minio/internal/config/identity/openid/provider/provider.go

// Copyright (c) 2015-2021 MinIO, Inc.
//
// This file is part of MinIO Object Storage stack
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package provider

import "errors"

// DiscoveryDoc - parses the output from openid-configuration
// for example https://accounts.google.com/.well-known/openid-configuration
type DiscoveryDoc struct {
	Issuer                           string   `json:"issuer,omitempty"`
	AuthEndpoint                     string   `json:"authorization_endpoint,omitempty"`
	TokenEndpoint                    string   `json:"token_endpoint,omitempty"`
	UserInfoEndpoint                 string   `json:"userinfo_endpoint,omitempty"`
	RevocationEndpoint               string   `json:"revocation_endpoint,omitempty"`
	JwksURI                          string   `json:"jwks_uri,omitempty"`
	ResponseTypesSupported           []string `json:"response_types_supported,omitempty"`
	SubjectTypesSupported            []string `json:"subject_types_supported,omitempty"`
	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
	ScopesSupported                  []string `json:"scopes_supported,omitempty"`
	TokenEndpointAuthMethods         []string `json:"token_endpoint_auth_methods_supported,omitempty"`
	ClaimsSupported                  []string `json:"claims_supported,omitempty"`
	CodeChallengeMethodsSupported    []string `json:"code_challenge_methods_supported,omitempty"`
}

// User represents information about user.
type User struct {
	Name    string `json:"username"`
	ID      string `json:"id"`
	Enabled bool   `json:"enabled"`
}

// Standard errors.
var (
	ErrNotImplemented     = errors.New("function not implemented")
	ErrAccessTokenExpired = errors.New("access_token expired or unauthorized")
)

// Provider implements indentity provider specific admin operations, such as
// looking up users, fetching additional attributes etc.
type Provider interface {
	LoginWithUser(username, password string) error
	LoginWithClientID(clientID, clientSecret string) error
	LookupUser(userid string) (User, error)
}
feat: Add support to poll users on external SSO (#12592) Additional support for vendor-specific admin API integrations for OpenID, to ensure validity of credentials on MinIO. Every 5minutes check for validity of credentials on MinIO with vendor specific IDP. 2021-07-09 14:17:21 -04:00			`// Copyright (c) 2015-2021 MinIO, Inc.`
			`//`
			`// This file is part of MinIO Object Storage stack`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`

			`package provider`

			`import "errors"`

			`// DiscoveryDoc - parses the output from openid-configuration`
			`// for example https://accounts.google.com/.well-known/openid-configuration`
			`type DiscoveryDoc struct {`
			Issuer string `json:"issuer,omitempty"`
			AuthEndpoint string `json:"authorization_endpoint,omitempty"`
			TokenEndpoint string `json:"token_endpoint,omitempty"`
			UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"`
			RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
			JwksURI string `json:"jwks_uri,omitempty"`
			ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
			SubjectTypesSupported []string `json:"subject_types_supported,omitempty"`
			IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
			ScopesSupported []string `json:"scopes_supported,omitempty"`
			TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"`
			ClaimsSupported []string `json:"claims_supported,omitempty"`
			CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"`
			`}`

			`// User represents information about user.`
			`type User struct {`
			Name string `json:"username"`
			ID string `json:"id"`
			Enabled bool `json:"enabled"`
			`}`

			`// Standard errors.`
			`var (`
			`ErrNotImplemented = errors.New("function not implemented")`
			`ErrAccessTokenExpired = errors.New("access_token expired or unauthorized")`
			`)`

			`// Provider implements indentity provider specific admin operations, such as`
			`// looking up users, fetching additional attributes etc.`
			`type Provider interface {`
			`LoginWithUser(username, password string) error`
			`LoginWithClientID(clientID, clientSecret string) error`
			`LookupUser(userid string) (User, error)`
			`}`