From 4350b4bc4c1a108bb51956822c0cb385793a04d7 Mon Sep 17 00:00:00 2001 From: Michael DeRazon Date: Tue, 7 Aug 2018 00:04:50 +0300 Subject: [PATCH 1/4] consent: Add logout api endpoint https://github.com/ory/hydra/issues/970 Signed-off-by: Michael DeRazon --- cmd/server/handler.go | 2 +- consent/handler.go | 61 ++++++++++++++++++++++++++++++++++--------- 2 files changed, 49 insertions(+), 14 deletions(-) diff --git a/cmd/server/handler.go b/cmd/server/handler.go index a6717e01897..5c09f7c6938 100644 --- a/cmd/server/handler.go +++ b/cmd/server/handler.go @@ -250,7 +250,7 @@ func (h *Handler) registerRoutes(frontend, backend *httprouter.Router) { // Set up handlers h.Clients = newClientHandler(c, backend, clientsManager) h.Keys = newJWKHandler(c, frontend, backend) - h.Consent = newConsentHandler(c, backend) + h.Consent = newConsentHandler(c, frontend, backend) h.OAuth2 = newOAuth2Handler(c, frontend, backend, ctx.ConsentManager, oauth2Provider) _ = newHealthHandler(c, backend) } diff --git a/consent/handler.go b/consent/handler.go index 7790d5c5f7c..3942a10545c 100644 --- a/consent/handler.go +++ b/consent/handler.go @@ -55,19 +55,21 @@ func NewHandler( } } -func (h *Handler) SetRoutes(r *httprouter.Router) { - r.GET(LoginPath+"/:challenge", h.GetLoginRequest) - r.PUT(LoginPath+"/:challenge/accept", h.AcceptLoginRequest) - r.PUT(LoginPath+"/:challenge/reject", h.RejectLoginRequest) - - r.GET(ConsentPath+"/:challenge", h.GetConsentRequest) - r.PUT(ConsentPath+"/:challenge/accept", h.AcceptConsentRequest) - r.PUT(ConsentPath+"/:challenge/reject", h.RejectConsentRequest) - - r.DELETE("/oauth2/auth/sessions/login/:user", h.DeleteLoginSession) - r.GET("/oauth2/auth/sessions/consent/:user", h.GetConsentSessions) - r.DELETE("/oauth2/auth/sessions/consent/:user", h.DeleteUserConsentSession) - r.DELETE("/oauth2/auth/sessions/consent/:user/:client", h.DeleteUserClientConsentSession) +func (h *Handler) SetRoutes(frontend, backend *httprouter.Router) { + backend.GET(LoginPath+"/:challenge", h.GetLoginRequest) + backend.PUT(LoginPath+"/:challenge/accept", h.AcceptLoginRequest) + backend.PUT(LoginPath+"/:challenge/reject", h.RejectLoginRequest) + + backend.GET(ConsentPath+"/:challenge", h.GetConsentRequest) + backend.PUT(ConsentPath+"/:challenge/accept", h.AcceptConsentRequest) + backend.PUT(ConsentPath+"/:challenge/reject", h.RejectConsentRequest) + + backend.DELETE("/oauth2/auth/sessions/login/:user", h.DeleteLoginSession) + backend.GET("/oauth2/auth/sessions/consent/:user", h.GetConsentSessions) + backend.DELETE("/oauth2/auth/sessions/consent/:user", h.DeleteUserConsentSession) + backend.DELETE("/oauth2/auth/sessions/consent/:user/:client", h.DeleteUserClientConsentSession) + + frontend.GET("/oauth2/auth/logout", h.LogoutUser) } // swagger:route DELETE /oauth2/auth/sessions/consent/{user} oAuth2 revokeAllUserConsentSessions @@ -570,4 +572,37 @@ func (h *Handler) RejectConsentRequest(w http.ResponseWriter, r *http.Request, p h.H.Write(w, r, &RequestHandlerResponse{ RedirectTo: urlx.SetQuery(ru, url.Values{"consent_verifier": {request.Verifier}}).String(), }) +} + }) +} + +// swagger:route DELETE /oauth2/auth/logout oAuth2 logoutUser +// +// Logs user out by deleting the session cookie +// +// This endpoint deletes ths user's login session cookie and redirects the browser to the url +// listed in `LOGOUT_REDIRECT_URL` environment variable. +// +// +// Consumes: +// - text/html +// +// Produces: +// - text/html +// +// Schemes: http, https +// +// Responses: +// 302: emptyResponse +// 404: genericError +// 500: genericError + +func (h *Handler) LogoutUser(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { + err := revokeAuthenticationSession(w, r) + if err != nil { + h.H.WriteError(w, r, err) + return + } + + http.Redirect(w, r, os.Getenv("LOGOUT_REDIRECT_URL"), 302) } From 0d11fbfa1a9b8e644535301487dfb59cd6646122 Mon Sep 17 00:00:00 2001 From: arekkas Date: Fri, 10 Aug 2018 11:03:46 +0200 Subject: [PATCH 2/4] consent: Add logout api endpoint Closes #970 Signed-off-by: arekkas --- cmd/root.go | 3 + cmd/serve.go | 4 ++ cmd/server/handler_consent_factory.go | 7 ++- config/config.go | 1 + consent/handler.go | 44 +++++++------ consent/handler_test.go | 91 +++++++++++++++++++++++++++ consent/sdk_test.go | 5 +- consent/strategy_default.go | 23 ++++--- consent/strategy_default_test.go | 7 ++- oauth2/handler.go | 2 + oauth2/handler_fallback_endpoints.go | 25 +++++++- 11 files changed, 178 insertions(+), 34 deletions(-) create mode 100644 consent/handler_test.go diff --git a/cmd/root.go b/cmd/root.go index eae71de9297..c408af96783 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -122,6 +122,9 @@ func initConfig() { viper.BindEnv("OAUTH2_LOGIN_URL") viper.SetDefault("OAUTH2_LOGIN_URL", oauth2.DefaultConsentPath) + viper.BindEnv("OAUTH2_LOGOUT_REDIRECT_URL") + viper.SetDefault("OAUTH2_LOGOUT_REDIRECT_URL", oauth2.DefaultLogoutPath) + viper.BindEnv("OAUTH2_ERROR_URL") viper.SetDefault("OAUTH2_ERROR_URL", oauth2.DefaultErrorPath) diff --git a/cmd/serve.go b/cmd/serve.go index c34594cef37..3e12c835b58 100644 --- a/cmd/serve.go +++ b/cmd/serve.go @@ -90,6 +90,10 @@ OAUTH2 CONTROLS - OAUTH2_LOGIN_URL: The login provider's URL. Example: OAUTH2_LOGIN_URL=https://id.myapp.com/login +- OAUTH2_LOGOUT_REDIRECT_URL: The URL where the user's browser will be redirected to after successfully logging out + of ORY Hydra. + Example: OAUTH2_LOGOUT_REDIRECT_URL=https://myapp.com/ + - OAUTH2_ISSUER_URL: IssuerURL is the public URL of your Hydra installation. It is used for OAuth2 and OpenID Connect and must be specified and using HTTPS protocol, unless --dangerous-force-http is set. Example: OAUTH2_ISSUER_URL=https://hydra.myapp.com/ diff --git a/cmd/server/handler_consent_factory.go b/cmd/server/handler_consent_factory.go index c6697e37aa1..34815aa8d89 100644 --- a/cmd/server/handler_consent_factory.go +++ b/cmd/server/handler_consent_factory.go @@ -21,6 +21,7 @@ package server import ( + "github.com/gorilla/sessions" "github.com/julienschmidt/httprouter" "github.com/ory/herodot" "github.com/ory/hydra/client" @@ -33,14 +34,14 @@ func injectConsentManager(c *config.Config, cm client.Manager) { ctx.ConsentManager = ctx.Connection.NewConsentManager(cm, ctx.FositeStore) } -func newConsentHandler(c *config.Config, router *httprouter.Router) *consent.Handler { +func newConsentHandler(c *config.Config, frontend, backend *httprouter.Router) *consent.Handler { var ctx = c.Context() w := herodot.NewJSONWriter(c.GetLogger()) w.ErrorEnhancer = writerErrorEnhancer expectDependency(c.GetLogger(), ctx.ConsentManager) - h := consent.NewHandler(w, ctx.ConsentManager) - h.SetRoutes(router) + h := consent.NewHandler(w, ctx.ConsentManager, sessions.NewCookieStore(c.GetCookieSecret()), c.LogoutRedirectURL) + h.SetRoutes(frontend, backend) return h } diff --git a/config/config.go b/config/config.go index 58ae5447349..6d02dfe7498 100644 --- a/config/config.go +++ b/config/config.go @@ -63,6 +63,7 @@ type Config struct { DatabasePlugin string `mapstructure:"DATABASE_PLUGIN" yaml:"-"` ConsentURL string `mapstructure:"OAUTH2_CONSENT_URL" yaml:"-"` LoginURL string `mapstructure:"OAUTH2_LOGIN_URL" yaml:"-"` + LogoutRedirectURL string `mapstructure:"OAUTH2_LOGOUT_REDIRECT_URL" yaml:"-"` DefaultClientScope string `mapstructure:"OIDC_DYNAMIC_CLIENT_REGISTRATION_DEFAULT_SCOPE" yaml:"-"` ErrorURL string `mapstructure:"OAUTH2_ERROR_URL" yaml:"-"` AllowTLSTermination string `mapstructure:"HTTPS_ALLOW_TERMINATION_FROM" yaml:"-"` diff --git a/consent/handler.go b/consent/handler.go index 3942a10545c..af8891c947b 100644 --- a/consent/handler.go +++ b/consent/handler.go @@ -26,6 +26,7 @@ import ( "net/url" "time" + "github.com/gorilla/sessions" "github.com/julienschmidt/httprouter" "github.com/ory/fosite" "github.com/ory/go-convenience/urlx" @@ -35,9 +36,11 @@ import ( ) type Handler struct { - H herodot.Writer - M Manager - RequestMaxAge time.Duration + H herodot.Writer + M Manager + LogoutRedirectURL string + RequestMaxAge time.Duration + CookieStore sessions.Store } const ( @@ -48,10 +51,14 @@ const ( func NewHandler( h herodot.Writer, m Manager, + c sessions.Store, + u string, ) *Handler { return &Handler{ - H: h, - M: m, + H: h, + M: m, + LogoutRedirectURL: u, + CookieStore: c, } } @@ -69,7 +76,7 @@ func (h *Handler) SetRoutes(frontend, backend *httprouter.Router) { backend.DELETE("/oauth2/auth/sessions/consent/:user", h.DeleteUserConsentSession) backend.DELETE("/oauth2/auth/sessions/consent/:user/:client", h.DeleteUserClientConsentSession) - frontend.GET("/oauth2/auth/logout", h.LogoutUser) + frontend.GET("/oauth2/auth/sessions/login/revoke", h.LogoutUser) } // swagger:route DELETE /oauth2/auth/sessions/consent/{user} oAuth2 revokeAllUserConsentSessions @@ -573,22 +580,17 @@ func (h *Handler) RejectConsentRequest(w http.ResponseWriter, r *http.Request, p RedirectTo: urlx.SetQuery(ru, url.Values{"consent_verifier": {request.Verifier}}).String(), }) } - }) -} -// swagger:route DELETE /oauth2/auth/logout oAuth2 logoutUser +// swagger:route GET /oauth2/auth/sessions/login/revoke oAuth2 revokeUserLoginCookie // // Logs user out by deleting the session cookie // // This endpoint deletes ths user's login session cookie and redirects the browser to the url -// listed in `LOGOUT_REDIRECT_URL` environment variable. -// -// -// Consumes: -// - text/html +// listed in `LOGOUT_REDIRECT_URL` environment variable. This endpoint does not work as an API but has to +// be called from the user's browser. // // Produces: -// - text/html +// - application/json // // Schemes: http, https // @@ -596,13 +598,19 @@ func (h *Handler) RejectConsentRequest(w http.ResponseWriter, r *http.Request, p // 302: emptyResponse // 404: genericError // 500: genericError - func (h *Handler) LogoutUser(w http.ResponseWriter, r *http.Request, ps httprouter.Params) { - err := revokeAuthenticationSession(w, r) + sid, err := revokeAuthenticationCookie(w, r, h.CookieStore) if err != nil { h.H.WriteError(w, r, err) return } - http.Redirect(w, r, os.Getenv("LOGOUT_REDIRECT_URL"), 302) + if sid != "" { + if err := h.M.DeleteAuthenticationSession(sid); err != nil { + h.H.WriteError(w, r, err) + return + } + } + + http.Redirect(w, r, h.LogoutRedirectURL, 302) } diff --git a/consent/handler_test.go b/consent/handler_test.go new file mode 100644 index 00000000000..6490ce348c0 --- /dev/null +++ b/consent/handler_test.go @@ -0,0 +1,91 @@ +/* + * Copyright © 2015-2018 Aeneas Rekkas + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * @author Aeneas Rekkas + * @Copyright 2017-2018 Aeneas Rekkas + * @license Apache-2.0 + */ + +package consent + +import ( + "net/http" + "net/http/cookiejar" + "net/http/httptest" + "net/url" + "testing" + "time" + + "github.com/gorilla/sessions" + "github.com/julienschmidt/httprouter" + "github.com/ory/herodot" + "github.com/pborman/uuid" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestLogout(t *testing.T) { + cs := sessions.NewCookieStore([]byte("secret")) + r := httprouter.New() + h := NewHandler( + herodot.NewJSONWriter(nil), + NewMemoryManager(nil), + cs, + "https://www.ory.sh", + ) + + sid := uuid.New() + + r.Handle("GET", "/login", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + cookie, _ := cs.Get(r, cookieAuthenticationName) + require.NoError(t, h.M.CreateAuthenticationSession(&AuthenticationSession{ + ID: sid, + Subject: "foo", + AuthenticatedAt: time.Now(), + })) + + cookie.Values[cookieAuthenticationSIDName] = sid + cookie.Options.MaxAge = 60 + + require.NoError(t, cookie.Save(r, w)) + }) + + r.Handle("GET", "/logout", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + }) + + h.SetRoutes(r, r) + ts := httptest.NewServer(r) + defer ts.Close() + + h.LogoutRedirectURL = ts.URL + "/logout" + + u, err := url.Parse(ts.URL) + require.NoError(t, err) + + cj, err := cookiejar.New(new(cookiejar.Options)) + require.NoError(t, err) + + c := &http.Client{Jar: cj} + resp, err := c.Get(ts.URL + "/login") + require.NoError(t, err) + require.EqualValues(t, http.StatusOK, resp.StatusCode) + require.Len(t, cj.Cookies(u), 1) + + resp, err = c.Get(ts.URL + "/oauth2/auth/sessions/login/revoke") + require.NoError(t, err) + require.EqualValues(t, http.StatusOK, resp.StatusCode) + assert.Len(t, cj.Cookies(u), 0) + assert.EqualValues(t, ts.URL+"/logout", resp.Request.URL.String()) +} diff --git a/consent/sdk_test.go b/consent/sdk_test.go index b4421cbc631..54e79cc18b5 100644 --- a/consent/sdk_test.go +++ b/consent/sdk_test.go @@ -26,6 +26,7 @@ import ( "testing" "time" + "github.com/gorilla/sessions" "github.com/julienschmidt/httprouter" "github.com/ory/herodot" . "github.com/ory/hydra/consent" @@ -40,9 +41,9 @@ import ( func TestSDK(t *testing.T) { m := NewMemoryManager(oauth2.NewFositeMemoryStore(nil, time.Minute)) router := httprouter.New() - h := NewHandler(herodot.NewJSONWriter(logrus.New()), m) + h := NewHandler(herodot.NewJSONWriter(logrus.New()), m, sessions.NewCookieStore([]byte("secret")), "https://www.ory.sh") - h.SetRoutes(router) + h.SetRoutes(router, router) ts := httptest.NewServer(router) sdk, err := hydra.NewSDK(&hydra.Configuration{ diff --git a/consent/strategy_default.go b/consent/strategy_default.go index 7dc716dd04d..ffb8bb20f03 100644 --- a/consent/strategy_default.go +++ b/consent/strategy_default.go @@ -257,21 +257,30 @@ func (s *DefaultStrategy) forwardAuthenticationRequest(w http.ResponseWriter, r } func (s *DefaultStrategy) revokeAuthenticationSession(w http.ResponseWriter, r *http.Request) error { - cookie, _ := s.CookieStore.Get(r, cookieAuthenticationName) + sid, err := revokeAuthenticationCookie(w, r, s.CookieStore) + if err != nil { + return err + } + + if sid == "" { + return nil + } + + return s.M.DeleteAuthenticationSession(sid) +} + +func revokeAuthenticationCookie(w http.ResponseWriter, r *http.Request, s sessions.Store) (string, error) { + cookie, _ := s.Get(r, cookieAuthenticationName) sid, _ := mapx.GetString(cookie.Values, cookieAuthenticationSIDName) cookie.Options.MaxAge = -1 cookie.Values[cookieAuthenticationSIDName] = "" if err := cookie.Save(r, w); err != nil { - return errors.WithStack(err) + return "", errors.WithStack(err) } - if sid == "" { - return nil - } - - return s.M.DeleteAuthenticationSession(sid) + return sid, nil } func (s *DefaultStrategy) obfuscateSubjectIdentifier(subject string, req fosite.AuthorizeRequester, forcedIdentifier string) (string, error) { diff --git a/consent/strategy_default_test.go b/consent/strategy_default_test.go index 792c71e0a56..8a6eebfa5ef 100644 --- a/consent/strategy_default_test.go +++ b/consent/strategy_default_test.go @@ -109,11 +109,12 @@ func TestStrategy(t *testing.T) { }).ToMapClaims(), jwt.NewHeaders()) require.NoError(t, err) + cs := sessions.NewCookieStore([]byte("dummy-secret-yay")) writer := herodot.NewJSONWriter(nil) manager := NewMemoryManager(nil) - handler := NewHandler(writer, manager) + handler := NewHandler(writer, manager, cs, "https://www.ory.sh") router := httprouter.New() - handler.SetRoutes(router) + handler.SetRoutes(router, router) api := httptest.NewServer(router) strategy := NewStrategy( @@ -122,7 +123,7 @@ func TestStrategy(t *testing.T) { ap.URL, "/oauth2/auth", manager, - sessions.NewCookieStore([]byte("dummy-secret-yay")), + cs, fosite.ExactScopeStrategy, false, time.Hour, diff --git a/oauth2/handler.go b/oauth2/handler.go index 0b9fcbc7eea..b5b0bd80062 100644 --- a/oauth2/handler.go +++ b/oauth2/handler.go @@ -45,6 +45,7 @@ const ( OAuth2JWTKeyName = "hydra.jwt.access-token" DefaultConsentPath = "/oauth2/fallbacks/consent" + DefaultLogoutPath = "/oauth2/fallbacks/logout" DefaultErrorPath = "/oauth2/fallbacks/error" TokenPath = "/oauth2/token" AuthPath = "/oauth2/auth" @@ -161,6 +162,7 @@ func (h *Handler) SetRoutes(frontend, backend *httprouter.Router) { frontend.POST(AuthPath, h.AuthHandler) frontend.GET(DefaultConsentPath, h.DefaultConsentHandler) frontend.GET(DefaultErrorPath, h.DefaultErrorHandler) + frontend.GET(DefaultLogoutPath, h.DefaultLogoutHandler) frontend.POST(RevocationPath, h.RevocationHandler) frontend.GET(WellKnownPath, h.WellKnownHandler) frontend.GET(UserinfoPath, h.UserinfoHandler) diff --git a/oauth2/handler_fallback_endpoints.go b/oauth2/handler_fallback_endpoints.go index c4dddd997db..7b2103a5882 100644 --- a/oauth2/handler_fallback_endpoints.go +++ b/oauth2/handler_fallback_endpoints.go @@ -29,6 +29,7 @@ import ( func (h *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { h.L.Warnln("It looks like no consent/login URL was set. All OAuth2 flows except client credentials will fail.") + h.L.Warnln("A client requested the default login & consent URL, environment variable OAUTH2_CONSENT_URL or OAUTH2_LOGIN_URL or both are probably not set.") w.Write([]byte(` @@ -50,7 +51,7 @@ func (h *Handler) DefaultConsentHandler(w http.ResponseWriter, r *http.Request, } func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { - h.L.Warnln("It looks like no OAuth2 Error URL was set.") + h.L.Warnln("A client requested the default error URL, environment variable OAUTH2_ERROR_URL is probably not set.") fmt.Fprintf(w, ` @@ -76,3 +77,25 @@ func (h *Handler) DefaultErrorHandler(w http.ResponseWriter, r *http.Request, _ `, r.URL.Query().Get("error"), r.URL.Query().Get("error_description"), r.URL.Query().Get("error_hint"), r.URL.Query().Get("error_debug")) } + +func (h *Handler) DefaultLogoutHandler(w http.ResponseWriter, r *http.Request, _ httprouter.Params) { + h.L.Warnln("A client requested the default logout URL, environment variable OAUTH2_LOGOUT_REDIRECT_URL is probably not set.") + + fmt.Fprintf(w, ` + + + You logged out successfully + + +

