compose_openid.go

Documentation: github.com/ory/fosite/compose

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package compose
    23  
    24  import (
    25  	"github.com/ory/fosite/handler/oauth2"
    26  	"github.com/ory/fosite/handler/openid"
    27  	"github.com/ory/fosite/token/jwt"
    28  )
    29  
    30  // OpenIDConnectExplicitFactory creates an OpenID Connect explicit ("authorize code flow") grant handler.
    31  //
    32  // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
    33  func OpenIDConnectExplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    34  	return &openid.OpenIDConnectExplicitHandler{
    35  		OpenIDConnectRequestStorage: storage.(openid.OpenIDConnectRequestStorage),
    36  		IDTokenHandleHelper: &openid.IDTokenHandleHelper{
    37  			IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy),
    38  		},
    39  		OpenIDConnectRequestValidator: openid.NewOpenIDConnectRequestValidator(config.AllowedPromptValues, strategy.(jwt.JWTStrategy)).
    40  			WithRedirectSecureChecker(config.GetRedirectSecureChecker()),
    41  	}
    42  }
    43  
    44  // OpenIDConnectRefreshFactory creates a handler for refreshing openid connect tokens.
    45  //
    46  // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
    47  func OpenIDConnectRefreshFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    48  	return &openid.OpenIDConnectRefreshHandler{
    49  		IDTokenHandleHelper: &openid.IDTokenHandleHelper{
    50  			IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy),
    51  		},
    52  	}
    53  }
    54  
    55  // OpenIDConnectImplicitFactory creates an OpenID Connect implicit ("implicit flow") grant handler.
    56  //
    57  // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
    58  func OpenIDConnectImplicitFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    59  	return &openid.OpenIDConnectImplicitHandler{
    60  		AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantTypeHandler{
    61  			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
    62  			AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
    63  			AccessTokenLifespan: config.GetAccessTokenLifespan(),
    64  		},
    65  		ScopeStrategy: config.GetScopeStrategy(),
    66  		IDTokenHandleHelper: &openid.IDTokenHandleHelper{
    67  			IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy),
    68  		},
    69  		OpenIDConnectRequestValidator: openid.NewOpenIDConnectRequestValidator(config.AllowedPromptValues, strategy.(jwt.JWTStrategy)).
    70  			WithRedirectSecureChecker(config.GetRedirectSecureChecker()),
    71  		MinParameterEntropy: config.GetMinParameterEntropy(),
    72  	}
    73  }
    74  
    75  // OpenIDConnectHybridFactory creates an OpenID Connect hybrid grant handler.
    76  //
    77  // **Important note:** You must add this handler *after* you have added an OAuth2 authorize code handler!
    78  func OpenIDConnectHybridFactory(config *Config, storage interface{}, strategy interface{}) interface{} {
    79  	return &openid.OpenIDConnectHybridHandler{
    80  		AuthorizeExplicitGrantHandler: &oauth2.AuthorizeExplicitGrantHandler{
    81  			AccessTokenStrategy:   strategy.(oauth2.AccessTokenStrategy),
    82  			RefreshTokenStrategy:  strategy.(oauth2.RefreshTokenStrategy),
    83  			AuthorizeCodeStrategy: strategy.(oauth2.AuthorizeCodeStrategy),
    84  			CoreStorage:           storage.(oauth2.CoreStorage),
    85  			AuthCodeLifespan:      config.GetAuthorizeCodeLifespan(),
    86  			AccessTokenLifespan:   config.GetAccessTokenLifespan(),
    87  			RefreshTokenLifespan:  config.GetRefreshTokenLifespan(),
    88  			IsRedirectURISecure:   config.GetRedirectSecureChecker(),
    89  		},
    90  		ScopeStrategy: config.GetScopeStrategy(),
    91  		AuthorizeImplicitGrantTypeHandler: &oauth2.AuthorizeImplicitGrantTypeHandler{
    92  			AccessTokenStrategy: strategy.(oauth2.AccessTokenStrategy),
    93  			AccessTokenStorage:  storage.(oauth2.AccessTokenStorage),
    94  			AccessTokenLifespan: config.GetAccessTokenLifespan(),
    95  		},
    96  		IDTokenHandleHelper: &openid.IDTokenHandleHelper{
    97  			IDTokenStrategy: strategy.(openid.OpenIDConnectTokenStrategy),
    98  		},
    99  		OpenIDConnectRequestStorage: storage.(openid.OpenIDConnectRequestStorage),
   100  		OpenIDConnectRequestValidator: openid.NewOpenIDConnectRequestValidator(config.AllowedPromptValues, strategy.(jwt.JWTStrategy)).
   101  			WithRedirectSecureChecker(config.GetRedirectSecureChecker()),
   102  		MinParameterEntropy: config.GetMinParameterEntropy(),
   103  	}
   104  }
   105
View as plain text