swagger

package
v0.10.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 8, 2017 License: Apache-2.0 Imports: 12 Imported by: 0

README

Go API client for swagger

Please refer to the user guide for in-depth documentation: https://ory.gitbooks.io/hydra/content/ Hydra offers OAuth 2.0 and OpenID Connect Core 1.0 capabilities as a service. Hydra is different, because it works with any existing authentication infrastructure, not just LDAP or SAML. By implementing a consent app (works with any programming language) you build a bridge between Hydra and your authentication infrastructure. Hydra is able to securely manage JSON Web Keys, and has a sophisticated policy-based access control you can use if you want to. Hydra is suitable for green- (new) and brownfield (existing) projects. If you are not familiar with OAuth 2.0 and are working on a greenfield project, we recommend evaluating if OAuth 2.0 really serves your purpose. Knowledge of OAuth 2.0 is imperative in understanding what Hydra does and how it works. The official repository is located at https://github.com/ory/hydra ### Important REST API Documentation Notes The swagger generator used to create this documentation does currently not support example responses. To see request and response payloads click on "Show JSON schema": Enable JSON Schema on Apiary The API documentation always refers to the latest tagged version of ORY Hydra. For previous API documentations, please refer to https://github.com/ory/hydra/blob//docs/api.swagger.yaml - for example: 0.9.13: https://github.com/ory/hydra/blob/v0.9.13/docs/api.swagger.yaml 0.8.1: https://github.com/ory/hydra/blob/v0.8.1/docs/api.swagger.yaml

Overview

This API client was generated by the swagger-codegen project. By using the swagger-spec from a remote server, you can easily generate an API client.

  • API version: Latest
  • Package version: 1.0.0
  • Build package: io.swagger.codegen.languages.GoClientCodegen For more information, please visit https://www.ory.am

Installation

Put the package under your project folder and add the following in import:

    "./swagger"

Documentation for API Endpoints

All URIs are relative to http://localhost

Class Method HTTP request Description
HealthApi GetInstanceMetrics Get /health/metrics Show instance metrics (experimental)
HealthApi GetInstanceStatus Get /health/status Check health status of this instance
JsonWebKeyApi CreateJsonWebKeySet Post /keys/{set} Generate a new JSON Web Key
JsonWebKeyApi DeleteJsonWebKey Delete /keys/{set}/{kid} Delete a JSON Web Key
JsonWebKeyApi DeleteJsonWebKeySet Delete /keys/{set} Delete a JSON Web Key
JsonWebKeyApi GetJsonWebKey Get /keys/{set}/{kid} Retrieve a JSON Web Key
JsonWebKeyApi GetJsonWebKeySet Get /keys/{set} Retrieve a JSON Web Key Set
JsonWebKeyApi UpdateJsonWebKey Put /keys/{set}/{kid} Update a JSON Web Key
JsonWebKeyApi UpdateJsonWebKeySet Put /keys/{set} Update a JSON Web Key Set
OAuth2Api AcceptOAuth2ConsentRequest Patch /oauth2/consent/requests/{id}/accept Accept a consent request
OAuth2Api CreateOAuth2Client Post /clients Create an OAuth 2.0 client
OAuth2Api DeleteOAuth2Client Delete /clients/{id} Deletes an OAuth 2.0 Client
OAuth2Api GetOAuth2Client Get /clients/{id} Retrieve an OAuth 2.0 Client.
OAuth2Api GetOAuth2ConsentRequest Get /oauth2/consent/requests/{id} Receive consent request information
OAuth2Api GetWellKnown Get /.well-known/openid-configuration Server well known configuration
OAuth2Api IntrospectOAuth2Token Post /oauth2/introspect Introspect OAuth2 tokens
OAuth2Api ListOAuth2Clients Get /clients List OAuth 2.0 Clients
OAuth2Api OauthAuth Get /oauth2/auth The OAuth 2.0 authorize endpoint
OAuth2Api OauthToken Post /oauth2/token The OAuth 2.0 token endpoint
OAuth2Api RejectOAuth2ConsentRequest Patch /oauth2/consent/requests/{id}/reject Reject a consent request
OAuth2Api RevokeOAuth2Token Post /oauth2/revoke Revoke OAuth2 tokens
OAuth2Api UpdateOAuth2Client Put /clients/{id} Update an OAuth 2.0 Client
OAuth2Api WellKnown Get /.well-known/jwks.json Get list of well known JSON Web Keys
PolicyApi CreatePolicy Post /policies Create an Access Control Policy
PolicyApi DeletePolicy Delete /policies/{id} Delete an Access Control Policy
PolicyApi GetPolicy Get /policies/{id} Get an Access Control Policy
PolicyApi ListPolicies Get /policies List Access Control Policies
PolicyApi UpdatePolicy Put /policies/{id} Update an Access Control Polic
WardenApi AddMembersToGroup Post /warden/groups/{id}/members Add members to a group
WardenApi CreateGroup Post /warden/groups Create a group
WardenApi DeleteGroup Delete /warden/groups/{id} Delete a group by id
WardenApi DoesWardenAllowAccessRequest Post /warden/allowed Check if an access request is valid (without providing an access token)
WardenApi DoesWardenAllowTokenAccessRequest Post /warden/token/allowed Check if an access request is valid (providing an access token)
WardenApi FindGroupsByMember Get /warden/groups Find groups by member
WardenApi GetGroup Get /warden/groups/{id} Get a group by id
WardenApi RemoveMembersFromGroup Delete /warden/groups/{id}/members Remove members from a group

Documentation For Models

Documentation For Authorization

basic

  • Type: HTTP basic authentication

oauth2

  • Type: OAuth
  • Flow: accessCode
  • Authorization URL: https://your-hydra-instance.com/oauth2/auth
  • Scopes:
  • hydra.clients: A scope required to manage OAuth 2.0 Clients
  • hydra.consent: A scope required to fetch and modify consent requests
  • hydra.groups: A scope required to manage warden groups
  • hydra.health: A scope required to get health information
  • hydra.keys.create: A scope required to create JSON Web Keys
  • hydra.keys.delete: A scope required to delete JSON Web Keys
  • hydra.keys.get: A scope required to fetch JSON Web Keys
  • hydra.keys.update: A scope required to get JSON Web Keys
  • hydra.policies: A scope required to manage access control policies
  • hydra.warden: A scope required to make access control inquiries
  • offline: A scope required when requesting refresh tokens
  • openid: Request an OpenID Connect ID Token