+ You logged out successfully! +

+

+ You are seeing this default page because the administrator did not specify a redirect URL (environment variable OAUTH2_LOGOUT_REDIRECT_URL is not set). + If you are an administrator, please read the guide to understand what you + need to do. If you are a user, please contact the administrator. +

+ + +`) +} From 7f0dbb5253a573e326a5c48a150d7c4e1bd6e366 Mon Sep 17 00:00:00 2001 From: arekkas Date: Fri, 10 Aug 2018 11:05:13 +0200 Subject: [PATCH 3/4] unstaged --- docs/api.swagger.json | 28 ++ sdk/go/hydra/swagger/README.md | 1 + sdk/go/hydra/swagger/docs/OAuth2Api.md | 27 ++ sdk/go/hydra/swagger/o_auth2_api.go | 57 +++ sdk/js/swagger/README.md | 1 + sdk/js/swagger/docs/JSONWebKey.md | 24 +- sdk/js/swagger/docs/JSONWebKeySet.md | 4 +- sdk/js/swagger/docs/OAuth2Api.md | 41 ++ sdk/js/swagger/src/api/OAuth2Api.js | 45 ++ sdk/js/swagger/src/model/JSONWebKey.js | 156 +++++-- sdk/js/swagger/src/model/JSONWebKeySet.js | 29 +- sdk/php/swagger/README.md | 1 + sdk/php/swagger/docs/Api/OAuth2Api.md | 41 ++ sdk/php/swagger/docs/Model/JSONWebKey.md | 24 +- sdk/php/swagger/docs/Model/JSONWebKeySet.md | 4 +- sdk/php/swagger/lib/Api/OAuth2Api.php | 76 ++++ sdk/php/swagger/lib/Model/JSONWebKey.php | 452 +++++++++++++++++--- sdk/php/swagger/lib/Model/JSONWebKeySet.php | 14 +- 18 files changed, 889 insertions(+), 136 deletions(-) diff --git a/docs/api.swagger.json b/docs/api.swagger.json index 383a3585b40..a3d922b6ae3 100644 --- a/docs/api.swagger.json +++ b/docs/api.swagger.json @@ -1191,6 +1191,34 @@ } } }, + "/oauth2/auth/sessions/login/revoke": { + "get": { + "description": "This endpoint deletes ths user's login session cookie and redirects the browser to the url\nlisted in `LOGOUT_REDIRECT_URL` environment variable. This endpoint does not work as an API but has to\nbe called from the user's browser.", + "produces": [ + "application/json" + ], + "schemes": [ + "http", + "https" + ], + "tags": [ + "oAuth2" + ], + "summary": "Logs user out by deleting the session cookie", + "operationId": "revokeUserLoginCookie", + "responses": { + "302": { + "$ref": "#/responses/emptyResponse" + }, + "404": { + "$ref": "#/responses/genericError" + }, + "500": { + "$ref": "#/responses/genericError" + } + } + } + }, "/oauth2/auth/sessions/login/{user}": { "delete": { "description": "This endpoint invalidates a user's authentication session. After revoking the authentication session, the user\nhas to re-authenticate at ORY Hydra. This endpoint does not invalidate any tokens.", diff --git a/sdk/go/hydra/swagger/README.md b/sdk/go/hydra/swagger/README.md index f86f6fdc272..be6db14ae4c 100644 --- a/sdk/go/hydra/swagger/README.md +++ b/sdk/go/hydra/swagger/README.md @@ -52,6 +52,7 @@ Class | Method | HTTP request | Description *OAuth2Api* | [**RevokeAuthenticationSession**](docs/OAuth2Api.md#revokeauthenticationsession) | **Delete** /oauth2/auth/sessions/login/{user} | Invalidates a user's authentication session *OAuth2Api* | [**RevokeOAuth2Token**](docs/OAuth2Api.md#revokeoauth2token) | **Post** /oauth2/revoke | Revoke OAuth2 tokens *OAuth2Api* | [**RevokeUserClientConsentSessions**](docs/OAuth2Api.md#revokeuserclientconsentsessions) | **Delete** /oauth2/auth/sessions/consent/{user}/{client} | Revokes consent sessions of a user for a specific OAuth 2.0 Client +*OAuth2Api* | [**RevokeUserLoginCookie**](docs/OAuth2Api.md#revokeuserlogincookie) | **Get** /oauth2/auth/sessions/login/revoke | Logs user out by deleting the session cookie *OAuth2Api* | [**UpdateOAuth2Client**](docs/OAuth2Api.md#updateoauth2client) | **Put** /clients/{id} | Update an OAuth 2.0 Client *OAuth2Api* | [**Userinfo**](docs/OAuth2Api.md#userinfo) | **Post** /userinfo | OpenID Connect Userinfo *OAuth2Api* | [**WellKnown**](docs/OAuth2Api.md#wellknown) | **Get** /.well-known/jwks.json | Get Well-Known JSON Web Keys diff --git a/sdk/go/hydra/swagger/docs/OAuth2Api.md b/sdk/go/hydra/swagger/docs/OAuth2Api.md index 5685b392d4f..9d66007c3d2 100644 --- a/sdk/go/hydra/swagger/docs/OAuth2Api.md +++ b/sdk/go/hydra/swagger/docs/OAuth2Api.md @@ -24,6 +24,7 @@ Method | HTTP request | Description [**RevokeAuthenticationSession**](OAuth2Api.md#RevokeAuthenticationSession) | **Delete** /oauth2/auth/sessions/login/{user} | Invalidates a user's authentication session [**RevokeOAuth2Token**](OAuth2Api.md#RevokeOAuth2Token) | **Post** /oauth2/revoke | Revoke OAuth2 tokens [**RevokeUserClientConsentSessions**](OAuth2Api.md#RevokeUserClientConsentSessions) | **Delete** /oauth2/auth/sessions/consent/{user}/{client} | Revokes consent sessions of a user for a specific OAuth 2.0 Client +[**RevokeUserLoginCookie**](OAuth2Api.md#RevokeUserLoginCookie) | **Get** /oauth2/auth/sessions/login/revoke | Logs user out by deleting the session cookie [**UpdateOAuth2Client**](OAuth2Api.md#UpdateOAuth2Client) | **Put** /clients/{id} | Update an OAuth 2.0 Client [**Userinfo**](OAuth2Api.md#Userinfo) | **Post** /userinfo | OpenID Connect Userinfo [**WellKnown**](OAuth2Api.md#WellKnown) | **Get** /.well-known/jwks.json | Get Well-Known JSON Web Keys @@ -607,6 +608,32 @@ No authorization required [[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) +# **RevokeUserLoginCookie** +> RevokeUserLoginCookie() + +Logs user out by deleting the session cookie + +This endpoint deletes ths user's login session cookie and redirects the browser to the url listed in `LOGOUT_REDIRECT_URL` environment variable. This endpoint does not work as an API but has to be called from the user's browser. + + +### Parameters +This endpoint does not need any parameter. + +### Return type + +void (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json, application/x-www-form-urlencoded + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to Model list]](../README.md#documentation-for-models) [[Back to README]](../README.md) + # **UpdateOAuth2Client** > OAuth2Client UpdateOAuth2Client($id, $body) diff --git a/sdk/go/hydra/swagger/o_auth2_api.go b/sdk/go/hydra/swagger/o_auth2_api.go index 5d21650cbf9..c9b39a7c0c7 100644 --- a/sdk/go/hydra/swagger/o_auth2_api.go +++ b/sdk/go/hydra/swagger/o_auth2_api.go @@ -1287,6 +1287,63 @@ func (a OAuth2Api) RevokeUserClientConsentSessions(user string, client string) ( return localVarAPIResponse, err } +/** + * Logs user out by deleting the session cookie + * This endpoint deletes ths user's login session cookie and redirects the browser to the url listed in `LOGOUT_REDIRECT_URL` environment variable. This endpoint does not work as an API but has to be called from the user's browser. + * + * @return void + */ +func (a OAuth2Api) RevokeUserLoginCookie() (*APIResponse, error) { + + var localVarHttpMethod = strings.ToUpper("Get") + // create path and map variables + localVarPath := a.Configuration.BasePath + "/oauth2/auth/sessions/login/revoke" + + localVarHeaderParams := make(map[string]string) + localVarQueryParams := url.Values{} + localVarFormParams := make(map[string]string) + var localVarPostBody interface{} + var localVarFileName string + var localVarFileBytes []byte + // add default headers if any + for key := range a.Configuration.DefaultHeader { + localVarHeaderParams[key] = a.Configuration.DefaultHeader[key] + } + + // to determine the Content-Type header + localVarHttpContentTypes := []string{"application/json", "application/x-www-form-urlencoded"} + + // set Content-Type header + localVarHttpContentType := a.Configuration.APIClient.SelectHeaderContentType(localVarHttpContentTypes) + if localVarHttpContentType != "" { + localVarHeaderParams["Content-Type"] = localVarHttpContentType + } + // to determine the Accept header + localVarHttpHeaderAccepts := []string{ + "application/json", + } + + // set