auth/services/oauth/interface.go
/*
* Copyright (C) 2023 Nuts community
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*/
package oauth
import (
"context"
"net/url"
"github.com/nuts-foundation/nuts-node/auth/oauth"
"github.com/nuts-foundation/nuts-node/auth/services"
)
// RelyingParty implements the OAuth2 relying party role. (V1 API)
type RelyingParty interface {
// CreateJwtGrant creates a JWT grant token that can be used to request an access token.
CreateJwtGrant(ctx context.Context, request services.CreateJwtGrantRequest) (*services.JwtBearerTokenResult, error)
// RequestRFC003AccessToken is called by the local EHR node to request an access token from a remote Nuts node using Nuts RFC003.
RequestRFC003AccessToken(ctx context.Context, jwtGrantToken string, authServerEndpoint url.URL) (*oauth.TokenResponse, error)
}
// AuthorizationServer implements the OAuth2 authorization server role. (V1 API)
type AuthorizationServer interface {
// Configure sets up the client. Enable secureMode to have it behave more safe (e.g., sanitize internal errors).
Configure(clockSkewInMilliseconds int, secureMode bool) error
// CreateAccessToken is called by remote Nuts nodes to create an access token,
// which can be used to access the local organization's XIS resources.
// It returns an oauth.ErrorResponse rather than a regular Go error, because the errors that may be returned are tightly specified.
CreateAccessToken(ctx context.Context, request services.CreateAccessTokenRequest) (*oauth.TokenResponse, *oauth.OAuth2Error)
IntrospectAccessToken(ctx context.Context, token string) (*services.NutsAccessToken, error)
}