forked from ory/fosite
-
Notifications
You must be signed in to change notification settings - Fork 0
/
config.go
102 lines (84 loc) · 3.61 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
/*
* Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
* @author Aeneas Rekkas <aeneas+oss@aeneas.io>
* @copyright 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io>
* @license Apache-2.0
*
*/
package compose
import (
"time"
"github.com/ory/fosite"
)
type Config struct {
// AccessTokenLifespan sets how long an access token is going to be valid. Defaults to one hour.
AccessTokenLifespan time.Duration
// AuthorizeCodeLifespan sets how long an authorize code is going to be valid. Defaults to fifteen minutes.
AuthorizeCodeLifespan time.Duration
// IDTokenLifespan sets how long an id token is going to be valid. Defaults to one hour.
IDTokenLifespan time.Duration
// HashCost sets the cost of the password hashing cost. Defaults to 12.
HashCost int
// DisableRefreshTokenValidation sets the introspection endpoint to disable refresh token validation.
DisableRefreshTokenValidation bool
// SendDebugMessagesToClients if set to true, includes error debug messages in response payloads. Be aware that sensitive
// data may be exposed, depending on your implementation of Fosite. Such sensitive data might include database error
// codes or other information. Proceed with caution!
SendDebugMessagesToClients bool
// ScopeStrategy sets the scope strategy that should be supported, for example fosite.WildcardScopeStrategy.
ScopeStrategy fosite.ScopeStrategy
// EnforcePKCE, if set to true, requires public clients to perform authorize code flows with PKCE. Defaults to false.
EnforcePKCE bool
// EnablePKCEPlainChallengeMethod sets whether or not to allow the plain challenge method (S256 should be used whenever possible, plain is really discouraged). Defaults to false.
EnablePKCEPlainChallengeMethod bool
// AllowedPromptValues sets which OpenID Connect prompt values the server supports. Defaults to []string{"login", "none", "consent", "select_account"}.
AllowedPromptValues []string
}
// GetScopeStrategy returns the scope strategy to be used. Defaults to glob scope strategy.
func (c *Config) GetScopeStrategy() fosite.ScopeStrategy {
if c.ScopeStrategy == nil {
c.ScopeStrategy = fosite.WildcardScopeStrategy
}
return c.ScopeStrategy
}
// GetAuthorizeCodeLifespan returns how long an authorize code should be valid. Defaults to one fifteen minutes.
func (c *Config) GetAuthorizeCodeLifespan() time.Duration {
if c.AuthorizeCodeLifespan == 0 {
return time.Minute * 15
}
return c.AuthorizeCodeLifespan
}
// GeIDTokenLifespan returns how long an id token should be valid. Defaults to one hour.
func (c *Config) GetIDTokenLifespan() time.Duration {
if c.IDTokenLifespan == 0 {
return time.Hour
}
return c.IDTokenLifespan
}
// GetAccessTokenLifespan returns how long a refresh token should be valid. Defaults to one hour.
func (c *Config) GetAccessTokenLifespan() time.Duration {
if c.AccessTokenLifespan == 0 {
return time.Hour
}
return c.AccessTokenLifespan
}
// GetAccessTokenLifespan returns how long a refresh token should be valid. Defaults to one hour.
func (c *Config) GetHashCost() int {
if c.HashCost == 0 {
return 12
}
return c.HashCost
}