Accept header + localVarHttpHeaderAccept := a.Configuration.APIClient.SelectHeaderAccept(localVarHttpHeaderAccepts) + if localVarHttpHeaderAccept != "" { + localVarHeaderParams["Accept"] = localVarHttpHeaderAccept + } + localVarHttpResponse, err := a.Configuration.APIClient.CallAPI(localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes) + + var localVarURL, _ = url.Parse(localVarPath) + localVarURL.RawQuery = localVarQueryParams.Encode() + var localVarAPIResponse = &APIResponse{Operation: "RevokeUserLoginCookie", Method: localVarHttpMethod, RequestURL: localVarURL.String()} + if localVarHttpResponse != nil { + localVarAPIResponse.Response = localVarHttpResponse.RawResponse + localVarAPIResponse.Payload = localVarHttpResponse.Body() + } + + if err != nil { + return localVarAPIResponse, err + } + return localVarAPIResponse, err +} + /** * Update an OAuth 2.0 Client * Update an existing OAuth 2.0 Client. If you pass `client_secret` the secret will be updated and returned via the API. This is the only time you will be able to retrieve the client secret, so write it down and keep it safe. OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities. To manage ORY Hydra, you will need an OAuth 2.0 Client as well. Make sure that this endpoint is well protected and only callable by first-party components. diff --git a/sdk/js/swagger/README.md b/sdk/js/swagger/README.md index 0bb6c8b8f92..af82165800b 100644 --- a/sdk/js/swagger/README.md +++ b/sdk/js/swagger/README.md @@ -145,6 +145,7 @@ Class | Method | HTTP request | Description *OryHydraCloudNativeOAuth20AndOpenIdConnectServer.OAuth2Api* | [**revokeAuthenticationSession**](docs/OAuth2Api.md#revokeAuthenticationSession) | **DELETE** /oauth2/auth/sessions/login/{user} | Invalidates a user's authentication session *OryHydraCloudNativeOAuth20AndOpenIdConnectServer.OAuth2Api* | [**revokeOAuth2Token**](docs/OAuth2Api.md#revokeOAuth2Token) | **POST** /oauth2/revoke | Revoke OAuth2 tokens *OryHydraCloudNativeOAuth20AndOpenIdConnectServer.OAuth2Api* | [**revokeUserClientConsentSessions**](docs/OAuth2Api.md#revokeUserClientConsentSessions) | **DELETE** /oauth2/auth/sessions/consent/{user}/{client} | Revokes consent sessions of a user for a specific OAuth 2.0 Client +*OryHydraCloudNativeOAuth20AndOpenIdConnectServer.OAuth2Api* | [**revokeUserLoginCookie**](docs/OAuth2Api.md#revokeUserLoginCookie) | **GET** /oauth2/auth/sessions/login/revoke | Logs user out by deleting the session cookie *OryHydraCloudNativeOAuth20AndOpenIdConnectServer.OAuth2Api* | [**updateOAuth2Client**](docs/OAuth2Api.md#updateOAuth2Client) | **PUT** /clients/{id} | Update an OAuth 2.0 Client *OryHydraCloudNativeOAuth20AndOpenIdConnectServer.OAuth2Api* | [**userinfo**](docs/OAuth2Api.md#userinfo) | **POST** /userinfo | OpenID Connect Userinfo *OryHydraCloudNativeOAuth20AndOpenIdConnectServer.OAuth2Api* | [**wellKnown**](docs/OAuth2Api.md#wellKnown) | **GET** /.well-known/jwks.json | Get Well-Known JSON Web Keys diff --git a/sdk/js/swagger/docs/JSONWebKey.md b/sdk/js/swagger/docs/JSONWebKey.md index 7bbc0c48051..43f77c9cc5d 100644 --- a/sdk/js/swagger/docs/JSONWebKey.md +++ b/sdk/js/swagger/docs/JSONWebKey.md @@ -1,12 +1,24 @@ -# OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JSONWebKey +# OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JsonWebKey ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**algorithm** | **String** | | [optional] -**certificates** | [**[Certificate]**](Certificate.md) | | [optional] -**key** | **Object** | | [optional] -**keyID** | **String** | | [optional] -**use** | **String** | | [optional] +**alg** | **String** | The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. | [optional] +**crv** | **String** | | [optional] +**d** | **String** | | [optional] +**dp** | **String** | | [optional] +**dq** | **String** | | [optional] +**e** | **String** | | [optional] +**k** | **String** | | [optional] +**kid** | **String** | The \"kid\" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the \"kid\" value is unspecified. When \"kid\" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct \"kid\" values. (One example in which different keys might use the same \"kid\" value is if they have different \"kty\" (key type) values but are considered to be equivalent alternatives by the application using them.) The \"kid\" value is a case-sensitive string. | [optional] +**kty** | **String** | The \"kty\" (key type) parameter identifies the cryptographic algorithm family used with the key, such as \"RSA\" or \"EC\". \"kty\" values should either be registered in the IANA \"JSON Web Key Types\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The \"kty\" value is a case-sensitive string. | [optional] +**n** | **String** | | [optional] +**p** | **String** | | [optional] +**q** | **String** | | [optional] +**qi** | **String** | | [optional] +**use** | **String** | The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly \"sig\" (signature) or \"enc\" (encryption). | [optional] +**x** | **String** | | [optional] +**x5c** | **[String]** | The \"x5c\" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. | [optional] +**y** | **String** | | [optional] diff --git a/sdk/js/swagger/docs/JSONWebKeySet.md b/sdk/js/swagger/docs/JSONWebKeySet.md index 15db72104b1..c5a28fde64e 100644 --- a/sdk/js/swagger/docs/JSONWebKeySet.md +++ b/sdk/js/swagger/docs/JSONWebKeySet.md @@ -1,8 +1,8 @@ -# OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JSONWebKeySet +# OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JsonWebKeySet ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**keys** | [**[JSONWebKey]**](JSONWebKey.md) | | [optional] +**keys** | [**[JsonWebKey]**](JsonWebKey.md) | The value of the \"keys\" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. | [optional] diff --git a/sdk/js/swagger/docs/OAuth2Api.md b/sdk/js/swagger/docs/OAuth2Api.md index 860c7c6eb9c..7ab62aa3650 100644 --- a/sdk/js/swagger/docs/OAuth2Api.md +++ b/sdk/js/swagger/docs/OAuth2Api.md @@ -24,6 +24,7 @@ Method | HTTP request | Description [**revokeAuthenticationSession**](OAuth2Api.md#revokeAuthenticationSession) | **DELETE** /oauth2/auth/sessions/login/{user} | Invalidates a user's authentication session [**revokeOAuth2Token**](OAuth2Api.md#revokeOAuth2Token) | **POST** /oauth2/revoke | Revoke OAuth2 tokens [**revokeUserClientConsentSessions**](OAuth2Api.md#revokeUserClientConsentSessions) | **DELETE** /oauth2/auth/sessions/consent/{user}/{client} | Revokes consent sessions of a user for a specific OAuth 2.0 Client +[**revokeUserLoginCookie**](OAuth2Api.md#revokeUserLoginCookie) | **GET** /oauth2/auth/sessions/login/revoke | Logs user out by deleting the session cookie [**updateOAuth2Client**](OAuth2Api.md#updateOAuth2Client) | **PUT** /clients/{id} | Update an OAuth 2.0 Client [**userinfo**](OAuth2Api.md#userinfo) | **POST** /userinfo | OpenID Connect Userinfo [**wellKnown**](OAuth2Api.md#wellKnown) | **GET** /.well-known/jwks.json | Get Well-Known JSON Web Keys @@ -988,6 +989,46 @@ No authorization required - **Content-Type**: application/json - **Accept**: application/json + +# **revokeUserLoginCookie** +> revokeUserLoginCookie() + +Logs user out by deleting the session cookie + +This endpoint deletes ths user's login session cookie and redirects the browser to the url listed in `LOGOUT_REDIRECT_URL` environment variable. This endpoint does not work as an API but has to be called from the user's browser. + +### Example +```javascript +var OryHydraCloudNativeOAuth20AndOpenIdConnectServer = require('ory_hydra___cloud_native_o_auth_20_and_open_id_connect_server'); + +var apiInstance = new OryHydraCloudNativeOAuth20AndOpenIdConnectServer.OAuth2Api(); + +var callback = function(error, data, response) { + if (error) { + console.error(error); + } else { + console.log('API called successfully.'); + } +}; +apiInstance.revokeUserLoginCookie(callback); +``` + +### Parameters +This endpoint does not need any parameter. + +### Return type + +null (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json, application/x-www-form-urlencoded + - **Accept**: application/json + # **updateOAuth2Client** > OAuth2Client updateOAuth2Client(id, body) diff --git a/sdk/js/swagger/src/api/OAuth2Api.js b/sdk/js/swagger/src/api/OAuth2Api.js index 8840704757b..3f6a457c515 100644 --- a/sdk/js/swagger/src/api/OAuth2Api.js +++ b/sdk/js/swagger/src/api/OAuth2Api.js @@ -1158,6 +1158,51 @@ ) } + /** + * Callback function to receive the result of the revokeUserLoginCookie operation. + * @callback module:api/OAuth2Api~revokeUserLoginCookieCallback + * @param {String} error Error message, if any. + * @param data This operation does not return a value. + * @param {String} response The complete HTTP response. + */ + + /** + * Logs user out by deleting the session cookie + * This endpoint deletes ths user's login session cookie and redirects the browser to the url listed in `LOGOUT_REDIRECT_URL` environment variable. This endpoint does not work as an API but has to be called from the user's browser. + * @param {module:api/OAuth2Api~revokeUserLoginCookieCallback} callback The callback function, accepting three arguments: error, data, response + */ + this.revokeUserLoginCookie = function(callback) { + var postBody = null + + var pathParams = {} + var queryParams = {} + var headerParams = {} + var formParams = {} + + var authNames = [] + var contentTypes = [ + 'application/json', + 'application/x-www-form-urlencoded' + ] + var accepts = ['application/json'] + var returnType = null + + return this.apiClient.callApi( + '/oauth2/auth/sessions/login/revoke', + 'GET', + pathParams, + queryParams, + headerParams, + formParams, + postBody, + authNames, + contentTypes, + accepts, + returnType, + callback + ) + } + /** * Callback function to receive the result of the updateOAuth2Client operation. * @callback module:api/OAuth2Api~updateOAuth2ClientCallback diff --git a/sdk/js/swagger/src/model/JSONWebKey.js b/sdk/js/swagger/src/model/JSONWebKey.js index 6738aca8f71..2735265b784 100644 --- a/sdk/js/swagger/src/model/JSONWebKey.js +++ b/sdk/js/swagger/src/model/JSONWebKey.js @@ -17,32 +17,31 @@ ;(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient', 'model/Certificate'], factory) + define(['ApiClient'], factory) } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient'), require('./Certificate')) + module.exports = factory(require('../ApiClient')) } else { // Browser globals (root is window) if (!root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer) { root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer = {} } - root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JSONWebKey = factory( - root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.ApiClient, - root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.Certificate + root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JsonWebKey = factory( + root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.ApiClient ) } -})(this, function(ApiClient, Certificate) { +})(this, function(ApiClient) { 'use strict' /** - * The JSONWebKey model module. - * @module model/JSONWebKey + * The JsonWebKey model module. + * @module model/JsonWebKey * @version Latest */ /** - * Constructs a new JSONWebKey. - * @alias module:model/JSONWebKey + * Constructs a new JsonWebKey. + * @alias module:model/JsonWebKey * @class */ var exports = function() { @@ -50,57 +49,144 @@ } /** - * Constructs a JSONWebKey from a plain JavaScript object, optionally creating a new instance. + * Constructs a JsonWebKey from a plain JavaScript object, optionally creating a new instance. * Copies all relevant properties from data to obj if supplied or a new instance if not. * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/JSONWebKey} obj Optional instance to populate. - * @return {module:model/JSONWebKey} The populated JSONWebKey instance. + * @param {module:model/JsonWebKey} obj Optional instance to populate. + * @return {module:model/JsonWebKey} The populated JsonWebKey instance. */ exports.constructFromObject = function(data, obj) { if (data) { obj = obj || new exports() - if (data.hasOwnProperty('Algorithm')) { - obj['Algorithm'] = ApiClient.convertToType(data['Algorithm'], 'String') + if (data.hasOwnProperty('alg')) { + obj['alg'] = ApiClient.convertToType(data['alg'], 'String') } - if (data.hasOwnProperty('Certificates')) { - obj['Certificates'] = ApiClient.convertToType(data['Certificates'], [ - Certificate - ]) + if (data.hasOwnProperty('crv')) { + obj['crv'] = ApiClient.convertToType(data['crv'], 'String') } - if (data.hasOwnProperty('Key')) { - obj['Key'] = ApiClient.convertToType(data['Key'], Object) + if (data.hasOwnProperty('d')) { + obj['d'] = ApiClient.convertToType(data['d'], 'String') } - if (data.hasOwnProperty('KeyID')) { - obj['KeyID'] = ApiClient.convertToType(data['KeyID'], 'String') + if (data.hasOwnProperty('dp')) { + obj['dp'] = ApiClient.convertToType(data['dp'], 'String') } - if (data.hasOwnProperty('Use')) { - obj['Use'] = ApiClient.convertToType(data['Use'], 'String') + if (data.hasOwnProperty('dq')) { + obj['dq'] = ApiClient.convertToType(data['dq'], 'String') + } + if (data.hasOwnProperty('e')) { + obj['e'] = ApiClient.convertToType(data['e'], 'String') + } + if (data.hasOwnProperty('k')) { + obj['k'] = ApiClient.convertToType(data['k'], 'String') + } + if (data.hasOwnProperty('kid')) { + obj['kid'] = ApiClient.convertToType(data['kid'], 'String') + } + if (data.hasOwnProperty('kty')) { + obj['kty'] = ApiClient.convertToType(data['kty'], 'String') + } + if (data.hasOwnProperty('n')) { + obj['n'] = ApiClient.convertToType(data['n'], 'String') + } + if (data.hasOwnProperty('p')) { + obj['p'] = ApiClient.convertToType(data['p'], 'String') + } + if (data.hasOwnProperty('q')) { + obj['q'] = ApiClient.convertToType(data['q'], 'String') + } + if (data.hasOwnProperty('qi')) { + obj['qi'] = ApiClient.convertToType(data['qi'], 'String') + } + if (data.hasOwnProperty('use')) { + obj['use'] = ApiClient.convertToType(data['use'], 'String') + } + if (data.hasOwnProperty('x')) { + obj['x'] = ApiClient.convertToType(data['x'], 'String') + } + if (data.hasOwnProperty('x5c')) { + obj['x5c'] = ApiClient.convertToType(data['x5c'], ['String']) + } + if (data.hasOwnProperty('y')) { + obj['y'] = ApiClient.convertToType(data['y'], 'String') } } return obj } /** - * @member {String} Algorithm + * The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. + * @member {String} alg + */ + exports.prototype['alg'] = undefined + /** + * @member {String} crv + */ + exports.prototype['crv'] = undefined + /** + * @member {String} d + */ + exports.prototype['d'] = undefined + /** + * @member {String} dp + */ + exports.prototype['dp'] = undefined + /** + * @member {String} dq + */ + exports.prototype['dq'] = undefined + /** + * @member {String} e + */ + exports.prototype['e'] = undefined + /** + * @member {String} k + */ + exports.prototype['k'] = undefined + /** + * The \"kid\" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the \"kid\" value is unspecified. When \"kid\" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct \"kid\" values. (One example in which different keys might use the same \"kid\" value is if they have different \"kty\" (key type) values but are considered to be equivalent alternatives by the application using them.) The \"kid\" value is a case-sensitive string. + * @member {String} kid + */ + exports.prototype['kid'] = undefined + /** + * The \"kty\" (key type) parameter identifies the cryptographic algorithm family used with the key, such as \"RSA\" or \"EC\". \"kty\" values should either be registered in the IANA \"JSON Web Key Types\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The \"kty\" value is a case-sensitive string. + * @member {String} kty + */ + exports.prototype['kty'] = undefined + /** + * @member {String} n + */ + exports.prototype['n'] = undefined + /** + * @member {String} p + */ + exports.prototype['p'] = undefined + /** + * @member {String} q + */ + exports.prototype['q'] = undefined + /** + * @member {String} qi */ - exports.prototype['Algorithm'] = undefined + exports.prototype['qi'] = undefined /** - * @member {Array.} Certificates + * The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly \"sig\" (signature) or \"enc\" (encryption). + * @member {String} use */ - exports.prototype['Certificates'] = undefined + exports.prototype['use'] = undefined /** - * @member {Object} Key + * @member {String} x */ - exports.prototype['Key'] = undefined + exports.prototype['x'] = undefined /** - * @member {String} KeyID + * The \"x5c\" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. + * @member {Array.