2024-08-15 16:25:15 +00:00
|
|
|
package model
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"time"
|
|
|
|
|
|
|
|
|
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
|
|
|
|
"github.com/zitadel/oidc/v3/pkg/op"
|
|
|
|
|
)
|
|
|
|
|
|
2024-10-06 20:11:58 +00:00
|
|
|
// ClientConfig represents the configuration for a OIDC client app
|
2024-08-15 16:25:15 +00:00
|
|
|
type ClientConfig struct {
|
|
|
|
|
ID string
|
|
|
|
|
Secret string
|
|
|
|
|
RedirectURIs []string
|
|
|
|
|
TrustedPeers []string
|
|
|
|
|
Name string
|
2024-08-17 13:22:37 +00:00
|
|
|
AuthRequest *AuthRequest
|
2024-08-15 16:25:15 +00:00
|
|
|
}
|
|
|
|
|
|
2024-10-06 20:11:58 +00:00
|
|
|
// Client represents an OIDC client app
|
2024-08-15 16:25:15 +00:00
|
|
|
type Client struct {
|
|
|
|
|
ClientConfig
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) GetID() string {
|
|
|
|
|
return c.ClientConfig.ID
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) RedirectURIs() []string {
|
|
|
|
|
return c.ClientConfig.RedirectURIs
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) PostLogoutRedirectURIs() []string {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) ApplicationType() op.ApplicationType {
|
|
|
|
|
return op.ApplicationTypeWeb // TODO: should we support more?
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) AuthMethod() oidc.AuthMethod {
|
2024-10-15 17:35:14 +00:00
|
|
|
return oidc.AuthMethodBasic
|
2024-08-15 16:25:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) ResponseTypes() []oidc.ResponseType {
|
|
|
|
|
return []oidc.ResponseType{oidc.ResponseTypeCode}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) GrantTypes() []oidc.GrantType {
|
2024-10-15 17:35:14 +00:00
|
|
|
return []oidc.GrantType{oidc.GrantTypeCode, oidc.GrantTypeRefreshToken, oidc.GrantTypeTokenExchange}
|
2024-08-15 16:25:15 +00:00
|
|
|
}
|
|
|
|
|
|
2024-10-06 20:11:58 +00:00
|
|
|
// LoginURL returns the login URL for a given client app and auth request.
|
|
|
|
|
// This login url should be the authorization URL for the selected OIDC backend
|
2024-08-17 13:22:37 +00:00
|
|
|
func (c Client) LoginURL(authRequestID string) string {
|
2024-10-15 17:35:14 +00:00
|
|
|
if authRequestID == "" {
|
2024-09-22 08:26:27 +00:00
|
|
|
return "" // we don't have a request, let's return nothing
|
|
|
|
|
}
|
|
|
|
|
|
2024-10-06 20:11:58 +00:00
|
|
|
return "/perform_auth?request_id=" + authRequestID
|
2024-08-15 16:25:15 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) AccessTokenType() op.AccessTokenType {
|
|
|
|
|
return op.AccessTokenTypeJWT
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) IDTokenLifetime() time.Duration {
|
|
|
|
|
return 1 * time.Hour
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) DevMode() bool {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) RestrictAdditionalIdTokenScopes() func(scopes []string) []string {
|
|
|
|
|
return func(scopes []string) []string {
|
|
|
|
|
return scopes
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) RestrictAdditionalAccessTokenScopes() func(scopes []string) []string {
|
|
|
|
|
return func(scopes []string) []string {
|
|
|
|
|
return scopes
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) IsScopeAllowed(scope string) bool {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) IDTokenUserinfoClaimsAssertion() bool {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c Client) ClockSkew() time.Duration {
|
|
|
|
|
return 0
|
|
|
|
|
}
|
