mirror of https://github.com/ory/hydra
69 lines
2.5 KiB
Go
69 lines
2.5 KiB
Go
// Copyright © 2022 Ory Corp
|
|
// SPDX-License-Identifier: Apache-2.0
|
|
|
|
// Package trust implements jwt-bearer grant management capabilities
|
|
//
|
|
// JWT-Bearer Grant represents resource owner (RO) permission for client to act on behalf of the RO using jwt.
|
|
// Client uses jwt to request access token to act as RO.
|
|
package trust
|
|
|
|
import (
|
|
"time"
|
|
)
|
|
|
|
// OAuth2 JWT Bearer Grant Type Issuer Trust Relationships
|
|
//
|
|
// swagger:model trustedOAuth2JwtGrantIssuers
|
|
//
|
|
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
|
|
type trustedOAuth2JwtGrantIssuers []trustedOAuth2JwtGrantIssuer
|
|
|
|
// OAuth2 JWT Bearer Grant Type Issuer Trust Relationship
|
|
//
|
|
// swagger:model trustedOAuth2JwtGrantIssuer
|
|
//
|
|
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
|
|
type trustedOAuth2JwtGrantIssuer struct {
|
|
// example: 9edc811f-4e28-453c-9b46-4de65f00217f
|
|
ID string `json:"id"`
|
|
|
|
// The "issuer" identifies the principal that issued the JWT assertion (same as "iss" claim in JWT).
|
|
// example: https://jwt-idp.example.com
|
|
Issuer string `json:"issuer"`
|
|
|
|
// The "subject" identifies the principal that is the subject of the JWT.
|
|
// example: mike@example.com
|
|
Subject string `json:"subject"`
|
|
|
|
// The "allow_any_subject" indicates that the issuer is allowed to have any principal as the subject of the JWT.
|
|
AllowAnySubject bool `json:"allow_any_subject"`
|
|
|
|
// The "scope" contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
|
|
// example: ["openid", "offline"]
|
|
Scope []string `json:"scope"`
|
|
|
|
// The "public_key" contains information about public key issued by "issuer", that will be used to check JWT assertion signature.
|
|
PublicKey trustedOAuth2JwtGrantJsonWebKey `json:"public_key"`
|
|
|
|
// The "created_at" indicates, when grant was created.
|
|
CreatedAt time.Time `json:"created_at"`
|
|
|
|
// The "expires_at" indicates, when grant will expire, so we will reject assertion from "issuer" targeting "subject".
|
|
ExpiresAt time.Time `json:"expires_at"`
|
|
}
|
|
|
|
// OAuth2 JWT Bearer Grant Type Issuer Trusted JSON Web Key
|
|
//
|
|
// swagger:model trustedOAuth2JwtGrantJsonWebKey
|
|
//
|
|
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
|
|
type trustedOAuth2JwtGrantJsonWebKey struct {
|
|
// The "set" is basically a name for a group(set) of keys. Will be the same as "issuer" in grant.
|
|
// example: https://jwt-idp.example.com
|
|
Set string `json:"set"`
|
|
|
|
// The "key_id" is key unique identifier (same as kid header in jws/jwt).
|
|
// example: 123e4567-e89b-12d3-a456-426655440000
|
|
KeyID string `json:"kid"`
|
|
}
|