client.go

Documentation: github.com/ory/fosite

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package fosite
    23  
    24  import jose "gopkg.in/square/go-jose.v2"
    25  
    26  // Client represents a client or an app.
    27  type Client interface {
    28  	// GetID returns the client ID.
    29  	GetID() string
    30  
    31  	// GetHashedSecret returns the hashed secret as it is stored in the store.
    32  	GetHashedSecret() []byte
    33  
    34  	// GetRedirectURIs returns the client's allowed redirect URIs.
    35  	GetRedirectURIs() []string
    36  
    37  	// GetGrantTypes returns the client's allowed grant types.
    38  	GetGrantTypes() Arguments
    39  
    40  	// GetResponseTypes returns the client's allowed response types.
    41  	// All allowed combinations of response types have to be listed, each combination having
    42  	// response types of the combination separated by a space.
    43  	GetResponseTypes() Arguments
    44  
    45  	// GetScopes returns the scopes this client is allowed to request.
    46  	GetScopes() Arguments
    47  
    48  	// IsPublic returns true, if this client is marked as public.
    49  	IsPublic() bool
    50  
    51  	// GetAudience returns the allowed audience(s) for this client.
    52  	GetAudience() Arguments
    53  }
    54  
    55  // ClientWithSecretRotation extends Client interface by a method providing a slice of rotated secrets.
    56  type ClientWithSecretRotation interface {
    57  	Client
    58  	// GetRotatedHashes returns a slice of hashed secrets used for secrets rotation.
    59  	GetRotatedHashes() [][]byte
    60  }
    61  
    62  // OpenIDConnectClient represents a client capable of performing OpenID Connect requests.
    63  type OpenIDConnectClient interface {
    64  	// GetRequestURIs is an array of request_uri values that are pre-registered by the RP for use at the OP. Servers MAY
    65  	// cache the contents of the files referenced by these URIs and not retrieve them at the time they are used in a request.
    66  	// OPs can require that request_uri values used be pre-registered with the require_request_uri_registration
    67  	// discovery parameter.
    68  	GetRequestURIs() []string
    69  
    70  	// GetJSONWebKeys returns the JSON Web Key Set containing the public keys used by the client to authenticate.
    71  	GetJSONWebKeys() *jose.JSONWebKeySet
    72  
    73  	// GetJSONWebKeys returns the URL for lookup of JSON Web Key Set containing the
    74  	// public keys used by the client to authenticate.
    75  	GetJSONWebKeysURI() string
    76  
    77  	// JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP.
    78  	// All Request Objects from this Client MUST be rejected, if not signed with this algorithm.
    79  	GetRequestObjectSigningAlgorithm() string
    80  
    81  	// Requested Client Authentication method for the Token Endpoint. The options are client_secret_post,
    82  	// client_secret_basic, client_secret_jwt, private_key_jwt, and none.
    83  	GetTokenEndpointAuthMethod() string
    84  
    85  	// JWS [JWS] alg algorithm [JWA] that MUST be used for signing the JWT [JWT] used to authenticate the
    86  	// Client at the Token Endpoint for the private_key_jwt and client_secret_jwt authentication methods.
    87  	GetTokenEndpointAuthSigningAlgorithm() string
    88  }
    89  
    90  // ResponseModeClient represents a client capable of handling response_mode
    91  type ResponseModeClient interface {
    92  	// GetResponseMode returns the response modes that client is allowed to send
    93  	GetResponseModes() []ResponseModeType
    94  }
    95  
    96  // DefaultClient is a simple default implementation of the Client interface.