} x5c */ - exports.prototype['KeyID'] = undefined + exports.prototype['x5c'] = undefined /** - * @member {String} Use + * @member {String} y */ - exports.prototype['Use'] = undefined + exports.prototype['y'] = undefined return exports }) diff --git a/sdk/js/swagger/src/model/JSONWebKeySet.js b/sdk/js/swagger/src/model/JSONWebKeySet.js index 6b07a379fa6..3744d51b825 100644 --- a/sdk/js/swagger/src/model/JSONWebKeySet.js +++ b/sdk/js/swagger/src/model/JSONWebKeySet.js @@ -17,32 +17,32 @@ ;(function(root, factory) { if (typeof define === 'function' && define.amd) { // AMD. Register as an anonymous module. - define(['ApiClient', 'model/JSONWebKey'], factory) + define(['ApiClient', 'model/JsonWebKey'], factory) } else if (typeof module === 'object' && module.exports) { // CommonJS-like environments that support module.exports, like Node. - module.exports = factory(require('../ApiClient'), require('./JSONWebKey')) + module.exports = factory(require('../ApiClient'), require('./JsonWebKey')) } else { // Browser globals (root is window) if (!root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer) { root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer = {} } - root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JSONWebKeySet = factory( + root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JsonWebKeySet = factory( root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.ApiClient, - root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JSONWebKey + root.OryHydraCloudNativeOAuth20AndOpenIdConnectServer.JsonWebKey ) } -})(this, function(ApiClient, JSONWebKey) { +})(this, function(ApiClient, JsonWebKey) { 'use strict' /** - * The JSONWebKeySet model module. - * @module model/JSONWebKeySet + * The JsonWebKeySet model module. + * @module model/JsonWebKeySet * @version Latest */ /** - * Constructs a new JSONWebKeySet. - * @alias module:model/JSONWebKeySet + * Constructs a new JsonWebKeySet. + * @alias module:model/JsonWebKeySet * @class */ var exports = function() { @@ -50,25 +50,26 @@ } /** - * Constructs a JSONWebKeySet from a plain JavaScript object, optionally creating a new instance. + * Constructs a JsonWebKeySet from a plain JavaScript object, optionally creating a new instance. * Copies all relevant properties from data to obj if supplied or a new instance if not. * @param {Object} data The plain JavaScript object bearing properties of interest. - * @param {module:model/JSONWebKeySet} obj Optional instance to populate. - * @return {module:model/JSONWebKeySet} The populated JSONWebKeySet instance. + * @param {module:model/JsonWebKeySet} obj Optional instance to populate. + * @return {module:model/JsonWebKeySet} The populated JsonWebKeySet instance. */ exports.constructFromObject = function(data, obj) { if (data) { obj = obj || new exports() if (data.hasOwnProperty('keys')) { - obj['keys'] = ApiClient.convertToType(data['keys'], [JSONWebKey]) + obj['keys'] = ApiClient.convertToType(data['keys'], [JsonWebKey]) } } return obj } /** - * @member {Array.} keys + * The value of the \"keys\" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. + * @member {Array.} keys */ exports.prototype['keys'] = undefined diff --git a/sdk/php/swagger/README.md b/sdk/php/swagger/README.md index 84187648156..0b52e664dcf 100644 --- a/sdk/php/swagger/README.md +++ b/sdk/php/swagger/README.md @@ -105,6 +105,7 @@ Class | Method | HTTP request | Description *OAuth2Api* | [**revokeAuthenticationSession**](docs/Api/OAuth2Api.md#revokeauthenticationsession) | **DELETE** /oauth2/auth/sessions/login/{user} | Invalidates a user's authentication session *OAuth2Api* | [**revokeOAuth2Token**](docs/Api/OAuth2Api.md#revokeoauth2token) | **POST** /oauth2/revoke | Revoke OAuth2 tokens *OAuth2Api* | [**revokeUserClientConsentSessions**](docs/Api/OAuth2Api.md#revokeuserclientconsentsessions) | **DELETE** /oauth2/auth/sessions/consent/{user}/{client} | Revokes consent sessions of a user for a specific OAuth 2.0 Client +*OAuth2Api* | [**revokeUserLoginCookie**](docs/Api/OAuth2Api.md#revokeuserlogincookie) | **GET** /oauth2/auth/sessions/login/revoke | Logs user out by deleting the session cookie *OAuth2Api* | [**updateOAuth2Client**](docs/Api/OAuth2Api.md#updateoauth2client) | **PUT** /clients/{id} | Update an OAuth 2.0 Client *OAuth2Api* | [**userinfo**](docs/Api/OAuth2Api.md#userinfo) | **POST** /userinfo | OpenID Connect Userinfo *OAuth2Api* | [**wellKnown**](docs/Api/OAuth2Api.md#wellknown) | **GET** /.well-known/jwks.json | Get Well-Known JSON Web Keys diff --git a/sdk/php/swagger/docs/Api/OAuth2Api.md b/sdk/php/swagger/docs/Api/OAuth2Api.md index 73fea2de950..ead3c5b2c7a 100644 --- a/sdk/php/swagger/docs/Api/OAuth2Api.md +++ b/sdk/php/swagger/docs/Api/OAuth2Api.md @@ -25,6 +25,7 @@ Method | HTTP request | Description [**revokeAuthenticationSession**](OAuth2Api.md#revokeAuthenticationSession) | **DELETE** /oauth2/auth/sessions/login/{user} | Invalidates a user's authentication session [**revokeOAuth2Token**](OAuth2Api.md#revokeOAuth2Token) | **POST** /oauth2/revoke | Revoke OAuth2 tokens [**revokeUserClientConsentSessions**](OAuth2Api.md#revokeUserClientConsentSessions) | **DELETE** /oauth2/auth/sessions/consent/{user}/{client} | Revokes consent sessions of a user for a specific OAuth 2.0 Client +[**revokeUserLoginCookie**](OAuth2Api.md#revokeUserLoginCookie) | **GET** /oauth2/auth/sessions/login/revoke | Logs user out by deleting the session cookie [**updateOAuth2Client**](OAuth2Api.md#updateOAuth2Client) | **PUT** /clients/{id} | Update an OAuth 2.0 Client [**userinfo**](OAuth2Api.md#userinfo) | **POST** /userinfo | OpenID Connect Userinfo [**wellKnown**](OAuth2Api.md#wellKnown) | **GET** /.well-known/jwks.json | Get Well-Known JSON Web Keys @@ -943,6 +944,46 @@ No authorization required [[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) +# **revokeUserLoginCookie** +> revokeUserLoginCookie() + +Logs user out by deleting the session cookie + +This endpoint deletes ths user's login session cookie and redirects the browser to the url listed in `LOGOUT_REDIRECT_URL` environment variable. This endpoint does not work as an API but has to be called from the user's browser. + +### Example +```php +revokeUserLoginCookie(); +} catch (Exception $e) { + echo 'Exception when calling OAuth2Api->revokeUserLoginCookie: ', $e->getMessage(), PHP_EOL; +} +?> +``` + +### Parameters +This endpoint does not need any parameter. + +### Return type + +void (empty response body) + +### Authorization + +No authorization required + +### HTTP request headers + + - **Content-Type**: application/json, application/x-www-form-urlencoded + - **Accept**: application/json + +[[Back to top]](#) [[Back to API list]](../../README.md#documentation-for-api-endpoints) [[Back to Model list]](../../README.md#documentation-for-models) [[Back to README]](../../README.md) + # **updateOAuth2Client** > \Hydra\SDK\Model\OAuth2Client updateOAuth2Client($id, $body) diff --git a/sdk/php/swagger/docs/Model/JSONWebKey.md b/sdk/php/swagger/docs/Model/JSONWebKey.md index d693ac2a666..36119ee9415 100644 --- a/sdk/php/swagger/docs/Model/JSONWebKey.md +++ b/sdk/php/swagger/docs/Model/JSONWebKey.md @@ -1,13 +1,25 @@ -# JSONWebKey +# JsonWebKey ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**algorithm** | **string** | | [optional] -**certificates** | [**\Hydra\SDK\Model\Certificate[]**](Certificate.md) | | [optional] -**key** | **object** | | [optional] -**key_id** | **string** | | [optional] -**use** | **string** | | [optional] +**alg** | **string** | The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. | [optional] +**crv** | **string** | | [optional] +**d** | **string** | | [optional] +**dp** | **string** | | [optional] +**dq** | **string** | | [optional] +**e** | **string** | | [optional] +**k** | **string** | | [optional] +**kid** | **string** | The \"kid\" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the \"kid\" value is unspecified. When \"kid\" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct \"kid\" values. (One example in which different keys might use the same \"kid\" value is if they have different \"kty\" (key type) values but are considered to be equivalent alternatives by the application using them.) The \"kid\" value is a case-sensitive string. | [optional] +**kty** | **string** | The \"kty\" (key type) parameter identifies the cryptographic algorithm family used with the key, such as \"RSA\" or \"EC\". \"kty\" values should either be registered in the IANA \"JSON Web Key Types\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The \"kty\" value is a case-sensitive