2021-07-09 14:17:21 -04:00
|
|
|
// Copyright (c) 2015-2021 MinIO, Inc.
|
|
|
|
//
|
|
|
|
// This file is part of MinIO Object Storage stack
|
|
|
|
//
|
|
|
|
// This program is free software: you can redistribute it and/or modify
|
|
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
|
|
// (at your option) any later version.
|
|
|
|
//
|
|
|
|
// This program is distributed in the hope that it will be useful
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
// GNU Affero General Public License for more details.
|
|
|
|
//
|
|
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
|
|
|
package provider
|
|
|
|
|
|
|
|
import "errors"
|
|
|
|
|
|
|
|
// DiscoveryDoc - parses the output from openid-configuration
|
|
|
|
// for example https://accounts.google.com/.well-known/openid-configuration
|
2023-02-06 12:26:09 -05:00
|
|
|
//
|
|
|
|
//nolint:unused
|
2021-07-09 14:17:21 -04:00
|
|
|
type DiscoveryDoc struct {
|
|
|
|
Issuer string `json:"issuer,omitempty"`
|
|
|
|
AuthEndpoint string `json:"authorization_endpoint,omitempty"`
|
|
|
|
TokenEndpoint string `json:"token_endpoint,omitempty"`
|
2022-12-06 19:56:37 -05:00
|
|
|
EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
|
2021-07-09 14:17:21 -04:00
|
|
|
UserInfoEndpoint string `json:"userinfo_endpoint,omitempty"`
|
|
|
|
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
|
|
|
|
JwksURI string `json:"jwks_uri,omitempty"`
|
|
|
|
ResponseTypesSupported []string `json:"response_types_supported,omitempty"`
|
|
|
|
SubjectTypesSupported []string `json:"subject_types_supported,omitempty"`
|
|
|
|
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported,omitempty"`
|
|
|
|
ScopesSupported []string `json:"scopes_supported,omitempty"`
|
|
|
|
TokenEndpointAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"`
|
|
|
|
ClaimsSupported []string `json:"claims_supported,omitempty"`
|
|
|
|
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported,omitempty"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// User represents information about user.
|
|
|
|
type User struct {
|
|
|
|
Name string `json:"username"`
|
|
|
|
ID string `json:"id"`
|
|
|
|
Enabled bool `json:"enabled"`
|
|
|
|
}
|
|
|
|
|
|
|
|
// Standard errors.
|
|
|
|
var (
|
|
|
|
ErrNotImplemented = errors.New("function not implemented")
|
|
|
|
ErrAccessTokenExpired = errors.New("access_token expired or unauthorized")
|
|
|
|
)
|
|
|
|
|
2024-01-18 02:03:17 -05:00
|
|
|
// Provider implements identity provider specific admin operations, such as
|
2021-07-09 14:17:21 -04:00
|
|
|
// looking up users, fetching additional attributes etc.
|
|
|
|
type Provider interface {
|
|
|
|
LoginWithUser(username, password string) error
|
|
|
|
LoginWithClientID(clientID, clientSecret string) error
|
|
|
|
LookupUser(userid string) (User, error)
|
|
|
|
}
|