Documentation
¶
Index ¶
- Constants
- Variables
- type APIError
- type AccessTokenRequest
- type AccessTokenResponse
- type AuthCodeFlowRequest
- type AuthCodeFlowResponse
- type Capabilities
- type Capability
- type ClientMetaData
- type CreateTransferCodeRequest
- type EventEntry
- type EventHistory
- type ExchangeTransferCodeRequest
- type Mytoken
- type MytokenConfiguration
- type MytokenEntry
- type MytokenEntryTree
- type MytokenFromMytokenRequest
- type MytokenResponse
- type OIDCFlowRequest
- type PollingCodeRequest
- type PollingInfo
- type Restriction
- type Restrictions
- type RevocationRequest
- type Rotation
- type SupportedProviderConfig
- type TokenInfoRequest
- type TokeninfoHistoryResponse
- type TokeninfoIntrospectResponse
- type TokeninfoListResponse
- type TokeninfoTreeResponse
- type TransferCodeResponse
- type UsedMytoken
- type UsedRestriction
Constants ¶
View Source
const ( ErrorInvalidRequest = "invalid_request" ErrorInvalidClient = "invalid_client" ErrorInvalidGrant = "invalid_grant" ErrorUnsupportedGrantType = "unsupported_grant_type" ErrorInvalidScope = "invalid_scope" ErrorInvalidToken = "invalid_token" ErrorInsufficientScope = "insufficient_scope" ErrorExpiredToken = "expired_token" ErrorAccessDenied = "access_denied" ErrorAuthorizationPending = "authorization_pending" )
Predefined OAuth2/OIDC errors
View Source
const ( ErrorInternal = "internal_server_error" ErrorOIDC = "oidc_error" ErrorNYI = "not_yet_implemented" ErrorInsufficientCapabilities = "insufficient_capabilities" ErrorUsageRestricted = "usage_restricted" )
Additional Mytoken errors
View Source
const ( GrantTypeMytoken = "mytoken" GrantTypeOIDCFlow = "oidc_flow" GrantTypePollingCode = "polling_code" GrantTypeAccessToken = "access_token" GrantTypePrivateKeyJWT = "private_key_jwt" GrantTypeTransferCode = "transfer_code" )
GrantTypes
View Source
const ( ResponseTypeToken = "token" ResponseTypeShortToken = "short_token" ResponseTypeTransferCode = "transfer_code" )
ResponseTypes
View Source
const ( TokeninfoActionIntrospect = "introspect" TokeninfoActionEventHistory = "event_history" TokeninfoActionSubtokenTree = "subtoken_tree" TokeninfoActionListMytokens = "list_mytokens" )
TokeninfoActions
View Source
const (
OIDCFlowAuthorizationCode = "authorization_code"
)
OIDCFlows
Variables ¶
View Source
var ( APIErrorUnknownIssuer = APIError{ErrorInvalidRequest, "The provided issuer is not supported"} APIErrorStateMismatch = APIError{ErrorInvalidRequest, "State mismatched"} APIErrorUnsupportedOIDCFlow = APIError{ErrorInvalidGrant, "Unsupported oidc_flow"} APIErrorUnsupportedGrantType = APIError{ErrorInvalidGrant, "Unsupported grant_type"} APIErrorBadTransferCode = APIError{ErrorInvalidToken, "Bad polling or transfer code"} APIErrorTransferCodeExpired = APIError{ErrorExpiredToken, "polling or transfer code is expired"} APIErrorAuthorizationPending = APIError{ErrorAuthorizationPending, ""} APIErrorConsentDeclined = APIError{ErrorAccessDenied, "user declined consent"} APIErrorNoRefreshToken = APIError{ErrorOIDC, "Did not receive a refresh token"} APIErrorInsufficientCapabilities = APIError{ErrorInsufficientCapabilities, "The provided token does not have the required capability for this operation"} APIErrorUsageRestricted = APIError{ErrorUsageRestricted, "The restrictions of this token does not allow this usage"} APIErrorNYI = APIError{ErrorNYI, ""} )
Predefined errors
View Source
var ( CapabilityAT = Capability{ Name: "AT", Description: "Allows obtaining OpenID Connect Access Tokens.", } CapabilityCreateMT = Capability{ Name: "create_mytoken", Description: "Allows to create a new mytoken.", } CapabilitySettings = Capability{ Name: "settings", Description: "Allows to modify user settings.", } CapabilityTokeninfoIntrospect = Capability{ Name: "tokeninfo_introspect", Description: "Allows to obtain basic information about this token.", } CapabilityTokeninfoHistory = Capability{ Name: "tokeninfo_history", Description: "Allows to obtain the event history for this token.", } CapabilityTokeninfoTree = Capability{ Name: "tokeninfo_tree", Description: "Allows to list a subtoken-tree for this token.", } CapabilityListMT = Capability{ Name: "list_mytokens", Description: "Allows to list all mytokens.", } )
Defined Capabilities
View Source
var AllCapabilities = Capabilities{ CapabilityAT, CapabilityCreateMT, CapabilitySettings, CapabilityTokeninfoIntrospect, CapabilityTokeninfoHistory, CapabilityTokeninfoTree, CapabilityListMT, }
AllCapabilities holds all defined Capabilities
View Source
var AllGrantTypes = [...]string{GrantTypeMytoken, GrantTypeOIDCFlow, GrantTypePollingCode, GrantTypeAccessToken, GrantTypePrivateKeyJWT, GrantTypeTransferCode}
View Source
var AllTokeninfoActions = [...]string{TokeninfoActionIntrospect, TokeninfoActionEventHistory, TokeninfoActionSubtokenTree, TokeninfoActionListMytokens}
AllTokeninfoActions holds all defined TokenInfo strings
Functions ¶
This section is empty.