string. | [optional] +**n** | **string** | | [optional] +**p** | **string** | | [optional] +**q** | **string** | | [optional] +**qi** | **string** | | [optional] +**use** | **string** | The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly \"sig\" (signature) or \"enc\" (encryption). | [optional] +**x** | **string** | | [optional] +**x5c** | **string[]** | The \"x5c\" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. | [optional] +**y** | **string** | | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/docs/Model/JSONWebKeySet.md b/sdk/php/swagger/docs/Model/JSONWebKeySet.md index 4d85289d79a..41cebd564ed 100644 --- a/sdk/php/swagger/docs/Model/JSONWebKeySet.md +++ b/sdk/php/swagger/docs/Model/JSONWebKeySet.md @@ -1,9 +1,9 @@ -# JSONWebKeySet +# JsonWebKeySet ## Properties Name | Type | Description | Notes ------------ | ------------- | ------------- | ------------- -**keys** | [**\Hydra\SDK\Model\JSONWebKey[]**](JSONWebKey.md) | | [optional] +**keys** | [**\Hydra\SDK\Model\JsonWebKey[]**](JsonWebKey.md) | The value of the \"keys\" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. | [optional] [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md) diff --git a/sdk/php/swagger/lib/Api/OAuth2Api.php b/sdk/php/swagger/lib/Api/OAuth2Api.php index 47012e544b2..e25fdc34332 100644 --- a/sdk/php/swagger/lib/Api/OAuth2Api.php +++ b/sdk/php/swagger/lib/Api/OAuth2Api.php @@ -1969,6 +1969,82 @@ public function revokeUserClientConsentSessionsWithHttpInfo($user, $client) } } + /** + * Operation revokeUserLoginCookie + * + * Logs user out by deleting the session cookie + * + * Client for Hydra + * + * @throws \Hydra\SDK\ApiException on non-2xx response + * @return void + */ + public function revokeUserLoginCookie() + { + list($response) = $this->revokeUserLoginCookieWithHttpInfo(); + return $response; + } + + /** + * Operation revokeUserLoginCookieWithHttpInfo + * + * Logs user out by deleting the session cookie + * + * Client for Hydra + * + * @throws \Hydra\SDK\ApiException on non-2xx response + * @return array of null, HTTP status code, HTTP response headers (array of strings) + */ + public function revokeUserLoginCookieWithHttpInfo() + { + // parse inputs + $resourcePath = "/oauth2/auth/sessions/login/revoke"; + $httpBody = ''; + $queryParams = []; + $headerParams = []; + $formParams = []; + $_header_accept = $this->apiClient->selectHeaderAccept(['application/json']); + if (!is_null($_header_accept)) { + $headerParams['Accept'] = $_header_accept; + } + $headerParams['Content-Type'] = $this->apiClient->selectHeaderContentType(['application/json', 'application/x-www-form-urlencoded']); + + + // for model (json/xml) + if (isset($_tempBody)) { + $httpBody = $_tempBody; // $_tempBody is the method argument, if present + } elseif (count($formParams) > 0) { + $httpBody = $formParams; // for HTTP post (form) + } + // make the API Call + try { + list($response, $statusCode, $httpHeader) = $this->apiClient->callApi( + $resourcePath, + 'GET', + $queryParams, + $httpBody, + $headerParams, + null, + '/oauth2/auth/sessions/login/revoke' + ); + + return [null, $statusCode, $httpHeader]; + } catch (ApiException $e) { + switch ($e->getCode()) { + case 404: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\Hydra\SDK\Model\InlineResponse401', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + case 500: + $data = $this->apiClient->getSerializer()->deserialize($e->getResponseBody(), '\Hydra\SDK\Model\InlineResponse401', $e->getResponseHeaders()); + $e->setResponseObject($data); + break; + } + + throw $e; + } + } + /** * Operation updateOAuth2Client * diff --git a/sdk/php/swagger/lib/Model/JSONWebKey.php b/sdk/php/swagger/lib/Model/JSONWebKey.php index 50080d87c7a..4101c09bc00 100644 --- a/sdk/php/swagger/lib/Model/JSONWebKey.php +++ b/sdk/php/swagger/lib/Model/JSONWebKey.php @@ -1,6 +1,6 @@ 'string', - 'certificates' => '\Hydra\SDK\Model\Certificate[]', - 'key' => 'object', - 'key_id' => 'string', - 'use' => 'string' + 'alg' => 'string', + 'crv' => 'string', + 'd' => 'string', + 'dp' => 'string', + 'dq' => 'string', + 'e' => 'string', + 'k' => 'string', + 'kid' => 'string', + 'kty' => 'string', + 'n' => 'string', + 'p' => 'string', + 'q' => 'string', + 'qi' => 'string', + 'use' => 'string', + 'x' => 'string', + 'x5c' => 'string[]', + 'y' => 'string' ]; /** @@ -66,11 +78,23 @@ class JSONWebKey implements ArrayAccess * @var string[] */ protected static $swaggerFormats = [ - 'algorithm' => null, - 'certificates' => null, - 'key' => null, - 'key_id' => null, - 'use' => null + 'alg' => null, + 'crv' => null, + 'd' => null, + 'dp' => null, + 'dq' => null, + 'e' => null, + 'k' => null, + 'kid' => null, + 'kty' => null, + 'n' => null, + 'p' => null, + 'q' => null, + 'qi' => null, + 'use' => null, + 'x' => null, + 'x5c' => null, + 'y' => null ]; public static function swaggerTypes() @@ -88,11 +112,23 @@ public static function swaggerFormats() * @var string[] */ protected static $attributeMap = [ - 'algorithm' => 'Algorithm', - 'certificates' => 'Certificates', - 'key' => 'Key', - 'key_id' => 'KeyID', - 'use' => 'Use' + 'alg' => 'alg', + 'crv' => 'crv', + 'd' => 'd', + 'dp' => 'dp', + 'dq' => 'dq', + 'e' => 'e', + 'k' => 'k', + 'kid' => 'kid', + 'kty' => 'kty', + 'n' => 'n', + 'p' => 'p', + 'q' => 'q', + 'qi' => 'qi', + 'use' => 'use', + 'x' => 'x', + 'x5c' => 'x5c', + 'y' => 'y' ]; @@ -101,11 +137,23 @@ public static function swaggerFormats() * @var string[] */ protected static $setters = [ - 'algorithm' => 'setAlgorithm', - 'certificates' => 'setCertificates', - 'key' => 'setKey', - 'key_id' => 'setKeyId', - 'use' => 'setUse' + 'alg' => 'setAlg', + 'crv' => 'setCrv', + 'd' => 'setD', + 'dp' => 'setDp', + 'dq' => 'setDq', + 'e' => 'setE', + 'k' => 'setK', + 'kid' => 'setKid', + 'kty' => 'setKty', + 'n' => 'setN', + 'p' => 'setP', + 'q' => 'setQ', + 'qi' => 'setQi', + 'use' => 'setUse', + 'x' => 'setX', + 'x5c' => 'setX5c', + 'y' => 'setY' ]; @@ -114,11 +162,23 @@ public static function swaggerFormats() * @var string[] */ protected static $getters = [ - 'algorithm' => 'getAlgorithm', - 'certificates' => 'getCertificates', - 'key' => 'getKey', - 'key_id' => 'getKeyId', - 'use' => 'getUse' + 'alg' => 'getAlg', + 'crv' => 'getCrv', + 'd' => 'getD', + 'dp' => 'getDp', + 'dq' => 'getDq', + 'e' => 'getE', + 'k' => 'getK', + 'kid' => 'getKid', + 'kty' => 'getKty', + 'n' => 'getN', + 'p' => 'getP', + 'q' => 'getQ', + 'qi' => 'getQi', + 'use' => 'getUse', + 'x' => 'getX', + 'x5c' => 'getX5c', + 'y' => 'getY' ]; public static function attributeMap() @@ -152,11 +212,23 @@ public static function getters() */ public function __construct(array $data = null) { - $this->container['algorithm'] = isset($data['algorithm']) ? $data['algorithm'] : null; - $this->container['certificates'] = isset($data['certificates']) ? $data['certificates'] : null; - $this->container['key'] = isset($data['key']) ? $data['key'] : null; - $this->container['key_id'] = isset($data['key_id']) ? $data['key_id'] : null; + $this->container['alg'] = isset($data['alg']) ? $data['alg'] : null; + $this->container['crv'] = isset($data['crv']) ? $data['crv'] : null; + $this->container['d'] = isset($data['d']) ? $data['d'] : null; + $this->container['dp'] = isset($data['dp']) ? $data['dp'] : null; + $this->container['dq'] = isset($data['dq']) ? $data['dq'] : null; + $this->container['e'] = isset($data['e']) ? $data['e'] : null; + $this->container['k'] = isset($data['k']) ? $data['k'] : null; + $this->container['kid'] = isset($data['kid']) ? $data['kid'] : null; + $this->container['kty'] = isset($data['kty']) ? $data['kty'] : null; + $this->container['n'] = isset($data['n']) ? $data['n'] : null; + $this->container['p'] = isset($data['p']) ? $data['p'] : null; + $this->container['q'] = isset($data['q']) ? $data['q'] : null; + $this->container['qi'] = isset($data['qi']) ? $data['qi'] : null; $this->container['use'] = isset($data['use']) ? $data['use'] : null; + $this->container['x'] = isset($data['x']) ? $data['x'] : null; + $this->container['x5c'] = isset($data['x5c']) ? $data['x5c'] : null; + $this->container['y'] = isset($data['y']) ? $data['y'] : null; } /** @@ -185,85 +257,274 @@ public function valid() /** - * Gets algorithm + * Gets alg * @return string */ - public function getAlgorithm() + public function getAlg() { - return $this->container['algorithm']; + return $this->container['alg']; } /** - * Sets algorithm - * @param string $algorithm + * Sets