oauth2/trust/doc.go
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0
// Package trust implements jwt-bearer grant management capabilities
//
// JWT-Bearer Grant represents resource owner (RO) permission for client to act on behalf of the RO using jwt.
// Client uses jwt to request access token to act as RO.
package trust
import (
"time"
)
// OAuth2 JWT Bearer Grant Type Issuer Trust Relationships
//
// swagger:model trustedOAuth2JwtGrantIssuers
//
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
type trustedOAuth2JwtGrantIssuers []trustedOAuth2JwtGrantIssuer
// OAuth2 JWT Bearer Grant Type Issuer Trust Relationship
//
// swagger:model trustedOAuth2JwtGrantIssuer
//
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
type trustedOAuth2JwtGrantIssuer struct {
// example: 9edc811f-4e28-453c-9b46-4de65f00217f
ID string `json:"id"`
// The "issuer" identifies the principal that issued the JWT assertion (same as "iss" claim in JWT).
// example: https://jwt-idp.example.com
Issuer string `json:"issuer"`
// The "subject" identifies the principal that is the subject of the JWT.
// example: mike@example.com
Subject string `json:"subject"`
// The "allow_any_subject" indicates that the issuer is allowed to have any principal as the subject of the JWT.
AllowAnySubject bool `json:"allow_any_subject"`
// The "scope" contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
// example: ["openid", "offline"]
Scope []string `json:"scope"`
// The "public_key" contains information about public key issued by "issuer", that will be used to check JWT assertion signature.
PublicKey trustedOAuth2JwtGrantJsonWebKey `json:"public_key"`
// The "created_at" indicates, when grant was created.
CreatedAt time.Time `json:"created_at"`
// The "expires_at" indicates, when grant will expire, so we will reject assertion from "issuer" targeting "subject".
ExpiresAt time.Time `json:"expires_at"`
}
// OAuth2 JWT Bearer Grant Type Issuer Trusted JSON Web Key
//
// swagger:model trustedOAuth2JwtGrantJsonWebKey
//
//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
type trustedOAuth2JwtGrantJsonWebKey struct {
// The "set" is basically a name for a group(set) of keys. Will be the same as "issuer" in grant.
// example: https://jwt-idp.example.com
Set string `json:"set"`
// The "key_id" is key unique identifier (same as kid header in jws/jwt).
// example: 123e4567-e89b-12d3-a456-426655440000
KeyID string `json:"kid"`
}