Types ¶
type APIError ¶
type APIError struct {
Error string `json:"error"`
ErrorDescription string `json:"error_description,omitempty"`
}
APIError is an error object that is returned on the api when an error occurs
type AccessTokenRequest ¶
type AccessTokenRequest struct {
Issuer string `json:"oidc_issuer,omitempty"`
GrantType string `json:"grant_type"`
Mytoken string `json:"mytoken"`
Scope string `json:"scope,omitempty"`
Audience string `json:"audience,omitempty"`
Comment string `json:"comment,omitempty"`
}
AccessTokenRequest holds an request for an access token
type AccessTokenResponse ¶
type AccessTokenResponse struct {
AccessToken string `json:"access_token"`
TokenType string `json:"token_type"`
ExpiresIn int64 `json:"expires_in"`
Scope string `json:"scope,omitempty"`
Audiences []string `json:"audience,omitempty"`
}
AccessTokenResponse is the response to a access token request
type AuthCodeFlowRequest ¶
type AuthCodeFlowRequest struct {
OIDCFlowRequest
RedirectType string `json:"redirect_type"`
}
AuthCodeFlowRequest holds a authorization code flow request
type AuthCodeFlowResponse ¶
type AuthCodeFlowResponse struct {
AuthorizationURL string `json:"authorization_url"`
PollingInfo
}
AuthCodeFlowResponse is the response to an authorization code flow request
type Capabilities ¶
type Capabilities []Capability
Capabilities is a slice of Capability
func NewCapabilities ¶
func NewCapabilities(caps []string) (c Capabilities)
NewCapabilities casts a []string into Capabilities
func Tighten ¶
func Tighten(a, b Capabilities) (res Capabilities)
Tighten tightens two set of Capabilities into one new
func (Capabilities) Has ¶
func (c Capabilities) Has(a Capability) bool
Has checks if Capabilities slice contains the passed Capability
func (*Capabilities) Scan ¶
func (c *Capabilities) Scan(src interface{}) error
Scan implements the sql.Scanner interface.
func (Capabilities) Strings ¶
func (c Capabilities) Strings() (s []string)
Strings returns a slice of strings for these capabilities
type Capability ¶
Capability is a capability string
func NewCapability ¶
func NewCapability(name string) Capability
NewCapability casts a string into a Capability
func (Capability) MarshalJSON ¶
func (c Capability) MarshalJSON() ([]byte, error)
MarshalJSON implements the json.Marshaler interface
func (*Capability) UnmarshalJSON ¶
func (c *Capability) UnmarshalJSON(data []byte) error
UnmarshalJSON implements the json.Unmarshaler interface
type ClientMetaData ¶
type ClientMetaData struct {
IP string `db:"ip" json:"ip,omitempty"`
UserAgent string `db:"user_agent" json:"user_agent,omitempty"`
}
ClientMetaData hold information about the calling client
type CreateTransferCodeRequest ¶
type CreateTransferCodeRequest struct {
Mytoken string `json:"mytoken"` // we use string and not token.Token because the token can also be in the Auth Header and there it is a string
}
CreateTransferCodeRequest is a request to create a new transfer code from an existing mytoken
type EventEntry ¶
type EventEntry struct {
Event string `db:"event" json:"event"`
Time int64 `db:"time" json:"time"`
Comment string `db:"comment" json:"comment,omitempty"`
ClientMetaData `json:",inline"`
}
type EventHistory ¶
type EventHistory []EventEntry
type ExchangeTransferCodeRequest ¶
type ExchangeTransferCodeRequest struct {
GrantType string `json:"grant_type"`
TransferCode string `json:"transfer_code"`
}
ExchangeTransferCodeRequest is a request to exchange a transfer code for the mytoken
type Mytoken ¶
type Mytoken struct {
Issuer string `json:"iss"`
Subject string `json:"sub"`
ExpiresAt int64 `json:"exp,omitempty"`
NotBefore int64 `json:"nbf"`
IssuedAt int64 `json:"iat"`
ID string `json:"jti"`
SeqNo uint64 `json:"seq_no"`
Audience string `json:"aud"`
OIDCSubject string `json:"oidc_sub"`
OIDCIssuer string `json:"oidc_iss"`
Restrictions Restrictions `json:"restrictions,omitempty"`
Capabilities Capabilities `json:"capabilities"`
SubtokenCapabilities Capabilities `json:"subtoken_capabilities,omitempty"`
Rotation Rotation `json:"rotation,omitempty"`
}
Mytoken is a mytoken Mytoken
type MytokenConfiguration ¶
type MytokenConfiguration struct {
Issuer string `json:"issuer"`
AccessTokenEndpoint string `json:"access_token_endpoint"`
MytokenEndpoint string `json:"mytoken_endpoint"`
TokeninfoEndpoint string `json:"tokeninfo_endpoint,omitempty"`
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
UserSettingsEndpoint string `json:"usersettings_endpoint"`
TokenTransferEndpoint string `json:"token_transfer_endpoint,omitempty"`
JWKSURI string `json:"jwks_uri"`
ProvidersSupported []SupportedProviderConfig `json:"providers_supported"`
TokenSigningAlgValue string `json:"token_signing_alg_value"`
TokenInfoEndpointActionsSupported []string `json:"tokeninfo_endpoint_actions_supported,omitempty"`
AccessTokenEndpointGrantTypesSupported []string `json:"access_token_endpoint_grant_types_supported"`
MytokenEndpointGrantTypesSupported []string `json:"mytoken_endpoint_grant_types_supported"`
MytokenEndpointOIDCFlowsSupported []string `json:"mytoken_endpoint_oidc_flows_supported"`
ResponseTypesSupported []string `json:"response_types_supported"`
ServiceDocumentation string `json:"service_documentation,omitempty"`
Version string `json:"version,omitempty"`
}
MytokenConfiguration holds information about a mytoken instance
type MytokenEntry ¶
type MytokenEntry struct {
Name string `json:"name,omitempty"`
CreatedAt int64 `json:"created"`
ClientMetaData `json:",inline"`
}
MytokenEntry holds the information of a MytokenEntry as stored in the database
type MytokenEntryTree ¶
type MytokenEntryTree struct {
Token MytokenEntry `json:"token"`
Children []MytokenEntryTree `json:"children,omitempty"`
}
MytokenEntryTree is a tree of MytokenEntry
type MytokenFromMytokenRequest ¶
type MytokenFromMytokenRequest struct {
Issuer string `json:"oidc_issuer"`
GrantType string `json:"grant_type"`
Mytoken string `json:"mytoken"`
Restrictions Restrictions `json:"restrictions"`
Capabilities Capabilities `json:"capabilities"`
SubtokenCapabilities Capabilities `json:"subtoken_capabilities"`
Name string `json:"name"`
ResponseType string `json:"response_type"`
FailOnRestrictionsNotTighter bool `json:"error_on_restrictions"`
}
MytokenFromMytokenRequest is a request to create a new Mytoken from an existing Mytoken
type MytokenResponse ¶
type MytokenResponse struct {
Mytoken string `json:"mytoken,omitempty"`
MytokenType string `json:"mytoken_type"`
TransferCode string `json:"transfer_code,omitempty"`
ExpiresIn uint64 `json:"expires_in,omitempty"`
Restrictions Restrictions `json:"restrictions,omitempty"`
Capabilities Capabilities `json:"capabilities,omitempty"`
SubtokenCapabilities Capabilities `json:"subtoken_capabilities,omitempty"`
}
MytokenResponse is a response to a mytoken request
type OIDCFlowRequest ¶
type OIDCFlowRequest struct {
Issuer string `json:"oidc_issuer"`
GrantType string `json:"grant_type"`
OIDCFlow string `json:"oidc_flow"`
Restrictions Restrictions `json:"restrictions"`
Capabilities Capabilities `json:"capabilities"`
SubtokenCapabilities Capabilities `json:"subtoken_capabilities"`
Name string `json:"name"`
ResponseType string `json:"response_type"`
}
OIDCFlowRequest holds the request for an OIDC Flow request
type PollingCodeRequest ¶
type PollingCodeRequest struct {
GrantType string `json:"grant_type"`
PollingCode string `json:"polling_code"`
}
PollingCodeRequest is a polling code request
type PollingInfo ¶
type PollingInfo struct {
PollingCode string `json:"polling_code,omitempty"`
PollingCodeExpiresIn int64 `json:"polling_code_expires_in,omitempty"`
PollingInterval int64 `json:"polling_interval,omitempty"`
}
PollingInfo holds all response information about polling codes
type Restriction ¶
type Restriction struct {
NotBefore int64 `json:"nbf,omitempty"`
ExpiresAt int64 `json:"exp,omitempty"`
Scope string `json:"scope,omitempty"`
Audiences []string `json:"audience,omitempty"`
IPs []string `json:"ip,omitempty"`
GeoIPAllow []string `json:"geoip_allow,omitempty"`
GeoIPDisallow []string `json:"geoip_disallow,omitempty"`
UsagesAT *int64 `json:"usages_AT,omitempty"`
UsagesOther *int64 `json:"usages_other,omitempty"`
}
Restriction describes a token usage restriction
type RevocationRequest ¶
type RevocationRequest struct {
Token string `json:"token"` // We don't use model.Token here because we need to revoke a short token differently
Recursive bool `json:"recursive,omitempty"`
OIDCIssuer string `json:"oidc_issuer,omitempty"`
}
RevocationRequest holds the information for a token revocation request
type SupportedProviderConfig ¶
type SupportedProviderConfig struct {
Issuer string `json:"issuer"`
ScopesSupported []string `json:"scopes_supported"`
}
SupportedProviderConfig holds information about a provider
type TokenInfoRequest ¶
type TokeninfoHistoryResponse ¶
type TokeninfoHistoryResponse struct {
EventHistory EventHistory `json:"events"`
}
type TokeninfoIntrospectResponse ¶
type TokeninfoIntrospectResponse struct {
Valid bool `json:"valid"`
Token UsedMytoken `json:"token"`
}
type TokeninfoListResponse ¶
type TokeninfoListResponse struct {
Tokens []MytokenEntryTree `json:"mytokens"`
}
type TokeninfoTreeResponse ¶
type TokeninfoTreeResponse struct {
Tokens MytokenEntryTree `json:"mytokens"`
}
type TransferCodeResponse ¶
type TransferCodeResponse struct {
MytokenType string `json:"mytoken_type"`
TransferCode string `json:"transfer_code"`
ExpiresIn uint64 `json:"expires_in"`
}
TransferCodeResponse is the response to a transfer code request
type UsedMytoken ¶
type UsedMytoken struct {
Mytoken `json:",inline"`
Restrictions []UsedRestriction `json:"restrictions,omitempty"`
}
UsedMytoken is a type for a Mytoken that has been used, it additionally has information how often it has been used
type UsedRestriction ¶
type UsedRestriction struct {
Restriction `json:",inline"`
UsagesATDone *int64 `json:"usages_AT_done,omitempty"`
UsagesOtherDone *int64 `json:"usages_other_done,omitempty"`
}
UsedRestriction is a type for a restriction that has been used and additionally has information how often is has been used
Source Files
¶
- accessTokenRequest.go
- accessTokenResponse.go
- apiError.go
- authCodeFlowResponse.go
- authcodeFlowRequest.go
- capability.go
- clientMetaData.go
- eventHistory.go
- grantTypes.go
- mytoken.go
- mytokenConfiguration.go
- mytokenEntry.go
- mytokenRequest.go
- mytokenResponse.go
- oidcFlow.go
- pollingCodeRequest.go
- responseType.go
- restrictions.go
- revocationRequest.go
- tokeninfoAction.go
- tokeninfoRequest.go
- tokeninfoResponses.go
- transfercodeRequest.go
- transfercodeResponse.go
Click to show internal directories.
Click to hide internal directories.