alg + * @param string $alg The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. * @return $this */ - public function setAlgorithm($algorithm) + public function setAlg($alg) { - $this->container['algorithm'] = $algorithm; + $this->container['alg'] = $alg; return $this; } /** - * Gets certificates - * @return \Hydra\SDK\Model\Certificate[] + * Gets crv + * @return string + */ + public function getCrv() + { + return $this->container['crv']; + } + + /** + * Sets crv + * @param string $crv + * @return $this + */ + public function setCrv($crv) + { + $this->container['crv'] = $crv; + + return $this; + } + + /** + * Gets d + * @return string */ - public function getCertificates() + public function getD() { - return $this->container['certificates']; + return $this->container['d']; } /** - * Sets certificates - * @param \Hydra\SDK\Model\Certificate[] $certificates + * Sets d + * @param string $d * @return $this */ - public function setCertificates($certificates) + public function setD($d) { - $this->container['certificates'] = $certificates; + $this->container['d'] = $d; return $this; } /** - * Gets key - * @return object + * Gets dp + * @return string */ - public function getKey() + public function getDp() { - return $this->container['key']; + return $this->container['dp']; } /** - * Sets key - * @param object $key + * Sets dp + * @param string $dp * @return $this */ - public function setKey($key) + public function setDp($dp) { - $this->container['key'] = $key; + $this->container['dp'] = $dp; return $this; } /** - * Gets key_id + * Gets dq * @return string */ - public function getKeyId() + public function getDq() { - return $this->container['key_id']; + return $this->container['dq']; } /** - * Sets key_id - * @param string $key_id + * Sets dq + * @param string $dq * @return $this */ - public function setKeyId($key_id) + public function setDq($dq) { - $this->container['key_id'] = $key_id; + $this->container['dq'] = $dq; + + return $this; + } + + /** + * Gets e + * @return string + */ + public function getE() + { + return $this->container['e']; + } + + /** + * Sets e + * @param string $e + * @return $this + */ + public function setE($e) + { + $this->container['e'] = $e; + + return $this; + } + + /** + * Gets k + * @return string + */ + public function getK() + { + return $this->container['k']; + } + + /** + * Sets k + * @param string $k + * @return $this + */ + public function setK($k) + { + $this->container['k'] = $k; + + return $this; + } + + /** + * Gets kid + * @return string + */ + public function getKid() + { + return $this->container['kid']; + } + + /** + * Sets kid + * @param string $kid The \"kid\" (key ID) parameter is used to match a specific key. This is used, for instance, to choose among a set of keys within a JWK Set during key rollover. The structure of the \"kid\" value is unspecified. When \"kid\" values are used within a JWK Set, different keys within the JWK Set SHOULD use distinct \"kid\" values. (One example in which different keys might use the same \"kid\" value is if they have different \"kty\" (key type) values but are considered to be equivalent alternatives by the application using them.) The \"kid\" value is a case-sensitive string. + * @return $this + */ + public function setKid($kid) + { + $this->container['kid'] = $kid; + + return $this; + } + + /** + * Gets kty + * @return string + */ + public function getKty() + { + return $this->container['kty']; + } + + /** + * Sets kty + * @param string $kty The \"kty\" (key type) parameter identifies the cryptographic algorithm family used with the key, such as \"RSA\" or \"EC\". \"kty\" values should either be registered in the IANA \"JSON Web Key Types\" registry established by [JWA] or be a value that contains a Collision- Resistant Name. The \"kty\" value is a case-sensitive string. + * @return $this + */ + public function setKty($kty) + { + $this->container['kty'] = $kty; + + return $this; + } + + /** + * Gets n + * @return string + */ + public function getN() + { + return $this->container['n']; + } + + /** + * Sets n + * @param string $n + * @return $this + */ + public function setN($n) + { + $this->container['n'] = $n; + + return $this; + } + + /** + * Gets p + * @return string + */ + public function getP() + { + return $this->container['p']; + } + + /** + * Sets p + * @param string $p + * @return $this + */ + public function setP($p) + { + $this->container['p'] = $p; + + return $this; + } + + /** + * Gets q + * @return string + */ + public function getQ() + { + return $this->container['q']; + } + + /** + * Sets q + * @param string $q + * @return $this + */ + public function setQ($q) + { + $this->container['q'] = $q; + + return $this; + } + + /** + * Gets qi + * @return string + */ + public function getQi() + { + return $this->container['qi']; + } + + /** + * Sets qi + * @param string $qi + * @return $this + */ + public function setQi($qi) + { + $this->container['qi'] = $qi; return $this; } @@ -279,7 +540,7 @@ public function getUse() /** * Sets use - * @param string $use + * @param string $use The \"use\" (public key use) parameter identifies the intended use of the public key. The \"use\" parameter is employed to indicate whether a public key is used for encrypting data or verifying the signature on data. Values are commonly \"sig\" (signature) or \"enc\" (encryption). * @return $this */ public function setUse($use) @@ -288,6 +549,69 @@ public function setUse($use) return $this; } + + /** + * Gets x + * @return string + */ + public function getX() + { + return $this->container['x']; + } + + /** + * Sets x + * @param string $x + * @return $this + */ + public function setX($x) + { + $this->container['x'] = $x; + + return $this; + } + + /** + * Gets x5c + * @return string[] + */ + public function getX5c() + { + return $this->container['x5c']; + } + + /** + * Sets x5c + * @param string[] $x5c The \"x5c\" (X.509 certificate chain) parameter contains a chain of one or more PKIX certificates [RFC5280]. The certificate chain is represented as a JSON array of certificate value strings. Each string in the array is a base64-encoded (Section 4 of [RFC4648] -- not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value. The PKIX certificate containing the key value MUST be the first certificate. + * @return $this + */ + public function setX5c($x5c) + { + $this->container['x5c'] = $x5c; + + return $this; + } + + /** + * Gets y + * @return string + */ + public function getY() + { + return $this->container['y']; + } + + /** + * Sets y + * @param string $y + * @return $this + */ + public function setY($y) + { + $this->container['y'] = $y; + + return $this; + } /** * Returns true if offset exists. False otherwise. * @param integer $offset Offset diff --git a/sdk/php/swagger/lib/Model/JSONWebKeySet.php b/sdk/php/swagger/lib/Model/JSONWebKeySet.php index 677d563a572..bcd3ceeea0f 100644 --- a/sdk/php/swagger/lib/Model/JSONWebKeySet.php +++ b/sdk/php/swagger/lib/Model/JSONWebKeySet.php @@ -1,6 +1,6 @@ '\Hydra\SDK\Model\JSONWebKey[]' + 'keys' => '\Hydra\SDK\Model\JsonWebKey[]' ]; /** @@ -162,7 +162,7 @@ public function valid() /** * Gets keys - * @return \Hydra\SDK\Model\JSONWebKey[] + * @return \Hydra\SDK\Model\JsonWebKey[] */ public function getKeys() { @@ -171,7 +171,7 @@ public function getKeys() /** * Sets keys - * @param \Hydra\SDK\Model\JSONWebKey[] $keys + * @param \Hydra\SDK\Model\JsonWebKey[] $keys The value of the \"keys\" parameter is an array of JWK values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired. * @return $this */ public function setKeys($keys) From 6593c6b4831b9c802f3eb7765bfc5cedf9b25c4d Mon Sep 17 00:00:00 2001 From: arekkas Date: Fri, 10 Aug 2018 11:15:12 +0200 Subject: [PATCH 4/4] unstaged Signed-off-by: arekkas --- oauth2/oauth2_auth_code_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/oauth2/oauth2_auth_code_test.go b/oauth2/oauth2_auth_code_test.go index 935b0e9e4e5..96a20bdde69 100644 --- a/oauth2/oauth2_auth_code_test.go +++ b/oauth2/oauth2_auth_code_test.go @@ -194,9 +194,9 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) { } handler.SetRoutes(router, router) - apiHandler := consent.NewHandler(herodot.NewJSONWriter(l), cm) + apiHandler := consent.NewHandler(herodot.NewJSONWriter(l), cm, cookieStore, "") apiRouter := httprouter.New() - apiHandler.SetRoutes(apiRouter) + apiHandler.SetRoutes(apiRouter, apiRouter) api := httptest.NewServer(apiRouter) client := hc.Client{