/
grant.go
41 lines (29 loc) · 1.27 KB
/
grant.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0
package trust
import (
"time"
)
type Grant struct {
ID string `json:"id"`
// Issuer identifies the principal that issued the JWT assertion (same as iss claim in jwt).
Issuer string `json:"issuer"`
// Subject identifies the principal that is the subject of the JWT.
Subject string `json:"subject"`
// AllowAnySubject indicates that the issuer is allowed to have any principal as the subject of the JWT.
AllowAnySubject bool `json:"allow_any_subject"`
// Scope contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
Scope []string `json:"scope"`
// PublicKeys contains information about public key issued by Issuer, that will be used to check JWT assertion signature.
PublicKey PublicKey `json:"public_key"`
// CreatedAt indicates, when grant was created.
CreatedAt time.Time `json:"created_at"`
// ExpiresAt indicates, when grant will expire, so we will reject assertion from Issuer targeting Subject.
ExpiresAt time.Time `json:"expires_at"`
}
type PublicKey struct {
// Set is basically a name for a group(set) of keys. Will be the same as Issuer in grant.
Set string `json:"set"`
// KeyID is key unique identifier (same as kid header in jws/jwt).
KeyID string `json:"kid"`
}