api

package
v1.3.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 13, 2026 License: MIT Imports: 16 Imported by: 0

README

pkg/api — IAM API implementation

Hand-written, importable. This is our code: the handler implementation that satisfies the generated server interface and the public façade callers import.

  • Handler — the server interface (re-exported from internal/oas), so importers depend only on pkg/api, never on internal packages.
  • Service — implements Handler; methods added as the runtime stack is wired.

The generated ogen code (wire types, client, server scaffolding, validators, fakers) is module-private under ../../internal/oas and regenerated with make generate-go. Do not edit generated code; put logic here.

Errors & validation

Two layers, both rendering the shared ErrorEnvelope ({ error: { code, message } }):

  • Handler errors → Service.NewError (ogen convenient errors). Every operation shares one default error response, so ogen generates NewError(ctx, err) *oas.DefaultStatusCode. Handlers just return …, err; NewError maps a domain.Error (stable code + HTTP status, see internal/domain/errors.go) into the envelope; anything else becomes 500 internal_error.
  • Generated-server errors → ErrorHandler. ogen runs code-generated schema validation on decode (the spec's minLength/maxLength/pattern/ format/required/enum constraints). Validation, parameter/body decode and security failures are raised before the handler, so they bypass NewError; response validation/encoding failures happen after the handler and also route through this hook. Wire oas.WithErrorHandler(api.ErrorHandler) to render them into the same envelope (validation_failed / unauthorized / internal_error with details.stage=response_encode).

Add constraints to the OpenAPI schemas to get more validation for free — no handler code.

Authentication (security layer)

ogen calls a SecurityHandler to authenticate before the handler runs. api.NewSecurityHandler(auth) adapts an Authenticator port (one method per scheme: User/Admin/Master/Service/SCIM/Client/OAuth2) — the adapter verifies the credential and returns a *domain.Principal, which the handler stores in the request context. Authenticated handlers read it via requirePrincipal(ctx) (→ domain.ErrUnauthorized if absent) instead of re-parsing tokens. A failed Authenticator call surfaces as a 401 through the ErrorHandler.

Wire it all together:

srv, _ := oas.NewServer(
    api.New(api.WithCoreAuth(coreAuth), /* … */),
    api.NewSecurityHandler(auth),
    oas.WithErrorHandler(api.ErrorHandler),
)

Dependencies & transaction boundary

Each XxxService is pure orchestration: it holds aggregate-port interfaces in an XxxDeps (constructed via NewXxxService(deps)) and nothing else. A service method maps oas → domain, calls one or more aggregate-port methods, maps domain → oas. Services never open a transaction.

  • Ports are consumer-defined, next to the service (coreAuthAccounts, federationConnections, …) — each declares only the slice of an aggregate it uses (interface segregation).
  • The aggregate is the transaction boundary. Each port method is one atomic business operation; the persistence adapter (internal/infrastructure/postgres) opens the pgtx transaction inside the method. So a custom implementation injected via WithCoreAuth(...) owns its own persistence and never inherits pgtx from the service contract.
  • Domain types live in ../../internal/domain; oas types stay at the wire edge.
  • Cross-aggregate consistency (events/outbox) is out of scope here — one call mutates one aggregate.

Documentation

Overview

Package api is the IAM API implementation: the hand-written code that consumers import. It satisfies the server interface generated by ogen (module-private under internal/oas) and re-exports the public surface so callers never import internal packages.

The implementation is split per feature module: one XxxService per oas.<Group>Handler (core_auth.go, federation.go, admin.go, …). Each embeds oas.UnimplementedHandler — so any operation it does not override returns not-implemented — and panics on every v1.0.0 operation until written.

Service composes the twelve groups into one oas.Handler. Callers inject their own group implementations via options; any group left out defaults to the scaffolded XxxService.

Index

Constants

View Source 
const DeviceFingerprintHeader = "X-Device-Fingerprint"

DeviceFingerprintHeader is an optional client-supplied stable device id; when present it is bound to the session for self-managed-session UIs.

View Source 
const EnvironmentHeader = "X-Environment"

EnvironmentHeader is the request header that selects the project environment (live / staging / …) a token is minted in. It mirrors the X-Environment OpenAPI parameter; the middleware lifts it into the request context so the persistence layer can pick the right signing keys without threading it through every port.

View Source 
const FlowCookieName = "iam_flow"

FlowCookieName carries the resumable-auth flow_token in cookie mode so the token is never exposed to JS (GET /v1/auth/flows/current reads it). Scoped to the flows path so it is only presented to flow endpoints.

View Source 
const RefreshCookieName = "iam_refresh"

RefreshCookieName carries the refresh token in cookie mode so a cookie session can be refreshed past the access token's TTL (see PostV1AuthTokenRefresh).

View Source 
const SessionCookieName = "iam_session"

SessionCookieName is the cookie that carries a cookie-mode browser session. Cookie-minting flows MUST use this name; the CSRF middleware keys off its presence to decide whether a request is cookie-authenticated.

Variables

This section is empty.

Functions

func CORSMiddleware 

func CORSMiddleware(allowedOrigins []string, source OriginSource, ttl time.Duration) func(http.Handler) http.Handler

CORSMiddleware applies the configured browser cross-origin policy to runtime endpoints and handles preflight requests before they reach the generated router. An origin is reflected with credentials when it is in the static allow-list OR the dynamic per-client union (source). Wildcard ("*") in the static list means "allow any origin WITHOUT credentials" (no Access-Control-Allow-Credentials), preventing credential theft.

func CSRFMiddleware 

func CSRFMiddleware(v csrfVerifier) func(http.Handler) http.Handler

CSRFMiddleware enforces CSRF protection on cookie-mode requests using the synchronizer-token pattern. A request is challenged only when it is BOTH a state-changing method AND cookie-authenticated:

  • safe methods (GET/HEAD/OPTIONS/TRACE) always pass — they must not mutate;
  • requests carrying an Authorization header pass — bearer/API-key/Basic callers are immune to CSRF (the credential is not ambiently attached);
  • requests without the session cookie pass — they are not cookie-mode.

A challenged request must present a valid X-CSRF-Token (issued via /v1/csrf) together with the X-Client-ID it was bound to; otherwise it is rejected with 403 invalid_csrf in the standard ErrorEnvelope.

func CookieAuthMiddleware 

func CookieAuthMiddleware(next http.Handler) http.Handler

CookieAuthMiddleware lets cookie-mode browser clients authenticate without an Authorization header: when a request has no Authorization header but carries the session cookie (api.SessionCookieName), the cookie value is promoted to a `Bearer` Authorization header so the generated bearerAuth security handler validates it transparently.

It MUST run INSIDE CSRFMiddleware (which keys off the cookie + the *absence* of an Authorization header): CSRF evaluates the original request first, then this middleware adds the header for the auth layer.

func EnvironmentFromContext 

func EnvironmentFromContext(ctx context.Context) string

EnvironmentFromContext returns the requested environment, or "" when unset (callers fall back to their default environment).

func EnvironmentMiddleware 

func EnvironmentMiddleware(next http.Handler) http.Handler

EnvironmentMiddleware lifts the X-Environment header into the request context. A missing header leaves the context unset (default environment applies). The value is validated against the project's environments at mint time, so an unknown environment here is harmless until it is actually used.

func ErrorHandler 

func ErrorHandler(ctx context.Context, w http.ResponseWriter, r *http.Request, err error)

ErrorHandler renders generated-server failures (parameter/body decode, generated schema validation, security checks and response encoding) into the same ErrorEnvelope as handler errors. These never reach Service.NewError — ogen raises them around the handler — so wire this with oas.WithErrorHandler(api.ErrorHandler) when building the server.

func FlowCookieClear added in v1.1.0 

func FlowCookieClear() []string

FlowCookieClear renders the Set-Cookie header that deletes the flow cookie (flow completed or abandoned).

func FlowCookieSet added in v1.1.0 

func FlowCookieSet(token string, ttl time.Duration) []string

FlowCookieSet renders the Set-Cookie header that stores the flow_token while a flow is pending. ttl should match the server-side flow TTL.

func GuestRateLimitMiddleware 

func GuestRateLimitMiddleware(next http.Handler) http.Handler

func NewRateLimitMiddleware added in v1.3.0 

func NewRateLimitMiddleware(reader RateLimitConfigReader) func(http.Handler) http.Handler

NewRateLimitMiddleware builds the rate-limit middleware backed by an optional per-project config reader. When reader is nil (or returns no rule for the classified endpoint) the hardcoded defaults apply, preserving current behavior. Per-project rules override only limit/window of the existing IP-keyed, path-classified buckets, merged per-endpoint over the defaults.

func NewSecurityHandler 

func NewSecurityHandler(a Authenticator) oas.SecurityHandler

NewSecurityHandler wires an Authenticator into the ogen SecurityHandler. Pass it to oas.NewServer(handler, api.NewSecurityHandler(auth), …).

func PrincipalFrom 

func PrincipalFrom(ctx context.Context) (*domain.Principal, bool)

PrincipalFrom returns the authenticated principal placed in ctx by the SecurityHandler, if any.

func RateLimitMiddleware 

func RateLimitMiddleware(next http.Handler) http.Handler

RateLimitMiddleware enforces the built-in hardcoded limits only (no per-project overrides). Kept for back-compat with existing callers/tests; equivalent to NewRateLimitMiddleware(nil).

func RequestMetaMiddleware added in v1.1.0 

func RequestMetaMiddleware(next http.Handler) http.Handler

RequestMetaMiddleware captures the originating device/network context (client IP, User-Agent, optional fingerprint) into the request context so the session-minting path can record it on the session. Place it early in the pipeline (it only reads the request).

func SecurityHeaders 

func SecurityHeaders(next http.Handler) http.Handler

SecurityHeaders adds conservative browser hardening headers for the embedded admin SPA. Reverse proxies may still override HSTS/CSP for deployment-specific policies.

func SensitiveRateLimitMiddleware 

func SensitiveRateLimitMiddleware(next http.Handler) http.Handler

func SessionCookies 

func SessionCookies(access, refresh string, accessTTL, refreshTTL time.Duration) []string

SessionCookies renders the access + refresh Set-Cookie header pair for a cookie-mode session. The access cookie (SessionCookieName) is sent on every path; the refresh cookie (RefreshCookieName) is scoped to the refresh endpoint so it is only presented there. Both are HttpOnly + Secure + SameSite=Lax.

func SetTrustedProxies added in v1.3.0 

func SetTrustedProxies(cidrs []string)

SetTrustedProxies configures the trusted reverse-proxy CIDRs (or bare IPs). Call once during startup, before serving. Unparseable entries are ignored. When empty, clientIP returns the real TCP peer and never honors forwarding headers — this prevents a client from spoofing its IP (e.g. to bypass IP-keyed rate limits).

func WithEnvironment 

func WithEnvironment(ctx context.Context, env string) context.Context

WithEnvironment stores the requested environment in ctx.

Types

type AccountDeps 

type AccountDeps struct{ Accounts AccountStore }

type AccountService 

type AccountService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

AccountService implements the AccountHandler slice of oas.Handler.

func NewAccountService 

func NewAccountService(deps AccountDeps) *AccountService

NewAccountService builds the Account service from its dependencies.

func (*AccountService) DeleteV1AuthIdentitiesByIdentityId 

func (s *AccountService) DeleteV1AuthIdentitiesByIdentityId(ctx context.Context, params oas.DeleteV1AuthIdentitiesByIdentityIdParams) (*oas.Ok, error)

func (*AccountService) DeleteV1Sessions 

func (s *AccountService) DeleteV1Sessions(ctx context.Context, req oas.OptDeleteV1SessionsReq) (*oas.DeleteV1SessionsOK, error)

func (*AccountService) DeleteV1SessionsBySessionId 

func (s *AccountService) DeleteV1SessionsBySessionId(ctx context.Context, params oas.DeleteV1SessionsBySessionIdParams) (*oas.Ok, error)

func (*AccountService) DeleteV1UsersMe 

func (s *AccountService) DeleteV1UsersMe(ctx context.Context, req oas.OptDeleteV1UsersMeReq) (*oas.Ok, error)

func (*AccountService) GetV1AccountCapabilities 

func (s *AccountService) GetV1AccountCapabilities(ctx context.Context) (*oas.GetV1AccountCapabilitiesOK, error)

func (*AccountService) GetV1AuthIdentities 

func (s *AccountService) GetV1AuthIdentities(ctx context.Context) (*oas.GetV1AuthIdentitiesOK, error)

func (*AccountService) GetV1Sessions 

func (s *AccountService) GetV1Sessions(ctx context.Context) (*oas.GetV1SessionsOK, error)

func (*AccountService) GetV1SessionsCurrent 

func (s *AccountService) GetV1SessionsCurrent(ctx context.Context) (*oas.GetV1SessionsCurrentOK, error)

func (*AccountService) GetV1UsersMe 

func (s *AccountService) GetV1UsersMe(ctx context.Context) (*oas.GetV1UsersMeOK, error)

func (*AccountService) GetV1UsersMeActivity 

func (s *AccountService) GetV1UsersMeActivity(ctx context.Context, params oas.GetV1UsersMeActivityParams) (*oas.GetV1UsersMeActivityOK, error)

func (*AccountService) GetV1UsersMeConsents 

func (s *AccountService) GetV1UsersMeConsents(ctx context.Context) (*oas.GetV1UsersMeConsentsOK, error)

func (*AccountService) GetV1UsersMeExportByJobId 

func (s *AccountService) GetV1UsersMeExportByJobId(ctx context.Context, params oas.GetV1UsersMeExportByJobIdParams) (*oas.GetV1UsersMeExportByJobIdOK, error)

func (*AccountService) PatchV1SessionsBySessionId 

func (s *AccountService) PatchV1SessionsBySessionId(ctx context.Context, req *oas.PatchV1SessionsBySessionIdReq, params oas.PatchV1SessionsBySessionIdParams) (*oas.PatchV1SessionsBySessionIdOK, error)

func (*AccountService) PatchV1UsersMe 

func (s *AccountService) PatchV1UsersMe(ctx context.Context, req *oas.PatchV1UsersMeReq) (*oas.PatchV1UsersMeOK, error)

func (*AccountService) PostV1AuthIdentitiesMergeConfirm 

func (s *AccountService) PostV1AuthIdentitiesMergeConfirm(ctx context.Context, req *oas.PostV1AuthIdentitiesMergeConfirmReq) (*oas.PostV1AuthIdentitiesMergeConfirmOK, error)

func (*AccountService) PostV1AuthIdentitiesMergeStart 

func (s *AccountService) PostV1AuthIdentitiesMergeStart(ctx context.Context, req *oas.PostV1AuthIdentitiesMergeStartReq) (*oas.PostV1AuthIdentitiesMergeStartOK, error)

func (*AccountService) PostV1SessionsBySessionIdTrust 

func (s *AccountService) PostV1SessionsBySessionIdTrust(ctx context.Context, req *oas.PostV1SessionsBySessionIdTrustReq, params oas.PostV1SessionsBySessionIdTrustParams) (*oas.PostV1SessionsBySessionIdTrustOK, error)

func (*AccountService) PostV1UsersMeConsents 

func (s *AccountService) PostV1UsersMeConsents(ctx context.Context, req *oas.PostV1UsersMeConsentsReq) (*oas.PostV1UsersMeConsentsOK, error)

func (*AccountService) PostV1UsersMeExport 

func (s *AccountService) PostV1UsersMeExport(ctx context.Context) (*oas.PostV1UsersMeExportOK, error)

type AccountStore 

type AccountStore interface {
	Get(ctx context.Context, projectID, accountID string) (*domain.Account, error)
	UpdateProfile(ctx context.Context, cmd domain.ProfileUpdateCmd) (*domain.Account, error)
	Delete(ctx context.Context, projectID, accountID string) error
	ListSessions(ctx context.Context, accountID string) ([]domain.Session, error)
	RevokeSession(ctx context.Context, accountID, sessionID string) error
	ListIdentities(ctx context.Context, accountID string) ([]domain.Identity, error)

