Sign upLogin

ory-am/hydra

View on GitHub
Star
oauth2/trust/doc.go

Summary

Maintainability
A
0 mins
Test Coverage
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0

// Package trust implements jwt-bearer grant management capabilities
//
// JWT-Bearer Grant represents resource owner (RO) permission for client to act on behalf of the RO using jwt.
// Client uses jwt to request access token to act as RO.
package trust

import (
    "time"
)

// OAuth2 JWT Bearer Grant Type Issuer Trust Relationships
//
// swagger:model trustedOAuth2JwtGrantIssuers
//
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
type trustedOAuth2JwtGrantIssuers []trustedOAuth2JwtGrantIssuer

// OAuth2 JWT Bearer Grant Type Issuer Trust Relationship
//
// swagger:model trustedOAuth2JwtGrantIssuer
//
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
type trustedOAuth2JwtGrantIssuer struct {
    // example: 9edc811f-4e28-453c-9b46-4de65f00217f
    ID string `json:"id"`

    // The "issuer" identifies the principal that issued the JWT assertion (same as "iss" claim in JWT).
    // example: https://jwt-idp.example.com
    Issuer string `json:"issuer"`

    // The "subject" identifies the principal that is the subject of the JWT.
    // example: mike@example.com
    Subject string `json:"subject"`

    // The "allow_any_subject" indicates that the issuer is allowed to have any principal as the subject of the JWT.
    AllowAnySubject bool `json:"allow_any_subject"`

    // The "scope" contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
    // example: ["openid", "offline"]
    Scope []string `json:"scope"`

    // The "public_key" contains information about public key issued by "issuer", that will be used to check JWT assertion signature.
    PublicKey trustedOAuth2JwtGrantJsonWebKey `json:"public_key"`

    // The "created_at" indicates, when grant was created.
    CreatedAt time.Time `json:"created_at"`

    // The "expires_at" indicates, when grant will expire, so we will reject assertion from "issuer" targeting "subject".
    ExpiresAt time.Time `json:"expires_at"`
}

// OAuth2 JWT Bearer Grant Type Issuer Trusted JSON Web Key
//
// swagger:model trustedOAuth2JwtGrantJsonWebKey
//
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
type trustedOAuth2JwtGrantJsonWebKey struct {
    // The "set" is basically a name for a group(set) of keys. Will be the same as "issuer" in grant.
    // example: https://jwt-idp.example.com
    Set string `json:"set"`

    // The "key_id" is key unique identifier (same as kid header in jws/jwt).
    // example: 123e4567-e89b-12d3-a456-426655440000
    KeyID string `json:"kid"`
}