gen

package
v0.32.8 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2026 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	CodeType_name = map[int32]string{
		0: "CODE_TYPE_UNSPECIFIED",
		1: "CODE_TYPE_AUTHORIZATION",
		2: "CODE_TYPE_ACCESS",
		3: "CODE_TYPE_REFRESH",
	}
	CodeType_value = map[string]int32{
		"CODE_TYPE_UNSPECIFIED":   0,
		"CODE_TYPE_AUTHORIZATION": 1,
		"CODE_TYPE_ACCESS":        2,
		"CODE_TYPE_REFRESH":       3,
	}
)

Enum value maps for CodeType.

View Source 
var File_authorization_request_proto protoreflect.FileDescriptor
View Source 
var File_code_proto protoreflect.FileDescriptor
View Source 
var File_mcp_refresh_token_proto protoreflect.FileDescriptor
View Source 
var File_token_proto protoreflect.FileDescriptor

Functions

This section is empty.

Types

type AuthorizationRequest 

type AuthorizationRequest struct {

	// The client identifier as described in Section 2.2.
	ClientId string `protobuf:"bytes,1,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// OPTIONAL if only one redirect URI is registered for this client. REQUIRED
	// if multiple redirict URIs are registered for this client.
	RedirectUri *string `protobuf:"bytes,2,opt,name=redirect_uri,json=redirectUri,proto3,oneof" json:"redirect_uri,omitempty"`
	// REQUIRED. The authorization endpoint supports different sets of request and
	// response parameters. The client determines the type of flow by using a
	// certain response_type value. This specification defines the value code,
	// which must be used to signal that the client wants to use the authorization
	// code flow.
	ResponseType string `protobuf:"bytes,3,opt,name=response_type,json=responseType,proto3" json:"response_type,omitempty"`
	// OPTIONAL. An opaque value used by the client to maintain state between the
	// request and callback. The authorization server includes this value when
	// redirecting the user agent back to the client.
	State *string `protobuf:"bytes,4,opt,name=state,proto3,oneof" json:"state,omitempty"`
	// OPTIONAL. The scope of the access request as described by Section 1.4.1.
	Scopes []string `protobuf:"bytes,5,rep,name=scopes,proto3" json:"scopes,omitempty"`
	// REQUIRED or RECOMMENDED, assumes https://www.rfc-editor.org/rfc/rfc7636.html#section-4.1
	// subject to whether the client is public or confidential.
	CodeChallenge *string `protobuf:"bytes,6,opt,name=code_challenge,json=codeChallenge,proto3,oneof" json:"code_challenge,omitempty"`
	// OPTIONAL, defaults to plain if not present in the request. Code verifier
	// transformation method is S256 or plain.
	CodeChallengeMethod *string `` /* 126-byte string literal not displayed */
	// session this authorization request is associated with.
	// This is a Pomerium implementation specific field.
	SessionId string `protobuf:"bytes,8,opt,name=session_id,json=sessionId,proto3" json:"session_id,omitempty"`
	// user id this authorization request is associated with.
	// This is a Pomerium implementation specific field.
	UserId string `protobuf:"bytes,9,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
	// contains filtered or unexported fields
}

modeled based on https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-4.1.1

func (*AuthorizationRequest) Descriptor deprecated 

func (*AuthorizationRequest) Descriptor() ([]byte, []int)

Deprecated: Use AuthorizationRequest.ProtoReflect.Descriptor instead.

func (*AuthorizationRequest) GetClientId 

func (x *AuthorizationRequest) GetClientId() string

func (*AuthorizationRequest) GetCodeChallenge 

func (x *AuthorizationRequest) GetCodeChallenge() string

func (*AuthorizationRequest) GetCodeChallengeMethod 

func (x *AuthorizationRequest) GetCodeChallengeMethod() string

func (*AuthorizationRequest) GetRedirectUri 

func (x *AuthorizationRequest) GetRedirectUri() string

func (*AuthorizationRequest) GetResponseType 

func (x *AuthorizationRequest) GetResponseType() string

func (*AuthorizationRequest) GetScopes 

func (x *AuthorizationRequest) GetScopes() []string

func (*AuthorizationRequest) GetSessionId 

func (x *AuthorizationRequest) GetSessionId() string

func (*AuthorizationRequest) GetState 

func (x *AuthorizationRequest) GetState() string

func (*AuthorizationRequest) GetUserId 

func (x *AuthorizationRequest) GetUserId() string

func (*AuthorizationRequest) ProtoMessage 

func (*AuthorizationRequest) ProtoMessage()

func (*AuthorizationRequest) ProtoReflect 

func (x *AuthorizationRequest) ProtoReflect() protoreflect.Message

func (*AuthorizationRequest) Reset 

func (x *AuthorizationRequest) Reset()

func (*AuthorizationRequest) String 

func (x *AuthorizationRequest) String() string

type Code 

type Code struct {
	Id        string                 `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	GrantType CodeType               `protobuf:"varint,3,opt,name=grant_type,json=grantType,proto3,enum=oauth21.CodeType" json:"grant_type,omitempty"`
	// contains filtered or unexported fields
}

Code is a code used in the authorization code flow.

func (*Code) Descriptor deprecated 

func (*Code) Descriptor() ([]byte, []int)

Deprecated: Use Code.ProtoReflect.Descriptor instead.

func (*Code) GetExpiresAt 

func (x *Code) GetExpiresAt() *timestamppb.Timestamp

func (*Code) GetGrantType 

func (x *Code) GetGrantType() CodeType

func (*Code) GetId 

func (x *Code) GetId() string

func (*Code) ProtoMessage 

func (*Code) ProtoMessage()

func (*Code) ProtoReflect 

func (x *Code) ProtoReflect() protoreflect.Message

func (*Code) Reset 

func (x *Code) Reset()

func (*Code) String 

func (x *Code) String() string

type CodeType 

type CodeType int32
const (
	CodeType_CODE_TYPE_UNSPECIFIED   CodeType = 0
	CodeType_CODE_TYPE_AUTHORIZATION CodeType = 1
	CodeType_CODE_TYPE_ACCESS        CodeType = 2
	CodeType_CODE_TYPE_REFRESH       CodeType = 3
)

func (CodeType) Descriptor 

func (CodeType) Descriptor() protoreflect.EnumDescriptor

func (CodeType) Enum 

func (x CodeType) Enum() *CodeType

func (CodeType) EnumDescriptor deprecated 

func (CodeType) EnumDescriptor() ([]byte, []int)

Deprecated: Use CodeType.Descriptor instead.

func (CodeType) Number 

func (x CodeType) Number() protoreflect.EnumNumber

func (CodeType) String 

func (x CodeType) String() string

func (CodeType) Type 

func (CodeType) Type() protoreflect.EnumType

type MCPRefreshToken added in v0.32.0 

type MCPRefreshToken struct {

	// Unique identifier for this refresh token record
	Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"`
	// User ID associated with this refresh token
	UserId string `protobuf:"bytes,2,opt,name=user_id,json=userId,proto3" json:"user_id,omitempty"`
	// MCP client ID this refresh token was issued to
	ClientId string `protobuf:"bytes,3,opt,name=client_id,json=clientId,proto3" json:"client_id,omitempty"`
	// Identity Provider ID used for the original session
	IdpId string `protobuf:"bytes,4,opt,name=idp_id,json=idpId,proto3" json:"idp_id,omitempty"`
	// Encrypted upstream IdP refresh token used to recreate the session
	UpstreamRefreshToken string `protobuf:"bytes,5,opt,name=upstream_refresh_token,json=upstreamRefreshToken,proto3" json:"upstream_refresh_token,omitempty"`
	// When this refresh token was issued
	IssuedAt *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=issued_at,json=issuedAt,proto3" json:"issued_at,omitempty"`
	// When this refresh token expires
	ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,7,opt,name=expires_at,json=expiresAt,proto3" json:"expires_at,omitempty"`
	// Scopes granted with this refresh token
	Scopes []string `protobuf:"bytes,8,rep,name=scopes,proto3" json:"scopes,omitempty"`
	// Whether this refresh token has been revoked
	Revoked bool `protobuf:"varint,9,opt,name=revoked,proto3" json:"revoked,omitempty"`
	// contains filtered or unexported fields
}

MCPRefreshToken stores the data needed to recreate a Pomerium session when the MCP client requests a token refresh.

func (*MCPRefreshToken) Descriptor deprecated added in v0.32.0 

func (*MCPRefreshToken) Descriptor() ([]byte, []int)

Deprecated: Use MCPRefreshToken.ProtoReflect.Descriptor instead.

func (*MCPRefreshToken) GetClientId added in v0.32.0 

func (x *MCPRefreshToken) GetClientId() string

func (*MCPRefreshToken) GetExpiresAt added in v0.32.0 

func (x *MCPRefreshToken) GetExpiresAt() *timestamppb.Timestamp

func (*MCPRefreshToken) GetId added in v0.32.0 

func (x *MCPRefreshToken) GetId() string

func (*MCPRefreshToken) GetIdpId added in v0.32.0 

func (x *MCPRefreshToken) GetIdpId() string

func (*MCPRefreshToken) GetIssuedAt added in v0.32.0 

func (x *MCPRefreshToken) GetIssuedAt() *timestamppb.Timestamp

func (*MCPRefreshToken) GetRevoked added in v0.32.0 

func (x *MCPRefreshToken) GetRevoked() bool

func (*MCPRefreshToken) GetScopes added in v0.32.0 

func (x *MCPRefreshToken) GetScopes() []string

func (*MCPRefreshToken) GetUpstreamRefreshToken added in v0.32.0 

func (x *MCPRefreshToken) GetUpstreamRefreshToken() string

func (*MCPRefreshToken) GetUserId added in v0.32.0 

func (x *MCPRefreshToken) GetUserId() string

func (*MCPRefreshToken) ProtoMessage added in v0.32.0 

func (*MCPRefreshToken) ProtoMessage()

func (*MCPRefreshToken) ProtoReflect added in v0.32.0 

func (x *MCPRefreshToken) ProtoReflect() protoreflect.Message

func (*MCPRefreshToken) Reset added in v0.32.0 

func (x *MCPRefreshToken) Reset()

func (*MCPRefreshToken) String added in v0.32.0 

func (x *MCPRefreshToken) String() string

type TokenRequest 

type TokenRequest struct {

	// REQUIRED. Identifies the grant type being used.
	// See Sections 3.2.2, 4.1.3, 4.2.1, 4.3.1, 4.4.
	GrantType string `protobuf:"bytes,1,opt,name=grant_type,json=grantType,proto3" json:"grant_type,omitempty"`
	// REQUIRED for grant_type="authorization_code".
	// The authorization code received from the authorization server.
	Code *string `protobuf:"bytes,2,opt,name=code,proto3,oneof" json:"code,omitempty"`
	// REQUIRED for grant_type="authorization_code" if the original authorization request
	// included a "code_challenge". MUST NOT be sent otherwise. (Section 4.1.3)
	// The original PKCE code verifier string.
	CodeVerifier *string `protobuf:"bytes,3,opt,name=code_verifier,json=codeVerifier,proto3,oneof" json:"code_verifier,omitempty"`
	// REQUIRED for grant_type="authorization_code" if the client is public
	// and not authenticating with the authorization server via other means. (Section 4.1.3)
	// Also used for body-parameter client authentication (Section 2.4.1) or
	// when grant_type requires public client identification (Section 3.2.2).
	ClientId *string `protobuf:"bytes,4,opt,name=client_id,json=clientId,proto3,oneof" json:"client_id,omitempty"`
	// REQUIRED for grant_type="refresh_token".
	// The refresh token issued to the client.
	RefreshToken *string `protobuf:"bytes,5,opt,name=refresh_token,json=refreshToken,proto3,oneof" json:"refresh_token,omitempty"`
	// OPTIONAL for grant_type="client_credentials" (Section 4.2.1) or
	// grant_type="refresh_token" (Section 4.3.1).
	// The requested scope of the access request. Space-delimited list.
	Scope *string `protobuf:"bytes,6,opt,name=scope,proto3,oneof" json:"scope,omitempty"`
	// REQUIRED when using body parameters for client authentication.
	// The client secret.
	ClientSecret *string `protobuf:"bytes,7,opt,name=client_secret,json=clientSecret,proto3,oneof" json:"client_secret,omitempty"`
	// contains filtered or unexported fields
}

Represents the request sent to the Token Endpoint (Section 3.2.2). Different parameters are required based on the grant_type.

func (*TokenRequest) Descriptor deprecated 

func (*TokenRequest) Descriptor() ([]byte, []int)

Deprecated: Use TokenRequest.ProtoReflect.Descriptor instead.

func (*TokenRequest) GetClientId 

func (x *TokenRequest) GetClientId() string

func (*TokenRequest) GetClientSecret 

func (x *TokenRequest) GetClientSecret() string

func (*TokenRequest) GetCode 

func (x *TokenRequest) GetCode() string

func (*TokenRequest) GetCodeVerifier 

func (x *TokenRequest) GetCodeVerifier() string

func (*TokenRequest) GetGrantType 

func (x *TokenRequest) GetGrantType() string

func (*TokenRequest) GetRefreshToken 

func (x *TokenRequest) GetRefreshToken() string

func (*TokenRequest) GetScope 

func (x *TokenRequest) GetScope() string

func (*TokenRequest) ProtoMessage 

func (*TokenRequest) ProtoMessage()

func (*TokenRequest) ProtoReflect 

func (x *TokenRequest) ProtoReflect() protoreflect.Message

func (*TokenRequest) Reset 

func (x *TokenRequest) Reset()

func (*TokenRequest) String 

func (x *TokenRequest) String() string

type TokenResponse 

type TokenResponse struct {

	// REQUIRED. The access token issued by the authorization server.
	AccessToken string `protobuf:"bytes,1,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"`
	// REQUIRED. The type of the token issued (e.g., "Bearer"). Value is case-insensitive.
	// See Section 1.4 and Section 6.1.
	TokenType string `protobuf:"bytes,2,opt,name=token_type,json=tokenType,proto3" json:"token_type,omitempty"`
	// RECOMMENDED. The lifetime in seconds of the access token.
	// If omitted, the AS should provide expiration via other means or document the default.
	ExpiresIn *int64 `protobuf:"varint,3,opt,name=expires_in,json=expiresIn,proto3,oneof" json:"expires_in,omitempty"`
	// OPTIONAL. The refresh token, which can be used to obtain new access tokens.
	// Issued based on AS policy and the original grant type.
	RefreshToken *string `protobuf:"bytes,4,opt,name=refresh_token,json=refreshToken,proto3,oneof" json:"refresh_token,omitempty"`
	// RECOMMENDED if the issued scope is identical to the scope requested by the client,
	// otherwise REQUIRED. The scope of the access token granted. Space-delimited list.
	// See Section 1.4.1.
	Scope     *string                `protobuf:"bytes,5,opt,name=scope,proto3,oneof" json:"scope,omitempty"`
	ExpiresAt *timestamppb.Timestamp `protobuf:"bytes,6,opt,name=expires_at,json=expiresAt,proto3,oneof" json:"expires_at,omitempty"`
	// contains filtered or unexported fields
}

Represents a successful response from the Token Endpoint (Section 3.2.3).

func (*TokenResponse) Descriptor deprecated 

func (*TokenResponse) Descriptor() ([]byte, []int)

Deprecated: Use TokenResponse.ProtoReflect.Descriptor instead.

func (*TokenResponse) GetAccessToken 

func (x *TokenResponse) GetAccessToken() string

func (*TokenResponse) GetExpiresAt 

func (x *TokenResponse) GetExpiresAt() *timestamppb.Timestamp

func (*TokenResponse) GetExpiresIn 

func (x *TokenResponse) GetExpiresIn() int64

func (*TokenResponse) GetRefreshToken 

func (x *TokenResponse) GetRefreshToken() string

func (*TokenResponse) GetScope 

func (x *TokenResponse) GetScope() string

func (*TokenResponse) GetTokenType 

func (x *TokenResponse) GetTokenType() string

func (*TokenResponse) ProtoMessage 

func (*TokenResponse) ProtoMessage()

func (*TokenResponse) ProtoReflect 

func (x *TokenResponse) ProtoReflect() protoreflect.Message

func (*TokenResponse) Reset 

func (x *TokenResponse) Reset()

func (*TokenResponse) String 

func (x *TokenResponse) String() string

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.