	// Capabilities returns the feature/capability flags available to the account.
	Capabilities(ctx context.Context, projectID, accountID string) (map[string]bool, error)
	// GetSession resolves a single session owned by the account.
	GetSession(ctx context.Context, accountID, sessionID string) (*domain.Session, error)
	// RenameSession sets a device name on one of the account's sessions.
	RenameSession(ctx context.Context, cmd domain.AccountRenameSessionCmd) (*domain.Session, error)
	// TrustSession marks a session trusted for the given duration.
	TrustSession(ctx context.Context, cmd domain.AccountTrustSessionCmd) (*domain.Session, error)
	// RevokeSessions bulk-revokes the account's sessions; returns the count revoked.
	RevokeSessions(ctx context.Context, cmd domain.AccountRevokeSessionsCmd) (int, error)
	// UnlinkIdentity removes a linked identity from the account.
	UnlinkIdentity(ctx context.Context, accountID, identityID string) error
	// Activity returns the account's paginated activity log.
	Activity(ctx context.Context, cmd domain.AccountActivityCmd) (*domain.AccountActivityPage, error)
	// Consents returns the account's recorded consent acceptances.
	Consents(ctx context.Context, accountID string) ([]domain.AccountConsent, error)
	// AcceptConsents records consent acceptances and returns the updated set.
	AcceptConsents(ctx context.Context, cmd domain.AccountAcceptConsentsCmd) ([]domain.AccountConsent, error)
	// StartExport kicks off a data-export job and returns its identifier.
	StartExport(ctx context.Context, accountID string) (*domain.AccountExportJob, error)
	// ExportStatus reports the state of a data-export job.
	ExportStatus(ctx context.Context, accountID, jobID string) (*domain.AccountExportJob, error)
	// StartIdentityMerge begins merging another identity into the account.
	StartIdentityMerge(ctx context.Context, cmd domain.AccountMergeStartCmd) (*domain.Challenge, error)
	// ConfirmIdentityMerge completes a pending identity merge.
	ConfirmIdentityMerge(ctx context.Context, cmd domain.AccountMergeConfirmCmd) (*domain.Account, []domain.Identity, error)
}

type AdminAPIKeys 

type AdminAPIKeys interface {
	List(ctx context.Context, projectID string) ([]domain.APIKey, error)
	Create(ctx context.Context, cmd domain.AdminAPIKeyCmd) (*domain.AdminAPIKeySecret, error)
	Update(ctx context.Context, cmd domain.AdminAPIKeyUpdateCmd) (*domain.APIKey, error)
	Delete(ctx context.Context, projectID, keyID string) error
	Rotate(ctx context.Context, projectID, keyID string) (*domain.AdminAPIKeySecret, error)
}

AdminAPIKeys is the project API-key administration slice.

type AdminAccessRequests 

type AdminAccessRequests interface {
	List(ctx context.Context, cmd domain.AdminAccessRequestListCmd) (*domain.AdminAccessRequestPage, error)
	Approve(ctx context.Context, cmd domain.AdminAccessRequestDecisionCmd) (map[string]jx.Raw, error)
	Deny(ctx context.Context, cmd domain.AdminAccessRequestDecisionCmd) (*domain.CoreAuthAccessRequest, error)
}

AdminAccessRequests is the access-request moderation slice.

type AdminApps 

type AdminApps interface {
	List(ctx context.Context, projectID, environment string) ([]domain.AppClient, error)
	Create(ctx context.Context, cmd domain.AppClientCmd) (*domain.AppClient, error)
	Get(ctx context.Context, projectID, environment, appID string) (*domain.AppClient, error)
	Update(ctx context.Context, projectID, environment, appID string, patch map[string]any) (*domain.AppClient, error)
	Delete(ctx context.Context, projectID, environment, appID string) error
	AddSecret(ctx context.Context, projectID, environment, appID, name string) (*domain.AdminSecret, error)
	DeleteSecret(ctx context.Context, projectID, environment, appID, secretID string) error
}

type AdminConfig 

type AdminConfig interface {
	GetAuthConfig(ctx context.Context, cmd domain.AdminConfigGetCmd) (domain.AdminConfigDoc, error)
	UpdateAuthConfig(ctx context.Context, cmd domain.AdminConfigUpdateCmd) (domain.AdminConfigDoc, error)
	GetPasswordPolicy(ctx context.Context, cmd domain.AdminConfigGetCmd) (domain.AdminConfigDoc, error)
	UpdatePasswordPolicy(ctx context.Context, cmd domain.AdminConfigUpdateCmd) (domain.AdminConfigDoc, error)
	GetSessionPolicy(ctx context.Context, cmd domain.AdminConfigGetCmd) (domain.AdminConfigDoc, error)
	UpdateSessionPolicy(ctx context.Context, cmd domain.AdminConfigUpdateCmd) (domain.AdminConfigDoc, error)
	GetRateLimits(ctx context.Context, cmd domain.AdminConfigGetCmd) (domain.AdminConfigDoc, error)
	UpdateRateLimits(ctx context.Context, cmd domain.AdminConfigUpdateCmd) (domain.AdminConfigDoc, error)
	GetMfaPolicy(ctx context.Context, cmd domain.AdminConfigGetCmd) (domain.AdminConfigDoc, error)
	UpdateMfaPolicy(ctx context.Context, cmd domain.AdminConfigUpdateCmd) (domain.AdminConfigDoc, error)
	GetConsent(ctx context.Context, cmd domain.AdminConfigGetCmd) (domain.AdminConfigDoc, error)
	PutConsent(ctx context.Context, cmd domain.AdminConfigUpdateCmd) (domain.AdminConfigDoc, error)

	GetFeatures(ctx context.Context, cmd domain.AdminConfigGetCmd) (map[string]bool, error)
	PutFeatures(ctx context.Context, cmd domain.AdminFeaturesUpdateCmd) (map[string]bool, error)

	GetI18n(ctx context.Context, cmd domain.AdminConfigGetCmd, locale string) (map[string]jx.Raw, error)
	PutI18n(ctx context.Context, cmd domain.AdminI18nUpdateCmd) (map[string]jx.Raw, error)

	// Email / SMS providers.
	ListEmailProviders(ctx context.Context, cmd domain.AdminConfigGetCmd) ([]domain.AdminProvider, error)
	CreateEmailProvider(ctx context.Context, cmd domain.AdminProviderCmd) (*domain.AdminProvider, error)
	UpdateEmailProvider(ctx context.Context, cmd domain.AdminProviderCmd) (*domain.AdminProvider, error)
	DeleteEmailProvider(ctx context.Context, cmd domain.AdminProviderDeleteCmd) error
	ListSmsProviders(ctx context.Context, cmd domain.AdminConfigGetCmd) ([]domain.AdminProvider, error)
	CreateSmsProvider(ctx context.Context, cmd domain.AdminProviderCmd) (*domain.AdminProvider, error)
	UpdateSmsProvider(ctx context.Context, cmd domain.AdminProviderCmd) (*domain.AdminProvider, error)
	DeleteSmsProvider(ctx context.Context, cmd domain.AdminProviderDeleteCmd) error

	// Email templates.
	ListEmailTemplates(ctx context.Context, cmd domain.AdminConfigGetCmd) (map[string]jx.Raw, error)
	UpdateEmailTemplate(ctx context.Context, cmd domain.AdminTemplateUpdateCmd) (map[string]jx.Raw, error)
	PreviewEmailTemplate(ctx context.Context, cmd domain.AdminTemplatePreviewCmd) (*domain.AdminTemplatePreview, error)
	SendTestEmail(ctx context.Context, cmd domain.AdminTemplateSendTestCmd) error
	SendTestSMS(ctx context.Context, cmd domain.AdminTemplateSendTestCmd) error
}

AdminConfig is the project-configuration slice: auth / password-policy / session-policy / consent documents plus feature flags and i18n bundles. Each document is carried opaquely as a domain.AdminConfigDoc the adapter validates and persists.

type AdminConnections 

type AdminConnections interface {
	List(ctx context.Context, projectID string) ([]domain.Connection, error)
	Get(ctx context.Context, projectID, connID string) (*domain.Connection, error)
	Create(ctx context.Context, cmd domain.AdminConnectionCmd) (*domain.Connection, error)
	Update(ctx context.Context, projectID, connID string, patch map[string]any) (*domain.Connection, error)
	Delete(ctx context.Context, projectID, connID string) error
	ListDomains(ctx context.Context, projectID string) ([]domain.Domain, error)
	CreateDomain(ctx context.Context, cmd domain.AdminDomainCmd) (*domain.AdminDomainRegistration, error)
	DeleteDomain(ctx context.Context, projectID, domainID string) error
	VerifyDomain(ctx context.Context, projectID, domainID string) (*domain.Domain, error)
}

AdminConnections is the federation (SSO connections + domains) admin slice.

type AdminDeps 

type AdminDeps struct {
	Users           AdminUsers
	Apps            AdminApps
	ServiceAccounts AdminServiceAccounts
	APIKeys         AdminAPIKeys
	Connections     AdminConnections
	Config          AdminConfig
	Keys            AdminKeys
	AccessRequests  AdminAccessRequests
	Invites         AdminInvites
}

AdminDeps are the per-project administration ports.

type AdminInvites added in v1.2.0 

type AdminInvites interface {
	Create(ctx context.Context, cmd domain.InviteCreateCmd) (*domain.InviteCreated, error)
	List(ctx context.Context, cmd domain.InviteListCmd) ([]domain.Invite, error)
	Revoke(ctx context.Context, cmd domain.InviteRevokeCmd) error
}

AdminInvites is the project invitation administration slice.

type AdminKeys 

type AdminKeys interface {
	ListSigningKeys(ctx context.Context, cmd domain.AdminConfigGetCmd) ([]domain.AdminSigningKey, error)
	DeleteSigningKey(ctx context.Context, cmd domain.AdminConfigGetCmd, kid string) error
	RotateSigningKeys(ctx context.Context, cmd domain.AdminJWKSRotateCmd) (*domain.AdminSigningKey, error)
	ActivateSigningKey(ctx context.Context, cmd domain.AdminConfigGetCmd, kid string) (*domain.AdminSigningKey, error)

	ListTokenProfiles(ctx context.Context, cmd domain.AdminConfigGetCmd) ([]domain.AdminTokenProfile, error)
	CreateTokenProfile(ctx context.Context, cmd domain.AdminTokenProfileCmd) (*domain.AdminTokenProfile, error)
	UpdateTokenProfile(ctx context.Context, cmd domain.AdminTokenProfileCmd) (*domain.AdminTokenProfile, error)
	DeleteTokenProfile(ctx context.Context, cmd domain.AdminConfigGetCmd, profileID string) error
	PreviewTokenProfile(ctx context.Context, cmd domain.AdminTokenProfilePreviewCmd) (map[string]jx.Raw, error)
}

AdminKeys is the signing-key (JWKS) + token-profile administration slice.

type AdminService 

type AdminService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

AdminService implements the AdminHandler slice of oas.Handler.

func NewAdminService 

func NewAdminService(deps AdminDeps) *AdminService

NewAdminService builds the Admin service from its dependencies.

func (*AdminService) DeleteV1ProjectsByProjectIdAdminApiKeysByKeyId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminApiKeysByKeyId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminApiKeysByKeyIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminAppsByAppId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminAppsByAppId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminAppsByAppIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminAppsByAppIdSecretsBySecretId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminAppsByAppIdSecretsBySecretId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminAppsByAppIdSecretsBySecretIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminDomainsByDomainId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminDomainsByDomainId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminDomainsByDomainIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminEmailProvidersById 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminEmailProvidersById(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminEmailProvidersByIdParams) (r *oas.Ok, _ error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminJwksByKeyId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminJwksByKeyId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminJwksByKeyIdParams) (r *oas.Ok, _ error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsBySecretId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsBySecretId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsBySecretIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminSmsProvidersById 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminSmsProvidersById(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminSmsProvidersByIdParams) (r *oas.Ok, _ error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminSsoConnectionsById 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminSsoConnectionsById(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminSsoConnectionsByIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminTokenProfilesById 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminTokenProfilesById(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminTokenProfilesByIdParams) (r *oas.Ok, _ error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminUsersByUserId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminUsersByUserId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminUsersByUserIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminUsersByUserIdIdentitiesByIdentityId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminUsersByUserIdIdentitiesByIdentityId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminUsersByUserIdIdentitiesByIdentityIdParams) (*oas.Ok, error)

func (*AdminService) DeleteV1ProjectsByProjectIdAdminUsersByUserIdSessionsBySessionId 

func (s *AdminService) DeleteV1ProjectsByProjectIdAdminUsersByUserIdSessionsBySessionId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminUsersByUserIdSessionsBySessionIdParams) (*oas.Ok, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminAccessRequests 

func (s *AdminService) GetV1ProjectsByProjectIdAdminAccessRequests(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminAccessRequestsParams) (r *oas.GetV1ProjectsByProjectIdAdminAccessRequestsOK, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminApiKeys 

func (s *AdminService) GetV1ProjectsByProjectIdAdminApiKeys(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminApiKeysParams) (*oas.GetV1ProjectsByProjectIdAdminApiKeysOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminApps 

func (s *AdminService) GetV1ProjectsByProjectIdAdminApps(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminAppsParams) (*oas.GetV1ProjectsByProjectIdAdminAppsOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminAppsByAppId 

func (s *AdminService) GetV1ProjectsByProjectIdAdminAppsByAppId(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminAppsByAppIdParams) (*oas.GetV1ProjectsByProjectIdAdminAppsByAppIdOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminConfigAuth 

func (s *AdminService) GetV1ProjectsByProjectIdAdminConfigAuth(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminConfigAuthParams) (r *oas.AuthConfig, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminConfigMfaPolicy added in v1.2.3 

func (s *AdminService) GetV1ProjectsByProjectIdAdminConfigMfaPolicy(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminConfigMfaPolicyParams) (r *oas.MfaPolicy, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminConfigPasswordPolicy 

func (s *AdminService) GetV1ProjectsByProjectIdAdminConfigPasswordPolicy(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminConfigPasswordPolicyParams) (r *oas.PasswordPolicy, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminConfigRateLimits added in v1.2.0 

func (s *AdminService) GetV1ProjectsByProjectIdAdminConfigRateLimits(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminConfigRateLimitsParams) (r *oas.RateLimits, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminConfigSessionPolicy 

func (s *AdminService) GetV1ProjectsByProjectIdAdminConfigSessionPolicy(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminConfigSessionPolicyParams) (r *oas.SessionPolicy, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminConsents 

func (s *AdminService) GetV1ProjectsByProjectIdAdminConsents(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminConsentsParams) (r *oas.ConsentConfig, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminDomains 

func (s *AdminService) GetV1ProjectsByProjectIdAdminDomains(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminDomainsParams) (*oas.GetV1ProjectsByProjectIdAdminDomainsOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminEmailProviders 

func (s *AdminService) GetV1ProjectsByProjectIdAdminEmailProviders(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminEmailProvidersParams) (r *oas.GetV1ProjectsByProjectIdAdminEmailProvidersOK, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminEmailTemplates 

func (s *AdminService) GetV1ProjectsByProjectIdAdminEmailTemplates(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminEmailTemplatesParams) (r oas.GetV1ProjectsByProjectIdAdminEmailTemplatesOK, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminFeatures 

func (s *AdminService) GetV1ProjectsByProjectIdAdminFeatures(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminFeaturesParams) (r oas.GetV1ProjectsByProjectIdAdminFeaturesOK, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminI18nByLocale 

func (s *AdminService) GetV1ProjectsByProjectIdAdminI18nByLocale(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminI18nByLocaleParams) (r oas.GetV1ProjectsByProjectIdAdminI18nByLocaleOK, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminInvites added in v1.2.0 

func (s *AdminService) GetV1ProjectsByProjectIdAdminInvites(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminInvitesParams) (*oas.GetV1ProjectsByProjectIdAdminInvitesOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminJwks 

func (s *AdminService) GetV1ProjectsByProjectIdAdminJwks(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminJwksParams) (r *oas.GetV1ProjectsByProjectIdAdminJwksOK, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminServiceAccounts 

func (s *AdminService) GetV1ProjectsByProjectIdAdminServiceAccounts(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminServiceAccountsParams) (*oas.GetV1ProjectsByProjectIdAdminServiceAccountsOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminServiceAccountsBySaId 

func (s *AdminService) GetV1ProjectsByProjectIdAdminServiceAccountsBySaId(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminServiceAccountsBySaIdParams) (*oas.GetV1ProjectsByProjectIdAdminServiceAccountsBySaIdOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminSmsProviders 

func (s *AdminService) GetV1ProjectsByProjectIdAdminSmsProviders(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminSmsProvidersParams) (r *oas.GetV1ProjectsByProjectIdAdminSmsProvidersOK, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminSsoConnections 

func (s *AdminService) GetV1ProjectsByProjectIdAdminSsoConnections(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminSsoConnectionsParams) (*oas.GetV1ProjectsByProjectIdAdminSsoConnectionsOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminSsoConnectionsById 