Author

hi@ory.am

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type APIClient

type APIClient struct {
	// contains filtered or unexported fields
}

func (*APIClient) CallAPI

func (c *APIClient) CallAPI(path string, method string,
	postBody interface{},
	headerParams map[string]string,
	queryParams url.Values,
	formParams map[string]string,
	fileName string,
	fileBytes []byte) (*resty.Response, error)

func (*APIClient) ParameterToString

func (c *APIClient) ParameterToString(obj interface{}, collectionFormat string) string

func (*APIClient) SelectHeaderAccept

func (c *APIClient) SelectHeaderAccept(accepts []string) string

func (*APIClient) SelectHeaderContentType

func (c *APIClient) SelectHeaderContentType(contentTypes []string) string

type APIResponse

type APIResponse struct {
	*http.Response `json:"-"`
	Message        string `json:"message,omitempty"`
	// Operation is the name of the swagger operation.
	Operation string `json:"operation,omitempty"`
	// RequestURL is the request URL. This value is always available, even if the
	// embedded *http.Response is nil.
	RequestURL string `json:"url,omitempty"`
	// Method is the HTTP method used for the request.  This value is always
	// available, even if the embedded *http.Response is nil.
	Method string `json:"method,omitempty"`
	// Payload holds the contents of the response body (which may be nil or empty).
	// This is provided here as the raw response.Body() reader will have already
	// been drained.
	Payload []byte `json:"-"`
}

func NewAPIResponse

func NewAPIResponse(r *http.Response) *APIResponse

func NewAPIResponseWithError

func NewAPIResponseWithError(errorMessage string) *APIResponse

type Configuration

type Configuration struct {
	Username      string            `json:"userName,omitempty"`
	Password      string            `json:"password,omitempty"`
	APIKeyPrefix  map[string]string `json:"APIKeyPrefix,omitempty"`
	APIKey        map[string]string `json:"APIKey,omitempty"`
	Debug         bool              `json:"debug,omitempty"`
	DebugFile     string            `json:"debugFile,omitempty"`
	OAuthToken    string            `json:"oAuthToken,omitempty"`
	BasePath      string            `json:"basePath,omitempty"`
	Host          string            `json:"host,omitempty"`
	Scheme        string            `json:"scheme,omitempty"`
	AccessToken   string            `json:"accessToken,omitempty"`
	DefaultHeader map[string]string `json:"defaultHeader,omitempty"`
	UserAgent     string            `json:"userAgent,omitempty"`
	APIClient     *APIClient
	Transport     http.RoundTripper
	Timeout       *time.Duration `json:"timeout,omitempty"`
}

func NewConfiguration

func NewConfiguration() *Configuration

func (*Configuration) AddDefaultHeader

func (c *Configuration) AddDefaultHeader(key string, value string)

func (*Configuration) GetAPIKeyWithPrefix

func (c *Configuration) GetAPIKeyWithPrefix(APIKeyIdentifier string) string

func (*Configuration) GetBasicAuthEncodedString

func (c *Configuration) GetBasicAuthEncodedString() string

type ConsentRequest

type ConsentRequest struct {

	// ClientID is the client id that initiated the OAuth2 request.
	ClientId string `json:"clientId,omitempty"`

	// ID is the id of this consent request.
	Id string `json:"id,omitempty"`

	// Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected.
	RedirectUrl string `json:"redirectUrl,omitempty"`

	// RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator.
	RequestedScopes []string `json:"requestedScopes,omitempty"`
}

type ConsentRequestAcceptance

type ConsentRequestAcceptance struct {

	// AccessTokenExtra represents arbitrary data that will be added to the access token and that will be returned on introspection and warden requests.
	AccessTokenExtra map[string]interface{} `json:"accessTokenExtra,omitempty"`

	// A list of scopes that the user agreed to grant. It should be a subset of requestedScopes from the consent request.
	GrantScopes []string `json:"grantScopes,omitempty"`

	// IDTokenExtra represents arbitrary data that will be added to the ID token. The ID token will only be issued if the user agrees to it and if the client requested an ID token.
	IdTokenExtra map[string]interface{} `json:"idTokenExtra,omitempty"`

	// Subject represents a unique identifier of the user (or service, or legal entity, ...) that accepted the OAuth2 request.
	Subject string `json:"subject,omitempty"`
}

type ConsentRequestManager

type ConsentRequestManager struct {
}

type ConsentRequestRejection

type ConsentRequestRejection struct {

	// Reason represents the reason why the user rejected the consent request.
	Reason string `json:"reason,omitempty"`
}

type Context

type Context struct {

	// Extra represents arbitrary session data.
	AccessTokenExtra map[string]interface{} `json:"accessTokenExtra,omitempty"`

	// ClientID is id of the client the token was issued for..
	ClientId string `json:"clientId,omitempty"`

	// GrantedScopes is a list of scopes that the subject authorized when asked for consent.
	GrantedScopes []string `json:"grantedScopes,omitempty"`

	// Issuer is the id of the issuer, typically an hydra instance.
	Issuer string `json:"issuer,omitempty"`

	// Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too.
	Subject string `json:"subject,omitempty"`
}

Context contains an access token's session data

type Firewall

type Firewall struct {
}

type Group

type Group struct {

	// ID is the groups id.
	Id string `json:"id,omitempty"`

	// Members is who belongs to the group.
	Members []string `json:"members,omitempty"`
}

Group represents a warden group

type GroupMembers

type GroupMembers struct {
	Members []string `json:"members,omitempty"`
}

type Handler

type Handler struct {
	Generators map[string]KeyGenerator `json:"Generators,omitempty"`

