cim/zitadel-oidc
5
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

some comments

Browse source
This commit is contained in:
Livio Amstutz 2020-07-13 08:02:07 +02:00
parent 4a10ffaaa2
commit 7c1fc4902e
1 changed files with 50 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

56
pkg/oidc/authorization.go
View file

@ -8,10 +8,40 @@ import (
) )
const ( const (
//ScopeOpenID defines the scope `openid`
//OpenID Connect requests MUST contain the `openid` scope value
ScopeOpenID = "openid" ScopeOpenID = "openid"
ResponseTypeCode ResponseType = "code" //ScopeProfile defines the scope `profile`
ResponseTypeIDToken ResponseType = "id_token token" //This (optional) scope value requests access to the End-User's default profile Claims,
//which are: name, family_name, given_name, middle_name, nickname, preferred_username,
//profile, picture, website, gender, birthdate, zoneinfo, locale, and updated_at.
ScopeProfile = "profile"
//ScopeEmail defines the scope `email`
//This (optional) scope value requests access to the email and email_verified Claims.
ScopeEmail = "email"
//ScopeAddress defines the scope `address`
//This (optional) scope value requests access to the address Claim.
ScopeAddress = "address"
//ScopePhone defines the scope `phone`
//This (optional) scope value requests access to the phone_number and phone_number_verified Claims.
ScopePhone = "phone"
//ScopeOfflineAccess defines the scope `profile`
//This (optional) scope value requests that an OAuth 2.0 Refresh Token be issued that can be used to obtain an Access Token
//that grants access to the End-User's UserInfo Endpoint even when the End-User is not present (not logged in).
ScopeOfflineAccess = "offline_access"
//ResponseTypeCode for the Authorization Code Flow returning a code from the Authorization Server
ResponseTypeCode ResponseType = "code"
//ResponseTypeIDToken for the Implicit Flow returning id and access tokens directly from the Authorization Server
ResponseTypeIDToken ResponseType = "id_token token"
//ResponseTypeIDTokenOnly for the Implicit Flow returning only id token directly from the Authorization Server
ResponseTypeIDTokenOnly ResponseType = "id_token" ResponseTypeIDTokenOnly ResponseType = "id_token"
DisplayPage Display = "page" DisplayPage Display = "page"
@ -19,13 +49,23 @@ const (
DisplayTouch Display = "touch" DisplayTouch Display = "touch"
DisplayWAP Display = "wap" DisplayWAP Display = "wap"
PromptNone Prompt = "none" //PromptNone (`none`) disallows the Authorization Server to display any authentication or consent user interface pages.
PromptLogin Prompt = "login" //An error (login_required, interaction_required, ...) will be returned if the user is not already authenticated or consent is needed
PromptConsent Prompt = "consent" PromptNone Prompt = "none"
//PromptLogin (`login`) directs the Authorization Server to prompt the End-User for reauthentication.
PromptLogin Prompt = "login"
//PromptConsent (`consent`) directs the Authorization Server to prompt the End-User for consent (of sharing information).
PromptConsent Prompt = "consent"
//PromptSelectAccount (``) directs the Authorization Server to prompt the End-User to select a user account (to enable multi user / session switching)
PromptSelectAccount Prompt = "select_account" PromptSelectAccount Prompt = "select_account"
//GrantTypeCode defines the grant_type `authorization_code` used for the Token Request in the Authorization Code Flow
GrantTypeCode GrantType = "authorization_code" GrantTypeCode GrantType = "authorization_code"
//BearerToken defines the token_type `Bearer`, which is returned in a successful token response
BearerToken = "Bearer" BearerToken = "Bearer"
) )
@ -38,7 +78,6 @@ var displayValues = map[string]Display{
//AuthRequest according to: //AuthRequest according to:
//https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest //https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
//
type AuthRequest struct { type AuthRequest struct {
ID string ID string
Scopes Scopes `schema:"scope"` Scopes Scopes `schema:"scope"`
@ -63,12 +102,17 @@ type AuthRequest struct {
CodeChallengeMethod CodeChallengeMethod `schema:"code_challenge_method"` CodeChallengeMethod CodeChallengeMethod `schema:"code_challenge_method"`
} }
//GetRedirectURI returns the redirect_uri value for the ErrAuthRequest interface
func (a *AuthRequest) GetRedirectURI() string { func (a *AuthRequest) GetRedirectURI() string {
return a.RedirectURI return a.RedirectURI
} }
//GetResponseType returns the response_type value for the ErrAuthRequest interface
func (a *AuthRequest) GetResponseType() ResponseType { func (a *AuthRequest) GetResponseType() ResponseType {
return a.ResponseType return a.ResponseType
} }
//GetState returns the optional state value for the ErrAuthRequest interface
func (a *AuthRequest) GetState() string { func (a *AuthRequest) GetState() string {
return a.State return a.State
} }