func (s *AdminService) GetV1ProjectsByProjectIdAdminSsoConnectionsById(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminSsoConnectionsByIdParams) (*oas.GetV1ProjectsByProjectIdAdminSsoConnectionsByIdOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminTokenProfiles 

func (s *AdminService) GetV1ProjectsByProjectIdAdminTokenProfiles(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminTokenProfilesParams) (r *oas.GetV1ProjectsByProjectIdAdminTokenProfilesOK, _ error)

func (*AdminService) GetV1ProjectsByProjectIdAdminUsers 

func (s *AdminService) GetV1ProjectsByProjectIdAdminUsers(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminUsersParams) (*oas.GetV1ProjectsByProjectIdAdminUsersOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminUsersByUserId 

func (s *AdminService) GetV1ProjectsByProjectIdAdminUsersByUserId(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminUsersByUserIdParams) (*oas.GetV1ProjectsByProjectIdAdminUsersByUserIdOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminUsersByUserIdIdentities 

func (s *AdminService) GetV1ProjectsByProjectIdAdminUsersByUserIdIdentities(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminUsersByUserIdIdentitiesParams) (*oas.GetV1ProjectsByProjectIdAdminUsersByUserIdIdentitiesOK, error)

func (*AdminService) GetV1ProjectsByProjectIdAdminUsersByUserIdSessions 

func (s *AdminService) GetV1ProjectsByProjectIdAdminUsersByUserIdSessions(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminUsersByUserIdSessionsParams) (*oas.GetV1ProjectsByProjectIdAdminUsersByUserIdSessionsOK, error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminApiKeysByKeyId 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminApiKeysByKeyId(ctx context.Context, req *oas.PatchV1ProjectsByProjectIdAdminApiKeysByKeyIdReq, params oas.PatchV1ProjectsByProjectIdAdminApiKeysByKeyIdParams) (*oas.PatchV1ProjectsByProjectIdAdminApiKeysByKeyIdOK, error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminAppsByAppId 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminAppsByAppId(ctx context.Context, req oas.PatchV1ProjectsByProjectIdAdminAppsByAppIdReq, params oas.PatchV1ProjectsByProjectIdAdminAppsByAppIdParams) (*oas.PatchV1ProjectsByProjectIdAdminAppsByAppIdOK, error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminConfigAuth 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminConfigAuth(ctx context.Context, req *oas.AuthConfig, params oas.PatchV1ProjectsByProjectIdAdminConfigAuthParams) (r *oas.AuthConfig, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminConfigMfaPolicy added in v1.2.3 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminConfigMfaPolicy(ctx context.Context, req *oas.MfaPolicy, params oas.PatchV1ProjectsByProjectIdAdminConfigMfaPolicyParams) (r *oas.MfaPolicy, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminConfigPasswordPolicy 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminConfigPasswordPolicy(ctx context.Context, req *oas.PasswordPolicy, params oas.PatchV1ProjectsByProjectIdAdminConfigPasswordPolicyParams) (r *oas.PasswordPolicy, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminConfigRateLimits added in v1.2.0 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminConfigRateLimits(ctx context.Context, req *oas.RateLimits, params oas.PatchV1ProjectsByProjectIdAdminConfigRateLimitsParams) (r *oas.RateLimits, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminConfigSessionPolicy 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminConfigSessionPolicy(ctx context.Context, req *oas.SessionPolicy, params oas.PatchV1ProjectsByProjectIdAdminConfigSessionPolicyParams) (r *oas.SessionPolicy, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminEmailProvidersById 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminEmailProvidersById(ctx context.Context, req *oas.EmailProvider, params oas.PatchV1ProjectsByProjectIdAdminEmailProvidersByIdParams) (r *oas.EmailProvider, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminEmailTemplatesById 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminEmailTemplatesById(ctx context.Context, req oas.PatchV1ProjectsByProjectIdAdminEmailTemplatesByIdReq, params oas.PatchV1ProjectsByProjectIdAdminEmailTemplatesByIdParams) (r oas.PatchV1ProjectsByProjectIdAdminEmailTemplatesByIdOK, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminServiceAccountsBySaId 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminServiceAccountsBySaId(ctx context.Context, req *oas.PatchV1ProjectsByProjectIdAdminServiceAccountsBySaIdReq, params oas.PatchV1ProjectsByProjectIdAdminServiceAccountsBySaIdParams) (*oas.PatchV1ProjectsByProjectIdAdminServiceAccountsBySaIdOK, error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminSmsProvidersById 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminSmsProvidersById(ctx context.Context, req *oas.SmsProvider, params oas.PatchV1ProjectsByProjectIdAdminSmsProvidersByIdParams) (r *oas.SmsProvider, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminSsoConnectionsById 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminSsoConnectionsById(ctx context.Context, req oas.PatchV1ProjectsByProjectIdAdminSsoConnectionsByIdReq, params oas.PatchV1ProjectsByProjectIdAdminSsoConnectionsByIdParams) (*oas.PatchV1ProjectsByProjectIdAdminSsoConnectionsByIdOK, error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminTokenProfilesById 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminTokenProfilesById(ctx context.Context, req oas.PatchV1ProjectsByProjectIdAdminTokenProfilesByIdReq, params oas.PatchV1ProjectsByProjectIdAdminTokenProfilesByIdParams) (r *oas.PatchV1ProjectsByProjectIdAdminTokenProfilesByIdOK, _ error)

func (*AdminService) PatchV1ProjectsByProjectIdAdminUsersByUserId 

func (s *AdminService) PatchV1ProjectsByProjectIdAdminUsersByUserId(ctx context.Context, req oas.PatchV1ProjectsByProjectIdAdminUsersByUserIdReq, params oas.PatchV1ProjectsByProjectIdAdminUsersByUserIdParams) (*oas.PatchV1ProjectsByProjectIdAdminUsersByUserIdOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminAccessRequestsByIdApprove 

func (s *AdminService) PostV1ProjectsByProjectIdAdminAccessRequestsByIdApprove(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminAccessRequestsByIdApproveReq, params oas.PostV1ProjectsByProjectIdAdminAccessRequestsByIdApproveParams) (r oas.PostV1ProjectsByProjectIdAdminAccessRequestsByIdApproveOK, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminAccessRequestsByIdDeny 

func (s *AdminService) PostV1ProjectsByProjectIdAdminAccessRequestsByIdDeny(ctx context.Context, req oas.OptPostV1ProjectsByProjectIdAdminAccessRequestsByIdDenyReq, params oas.PostV1ProjectsByProjectIdAdminAccessRequestsByIdDenyParams) (r *oas.PostV1ProjectsByProjectIdAdminAccessRequestsByIdDenyOK, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminApiKeys 

func (s *AdminService) PostV1ProjectsByProjectIdAdminApiKeys(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminApiKeysReq, params oas.PostV1ProjectsByProjectIdAdminApiKeysParams) (*oas.PostV1ProjectsByProjectIdAdminApiKeysCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotate 

func (s *AdminService) PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotate(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotateParams) (*oas.PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotateOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminApps 

func (s *AdminService) PostV1ProjectsByProjectIdAdminApps(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminAppsReq, params oas.PostV1ProjectsByProjectIdAdminAppsParams) (*oas.PostV1ProjectsByProjectIdAdminAppsCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminAppsByAppIdSecrets 

func (s *AdminService) PostV1ProjectsByProjectIdAdminAppsByAppIdSecrets(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminAppsByAppIdSecretsReq, params oas.PostV1ProjectsByProjectIdAdminAppsByAppIdSecretsParams) (*oas.PostV1ProjectsByProjectIdAdminAppsByAppIdSecretsCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminDomains 

func (s *AdminService) PostV1ProjectsByProjectIdAdminDomains(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminDomainsReq, params oas.PostV1ProjectsByProjectIdAdminDomainsParams) (*oas.PostV1ProjectsByProjectIdAdminDomainsCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminDomainsByDomainIdVerify 

func (s *AdminService) PostV1ProjectsByProjectIdAdminDomainsByDomainIdVerify(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminDomainsByDomainIdVerifyParams) (*oas.PostV1ProjectsByProjectIdAdminDomainsByDomainIdVerifyOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminEmailProviders 

func (s *AdminService) PostV1ProjectsByProjectIdAdminEmailProviders(ctx context.Context, req *oas.EmailProvider, params oas.PostV1ProjectsByProjectIdAdminEmailProvidersParams) (r *oas.EmailProvider, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminEmailTemplatesByIdPreview 

func (s *AdminService) PostV1ProjectsByProjectIdAdminEmailTemplatesByIdPreview(ctx context.Context, req oas.OptPostV1ProjectsByProjectIdAdminEmailTemplatesByIdPreviewReq, params oas.PostV1ProjectsByProjectIdAdminEmailTemplatesByIdPreviewParams) (r *oas.PostV1ProjectsByProjectIdAdminEmailTemplatesByIdPreviewOK, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminEmailTemplatesByIdSendTest 

func (s *AdminService) PostV1ProjectsByProjectIdAdminEmailTemplatesByIdSendTest(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminEmailTemplatesByIdSendTestReq, params oas.PostV1ProjectsByProjectIdAdminEmailTemplatesByIdSendTestParams) (r *oas.Ok, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminInvites added in v1.2.0 

func (s *AdminService) PostV1ProjectsByProjectIdAdminInvites(ctx context.Context, req *oas.InviteCreateRequest, params oas.PostV1ProjectsByProjectIdAdminInvitesParams) (*oas.InviteCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminInvitesByInviteIdRevoke added in v1.2.0 

func (s *AdminService) PostV1ProjectsByProjectIdAdminInvitesByInviteIdRevoke(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminInvitesByInviteIdRevokeParams) (*oas.Ok, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminJwksByKeyIdActivate 

func (s *AdminService) PostV1ProjectsByProjectIdAdminJwksByKeyIdActivate(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminJwksByKeyIdActivateParams) (r *oas.PostV1ProjectsByProjectIdAdminJwksByKeyIdActivateOK, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminJwksRotate 

func (s *AdminService) PostV1ProjectsByProjectIdAdminJwksRotate(ctx context.Context, req oas.OptPostV1ProjectsByProjectIdAdminJwksRotateReq, params oas.PostV1ProjectsByProjectIdAdminJwksRotateParams) (r *oas.PostV1ProjectsByProjectIdAdminJwksRotateOK, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminServiceAccounts 

func (s *AdminService) PostV1ProjectsByProjectIdAdminServiceAccounts(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminServiceAccountsReq, params oas.PostV1ProjectsByProjectIdAdminServiceAccountsParams) (*oas.PostV1ProjectsByProjectIdAdminServiceAccountsCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecrets 

func (s *AdminService) PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecrets(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsReq, params oas.PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsParams) (*oas.PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminSmsProviders 

func (s *AdminService) PostV1ProjectsByProjectIdAdminSmsProviders(ctx context.Context, req *oas.SmsProvider, params oas.PostV1ProjectsByProjectIdAdminSmsProvidersParams) (r *oas.SmsProvider, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminSmsProvidersSendTest added in v1.3.0 

func (s *AdminService) PostV1ProjectsByProjectIdAdminSmsProvidersSendTest(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminSmsProvidersSendTestReq, params oas.PostV1ProjectsByProjectIdAdminSmsProvidersSendTestParams) (r *oas.Ok, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminSsoConnections 

func (s *AdminService) PostV1ProjectsByProjectIdAdminSsoConnections(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminSsoConnectionsReq, params oas.PostV1ProjectsByProjectIdAdminSsoConnectionsParams) (*oas.PostV1ProjectsByProjectIdAdminSsoConnectionsCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminTokenProfiles 

func (s *AdminService) PostV1ProjectsByProjectIdAdminTokenProfiles(ctx context.Context, req *oas.TokenProfile, params oas.PostV1ProjectsByProjectIdAdminTokenProfilesParams) (r *oas.PostV1ProjectsByProjectIdAdminTokenProfilesCreated, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminTokenProfilesByIdPreview 

func (s *AdminService) PostV1ProjectsByProjectIdAdminTokenProfilesByIdPreview(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminTokenProfilesByIdPreviewReq, params oas.PostV1ProjectsByProjectIdAdminTokenProfilesByIdPreviewParams) (r *oas.PostV1ProjectsByProjectIdAdminTokenProfilesByIdPreviewOK, _ error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsers 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsers(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminUsersReq, params oas.PostV1ProjectsByProjectIdAdminUsersParams) (*oas.PostV1ProjectsByProjectIdAdminUsersCreated, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdAnonymize 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdAnonymize(ctx context.Context, req oas.OptPostV1ProjectsByProjectIdAdminUsersByUserIdAnonymizeReq, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdAnonymizeParams) (*oas.Ok, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdBan 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdBan(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminUsersByUserIdBanReq, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdBanParams) (*oas.PostV1ProjectsByProjectIdAdminUsersByUserIdBanOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdExport 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdExport(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdExportParams) (*oas.PostV1ProjectsByProjectIdAdminUsersByUserIdExportOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdImpersonate 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdImpersonate(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminUsersByUserIdImpersonateReq, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdImpersonateParams) (*oas.PostV1ProjectsByProjectIdAdminUsersByUserIdImpersonateOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdMfaReset 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdMfaReset(ctx context.Context, req oas.OptPostV1ProjectsByProjectIdAdminUsersByUserIdMfaResetReq, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdMfaResetParams) (*oas.PostV1ProjectsByProjectIdAdminUsersByUserIdMfaResetOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdPassword 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdPassword(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminUsersByUserIdPasswordReq, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdPasswordParams) (*oas.Ok, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdSessionsRevoke 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdSessionsRevoke(ctx context.Context, req oas.OptPostV1ProjectsByProjectIdAdminUsersByUserIdSessionsRevokeReq, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdSessionsRevokeParams) (*oas.PostV1ProjectsByProjectIdAdminUsersByUserIdSessionsRevokeOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdUnban 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdUnban(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdUnbanParams) (*oas.PostV1ProjectsByProjectIdAdminUsersByUserIdUnbanOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdVerifyEmail 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdVerifyEmail(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdVerifyEmailParams) (*oas.PostV1ProjectsByProjectIdAdminUsersByUserIdVerifyEmailOK, error)

func (*AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdVerifyPhone 

func (s *AdminService) PostV1ProjectsByProjectIdAdminUsersByUserIdVerifyPhone(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminUsersByUserIdVerifyPhoneParams) (*oas.PostV1ProjectsByProjectIdAdminUsersByUserIdVerifyPhoneOK, error)

func (*AdminService) PutV1ProjectsByProjectIdAdminConsents 

func (s *AdminService) PutV1ProjectsByProjectIdAdminConsents(ctx context.Context, req *oas.ConsentConfig, params oas.PutV1ProjectsByProjectIdAdminConsentsParams) (r *oas.ConsentConfig, _ error)

func (*AdminService) PutV1ProjectsByProjectIdAdminFeatures 

func (s *AdminService) PutV1ProjectsByProjectIdAdminFeatures(ctx context.Context, req oas.PutV1ProjectsByProjectIdAdminFeaturesReq, params oas.PutV1ProjectsByProjectIdAdminFeaturesParams) (r oas.PutV1ProjectsByProjectIdAdminFeaturesOK, _ error)

func (*AdminService) PutV1ProjectsByProjectIdAdminI18nByLocale 

func (s *AdminService) PutV1ProjectsByProjectIdAdminI18nByLocale(ctx context.Context, req oas.PutV1ProjectsByProjectIdAdminI18nByLocaleReq, params oas.PutV1ProjectsByProjectIdAdminI18nByLocaleParams) (r oas.PutV1ProjectsByProjectIdAdminI18nByLocaleOK, _ error)

type AdminServiceAccounts 

type AdminServiceAccounts interface {
	List(ctx context.Context, projectID string) ([]domain.ServiceAccount, error)
	Get(ctx context.Context, projectID, saID string) (*domain.ServiceAccount, error)
	Create(ctx context.Context, cmd domain.ServiceAccountCmd) (*domain.ServiceAccount, error)
	Update(ctx context.Context, cmd domain.AdminServiceAccountUpdateCmd) (*domain.ServiceAccount, error)
	Delete(ctx context.Context, projectID, saID string) error
	AddSecret(ctx context.Context, cmd domain.AdminServiceAccountSecretCmd) (*domain.AdminSecret, error)
	DeleteSecret(ctx context.Context, projectID, saID, secretID string) error
}

AdminServiceAccounts is the machine-identity slice exposed to project admins.

type AdminUsers 

type AdminUsers interface {
	List(ctx context.Context, projectID, environment string) ([]domain.Account, error)
	Get(ctx context.Context, projectID, environment, accountID string) (*domain.Account, error)
	Create(ctx context.Context, cmd domain.RegisterCmd) (*domain.Account, error)
	Update(ctx context.Context, cmd domain.AdminUserUpdateCmd) (*domain.Account, error)
	Ban(ctx context.Context, projectID, environment, accountID string) error
	BanWith(ctx context.Context, cmd domain.AdminUserBanCmd) (*domain.Account, error)
	Unban(ctx context.Context, projectID, environment, accountID string) (*domain.Account, error)
	Delete(ctx context.Context, projectID, environment, accountID string) error
	VerifyEmail(ctx context.Context, projectID, environment, accountID string) (*domain.Account, error)
	VerifyPhone(ctx context.Context, projectID, environment, accountID string) (*domain.Account, error)
	SetPassword(ctx context.Context, cmd domain.AdminUserPasswordCmd) error
	Anonymize(ctx context.Context, cmd domain.AdminUserAnonymizeCmd) error
	Export(ctx context.Context, projectID, environment, accountID string) (jobID string, err error)
	Impersonate(ctx context.Context, cmd domain.AdminUserImpersonateCmd) (*domain.AdminImpersonation, error)
	ResetMFA(ctx context.Context, projectID, environment, accountID string, factorIDs []string) (removed int, err error)
	ListIdentities(ctx context.Context, projectID, environment, accountID string) ([]domain.Identity, error)
	DeleteIdentity(ctx context.Context, projectID, environment, accountID, identityID string) error
	ListSessions(ctx context.Context, projectID, environment, accountID string) ([]domain.Session, error)
	DeleteSession(ctx context.Context, projectID, environment, accountID, sessionID string) error
	RevokeSessions(ctx context.Context, cmd domain.AdminUserSessionsRevokeCmd) (revoked int, err error)
}

type Authenticator 

type Authenticator interface {
	User(ctx context.Context, token string) (*domain.Principal, error)              // bearerAuth
	Admin(ctx context.Context, token string) (*domain.Principal, error)             // adminToken
	Master(ctx context.Context, token string) (*domain.Principal, error)            // masterKey
	Service(ctx context.Context, token string) (*domain.Principal, error)           // serviceToken / API key
	SCIM(ctx context.Context, token string) (*domain.Principal, error)              // scimToken
	Client(ctx context.Context, clientID, secret string) (*domain.Principal, error) // clientSecretBasic
	OAuth2(ctx context.Context, token string) (*domain.Principal, error)            // oauth2
}

Authenticator validates a credential and resolves the calling principal. The adapter implements it (JWT verification, session/token lookup); pkg/api only juggles the interface. One method per security scheme.

type CoreAuthAccounts 

type CoreAuthAccounts interface {
	Register(ctx context.Context, cmd domain.RegisterCmd) (*domain.Account, *domain.Session, error)
	AuthenticatePassword(ctx context.Context, projectID, email, password string) (*domain.CoreAuthPasswordResult, error)
	Refresh(ctx context.Context, refreshToken string) (*domain.Account, *domain.Session, error)
	ExchangeCode(ctx context.Context, code, verifier string) (*domain.Account, *domain.Session, error)
	RedeemImpersonation(ctx context.Context, token, clientID string) (*domain.Account, *domain.Session, error)
	CreateGuest(ctx context.Context, projectID string) (*domain.Account, *domain.Session, error)
	GetSession(ctx context.Context, sessionID string) (*domain.Account, *domain.Session, error)
	SignOut(ctx context.Context, sessionID string, everywhere bool) error
	SignOutAll(ctx context.Context, accountID, exceptSessionID string) (int, error)

	// Email verification / change.
	StartEmailVerification(ctx context.Context, cmd domain.CoreAuthVerifyStartCmd) (*domain.Challenge, error)
	VerifyEmail(ctx context.Context, cmd domain.CoreAuthVerifyConsumeCmd) (*domain.Account, *domain.Session, error)
	VerifyEmailCallback(ctx context.Context, cmd domain.CoreAuthEmailVerificationCallbackCmd) (*domain.CoreAuthEmailVerificationCallbackResult, error)
	VerifyCaptcha(ctx context.Context, projectID, provider, token, action string) (*domain.CoreAuthCaptchaVerifyResult, error)
	StartEmailChange(ctx context.Context, cmd domain.CoreAuthVerifyStartCmd) (*domain.Challenge, error)
	VerifyEmailChange(ctx context.Context, cmd domain.CoreAuthVerifyConsumeCmd) (*domain.Account, error)
	CancelEmailChange(ctx context.Context, token string) error

	// Phone verification / change.
	StartPhoneVerification(ctx context.Context, cmd domain.CoreAuthVerifyStartCmd) (*domain.Challenge, error)
	VerifyPhone(ctx context.Context, cmd domain.CoreAuthVerifyConsumeCmd) (*domain.Account, *domain.Session, error)
	StartPhoneChange(ctx context.Context, cmd domain.CoreAuthVerifyStartCmd) (*domain.Challenge, error)
	VerifyPhoneChange(ctx context.Context, cmd domain.CoreAuthVerifyConsumeCmd) (*domain.Account, error)

	// Password lifecycle.
	ForgotPassword(ctx context.Context, cmd domain.CoreAuthPasswordForgotCmd) error
	ResetPassword(ctx context.Context, cmd domain.CoreAuthPasswordResetCmd) (*domain.Account, *domain.Session, error)
	ChangePassword(ctx context.Context, cmd domain.CoreAuthPasswordChangeCmd) error
	CheckPassword(ctx context.Context, projectID, password string) (*domain.CoreAuthPasswordCheckResult, error)
	VerifyPassword(ctx context.Context, cmd domain.CoreAuthPasswordChangeCmd) (*domain.CoreAuthPasswordVerifyResult, error)

	// Session.
	StepUp(ctx context.Context, cmd domain.CoreAuthStepUpCmd) (*domain.CoreAuthStepUpResult, error)
	SwitchGroup(ctx context.Context, accountID, sessionID, groupID string) (*domain.Account, *domain.Session, error)

	// Access requests.
	CreateAccessRequest(ctx context.Context, cmd domain.CoreAuthAccessRequestCmd) (*domain.CoreAuthAccessRequest, error)
}

CoreAuthAccounts is the Core Auth slice of the Account aggregate. Each method is one atomic operation; the adapter owns its transaction.

type CoreAuthDeps 

type CoreAuthDeps struct {
	Accounts CoreAuthAccounts
	Tokens   CoreAuthTokens
	MFA      CoreAuthMFA
}

CoreAuthDeps are the ports the Core Auth service orchestrates.

type CoreAuthFlowDeps added in v1.1.0 

type CoreAuthFlowDeps struct {
	Flows CoreAuthFlows
}

CoreAuthFlowDeps are the ports the CoreAuthFlowService orchestrates.

type CoreAuthFlowService added in v1.1.0 

type CoreAuthFlowService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

CoreAuthFlowService implements the flow-related operations in the CoreAuth ogen handler group. It maps HTTP ↔ port and builds the oas.FlowState response.

func NewCoreAuthFlowService added in v1.1.0 

func NewCoreAuthFlowService(deps CoreAuthFlowDeps) *CoreAuthFlowService

NewCoreAuthFlowService builds the flow service from its dependencies.

func (*CoreAuthFlowService) DeleteV1AuthFlowsByFlowToken added in v1.1.0 

func (s *CoreAuthFlowService) DeleteV1AuthFlowsByFlowToken(ctx context.Context, params oas.DeleteV1AuthFlowsByFlowTokenParams) error

DeleteV1AuthFlowsByFlowToken abandons a live flow.

func (*CoreAuthFlowService) GetV1AuthFlowsByFlowToken added in v1.1.0 

func (s *CoreAuthFlowService) GetV1AuthFlowsByFlowToken(ctx context.Context, params oas.GetV1AuthFlowsByFlowTokenParams) (*oas.FlowStateHeaders, error)

GetV1AuthFlowsByFlowToken retrieves a live flow by its opaque token.

func (*CoreAuthFlowService) GetV1AuthFlowsCurrent added in v1.1.0 

func (s *CoreAuthFlowService) GetV1AuthFlowsCurrent(ctx context.Context, params oas.GetV1AuthFlowsCurrentParams) (*oas.FlowStateHeaders, error)

GetV1AuthFlowsCurrent resumes the flow bound to the iam_flow cookie (§7 durable resume). No cookie / no live flow → 404.

func (*CoreAuthFlowService) PostV1AuthFlows added in v1.1.0 

func (s *CoreAuthFlowService) PostV1AuthFlows(ctx context.Context, req *oas.FlowCreateRequest, params oas.PostV1AuthFlowsParams) (*oas.FlowStateHeaders, error)

PostV1AuthFlows creates a new server-side resumable auth flow.

func (*CoreAuthFlowService) PostV1AuthFlowsByFlowTokenResend added in v1.1.0 

func (s *CoreAuthFlowService) PostV1AuthFlowsByFlowTokenResend(ctx context.Context, params oas.PostV1AuthFlowsByFlowTokenResendParams) (*oas.FlowStateHeaders, error)

PostV1AuthFlowsByFlowTokenResend re-issues the active challenge.

func (*CoreAuthFlowService) PostV1AuthFlowsByFlowTokenSubmit added in v1.1.0 

func (s *CoreAuthFlowService) PostV1AuthFlowsByFlowTokenSubmit(ctx context.Context, req *oas.FlowSubmitRequest, params oas.PostV1AuthFlowsByFlowTokenSubmitParams) (*oas.FlowStateHeaders, error)

PostV1AuthFlowsByFlowTokenSubmit advances the flow state machine.

type CoreAuthFlows added in v1.1.0 

type CoreAuthFlows interface {
	Create(ctx context.Context, cmd domain.FlowCreateCmd) (*domain.FlowState, error)
	Get(ctx context.Context, cmd domain.FlowGetCmd) (*domain.FlowState, error)
	Submit(ctx context.Context, cmd domain.FlowSubmitCmd) (*domain.FlowState, error)
	Resend(ctx context.Context, cmd domain.FlowResendCmd) (*domain.FlowState, error)
	Abandon(ctx context.Context, cmd domain.FlowAbandonCmd) error
}

CoreAuthFlows is the port the CoreAuthFlowService orchestrates.

type CoreAuthMFA added in v1.1.0 

type CoreAuthMFA interface {
	Challenge(ctx context.Context, accountID, factorID string) (*domain.Challenge, error)
}

CoreAuthMFA issues the step-up challenge when password sign-in needs a second factor. The returned challenge id is the flow_token the client presents to mfa/verify or recovery-codes/verify to finish authentication.

type CoreAuthService 

type CoreAuthService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

CoreAuthService implements the CoreAuthHandler slice of oas.Handler.

func NewCoreAuthService 

func NewCoreAuthService(deps CoreAuthDeps) *CoreAuthService

NewCoreAuthService builds the CoreAuth service from its dependencies.

func (*CoreAuthService) GetV1AuthEmailChangeCancel 

func (s *CoreAuthService) GetV1AuthEmailChangeCancel(ctx context.Context, params oas.GetV1AuthEmailChangeCancelParams) (*oas.Ok, error)

func (*CoreAuthService) GetV1AuthEmailVerificationCallback 

func (s *CoreAuthService) GetV1AuthEmailVerificationCallback(ctx context.Context, params oas.GetV1AuthEmailVerificationCallbackParams) (r *oas.GetV1AuthEmailVerificationCallbackFound, _ error)

func (*CoreAuthService) GetV1AuthSession 

func (s *CoreAuthService) GetV1AuthSession(ctx context.Context) (*oas.GetV1AuthSessionOK, error)

func (*CoreAuthService) GetV1TokensCurrent 

func (s *CoreAuthService) GetV1TokensCurrent(ctx context.Context) (*oas.GetV1TokensCurrentOK, error)

func (*CoreAuthService) PostV1AuthAccessRequests 

func (s *CoreAuthService) PostV1AuthAccessRequests(ctx context.Context, req *oas.PostV1AuthAccessRequestsReq, params oas.PostV1AuthAccessRequestsParams) (*oas.PostV1AuthAccessRequestsOK, error)

func (*CoreAuthService) PostV1AuthEmailChangeStart 

func (s *CoreAuthService) PostV1AuthEmailChangeStart(ctx context.Context, req *oas.PostV1AuthEmailChangeStartReq) (*oas.Challenge, error)

func (*CoreAuthService) PostV1AuthEmailChangeVerify 

func (s *CoreAuthService) PostV1AuthEmailChangeVerify(ctx context.Context, req *oas.PostV1AuthEmailChangeVerifyReq) (*oas.PostV1AuthEmailChangeVerifyOK, error)

func (*CoreAuthService) PostV1AuthEmailVerificationStart 

func (s *CoreAuthService) PostV1AuthEmailVerificationStart(ctx context.Context, req *oas.PostV1AuthEmailVerificationStartReq, params oas.PostV1AuthEmailVerificationStartParams) (*oas.Challenge, error)

func (*CoreAuthService) PostV1AuthEmailVerificationVerify 

func (s *CoreAuthService) PostV1AuthEmailVerificationVerify(ctx context.Context, req *oas.PostV1AuthEmailVerificationVerifyReq, params oas.PostV1AuthEmailVerificationVerifyParams) (*oas.AuthResult, error)

func (*CoreAuthService) PostV1AuthGuest 

func (s *CoreAuthService) PostV1AuthGuest(ctx context.Context, req *oas.PostV1AuthGuestReq, params oas.PostV1AuthGuestParams) (*oas.AuthResult, error)

func (*CoreAuthService) PostV1AuthImpersonateRedeem 

func (s *CoreAuthService) PostV1AuthImpersonateRedeem(ctx context.Context, req *oas.PostV1AuthImpersonateRedeemReq, params oas.PostV1AuthImpersonateRedeemParams) (*oas.AuthResult, error)

func (*CoreAuthService) PostV1AuthPasswordChange 

func (s *CoreAuthService) PostV1AuthPasswordChange(ctx context.Context, req *oas.PasswordChangeRequest) (*oas.Ok, error)

func (*CoreAuthService) PostV1AuthPasswordCheck 

func (s *CoreAuthService) PostV1AuthPasswordCheck(ctx context.Context, req *oas.PostV1AuthPasswordCheckReq, params oas.PostV1AuthPasswordCheckParams) (*oas.PostV1AuthPasswordCheckOK, error)

func (*CoreAuthService) PostV1AuthPasswordForgot 

func (s *CoreAuthService) PostV1AuthPasswordForgot(ctx context.Context, req *oas.PasswordForgotRequest, params oas.PostV1AuthPasswordForgotParams) (*oas.Ok, error)

func (*CoreAuthService) PostV1AuthPasswordReset 

func (s *CoreAuthService) PostV1AuthPasswordReset(ctx context.Context, req *oas.PasswordResetRequest, params oas.PostV1AuthPasswordResetParams) (*oas.AuthResult, error)

func (*CoreAuthService) PostV1AuthPasswordVerify 

func (s *CoreAuthService) PostV1AuthPasswordVerify(ctx context.Context, req *oas.PostV1AuthPasswordVerifyReq) (*oas.PostV1AuthPasswordVerifyOK, error)

func (*CoreAuthService) PostV1AuthPhoneChangeStart 

func (s *CoreAuthService) PostV1AuthPhoneChangeStart(ctx context.Context, req *oas.PostV1AuthPhoneChangeStartReq) (*oas.Challenge, error)

func (*CoreAuthService) PostV1AuthPhoneChangeVerify 

func (s *CoreAuthService) PostV1AuthPhoneChangeVerify(ctx context.Context, req *oas.PostV1AuthPhoneChangeVerifyReq) (*oas.PostV1AuthPhoneChangeVerifyOK, error)

func (*CoreAuthService) PostV1AuthPhoneVerificationStart 

func (s *CoreAuthService) PostV1AuthPhoneVerificationStart(ctx context.Context, req *oas.PostV1AuthPhoneVerificationStartReq, params oas.PostV1AuthPhoneVerificationStartParams) (*oas.Challenge, error)

func (*CoreAuthService) PostV1AuthPhoneVerificationVerify 

func (s *CoreAuthService) PostV1AuthPhoneVerificationVerify(ctx context.Context, req *oas.PostV1AuthPhoneVerificationVerifyReq, params oas.PostV1AuthPhoneVerificationVerifyParams) (oas.PhoneVerifyResult, error)

func (*CoreAuthService) PostV1AuthSessionStepUp 

func (s *CoreAuthService) PostV1AuthSessionStepUp(ctx context.Context, req *oas.PostV1AuthSessionStepUpReq) (oas.StepUpResult, error)

func (*CoreAuthService) PostV1AuthSessionSwitchGroup 

func (s *CoreAuthService) PostV1AuthSessionSwitchGroup(ctx context.Context, req *oas.PostV1AuthSessionSwitchGroupReq) (*oas.AuthResult, error)

func (*CoreAuthService) PostV1AuthSignInPassword 

func (s *CoreAuthService) PostV1AuthSignInPassword(ctx context.Context, req *oas.PasswordSignInRequest, params oas.PostV1AuthSignInPasswordParams) (oas.AuthResultOrNextStep, error)

func (*CoreAuthService) PostV1AuthSignOut 

func (s *CoreAuthService) PostV1AuthSignOut(ctx context.Context, req oas.OptPostV1AuthSignOutReq) (*oas.Ok, error)

func (*CoreAuthService) PostV1AuthSignOutAll 

func (s *CoreAuthService) PostV1AuthSignOutAll(ctx context.Context, req oas.OptPostV1AuthSignOutAllReq) (*oas.PostV1AuthSignOutAllOK, error)

func (*CoreAuthService) PostV1AuthSignUp 

func (s *CoreAuthService) PostV1AuthSignUp(ctx context.Context, req *oas.SignUpRequest, params oas.PostV1AuthSignUpParams) (*oas.AuthResult, error)

func (*CoreAuthService) PostV1AuthTokenExchange 

func (s *CoreAuthService) PostV1AuthTokenExchange(ctx context.Context, req *oas.CodeExchangeRequest, params oas.PostV1AuthTokenExchangeParams) (*oas.AuthResult, error)

func (*CoreAuthService) PostV1AuthTokenRefresh 

func (s *CoreAuthService) PostV1AuthTokenRefresh(ctx context.Context, req oas.OptRefreshRequest, params oas.PostV1AuthTokenRefreshParams) (*oas.AuthResultHeaders, error)

func (*CoreAuthService) PostV1ChallengesCaptchaVerify 

func (s *CoreAuthService) PostV1ChallengesCaptchaVerify(ctx context.Context, req *oas.PostV1ChallengesCaptchaVerifyReq) (r *oas.PostV1ChallengesCaptchaVerifyOK, _ error)

func (*CoreAuthService) PostV1TokensIntrospect 

func (s *CoreAuthService) PostV1TokensIntrospect(ctx context.Context, req *oas.PostV1TokensIntrospectReq) (*oas.PostV1TokensIntrospectOK, error)

func (*CoreAuthService) PostV1TokensRevoke 

func (s *CoreAuthService) PostV1TokensRevoke(ctx context.Context, req *oas.PostV1TokensRevokeReq) (*oas.Ok, error)

func (*CoreAuthService) PostV1TokensVerify 

func (s *CoreAuthService) PostV1TokensVerify(ctx context.Context, req *oas.PostV1TokensVerifyReq) (*oas.PostV1TokensVerifyOK, error)

type CoreAuthTokens 

type CoreAuthTokens interface {
	Introspect(ctx context.Context, projectID, token string) (*domain.CoreAuthTokenIntrospection, error)
	Verify(ctx context.Context, projectID, token, audience string) (*domain.CoreAuthTokenVerification, error)
	Revoke(ctx context.Context, cmd domain.CoreAuthRevokeCmd) error
	CurrentClaims(ctx context.Context, sessionID string) (map[string]any, error)
}

CoreAuthTokens is the Core Auth slice of token introspection / verification. Each method is one atomic operation; the adapter owns its transaction.

type FederationConnections 

type FederationConnections interface {
	CreateConnection(ctx context.Context, cmd domain.ConnectionCmd) (*domain.Connection, error)
	GetConnection(ctx context.Context, projectID, id string) (*domain.Connection, error)
	ListConnections(ctx context.Context, projectID string) ([]domain.Connection, error)
	UpdateConnection(ctx context.Context, cmd domain.FederationConnectionUpdateCmd) (*domain.Connection, error)
	DeleteConnection(ctx context.Context, projectID, id string) error
	TestConnection(ctx context.Context, projectID, id string) (string, error)
	RotateConnectionCertificate(ctx context.Context, projectID, id string) (string, error)
	AddDomain(ctx context.Context, projectID, connectionID, name string) (*domain.Domain, error)
	VerifyDomain(ctx context.Context, projectID, domainID string) (*domain.Domain, error)
	ListDomains(ctx context.Context, projectID string) ([]domain.Domain, error)
	DeleteDomain(ctx context.Context, projectID, domainID string) error
	CreateScimToken(ctx context.Context, cmd domain.FederationScimTokenCmd) (*domain.ScimToken, string, error)
	ListScimTokens(ctx context.Context, projectID, connectionID string) ([]domain.ScimToken, error)
	DeleteScimToken(ctx context.Context, projectID, connectionID, tokenID string) error

	// Public / runtime resolution.
	ResolveConnection(ctx context.Context, projectID, email string) (*domain.Connection, error)
}

type FederationDeps 

type FederationDeps struct {
	Connections FederationConnections
	Runtime     FederationRuntime
	Scim        FederationScim
}

type FederationRuntime 

type FederationRuntime interface {
	OidcStart(ctx context.Context, cmd domain.FederationSsoStartCmd) (*domain.FederationSsoRedirect, error)
	OidcCallback(ctx context.Context, cmd domain.FederationSsoCallbackCmd) (*domain.FederationSsoRedirect, error)
	SamlLogin(ctx context.Context, cmd domain.FederationSsoStartCmd) (*domain.FederationSsoRedirect, error)
	SamlAcs(ctx context.Context, cmd domain.FederationSamlAcsCmd) (*domain.FederationSsoRedirect, error)
	SamlSlo(ctx context.Context, connectionID string) (*domain.FederationSsoRedirect, error)
	SamlMetadata(ctx context.Context, connectionID string) ([]byte, error)
	// Exchange swaps a short-lived SSO exchange code for an authenticated session.
	Exchange(ctx context.Context, projectID, code string) (*domain.Account, *domain.Session, error)
}

FederationRuntime drives the outbound/inbound SSO authentication legs (OIDC and SAML). The redirect-shaped methods return a port-computed redirect URL (plus optional cookie); the adapter owns the protocol crypto.

type FederationScim 

type FederationScim interface {
	ListUsers(ctx context.Context, q domain.FederationScimListQuery) (map[string]any, error)
	GetUser(ctx context.Context, connectionID, scimUserID string) (map[string]any, error)
	CreateUser(ctx context.Context, cmd domain.FederationScimWriteCmd) (map[string]any, error)
	ReplaceUser(ctx context.Context, cmd domain.FederationScimWriteCmd) (map[string]any, error)
	PatchUser(ctx context.Context, cmd domain.FederationScimPatchCmd) (map[string]any, error)
	DeleteUser(ctx context.Context, connectionID, scimUserID string) error

	ListGroups(ctx context.Context, q domain.FederationScimListQuery) (map[string]any, error)
	GetGroup(ctx context.Context, connectionID, groupID string) (map[string]any, error)
	CreateGroup(ctx context.Context, cmd domain.FederationScimWriteCmd) (map[string]any, error)
	ReplaceGroup(ctx context.Context, cmd domain.FederationScimWriteCmd) (map[string]any, error)
	PatchGroup(ctx context.Context, cmd domain.FederationScimPatchCmd) (map[string]any, error)
	DeleteGroup(ctx context.Context, connectionID, groupID string) error
}

FederationScim is the connection-scoped SCIM v2 provisioning port. Resources (Users and Groups) are carried as free-form attribute maps; the adapter owns the SCIM schema semantics.

type FederationService 

type FederationService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

FederationService implements the FederationHandler slice of oas.Handler.

func NewFederationService 

func NewFederationService(deps FederationDeps) *FederationService

NewFederationService builds the Federation service from its dependencies.

func (*FederationService) DeleteV1ProjectsByProjectIdAdminDomainsByDomainId 

func (s *FederationService) DeleteV1ProjectsByProjectIdAdminDomainsByDomainId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminDomainsByDomainIdParams) (*oas.Ok, error)

func (*FederationService) DeleteV1ProjectsByProjectIdAdminSsoConnectionsById 

func (s *FederationService) DeleteV1ProjectsByProjectIdAdminSsoConnectionsById(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminSsoConnectionsByIdParams) (*oas.Ok, error)

func (*FederationService) DeleteV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokensByTokenId 

func (s *FederationService) DeleteV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokensByTokenId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokensByTokenIdParams) (*oas.Ok, error)

func (*FederationService) DeleteV1ScimV2ByConnectionIdGroupsByGroupId 

func (s *FederationService) DeleteV1ScimV2ByConnectionIdGroupsByGroupId(ctx context.Context, params oas.DeleteV1ScimV2ByConnectionIdGroupsByGroupIdParams) error

func (*FederationService) DeleteV1ScimV2ByConnectionIdUsersByScimUserId 

func (s *FederationService) DeleteV1ScimV2ByConnectionIdUsersByScimUserId(ctx context.Context, params oas.DeleteV1ScimV2ByConnectionIdUsersByScimUserIdParams) error

func (*FederationService) GetV1ProjectsByProjectIdAdminDomains 

func (s *FederationService) GetV1ProjectsByProjectIdAdminDomains(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminDomainsParams) (*oas.GetV1ProjectsByProjectIdAdminDomainsOK, error)

func (*FederationService) GetV1ProjectsByProjectIdAdminSsoConnections 

func (s *FederationService) GetV1ProjectsByProjectIdAdminSsoConnections(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminSsoConnectionsParams) (*oas.GetV1ProjectsByProjectIdAdminSsoConnectionsOK, error)

func (*FederationService) GetV1ProjectsByProjectIdAdminSsoConnectionsById 

func (s *FederationService) GetV1ProjectsByProjectIdAdminSsoConnectionsById(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminSsoConnectionsByIdParams) (*oas.GetV1ProjectsByProjectIdAdminSsoConnectionsByIdOK, error)

func (*FederationService) GetV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokens 

func (s *FederationService) GetV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokens(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokensParams) (*oas.GetV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokensOK, error)

func (*FederationService) GetV1ScimV2ByConnectionIdGroups 

func (s *FederationService) GetV1ScimV2ByConnectionIdGroups(ctx context.Context, params oas.GetV1ScimV2ByConnectionIdGroupsParams) (oas.GetV1ScimV2ByConnectionIdGroupsOK, error)

func (*FederationService) GetV1ScimV2ByConnectionIdGroupsByGroupId 

func (s *FederationService) GetV1ScimV2ByConnectionIdGroupsByGroupId(ctx context.Context, params oas.GetV1ScimV2ByConnectionIdGroupsByGroupIdParams) (oas.GetV1ScimV2ByConnectionIdGroupsByGroupIdOK, error)

func (*FederationService) GetV1ScimV2ByConnectionIdUsers 

func (s *FederationService) GetV1ScimV2ByConnectionIdUsers(ctx context.Context, params oas.GetV1ScimV2ByConnectionIdUsersParams) (oas.GetV1ScimV2ByConnectionIdUsersOK, error)

func (*FederationService) GetV1ScimV2ByConnectionIdUsersByScimUserId 

func (s *FederationService) GetV1ScimV2ByConnectionIdUsersByScimUserId(ctx context.Context, params oas.GetV1ScimV2ByConnectionIdUsersByScimUserIdParams) (oas.GetV1ScimV2ByConnectionIdUsersByScimUserIdOK, error)

func (*FederationService) GetV1SsoConnectionsResolve 

func (s *FederationService) GetV1SsoConnectionsResolve(ctx context.Context, params oas.GetV1SsoConnectionsResolveParams) (*oas.GetV1SsoConnectionsResolveOK, error)

func (*FederationService) GetV1SsoOidcByConnectionIdCallback 

func (s *FederationService) GetV1SsoOidcByConnectionIdCallback(ctx context.Context, params oas.GetV1SsoOidcByConnectionIdCallbackParams) (*oas.GetV1SsoOidcByConnectionIdCallbackFound, error)

func (*FederationService) GetV1SsoOidcByConnectionIdStart 

func (s *FederationService) GetV1SsoOidcByConnectionIdStart(ctx context.Context, params oas.GetV1SsoOidcByConnectionIdStartParams) (*oas.GetV1SsoOidcByConnectionIdStartFound, error)

func (*FederationService) GetV1SsoSamlByConnectionIdLogin 

func (s *FederationService) GetV1SsoSamlByConnectionIdLogin(ctx context.Context, params oas.GetV1SsoSamlByConnectionIdLoginParams) (*oas.GetV1SsoSamlByConnectionIdLoginFound, error)

func (*FederationService) GetV1SsoSamlByConnectionIdMetadata 

func (s *FederationService) GetV1SsoSamlByConnectionIdMetadata(ctx context.Context, params oas.GetV1SsoSamlByConnectionIdMetadataParams) (oas.GetV1SsoSamlByConnectionIdMetadataOK, error)

func (*FederationService) PatchV1ProjectsByProjectIdAdminSsoConnectionsById 

func (s *FederationService) PatchV1ProjectsByProjectIdAdminSsoConnectionsById(ctx context.Context, req oas.PatchV1ProjectsByProjectIdAdminSsoConnectionsByIdReq, params oas.PatchV1ProjectsByProjectIdAdminSsoConnectionsByIdParams) (*oas.PatchV1ProjectsByProjectIdAdminSsoConnectionsByIdOK, error)

func (*FederationService) PatchV1ScimV2ByConnectionIdGroupsByGroupId 

func (s *FederationService) PatchV1ScimV2ByConnectionIdGroupsByGroupId(ctx context.Context, req oas.PatchV1ScimV2ByConnectionIdGroupsByGroupIdReq, params oas.PatchV1ScimV2ByConnectionIdGroupsByGroupIdParams) (oas.PatchV1ScimV2ByConnectionIdGroupsByGroupIdOK, error)

func (*FederationService) PatchV1ScimV2ByConnectionIdUsersByScimUserId 

func (s *FederationService) PatchV1ScimV2ByConnectionIdUsersByScimUserId(ctx context.Context, req *oas.ScimUser, params oas.PatchV1ScimV2ByConnectionIdUsersByScimUserIdParams) (oas.PatchV1ScimV2ByConnectionIdUsersByScimUserIdOK, error)

func (*FederationService) PostV1ProjectsByProjectIdAdminDomains 

func (s *FederationService) PostV1ProjectsByProjectIdAdminDomains(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminDomainsReq, params oas.PostV1ProjectsByProjectIdAdminDomainsParams) (*oas.PostV1ProjectsByProjectIdAdminDomainsCreated, error)

func (*FederationService) PostV1ProjectsByProjectIdAdminDomainsByDomainIdVerify 

func (s *FederationService) PostV1ProjectsByProjectIdAdminDomainsByDomainIdVerify(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminDomainsByDomainIdVerifyParams) (*oas.PostV1ProjectsByProjectIdAdminDomainsByDomainIdVerifyOK, error)

func (*FederationService) PostV1ProjectsByProjectIdAdminSsoConnections 

func (s *FederationService) PostV1ProjectsByProjectIdAdminSsoConnections(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminSsoConnectionsReq, params oas.PostV1ProjectsByProjectIdAdminSsoConnectionsParams) (*oas.PostV1ProjectsByProjectIdAdminSsoConnectionsCreated, error)

func (*FederationService) PostV1ProjectsByProjectIdAdminSsoConnectionsByIdRotateCertificate 

func (s *FederationService) PostV1ProjectsByProjectIdAdminSsoConnectionsByIdRotateCertificate(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminSsoConnectionsByIdRotateCertificateParams) (*oas.PostV1ProjectsByProjectIdAdminSsoConnectionsByIdRotateCertificateOK, error)

func (*FederationService) PostV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokens 

func (s *FederationService) PostV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokens(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokensReq, params oas.PostV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokensParams) (*oas.PostV1ProjectsByProjectIdAdminSsoConnectionsByIdScimTokensCreated, error)

func (*FederationService) PostV1ProjectsByProjectIdAdminSsoConnectionsByIdTest 

func (s *FederationService) PostV1ProjectsByProjectIdAdminSsoConnectionsByIdTest(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminSsoConnectionsByIdTestParams) (*oas.PostV1ProjectsByProjectIdAdminSsoConnectionsByIdTestOK, error)

func (*FederationService) PostV1ScimV2ByConnectionIdGroups 

func (s *FederationService) PostV1ScimV2ByConnectionIdGroups(ctx context.Context, req oas.PostV1ScimV2ByConnectionIdGroupsReq, params oas.PostV1ScimV2ByConnectionIdGroupsParams) (oas.PostV1ScimV2ByConnectionIdGroupsCreated, error)

func (*FederationService) PostV1ScimV2ByConnectionIdUsers 

func (s *FederationService) PostV1ScimV2ByConnectionIdUsers(ctx context.Context, req *oas.ScimUser, params oas.PostV1ScimV2ByConnectionIdUsersParams) (oas.PostV1ScimV2ByConnectionIdUsersCreated, error)

func (*FederationService) PostV1SsoExchange 

func (s *FederationService) PostV1SsoExchange(ctx context.Context, req *oas.PostV1SsoExchangeReq, params oas.PostV1SsoExchangeParams) (*oas.AuthResult, error)

func (*FederationService) PostV1SsoSamlByConnectionIdAcs 

func (s *FederationService) PostV1SsoSamlByConnectionIdAcs(ctx context.Context, req oas.OptPostV1SsoSamlByConnectionIdAcsReq, params oas.PostV1SsoSamlByConnectionIdAcsParams) (*oas.PostV1SsoSamlByConnectionIdAcsFound, error)

func (*FederationService) PostV1SsoSamlByConnectionIdSlo 

func (s *FederationService) PostV1SsoSamlByConnectionIdSlo(ctx context.Context, params oas.PostV1SsoSamlByConnectionIdSloParams) (*oas.PostV1SsoSamlByConnectionIdSloFound, error)

func (*FederationService) PutV1ScimV2ByConnectionIdGroupsByGroupId 

func (s *FederationService) PutV1ScimV2ByConnectionIdGroupsByGroupId(ctx context.Context, req oas.PutV1ScimV2ByConnectionIdGroupsByGroupIdReq, params oas.PutV1ScimV2ByConnectionIdGroupsByGroupIdParams) (oas.PutV1ScimV2ByConnectionIdGroupsByGroupIdOK, error)

func (*FederationService) PutV1ScimV2ByConnectionIdUsersByScimUserId 

func (s *FederationService) PutV1ScimV2ByConnectionIdUsersByScimUserId(ctx context.Context, req *oas.ScimUser, params oas.PutV1ScimV2ByConnectionIdUsersByScimUserIdParams) (oas.PutV1ScimV2ByConnectionIdUsersByScimUserIdOK, error)

type Handler 

type Handler = oas.Handler

Handler is the IAM server interface this package implements, re-exported from the generated code so importers depend only on pkg/api.

type MFAAccounts 

type MFAAccounts interface {
	ListFactors(ctx context.Context, accountID string) ([]domain.Factor, error)
	EnrollTOTP(ctx context.Context, accountID string) (*domain.Factor, error)
	Challenge(ctx context.Context, accountID, factorID string) (*domain.Challenge, error)
	ChallengeWithFlow(ctx context.Context, projectID, flowToken, factorID string) (*domain.Challenge, error)
	Verify(ctx context.Context, challengeID, code string) (*domain.Account, *domain.Session, error)
	GenerateRecoveryCodes(ctx context.Context, accountID string) ([]string, error)
	RemoveFactor(ctx context.Context, accountID, factorID string) error

	EnrollEmail(ctx context.Context, cmd domain.MFAEmailEnrollCmd) (*domain.Factor, *domain.Challenge, error)
	EnrollSMS(ctx context.Context, cmd domain.MFASmsEnrollCmd) (*domain.Factor, *domain.Challenge, error)
	VerifyTOTP(ctx context.Context, cmd domain.MFATotpVerifyCmd) (*domain.Factor, error)
	VerifyRecoveryCode(ctx context.Context, cmd domain.MFARecoveryVerifyCmd) (*domain.Account, *domain.Session, error)
	EnrollWebAuthnOptions(ctx context.Context, cmd domain.MFAWebAuthnEnrollOptionsCmd) (*domain.Challenge, error)
	EnrollWebAuthnVerify(ctx context.Context, cmd domain.MFAWebAuthnEnrollVerifyCmd) (*domain.Factor, error)
}

type MFADeps 

type MFADeps struct{ Accounts MFAAccounts }

type MFAService 

type MFAService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

MFAService implements the MFAHandler slice of oas.Handler.

func NewMFAService 

func NewMFAService(deps MFADeps) *MFAService

NewMFAService builds the MFA service from its dependencies.

func (*MFAService) DeleteV1AuthMfaFactorsByFactorId 

func (s *MFAService) DeleteV1AuthMfaFactorsByFactorId(ctx context.Context, params oas.DeleteV1AuthMfaFactorsByFactorIdParams) (*oas.Ok, error)

func (*MFAService) GetV1AuthMfaFactors 

func (s *MFAService) GetV1AuthMfaFactors(ctx context.Context) (*oas.GetV1AuthMfaFactorsOK, error)

func (*MFAService) PostV1AuthMfaChallenge 

func (s *MFAService) PostV1AuthMfaChallenge(ctx context.Context, req oas.OptPostV1AuthMfaChallengeReq, params oas.PostV1AuthMfaChallengeParams) (*oas.Challenge, error)

PostV1AuthMfaChallenge is public (no session yet): it (re)issues a step-up challenge mid-login. The account is identified by the flow_token minted at password sign-in, not a principal.

func (*MFAService) PostV1AuthMfaEmailEnroll 

func (s *MFAService) PostV1AuthMfaEmailEnroll(ctx context.Context, req *oas.PostV1AuthMfaEmailEnrollReq) (*oas.PostV1AuthMfaEmailEnrollOK, error)

func (*MFAService) PostV1AuthMfaRecoveryCodesGenerate 

func (s *MFAService) PostV1AuthMfaRecoveryCodesGenerate(ctx context.Context, req oas.OptPostV1AuthMfaRecoveryCodesGenerateReq) (*oas.PostV1AuthMfaRecoveryCodesGenerateOK, error)

func (*MFAService) PostV1AuthMfaRecoveryCodesVerify 

func (s *MFAService) PostV1AuthMfaRecoveryCodesVerify(ctx context.Context, req *oas.PostV1AuthMfaRecoveryCodesVerifyReq, params oas.PostV1AuthMfaRecoveryCodesVerifyParams) (*oas.AuthResult, error)

func (*MFAService) PostV1AuthMfaSmsEnroll 

func (s *MFAService) PostV1AuthMfaSmsEnroll(ctx context.Context, req *oas.PostV1AuthMfaSmsEnrollReq) (*oas.PostV1AuthMfaSmsEnrollOK, error)

func (*MFAService) PostV1AuthMfaTotpEnroll 

func (s *MFAService) PostV1AuthMfaTotpEnroll(ctx context.Context, req oas.OptPostV1AuthMfaTotpEnrollReq) (*oas.PostV1AuthMfaTotpEnrollOK, error)

func (*MFAService) PostV1AuthMfaTotpVerify 

func (s *MFAService) PostV1AuthMfaTotpVerify(ctx context.Context, req *oas.PostV1AuthMfaTotpVerifyReq) (*oas.PostV1AuthMfaTotpVerifyOK, error)

func (*MFAService) PostV1AuthMfaVerify 

func (s *MFAService) PostV1AuthMfaVerify(ctx context.Context, req *oas.PostV1AuthMfaVerifyReq, params oas.PostV1AuthMfaVerifyParams) (*oas.AuthResult, error)

func (*MFAService) PostV1AuthMfaWebauthnEnrollOptions 

func (s *MFAService) PostV1AuthMfaWebauthnEnrollOptions(ctx context.Context, req oas.OptPostV1AuthMfaWebauthnEnrollOptionsReq) (*oas.PostV1AuthMfaWebauthnEnrollOptionsOK, error)

func (*MFAService) PostV1AuthMfaWebauthnEnrollVerify 

func (s *MFAService) PostV1AuthMfaWebauthnEnrollVerify(ctx context.Context, req *oas.PostV1AuthMfaWebauthnEnrollVerifyReq) (*oas.PostV1AuthMfaWebauthnEnrollVerifyOK, error)

type MachineIdentities 

type MachineIdentities interface {
	CreateServiceAccount(ctx context.Context, cmd domain.ServiceAccountCmd) (*domain.ServiceAccount, error)
	ListServiceAccounts(ctx context.Context, cmd domain.MachineIDServiceAccountListCmd) (*domain.MachineIDServiceAccountPage, error)
	GetServiceAccount(ctx context.Context, projectID, serviceAccountID string) (*domain.ServiceAccount, error)
	UpdateServiceAccount(ctx context.Context, cmd domain.MachineIDServiceAccountPatchCmd) (*domain.ServiceAccount, error)
	DeleteServiceAccount(ctx context.Context, projectID, serviceAccountID string) error
	CreateServiceAccountSecret(ctx context.Context, cmd domain.MachineIDSecretCmd) (*domain.MachineIDSecret, error)
	RevokeServiceAccountSecret(ctx context.Context, projectID, serviceAccountID, secretID string) error
	MintToken(ctx context.Context, projectID, serviceAccountID string) (string, error)
	CreateAPIKey(ctx context.Context, cmd domain.APIKeyCmd) (*domain.APIKey, string, error)
	ListAPIKeys(ctx context.Context, projectID string) ([]*domain.APIKey, error)
	UpdateAPIKey(ctx context.Context, cmd domain.MachineIDAPIKeyPatchCmd) (*domain.APIKey, error)
	RotateAPIKey(ctx context.Context, projectID, keyID string) (*domain.APIKey, string, error)
	RevokeAPIKey(ctx context.Context, projectID, keyID string) error
}

type MachineIdentityDeps 

type MachineIdentityDeps struct{ Keys MachineIdentities }

type MachineIdentityService 

type MachineIdentityService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

MachineIdentityService implements the MachineIdentityHandler slice of oas.Handler.

func NewMachineIdentityService 

func NewMachineIdentityService(deps MachineIdentityDeps) *MachineIdentityService

NewMachineIdentityService builds the MachineIdentity service from its dependencies.

func (*MachineIdentityService) DeleteV1ProjectsByProjectIdAdminApiKeysByKeyId 

func (s *MachineIdentityService) DeleteV1ProjectsByProjectIdAdminApiKeysByKeyId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminApiKeysByKeyIdParams) (*oas.Ok, error)

DeleteV1ProjectsByProjectIdAdminApiKeysByKeyId revokes an API key.

func (*MachineIdentityService) DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaId 

func (s *MachineIdentityService) DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdParams) (*oas.Ok, error)

DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaId deletes a service account.

func (*MachineIdentityService) DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsBySecretId 

func (s *MachineIdentityService) DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsBySecretId(ctx context.Context, params oas.DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsBySecretIdParams) (*oas.Ok, error)

DeleteV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsBySecretId revokes a secret.

func (*MachineIdentityService) GetV1ProjectsByProjectIdAdminApiKeys 

func (s *MachineIdentityService) GetV1ProjectsByProjectIdAdminApiKeys(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminApiKeysParams) (*oas.GetV1ProjectsByProjectIdAdminApiKeysOK, error)

GetV1ProjectsByProjectIdAdminApiKeys lists API keys in a project.

func (*MachineIdentityService) GetV1ProjectsByProjectIdAdminServiceAccounts 

func (s *MachineIdentityService) GetV1ProjectsByProjectIdAdminServiceAccounts(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminServiceAccountsParams) (*oas.GetV1ProjectsByProjectIdAdminServiceAccountsOK, error)

GetV1ProjectsByProjectIdAdminServiceAccounts lists service accounts in a project.

func (*MachineIdentityService) GetV1ProjectsByProjectIdAdminServiceAccountsBySaId 

func (s *MachineIdentityService) GetV1ProjectsByProjectIdAdminServiceAccountsBySaId(ctx context.Context, params oas.GetV1ProjectsByProjectIdAdminServiceAccountsBySaIdParams) (*oas.GetV1ProjectsByProjectIdAdminServiceAccountsBySaIdOK, error)

GetV1ProjectsByProjectIdAdminServiceAccountsBySaId fetches one service account.

func (*MachineIdentityService) PatchV1ProjectsByProjectIdAdminApiKeysByKeyId 

func (s *MachineIdentityService) PatchV1ProjectsByProjectIdAdminApiKeysByKeyId(ctx context.Context, req *oas.PatchV1ProjectsByProjectIdAdminApiKeysByKeyIdReq, params oas.PatchV1ProjectsByProjectIdAdminApiKeysByKeyIdParams) (*oas.PatchV1ProjectsByProjectIdAdminApiKeysByKeyIdOK, error)

PatchV1ProjectsByProjectIdAdminApiKeysByKeyId updates API-key metadata/scopes.

func (*MachineIdentityService) PatchV1ProjectsByProjectIdAdminServiceAccountsBySaId 

func (s *MachineIdentityService) PatchV1ProjectsByProjectIdAdminServiceAccountsBySaId(ctx context.Context, req *oas.PatchV1ProjectsByProjectIdAdminServiceAccountsBySaIdReq, params oas.PatchV1ProjectsByProjectIdAdminServiceAccountsBySaIdParams) (*oas.PatchV1ProjectsByProjectIdAdminServiceAccountsBySaIdOK, error)

PatchV1ProjectsByProjectIdAdminServiceAccountsBySaId updates a service account.

func (*MachineIdentityService) PostV1ProjectsByProjectIdAdminApiKeys 

func (s *MachineIdentityService) PostV1ProjectsByProjectIdAdminApiKeys(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminApiKeysReq, params oas.PostV1ProjectsByProjectIdAdminApiKeysParams) (*oas.PostV1ProjectsByProjectIdAdminApiKeysCreated, error)

PostV1ProjectsByProjectIdAdminApiKeys creates an API key in a project.

func (*MachineIdentityService) PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotate 

func (s *MachineIdentityService) PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotate(ctx context.Context, params oas.PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotateParams) (*oas.PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotateOK, error)

PostV1ProjectsByProjectIdAdminApiKeysByKeyIdRotate rotates the key secret.

func (*MachineIdentityService) PostV1ProjectsByProjectIdAdminServiceAccounts 

func (s *MachineIdentityService) PostV1ProjectsByProjectIdAdminServiceAccounts(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminServiceAccountsReq, params oas.PostV1ProjectsByProjectIdAdminServiceAccountsParams) (*oas.PostV1ProjectsByProjectIdAdminServiceAccountsCreated, error)

PostV1ProjectsByProjectIdAdminServiceAccounts creates a service account in a project.

func (*MachineIdentityService) PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecrets 

func (s *MachineIdentityService) PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecrets(ctx context.Context, req *oas.PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsReq, params oas.PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsParams) (*oas.PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecretsCreated, error)

PostV1ProjectsByProjectIdAdminServiceAccountsBySaIdSecrets mints a client secret.

func (*MachineIdentityService) PostV1ServiceAccountsTokens 

func (s *MachineIdentityService) PostV1ServiceAccountsTokens(ctx context.Context, req *oas.PostV1ServiceAccountsTokensReq) (*oas.PostV1ServiceAccountsTokensOK, error)

PostV1ServiceAccountsTokens mints an access token for the calling service account.

type OAuthSocialAccounts 

type OAuthSocialAccounts interface {
	EnabledProviders(ctx context.Context, projectID string) ([]domain.OAuthProvider, error)
	CompleteLogin(ctx context.Context, projectID, provider, code string) (*domain.Account, *domain.Session, error)
	Link(ctx context.Context, accountID, provider, code string) error
	Unlink(ctx context.Context, accountID, identityID string) error
	Exchange(ctx context.Context, cmd domain.OAuthSocialExchangeCmd) (*domain.Account, *domain.Session, error)
	// StartLogin builds the provider authorize URL for a browser redirect.
	StartLogin(ctx context.Context, cmd domain.OAuthSocialStartCmd) (string, error)
	// CompleteLoginRedirect handles the provider callback and returns the
	// product redirect URL plus an optional Set-Cookie value (cookie mode).
	CompleteLoginRedirect(ctx context.Context, cmd domain.OAuthSocialCallbackCmd) (domain.OAuthSocialCallbackResult, error)
	// StartLink builds the provider authorize URL for an account-link flow.
	StartLink(ctx context.Context, cmd domain.OAuthSocialLinkStartCmd) (string, error)
	// CompleteLink handles the link callback and returns the product redirect URL.
	CompleteLink(ctx context.Context, cmd domain.OAuthSocialLinkCallbackCmd) (string, error)
}

type OAuthSocialDeps 

type OAuthSocialDeps struct{ Accounts OAuthSocialAccounts }

type OAuthSocialService 

type OAuthSocialService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

OAuthSocialService implements the OAuthSocialHandler slice of oas.Handler.

func NewOAuthSocialService 

func NewOAuthSocialService(deps OAuthSocialDeps) *OAuthSocialService

NewOAuthSocialService builds the OAuthSocial service from its dependencies.

func (*OAuthSocialService) GetV1AuthOauthByProviderCallback 

func (s *OAuthSocialService) GetV1AuthOauthByProviderCallback(ctx context.Context, params oas.GetV1AuthOauthByProviderCallbackParams) (r *oas.GetV1AuthOauthByProviderCallbackFound, _ error)

GetV1AuthOauthByProviderCallback handles the provider callback (public, security: []) and redirects the browser back to the product, optionally setting session cookies in cookie mode.

func (*OAuthSocialService) GetV1AuthOauthByProviderLinkCallback 

func (s *OAuthSocialService) GetV1AuthOauthByProviderLinkCallback(ctx context.Context, params oas.GetV1AuthOauthByProviderLinkCallbackParams) (r *oas.GetV1AuthOauthByProviderLinkCallbackFound, _ error)

GetV1AuthOauthByProviderLinkCallback handles the account-link callback (public, security: []) and redirects the browser back to the product.

func (*OAuthSocialService) GetV1AuthOauthByProviderLinkStart 

func (s *OAuthSocialService) GetV1AuthOauthByProviderLinkStart(ctx context.Context, params oas.GetV1AuthOauthByProviderLinkStartParams) (r *oas.GetV1AuthOauthByProviderLinkStartFound, _ error)

GetV1AuthOauthByProviderLinkStart begins linking a provider to the current user; the account comes from the authenticated principal, never the request.

func (*OAuthSocialService) GetV1AuthOauthByProviderStart 

func (s *OAuthSocialService) GetV1AuthOauthByProviderStart(ctx context.Context, params oas.GetV1AuthOauthByProviderStartParams) (r *oas.GetV1AuthOauthByProviderStartFound, _ error)

GetV1AuthOauthByProviderStart begins a browser-driven social login (public, security: []) and redirects to the provider's authorize endpoint.

func (*OAuthSocialService) GetV1AuthOauthProviders 

func (s *OAuthSocialService) GetV1AuthOauthProviders(ctx context.Context, params oas.GetV1AuthOauthProvidersParams) (*oas.GetV1AuthOauthProvidersOK, error)
func (s *OAuthSocialService) PostV1AuthOauthByProviderUnlink(ctx context.Context, req *oas.PostV1AuthOauthByProviderUnlinkReq, params oas.PostV1AuthOauthByProviderUnlinkParams) (*oas.Ok, error)

func (*OAuthSocialService) PostV1AuthOauthExchange 

func (s *OAuthSocialService) PostV1AuthOauthExchange(ctx context.Context, req *oas.PostV1AuthOauthExchangeReq, params oas.PostV1AuthOauthExchangeParams) (*oas.AuthResult, error)

type OIDCGrants 

type OIDCGrants interface {
	ResolveInteraction(ctx context.Context, interactionID string) (*domain.Interaction, error)
	// CompleteLogin binds the interaction to the caller. sessionID lets the
	// adapter verify the interaction belongs to this session (anti-hijack)
	// before completing.
	CompleteLogin(ctx context.Context, interactionID, accountID, sessionID string) error
	// Consent records the resource-owner's consent decision and returns the
	// redirect target the user-agent should follow next.
	Consent(ctx context.Context, cmd domain.OIDCConsentCmd) (string, error)
	// Reject cancels the interaction and returns the redirect target carrying
	// the OAuth2 error back to the client. It is a public operation.
	Reject(ctx context.Context, cmd domain.OIDCRejectCmd) (string, error)
	ListGrants(ctx context.Context, accountID string) ([]domain.Grant, error)
	RevokeGrant(ctx context.Context, accountID, grantID string) error

	// Authorize handles the front-channel authorization request and returns the
	// redirect URL the user-agent must follow next. Public operation.
	Authorize(ctx context.Context, cmd domain.OIDCAuthorizeCmd) (string, error)
	// Logout terminates the RP-initiated logout and returns the post-logout
	// redirect URL. Public operation.
	Logout(ctx context.Context, cmd domain.OIDCLogoutCmd) (string, error)
	// BackchannelLogout validates the logout token and terminates the referenced
	// sessions. Public operation.
	BackchannelLogout(ctx context.Context, cmd domain.OIDCBackchannelLogoutCmd) error

	// Token dispatches an /oauth2/token request and returns the raw token
	// response map. Client-authenticated.
	Token(ctx context.Context, cmd domain.OIDCTokenCmd) (map[string]any, error)
	// Introspect returns the introspection response map. Client-authenticated.
	Introspect(ctx context.Context, cmd domain.OIDCIntrospectCmd) (map[string]any, error)
	// Revoke revokes a token. Client-authenticated.
	Revoke(ctx context.Context, cmd domain.OIDCRevokeCmd) error
	// PushAuthorizationRequest stores a PAR and returns its request_uri.
	// Client-authenticated.
	PushAuthorizationRequest(ctx context.Context, cmd domain.OIDCParCmd) (*domain.OIDCParResult, error)
	// DeviceAuthorization starts a device authorization grant (RFC 8628).
	// Client-authenticated.
	DeviceAuthorization(ctx context.Context, cmd domain.OIDCDeviceAuthorizationCmd) (*domain.OIDCDeviceAuthorization, error)

	// Userinfo returns the OIDC userinfo claims for the bearer-authenticated
	// account. accountID/sessionID come from the principal.
	Userinfo(ctx context.Context, accountID, sessionID string) (map[string]any, error)

	// ResolveDevice returns the pending device authorization for a user-facing
	// code, scoped to the requesting client's project. Public operation.
	ResolveDevice(ctx context.Context, code domain.OIDCDeviceUserCode) (*domain.OIDCDevicePending, error)
	// ApproveDevice approves a pending device authorization on behalf of the
	// authenticated user.
	ApproveDevice(ctx context.Context, cmd domain.OIDCDeviceDecisionCmd) error
	// DenyDevice denies a pending device authorization on behalf of the
	// authenticated user.
	DenyDevice(ctx context.Context, cmd domain.OIDCDeviceDecisionCmd) error

	// JWKS returns the JSON Web Key Set for a project environment. Public.
	JWKS(ctx context.Context, projectID, env string) (map[string]any, error)
	// OpenIDConfiguration returns the discovery document for a project
	// environment. Public.
	OpenIDConfiguration(ctx context.Context, projectID, env string) (map[string]any, error)
}

type OIDCProviderDeps 

type OIDCProviderDeps struct{ Grants OIDCGrants }

type OIDCProviderService 

type OIDCProviderService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

OIDCProviderService implements the OIDCProviderHandler slice of oas.Handler.

func NewOIDCProviderService 

func NewOIDCProviderService(deps OIDCProviderDeps) *OIDCProviderService

NewOIDCProviderService builds the OIDCProvider service from its dependencies.

func (*OIDCProviderService) DeleteV1OauthGrantsByGrantId 

func (s *OIDCProviderService) DeleteV1OauthGrantsByGrantId(ctx context.Context, params oas.DeleteV1OauthGrantsByGrantIdParams) (*oas.Ok, error)

func (*OIDCProviderService) GetOauth2Authorize 

func (s *OIDCProviderService) GetOauth2Authorize(ctx context.Context, params oas.GetOauth2AuthorizeParams) (r *oas.GetOauth2AuthorizeFound, _ error)

func (*OIDCProviderService) GetOauth2Logout 

func (s *OIDCProviderService) GetOauth2Logout(ctx context.Context, params oas.GetOauth2LogoutParams) (r *oas.GetOauth2LogoutFound, _ error)

func (*OIDCProviderService) GetOauth2Userinfo 

func (s *OIDCProviderService) GetOauth2Userinfo(ctx context.Context) (r oas.GetOauth2UserinfoOK, _ error)

func (*OIDCProviderService) GetPByProjectIdEByEnvWellKnownJwksJson 

func (s *OIDCProviderService) GetPByProjectIdEByEnvWellKnownJwksJson(ctx context.Context, params oas.GetPByProjectIdEByEnvWellKnownJwksJsonParams) (r oas.GetPByProjectIdEByEnvWellKnownJwksJsonOK, _ error)

func (*OIDCProviderService) GetPByProjectIdEByEnvWellKnownOpenidConfiguration 

func (s *OIDCProviderService) GetPByProjectIdEByEnvWellKnownOpenidConfiguration(ctx context.Context, params oas.GetPByProjectIdEByEnvWellKnownOpenidConfigurationParams) (r oas.GetPByProjectIdEByEnvWellKnownOpenidConfigurationOK, _ error)

func (*OIDCProviderService) GetV1Device 

func (s *OIDCProviderService) GetV1Device(ctx context.Context, params oas.GetV1DeviceParams) (r *oas.GetV1DeviceOK, _ error)

func (*OIDCProviderService) GetV1OauthGrants 

func (s *OIDCProviderService) GetV1OauthGrants(ctx context.Context, params oas.GetV1OauthGrantsParams) (*oas.GetV1OauthGrantsOK, error)

func (*OIDCProviderService) GetV1OauthInteractionByInteractionId 

func (s *OIDCProviderService) GetV1OauthInteractionByInteractionId(ctx context.Context, params oas.GetV1OauthInteractionByInteractionIdParams) (*oas.GetV1OauthInteractionByInteractionIdOK, error)

func (*OIDCProviderService) PostOauth2BackchannelLogout 

func (s *OIDCProviderService) PostOauth2BackchannelLogout(ctx context.Context, req *oas.PostOauth2BackchannelLogoutReq) error

func (*OIDCProviderService) PostOauth2DeviceAuthorization 

func (s *OIDCProviderService) PostOauth2DeviceAuthorization(ctx context.Context, req *oas.PostOauth2DeviceAuthorizationReq) (r *oas.PostOauth2DeviceAuthorizationOK, _ error)

func (*OIDCProviderService) PostOauth2Introspect 

func (s *OIDCProviderService) PostOauth2Introspect(ctx context.Context, req *oas.PostOauth2IntrospectReq) (r *oas.PostOauth2IntrospectOK, _ error)

func (*OIDCProviderService) PostOauth2Par 

func (s *OIDCProviderService) PostOauth2Par(ctx context.Context, req *oas.PushedAuthorizationRequest) (r *oas.PostOauth2ParCreated, _ error)

func (*OIDCProviderService) PostOauth2Revoke 

func (s *OIDCProviderService) PostOauth2Revoke(ctx context.Context, req *oas.PostOauth2RevokeReq) error

func (*OIDCProviderService) PostOauth2Token 

func (s *OIDCProviderService) PostOauth2Token(ctx context.Context, req *oas.PostOauth2TokenReq) (r oas.PostOauth2TokenOK, _ error)

func (*OIDCProviderService) PostV1DeviceApprove 

func (s *OIDCProviderService) PostV1DeviceApprove(ctx context.Context, req *oas.PostV1DeviceApproveReq) (r *oas.Ok, _ error)

func (*OIDCProviderService) PostV1DeviceDeny 

func (s *OIDCProviderService) PostV1DeviceDeny(ctx context.Context, req *oas.PostV1DeviceDenyReq) (r *oas.Ok, _ error)

func (*OIDCProviderService) PostV1OauthInteractionByInteractionIdConsent 

func (s *OIDCProviderService) PostV1OauthInteractionByInteractionIdConsent(ctx context.Context, req *oas.PostV1OauthInteractionByInteractionIdConsentReq, params oas.PostV1OauthInteractionByInteractionIdConsentParams) (*oas.PostV1OauthInteractionByInteractionIdConsentOK, error)

func (*OIDCProviderService) PostV1OauthInteractionByInteractionIdLogin 

func (s *OIDCProviderService) PostV1OauthInteractionByInteractionIdLogin(ctx context.Context, req oas.OptPostV1OauthInteractionByInteractionIdLoginReq, params oas.PostV1OauthInteractionByInteractionIdLoginParams) (*oas.PostV1OauthInteractionByInteractionIdLoginOK, error)

func (*OIDCProviderService) PostV1OauthInteractionByInteractionIdReject 

func (s *OIDCProviderService) PostV1OauthInteractionByInteractionIdReject(ctx context.Context, req oas.OptPostV1OauthInteractionByInteractionIdRejectReq, params oas.PostV1OauthInteractionByInteractionIdRejectParams) (*oas.PostV1OauthInteractionByInteractionIdRejectOK, error)

type OperatorDeps 

type OperatorDeps struct{ Projects OperatorProjects }

type OperatorProjects 

type OperatorProjects interface {
	CreateProject(ctx context.Context, cmd domain.ProjectCmd) (*domain.Project, error)
	ListProjects(ctx context.Context) ([]domain.Project, error)
	GetProject(ctx context.Context, projectID string) (*domain.Project, error)
	UpdateProject(ctx context.Context, cmd domain.OperatorProjectPatchCmd) (*domain.Project, error)
	DeleteProject(ctx context.Context, projectID string, hard bool) error
	CreateEnvironment(ctx context.Context, cmd domain.EnvironmentCmd) (*domain.Environment, error)
	ListEnvironments(ctx context.Context, projectID string) ([]domain.Environment, error)
	GetEnvironment(ctx context.Context, projectID, env string) (*domain.Environment, error)
	DeleteEnvironment(ctx context.Context, projectID, env string) error
	MintAdminToken(ctx context.Context, cmd domain.OperatorAdminTokenCmd) (string, time.Time, error)
	ListAdminTokens(ctx context.Context, projectID string) ([]domain.OperatorAdminToken, error)
	RevokeAdminToken(ctx context.Context, projectID, tokenID string) error
	PlanConfig(ctx context.Context, cmd domain.OperatorConfigCmd) (map[string]any, error)
	ApplyConfig(ctx context.Context, cmd domain.OperatorConfigCmd) (map[string]any, error)
	ExportConfig(ctx context.Context, projectID string) (map[string]any, error)
	GetFeatures(ctx context.Context, projectID string) (map[string]bool, error)
	UpdateFeatures(ctx context.Context, cmd domain.OperatorFeaturesCmd) (map[string]bool, error)
}

type OperatorService 

type OperatorService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

OperatorService implements the OperatorHandler slice of oas.Handler.

func NewOperatorService 

func NewOperatorService(deps OperatorDeps) *OperatorService

NewOperatorService builds the Operator service from its dependencies.

func (*OperatorService) DeleteMgmtV1ProjectsByProjectId 

func (s *OperatorService) DeleteMgmtV1ProjectsByProjectId(ctx context.Context, params oas.DeleteMgmtV1ProjectsByProjectIdParams) (r *oas.Ok, _ error)

func (*OperatorService) DeleteMgmtV1ProjectsByProjectIdAdminTokensByTokenId 

func (s *OperatorService) DeleteMgmtV1ProjectsByProjectIdAdminTokensByTokenId(ctx context.Context, params oas.DeleteMgmtV1ProjectsByProjectIdAdminTokensByTokenIdParams) (r *oas.Ok, _ error)

func (*OperatorService) DeleteMgmtV1ProjectsByProjectIdEnvironmentsByEnv 

func (s *OperatorService) DeleteMgmtV1ProjectsByProjectIdEnvironmentsByEnv(ctx context.Context, params oas.DeleteMgmtV1ProjectsByProjectIdEnvironmentsByEnvParams) (r *oas.Ok, _ error)

func (*OperatorService) GetMgmtV1Projects 

func (s *OperatorService) GetMgmtV1Projects(ctx context.Context, params oas.GetMgmtV1ProjectsParams) (r *oas.GetMgmtV1ProjectsOK, _ error)

func (*OperatorService) GetMgmtV1ProjectsByProjectId 

func (s *OperatorService) GetMgmtV1ProjectsByProjectId(ctx context.Context, params oas.GetMgmtV1ProjectsByProjectIdParams) (r *oas.GetMgmtV1ProjectsByProjectIdOK, _ error)

func (*OperatorService) GetMgmtV1ProjectsByProjectIdAdminTokens 

func (s *OperatorService) GetMgmtV1ProjectsByProjectIdAdminTokens(ctx context.Context, params oas.GetMgmtV1ProjectsByProjectIdAdminTokensParams) (r oas.GetMgmtV1ProjectsByProjectIdAdminTokensOK, _ error)

func (*OperatorService) GetMgmtV1ProjectsByProjectIdConfigExport 

func (s *OperatorService) GetMgmtV1ProjectsByProjectIdConfigExport(ctx context.Context, params oas.GetMgmtV1ProjectsByProjectIdConfigExportParams) (r oas.GetMgmtV1ProjectsByProjectIdConfigExportRes, _ error)

func (*OperatorService) GetMgmtV1ProjectsByProjectIdEnvironments 

func (s *OperatorService) GetMgmtV1ProjectsByProjectIdEnvironments(ctx context.Context, params oas.GetMgmtV1ProjectsByProjectIdEnvironmentsParams) (r *oas.GetMgmtV1ProjectsByProjectIdEnvironmentsOK, _ error)

func (*OperatorService) GetMgmtV1ProjectsByProjectIdEnvironmentsByEnv 

func (s *OperatorService) GetMgmtV1ProjectsByProjectIdEnvironmentsByEnv(ctx context.Context, params oas.GetMgmtV1ProjectsByProjectIdEnvironmentsByEnvParams) (r *oas.GetMgmtV1ProjectsByProjectIdEnvironmentsByEnvOK, _ error)

func (*OperatorService) GetMgmtV1ProjectsByProjectIdFeatures 

func (s *OperatorService) GetMgmtV1ProjectsByProjectIdFeatures(ctx context.Context, params oas.GetMgmtV1ProjectsByProjectIdFeaturesParams) (r oas.GetMgmtV1ProjectsByProjectIdFeaturesOK, _ error)

func (*OperatorService) PatchMgmtV1ProjectsByProjectId 

func (s *OperatorService) PatchMgmtV1ProjectsByProjectId(ctx context.Context, req oas.PatchMgmtV1ProjectsByProjectIdReq, params oas.PatchMgmtV1ProjectsByProjectIdParams) (r *oas.PatchMgmtV1ProjectsByProjectIdOK, _ error)

func (*OperatorService) PatchMgmtV1ProjectsByProjectIdFeatures 

func (s *OperatorService) PatchMgmtV1ProjectsByProjectIdFeatures(ctx context.Context, req oas.PatchMgmtV1ProjectsByProjectIdFeaturesReq, params oas.PatchMgmtV1ProjectsByProjectIdFeaturesParams) (r oas.PatchMgmtV1ProjectsByProjectIdFeaturesOK, _ error)

func (*OperatorService) PostMgmtV1Projects 

func (s *OperatorService) PostMgmtV1Projects(ctx context.Context, req *oas.PostMgmtV1ProjectsReq, params oas.PostMgmtV1ProjectsParams) (r *oas.PostMgmtV1ProjectsCreated, _ error)

func (*OperatorService) PostMgmtV1ProjectsByProjectIdAdminTokens 

func (s *OperatorService) PostMgmtV1ProjectsByProjectIdAdminTokens(ctx context.Context, req *oas.PostMgmtV1ProjectsByProjectIdAdminTokensReq, params oas.PostMgmtV1ProjectsByProjectIdAdminTokensParams) (r *oas.PostMgmtV1ProjectsByProjectIdAdminTokensOK, _ error)

func (*OperatorService) PostMgmtV1ProjectsByProjectIdConfigApply 

func (s *OperatorService) PostMgmtV1ProjectsByProjectIdConfigApply(ctx context.Context, req oas.PostMgmtV1ProjectsByProjectIdConfigApplyReq, params oas.PostMgmtV1ProjectsByProjectIdConfigApplyParams) (r oas.PostMgmtV1ProjectsByProjectIdConfigApplyOK, _ error)

func (*OperatorService) PostMgmtV1ProjectsByProjectIdConfigPlan 

func (s *OperatorService) PostMgmtV1ProjectsByProjectIdConfigPlan(ctx context.Context, req oas.PostMgmtV1ProjectsByProjectIdConfigPlanReq, params oas.PostMgmtV1ProjectsByProjectIdConfigPlanParams) (r oas.PostMgmtV1ProjectsByProjectIdConfigPlanOK, _ error)

func (*OperatorService) PostMgmtV1ProjectsByProjectIdEnvironments 

func (s *OperatorService) PostMgmtV1ProjectsByProjectIdEnvironments(ctx context.Context, req *oas.PostMgmtV1ProjectsByProjectIdEnvironmentsReq, params oas.PostMgmtV1ProjectsByProjectIdEnvironmentsParams) (r *oas.PostMgmtV1ProjectsByProjectIdEnvironmentsCreated, _ error)

type Option 

type Option func(*Service)

Option injects a group implementation into a Service.

func WithAccount 

func WithAccount(h oas.AccountHandler) Option

WithAccount sets the Account group implementation.

func WithAdmin 

func WithAdmin(h oas.AdminHandler) Option

WithAdmin sets the Admin group implementation.

func WithCoreAuth 

func WithCoreAuth(h oas.CoreAuthHandler) Option

WithCoreAuth sets the Core Auth group implementation.

func WithCoreAuthFlows added in v1.1.0 

func WithCoreAuthFlows(flowDeps CoreAuthFlowDeps) Option

WithCoreAuthFlows adds the CoreAuthFlowService to the Service, replacing the default CoreAuthService for the flow-related operations. The option merges the flow handler methods into the CoreAuth group using the composite pattern: CoreAuthService handles the non-flow ops; CoreAuthFlowService handles flows.

func WithFederation 

func WithFederation(h oas.FederationHandler) Option

WithFederation sets the Federation group implementation.

func WithMFA 

func WithMFA(h oas.MFAHandler) Option

WithMFA sets the MFA group implementation.

func WithMachineIdentity 

func WithMachineIdentity(h oas.MachineIdentityHandler) Option

WithMachineIdentity sets the Machine Identity group implementation.

func WithOAuthSocial 

func WithOAuthSocial(h oas.OAuthSocialHandler) Option

WithOAuthSocial sets the OAuth Social group implementation.

func WithOIDCProvider 

func WithOIDCProvider(h oas.OIDCProviderHandler) Option

WithOIDCProvider sets the OIDC Provider group implementation.

func WithOperator 

func WithOperator(h oas.OperatorHandler) Option

WithOperator sets the Operator group implementation.

func WithPasswordless 

func WithPasswordless(h oas.PasswordlessHandler) Option

WithPasswordless sets the Passwordless group implementation.

func WithPlatform 

func WithPlatform(h oas.PlatformHandler) Option

WithPlatform sets the Platform group implementation.

func WithWebAuthn 

func WithWebAuthn(h oas.WebAuthnHandler) Option

WithWebAuthn sets the WebAuthn group implementation.

type OriginSource added in v1.2.3 

type OriginSource interface {
	AllowedOrigins(ctx context.Context) ([]string, error)
}

OriginSource supplies the per-tenant CORS allow-list: the union of every app client's allowed_origins. CORS preflight (OPTIONS) carries no X-Client-Id, so the decision can only be made against this global union; tenant isolation is enforced separately (X-Client-Id + tokens). It is consulted in addition to the statically configured origins.

type PasswordlessAccounts 

type PasswordlessAccounts interface {
	StartOTP(ctx context.Context, projectID, identifier, channel, purpose, locale string) (*domain.Challenge, error)
	VerifyOTP(ctx context.Context, challengeID, code string) (*domain.Account, *domain.Session, error)
	StartMagicLink(ctx context.Context, projectID, email, redirectTo, locale string) (*domain.Challenge, error)
	VerifyMagicLink(ctx context.Context, token string) (*domain.Account, *domain.Session, error)
}

type PasswordlessDeps 

type PasswordlessDeps struct{ Accounts PasswordlessAccounts }

type PasswordlessService 

type PasswordlessService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

PasswordlessService implements the PasswordlessHandler slice of oas.Handler.

func NewPasswordlessService 

func NewPasswordlessService(deps PasswordlessDeps) *PasswordlessService

NewPasswordlessService builds the Passwordless service from its dependencies.

func (*PasswordlessService) PostV1AuthMagicLinkStart 

func (s *PasswordlessService) PostV1AuthMagicLinkStart(ctx context.Context, req *oas.MagicLinkStartRequest, params oas.PostV1AuthMagicLinkStartParams) (*oas.Challenge, error)

func (*PasswordlessService) PostV1AuthMagicLinkVerify 

func (s *PasswordlessService) PostV1AuthMagicLinkVerify(ctx context.Context, req *oas.MagicLinkVerifyRequest, params oas.PostV1AuthMagicLinkVerifyParams) (*oas.AuthResult, error)

func (*PasswordlessService) PostV1AuthOtpStart 

func (s *PasswordlessService) PostV1AuthOtpStart(ctx context.Context, req *oas.OtpStartRequest, params oas.PostV1AuthOtpStartParams) (*oas.Challenge, error)

func (*PasswordlessService) PostV1AuthOtpVerify 

func (s *PasswordlessService) PostV1AuthOtpVerify(ctx context.Context, req *oas.OtpVerifyRequest, params oas.PostV1AuthOtpVerifyParams) (*oas.AuthResult, error)

type PlatformConfig 

type PlatformConfig interface {
	PublicConfig(ctx context.Context, projectID, clientID string) (*domain.PublicConfig, error)
}

PlatformConfig serves unauthenticated bootstrap config for a client.

type PlatformCsrf 

type PlatformCsrf interface {
	IssueCsrfToken(ctx context.Context, clientID string) (*domain.PlatformCsrfToken, error)
	// VerifyCsrfToken validates a CSRF token previously issued to clientID. It is
	// reusable within its TTL (synchronizer-token pattern); returns
	// domain.ErrInvalidCsrf on a missing/expired/mismatched token.
	VerifyCsrfToken(ctx context.Context, clientID, token string) error
}

PlatformCsrf issues and verifies CSRF tokens for cookie-mode clients.

type PlatformDeps 

type PlatformDeps struct {
	Config PlatformConfig
	Csrf   PlatformCsrf
}

PlatformDeps are the ports the Platform service orchestrates.

type PlatformService 

type PlatformService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

PlatformService implements the PlatformHandler slice of oas.Handler.

func NewPlatformService 

func NewPlatformService(deps PlatformDeps) *PlatformService

NewPlatformService builds the Platform service from its dependencies.

func (*PlatformService) GetV1ConfigPublic 

func (s *PlatformService) GetV1ConfigPublic(ctx context.Context, params oas.GetV1ConfigPublicParams) (*oas.PublicConfig, error)

func (*PlatformService) GetV1Csrf 

func (s *PlatformService) GetV1Csrf(ctx context.Context, params oas.GetV1CsrfParams) (*oas.GetV1CsrfOK, error)

func (*PlatformService) GetV1Health 

func (s *PlatformService) GetV1Health(ctx context.Context) (*oas.GetV1HealthOK, error)

func (*PlatformService) GetV1HealthLive 

func (s *PlatformService) GetV1HealthLive(ctx context.Context) (*oas.GetV1HealthLiveOK, error)

func (*PlatformService) GetV1HealthReady 

func (s *PlatformService) GetV1HealthReady(ctx context.Context) (*oas.GetV1HealthReadyOK, error)

type RateLimitConfigReader added in v1.3.0 

type RateLimitConfigReader interface {
	RateLimitRules(ctx context.Context, clientID, env string) ([]RateLimitRule, error)
}

RateLimitConfigReader yields a project's effective rate-limit rules for the request environment. clientID is the X-Client-ID (the project id); env is the raw X-Environment header ("" => the persistence default "live"). It returns (nil, nil) when the project has no rate_limits doc (the caller then falls back to the hardcoded defaults). The reader runs before the env/meta middlewares, so identity is passed as explicit strings, not via ctx.

type RateLimitRule added in v1.3.0 

type RateLimitRule struct {
	Endpoint string
	Limit    int
	Window   time.Duration
	By       string
}

RateLimitRule is a runtime-resolved override (a subset of domain.RateLimitRuleSpec, already validated on write). Endpoint matches r.URL.Path exactly; By is always "ip" today.

type Service 

type Service struct {
	oas.PlatformHandler
	oas.CoreAuthHandler
	oas.PasswordlessHandler
	oas.OAuthSocialHandler
	oas.WebAuthnHandler
	oas.MFAHandler
	oas.AccountHandler
	oas.MachineIdentityHandler
	oas.FederationHandler
	oas.OIDCProviderHandler
	oas.AdminHandler
	oas.OperatorHandler
}

Service is the full IAM handler, assembled from the twelve per-feature group handlers. It satisfies oas.Handler by embedding each group interface; every operation belongs to exactly one group, so the method sets are disjoint.

func New 

func New(opts ...Option) *Service

New assembles the IAM handler. Each group defaults to its scaffolded XxxService (panics on v1.0.0 operations, not-implemented otherwise); pass options to replace any group with a real implementation.

func (*Service) NewError 

func (s *Service) NewError(_ context.Context, err error) *oas.DefaultStatusCode

NewError is ogen's convenient-errors hook: every handler that returns a plain Go error routes here, and we render it into the shared ErrorEnvelope. Domain errors (internal/domain) carry the stable code + HTTP status; anything else is masked as a 500 internal_error.

type WebAuthnAccounts 

type WebAuthnAccounts interface {
	BeginLogin(ctx context.Context, projectID, email string) (*domain.Challenge, error)
	FinishLogin(ctx context.Context, challengeID string, credential map[string]any) (*domain.Account, *domain.Session, error)
	BeginRegistration(ctx context.Context, accountID string) (*domain.Challenge, error)
	FinishRegistration(ctx context.Context, accountID, challengeID string, credential map[string]any) (*domain.WebAuthnCredential, error)
	ListCredentials(ctx context.Context, accountID string) ([]domain.WebAuthnCredential, error)
	RemoveCredential(ctx context.Context, accountID, credentialID string) error
	RenameCredential(ctx context.Context, cmd domain.WebAuthnRenameCredentialCmd) (*domain.WebAuthnCredential, error)
}

type WebAuthnDeps 

type WebAuthnDeps struct{ Accounts WebAuthnAccounts }

type WebAuthnService 

type WebAuthnService struct {
	oas.UnimplementedHandler
	// contains filtered or unexported fields
}

WebAuthnService implements the WebAuthnHandler slice of oas.Handler.

func NewWebAuthnService 

func NewWebAuthnService(deps WebAuthnDeps) *WebAuthnService

NewWebAuthnService builds the WebAuthn service from its dependencies.

func (*WebAuthnService) DeleteV1AuthWebauthnCredentialsByCredentialId 

func (s *WebAuthnService) DeleteV1AuthWebauthnCredentialsByCredentialId(ctx context.Context, params oas.DeleteV1AuthWebauthnCredentialsByCredentialIdParams) (*oas.Ok, error)

func (*WebAuthnService) GetV1AuthWebauthnCredentials 

func (s *WebAuthnService) GetV1AuthWebauthnCredentials(ctx context.Context) (*oas.GetV1AuthWebauthnCredentialsOK, error)

func (*WebAuthnService) PatchV1AuthWebauthnCredentialsByCredentialId 

func (s *WebAuthnService) PatchV1AuthWebauthnCredentialsByCredentialId(ctx context.Context, req *oas.PatchV1AuthWebauthnCredentialsByCredentialIdReq, params oas.PatchV1AuthWebauthnCredentialsByCredentialIdParams) (*oas.PatchV1AuthWebauthnCredentialsByCredentialIdOK, error)

func (*WebAuthnService) PostV1AuthWebauthnLoginOptions 

func (s *WebAuthnService) PostV1AuthWebauthnLoginOptions(ctx context.Context, req oas.OptPostV1AuthWebauthnLoginOptionsReq, params oas.PostV1AuthWebauthnLoginOptionsParams) (*oas.PostV1AuthWebauthnLoginOptionsOK, error)

func (*WebAuthnService) PostV1AuthWebauthnLoginVerify 

func (s *WebAuthnService) PostV1AuthWebauthnLoginVerify(ctx context.Context, req *oas.PostV1AuthWebauthnLoginVerifyReq, params oas.PostV1AuthWebauthnLoginVerifyParams) (*oas.AuthResult, error)

func (*WebAuthnService) PostV1AuthWebauthnRegisterOptions 

func (s *WebAuthnService) PostV1AuthWebauthnRegisterOptions(ctx context.Context, req oas.OptPostV1AuthWebauthnRegisterOptionsReq) (*oas.PostV1AuthWebauthnRegisterOptionsOK, error)

func (*WebAuthnService) PostV1AuthWebauthnRegisterVerify 

func (s *WebAuthnService) PostV1AuthWebauthnRegisterVerify(ctx context.Context, req *oas.PostV1AuthWebauthnRegisterVerifyReq) (*oas.PostV1AuthWebauthnRegisterVerifyOK, error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.