cleartext value of the secret. This value must not be empty when used in // request objects when calling ValidateSnapshot and ImportSnapshot. Conversely, // this value is an empty string when returned in ValidateSnapshotResponse to // signify that this is a missing secret. Value string `json:"value,omitempty"` }
type SnapshotSecrets ¶ added in v1.6.3
type SnapshotSecrets struct { // Any missing or input secrets for connectors in a snapshot Connectors []*SnapshotSecret `json:"connectors,omitempty"` // Any missing or input secrets for OAuth providers in a snapshot OAuthProviders []*SnapshotSecret `json:"oauthProviders,omitempty"` }
type TOTPResponse ¶ added in v0.9.4
type TOTPResponse struct { ProvisioningURL string `json:"provisioningURL,omitempty"` Image string `json:"image,omitempty"` Key string `json:"key,omitempty"` }
TOTPResponse - returns all relevant data to complete a TOTP registration One can select which method of registration to use for handshaking with an Authenticator app
type TenantRequest ¶ added in v1.5.7
type TenantSearchOptions ¶ added in v1.5.7
type TenantSettings ¶ added in v1.6.1
type TenantSettings struct { Domains []string `json:"domains,omitempty"` SelfProvisioningDomains []string `json:"selfProvisioningDomains,omitempty"` AuthType string `json:"authType,omitempty"` SessionSettingsEnabled bool `json:"sessionSettingsEnabled,omitempty"` RefreshTokenExpiration int32 `json:"refreshTokenExpiration,omitempty"` RefreshTokenExpirationUnit string `json:"refreshTokenExpirationUnit,omitempty"` SessionTokenExpiration int32 `json:"sessionTokenExpiration,omitempty"` SessionTokenExpirationUnit string `json:"sessionTokenExpirationUnit,omitempty"` StepupTokenExpiration int32 `json:"stepupTokenExpiration,omitempty"` StepupTokenExpirationUnit string `json:"stepupTokenExpirationUnit,omitempty"` EnableInactivity bool `json:"enableInactivity,omitempty"` InactivityTime int32 `json:"inactivityTime,omitempty"` InactivityTimeUnit string `json:"inactivityTimeUnit,omitempty"` JITDisabled bool `json:"JITDisabled,omitempty"` }
type Token ¶ added in v0.9.4
type Token struct { RefreshExpiration int64 `json:"refreshExpiration,omitempty"` Expiration int64 `json:"expiration,omitempty"` JWT string `json:"jwt,omitempty"` ID string `json:"id,omitempty"` ProjectID string `json:"projectId,omitempty"` Claims map[string]interface{} `json:"claims,omitempty"` }
func (*Token) AuthFactors ¶ added in v0.9.4
func (to *Token) AuthFactors() []AuthFactor
func (*Token) CustomClaim ¶ added in v0.9.4
func (*Token) GetTenantValue ¶ added in v0.9.4
func (*Token) GetTenants ¶ added in v0.9.4
func (*Token) IsPermitted ¶ added in v1.5.2
type UpdateOptions ¶ added in v1.5.0
type UpdateOptions struct { AddToLoginIDs bool `json:"addToLoginIDs,omitempty"` OnMergeUseExisting bool `json:"onMergeUseExisting,omitempty"` TemplateOptions map[string]string `json:"templateOptions,omitempty"` // for providing messaging template options (templates that are being sent via email / text message) }
type UserHistoryResponse ¶ added in v1.6.2
type UserImportFailure ¶ added in v1.5.7
type UserImportResponse ¶ added in v1.5.7
type UserImportResponse struct { Users []*UserResponse `json:"users,omitempty"` Failures []*UserImportFailure `json:"failures,omitempty"` }
type UserMapping ¶ added in v1.5.0
type UserRequest ¶ added in v1.5.0
type UserRequest struct { User `json:",inline"` Roles []string `json:"roles,omitempty"` Tenants []*AssociatedTenant `json:"tenants,omitempty"` CustomAttributes map[string]any `json:"customAttributes,omitempty"` Picture string `json:"picture,omitempty"` VerifiedEmail *bool `json:"verifiedEmail,omitempty"` VerifiedPhone *bool `json:"verifiedPhone,omitempty"` AdditionalLoginIDs []string `json:"additionalLoginIds,omitempty"` SSOAppIDs []string `json:"ssoAppIDs,omitempty"` }
