...

Source file src/github.com/ory/fosite/handler/rfc7523/storage.go

Documentation: github.com/ory/fosite/handler/rfc7523 

     1  /*
     2   * Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
     3   *
     4   * Licensed under the Apache License, Version 2.0 (the "License");
     5   * you may not use this file except in compliance with the License.
     6   * You may obtain a copy of the License at
     7   *
     8   *     http://www.apache.org/licenses/LICENSE-2.0
     9   *
    10   * Unless required by applicable law or agreed to in writing, software
    11   * distributed under the License is distributed on an "AS IS" BASIS,
    12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13   * See the License for the specific language governing permissions and
    14   * limitations under the License.
    15   *
    16   * @author		Aeneas Rekkas <aeneas+oss@aeneas.io>
    17   * @copyright 	2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
    18   * @license 	Apache-2.0
    19   *
    20   */
    21  
    22  package rfc7523
    23  
    24  import (
    25  	"context"
    26  	"time"
    27  
    28  	"gopkg.in/square/go-jose.v2"
    29  )
    30  
    31  // RFC7523KeyStorage holds information needed to validate jwt assertion in authorization grants.
    32  type RFC7523KeyStorage interface {
    33  	// GetPublicKey returns public key, issued by 'issuer', and assigned for subject. Public key is used to check
    34  	// signature of jwt assertion in authorization grants.
    35  	GetPublicKey(ctx context.Context, issuer string, subject string, keyId string) (*jose.JSONWebKey, error)
    36  
    37  	// GetPublicKeys returns public key, set issued by 'issuer', and assigned for subject.
    38  	GetPublicKeys(ctx context.Context, issuer string, subject string) (*jose.JSONWebKeySet, error)
    39  
    40  	// GetPublicKeyScopes returns assigned scope for assertion, identified by public key, issued by 'issuer'.
    41  	GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) ([]string, error)
    42  
    43  	// IsJWTUsed returns true, if JWT is not known yet or it can not be considered valid, because it must be already
    44  	// expired.
    45  	IsJWTUsed(ctx context.Context, jti string) (bool, error)
    46  
    47  	// MarkJWTUsedForTime marks JWT as used for a time passed in exp parameter. This helps ensure that JWTs are not
    48  	// replayed by maintaining the set of used "jti" values for the length of time for which the JWT would be
    49  	// considered valid based on the applicable "exp" instant. (https://tools.ietf.org/html/rfc7523#section-3)
    50  	MarkJWTUsedForTime(ctx context.Context, jti string, exp time.Time) error
    51  }
    52  

View as plain text