    97  type DefaultClient struct {
    98  	ID             string   `json:"id"`
    99  	Secret         []byte   `json:"client_secret,omitempty"`
   100  	RotatedSecrets [][]byte `json:"rotated_secrets,omitempty"`
   101  	RedirectURIs   []string `json:"redirect_uris"`
   102  	GrantTypes     []string `json:"grant_types"`
   103  	ResponseTypes  []string `json:"response_types"`
   104  	Scopes         []string `json:"scopes"`
   105  	Audience       []string `json:"audience"`
   106  	Public         bool     `json:"public"`
   107  }
   108  
   109  type DefaultOpenIDConnectClient struct {
   110  	*DefaultClient
   111  	JSONWebKeysURI                    string              `json:"jwks_uri"`
   112  	JSONWebKeys                       *jose.JSONWebKeySet `json:"jwks"`
   113  	TokenEndpointAuthMethod           string              `json:"token_endpoint_auth_method"`
   114  	RequestURIs                       []string            `json:"request_uris"`
   115  	RequestObjectSigningAlgorithm     string              `json:"request_object_signing_alg"`
   116  	TokenEndpointAuthSigningAlgorithm string              `json:"token_endpoint_auth_signing_alg"`
   117  }
   118  
   119  type DefaultResponseModeClient struct {
   120  	*DefaultClient
   121  	ResponseModes []ResponseModeType `json:"response_modes"`
   122  }
   123  
   124  func (c *DefaultClient) GetID() string {
   125  	return c.ID
   126  }
   127  
   128  func (c *DefaultClient) IsPublic() bool {
   129  	return c.Public
   130  }
   131  
   132  func (c *DefaultClient) GetAudience() Arguments {
   133  	return c.Audience
   134  }
   135  
   136  func (c *DefaultClient) GetRedirectURIs() []string {
   137  	return c.RedirectURIs
   138  }
   139  
   140  func (c *DefaultClient) GetHashedSecret() []byte {
   141  	return c.Secret
   142  }
   143  
   144  func (c *DefaultClient) GetRotatedHashes() [][]byte {
   145  	return c.RotatedSecrets
   146  }
   147  
   148  func (c *DefaultClient) GetScopes() Arguments {
   149  	return c.Scopes
   150  }
   151  
   152  func (c *DefaultClient) GetGrantTypes() Arguments {
   153  	// https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
   154  	//
   155  	// JSON array containing a list of the OAuth 2.0 Grant Types that the Client is declaring
   156  	// that it will restrict itself to using.
   157  	// If omitted, the default is that the Client will use only the authorization_code Grant Type.
   158  	if len(c.GrantTypes) == 0 {
   159  		return Arguments{"authorization_code"}
   160  	}
   161  	return Arguments(c.GrantTypes)
   162  }
   163  
   164  func (c *DefaultClient) GetResponseTypes() Arguments {
   165  	// https://openid.net/specs/openid-connect-registration-1_0.html#ClientMetadata
   166  	//
   167  	// JSON array containing a list of the OAuth 2.0 response_type values that the Client is declaring
   168  	// that it will restrict itself to using. If omitted, the default is that the Client will use
   169  	// only the code Response Type.
   170  	if len(c.ResponseTypes) == 0 {
   171  		return Arguments{"code"}
   172  	}
   173  	return Arguments(c.ResponseTypes)
   174  }
   175  
   176  func (c *DefaultOpenIDConnectClient) GetJSONWebKeysURI() string {
   177  	return c.JSONWebKeysURI
   178  }
   179  
   180  func (c *DefaultOpenIDConnectClient) GetJSONWebKeys() *jose.JSONWebKeySet {
   181  	return c.JSONWebKeys
   182  }
   183  
   184  func (c *DefaultOpenIDConnectClient) GetTokenEndpointAuthSigningAlgorithm() string {
   185  	if c.TokenEndpointAuthSigningAlgorithm == "" {
   186  		return "RS256"
   187  	} else {
   188  		return c.TokenEndpointAuthSigningAlgorithm
   189  	}
   190  }
   191  
   192  func (c *DefaultOpenIDConnectClient) GetRequestObjectSigningAlgorithm() string {
   193  	return c.RequestObjectSigningAlgorithm
   194  }
   195  
   196  func (c *DefaultOpenIDConnectClient) GetTokenEndpointAuthMethod() string {
   197  	return c.TokenEndpointAuthMethod
   198  }
   199  
   200  func (c *DefaultOpenIDConnectClient) GetRequestURIs() []string {
   201  	return c.RequestURIs
   202  }
   203  
   204  func (c *DefaultResponseModeClient) GetResponseModes() []ResponseModeType {
   205  	return c.ResponseModes
   206  }
   207
View as plain text