type UserResponse ¶ added in v0.9.4
type UserResponse struct { User `json:",inline"` UserID string `json:"userId,omitempty"` LoginIDs []string `json:"loginIds,omitempty"` VerifiedEmail bool `json:"verifiedEmail,omitempty"` VerifiedPhone bool `json:"verifiedPhone,omitempty"` RoleNames []string `json:"roleNames,omitempty"` UserTenants []*AssociatedTenant `json:"userTenants,omitempty"` Status string `json:"status,omitempty"` Picture string `json:"picture,omitempty"` Test bool `json:"test,omitempty"` CustomAttributes map[string]any `json:"customAttributes,omitempty"` CreatedTime int32 `json:"createdTime,omitempty"` TOTP bool `json:"totp,omitempty"` WebAuthn bool `json:"webauthn,omitempty"` Password bool `json:"password,omitempty"` SAML bool `json:"saml,omitempty"` OAuth map[string]bool `json:"oauth,omitempty"` SSOAppIDs []string `json:"ssoAppIds,omitempty"` }
func (*UserResponse) GetCreatedTime ¶ added in v1.5.0
func (ur *UserResponse) GetCreatedTime() time.Time
type UserSearchOptions ¶ added in v1.1.0
type UserSearchOptions struct { Page int32 Limit int32 Sort []UserSearchSort Text string Emails []string Phones []string Statuses []UserStatus Roles []string TenantIDs []string SSOAppIDs []string CustomAttributes map[string]any WithTestUsers bool TestUsersOnly bool LoginIDs []string }
Options for searching and filtering users
Limit - limits the number of returned users. Leave at 0 to return the default amount. Page - allows to paginate over the results. Pages start at 0 and must non-negative. Sort - allows to sort by fields. Text - allows free text search among all user's attributes. TenantIDs - filter by tenant IDs. Roles - filter by role names. CustomAttributes map is an optional filter for custom attributes: where the keys are the attribute names and the values are either a value we are searching for or list of these values in a slice. We currently support string, int and bool values
type UserSearchSort ¶ added in v1.6.1
type UserStatus ¶ added in v1.5.5
type UserStatus string
const ( UserStatusEnabled UserStatus = "enabled" UserStatusDisabled UserStatus = "disabled" UserStatusInvited UserStatus = "invited" )
type UsersBatchResponse ¶ added in v1.5.7
type UsersBatchResponse struct { CreatedUsers []*UserResponse `json:"createdUsers,omitempty"` FailedUsers []*UsersFailedResponse `json:"failedUsers,omitempty"` }
type UsersFailedResponse ¶ added in v1.5.7
type UsersFailedResponse struct { Failure string `json:"failure,omitempty"` User *UserResponse `json:"user,omitempty"` }
type ValidateSnapshotRequest ¶ added in v1.6.3
type ValidateSnapshotRequest struct { // All project settings and configurations represented as JSON files Files map[string]any `json:"files"` // An optional map of project entities and their secrets that will be // injected into the snapshot before validation (see below) InputSecrets *SnapshotSecrets `json:"inputSecrets,omitempty"` }
type ValidateSnapshotResponse ¶ added in v1.6.3
type ValidateSnapshotResponse struct { // Whether the validation passed or not (true if and only if Failures is empty) Ok bool `json:"ok"` // A string representation of any validation failures that were found Failures []string `json:"failures,omitempty"` // An optional object that lists which if any secret values need to be provided in // the request for an ImportSnapshot call so it doesn't fail (see below) MissingSecrets *SnapshotSecrets `json:"missingSecrets,omitempty"` }