-
Notifications
You must be signed in to change notification settings - Fork 34
/
authenticate.go
121 lines (92 loc) · 2.92 KB
/
authenticate.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
package authenticate
import (
"time"
"github.com/raystack/frontier/core/authenticate/strategy"
"github.com/raystack/frontier/core/serviceuser"
"github.com/raystack/frontier/core/user"
"github.com/raystack/frontier/pkg/metadata"
"github.com/google/uuid"
)
type AuthMethod string
const (
MailOTPAuthMethod = AuthMethod(strategy.MailOTPAuthMethod)
MailLinkAuthMethod = AuthMethod(strategy.MailLinkAuthMethod)
PassKeyAuthMethod = AuthMethod(strategy.PasskeyAuthMethod)
)
func (m AuthMethod) String() string {
return string(m)
}
type ClientAssertion string
const (
SessionClientAssertion ClientAssertion = "session"
AccessTokenClientAssertion ClientAssertion = "access_token"
JWTGrantClientAssertion ClientAssertion = "jwt_grant"
ClientCredentialsClientAssertion ClientAssertion = "client_credentials"
PassthroughHeaderClientAssertion ClientAssertion = "passthrough_header"
)
func (a ClientAssertion) String() string {
return string(a)
}
var AllClientAssertions = []ClientAssertion{
SessionClientAssertion,
AccessTokenClientAssertion,
JWTGrantClientAssertion,
ClientCredentialsClientAssertion,
PassthroughHeaderClientAssertion,
}
// Flow is a temporary state used to finish login/registration flows
type Flow struct {
ID uuid.UUID
// authentication flow type
Method string
// Email is the email of the user
Email string
// StartURL is where flow should start from for verification
StartURL string
// FinishURL is where flow should end to after successful verification
FinishURL string
// Nonce is a once time use random string
Nonce string
Metadata metadata.Metadata
// CreatedAt will be used to clean-up dead auth flows
CreatedAt time.Time
// ExpiresAt is the time when the flow will expire
ExpiresAt time.Time
}
func (f Flow) IsValid(currentTime time.Time) bool {
return f.ExpiresAt.After(currentTime)
}
type RegistrationStartRequest struct {
Method string
// ReturnToURL is where flow should end to after successful verification
ReturnToURL string
Email string
// callback_url will be used by strategy as last step to finish authentication flow
// in OIDC this host will receive "state" and "code" query params, in case of magic links
// this will be the url where user is redirected after clicking on magic link.
// For most cases it could be host of frontier but in case of proxies, this will be proxy public endpoint.
// callback_url should be one of the allowed urls configured at instance level
CallbackUrl string
}
type RegistrationFinishRequest struct {
Method string
// used for OIDC & mail otp auth strategy
Code string
State string
StateConfig map[string]any
}
type RegistrationStartResponse struct {
Flow *Flow
State string
StateConfig map[string]any
}
type RegistrationFinishResponse struct {
User user.User
Flow *Flow
}
type Principal struct {
ID string
Type string
User *user.User
ServiceUser *serviceuser.ServiceUser
}