-
Notifications
You must be signed in to change notification settings - Fork 2
/
advanced_configuration.go
152 lines (117 loc) · 5.69 KB
/
advanced_configuration.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
// Code generated by go-swagger; DO NOT EDIT.
package models
// This file was generated by the swagger tool.
// Editing this file might prove futile when you re-run the swagger generate command
import (
"context"
"github.com/go-openapi/errors"
"github.com/go-openapi/strfmt"
"github.com/go-openapi/swag"
)
// AdvancedConfiguration advanced configuration
//
// swagger:model AdvancedConfiguration
type AdvancedConfiguration struct {
// Configurable ACR values to enforce during auth flow
AcrValues []string `json:"acr_values" yaml:"acr_values"`
// This option overrides all urls advertised by the well known endpoint with their mtls alias
AdvertiseOnlyMtlsAliasesInWellKnown bool `json:"advertise_only_mtls_aliases_in_well_known,omitempty" yaml:"advertise_only_mtls_aliases_in_well_known,omitempty"`
// Block response modes
BlockResponseModes bool `json:"block_response_modes,omitempty" yaml:"block_response_modes,omitempty"`
// Disable certificate-bound access tokens for new DCR clients
//
// If true, new DCR clients are created with CertificateBoundAccessToken disabled.
DisableDcrClientCertificateBoundAccessTokens bool `json:"disable_dcr_client_certificate_bound_access_tokens,omitempty" yaml:"disable_dcr_client_certificate_bound_access_tokens,omitempty"`
// Disable PAR
DisablePar bool `json:"disable_par,omitempty" yaml:"disable_par,omitempty"`
// Disable RAR
DisableRar bool `json:"disable_rar,omitempty" yaml:"disable_rar,omitempty"`
// Disable refresh token cycling
//
// Once disabled, original refresh token can be constantly used to issue new access token.
DisableRefreshTokenCycling bool `json:"disable_refresh_token_cycling,omitempty" yaml:"disable_refresh_token_cycling,omitempty"`
// When enabled, the authorization server will not accept access tokens supplied in the request query parameter
// for protected resources endpoints.
DisallowAccessTokenInQueryForProtectedResources bool `json:"disallow_access_token_in_query_for_protected_resources,omitempty" yaml:"disallow_access_token_in_query_for_protected_resources,omitempty"`
// Disallow code response type without JARM
DisallowCodeResponseTypeWithoutJarm bool `json:"disallow_code_response_type_without_jarm,omitempty" yaml:"disallow_code_response_type_without_jarm,omitempty"`
// disallowed response modes
DisallowedResponseModes ResponseModes `json:"disallowed_response_modes,omitempty" yaml:"disallowed_response_modes,omitempty"`
// Do not issue acr claim in ID Token
DoNotIssueAcrClaimInIDToken bool `json:"do_not_issue_acr_claim_in_id_token,omitempty" yaml:"do_not_issue_acr_claim_in_id_token,omitempty"`
// Enforce acr values
EnforceAcrValues bool `json:"enforce_acr_values,omitempty" yaml:"enforce_acr_values,omitempty"`
// Ignore unknown scopes for DCR
//
// If enabled, an attempt to register or update a client with a scope that does not exist in the server will succeed.
IgnoreUnknownScopesForDcr bool `json:"ignore_unknown_scopes_for_dcr,omitempty" yaml:"ignore_unknown_scopes_for_dcr,omitempty"`
// Require request or request uri parameter for authorization flow
RequireRequestOrRequestURIParameter bool `json:"require_request_or_request_uri_parameter,omitempty" yaml:"require_request_or_request_uri_parameter,omitempty"`
// Return iss parameter in the authorization response
ReturnIssParameterInAuthorizationResponse bool `json:"return_iss_parameter_in_authorization_response,omitempty" yaml:"return_iss_parameter_in_authorization_response,omitempty"`
// Disables SSO as a fallback mechanism for post-logout redirect URI validation
StrictPostLogoutRedirectEnforcement bool `json:"strict_post_logout_redirect_enforcement,omitempty" yaml:"strict_post_logout_redirect_enforcement,omitempty"`
}
// Validate validates this advanced configuration
func (m *AdvancedConfiguration) Validate(formats strfmt.Registry) error {
var res []error
if err := m.validateDisallowedResponseModes(formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *AdvancedConfiguration) validateDisallowedResponseModes(formats strfmt.Registry) error {
if swag.IsZero(m.DisallowedResponseModes) { // not required
return nil
}
if err := m.DisallowedResponseModes.Validate(formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("disallowed_response_modes")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("disallowed_response_modes")
}
return err
}
return nil
}
// ContextValidate validate this advanced configuration based on the context it is used
func (m *AdvancedConfiguration) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
var res []error
if err := m.contextValidateDisallowedResponseModes(ctx, formats); err != nil {
res = append(res, err)
}
if len(res) > 0 {
return errors.CompositeValidationError(res...)
}
return nil
}
func (m *AdvancedConfiguration) contextValidateDisallowedResponseModes(ctx context.Context, formats strfmt.Registry) error {
if err := m.DisallowedResponseModes.ContextValidate(ctx, formats); err != nil {
if ve, ok := err.(*errors.Validation); ok {
return ve.ValidateName("disallowed_response_modes")
} else if ce, ok := err.(*errors.CompositeError); ok {
return ce.ValidateName("disallowed_response_modes")
}
return err
}
return nil
}
// MarshalBinary interface implementation
func (m *AdvancedConfiguration) MarshalBinary() ([]byte, error) {
if m == nil {
return nil, nil
}
return swag.WriteJSON(m)
}
// UnmarshalBinary interface implementation
func (m *AdvancedConfiguration) UnmarshalBinary(b []byte) error {
var res AdvancedConfiguration
if err := swag.ReadJSON(b, &res); err != nil {
return err
}
*m = res
return nil
}