This repository has been archived on 2022-07-28. You can view files and clone it, but cannot push or open issues or pull requests.
hydra_oidc_poc/common/models/oidc.go

158 lines
5.5 KiB
Go

/*
This package contains data models.
*/
package models
// An individual claim request.
//
// Specification
//
// https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
type IndividualClaimRequest map[string]interface{}
// ClaimElement represents a claim element
type ClaimElement map[string]*IndividualClaimRequest
// OIDCClaimsRequest the claims request parameter sent with the authorization request.
//
// Specification
//
// https://openid.net/specs/openid-connect-core-1_0.html#ClaimsParameter
type OIDCClaimsRequest map[string]ClaimElement
// GetUserInfo extracts the userinfo claim element from the request.
//
// Specification
//
// https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
//
// Requests that the listed individual Claims be returned from the UserInfo
// Endpoint. If present, the listed Claims are being requested to be added to
// any Claims that are being requested using scope values. If not present, the
// Claims being requested from the UserInfo Endpoint are only those requested
// using scope values.
//
// When the userinfo member is used, the request MUST also use a response_type
// value that results in an Access Token being issued to the Client for use at
// the UserInfo Endpoint.
func (r OIDCClaimsRequest) GetUserInfo() *ClaimElement {
if userInfo, ok := r["userinfo"]; ok {
return &userInfo
}
return nil
}
// GetIDToken extracts the id_token claim element from the request.
//
// Specification
//
// https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims
//
// Requests that the listed individual Claims be returned in the ID Token. If
// present, the listed Claims are being requested to be added to the default
// Claims in the ID Token. If not present, the default ID Token Claims are
// requested, as per the ID Token definition in Section 2 and per the
// additional per-flow ID Token requirements in Sections 3.1.3.6, 3.2.2.10,
// 3.3.2.11, and 3.3.3.6.
func (r OIDCClaimsRequest) GetIDToken() *ClaimElement {
if idToken, ok := r["id_token"]; ok {
return &idToken
}
return nil
}
// Checks whether the individual claim is an essential claim.
//
// Specification
//
// https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
//
// Indicates whether the Claim being requested is an Essential Claim. If the
// value is true, this indicates that the Claim is an Essential Claim. For
// instance, the Claim request:
//
// "auth_time": {"essential": true}
//
// can be used to specify that it is Essential to return an auth_time Claim
// Value. If the value is false, it indicates that it is a Voluntary Claim.
// The default is false.
//
// By requesting Claims as Essential Claims, the RP indicates to the End-User
// that releasing these Claims will ensure a smooth authorization for the
// specific task requested by the End-User.
//
// Note that even if the Claims are not available because the End-User did not
// authorize their release or they are not present, the Authorization Server
// MUST NOT generate an error when Claims are not returned, whether they are
// Essential or Voluntary, unless otherwise specified in the description of
// the specific claim.
func (i IndividualClaimRequest) IsEssential() bool {
if essential, ok := i["essential"]; ok {
return essential.(bool)
}
return false
}
// Returns the wanted value for an individual claim request.
//
// Specification
//
// https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
//
// Requests that the Claim be returned with a particular value. For instance
// the Claim request:
//
// "sub": {"value": "248289761001"}
//
// can be used to specify that the request apply to the End-User with Subject
// Identifier 248289761001. The value of the value member MUST be a valid
// value for the Claim being requested. Definitions of individual Claims can
// include requirements on how and whether the value qualifier is to be used
// when requesting that Claim.
func (i IndividualClaimRequest) WantedValue() *string {
if value, ok := i["value"]; ok {
valueString := value.(string)
return &valueString
}
return nil
}
// Get the allowed values for an individual claim request that specifies
// a values field.
//
// Specification
//
// https://openid.net/specs/openid-connect-core-1_0.html#IndividualClaimsRequests
//
// Requests that the Claim be returned with one of a set of values, with the
// values appearing in order of preference. For instance the Claim request:
//
// "acr": {"essential": true,
// "values": ["urn:mace:incommon:iap:silver",
// "urn:mace:incommon:iap:bronze"]}
//
// specifies that it is Essential that the acr Claim be returned with either
// the value urn:mace:incommon:iap:silver or urn:mace:incommon:iap:bronze.
// The values in the values member array MUST be valid values for the Claim
// being requested. Definitions of individual Claims can include requirements
// on how and whether the values qualifier is to be used when requesting that
// Claim.
func (i IndividualClaimRequest) AllowedValues() []string {
if values, ok := i["values"]; ok {
return values.([]string)
}
return nil
}
// OpenIDConfiguration contains the parts of the OpenID discovery information
// that are relevant for us.
//
// Specification
//
// See https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
type OpenIDConfiguration struct {
AuthorizationEndpoint string `json:"authorization_endpoint"`
TokenEndpoint string `json:"token_endpoint"`
JwksUri string `json:"jwks_uri"`
EndSessionEndpoint string `json:"end_session_endpoint"`
}