	H Writer `json:"H,omitempty"`

	Manager Manager `json:"Manager,omitempty"`

	ResourcePrefix string `json:"ResourcePrefix,omitempty"`

	W Firewall `json:"W,omitempty"`
}

type HealthApi

type HealthApi struct {
	Configuration *Configuration
}

func NewHealthApi

func NewHealthApi() *HealthApi

func NewHealthApiWithBasePath

func NewHealthApiWithBasePath(basePath string) *HealthApi

func (HealthApi) GetInstanceMetrics

func (a HealthApi) GetInstanceMetrics() (*APIResponse, error)

*

  • Show instance metrics (experimental)
  • This endpoint returns an instance's metrics, such as average response time, status code distribution, hits per second and so on. The return values are currently not documented as this endpoint is still experimental. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:health:stats\"], \"actions\": [\"get\"], \"effect\": \"allow\" } ``` *
  • @return void

func (HealthApi) GetInstanceStatus

func (a HealthApi) GetInstanceStatus() (*InlineResponse200, *APIResponse, error)

*

  • Check health status of this instance
  • This endpoint returns `{ \"status\": \"ok\" }`. This status let's you know that the HTTP server is up and running. This status does currently not include checks whether the database connection is up and running. This endpoint does not require the `X-Forwarded-Proto` header when TLS termination is set. Be aware that if you are running multiple nodes of ORY Hydra, the health status will never refer to the cluster state, only to a single instance. *
  • @return *InlineResponse200

type InlineResponse200

type InlineResponse200 struct {

	// Status always contains \"ok\"
	Status string `json:"status,omitempty"`
}

type InlineResponse2001

type InlineResponse2001 struct {

	// The access token issued by the authorization server.
	AccessToken string `json:"access_token,omitempty"`

	// The lifetime in seconds of the access token.  For example, the value \"3600\" denotes that the access token will expire in one hour from the time the response was generated.
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// To retrieve a refresh token request the id_token scope.
	IdToken int64 `json:"id_token,omitempty"`

	// The refresh token, which can be used to obtain new access tokens. To retrieve it add the scope \"offline\" to your access token request.
	RefreshToken string `json:"refresh_token,omitempty"`

	// The scope of the access token
	Scope int64 `json:"scope,omitempty"`

	// The type of the token issued
	TokenType string `json:"token_type,omitempty"`
}

type InlineResponse401

type InlineResponse401 struct {
	Code int64 `json:"code,omitempty"`

	Details []map[string]interface{} `json:"details,omitempty"`

	Message string `json:"message,omitempty"`

	Reason string `json:"reason,omitempty"`

	Request string `json:"request,omitempty"`

	Status string `json:"status,omitempty"`
}

type JoseWebKeySetRequest

type JoseWebKeySetRequest struct {
	Keys []RawMessage `json:"keys,omitempty"`
}

type JsonWebKey

type JsonWebKey struct {

	// The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key.  The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name.
	Alg string `json:"alg,omitempty"`

	Crv string `json:"crv,omitempty"`

	D string `json:"d,omitempty"`

	Dp string `json:"dp,omitempty"`

	Dq string `json:"dq,omitempty"`

	E string `json:"e,omitempty"`

	K string `json:"k,omitempty"`

	// The \"kid\" (key ID) parameter is used to match a specific key.  This is used, for instance, to choose among a set of keys within a JWK Set during key rollover.  The structure of the \"kid\" value is unspecified.  When \"kid\" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct \"kid\" values.  (One example in which different keys might use the same \"kid\" value is if they have different \"kty\" (key type) values but are considered to be equivalent alternatives by the application using them.)  The \"kid\" value is a case-sensitive string.
	Kid string `json:"kid,omitempty"`

	// The \"kty\" (key type) parameter identifies the cryptographic algorithm family used with the key, such as \"RSA\" or \"EC\". \"kty\" values should either be registered in the IANA \"JSON Web Key Types\" registry established by [JWA] or be a value that contains a Collision- Resistant Name.  The \"kty\" value is a case-sensitive string.
	Kty string `json:"kty,omitempty"`

	N string `json:"n,omitempty"`

	P string `json:"p,omitempty"`

	Q string `json:"q,omitempty"`

	Qi string `json:"qi,omitempty"`

	// The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly \"sig\" (signature) or \"enc\" (encryption).
	Use string `json:"use,omitempty"`

	X string `json:"x,omitempty"`

	// The \"x5c\" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280].  The certificate chain is represented as a JSON array of certificate value strings.  Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate.
	X5c []string `json:"x5c,omitempty"`

	Y string `json:"y,omitempty"`
}

type JsonWebKeyApi

type JsonWebKeyApi struct {
	Configuration *Configuration
}

func NewJsonWebKeyApi

func NewJsonWebKeyApi() *JsonWebKeyApi

func NewJsonWebKeyApiWithBasePath

func NewJsonWebKeyApiWithBasePath(basePath string) *JsonWebKeyApi

func (JsonWebKeyApi) CreateJsonWebKeySet

func (a JsonWebKeyApi) CreateJsonWebKeySet(set string, body JsonWebKeySetGeneratorRequest) (*JsonWebKeySet, *APIResponse, error)

*

  • Generate a new JSON Web Key
  • This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` *
  • @param set The set
  • @param body
  • @return *JsonWebKeySet

func (JsonWebKeyApi) DeleteJsonWebKey

func (a JsonWebKeyApi) DeleteJsonWebKey(kid string, set string) (*APIResponse, error)

*

  • Delete a JSON Web Key
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"delete\"], \"effect\": \"allow\" } ``` *
  • @param kid The kid of the desired key
  • @param set The set
  • @return void

func (JsonWebKeyApi) DeleteJsonWebKeySet

func (a JsonWebKeyApi) DeleteJsonWebKeySet(set string) (*APIResponse, error)

*

  • Delete a JSON Web Key
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>\"], \"actions\": [\"delete\"], \"effect\": \"allow\" } ``` *
  • @param set The set
  • @return void

func (JsonWebKeyApi) GetJsonWebKey

func (a JsonWebKeyApi) GetJsonWebKey(kid string, set string) (*JsonWebKeySet, *APIResponse, error)

*

  • Retrieve a JSON Web Key
  • This endpoint can be used to retrieve JWKs stored in ORY Hydra. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"get\"], \"effect\": \"allow\" } ``` *
  • @param kid The kid of the desired key
  • @param set The set
  • @return *JsonWebKeySet

func (JsonWebKeyApi) GetJsonWebKeySet

func (a JsonWebKeyApi) GetJsonWebKeySet(set string) (*JsonWebKeySet, *APIResponse, error)

*

  • Retrieve a JSON Web Key Set
  • This endpoint can be used to retrieve JWK Sets stored in ORY Hydra. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"get\"], \"effect\": \"allow\" } ``` *
  • @param set The set
  • @return *JsonWebKeySet

func (JsonWebKeyApi) UpdateJsonWebKey

func (a JsonWebKeyApi) UpdateJsonWebKey(kid string, set string, body JsonWebKey) (*JsonWebKey, *APIResponse, error)

*

  • Update a JSON Web Key
  • Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>:<kid>\"], \"actions\": [\"update\"], \"effect\": \"allow\" } ``` *
  • @param kid The kid of the desired key
  • @param set The set
  • @param body
  • @return *JsonWebKey

func (JsonWebKeyApi) UpdateJsonWebKeySet

func (a JsonWebKeyApi) UpdateJsonWebKeySet(set string, body JsonWebKeySet) (*JsonWebKeySet, *APIResponse, error)

*

  • Update a JSON Web Key Set
  • Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:<set>\"], \"actions\": [\"update\"], \"effect\": \"allow\" } ``` *
  • @param set The set
  • @param body
  • @return *JsonWebKeySet

type JsonWebKeySet

type JsonWebKeySet struct {

	// The value of the \"keys\" parameter is an array of JWK values.  By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired.
	Keys []JsonWebKey `json:"keys,omitempty"`
}

type JsonWebKeySetGeneratorRequest

type JsonWebKeySetGeneratorRequest struct {

	// The algorithm to be used for creating the key. Supports \"RS256\", \"ES512\", \"HS512\", and \"HS256\"
	Alg string `json:"alg"`

	// The kid of the key to be created
	Kid string `json:"kid"`
}

type KeyGenerator

type KeyGenerator struct {
}

type Manager

type Manager struct {
}

type OAuth2Api

type OAuth2Api struct {
	Configuration *Configuration
}

func NewOAuth2Api

func NewOAuth2Api() *OAuth2Api

func NewOAuth2ApiWithBasePath

func NewOAuth2ApiWithBasePath(basePath string) *OAuth2Api

func (OAuth2Api) AcceptOAuth2ConsentRequest

func (a OAuth2Api) AcceptOAuth2ConsentRequest(id string, body ConsentRequestAcceptance) (*APIResponse, error)

*

  • Accept a consent request
  • Call this endpoint to accept a consent request. This usually happens when a user agrees to give access rights to an application. The consent request id is usually transmitted via the URL query `consent`. For example: `http://consent-app.mydomain.com/?consent=1234abcd` The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:oauth2:consent:requests:<request-id>\"], \"actions\": [\"accept\"], \"effect\": \"allow\" } ``` *
  • @param id
  • @param body
  • @return void

func (OAuth2Api) CreateOAuth2Client

func (a OAuth2Api) CreateOAuth2Client(body OAuth2Client) (*OAuth2Client, *APIResponse, error)

*

  • Create an OAuth 2.0 client
  • If you pass `client_secret` the secret will be used, otherwise a random secret will be generated. The secret will be returned in the response and you will not be able to retrieve it later on. Write the secret down and keep it somwhere safe. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:clients\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` Additionally, the context key \"owner\" is set to the owner of the client, allowing policies such as: ``` { \"resources\": [\"rn:hydra:clients\"], \"actions\": [\"create\"], \"effect\": \"allow\", \"conditions\": { \"owner\": { \"type\": \"EqualsSubjectCondition\" } } } ``` *
  • @param body
  • @return *OAuth2Client

func (OAuth2Api) DeleteOAuth2Client

func (a OAuth2Api) DeleteOAuth2Client(id string) (*APIResponse, error)

*

  • Deletes an OAuth 2.0 Client
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:clients:<some-id>\"], \"actions\": [\"delete\"], \"effect\": \"allow\" } ``` Additionally, the context key \"owner\" is set to the owner of the client, allowing policies such as: ``` { \"resources\": [\"rn:hydra:clients:<some-id>\"], \"actions\": [\"delete\"], \"effect\": \"allow\", \"conditions\": { \"owner\": { \"type\": \"EqualsSubjectCondition\" } } } ``` *
  • @param id The id of the OAuth 2.0 Client.
  • @return void

func (OAuth2Api) GetOAuth2Client

func (a OAuth2Api) GetOAuth2Client(id string) (*OAuth2Client, *APIResponse, error)

*

  • Retrieve an OAuth 2.0 Client.
  • This endpoint never returns passwords. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:clients:<some-id>\"], \"actions\": [\"get\"], \"effect\": \"allow\" } ``` Additionally, the context key \"owner\" is set to the owner of the client, allowing policies such as: ``` { \"resources\": [\"rn:hydra:clients:<some-id>\"], \"actions\": [\"get\"], \"effect\": \"allow\", \"conditions\": { \"owner\": { \"type\": \"EqualsSubjectCondition\" } } } ``` *
  • @param id The id of the OAuth 2.0 Client.
  • @return *OAuth2Client

func (OAuth2Api) GetOAuth2ConsentRequest

func (a OAuth2Api) GetOAuth2ConsentRequest(id string) (*OAuth2ConsentRequest, *APIResponse, error)

*

  • Receive consent request information
  • Call this endpoint to receive information on consent requests. The consent request id is usually transmitted via the URL query `consent`. For example: `http://consent-app.mydomain.com/?consent=1234abcd` The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:oauth2:consent:requests:<request-id>\"], \"actions\": [\"get\"], \"effect\": \"allow\" } ``` *
  • @param id The id of the OAuth 2.0 Consent Request.
  • @return *OAuth2ConsentRequest

func (OAuth2Api) GetWellKnown

func (a OAuth2Api) GetWellKnown() (*WellKnown, *APIResponse, error)

*

  • Server well known configuration
  • The well known endpoint an be used to retrieve information for OpenID Connect clients. We encourage you to not roll your own OpenID Connect client but to use an OpenID Connect client library instead. You can learn more on this flow at https://openid.net/specs/openid-connect-discovery-1_0.html *
  • @return *WellKnown

func (OAuth2Api) IntrospectOAuth2Token

func (a OAuth2Api) IntrospectOAuth2Token(token string, scope string) (*OAuth2TokenIntrospection, *APIResponse, error)

*

  • Introspect OAuth2 tokens
  • The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token is neither expired nor revoked. If a token is active, additional information on the token will be included. You can set additional data for a token by setting `accessTokenExtra` during the consent flow. ``` { \"resources\": [\"rn:hydra:oauth2:tokens\"], \"actions\": [\"introspect\"], \"effect\": \"allow\" } ``` *
  • @param token The string value of the token. For access tokens, this is the \"access_token\" value returned from the token endpoint defined in OAuth 2.0 [RFC6749], Section 5.1. This endpoint DOES NOT accept refresh tokens for validation.
  • @param scope An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false.
  • @return *OAuth2TokenIntrospection

func (OAuth2Api) ListOAuth2Clients

func (a OAuth2Api) ListOAuth2Clients() ([]OAuth2Client, *APIResponse, error)

*

  • List OAuth 2.0 Clients
  • This endpoint never returns passwords. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:clients\"], \"actions\": [\"get\"], \"effect\": \"allow\" } ``` *
  • @return []OAuth2Client

func (OAuth2Api) OauthAuth

func (a OAuth2Api) OauthAuth() (*APIResponse, error)

*

  • The OAuth 2.0 authorize endpoint
  • This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows. OAuth2 is a very popular protocol and a library for your programming language will exists. To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749 *
  • @return void

func (OAuth2Api) OauthToken

func (a OAuth2Api) OauthToken() (*InlineResponse2001, *APIResponse, error)

*

  • The OAuth 2.0 token endpoint
  • This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows. OAuth2 is a very popular protocol and a library for your programming language will exists. To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc6749 *
  • @return *InlineResponse2001

func (OAuth2Api) RejectOAuth2ConsentRequest

func (a OAuth2Api) RejectOAuth2ConsentRequest(id string, body ConsentRequestRejection) (*APIResponse, error)

*

  • Reject a consent request
  • Call this endpoint to reject a consent request. This usually happens when a user denies access rights to an application. The consent request id is usually transmitted via the URL query `consent`. For example: `http://consent-app.mydomain.com/?consent=1234abcd` The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:oauth2:consent:requests:<request-id>\"], \"actions\": [\"reject\"], \"effect\": \"allow\" } ``` *
  • @param id
  • @param body
  • @return void

func (OAuth2Api) RevokeOAuth2Token

func (a OAuth2Api) RevokeOAuth2Token(token string) (*APIResponse, error)

*

  • Revoke OAuth2 tokens
  • Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no longer be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token. Revoking a refresh token also invalidates the access token that was created with it. *
  • @param token
  • @return void

func (OAuth2Api) UpdateOAuth2Client

func (a OAuth2Api) UpdateOAuth2Client(id string, body OAuth2Client) (*OAuth2Client, *APIResponse, error)

*

  • Update an OAuth 2.0 Client
  • If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:clients\"], \"actions\": [\"update\"], \"effect\": \"allow\" } ``` Additionally, the context key \"owner\" is set to the owner of the client, allowing policies such as: ``` { \"resources\": [\"rn:hydra:clients\"], \"actions\": [\"update\"], \"effect\": \"allow\", \"conditions\": { \"owner\": { \"type\": \"EqualsSubjectCondition\" } } } ``` *
  • @param id
  • @param body
  • @return *OAuth2Client

func (OAuth2Api) WellKnown

func (a OAuth2Api) WellKnown() (*JsonWebKeySet, *APIResponse, error)

*

  • Get list of well known JSON Web Keys
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:keys:hydra.openid.id-token:public\"], \"actions\": [\"GET\"], \"effect\": \"allow\" } ``` *
  • @return *JsonWebKeySet

type OAuth2Client

type OAuth2Client struct {

	// Name is the human-readable string name of the client to be presented to the end-user during authorization.
	ClientName string `json:"client_name,omitempty"`

	// Secret is the client's secret. The secret will be included in the create request as cleartext, and then never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users that they need to write the secret down as it will not be made available again.
	ClientSecret string `json:"client_secret,omitempty"`

	// ClientURI is an URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion.
	ClientUri string `json:"client_uri,omitempty"`

	// Contacts is a array of strings representing ways to contact people responsible for this client, typically email addresses.
	Contacts []string `json:"contacts,omitempty"`

	// GrantTypes is an array of grant types the client is allowed to use.
	GrantTypes []string `json:"grant_types,omitempty"`

	// ID is the id for this client.
	Id string `json:"id,omitempty"`

	// LogoURI is an URL string that references a logo for the client.
	LogoUri string `json:"logo_uri,omitempty"`

	// Owner is a string identifying the owner of the OAuth 2.0 Client.
	Owner string `json:"owner,omitempty"`

	// PolicyURI is a URL string that points to a human-readable privacy policy document that describes how the deployment organization collects, uses, retains, and discloses personal data.
	PolicyUri string `json:"policy_uri,omitempty"`

	// Public is a boolean that identifies this client as public, meaning that it does not have a secret. It will disable the client_credentials grant type for this client if set.
	Public bool `json:"public,omitempty"`

	// RedirectURIs is an array of allowed redirect urls for the client, for example: http://mydomain/oauth/callback .
	RedirectUris []string `json:"redirect_uris,omitempty"`

	// ResponseTypes is an array of the OAuth 2.0 response type strings that the client can use at the authorization endpoint.
	ResponseTypes []string `json:"response_types,omitempty"`

	// Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens.
	Scope string `json:"scope,omitempty"`

	// TermsOfServiceURI is a URL string that points to a human-readable terms of service document for the client that describes a contractual relationship between the end-user and the client that the end-user accepts when authorizing the client.
	TosUri string `json:"tos_uri,omitempty"`
}

type OAuth2ConsentRequest

type OAuth2ConsentRequest struct {

	// ClientID is the client id that initiated the OAuth2 request.
	ClientId string `json:"clientId,omitempty"`

	// ExpiresAt is the time where the access request will expire.
	ExpiresAt string `json:"expiresAt,omitempty"`

	// ID is the id of this consent request.
	Id string `json:"id,omitempty"`

	// Redirect URL is the URL where the user agent should be redirected to after the consent has been accepted or rejected.
	RedirectUrl string `json:"redirectUrl,omitempty"`

	// RequestedScopes represents a list of scopes that have been requested by the OAuth2 request initiator.
	RequestedScopes []string `json:"requestedScopes,omitempty"`
}

type OAuth2TokenIntrospection

type OAuth2TokenIntrospection struct {

	// Active is a boolean indicator of whether or not the presented token is currently active.  The specifics of a token's \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time).
	Active bool `json:"active,omitempty"`

	// ClientID is a service-specific string identifier or list of string identifiers representing the intended audience for this token.
	Aud string `json:"aud,omitempty"`

	// ClientID is aclient identifier for the OAuth 2.0 client that requested this token.
	ClientId string `json:"client_id,omitempty"`

	// Expires at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire.
	Exp int64 `json:"exp,omitempty"`

	// Extra is arbitrary data set by the session.
	Ext map[string]interface{} `json:"ext,omitempty"`

	// Issued at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token was originally issued.
	Iat int64 `json:"iat,omitempty"`

	// Issuer is a string representing the issuer of this token
	Iss string `json:"iss,omitempty"`

	// NotBefore is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before.
	Nbf int64 `json:"nbf,omitempty"`

	// Scope is a JSON string containing a space-separated list of scopes associated with this token.
	Scope string `json:"scope,omitempty"`

	// Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token.
	Sub string `json:"sub,omitempty"`

	// Username is a human-readable identifier for the resource owner who authorized this token.
	Username string `json:"username,omitempty"`
}

type Policy

type Policy struct {

	// Actions impacted by the policy.
	Actions []string `json:"actions,omitempty"`

	// Conditions under which the policy is active.
	Conditions map[string]PolicyConditions `json:"conditions,omitempty"`

	// Description of the policy.
	Description string `json:"description,omitempty"`

	// Effect of the policy
	Effect string `json:"effect,omitempty"`

	// ID of the policy.
	Id string `json:"id,omitempty"`

	// Resources impacted by the policy.
	Resources []string `json:"resources,omitempty"`

	// Subjects impacted by the policy.
	Subjects []string `json:"subjects,omitempty"`
}

type PolicyApi

type PolicyApi struct {
	Configuration *Configuration
}

func NewPolicyApi

func NewPolicyApi() *PolicyApi

func NewPolicyApiWithBasePath

func NewPolicyApiWithBasePath(basePath string) *PolicyApi

func (PolicyApi) CreatePolicy

func (a PolicyApi) CreatePolicy(body Policy) (*Policy, *APIResponse, error)

*

  • Create an Access Control Policy
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:policies\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` *
  • @param body
  • @return *Policy

func (PolicyApi) DeletePolicy

func (a PolicyApi) DeletePolicy(id string) (*APIResponse, error)

*

  • Delete an Access Control Policy
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:policies:<id>\"], \"actions\": [\"delete\"], \"effect\": \"allow\" } ``` *
  • @param id The id of the policy.
  • @return void

func (PolicyApi) GetPolicy

func (a PolicyApi) GetPolicy(id string) (*Policy, *APIResponse, error)

*

  • Get an Access Control Policy
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:policies:<id>\"], \"actions\": [\"get\"], \"effect\": \"allow\" } ``` *
  • @param id The id of the policy.
  • @return *Policy

func (PolicyApi) ListPolicies

func (a PolicyApi) ListPolicies(offset int64, limit int64) ([]Policy, *APIResponse, error)

*

  • List Access Control Policies
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:policies\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` *
  • @param offset The offset from where to start looking.
  • @param limit The maximum amount of policies returned.
  • @return []Policy

func (PolicyApi) UpdatePolicy

func (a PolicyApi) UpdatePolicy(id string, body Policy) (*Policy, *APIResponse, error)

*

  • Update an Access Control Polic
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:policies\"], \"actions\": [\"update\"], \"effect\": \"allow\" } ``` *
  • @param id The id of the policy.
  • @param body
  • @return *Policy

type PolicyConditions

type PolicyConditions struct {
	Options map[string]interface{} `json:"options,omitempty"`

	Type_ string `json:"type,omitempty"`
}

type RawMessage

type RawMessage struct {
}

It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding.

type SwaggerAcceptConsentRequest

type SwaggerAcceptConsentRequest struct {
	Body ConsentRequestAcceptance `json:"Body"`

	// in: path
	Id string `json:"id"`
}

type SwaggerCreatePolicyParameters

type SwaggerCreatePolicyParameters struct {
	Body Policy `json:"Body,omitempty"`
}

type SwaggerDoesWardenAllowAccessRequestParameters

type SwaggerDoesWardenAllowAccessRequestParameters struct {
	Body WardenAccessRequest `json:"Body,omitempty"`
}

type SwaggerDoesWardenAllowTokenAccessRequestParameters

type SwaggerDoesWardenAllowTokenAccessRequestParameters struct {
	Body WardenTokenAccessRequest `json:"Body,omitempty"`
}

type SwaggerGetPolicyParameters

type SwaggerGetPolicyParameters struct {

	// The id of the policy. in: path
	Id string `json:"id,omitempty"`
}

type SwaggerJsonWebKeyQuery

type SwaggerJsonWebKeyQuery struct {

	// The kid of the desired key in: path
	Kid string `json:"kid"`

	// The set in: path
	Set string `json:"set"`
}

type SwaggerJwkCreateSet

type SwaggerJwkCreateSet struct {
	Body JsonWebKeySetGeneratorRequest `json:"Body,omitempty"`

	// The set in: path
	Set string `json:"set"`
}

type SwaggerJwkSetQuery

type SwaggerJwkSetQuery struct {

	// The set in: path
	Set string `json:"set"`
}

type SwaggerJwkUpdateSet

type SwaggerJwkUpdateSet struct {
	Body JsonWebKeySet `json:"Body,omitempty"`

	// The set in: path
	Set string `json:"set"`
}

type SwaggerJwkUpdateSetKey

type SwaggerJwkUpdateSetKey struct {
	Body JsonWebKey `json:"Body,omitempty"`

	// The kid of the desired key in: path
	Kid string `json:"kid"`

	// The set in: path
	Set string `json:"set"`
}

type SwaggerListPolicyParameters

type SwaggerListPolicyParameters struct {

	// The maximum amount of policies returned. in: query
	Limit int64 `json:"limit,omitempty"`

	// The offset from where to start looking. in: query
	Offset int64 `json:"offset,omitempty"`
}

type SwaggerListPolicyResponse

type SwaggerListPolicyResponse struct {

	// in: body type: array
	Body []Policy `json:"Body,omitempty"`
}

A policy

type SwaggerOAuthConsentRequest

type SwaggerOAuthConsentRequest struct {
	Body OAuth2ConsentRequest `json:"Body,omitempty"`
}

The consent request response

type SwaggerOAuthConsentRequestPayload

type SwaggerOAuthConsentRequestPayload struct {

	// The id of the OAuth 2.0 Consent Request.
	Id string `json:"id"`
}

type SwaggerOAuthIntrospectionRequest

type SwaggerOAuthIntrospectionRequest struct {

	// An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false.  in: formData
	Scope string `json:"scope,omitempty"`

	// The string value of the token. For access tokens, this is the \"access_token\" value returned from the token endpoint defined in OAuth 2.0 [RFC6749], Section 5.1. This endpoint DOES NOT accept refresh tokens for validation.
	Token string `json:"token"`
}

type SwaggerOAuthIntrospectionResponse

type SwaggerOAuthIntrospectionResponse struct {
	Body OAuth2TokenIntrospection `json:"Body,omitempty"`
}

The token introspection response

type SwaggerOAuthTokenResponse

type SwaggerOAuthTokenResponse struct {
	Body SwaggerOAuthTokenResponseBody `json:"Body,omitempty"`
}

The token response

type SwaggerOAuthTokenResponseBody

type SwaggerOAuthTokenResponseBody struct {

	// The access token issued by the authorization server.
	AccessToken string `json:"access_token,omitempty"`

	// The lifetime in seconds of the access token.  For example, the value \"3600\" denotes that the access token will expire in one hour from the time the response was generated.
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// To retrieve a refresh token request the id_token scope.
	IdToken int64 `json:"id_token,omitempty"`

	// The refresh token, which can be used to obtain new access tokens. To retrieve it add the scope \"offline\" to your access token request.
	RefreshToken string `json:"refresh_token,omitempty"`

	// The scope of the access token
	Scope int64 `json:"scope,omitempty"`

	// The type of the token issued
	TokenType string `json:"token_type,omitempty"`
}

in: body

type SwaggerRejectConsentRequest

type SwaggerRejectConsentRequest struct {
	Body ConsentRequestRejection `json:"Body"`

	// in: path
	Id string `json:"id"`
}

type SwaggerRevokeOAuth2TokenParameters

type SwaggerRevokeOAuth2TokenParameters struct {

	// in: formData
	Token string `json:"token"`
}

type SwaggerUpdatePolicyParameters

type SwaggerUpdatePolicyParameters struct {
	Body Policy `json:"Body,omitempty"`

	// The id of the policy. in: path
	Id string `json:"id,omitempty"`
}

type SwaggerWardenAccessRequestResponseParameters

type SwaggerWardenAccessRequestResponseParameters struct {
	Body WardenAccessRequestResponse `json:"Body,omitempty"`
}

The warden access request response

type SwaggerWardenTokenAccessRequestResponse

type SwaggerWardenTokenAccessRequestResponse struct {
	Body WardenTokenAccessRequestResponse `json:"Body,omitempty"`
}

The warden access request (with token) response

type TokenAllowedRequest

type TokenAllowedRequest struct {

	// Action is the action that is requested on the resource.
	Action string `json:"action,omitempty"`

	// Context is the request's environmental context.
	Context map[string]interface{} `json:"context,omitempty"`

	// Resource is the resource that access is requested to.
	Resource string `json:"resource,omitempty"`
}

type WardenAccessRequest

type WardenAccessRequest struct {

	// Action is the action that is requested on the resource.
	Action string `json:"action,omitempty"`

	// Context is the request's environmental context.
	Context map[string]interface{} `json:"context,omitempty"`

	// Resource is the resource that access is requested to.
	Resource string `json:"resource,omitempty"`

	// Subejct is the subject that is requesting access.
	Subject string `json:"subject,omitempty"`
}

type WardenAccessRequestResponse

type WardenAccessRequestResponse struct {

	// Allowed is true if the request is allowed and false otherwise.
	Allowed bool `json:"allowed,omitempty"`
}

The warden access request response

type WardenApi

type WardenApi struct {
	Configuration *Configuration
}

func NewWardenApi

func NewWardenApi() *WardenApi

func NewWardenApiWithBasePath

func NewWardenApiWithBasePath(basePath string) *WardenApi

func (WardenApi) AddMembersToGroup

func (a WardenApi) AddMembersToGroup(id string, body GroupMembers) (*APIResponse, error)

*

  • Add members to a group
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"members.add\"], \"effect\": \"allow\" } ``` *
  • @param id The id of the group to modify.
  • @param body
  • @return void

func (WardenApi) CreateGroup

func (a WardenApi) CreateGroup(body Group) (*Group, *APIResponse, error)

*

  • Create a group
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` *
  • @param body
  • @return *Group

func (WardenApi) DeleteGroup

func (a WardenApi) DeleteGroup(id string) (*APIResponse, error)

*

  • Delete a group by id
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"delete\"], \"effect\": \"allow\" } ``` *
  • @param id The id of the group to look up.
  • @return void

func (WardenApi) DoesWardenAllowAccessRequest

func (a WardenApi) DoesWardenAllowAccessRequest(body WardenAccessRequest) (*WardenAccessRequestResponse, *APIResponse, error)

*

  • Check if an access request is valid (without providing an access token)
  • Checks if a subject (typically a user or a service) is allowed to perform an action on a resource. This endpoint requires a subject, a resource name, an action name and a context. If the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false}`, otherwise `{ \"allowed\": true }` is returned. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:allowed\"], \"actions\": [\"decide\"], \"effect\": \"allow\" } ``` *
  • @param body
  • @return *WardenAccessRequestResponse

func (WardenApi) DoesWardenAllowTokenAccessRequest

func (a WardenApi) DoesWardenAllowTokenAccessRequest(body WardenTokenAccessRequest) (*WardenTokenAccessRequestResponse, *APIResponse, error)

*

  • Check if an access request is valid (providing an access token)
  • Checks if a token is valid and if the token subject is allowed to perform an action on a resource. This endpoint requires a token, a scope, a resource name, an action name and a context. If a token is expired/invalid, has not been granted the requested scope or the subject is not allowed to perform the action on the resource, this endpoint returns a 200 response with `{ \"allowed\": false}`. Extra data set through the `accessTokenExtra` field in the consent flow will be included in the response. The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:token:allowed\"], \"actions\": [\"decide\"], \"effect\": \"allow\" } ``` *
  • @param body
  • @return *WardenTokenAccessRequestResponse

func (WardenApi) FindGroupsByMember

func (a WardenApi) FindGroupsByMember(member string) ([]Group, *APIResponse, error)

*

  • Find groups by member
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups\"], \"actions\": [\"list\"], \"effect\": \"allow\" } ``` *
  • @param member The id of the member to look up.
  • @return []Group

func (WardenApi) GetGroup

func (a WardenApi) GetGroup(id string) (*Group, *APIResponse, error)

*

  • Get a group by id
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"create\"], \"effect\": \"allow\" } ``` *
  • @param id The id of the group to look up.
  • @return *Group

func (WardenApi) RemoveMembersFromGroup

func (a WardenApi) RemoveMembersFromGroup(id string, body GroupMembers) (*APIResponse, error)

*

  • Remove members from a group
  • The subject making the request needs to be assigned to a policy containing: ``` { \"resources\": [\"rn:hydra:warden:groups:<id>\"], \"actions\": [\"members.remove\"], \"effect\": \"allow\" } ``` *
  • @param id The id of the group to modify.
  • @param body
  • @return void

type WardenTokenAccessRequest

type WardenTokenAccessRequest struct {

	// Action is the action that is requested on the resource.
	Action string `json:"action,omitempty"`

	// Context is the request's environmental context.
	Context map[string]interface{} `json:"context,omitempty"`

	// Resource is the resource that access is requested to.
	Resource string `json:"resource,omitempty"`

	// Scopes is an array of scopes that are requried.
	Scopes []string `json:"scopes,omitempty"`

	// Token is the token to introspect.
	Token string `json:"token,omitempty"`
}

type WardenTokenAccessRequestResponse

type WardenTokenAccessRequestResponse struct {

	// Extra represents arbitrary session data.
	AccessTokenExtra map[string]interface{} `json:"accessTokenExtra,omitempty"`

	// Allowed is true if the request is allowed and false otherwise.
	Allowed bool `json:"allowed,omitempty"`

	// ClientID is the id of the OAuth2 client that requested the token.
	ClientId string `json:"clientId,omitempty"`

	// ExpiresAt is the expiry timestamp.
	ExpiresAt string `json:"expiresAt,omitempty"`

	// GrantedScopes is a list of scopes that the subject authorized when asked for consent.
	GrantedScopes []string `json:"grantedScopes,omitempty"`

	// IssuedAt is the token creation time stamp.
	IssuedAt string `json:"issuedAt,omitempty"`

	// Issuer is the id of the issuer, typically an hydra instance.
	Issuer string `json:"issuer,omitempty"`

	// Subject is the identity that authorized issuing the token, for example a user or an OAuth2 app. This is usually a uuid but you can choose a urn or some other id too.
	Subject string `json:"subject,omitempty"`
}

The warden access request (with token) response

type WellKnown

type WellKnown struct {

	// URL of the OP's OAuth 2.0 Authorization Endpoint
	AuthorizationEndpoint string `json:"authorization_endpoint"`

	// JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token to encode the Claims in a JWT [JWT]. The algorithm RS256 MUST be included. The value none MAY be supported, but MUST NOT be used unless the Response Type used returns no ID Token from the Authorization Endpoint (such as when using the Authorization Code Flow).
	IdTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`

	// URL using the https scheme with no query or fragment component that the OP asserts as its Issuer Identifier. If Issuer discovery is supported , this value MUST be identical to the issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this Issuer.
	Issuer string `json:"issuer"`

	// URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
	JwksUri string `json:"jwks_uri"`

	// JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID Providers MUST support the code, id_token, and the token id_token Response Type values.
	ResponseTypesSupported []string `json:"response_types_supported"`

	// JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include pairwise and public.
	SubjectTypesSupported []string `json:"subject_types_supported"`

	// URL of the OP's OAuth 2.0 Token Endpoint
	TokenEndpoint string `json:"token_endpoint"`
}

type Writer

type Writer struct {
}

Writer is a helper to write arbitrary data to a ResponseWriter

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL