config

package

v2.2.0 Latest Latest Go to latest Published: Feb 12, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/ory/hydra

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func Validate(ctx context.Context, l *logrusx.Logger, p *DefaultProvider) error
type AccessTokenStrategySource
type AccessTokenStrategyType
- func ToAccessTokenStrategyType(strategy string) (AccessTokenStrategyType, error)
type Auth
type AuthConfig
type DefaultProvider
type HookConfig
type Provider
type ServeInterface
type TLSConfig

Constants ¶

View Source

const (
	KeyRoot                                      = ""
	HSMEnabled                                   = "hsm.enabled"
	HSMLibraryPath                               = "hsm.library"
	HSMPin                                       = "hsm.pin"
	HSMSlotNumber                                = "hsm.slot"
	HSMKeySetPrefix                              = "hsm.key_set_prefix"
	HSMTokenLabel                                = "hsm.token_label" // #nosec G101
	KeyWellKnownKeys                             = "webfinger.jwks.broadcast_keys"
	KeyOAuth2ClientRegistrationURL               = "webfinger.oidc_discovery.client_registration_url"
	KeyOAuth2TokenURL                            = "webfinger.oidc_discovery.token_url" // #nosec G101
	KeyOAuth2AuthURL                             = "webfinger.oidc_discovery.auth_url"
	KeyVerifiableCredentialsURL                  = "webfinger.oidc_discovery.verifiable_credentials_url" // #nosec G101
	KeyJWKSURL                                   = "webfinger.oidc_discovery.jwks_url"
	KeyOIDCDiscoverySupportedClaims              = "webfinger.oidc_discovery.supported_claims"
	KeyOIDCDiscoverySupportedScope               = "webfinger.oidc_discovery.supported_scope"
	KeyOIDCDiscoveryUserinfoEndpoint             = "webfinger.oidc_discovery.userinfo_url"
	KeySubjectTypesSupported                     = "oidc.subject_identifiers.supported_types"
	KeyDefaultClientScope                        = "oidc.dynamic_client_registration.default_scope"
	KeyDSN                                       = "dsn"
	KeyClientHTTPNoPrivateIPRanges               = "clients.http.disallow_private_ip_ranges"
	KeyClientHTTPPrivateIPExceptionURLs          = "clients.http.private_ip_exception_urls"
	KeyHasherAlgorithm                           = "oauth2.hashers.algorithm"
	KeyBCryptCost                                = "oauth2.hashers.bcrypt.cost"
	KeyPBKDF2Iterations                          = "oauth2.hashers.pbkdf2.iterations"
	KeyEncryptSessionData                        = "oauth2.session.encrypt_at_rest"
	KeyCookieSameSiteMode                        = "serve.cookies.same_site_mode"
	KeyCookieSameSiteLegacyWorkaround            = "serve.cookies.same_site_legacy_workaround"
	KeyCookieDomain                              = "serve.cookies.domain"
	KeyCookieSecure                              = "serve.cookies.secure"
	KeyCookieLoginCSRFName                       = "serve.cookies.names.login_csrf"
	KeyCookieConsentCSRFName                     = "serve.cookies.names.consent_csrf"
	KeyCookieSessionName                         = "serve.cookies.names.session"
	KeyCookieSessionPath                         = "serve.cookies.paths.session"
	KeyConsentRequestMaxAge                      = "ttl.login_consent_request"
	KeyAccessTokenLifespan                       = "ttl.access_token"  // #nosec G101
	KeyRefreshTokenLifespan                      = "ttl.refresh_token" // #nosec G101
	KeyVerifiableCredentialsNonceLifespan        = "ttl.vc_nonce"      // #nosec G101
	KeyIDTokenLifespan                           = "ttl.id_token"      // #nosec G101
	KeyAuthCodeLifespan                          = "ttl.auth_code"
	KeyScopeStrategy                             = "strategies.scope"
	KeyGetCookieSecrets                          = "secrets.cookie"
	KeyGetSystemSecret                           = "secrets.system"
	KeyLogoutRedirectURL                         = "urls.post_logout_redirect"
	KeyLoginURL                                  = "urls.login"
	KeyRegistrationURL                           = "urls.registration"
	KeyLogoutURL                                 = "urls.logout"
	KeyConsentURL                                = "urls.consent"
	KeyErrorURL                                  = "urls.error"
	KeyPublicURL                                 = "urls.self.public"
	KeyAdminURL                                  = "urls.self.admin"
	KeyIssuerURL                                 = "urls.self.issuer"
	KeyIdentityProviderAdminURL                  = "urls.identity_provider.url"
	KeyIdentityProviderPublicURL                 = "urls.identity_provider.publicUrl"
	KeyIdentityProviderHeaders                   = "urls.identity_provider.headers"
	KeyAccessTokenStrategy                       = "strategies.access_token"
	KeyJWTScopeClaimStrategy                     = "strategies.jwt.scope_claim"
	KeyDBIgnoreUnknownTableColumns               = "db.ignore_unknown_table_columns"
	KeySubjectIdentifierAlgorithmSalt            = "oidc.subject_identifiers.pairwise.salt"
	KeyPublicAllowDynamicRegistration            = "oidc.dynamic_client_registration.enabled"
	KeyPKCEEnforced                              = "oauth2.pkce.enforced"
	KeyPKCEEnforcedForPublicClients              = "oauth2.pkce.enforced_for_public_clients"
	KeyLogLevel                                  = "log.level"
	KeyCGroupsV1AutoMaxProcsEnabled              = "cgroups.v1.auto_max_procs_enabled"
	KeyGrantAllClientCredentialsScopesPerDefault = "oauth2.client_credentials.default_grant_allowed_scope" // #nosec G101
	KeyExposeOAuth2Debug                         = "oauth2.expose_internal_errors"
	KeyExcludeNotBeforeClaim                     = "oauth2.exclude_not_before_claim"
	KeyAllowedTopLevelClaims                     = "oauth2.allowed_top_level_claims"
	KeyMirrorTopLevelClaims                      = "oauth2.mirror_top_level_claims"
	KeyOAuth2GrantJWTIDOptional                  = "oauth2.grant.jwt.jti_optional"
	KeyOAuth2GrantJWTIssuedDateOptional          = "oauth2.grant.jwt.iat_optional"
	KeyOAuth2GrantJWTMaxDuration                 = "oauth2.grant.jwt.max_ttl"
	KeyRefreshTokenHook                          = "oauth2.refresh_token_hook" // #nosec G101
	KeyTokenHook                                 = "oauth2.token_hook"         // #nosec G101
	KeyDevelopmentMode                           = "dev"
)

View Source

const (
	KeySuffixListenOnHost           = "host"
	KeySuffixListenOnPort           = "port"
	KeySuffixSocketOwner            = "socket.owner"
	KeySuffixSocketGroup            = "socket.group"
	KeySuffixSocketMode             = "socket.mode"
	KeySuffixDisableHealthAccessLog = "request_log.disable_for_health"
)

View Source

const (
	KeySuffixTLSEnabled              = "tls.enabled"
	KeySuffixTLSAllowTerminationFrom = "tls.allow_termination_from"
	KeySuffixTLSCertString           = "tls.cert.base64"
	KeySuffixTLSKeyString            = "tls.key.base64"
	KeySuffixTLSCertPath             = "tls.cert.path"
	KeySuffixTLSKeyPath              = "tls.key.path"

	KeyTLSAllowTerminationFrom = "serve." + KeySuffixTLSAllowTerminationFrom
	KeyTLSCertString           = "serve." + KeySuffixTLSCertString
	KeyTLSKeyString            = "serve." + KeySuffixTLSKeyString
	KeyTLSCertPath             = "serve." + KeySuffixTLSCertPath
	KeyTLSKeyPath              = "serve." + KeySuffixTLSKeyPath
	KeyTLSEnabled              = "serve." + KeySuffixTLSEnabled
)

View Source

const DSNMemory = "memory"

Variables ¶

View Source

var (
	Version = "master"
	Date    = "undefined"
	Commit  = "undefined"
)

Functions ¶

func Validate ¶

func Validate(ctx context.Context, l *logrusx.Logger, p *DefaultProvider) error

Types ¶

type AccessTokenStrategySource ¶

type AccessTokenStrategySource interface {
	GetAccessTokenStrategy() AccessTokenStrategyType
}

type AccessTokenStrategyType ¶

type AccessTokenStrategyType string

AccessTokenStrategyType is the type of access token strategy.

const (
	// AccessTokenJWTStrategy is the JWT access token strategy.
	AccessTokenJWTStrategy AccessTokenStrategyType = "jwt"
	// AccessTokenDefaultStrategy is the default access token strategy using HMAC-SHA pass-by-reference tokens.
	AccessTokenDefaultStrategy AccessTokenStrategyType = "opaque"
)

func ToAccessTokenStrategyType ¶

func ToAccessTokenStrategyType(strategy string) (AccessTokenStrategyType, error)

ToAccessTokenStrategyType converts a string to an AccessTokenStrategyType

type Auth ¶ added in v2.2.0

type Auth struct {
	Type   string     `json:"type"`
	Config AuthConfig `json:"config"`
}

type AuthConfig ¶ added in v2.2.0

type AuthConfig struct {
	In    string `json:"in"`
	Name  string `json:"name"`
	Value string `json:"value"`
}

type DefaultProvider ¶

type DefaultProvider struct {
	// contains filtered or unexported fields
}

func MustNew ¶

func MustNew(ctx context.Context, l *logrusx.Logger, opts ...configx.OptionModifier) *DefaultProvider

func New ¶

func New(ctx context.Context, l *logrusx.Logger, opts ...configx.OptionModifier) (*DefaultProvider, error)

func NewCustom ¶

func NewCustom(l *logrusx.Logger, p *configx.Provider, ctxt contextx.Contextualizer) *DefaultProvider

func (*DefaultProvider) AccessTokenStrategy ¶

func (p *DefaultProvider) AccessTokenStrategy(ctx context.Context, additionalSources ...AccessTokenStrategySource) AccessTokenStrategyType

func (*DefaultProvider) AdminURL ¶

func (p *DefaultProvider) AdminURL(ctx context.Context) *url.URL

func (*DefaultProvider) AllowedTopLevelClaims ¶

func (p *DefaultProvider) AllowedTopLevelClaims(ctx context.Context) []string

func (*DefaultProvider) CGroupsV1AutoMaxProcsEnabled ¶

func (p *DefaultProvider) CGroupsV1AutoMaxProcsEnabled() bool

func (*DefaultProvider) CORS ¶

func (p *DefaultProvider) CORS(ctx context.Context, iface ServeInterface) (cors.Options, bool)

func (*DefaultProvider) ClientHTTPNoPrivateIPRanges ¶

func (p *DefaultProvider) ClientHTTPNoPrivateIPRanges() bool

func (*DefaultProvider) ClientHTTPPrivateIPExceptionURLs ¶ added in v2.2.0

func (p *DefaultProvider) ClientHTTPPrivateIPExceptionURLs() []string

func (*DefaultProvider) ConsentRequestMaxAge ¶

func (p *DefaultProvider) ConsentRequestMaxAge(ctx context.Context) time.Duration

func (*DefaultProvider) ConsentURL ¶

func (p *DefaultProvider) ConsentURL(ctx context.Context) *url.URL

func (*DefaultProvider) CookieDomain ¶

func (p *DefaultProvider) CookieDomain(ctx context.Context) string

func (*DefaultProvider) CookieNameConsentCSRF ¶

func (p *DefaultProvider) CookieNameConsentCSRF(ctx context.Context) string

func (*DefaultProvider) CookieNameLoginCSRF ¶

func (p *DefaultProvider) CookieNameLoginCSRF(ctx context.Context) string

func (*DefaultProvider) CookieSameSiteLegacyWorkaround ¶

func (p *DefaultProvider) CookieSameSiteLegacyWorkaround(ctx context.Context) bool

func (*DefaultProvider) CookieSameSiteMode ¶

func (p *DefaultProvider) CookieSameSiteMode(ctx context.Context) http.SameSite

func (*DefaultProvider) CookieSecure ¶

func (p *DefaultProvider) CookieSecure(ctx context.Context) bool

func (*DefaultProvider) CredentialsEndpointURL ¶ added in v2.2.0

func (p *DefaultProvider) CredentialsEndpointURL(ctx context.Context) *url.URL

func (*DefaultProvider) DSN ¶

func (p *DefaultProvider) DSN() string

func (*DefaultProvider) DbIgnoreUnknownTableColumns ¶

func (p *DefaultProvider) DbIgnoreUnknownTableColumns() bool

func (*DefaultProvider) DefaultClientScope ¶

func (p *DefaultProvider) DefaultClientScope(ctx context.Context) []string

func (*DefaultProvider) DisableHealthAccessLog ¶

func (p *DefaultProvider) DisableHealthAccessLog(iface ServeInterface) bool

func (*DefaultProvider) EncryptSessionData ¶

func (p *DefaultProvider) EncryptSessionData(ctx context.Context) bool

func (*DefaultProvider) ErrorURL ¶

func (p *DefaultProvider) ErrorURL(ctx context.Context) *url.URL

func (*DefaultProvider) ExcludeNotBeforeClaim ¶

func (p *DefaultProvider) ExcludeNotBeforeClaim(ctx context.Context) bool

func (*DefaultProvider) GetAccessTokenLifespan ¶

func (p *DefaultProvider) GetAccessTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetAuthorizeCodeLifespan ¶

func (p *DefaultProvider) GetAuthorizeCodeLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetBCryptCost ¶

func (p *DefaultProvider) GetBCryptCost(ctx context.Context) int

func (*DefaultProvider) GetCookieSecrets ¶

func (p *DefaultProvider) GetCookieSecrets(ctx context.Context) ([][]byte, error)

func (*DefaultProvider) GetEnforcePKCE ¶

func (p *DefaultProvider) GetEnforcePKCE(ctx context.Context) bool

func (*DefaultProvider) GetEnforcePKCEForPublicClients ¶

func (p *DefaultProvider) GetEnforcePKCEForPublicClients(ctx context.Context) bool

func (*DefaultProvider) GetGlobalSecret ¶

func (p *DefaultProvider) GetGlobalSecret(ctx context.Context) ([]byte, error)

func (*DefaultProvider) GetGrantTypeJWTBearerIDOptional ¶

func (p *DefaultProvider) GetGrantTypeJWTBearerIDOptional(ctx context.Context) bool

func (*DefaultProvider) GetGrantTypeJWTBearerIssuedDateOptional ¶

func (p *DefaultProvider) GetGrantTypeJWTBearerIssuedDateOptional(ctx context.Context) bool

func (*DefaultProvider) GetHasherAlgorithm ¶

func (p *DefaultProvider) GetHasherAlgorithm(ctx context.Context) x.HashAlgorithm

func (*DefaultProvider) GetIDTokenLifespan ¶

func (p *DefaultProvider) GetIDTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetJWTMaxDuration ¶

func (p *DefaultProvider) GetJWTMaxDuration(ctx context.Context) time.Duration

func (*DefaultProvider) GetJWTScopeField ¶ added in v2.2.0

func (p *DefaultProvider) GetJWTScopeField(ctx context.Context) jwt.JWTScopeFieldEnum

func (*DefaultProvider) GetRefreshTokenLifespan ¶

func (p *DefaultProvider) GetRefreshTokenLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GetRotatedGlobalSecrets ¶

func (p *DefaultProvider) GetRotatedGlobalSecrets(ctx context.Context) ([][]byte, error)

func (*DefaultProvider) GetScopeStrategy ¶

func (p *DefaultProvider) GetScopeStrategy(ctx context.Context) fosite.ScopeStrategy

func (*DefaultProvider) GetSendDebugMessagesToClients ¶

func (p *DefaultProvider) GetSendDebugMessagesToClients(ctx context.Context) bool

func (*DefaultProvider) GetUseLegacyErrorFormat ¶

func (p *DefaultProvider) GetUseLegacyErrorFormat(context.Context) bool

func (*DefaultProvider) GetVerifiableCredentialsNonceLifespan ¶ added in v2.2.0

func (p *DefaultProvider) GetVerifiableCredentialsNonceLifespan(ctx context.Context) time.Duration

func (*DefaultProvider) GrantAllClientCredentialsScopesPerDefault ¶

func (p *DefaultProvider) GrantAllClientCredentialsScopesPerDefault(ctx context.Context) bool

func (*DefaultProvider) HSMEnabled ¶

func (p *DefaultProvider) HSMEnabled() bool

func (*DefaultProvider) HSMKeySetPrefix ¶

func (p *DefaultProvider) HSMKeySetPrefix() string

func (*DefaultProvider) HSMLibraryPath ¶

func (p *DefaultProvider) HSMLibraryPath() string

func (*DefaultProvider) HSMPin ¶

func (p *DefaultProvider) HSMPin() string

func (*DefaultProvider) HSMSlotNumber ¶

func (p *DefaultProvider) HSMSlotNumber() *int

func (*DefaultProvider) HSMTokenLabel ¶

func (p *DefaultProvider) HSMTokenLabel() string

func (*DefaultProvider) HasherBcryptConfig ¶

func (p *DefaultProvider) HasherBcryptConfig(ctx context.Context) *hasherx.BCryptConfig

func (*DefaultProvider) HasherPBKDF2Config ¶

func (p *DefaultProvider) HasherPBKDF2Config(ctx context.Context) *hasherx.PBKDF2Config

func (*DefaultProvider) IsDevelopmentMode ¶

func (p *DefaultProvider) IsDevelopmentMode(ctx context.Context) bool

func (*DefaultProvider) IssuerURL ¶

func (p *DefaultProvider) IssuerURL(ctx context.Context) *url.URL

func (*DefaultProvider) JWKSURL ¶

func (p *DefaultProvider) JWKSURL(ctx context.Context) *url.URL

func (*DefaultProvider) KratosAdminURL ¶ added in v2.2.0

func (p *DefaultProvider) KratosAdminURL(ctx context.Context) (*url.URL, bool)

func (*DefaultProvider) KratosPublicURL ¶ added in v2.2.0

func (p *DefaultProvider) KratosPublicURL(ctx context.Context) (*url.URL, bool)

func (*DefaultProvider) KratosRequestHeader ¶ added in v2.2.0

func (p *DefaultProvider) KratosRequestHeader(ctx context.Context) http.Header

func (*DefaultProvider) ListenOn ¶

func (p *DefaultProvider) ListenOn(iface ServeInterface) string

func (*DefaultProvider) LoginURL ¶

func (p *DefaultProvider) LoginURL(ctx context.Context) *url.URL

func (*DefaultProvider) LogoutRedirectURL ¶

func (p *DefaultProvider) LogoutRedirectURL(ctx context.Context) *url.URL

func (*DefaultProvider) LogoutURL ¶

func (p *DefaultProvider) LogoutURL(ctx context.Context) *url.URL

func (*DefaultProvider) MirrorTopLevelClaims ¶ added in v2.2.0

func (p *DefaultProvider) MirrorTopLevelClaims(ctx context.Context) bool

func (*DefaultProvider) MustSet ¶

func (p *DefaultProvider) MustSet(ctx context.Context, key string, value interface{})

func (*DefaultProvider) OAuth2AuthURL ¶

func (p *DefaultProvider) OAuth2AuthURL(ctx context.Context) *url.URL

func (*DefaultProvider) OAuth2ClientRegistrationURL ¶

func (p *DefaultProvider) OAuth2ClientRegistrationURL(ctx context.Context) *url.URL

func (*DefaultProvider) OAuth2TokenURL ¶

func (p *DefaultProvider) OAuth2TokenURL(ctx context.Context) *url.URL

func (*DefaultProvider) OIDCDiscoverySupportedClaims ¶

func (p *DefaultProvider) OIDCDiscoverySupportedClaims(ctx context.Context) []string

func (*DefaultProvider) OIDCDiscoverySupportedScope ¶

func (p *DefaultProvider) OIDCDiscoverySupportedScope(ctx context.Context) []string

func (*DefaultProvider) OIDCDiscoveryUserinfoEndpoint ¶

func (p *DefaultProvider) OIDCDiscoveryUserinfoEndpoint(ctx context.Context) *url.URL

func (*DefaultProvider) PublicAllowDynamicRegistration ¶

func (p *DefaultProvider) PublicAllowDynamicRegistration(ctx context.Context) bool

func (*DefaultProvider) PublicURL ¶

func (p *DefaultProvider) PublicURL(ctx context.Context) *url.URL

func (*DefaultProvider) RegistrationURL ¶ added in v2.2.0

func (p *DefaultProvider) RegistrationURL(ctx context.Context) *url.URL

func (*DefaultProvider) SessionCookieName ¶

func (p *DefaultProvider) SessionCookieName(ctx context.Context) string

func (*DefaultProvider) SessionCookiePath ¶

func (p *DefaultProvider) SessionCookiePath(ctx context.Context) string

func (*DefaultProvider) Set ¶

func (p *DefaultProvider) Set(ctx context.Context, key string, value interface{}) error

func (*DefaultProvider) SocketPermission ¶

func (p *DefaultProvider) SocketPermission(iface ServeInterface) *configx.UnixPermission

func (*DefaultProvider) Source ¶

func (p *DefaultProvider) Source(ctx context.Context) *configx.Provider

func (*DefaultProvider) SubjectIdentifierAlgorithmSalt ¶

func (p *DefaultProvider) SubjectIdentifierAlgorithmSalt(ctx context.Context) string

func (*DefaultProvider) SubjectTypesSupported ¶

func (p *DefaultProvider) SubjectTypesSupported(ctx context.Context, additionalSources ...AccessTokenStrategySource) []string

func (*DefaultProvider) TLS ¶

func (p *DefaultProvider) TLS(ctx context.Context, iface ServeInterface) TLSConfig

func (*DefaultProvider) TokenHookConfig ¶ added in v2.2.0

func (p *DefaultProvider) TokenHookConfig(ctx context.Context) *HookConfig

func (*DefaultProvider) TokenRefreshHookConfig ¶ added in v2.2.0

func (p *DefaultProvider) TokenRefreshHookConfig(ctx context.Context) *HookConfig

func (*DefaultProvider) Tracing ¶

func (p *DefaultProvider) Tracing() *otelx.Config

func (*DefaultProvider) WellKnownKeys ¶

func (p *DefaultProvider) WellKnownKeys(ctx context.Context, include ...string) []string

type HookConfig ¶ added in v2.2.0

type HookConfig struct {
	URL  string `json:"url"`
	Auth *Auth  `json:"auth"`
}

type Provider ¶

type Provider interface {
	Config() *DefaultProvider
}

type ServeInterface ¶

type ServeInterface interface {
	Key(suffix string) string
	String() string
}

var (
	PublicInterface ServeInterface = &servePrefix{
		prefix: "serve.public",
	}
	AdminInterface ServeInterface = &servePrefix{
		prefix: "serve.admin",
	}
)

type TLSConfig ¶

type TLSConfig interface {
	Enabled() bool
	AllowTerminationFrom() []string
	GetCertificateFunc(stopReload <-chan struct{}, _ *logrusx.Logger) (func(*tls.ClientHelloInfo) (*tls.Certificate, error), error)
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL