--format json | jq -r '.client_name'`,
RunE: func(cmd *cobra.Command, args []string) error {
m, _, err := cliclient.NewClient(cmd)
if err != nil {
@@ -29,7 +29,7 @@ func NewGetClientsCmd() *cobra.Command {
clients := make([]hydra.OAuth2Client, 0, len(args))
for _, id := range args {
- client, _, err := m.OAuth2Api.GetOAuth2Client(cmd.Context(), id).Execute() //nolint:bodyclose
+ client, _, err := m.OAuth2API.GetOAuth2Client(cmd.Context(), id).Execute() //nolint:bodyclose
if err != nil {
return cmdx.PrintOpenAPIError(cmd, err)
}
diff --git a/cmd/cmd_get_jwks.go b/cmd/cmd_get_jwks.go
index 949d00f7178..f9d1a754885 100644
--- a/cmd/cmd_get_jwks.go
+++ b/cmd/cmd_get_jwks.go
@@ -36,7 +36,7 @@ To get the JSON Web Key Set as only public keys:
var sets outputJSONWebKeyCollection
for _, set := range args {
- key, _, err := m.JwkApi.GetJsonWebKeySet(cmd.Context(), set).Execute() //nolint:bodyclose
+ key, _, err := m.JwkAPI.GetJsonWebKeySet(cmd.Context(), set).Execute() //nolint:bodyclose
if err != nil {
return cmdx.PrintOpenAPIError(cmd, err)
}
diff --git a/cmd/cmd_helper_client.go b/cmd/cmd_helper_client.go
index 2e09e610ad7..ca28fafa12a 100644
--- a/cmd/cmd_helper_client.go
+++ b/cmd/cmd_helper_client.go
@@ -5,6 +5,8 @@ package cmd
import (
"encoding/json"
+ "fmt"
+ "os"
"strings"
"github.com/spf13/cobra"
@@ -16,36 +18,55 @@ import (
"github.com/ory/x/pointerx"
)
-func clientFromFlags(cmd *cobra.Command) hydra.OAuth2Client {
+func clientFromFlags(cmd *cobra.Command) (hydra.OAuth2Client, error) {
+ if filename := flagx.MustGetString(cmd, flagFile); filename != "" {
+ src := cmd.InOrStdin()
+ if filename != "-" {
+ f, err := os.Open(filename)
+ if err != nil {
+ return hydra.OAuth2Client{}, fmt.Errorf("unable to open file %q: %w", filename, err)
+ }
+ defer f.Close()
+ src = f
+ }
+ client := hydra.OAuth2Client{}
+ if err := json.NewDecoder(src).Decode(&client); err != nil {
+ return hydra.OAuth2Client{}, fmt.Errorf("unable to decode JSON: %w", err)
+ }
+ return client, nil
+ }
+
return hydra.OAuth2Client{
+ AccessTokenStrategy: pointerx.Ptr(flagx.MustGetString(cmd, flagClientAccessTokenStrategy)),
AllowedCorsOrigins: flagx.MustGetStringSlice(cmd, flagClientAllowedCORSOrigin),
Audience: flagx.MustGetStringSlice(cmd, flagClientAudience),
- BackchannelLogoutSessionRequired: pointerx.Bool(flagx.MustGetBool(cmd, flagClientBackChannelLogoutSessionRequired)),
- BackchannelLogoutUri: pointerx.String(flagx.MustGetString(cmd, flagClientBackchannelLogoutCallback)),
- ClientName: pointerx.String(flagx.MustGetString(cmd, flagClientName)),
- ClientSecret: pointerx.String(flagx.MustGetString(cmd, flagClientSecret)),
- ClientUri: pointerx.String(flagx.MustGetString(cmd, flagClientClientURI)),
+ BackchannelLogoutSessionRequired: pointerx.Ptr(flagx.MustGetBool(cmd, flagClientBackChannelLogoutSessionRequired)),
+ BackchannelLogoutUri: pointerx.Ptr(flagx.MustGetString(cmd, flagClientBackchannelLogoutCallback)),
+ ClientName: pointerx.Ptr(flagx.MustGetString(cmd, flagClientName)),
+ ClientSecret: pointerx.Ptr(flagx.MustGetString(cmd, flagClientSecret)),
+ ClientUri: pointerx.Ptr(flagx.MustGetString(cmd, flagClientClientURI)),
Contacts: flagx.MustGetStringSlice(cmd, flagClientContact),
- FrontchannelLogoutSessionRequired: pointerx.Bool(flagx.MustGetBool(cmd, flagClientFrontChannelLogoutSessionRequired)),
- FrontchannelLogoutUri: pointerx.String(flagx.MustGetString(cmd, flagClientFrontChannelLogoutCallback)),
+ FrontchannelLogoutSessionRequired: pointerx.Ptr(flagx.MustGetBool(cmd, flagClientFrontChannelLogoutSessionRequired)),
+ FrontchannelLogoutUri: pointerx.Ptr(flagx.MustGetString(cmd, flagClientFrontChannelLogoutCallback)),
GrantTypes: flagx.MustGetStringSlice(cmd, flagClientGrantType),
- JwksUri: pointerx.String(flagx.MustGetString(cmd, flagClientJWKSURI)),
- LogoUri: pointerx.String(flagx.MustGetString(cmd, flagClientLogoURI)),
+ JwksUri: pointerx.Ptr(flagx.MustGetString(cmd, flagClientJWKSURI)),
+ LogoUri: pointerx.Ptr(flagx.MustGetString(cmd, flagClientLogoURI)),
Metadata: json.RawMessage(flagx.MustGetString(cmd, flagClientMetadata)),
- Owner: pointerx.String(flagx.MustGetString(cmd, flagClientOwner)),
- PolicyUri: pointerx.String(flagx.MustGetString(cmd, flagClientPolicyURI)),
+ Owner: pointerx.Ptr(flagx.MustGetString(cmd, flagClientOwner)),
+ PolicyUri: pointerx.Ptr(flagx.MustGetString(cmd, flagClientPolicyURI)),
PostLogoutRedirectUris: flagx.MustGetStringSlice(cmd, flagClientPostLogoutCallback),
RedirectUris: flagx.MustGetStringSlice(cmd, flagClientRedirectURI),
- RequestObjectSigningAlg: pointerx.String(flagx.MustGetString(cmd, flagClientRequestObjectSigningAlg)),
+ RequestObjectSigningAlg: pointerx.Ptr(flagx.MustGetString(cmd, flagClientRequestObjectSigningAlg)),
RequestUris: flagx.MustGetStringSlice(cmd, flagClientRequestURI),
ResponseTypes: flagx.MustGetStringSlice(cmd, flagClientResponseType),
- Scope: pointerx.String(strings.Join(flagx.MustGetStringSlice(cmd, flagClientScope), " ")),
- SkipConsent: pointerx.Bool(flagx.MustGetBool(cmd, flagClientSkipConsent)),
- SectorIdentifierUri: pointerx.String(flagx.MustGetString(cmd, flagClientSectorIdentifierURI)),
- SubjectType: pointerx.String(flagx.MustGetString(cmd, flagClientSubjectType)),
- TokenEndpointAuthMethod: pointerx.String(flagx.MustGetString(cmd, flagClientTokenEndpointAuthMethod)),
- TosUri: pointerx.String(flagx.MustGetString(cmd, flagClientTOSURI)),
- }
+ Scope: pointerx.Ptr(strings.Join(flagx.MustGetStringSlice(cmd, flagClientScope), " ")),
+ SkipConsent: pointerx.Ptr(flagx.MustGetBool(cmd, flagClientSkipConsent)),
+ SkipLogoutConsent: pointerx.Ptr(flagx.MustGetBool(cmd, flagClientLogoutSkipConsent)),
+ SectorIdentifierUri: pointerx.Ptr(flagx.MustGetString(cmd, flagClientSectorIdentifierURI)),
+ SubjectType: pointerx.Ptr(flagx.MustGetString(cmd, flagClientSubjectType)),
+ TokenEndpointAuthMethod: pointerx.Ptr(flagx.MustGetString(cmd, flagClientTokenEndpointAuthMethod)),
+ TosUri: pointerx.Ptr(flagx.MustGetString(cmd, flagClientTOSURI)),
+ }, nil
}
func registerEncryptFlags(flags *pflag.FlagSet) {
@@ -56,6 +77,8 @@ func registerEncryptFlags(flags *pflag.FlagSet) {
}
func registerClientFlags(flags *pflag.FlagSet) {
+ flags.String(flagFile, "", "Read a JSON file representing a client from this location. If set, the other client flags are ignored.")
+
flags.String(flagClientMetadata, "{}", "Metadata is an arbitrary JSON String of your choosing.")
flags.String(flagClientOwner, "", "The owner of this client, typically email addresses or a user ID.")
flags.StringSlice(flagClientContact, nil, "A list representing ways to contact people responsible for this client, typically email addresses.")
@@ -79,6 +102,8 @@ func registerClientFlags(flags *pflag.FlagSet) {
flags.String(flagClientName, "", "The client's name.")
flags.StringSlice(flagClientPostLogoutCallback, []string{}, "List of allowed URLs to be redirected to after a logout.")
flags.Bool(flagClientSkipConsent, false, "Boolean flag specifying whether to skip the consent screen for this client. If omitted, the default value is false.")
+ flags.Bool(flagClientLogoutSkipConsent, false, "Boolean flag specifying whether to skip the logout consent screen for this client. If omitted, the default value is false.")
+ flags.String(flagClientAccessTokenStrategy, "", "The strategy used to generate access tokens. Valid options are `opaque` and `jwt`.")
// back-channel logout options
flags.Bool(flagClientBackChannelLogoutSessionRequired, false, "Boolean flag specifying whether the client requires that a sid (session ID) Claim be included in the Logout Token to identify the client session with the OP when the backchannel-logout-callback is used. If omitted, the default value is false.")
diff --git a/cmd/cmd_import_client.go b/cmd/cmd_import_client.go
index f5128ee5f55..166b5d898d7 100644
--- a/cmd/cmd_import_client.go
+++ b/cmd/cmd_import_client.go
@@ -101,7 +101,7 @@ Please be aware that this command does not update existing clients. If the clien
for src, cc := range clients {
for _, c := range cc {
- result, _, err := m.OAuth2Api.CreateOAuth2Client(cmd.Context()).OAuth2Client(c).Execute() //nolint:bodyclose
+ result, _, err := m.OAuth2API.CreateOAuth2Client(cmd.Context()).OAuth2Client(c).Execute() //nolint:bodyclose
if err != nil {
failed[src] = cmdx.PrintOpenAPIError(cmd, err)
continue
diff --git a/cmd/cmd_import_client_test.go b/cmd/cmd_import_client_test.go
index 9e32dd2907f..cc82b1aa69e 100644
--- a/cmd/cmd_import_client_test.go
+++ b/cmd/cmd_import_client_test.go
@@ -8,6 +8,7 @@ import (
"context"
"encoding/json"
"os"
+ "path/filepath"
"testing"
"github.com/stretchr/testify/assert"
@@ -23,14 +24,12 @@ import (
func writeTempFile(t *testing.T, contents interface{}) string {
t.Helper()
- ij, err := json.Marshal(contents)
- require.NoError(t, err)
- f, err := os.CreateTemp(t.TempDir(), "")
- require.NoError(t, err)
- _, err = f.Write(ij)
+ fn := filepath.Join(t.TempDir(), "content.json")
+ f, err := os.Create(fn)
require.NoError(t, err)
+ require.NoError(t, json.NewEncoder(f).Encode(contents))
require.NoError(t, f.Close())
- return f.Name()
+ return fn
}
func TestImportClient(t *testing.T) {
@@ -38,8 +37,8 @@ func TestImportClient(t *testing.T) {
c := cmd.NewImportClientCmd()
reg := setup(t, c)
- file1 := writeTempFile(t, []hydra.OAuth2Client{{Scope: pointerx.String("foo")}, {Scope: pointerx.String("bar"), ClientSecret: pointerx.String("some-secret")}})
- file2 := writeTempFile(t, []hydra.OAuth2Client{{Scope: pointerx.String("baz")}, {Scope: pointerx.String("zab"), ClientSecret: pointerx.String("some-secret")}})
+ file1 := writeTempFile(t, []hydra.OAuth2Client{{Scope: pointerx.Ptr("foo")}, {Scope: pointerx.Ptr("bar"), ClientSecret: pointerx.Ptr("some-secret")}})
+ file2 := writeTempFile(t, []hydra.OAuth2Client{{Scope: pointerx.Ptr("baz")}, {Scope: pointerx.Ptr("zab"), ClientSecret: pointerx.Ptr("some-secret")}})
t.Run("case=imports clients from single file", func(t *testing.T) {
actual := gjson.Parse(cmdx.ExecNoErr(t, c, file1))
@@ -77,7 +76,7 @@ func TestImportClient(t *testing.T) {
t.Run("case=imports clients from multiple files and stdin", func(t *testing.T) {
var stdin bytes.Buffer
- require.NoError(t, json.NewEncoder(&stdin).Encode([]hydra.OAuth2Client{{Scope: pointerx.String("oof")}, {Scope: pointerx.String("rab"), ClientSecret: pointerx.String("some-secret")}}))
+ require.NoError(t, json.NewEncoder(&stdin).Encode([]hydra.OAuth2Client{{Scope: pointerx.Ptr("oof")}, {Scope: pointerx.Ptr("rab"), ClientSecret: pointerx.Ptr("some-secret")}}))
stdout, _, err := cmdx.Exec(t, c, &stdin, file1, file2)
require.NoError(t, err)
@@ -93,7 +92,7 @@ func TestImportClient(t *testing.T) {
})
t.Run("case=performs appropriate error reporting", func(t *testing.T) {
- file3 := writeTempFile(t, []hydra.OAuth2Client{{ClientSecret: pointerx.String("short")}})
+ file3 := writeTempFile(t, []hydra.OAuth2Client{{ClientSecret: pointerx.Ptr("short")}})
stdout, stderr, err := cmdx.Exec(t, c, nil, file1, file3)
require.Error(t, err)
actual := gjson.Parse(stdout)
diff --git a/cmd/cmd_import_jwk.go b/cmd/cmd_import_jwk.go
index d65545df119..05b08069f6a 100644
--- a/cmd/cmd_import_jwk.go
+++ b/cmd/cmd_import_jwk.go
@@ -73,15 +73,18 @@ the imported keys will be added to that set. Otherwise, a new set will be create
key = cli.ToSDKFriendlyJSONWebKey(key, "", "")
- var buf bytes.Buffer
- var jsonWebKey hydra.JsonWebKey
+ type jwk hydra.JsonWebKey // opt out of OpenAPI-generated UnmarshalJSON
+ var (
+ buf bytes.Buffer
+ jsonWebKey jwk
+ )
if err := json.NewEncoder(&buf).Encode(key); err != nil {
_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not encode key from `%s` to JSON: %s", src, err)
return cmdx.FailSilently(cmd)
}
if err := json.NewDecoder(&buf).Decode(&jsonWebKey); err != nil {
- _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not decode key from `%s` to JSON: %s", src, err)
+ _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Could not decode key from `%s` from JSON: %s", src, err)
return cmdx.FailSilently(cmd)
}
@@ -107,14 +110,14 @@ the imported keys will be added to that set. Otherwise, a new set will be create
return cmdx.FailSilently(cmd)
}
- keys[src] = append(keys[src], jsonWebKey)
+ keys[src] = append(keys[src], hydra.JsonWebKey(jsonWebKey))
}
imported := make([]hydra.JsonWebKey, 0, len(keys))
failed := make(map[string]error)
for src, kk := range keys {
for _, k := range kk {
- result, _, err := m.JwkApi.SetJsonWebKey(cmd.Context(), set, k.Kid).JsonWebKey(k).Execute() //nolint:bodyclose
+ result, _, err := m.JwkAPI.SetJsonWebKey(cmd.Context(), set, k.Kid).JsonWebKey(k).Execute() //nolint:bodyclose
if err != nil {
failed[src] = cmdx.PrintOpenAPIError(cmd, err)
continue
diff --git a/cmd/cmd_introspect_token.go b/cmd/cmd_introspect_token.go
index 0f4ae4f2a39..c1e558bc3f4 100644
--- a/cmd/cmd_introspect_token.go
+++ b/cmd/cmd_introspect_token.go
@@ -25,7 +25,7 @@ func NewIntrospectTokenCmd() *cobra.Command {
return err
}
- result, _, err := client.OAuth2Api.IntrospectOAuth2Token(cmd.Context()).
+ result, _, err := client.OAuth2API.IntrospectOAuth2Token(cmd.Context()).
Token(args[0]).
Scope(strings.Join(flagx.MustGetStringSlice(cmd, "scope"), " ")).Execute() //nolint:bodyclose
if err != nil {
diff --git a/cmd/cmd_list_clients.go b/cmd/cmd_list_clients.go
index 41fab8c513f..615aec0e846 100644
--- a/cmd/cmd_list_clients.go
+++ b/cmd/cmd_list_clients.go
@@ -32,7 +32,7 @@ func NewListClientsCmd() *cobra.Command {
}
// nolint:bodyclose
- list, resp, err := m.OAuth2Api.ListOAuth2Clients(cmd.Context()).PageSize(int64(pageSize)).PageToken(pageToken).Execute()
+ list, resp, err := m.OAuth2API.ListOAuth2Clients(cmd.Context()).PageSize(int64(pageSize)).PageToken(pageToken).Execute()
if err != nil {
return cmdx.PrintOpenAPIError(cmd, err)
}
diff --git a/cmd/cmd_perform_authorization_code.go b/cmd/cmd_perform_authorization_code.go
index 67cbea752a9..bb996131a3a 100644
--- a/cmd/cmd_perform_authorization_code.go
+++ b/cmd/cmd_perform_authorization_code.go
@@ -4,39 +4,106 @@
package cmd
import (
+ "bytes"
"context"
"crypto/rand"
"crypto/rsa"
"crypto/tls"
+ "encoding/json"
"fmt"
"html/template"
+ "io"
"net/http"
+ "net/url"
"os"
"strconv"
"strings"
"time"
- "github.com/ory/hydra/v2/cmd/cliclient"
-
- "github.com/pkg/errors"
-
- "github.com/ory/graceful"
-
"github.com/julienschmidt/httprouter"
+ "github.com/pkg/errors"
"github.com/spf13/cobra"
"github.com/toqueteos/webbrowser"
"golang.org/x/oauth2"
+ "github.com/ory/graceful"
+ openapi "github.com/ory/hydra-client-go/v2"
+ "github.com/ory/hydra/v2/cmd/cliclient"
"github.com/ory/x/cmdx"
"github.com/ory/x/flagx"
+ "github.com/ory/x/pointerx"
"github.com/ory/x/randx"
"github.com/ory/x/tlsx"
"github.com/ory/x/urlx"
)
+var tokenUserLogin = template.Must(template.New("").Parse(`
+
+Login step
+
+{{ if .Skip }}
+ user authenticated, could skip login UI.
+{{ else }}
+ User unknown.
+{{ end }}
+
+Complete login request
+{{ .Raw }}
+
+`))
+
+var tokenUserConsent = template.Must(template.New("").Parse(`
+
+Consent step
+
+{{ if .Skip }}
+ Consent established, could skip consent UI.
+{{ else }}
+ No previous matching consent found, or client has requested re-consent.
+{{ end }}
+
+Previous consents for this login session ({{ .SessionID }})
+{{ .PreviousConsents }}
+
+Complete consent request
+{{ .Raw }}
+
+`))
+
var tokenUserWelcome = template.Must(template.New("").Parse(`
-Welcome to the exemplary OAuth 2.0 Consumer!
+Welcome to the example OAuth 2.0 Consumer!
This is an example app which emulates an OAuth 2.0 consumer application. Usually, this would be your web or mobile
application and would use an OAuth 2.0 or OpenID
Connect library.
@@ -63,7 +130,7 @@ var tokenUserResult = template.Must(template.New("").Parse(`
- Access Token:
{{ .AccessToken }}
- Refresh Token:
{{ .RefreshToken }}
- - Expires in:
{{ .Expiry }}
+ - Expires at:
{{ .Expiry }}
- ID Token:
{{ .IDToken }}
{{ if .DisplayBackButton }}
@@ -76,8 +143,8 @@ func NewPerformAuthorizationCodeCmd() *cobra.Command {
cmd := &cobra.Command{
Use: "authorization-code",
Example: "{{ .CommandPath }} --client-id ... --client-secret ...",
- Short: "An exemplary OAuth 2.0 Client performing the OAuth 2.0 Authorize Code Flow",
- Long: `Starts an exemplary web server that acts as an OAuth 2.0 Client performing the Authorize Code Flow.
+ Short: "Example OAuth 2.0 Client performing the OAuth 2.0 Authorize Code Flow",
+ Long: `Starts an example web server that acts as an OAuth 2.0 Client performing the Authorize Code Flow.
This command will help you to see if Ory Hydra has been configured properly.
This command must not be used for anything else than manual testing or demo purposes. The server will terminate on error
@@ -90,7 +157,6 @@ and success, unless if the --no-shutdown flag is provided.`,
endpoint = cliclient.GetOAuth2URLOverride(cmd, endpoint)
- ctx := context.WithValue(cmd.Context(), oauth2.HTTPClient, client)
isSSL := flagx.MustGetBool(cmd, "https")
port := flagx.MustGetInt(cmd, "port")
scopes := flagx.MustGetStringSlice(cmd, "scope")
@@ -101,6 +167,8 @@ and success, unless if the --no-shutdown flag is provided.`,
tokenUrl := flagx.MustGetString(cmd, "token-url")
audience := flagx.MustGetStringSlice(cmd, "audience")
noShutdown := flagx.MustGetBool(cmd, "no-shutdown")
+ skip := flagx.MustGetBool(cmd, "skip")
+ responseMode := flagx.MustGetString(cmd, "response-mode")
clientID := flagx.MustGetString(cmd, "client-id")
if clientID == "" {
@@ -150,32 +218,31 @@ and success, unless if the --no-shutdown flag is provided.`,
nonce, err := randx.RuneSequence(24, randx.AlphaLower)
cmdx.Must(err, "Could not generate random state: %s", err)
- authCodeURL := conf.AuthCodeURL(
- state,
- oauth2.SetAuthURLParam("audience", strings.Join(audience, "+")),
- oauth2.SetAuthURLParam("nonce", string(nonce)),
- oauth2.SetAuthURLParam("prompt", strings.Join(prompt, "+")),
- oauth2.SetAuthURLParam("max_age", strconv.Itoa(maxAge)),
- )
+ opts := []oauth2.AuthCodeOption{oauth2.SetAuthURLParam("nonce", string(nonce))}
+ if len(audience) > 0 {
+ opts = append(opts, oauth2.SetAuthURLParam("audience", strings.Join(audience, " ")))
+ }
+ if len(prompt) > 0 {
+ opts = append(opts, oauth2.SetAuthURLParam("prompt", strings.Join(prompt, " ")))
+ }
+ if maxAge >= 0 {
+ opts = append(opts, oauth2.SetAuthURLParam("max_age", strconv.Itoa(maxAge)))
+ }
+ if responseMode != "" {
+ opts = append(opts, oauth2.SetAuthURLParam("response_mode", responseMode))
+ }
+
+ authCodeURL := conf.AuthCodeURL(state, opts...)
return authCodeURL, state
}
authCodeURL, state := generateAuthCodeURL()
- if !flagx.MustGetBool(cmd, "no-open") {
- _ = webbrowser.Open(serverLocation) // ignore errors
- }
-
- _, _ = fmt.Fprintln(os.Stderr, "Setting up home route on "+serverLocation)
- _, _ = fmt.Fprintln(os.Stderr, "Setting up callback listener on "+serverLocation+"callback")
- _, _ = fmt.Fprintln(os.Stderr, "Press ctrl + c on Linux / Windows or cmd + c on OSX to end the process.")
- _, _ = fmt.Fprintf(os.Stderr, "If your browser does not open automatically, navigate to:\n\n\t%s\n\n", serverLocation)
-
r := httprouter.New()
var tlsc *tls.Config
if isSSL {
key, err := rsa.GenerateKey(rand.Reader, 2048)
if err != nil {
- _, _ = fmt.Fprintf(os.Stderr, "Unable to generate RSA key pair: %s", err)
+ _, _ = fmt.Fprintf(cmd.ErrOrStderr(), "Unable to generate RSA key pair: %s", err)
return cmdx.FailSilently(cmd)
}
@@ -196,14 +263,6 @@ and success, unless if the --no-shutdown flag is provided.`,
defer cancel()
_ = server.Shutdown(ctx)
}
- var onDone = func() {
- if !noShutdown {
- go shutdown()
- } else {
- // regenerate because we don't want to shutdown and we don't want to reuse nonce & state
- authCodeURL, state = generateAuthCodeURL()
- }
- }
r.GET("/", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
_ = tokenUserWelcome.Execute(w, &struct{ URL string }{URL: authCodeURL})
@@ -213,72 +272,39 @@ and success, unless if the --no-shutdown flag is provided.`,
http.Redirect(w, r, authCodeURL, http.StatusFound)
})
- type ed struct {
- Name string
- Description string
- Hint string
- Debug string
+ rt := router{
+ cl: client,
+ skip: skip,
+ cmd: cmd,
+ state: &state,
+ conf: &conf,
+ onDone: func() {
+ if !noShutdown {
+ go shutdown()
+ } else {
+ // regenerate because we don't want to shutdown and we don't want to reuse nonce & state
+ authCodeURL, state = generateAuthCodeURL()
+ }
+ },
+ serverLocation: serverLocation,
+ noShutdown: noShutdown,
}
- r.GET("/callback", func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
- if len(r.URL.Query().Get("error")) > 0 {
- _, _ = fmt.Fprintf(os.Stderr, "Got error: %s\n", r.URL.Query().Get("error_description"))
-
- w.WriteHeader(http.StatusInternalServerError)
- _ = tokenUserError.Execute(w, &ed{
- Name: r.URL.Query().Get("error"),
- Description: r.URL.Query().Get("error_description"),
- Hint: r.URL.Query().Get("error_hint"),
- Debug: r.URL.Query().Get("error_debug"),
- })
-
- onDone()
- return
- }
-
- if r.URL.Query().Get("state") != string(state) {
- _, _ = fmt.Fprintf(os.Stderr, "States do not match. Expected %s, got %s\n", string(state), r.URL.Query().Get("state"))
+ r.GET("/login", rt.loginGET)
+ r.POST("/login", rt.loginPOST)
+ r.GET("/consent", rt.consentGET)
+ r.POST("/consent", rt.consentPOST)
+ r.GET("/callback", rt.callback)
+ r.POST("/callback", rt.callbackPOSTForm)
- w.WriteHeader(http.StatusInternalServerError)
- _ = tokenUserError.Execute(w, &ed{
- Name: "States do not match",
- Description: "Expected state " + string(state) + " but got " + r.URL.Query().Get("state"),
- })
- onDone()
- return
- }
-
- code := r.URL.Query().Get("code")
- token, err := conf.Exchange(ctx, code)
- if err != nil {
- _, _ = fmt.Fprintf(os.Stderr, "Unable to exchange code for token: %s\n", err)
-
- w.WriteHeader(http.StatusInternalServerError)
- _ = tokenUserError.Execute(w, &ed{
- Name: err.Error(),
- })
- onDone()
- return
- }
+ if !flagx.MustGetBool(cmd, "no-open") {
+ _ = webbrowser.Open(serverLocation) // ignore errors
+ }
- cmdx.PrintRow(cmd, outputOAuth2Token(*token))
- _ = tokenUserResult.Execute(w, struct {
- AccessToken string
- RefreshToken string
- Expiry string
- IDToken string
- BackURL string
- DisplayBackButton bool
- }{
- AccessToken: token.AccessToken,
- RefreshToken: token.RefreshToken,
- Expiry: token.Expiry.Format(time.RFC1123),
- IDToken: fmt.Sprintf("%s", token.Extra("id_token")),
- BackURL: serverLocation,
- DisplayBackButton: noShutdown,
- })
- onDone()
- })
+ _, _ = fmt.Fprintln(rt.cmd.ErrOrStderr(), "Setting up home route on "+serverLocation)
+ _, _ = fmt.Fprintln(rt.cmd.ErrOrStderr(), "Setting up callback listener on "+serverLocation+"callback")
+ _, _ = fmt.Fprintln(rt.cmd.ErrOrStderr(), "Press ctrl + c on Linux / Windows or cmd + c on OSX to end the process.")
+ _, _ = fmt.Fprintf(rt.cmd.ErrOrStderr(), "If your browser does not open automatically, navigate to:\n\n\t%s\n\n", serverLocation)
if isSSL {
err = server.ListenAndServeTLS("", "")
@@ -300,7 +326,7 @@ and success, unless if the --no-shutdown flag is provided.`,
cmd.Flags().IntP("port", "p", 4446, "The port on which the server should run")
cmd.Flags().StringSlice("scope", []string{"offline", "openid"}, "Request OAuth2 scope")
cmd.Flags().StringSlice("prompt", []string{}, "Set the OpenID Connect prompt parameter")
- cmd.Flags().Int("max-age", 0, "Set the OpenID Connect max_age parameter")
+ cmd.Flags().Int("max-age", -1, "Set the OpenID Connect max_age parameter. -1 means no max_age parameter will be used.")
cmd.Flags().Bool("no-shutdown", false, "Do not terminate on success/error. State and nonce will be regenerated when auth flow has completed (either due to an error or success).")
cmd.Flags().String("client-id", os.Getenv("OAUTH2_CLIENT_ID"), "Use the provided OAuth 2.0 Client ID, defaults to environment variable OAUTH2_CLIENT_ID")
@@ -312,6 +338,323 @@ and success, unless if the --no-shutdown flag is provided.`,
cmd.Flags().String("auth-url", "", "Usually it is enough to specify the `endpoint` flag, but if you want to force the authorization url, use this flag")
cmd.Flags().String("token-url", "", "Usually it is enough to specify the `endpoint` flag, but if you want to force the token url, use this flag")
cmd.Flags().Bool("https", false, "Sets up HTTPS for the endpoint using a self-signed certificate which is re-generated every time you start this command")
+ cmd.Flags().Bool("skip", false, "Skip login and/or consent steps if possible. Only effective if you have configured the Login and Consent UI URLs to point to this server.")
+ cmd.Flags().String("response-mode", "", "Set the response mode. Can be query (default) or form_post.")
return cmd
}
+
+type router struct {
+ cl *openapi.APIClient
+ skip bool
+ cmd *cobra.Command
+ state *string
+ conf *oauth2.Config
+ onDone func()
+ serverLocation string
+ noShutdown bool
+}
+
+func (rt *router) loginGET(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+ req, raw, err := rt.cl.OAuth2API.GetOAuth2LoginRequest(r.Context()).
+ LoginChallenge(r.URL.Query().Get("login_challenge")).
+ Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer raw.Body.Close() // to satisfy linter
+
+ if rt.skip && req.GetSkip() {
+ req, res, err := rt.cl.OAuth2API.AcceptOAuth2LoginRequest(r.Context()).
+ LoginChallenge(req.Challenge).
+ AcceptOAuth2LoginRequest(openapi.AcceptOAuth2LoginRequest{Subject: req.Subject}).
+ Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer res.Body.Close() // to satisfy linter
+ http.Redirect(w, r, req.RedirectTo, http.StatusFound)
+ return
+ }
+
+ pretty, err := prettyJSON(raw.Body)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ _ = tokenUserLogin.Execute(w, struct {
+ LoginChallenge string
+ Skip bool
+ SessionID string
+ Raw string
+ }{
+ LoginChallenge: req.Challenge,
+ Skip: req.GetSkip(),
+ SessionID: req.GetSessionId(),
+ Raw: pretty,
+ })
+}
+
+func (rt *router) loginPOST(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+ if err := r.ParseForm(); err != nil {
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return
+ }
+ if r.FormValue("revoke-consents") == "on" {
+ res, err := rt.cl.OAuth2API.RevokeOAuth2ConsentSessions(r.Context()).
+ Subject(r.FormValue("username")).
+ All(true).
+ Execute()
+ if err != nil {
+ fmt.Fprintln(rt.cmd.ErrOrStderr(), "Error revoking previous consents:", err)
+ } else {
+ fmt.Fprintln(rt.cmd.ErrOrStderr(), "Revoked all previous consents")
+ }
+ defer res.Body.Close() // to satisfy linter
+ }
+ switch r.FormValue("action") {
+ case "accept":
+
+ req, res, err := rt.cl.OAuth2API.AcceptOAuth2LoginRequest(r.Context()).
+ LoginChallenge(r.FormValue("ls")).
+ AcceptOAuth2LoginRequest(openapi.AcceptOAuth2LoginRequest{
+ Subject: r.FormValue("username"),
+ Remember: pointerx.Ptr(r.FormValue("remember") == "on"),
+ RememberFor: pointerx.Int64(3600),
+ Context: map[string]string{
+ "context from": "login step",
+ },
+ }).Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer res.Body.Close() // to satisfy linter
+ http.Redirect(w, r, req.RedirectTo, http.StatusFound)
+
+ case "deny":
+ req, res, err := rt.cl.OAuth2API.RejectOAuth2LoginRequest(r.Context()).LoginChallenge(r.FormValue("ls")).Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer res.Body.Close() // to satisfy linter
+ http.Redirect(w, r, req.RedirectTo, http.StatusFound)
+
+ default:
+ http.Error(w, "Invalid action", http.StatusBadRequest)
+ }
+}
+
+func (rt *router) consentGET(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+ req, raw, err := rt.cl.OAuth2API.GetOAuth2ConsentRequest(r.Context()).
+ ConsentChallenge(r.URL.Query().Get("consent_challenge")).
+ Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer raw.Body.Close() // to satisfy linter
+
+ if rt.skip && req.GetSkip() {
+ req, res, err := rt.cl.OAuth2API.AcceptOAuth2ConsentRequest(r.Context()).
+ ConsentChallenge(req.Challenge).
+ AcceptOAuth2ConsentRequest(openapi.AcceptOAuth2ConsentRequest{
+ GrantScope: req.GetRequestedScope(),
+ GrantAccessTokenAudience: req.GetRequestedAccessTokenAudience(),
+ Remember: pointerx.Ptr(true),
+ RememberFor: pointerx.Int64(3600),
+ Session: &openapi.AcceptOAuth2ConsentRequestSession{
+ AccessToken: map[string]string{
+ "foo": "bar",
+ },
+ IdToken: map[string]string{
+ "baz": "bar",
+ },
+ },
+ }).Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer res.Body.Close() // to satisfy linter
+ http.Redirect(w, r, req.RedirectTo, http.StatusFound)
+ return
+ }
+
+ pretty, err := prettyJSON(raw.Body)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+
+ _, raw, err = rt.cl.OAuth2API.ListOAuth2ConsentSessions(r.Context()).
+ Subject(req.GetSubject()).
+ LoginSessionId(req.GetLoginSessionId()).
+ Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer raw.Body.Close() // to satisfy linter
+ prettyPrevConsent, err := prettyJSON(raw.Body)
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ _ = tokenUserConsent.Execute(w, struct {
+ ConsentChallenge string
+ Audiences []string
+ Scopes []string
+ Skip bool
+ SessionID string
+ PreviousConsents string
+ Raw string
+ }{
+ ConsentChallenge: req.Challenge,
+ Audiences: req.RequestedAccessTokenAudience,
+ Scopes: req.RequestedScope,
+ Skip: req.GetSkip(),
+ SessionID: req.GetLoginSessionId(),
+ PreviousConsents: prettyPrevConsent,
+ Raw: pretty,
+ })
+}
+
+func (rt *router) consentPOST(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+ if err := r.ParseForm(); err != nil {
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return
+ }
+ switch r.FormValue("action") {
+ case "accept":
+ req, res, err := rt.cl.OAuth2API.AcceptOAuth2ConsentRequest(r.Context()).
+ ConsentChallenge(r.FormValue("cs")).
+ AcceptOAuth2ConsentRequest(openapi.AcceptOAuth2ConsentRequest{
+ GrantScope: r.Form["scope"],
+ GrantAccessTokenAudience: r.Form["audience"],
+ Remember: pointerx.Ptr(r.FormValue("remember") == "on"),
+ RememberFor: pointerx.Int64(3600),
+ Session: &openapi.AcceptOAuth2ConsentRequestSession{
+ AccessToken: map[string]string{
+ "foo": "bar",
+ },
+ IdToken: map[string]string{
+ "baz": "bar",
+ },
+ },
+ }).Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer res.Body.Close() // to satisfy linter
+ http.Redirect(w, r, req.RedirectTo, http.StatusFound)
+
+ case "deny":
+ req, res, err := rt.cl.OAuth2API.RejectOAuth2ConsentRequest(r.Context()).
+ ConsentChallenge(r.FormValue("cs")).
+ Execute()
+ if err != nil {
+ http.Error(w, err.Error(), http.StatusInternalServerError)
+ return
+ }
+ defer res.Body.Close() // to satisfy linter
+ http.Redirect(w, r, req.RedirectTo, http.StatusFound)
+
+ default:
+ http.Error(w, "Invalid action", http.StatusBadRequest)
+ }
+}
+
+func (rt *router) callback(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+ defer rt.onDone()
+
+ if len(r.URL.Query().Get("error")) > 0 {
+ _, _ = fmt.Fprintf(rt.cmd.ErrOrStderr(), "Got error: %s\n", r.URL.Query().Get("error_description"))
+
+ w.WriteHeader(http.StatusInternalServerError)
+ _ = tokenUserError.Execute(w, &ed{
+ Name: r.URL.Query().Get("error"),
+ Description: r.URL.Query().Get("error_description"),
+ Hint: r.URL.Query().Get("error_hint"),
+ Debug: r.URL.Query().Get("error_debug"),
+ })
+ return
+ }
+
+ if r.URL.Query().Get("state") != *rt.state {
+ descr := fmt.Sprintf("States do not match. Expected %q, got %q.", *rt.state, r.URL.Query().Get("state"))
+ _, _ = fmt.Fprintln(rt.cmd.ErrOrStderr(), descr)
+
+ w.WriteHeader(http.StatusInternalServerError)
+ _ = tokenUserError.Execute(w, &ed{
+ Name: "States do not match",
+ Description: descr,
+ })
+ return
+ }
+
+ code := r.URL.Query().Get("code")
+ ctx := context.WithValue(rt.cmd.Context(), oauth2.HTTPClient, rt.cl)
+ token, err := rt.conf.Exchange(ctx, code)
+ if err != nil {
+ _, _ = fmt.Fprintf(rt.cmd.ErrOrStderr(), "Unable to exchange code for token: %s\n", err)
+
+ w.WriteHeader(http.StatusInternalServerError)
+ _ = tokenUserError.Execute(w, &ed{
+ Name: err.Error(),
+ })
+ return
+ }
+
+ cmdx.PrintRow(rt.cmd, outputOAuth2Token(*token))
+ _ = tokenUserResult.Execute(w, struct {
+ AccessToken string
+ RefreshToken string
+ Expiry string
+ IDToken string
+ BackURL string
+ DisplayBackButton bool
+ }{
+ AccessToken: token.AccessToken,
+ RefreshToken: token.RefreshToken,
+ Expiry: token.Expiry.Format(time.RFC1123),
+ IDToken: fmt.Sprintf("%s", token.Extra("id_token")),
+ BackURL: rt.serverLocation,
+ DisplayBackButton: rt.noShutdown,
+ })
+}
+
+func (rt *router) callbackPOSTForm(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+ if err := r.ParseForm(); err != nil {
+ http.Error(w, err.Error(), http.StatusBadRequest)
+ return
+ }
+ u := url.URL{
+ Path: r.URL.Path,
+ RawQuery: r.PostForm.Encode(),
+ }
+ http.Redirect(w, r, u.String(), http.StatusFound)
+}
+
+type ed struct {
+ Name string
+ Description string
+ Hint string
+ Debug string
+}
+
+func prettyJSON(r io.Reader) (string, error) {
+ contentsRaw, err := io.ReadAll(r)
+ if err != nil {
+ return "", err
+ }
+ var buf bytes.Buffer
+ if err := json.Indent(&buf, contentsRaw, "", " "); err != nil {
+ return "", err
+ }
+ return buf.String(), nil
+}
diff --git a/cmd/cmd_perform_device_flow.go b/cmd/cmd_perform_device_flow.go
new file mode 100644
index 00000000000..74e9a33a4b3
--- /dev/null
+++ b/cmd/cmd_perform_device_flow.go
@@ -0,0 +1,108 @@
+// Copyright © 2022 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package cmd
+
+import (
+ "context"
+ "fmt"
+ "os"
+ "strings"
+
+ "github.com/ory/hydra/v2/cmd/cliclient"
+
+ "github.com/spf13/cobra"
+ "golang.org/x/oauth2"
+
+ "github.com/ory/x/cmdx"
+ "github.com/ory/x/flagx"
+ "github.com/ory/x/urlx"
+)
+
+func NewPerformDeviceCodeCmd() *cobra.Command {
+ cmd := &cobra.Command{
+ Use: "device-code",
+ Example: "{{ .CommandPath }} --client-id ... --client-secret ...",
+ Short: "An exemplary OAuth 2.0 Client performing the OAuth 2.0 Device Code Flow",
+ Long: `Performs the device code flow. Useful for getting an access token and an ID token in machines without a browser.
+ The client that will be used MUST support the "client_secret_post" token-endpoint-auth-method
+ `,
+ RunE: func(cmd *cobra.Command, args []string) error {
+ client, endpoint, err := cliclient.NewClient(cmd)
+ if err != nil {
+ return err
+ }
+
+ endpoint = cliclient.GetOAuth2URLOverride(cmd, endpoint)
+
+ ctx := context.WithValue(cmd.Context(), oauth2.HTTPClient, client)
+ scopes := flagx.MustGetStringSlice(cmd, "scope")
+ deviceAuthUrl := flagx.MustGetString(cmd, "device-auth-url")
+ tokenUrl := flagx.MustGetString(cmd, "token-url")
+ audience := flagx.MustGetStringSlice(cmd, "audience")
+
+ clientID := flagx.MustGetString(cmd, "client-id")
+ if clientID == "" {
+ _, _ = fmt.Fprint(cmd.OutOrStdout(), cmd.UsageString())
+ _, _ = fmt.Fprintln(cmd.OutOrStdout(), "Please provide a Client ID using --client-id flag, or OAUTH2_CLIENT_ID environment variable.")
+ return cmdx.FailSilently(cmd)
+ }
+
+ clientSecret := flagx.MustGetString(cmd, "client-secret")
+
+ if deviceAuthUrl == "" {
+ deviceAuthUrl = urlx.AppendPaths(endpoint, "/oauth2/device/auth").String()
+ }
+
+ if tokenUrl == "" {
+ tokenUrl = urlx.AppendPaths(endpoint, "/oauth2/token").String()
+ }
+
+ conf := oauth2.Config{
+ ClientID: clientID,
+ ClientSecret: clientSecret,
+ Endpoint: oauth2.Endpoint{
+ DeviceAuthURL: deviceAuthUrl,
+ TokenURL: tokenUrl,
+ },
+ Scopes: scopes,
+ }
+
+ deviceAuthResponse, err := conf.DeviceAuth(
+ ctx,
+ oauth2.SetAuthURLParam("audience", strings.Join(audience, "+")),
+ oauth2.SetAuthURLParam("client_secret", clientSecret),
+ )
+ if err != nil {
+ cmdx.Fatalf("Failed to perform the device authorization request", err.Error())
+ }
+
+ fmt.Fprintln(
+ cmd.OutOrStdout(),
+ "To login please go to:\n\t",
+ deviceAuthResponse.VerificationURIComplete,
+ )
+
+ token, err := conf.DeviceAccessToken(ctx, deviceAuthResponse)
+ if err != nil {
+ cmdx.Fatalf("Failed to perform the device token request: %e", err.Error())
+ }
+
+ fmt.Println("Successfully signed in!")
+
+ cmdx.PrintRow(cmd, outputOAuth2Token(*token))
+ return nil
+ },
+ }
+
+ cmd.Flags().StringSlice("scope", []string{"offline", "openid"}, "Request OAuth2 scope")
+
+ cmd.Flags().String("client-id", os.Getenv("OAUTH2_CLIENT_ID"), "Use the provided OAuth 2.0 Client ID, defaults to environment variable OAUTH2_CLIENT_ID")
+ cmd.Flags().String("client-secret", os.Getenv("OAUTH2_CLIENT_SECRET"), "Use the provided OAuth 2.0 Client Secret, defaults to environment variable OAUTH2_CLIENT_SECRET")
+
+ cmd.Flags().StringSlice("audience", []string{}, "Request a specific OAuth 2.0 Access Token Audience")
+ cmd.Flags().String("device-auth-url", "", "Usually it is enough to specify the `endpoint` flag, but if you want to force the device authorization url, use this flag")
+ cmd.Flags().String("token-url", "", "Usually it is enough to specify the `endpoint` flag, but if you want to force the token url, use this flag")
+
+ return cmd
+}
diff --git a/cmd/cmd_revoke_token.go b/cmd/cmd_revoke_token.go
index 308098a43a4..7e0e5f8831e 100644
--- a/cmd/cmd_revoke_token.go
+++ b/cmd/cmd_revoke_token.go
@@ -38,7 +38,7 @@ Please provide a Client ID and Client Secret using flags --client-id and --clien
}
token := args[0]
- _, err = client.OAuth2Api.RevokeOAuth2Token(
+ _, err = client.OAuth2API.RevokeOAuth2Token(
context.WithValue(cmd.Context(), hydra.ContextBasicAuth, hydra.BasicAuth{
UserName: clientID,
Password: clientSecret,
diff --git a/cmd/cmd_update_client.go b/cmd/cmd_update_client.go
index 98f28b333d7..6205b21ad71 100644
--- a/cmd/cmd_update_client.go
+++ b/cmd/cmd_update_client.go
@@ -42,15 +42,18 @@ To encrypt an auto-generated OAuth2 Client Secret, use flags ` + "`--pgp-key`" +
}
id := args[0]
- cc := clientFromFlags(cmd)
+ cc, err := clientFromFlags(cmd)
+ if err != nil {
+ return err
+ }
- client, _, err := m.OAuth2Api.SetOAuth2Client(context.Background(), id).OAuth2Client(cc).Execute() //nolint:bodyclose
+ client, _, err := m.OAuth2API.SetOAuth2Client(context.Background(), id).OAuth2Client(cc).Execute() //nolint:bodyclose
if err != nil {
return cmdx.PrintOpenAPIError(cmd, err)
}
if client.ClientSecret == nil && len(secret) > 0 {
- client.ClientSecret = pointerx.String(secret)
+ client.ClientSecret = pointerx.Ptr(secret)
}
if encryptSecret && client.ClientSecret != nil {
@@ -60,7 +63,7 @@ To encrypt an auto-generated OAuth2 Client Secret, use flags ` + "`--pgp-key`" +
return cmdx.FailSilently(cmd)
}
- client.ClientSecret = pointerx.String(enc.Base64Encode())
+ client.ClientSecret = pointerx.Ptr(enc.Base64Encode())
}
cmdx.PrintRow(cmd, (*outputOAuth2Client)(client))
diff --git a/cmd/cmd_update_client_test.go b/cmd/cmd_update_client_test.go
index c21aa0277bc..6cbcb7dfe5f 100644
--- a/cmd/cmd_update_client_test.go
+++ b/cmd/cmd_update_client_test.go
@@ -4,10 +4,13 @@
package cmd_test
import (
+ "bytes"
"context"
"encoding/json"
"testing"
+ "github.com/tidwall/sjson"
+
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/tidwall/gjson"
@@ -25,11 +28,11 @@ func TestUpdateClient(t *testing.T) {
original := createClient(t, reg, nil)
t.Run("case=creates successfully", func(t *testing.T) {
actual := gjson.Parse(cmdx.ExecNoErr(t, c, "--grant-type", "implicit", original.GetID()))
- expected, err := reg.ClientManager().GetClient(ctx, actual.Get("client_id").String())
+ expected, err := reg.ClientManager().GetClient(ctx, actual.Get("client_id").Str)
require.NoError(t, err)
- assert.Equal(t, expected.GetID(), actual.Get("client_id").String())
- assert.Equal(t, "implicit", actual.Get("grant_types").Array()[0].String())
+ assert.Equal(t, expected.GetID(), actual.Get("client_id").Str)
+ assert.Equal(t, "implicit", actual.Get("grant_types").Array()[0].Str)
snapshotx.SnapshotT(t, json.RawMessage(actual.Raw), snapshotExcludedClientFields...)
})
@@ -39,9 +42,48 @@ func TestUpdateClient(t *testing.T) {
"--secret", "some-userset-secret",
"--pgp-key", base64EncodedPGPPublicKey(t),
))
- assert.NotEmpty(t, actual.Get("client_id").String())
- assert.NotEmpty(t, actual.Get("client_secret").String())
+ assert.Equal(t, original.ID, actual.Get("client_id").Str)
+ assert.NotEmpty(t, actual.Get("client_secret").Str)
+ assert.NotEqual(t, original.Secret, actual.Get("client_secret").Str)
snapshotx.SnapshotT(t, json.RawMessage(actual.Raw), snapshotExcludedClientFields...)
})
+
+ t.Run("case=updates from file", func(t *testing.T) {
+ original, err := reg.ClientManager().GetConcreteClient(ctx, original.GetID())
+ require.NoError(t, err)
+
+ raw, err := json.Marshal(original)
+ require.NoError(t, err)
+
+ t.Run("file=stdin", func(t *testing.T) {
+ raw, err = sjson.SetBytes(raw, "client_name", "updated through file stdin")
+ require.NoError(t, err)
+
+ stdout, stderr, err := cmdx.Exec(t, c, bytes.NewReader(raw), original.GetID(), "--file", "-")
+ require.NoError(t, err, stderr)
+
+ actual := gjson.Parse(stdout)
+ assert.Equal(t, original.ID, actual.Get("client_id").Str)
+ assert.Equal(t, "updated through file stdin", actual.Get("client_name").Str)
+
+ snapshotx.SnapshotT(t, json.RawMessage(actual.Raw), snapshotExcludedClientFields...)
+ })
+
+ t.Run("file=from disk", func(t *testing.T) {
+ raw, err = sjson.SetBytes(raw, "client_name", "updated through file from disk")
+ require.NoError(t, err)
+
+ fn := writeTempFile(t, json.RawMessage(raw))
+
+ stdout, stderr, err := cmdx.Exec(t, c, nil, original.GetID(), "--file", fn)
+ require.NoError(t, err, stderr)
+
+ actual := gjson.Parse(stdout)
+ assert.Equal(t, original.ID, actual.Get("client_id").Str)
+ assert.Equal(t, "updated through file from disk", actual.Get("client_name").Str)
+
+ snapshotx.SnapshotT(t, json.RawMessage(actual.Raw), snapshotExcludedClientFields...)
+ })
+ })
}
diff --git a/cmd/root.go b/cmd/root.go
index 6feabdb8103..8fcaf54a414 100644
--- a/cmd/root.go
+++ b/cmd/root.go
@@ -62,6 +62,7 @@ func RegisterCommandRecursive(parent *cobra.Command, slOpts []servicelocatorx.Op
performCmd.AddCommand(
NewPerformClientCredentialsCmd(),
NewPerformAuthorizationCodeCmd(),
+ NewPerformDeviceCodeCmd(),
)
revokeCmd := NewRevokeCmd()
diff --git a/cmd/server/banner.go b/cmd/server/banner.go
index 230420b798c..26721272c9c 100644
--- a/cmd/server/banner.go
+++ b/cmd/server/banner.go
@@ -8,5 +8,5 @@ func banner(version string) string {
Take security seriously and subscribe to the Ory Security Newsletter. Stay on top of new patches and security insights.
->> Subscribe now: http://eepurl.com/di390P <<`
+>> Subscribe now: https://www.ory.sh/l/sign-up-newsletter <<`
}
diff --git a/consent/csrf.go b/consent/csrf.go
index 42588390a52..0a21c8e28ab 100644
--- a/consent/csrf.go
+++ b/consent/csrf.go
@@ -10,6 +10,8 @@ import (
"strings"
"time"
+ "github.com/ory/hydra/v2/flow"
+
"github.com/gorilla/sessions"
"github.com/ory/fosite"
@@ -18,6 +20,8 @@ import (
"github.com/ory/x/mapx"
)
+// WARNING - changes in this file need to be mirrored elsewhere.
+
func createCsrfSession(w http.ResponseWriter, r *http.Request, conf x.CookieConfigProvider, store sessions.Store, name string, csrfValue string, maxAge time.Duration) error {
// Errors can be ignored here, because we always get a session back. Error typically means that the
// session doesn't exist yet.
@@ -45,7 +49,7 @@ func createCsrfSession(w http.ResponseWriter, r *http.Request, conf x.CookieConf
return nil
}
-func validateCsrfSession(r *http.Request, conf x.CookieConfigProvider, store sessions.Store, name, expectedCSRF string) error {
+func ValidateCsrfSession(r *http.Request, conf x.CookieConfigProvider, store sessions.Store, name, expectedCSRF string, f *flow.Flow) error {
if cookie, err := getCsrfSession(r, store, conf, name); err != nil {
return errorsx.WithStack(fosite.ErrRequestForbidden.WithHint("CSRF session cookie could not be decoded."))
} else if csrf, err := mapx.GetString(cookie.Values, "csrf"); err != nil {
diff --git a/consent/handler.go b/consent/handler.go
index d0d3fd2aa2b..2c8e6b141ee 100644
--- a/consent/handler.go
+++ b/consent/handler.go
@@ -4,11 +4,13 @@
package consent
import (
+ "context"
"encoding/json"
"net/http"
"net/url"
"time"
+ "github.com/ory/hydra/v2/client"
"github.com/ory/hydra/v2/flow"
"github.com/ory/hydra/v2/oauth2/flowctx"
"github.com/ory/hydra/v2/x/events"
@@ -35,6 +37,7 @@ type Handler struct {
const (
LoginPath = "/oauth2/auth/requests/login"
+ DevicePath = "/oauth2/auth/requests/device"
ConsentPath = "/oauth2/auth/requests/consent"
LogoutPath = "/oauth2/auth/requests/logout"
SessionsPath = "/oauth2/auth/sessions"
@@ -66,6 +69,8 @@ func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin) {
admin.GET(LogoutPath, h.getOAuth2LogoutRequest)
admin.PUT(LogoutPath+"/accept", h.acceptOAuth2LogoutRequest)
admin.PUT(LogoutPath+"/reject", h.rejectOAuth2LogoutRequest)
+
+ admin.PUT(DevicePath+"/accept", h.acceptUserCodeRequest)
}
// Revoke OAuth 2.0 Consent Session Parameters
@@ -243,9 +248,9 @@ type revokeOAuth2LoginSessions struct {
// in: query
Subject string `json:"subject"`
- // OAuth 2.0 Subject
+ // Login Session ID
//
- // The subject to revoke authentication sessions for.
+ // The login session to revoke.
//
// in: query
SessionID string `json:"sid"`
@@ -364,6 +369,14 @@ func (h *Handler) getOAuth2LoginRequest(w http.ResponseWriter, r *http.Request,
return
}
+ if request.RequestedScope == nil {
+ request.RequestedScope = []string{}
+ }
+
+ if request.RequestedAudience == nil {
+ request.RequestedAudience = []string{}
+ }
+
request.Client = sanitizeClient(request.Client)
h.r.Writer().Write(w, r, request)
}
@@ -468,11 +481,12 @@ func (h *Handler) acceptOAuth2LoginRequest(w http.ResponseWriter, r *http.Reques
}
handledLoginRequest.RequestedAt = loginRequest.RequestedAt
- f, err := flowctx.Decode[flow.Flow](ctx, h.r.FlowCipher(), challenge, flowctx.AsLoginChallenge)
+ f, err := h.decodeFlowWithClient(ctx, challenge, flowctx.AsLoginChallenge)
if err != nil {
h.r.Writer().WriteError(w, r, err)
return
}
+
request, err := h.r.ConsentManager().HandleLoginRequest(ctx, f, challenge, &handledLoginRequest)
if err != nil {
h.r.Writer().WriteError(w, r, errorsx.WithStack(err))
@@ -492,7 +506,6 @@ func (h *Handler) acceptOAuth2LoginRequest(w http.ResponseWriter, r *http.Reques
}
events.Trace(ctx, events.LoginAccepted, events.WithClientID(request.Client.GetID()), events.WithSubject(request.Subject))
-
h.r.Writer().Write(w, r, &flow.OAuth2RedirectTo{
RedirectTo: urlx.SetQuery(ru, url.Values{"login_verifier": {verifier}}).String(),
})
@@ -568,7 +581,7 @@ func (h *Handler) rejectOAuth2LoginRequest(w http.ResponseWriter, r *http.Reques
return
}
- f, err := flowctx.Decode[flow.Flow](ctx, h.r.FlowCipher(), challenge, flowctx.AsLoginChallenge)
+ f, err := h.decodeFlowWithClient(ctx, challenge, flowctx.AsLoginChallenge)
if err != nil {
h.r.Writer().WriteError(w, r, err)
return
@@ -754,7 +767,7 @@ func (h *Handler) acceptOAuth2ConsentRequest(w http.ResponseWriter, r *http.Requ
p.RequestedAt = cr.RequestedAt
p.HandledAt = sqlxx.NullTime(time.Now().UTC())
- f, err := flowctx.Decode[flow.Flow](ctx, h.r.FlowCipher(), challenge, flowctx.AsConsentChallenge)
+ f, err := h.decodeFlowWithClient(ctx, challenge, flowctx.AsConsentChallenge)
if err != nil {
h.r.Writer().WriteError(w, r, err)
return
@@ -861,7 +874,7 @@ func (h *Handler) rejectOAuth2ConsentRequest(w http.ResponseWriter, r *http.Requ
return
}
- f, err := flowctx.Decode[flow.Flow](ctx, h.r.FlowCipher(), challenge, flowctx.AsConsentChallenge)
+ f, err := h.decodeFlowWithClient(ctx, challenge, flowctx.AsConsentChallenge)
if err != nil {
h.r.Writer().WriteError(w, r, err)
return
@@ -1037,3 +1050,151 @@ func (h *Handler) getOAuth2LogoutRequest(w http.ResponseWriter, r *http.Request,
h.r.Writer().Write(w, r, request)
}
+
+// Verify OAuth 2.0 User Code Request
+//
+// swagger:parameters acceptUserCodeRequest
+type verifyUserCodeRequest struct {
+ // in: query
+ // required: true
+ Challenge string `json:"device_challenge"`
+
+ // in: body
+ Body flow.AcceptDeviceUserCodeRequest
+}
+
+// swagger:route PUT /admin/oauth2/auth/requests/device/accept oAuth2 acceptUserCodeRequest
+//
+// # Accepts a device grant user_code request
+//
+// Accepts a device grant user_code request
+//
+// Consumes:
+// - application/json
+//
+// Produces:
+// - application/json
+//
+// Schemes: http, https
+//
+// Responses:
+// 200: oAuth2RedirectTo
+// default: errorOAuth2
+func (h *Handler) acceptUserCodeRequest(w http.ResponseWriter, r *http.Request, ps httprouter.Params) {
+ ctx := r.Context()
+
+ challenge := stringsx.Coalesce(
+ r.URL.Query().Get("device_challenge"),
+ r.URL.Query().Get("challenge"),
+ )
+ if challenge == "" {
+ h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint(`Query parameter 'challenge' is not defined but should have been.`)))
+ return
+ }
+
+ var reqBody flow.AcceptDeviceUserCodeRequest
+ d := json.NewDecoder(r.Body)
+ d.DisallowUnknownFields()
+ if err := d.Decode(&reqBody); err != nil {
+ h.r.Writer().WriteErrorCode(w, r, http.StatusBadRequest, errorsx.WithStack(err))
+ return
+ }
+
+ if reqBody.UserCode == "" {
+ h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrInvalidRequest.WithHint("Field 'user_code' must not be empty.")))
+ return
+ }
+
+ cr, err := h.r.ConsentManager().GetDeviceUserAuthRequest(ctx, challenge)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, errorsx.WithStack(err))
+ return
+ }
+
+ f, err := h.decodeFlowWithClient(ctx, challenge, flowctx.AsDeviceChallenge)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+
+ userCodeSignature, err := h.r.RFC8628HMACStrategy().UserCodeSignature(r.Context(), reqBody.UserCode)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrServerError.WithWrap(err).WithHint(`'user_code' signature could not be computed`)))
+ return
+ }
+ userCodeRequest, err := h.r.OAuth2Storage().GetUserCodeSession(r.Context(), userCodeSignature, nil)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrNotFound.WithWrap(err).WithHint(`'user_code' session not found`)))
+ return
+ }
+ err = h.r.RFC8628HMACStrategy().ValidateUserCode(ctx, userCodeRequest, reqBody.UserCode)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, errorsx.WithStack(fosite.ErrTokenExpired.WithWrap(err).WithHint(`'user_code' has expired`)))
+ return
+ }
+
+ p := flow.HandledDeviceUserAuthRequest{
+ ID: f.DeviceChallengeID.String(),
+ RequestedAt: cr.RequestedAt,
+ HandledAt: sqlxx.NullTime(time.Now().UTC()),
+ Client: userCodeRequest.GetClient().(*client.Client),
+ DeviceCodeRequestID: userCodeRequest.GetID(),
+ RequestedScope: []string(userCodeRequest.GetRequestedScopes()),
+ RequestedAudience: []string(userCodeRequest.GetRequestedAudience()),
+ }
+
+ // Append the client_id to the original RequestURL, as it is needed for the login flow
+ reqURL, err := url.Parse(f.RequestURL)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, errorsx.WithStack(err))
+ return
+ }
+ if reqURL.Query().Get("client_id") == "" {
+ q := reqURL.Query()
+ q.Add("client_id", userCodeRequest.GetClient().GetID())
+ reqURL.RawQuery = q.Encode()
+ }
+ f.RequestURL = reqURL.String()
+
+ hr, err := h.r.ConsentManager().HandleDeviceUserAuthRequest(ctx, f, challenge, &p)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, errorsx.WithStack(err))
+ return
+ }
+
+ ru, err := url.Parse(hr.RequestURL)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+
+ verifier, err := f.ToDeviceVerifier(ctx, h.r)
+ if err != nil {
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+
+ events.Trace(ctx, events.DeviceUserCodeAccepted, events.WithClientID(userCodeRequest.GetClient().GetID()))
+
+ h.r.Writer().Write(w, r, &flow.OAuth2RedirectTo{
+ RedirectTo: urlx.SetQuery(ru, url.Values{"device_verifier": {verifier}, "client_id": {userCodeRequest.GetClient().GetID()}}).String(),
+ })
+}
+
+func (h *Handler) decodeFlowWithClient(ctx context.Context, challenge string, opts ...flowctx.CodecOption) (*flow.Flow, error) {
+ f, err := flowctx.Decode[flow.Flow](ctx, h.r.FlowCipher(), challenge, opts...)
+ if err != nil {
+ return nil, err
+ }
+
+ if f.ClientID == "" {
+ return f, nil
+ }
+
+ f.Client, err = h.r.ClientManager().GetConcreteClient(ctx, f.ClientID)
+ if err != nil {
+ return nil, err
+ }
+
+ return f, nil
+}
diff --git a/consent/handler_test.go b/consent/handler_test.go
index d5dfe5254ad..09f09875522 100644
--- a/consent/handler_test.go
+++ b/consent/handler_test.go
@@ -15,11 +15,15 @@ import (
"github.com/stretchr/testify/require"
+ "github.com/ory/fosite"
+ "github.com/ory/fosite/handler/openid"
+ "github.com/ory/fosite/token/jwt"
hydra "github.com/ory/hydra-client-go/v2"
"github.com/ory/hydra/v2/client"
. "github.com/ory/hydra/v2/consent"
"github.com/ory/hydra/v2/flow"
"github.com/ory/hydra/v2/internal"
+ "github.com/ory/hydra/v2/oauth2"
"github.com/ory/hydra/v2/x"
"github.com/ory/x/contextx"
"github.com/ory/x/pointerx"
@@ -103,7 +107,7 @@ func TestGetLoginRequest(t *testing.T) {
if tc.exists {
cl := &client.Client{ID: "client" + key}
require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cl))
- f, err := reg.ConsentManager().CreateLoginRequest(context.Background(), &flow.LoginRequest{
+ f, err := reg.ConsentManager().CreateLoginRequest(context.Background(), nil, &flow.LoginRequest{
Client: cl,
ID: challenge,
RequestURL: requestURL,
@@ -175,7 +179,7 @@ func TestGetConsentRequest(t *testing.T) {
RequestURL: requestURL,
RequestedAt: time.Now(),
}
- f, err := reg.ConsentManager().CreateLoginRequest(ctx, lr)
+ f, err := reg.ConsentManager().CreateLoginRequest(ctx, nil, lr)
require.NoError(t, err)
challenge, err = f.ToLoginChallenge(ctx, reg)
require.NoError(t, err)
@@ -243,7 +247,7 @@ func TestGetLoginRequestWithDuplicateAccept(t *testing.T) {
cl := &client.Client{ID: "client"}
require.NoError(t, reg.ClientManager().CreateClient(ctx, cl))
- f, err := reg.ConsentManager().CreateLoginRequest(ctx, &flow.LoginRequest{
+ f, err := reg.ConsentManager().CreateLoginRequest(ctx, nil, &flow.LoginRequest{
Client: cl,
ID: challenge,
RequestURL: requestURL,
@@ -300,3 +304,371 @@ func TestGetLoginRequestWithDuplicateAccept(t *testing.T) {
require.Contains(t, result2.RedirectTo, "login_verifier")
})
}
+
+func TestAcceptDeviceRequest(t *testing.T) {
+ ctx := context.Background()
+ challenge := "challenge"
+ requestURL := "https://hydra.example.com/" + oauth2.DeviceVerificationPath
+
+ conf := internal.NewConfigurationWithDefaults()
+ reg := internal.NewRegistryMemory(t, conf, &contextx.Default{})
+
+ cl := &client.Client{ID: "client"}
+ require.NoError(t, reg.ClientManager().CreateClient(ctx, cl))
+ f, err := reg.ConsentManager().CreateDeviceUserAuthRequest(ctx, &flow.DeviceUserAuthRequest{
+ Client: cl,
+ ID: challenge,
+ RequestURL: requestURL,
+ RequestedAt: time.Now(),
+ })
+ require.NoError(t, err)
+ challenge, err = f.ToDeviceChallenge(ctx, reg)
+ require.NoError(t, err)
+
+ h := NewHandler(reg, conf)
+ r := x.NewRouterAdmin(conf.AdminURL)
+ h.SetRoutes(r)
+ ts := httptest.NewServer(r)
+ defer ts.Close()
+
+ c := &http.Client{}
+
+ deviceRequest := fosite.NewDeviceRequest()
+ deviceRequest.Client = cl
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ _, deviceCodesig, err := reg.RFC8628HMACStrategy().GenerateDeviceCode(ctx)
+ require.NoError(t, err)
+ userCode, sig, err := reg.RFC8628HMACStrategy().GenerateUserCode(ctx)
+ require.NoError(t, err)
+ reg.OAuth2Storage().CreateDeviceAuthSession(ctx, deviceCodesig, sig, deviceRequest)
+ require.NoError(t, err)
+
+ acceptUserCode := &hydra.AcceptDeviceUserCodeRequest{UserCode: &userCode}
+
+ // marshal User to json
+ acceptUserCodeJson, err := json.Marshal(acceptUserCode)
+ if err != nil {
+ panic(err)
+ }
+
+ // set the HTTP method, url, and request body
+ req, err := http.NewRequest(http.MethodPut, ts.URL+"/admin"+DevicePath+"/accept?challenge="+challenge, bytes.NewBuffer(acceptUserCodeJson))
+ if err != nil {
+ panic(err)
+ }
+
+ resp, err := c.Do(req)
+ require.NoError(t, err)
+ require.EqualValues(t, http.StatusOK, resp.StatusCode)
+
+ var result flow.OAuth2RedirectTo
+ require.NoError(t, json.NewDecoder(resp.Body).Decode(&result))
+ require.NotNil(t, result.RedirectTo)
+ require.Contains(t, result.RedirectTo, requestURL)
+ require.Contains(t, result.RedirectTo, "device_verifier")
+}
+
+func TestAcceptDuplicateDeviceRequest(t *testing.T) {
+ ctx := context.Background()
+ challenge := "challenge"
+ requestURL := "https://hydra.example.com/" + oauth2.DeviceVerificationPath
+
+ conf := internal.NewConfigurationWithDefaults()
+ reg := internal.NewRegistryMemory(t, conf, &contextx.Default{})
+
+ cl := &client.Client{ID: "client"}
+ require.NoError(t, reg.ClientManager().CreateClient(ctx, cl))
+ f, err := reg.ConsentManager().CreateDeviceUserAuthRequest(ctx, &flow.DeviceUserAuthRequest{
+ Client: cl,
+ ID: challenge,
+ RequestURL: requestURL,
+ RequestedAt: time.Now(),
+ })
+ require.NoError(t, err)
+ challenge, err = f.ToDeviceChallenge(ctx, reg)
+ require.NoError(t, err)
+
+ h := NewHandler(reg, conf)
+ r := x.NewRouterAdmin(conf.AdminURL)
+ h.SetRoutes(r)
+ ts := httptest.NewServer(r)
+ defer ts.Close()
+
+ c := &http.Client{}
+
+ deviceRequest := fosite.NewDeviceRequest()
+ deviceRequest.Client = cl
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ _, deviceCodesig, err := reg.RFC8628HMACStrategy().GenerateDeviceCode(ctx)
+ require.NoError(t, err)
+ userCode, sig, err := reg.RFC8628HMACStrategy().GenerateUserCode(ctx)
+ require.NoError(t, err)
+ reg.OAuth2Storage().CreateDeviceAuthSession(ctx, deviceCodesig, sig, deviceRequest)
+ require.NoError(t, err)
+
+ acceptUserCode := &hydra.AcceptDeviceUserCodeRequest{UserCode: &userCode}
+
+ // marshal User to json
+ acceptUserCodeJson, err := json.Marshal(acceptUserCode)
+ if err != nil {
+ panic(err)
+ }
+
+ // set the HTTP method, url, and request body
+ req, err := http.NewRequest(http.MethodPut, ts.URL+"/admin"+DevicePath+"/accept?challenge="+challenge, bytes.NewBuffer(acceptUserCodeJson))
+ if err != nil {
+ panic(err)
+ }
+
+ resp, err := c.Do(req)
+ require.NoError(t, err)
+ require.EqualValues(t, http.StatusOK, resp.StatusCode)
+
+ var result flow.OAuth2RedirectTo
+ require.NoError(t, json.NewDecoder(resp.Body).Decode(&result))
+ require.NotNil(t, result.RedirectTo)
+ require.Contains(t, result.RedirectTo, requestURL)
+ require.Contains(t, result.RedirectTo, "device_verifier")
+
+ req2, err := http.NewRequest(http.MethodPut, ts.URL+"/admin"+DevicePath+"/accept?challenge="+challenge, bytes.NewBuffer(acceptUserCodeJson))
+ if err != nil {
+ panic(err)
+ }
+ resp2, err := c.Do(req2)
+ require.NoError(t, err)
+ require.EqualValues(t, http.StatusOK, resp2.StatusCode)
+
+ var result2 flow.OAuth2RedirectTo
+ require.NoError(t, json.NewDecoder(resp2.Body).Decode(&result2))
+ require.NotNil(t, result2.RedirectTo)
+ require.Contains(t, result2.RedirectTo, requestURL)
+ require.Contains(t, result2.RedirectTo, "device_verifier")
+}
+
+func TestAcceptCodeDeviceRequestFailure(t *testing.T) {
+ ctx := context.Background()
+ challenge := "challenge"
+ requestURL := "https://hydra.example.com/" + oauth2.DeviceVerificationPath
+
+ conf := internal.NewConfigurationWithDefaults()
+ reg := internal.NewRegistryMemory(t, conf, &contextx.Default{})
+
+ cl := &client.Client{ID: "client"}
+ require.NoError(t, reg.ClientManager().CreateClient(ctx, cl))
+ f, err := reg.ConsentManager().CreateDeviceUserAuthRequest(ctx, &flow.DeviceUserAuthRequest{
+ Client: cl,
+ ID: challenge,
+ RequestURL: requestURL,
+ RequestedAt: time.Now(),
+ })
+ require.NoError(t, err)
+ challenge, err = f.ToDeviceChallenge(ctx, reg)
+ require.NoError(t, err)
+
+ h := NewHandler(reg, conf)
+ r := x.NewRouterAdmin(conf.AdminURL)
+ h.SetRoutes(r)
+ ts := httptest.NewServer(r)
+ defer ts.Close()
+
+ c := &http.Client{}
+
+ for _, tc := range []struct {
+ desc string
+ getBody func() ([]byte, error)
+ getURL func() string
+ validateResponse func(*http.Response)
+ }{
+ {
+ desc: "random user_code, not persisted in the database",
+ getBody: func() ([]byte, error) {
+ deviceRequest := fosite.NewDeviceRequest()
+ deviceRequest.Client = cl
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ userCode, _, err := reg.RFC8628HMACStrategy().GenerateUserCode(ctx)
+ require.NoError(t, err)
+ return json.Marshal(&hydra.AcceptDeviceUserCodeRequest{UserCode: &userCode})
+ },
+ getURL: func() string {
+ return ts.URL + "/admin" + DevicePath + "/accept?challenge=" + challenge
+ },
+ validateResponse: func(resp *http.Response) {
+ require.EqualValues(t, http.StatusNotFound, resp.StatusCode)
+ },
+ },
+ {
+ desc: "empty user_code",
+ getBody: func() ([]byte, error) {
+ deviceRequest := fosite.NewDeviceRequest()
+ deviceRequest.Client = cl
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ userCode := ""
+ return json.Marshal(&hydra.AcceptDeviceUserCodeRequest{UserCode: &userCode})
+ },
+ getURL: func() string {
+ return ts.URL + "/admin" + DevicePath + "/accept?challenge=" + challenge
+ },
+ validateResponse: func(resp *http.Response) {
+ require.EqualValues(t, http.StatusBadRequest, resp.StatusCode)
+ },
+ },
+ {
+ desc: "empty challenge",
+ getBody: func() ([]byte, error) {
+ deviceRequest := fosite.NewDeviceRequest()
+ deviceRequest.Client = cl
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ userCode, _, err := reg.RFC8628HMACStrategy().GenerateUserCode(ctx)
+ require.NoError(t, err)
+ return json.Marshal(&hydra.AcceptDeviceUserCodeRequest{UserCode: &userCode})
+ },
+ getURL: func() string {
+ return ts.URL + "/admin" + DevicePath + "/accept"
+ },
+ validateResponse: func(resp *http.Response) {
+ require.EqualValues(t, http.StatusBadRequest, resp.StatusCode)
+ },
+ },
+ {
+ desc: "random challenge",
+ getBody: func() ([]byte, error) {
+ deviceRequest := fosite.NewDeviceRequest()
+ deviceRequest.Client = cl
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ userCode, _, err := reg.RFC8628HMACStrategy().GenerateUserCode(ctx)
+ require.NoError(t, err)
+ return json.Marshal(&hydra.AcceptDeviceUserCodeRequest{UserCode: &userCode})
+ },
+ getURL: func() string {
+ return ts.URL + "/admin" + DevicePath + "/accept?challenge=abc"
+ },
+ validateResponse: func(resp *http.Response) {
+ require.EqualValues(t, http.StatusNotFound, resp.StatusCode)
+ },
+ },
+ {
+ desc: "expired user_code",
+ getBody: func() ([]byte, error) {
+ deviceRequest := fosite.NewDeviceRequest()
+ deviceRequest.Client = cl
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ _, deviceCodesig, err := reg.RFC8628HMACStrategy().GenerateDeviceCode(ctx)
+ require.NoError(t, err)
+ userCode, sig, err := reg.RFC8628HMACStrategy().GenerateUserCode(ctx)
+ require.NoError(t, err)
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ exp := time.Now().UTC()
+ deviceRequest.Session.SetExpiresAt(fosite.UserCode, exp)
+ err = reg.OAuth2Storage().CreateDeviceAuthSession(ctx, deviceCodesig, sig, deviceRequest)
+ require.NoError(t, err)
+ return json.Marshal(&hydra.AcceptDeviceUserCodeRequest{UserCode: &userCode})
+ },
+ getURL: func() string {
+ return ts.URL + "/admin" + DevicePath + "/accept?challenge=" + challenge
+ },
+ validateResponse: func(resp *http.Response) {
+ require.EqualValues(t, http.StatusUnauthorized, resp.StatusCode)
+ result := &fosite.RFC6749Error{}
+ require.NoError(t, json.NewDecoder(resp.Body).Decode(&result))
+ require.EqualValues(t, result.ErrorField, fosite.ErrTokenExpired.ErrorField)
+ },
+ },
+ {
+ desc: "extra fields",
+ getBody: func() ([]byte, error) {
+ deviceRequest := fosite.NewDeviceRequest()
+ deviceRequest.Client = cl
+ deviceRequest.SetSession(
+ &oauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ },
+ )
+ userCode, _, err := reg.RFC8628HMACStrategy().GenerateUserCode(ctx)
+ require.NoError(t, err)
+ ret := struct {
+ UserCode *string
+ Extra string
+ }{
+ UserCode: &userCode,
+ Extra: "extra",
+ }
+ return json.Marshal(ret)
+ },
+ getURL: func() string {
+ return ts.URL + "/admin" + DevicePath + "/accept?challenge=" + challenge
+ },
+ validateResponse: func(resp *http.Response) {
+ require.EqualValues(t, http.StatusBadRequest, resp.StatusCode)
+ },
+ },
+ } {
+ tc := tc
+ t.Run("case="+tc.desc, func(t *testing.T) {
+ acceptUserCodeJson, err := tc.getBody()
+ if err != nil {
+ panic(err)
+ }
+
+ // set the HTTP method, url, and request body
+ req, err := http.NewRequest(http.MethodPut, tc.getURL(), bytes.NewBuffer(acceptUserCodeJson))
+ if err != nil {
+ panic(err)
+ }
+
+ resp, err := c.Do(req)
+ require.NoError(t, err)
+ tc.validateResponse(resp)
+ })
+ }
+
+}
diff --git a/consent/helper_test.go b/consent/helper_test.go
index a5f09e81cdd..4a347575f3a 100644
--- a/consent/helper_test.go
+++ b/consent/helper_test.go
@@ -267,7 +267,7 @@ func TestValidateCsrfSession(t *testing.T) {
assert.NoError(t, err, "failed to save cookie %s", c.name)
}
- err := validateCsrfSession(r, config, store, name, tc.csrfValue)
+ err := ValidateCsrfSession(r, config, store, name, tc.csrfValue, new(flow.Flow))
if tc.expectError {
assert.Error(t, err)
} else {
diff --git a/consent/manager.go b/consent/manager.go
index fe4b018352e..f09c803c06b 100644
--- a/consent/manager.go
+++ b/consent/manager.go
@@ -44,7 +44,7 @@ type (
RevokeSubjectLoginSession(ctx context.Context, user string) error
ConfirmLoginSession(ctx context.Context, loginSession *flow.LoginSession) error
- CreateLoginRequest(ctx context.Context, req *flow.LoginRequest) (*flow.Flow, error)
+ CreateLoginRequest(ctx context.Context, f *flow.Flow, req *flow.LoginRequest) (*flow.Flow, error)
GetLoginRequest(ctx context.Context, challenge string) (*flow.LoginRequest, error)
HandleLoginRequest(ctx context.Context, f *flow.Flow, challenge string, r *flow.HandledLoginRequest) (*flow.LoginRequest, error)
VerifyAndInvalidateLoginRequest(ctx context.Context, verifier string) (*flow.HandledLoginRequest, error)
@@ -60,6 +60,11 @@ type (
AcceptLogoutRequest(ctx context.Context, challenge string) (*flow.LogoutRequest, error)
RejectLogoutRequest(ctx context.Context, challenge string) error
VerifyAndInvalidateLogoutRequest(ctx context.Context, verifier string) (*flow.LogoutRequest, error)
+
+ CreateDeviceUserAuthRequest(ctx context.Context, req *flow.DeviceUserAuthRequest) (*flow.Flow, error)
+ GetDeviceUserAuthRequest(ctx context.Context, challenge string) (*flow.DeviceUserAuthRequest, error)
+ HandleDeviceUserAuthRequest(ctx context.Context, f *flow.Flow, challenge string, r *flow.HandledDeviceUserAuthRequest) (*flow.DeviceUserAuthRequest, error)
+ VerifyAndInvalidateDeviceUserAuthRequest(ctx context.Context, verifier string) (*flow.HandledDeviceUserAuthRequest, error)
}
ManagerProvider interface {
diff --git a/consent/sdk_test.go b/consent/sdk_test.go
index 4efcd3706a1..f50e87b96b2 100644
--- a/consent/sdk_test.go
+++ b/consent/sdk_test.go
@@ -11,6 +11,8 @@ import (
"testing"
"time"
+ "github.com/ory/hydra/v2/consent/test"
+
hydra "github.com/ory/hydra-client-go/v2"
. "github.com/ory/hydra/v2/flow"
@@ -58,8 +60,8 @@ func TestSDK(t *testing.T) {
Subject: "subject1",
}))
- ar1, _, _ := MockAuthRequest("1", false, network)
- ar2, _, _ := MockAuthRequest("2", false, network)
+ ar1, _, _ := test.MockAuthRequest("1", false, network)
+ ar2, _, _ := test.MockAuthRequest("2", false, network)
require.NoError(t, m.CreateLoginSession(context.Background(), &LoginSession{
ID: ar1.SessionID.String(),
Subject: ar1.Subject,
@@ -68,21 +70,21 @@ func TestSDK(t *testing.T) {
ID: ar2.SessionID.String(),
Subject: ar2.Subject,
}))
- _, err := m.CreateLoginRequest(context.Background(), ar1)
+ _, err := m.CreateLoginRequest(context.Background(), nil, ar1)
require.NoError(t, err)
- _, err = m.CreateLoginRequest(context.Background(), ar2)
+ _, err = m.CreateLoginRequest(context.Background(), nil, ar2)
require.NoError(t, err)
- cr1, hcr1, _ := MockConsentRequest("1", false, 0, false, false, false, "fk-login-challenge", network)
- cr2, hcr2, _ := MockConsentRequest("2", false, 0, false, false, false, "fk-login-challenge", network)
- cr3, hcr3, _ := MockConsentRequest("3", true, 3600, false, false, false, "fk-login-challenge", network)
- cr4, hcr4, _ := MockConsentRequest("4", true, 3600, false, false, false, "fk-login-challenge", network)
+ cr1, hcr1, _ := test.MockConsentRequest("1", false, 0, false, false, false, "fk-login-challenge", network)
+ cr2, hcr2, _ := test.MockConsentRequest("2", false, 0, false, false, false, "fk-login-challenge", network)
+ cr3, hcr3, _ := test.MockConsentRequest("3", true, 3600, false, false, false, "fk-login-challenge", network)
+ cr4, hcr4, _ := test.MockConsentRequest("4", true, 3600, false, false, false, "fk-login-challenge", network)
require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cr1.Client))
require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cr2.Client))
require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cr3.Client))
require.NoError(t, reg.ClientManager().CreateClient(context.Background(), cr4.Client))
- cr1Flow, err := m.CreateLoginRequest(context.Background(), &LoginRequest{
+ cr1Flow, err := m.CreateLoginRequest(context.Background(), nil, &LoginRequest{
ID: cr1.LoginChallenge.String(),
Subject: cr1.Subject,
Client: cr1.Client,
@@ -92,7 +94,7 @@ func TestSDK(t *testing.T) {
require.NoError(t, err)
cr1Flow.LoginSkip = ar1.Skip
- cr2Flow, err := m.CreateLoginRequest(context.Background(), &LoginRequest{
+ cr2Flow, err := m.CreateLoginRequest(context.Background(), nil, &LoginRequest{
ID: cr2.LoginChallenge.String(),
Subject: cr2.Subject,
Client: cr2.Client,
@@ -105,7 +107,7 @@ func TestSDK(t *testing.T) {
loginSession3 := &LoginSession{ID: cr3.LoginSessionID.String()}
require.NoError(t, m.CreateLoginSession(context.Background(), loginSession3))
require.NoError(t, m.ConfirmLoginSession(context.Background(), loginSession3))
- cr3Flow, err := m.CreateLoginRequest(context.Background(), &LoginRequest{
+ cr3Flow, err := m.CreateLoginRequest(context.Background(), nil, &LoginRequest{
ID: cr3.LoginChallenge.String(),
Subject: cr3.Subject,
Client: cr3.Client,
@@ -118,7 +120,7 @@ func TestSDK(t *testing.T) {
loginSession4 := &LoginSession{ID: cr4.LoginSessionID.String()}
require.NoError(t, m.CreateLoginSession(context.Background(), loginSession4))
require.NoError(t, m.ConfirmLoginSession(context.Background(), loginSession4))
- cr4Flow, err := m.CreateLoginRequest(context.Background(), &LoginRequest{
+ cr4Flow, err := m.CreateLoginRequest(context.Background(), nil, &LoginRequest{
ID: cr4.LoginChallenge.String(),
Client: cr4.Client,
Verifier: cr4.ID,
@@ -144,84 +146,84 @@ func TestSDK(t *testing.T) {
_, err = m.VerifyAndInvalidateConsentRequest(context.Background(), consentVerifier(cr4Flow))
require.NoError(t, err)
- lur1 := MockLogoutRequest("testsdk-1", true, network)
+ lur1 := test.MockLogoutRequest("testsdk-1", true, network)
require.NoError(t, reg.ClientManager().CreateClient(context.Background(), lur1.Client))
require.NoError(t, m.CreateLogoutRequest(context.Background(), lur1))
- lur2 := MockLogoutRequest("testsdk-2", false, network)
+ lur2 := test.MockLogoutRequest("testsdk-2", false, network)
require.NoError(t, m.CreateLogoutRequest(context.Background(), lur2))
cr1.ID = consentChallenge(cr1Flow)
- crGot := execute[hydra.OAuth2ConsentRequest](t, sdk.OAuth2Api.GetOAuth2ConsentRequest(ctx).ConsentChallenge(cr1.ID))
+ crGot := execute[hydra.OAuth2ConsentRequest](t, sdk.OAuth2API.GetOAuth2ConsentRequest(ctx).ConsentChallenge(cr1.ID))
compareSDKConsentRequest(t, cr1, *crGot)
cr2.ID = consentChallenge(cr2Flow)
- crGot = execute[hydra.OAuth2ConsentRequest](t, sdk.OAuth2Api.GetOAuth2ConsentRequest(ctx).ConsentChallenge(cr2.ID))
+ crGot = execute[hydra.OAuth2ConsentRequest](t, sdk.OAuth2API.GetOAuth2ConsentRequest(ctx).ConsentChallenge(cr2.ID))
compareSDKConsentRequest(t, cr2, *crGot)
ar1.ID = loginChallenge(cr1Flow)
- arGot := execute[hydra.OAuth2LoginRequest](t, sdk.OAuth2Api.GetOAuth2LoginRequest(ctx).LoginChallenge(ar1.ID))
+ arGot := execute[hydra.OAuth2LoginRequest](t, sdk.OAuth2API.GetOAuth2LoginRequest(ctx).LoginChallenge(ar1.ID))
compareSDKLoginRequest(t, ar1, *arGot)
ar2.ID = loginChallenge(cr2Flow)
- arGot = execute[hydra.OAuth2LoginRequest](t, sdk.OAuth2Api.GetOAuth2LoginRequest(ctx).LoginChallenge(ar2.ID))
+ arGot = execute[hydra.OAuth2LoginRequest](t, sdk.OAuth2API.GetOAuth2LoginRequest(ctx).LoginChallenge(ar2.ID))
require.NoError(t, err)
compareSDKLoginRequest(t, ar2, *arGot)
- _, err = sdk.OAuth2Api.RevokeOAuth2LoginSessions(ctx).Subject("subject1").Execute()
+ _, err = sdk.OAuth2API.RevokeOAuth2LoginSessions(ctx).Subject("subject1").Execute()
require.NoError(t, err)
- _, err = sdk.OAuth2Api.RevokeOAuth2ConsentSessions(ctx).Subject("subject1").Execute()
+ _, err = sdk.OAuth2API.RevokeOAuth2ConsentSessions(ctx).Subject("subject1").Execute()
require.Error(t, err)
- _, err = sdk.OAuth2Api.RevokeOAuth2ConsentSessions(ctx).Subject(cr4.Subject).Client(cr4.Client.GetID()).Execute()
+ _, err = sdk.OAuth2API.RevokeOAuth2ConsentSessions(ctx).Subject(cr4.Subject).Client(cr4.Client.GetID()).Execute()
require.NoError(t, err)
- _, err = sdk.OAuth2Api.RevokeOAuth2ConsentSessions(ctx).Subject("subject1").All(true).Execute()
+ _, err = sdk.OAuth2API.RevokeOAuth2ConsentSessions(ctx).Subject("subject1").All(true).Execute()
require.NoError(t, err)
- _, _, err = sdk.OAuth2Api.GetOAuth2ConsentRequest(ctx).ConsentChallenge(makeID("challenge", network, "1")).Execute()
+ _, _, err = sdk.OAuth2API.GetOAuth2ConsentRequest(ctx).ConsentChallenge(makeID("challenge", network, "1")).Execute()
require.Error(t, err)
cr2.ID = consentChallenge(cr2Flow)
- crGot, _, err = sdk.OAuth2Api.GetOAuth2ConsentRequest(ctx).ConsentChallenge(cr2.ID).Execute()
+ crGot, _, err = sdk.OAuth2API.GetOAuth2ConsentRequest(ctx).ConsentChallenge(cr2.ID).Execute()
require.NoError(t, err)
compareSDKConsentRequest(t, cr2, *crGot)
- _, err = sdk.OAuth2Api.RevokeOAuth2ConsentSessions(ctx).Subject("subject2").Client("fk-client-2").Execute()
+ _, err = sdk.OAuth2API.RevokeOAuth2ConsentSessions(ctx).Subject("subject2").Client("fk-client-2").Execute()
require.NoError(t, err)
- _, _, err = sdk.OAuth2Api.GetOAuth2ConsentRequest(ctx).ConsentChallenge(makeID("challenge", network, "2")).Execute()
+ _, _, err = sdk.OAuth2API.GetOAuth2ConsentRequest(ctx).ConsentChallenge(makeID("challenge", network, "2")).Execute()
require.Error(t, err)
- csGot, _, err := sdk.OAuth2Api.ListOAuth2ConsentSessions(ctx).Subject("subject3").Execute()
+ csGot, _, err := sdk.OAuth2API.ListOAuth2ConsentSessions(ctx).Subject("subject3").Execute()
require.NoError(t, err)
assert.Equal(t, 1, len(csGot))
- csGot, _, err = sdk.OAuth2Api.ListOAuth2ConsentSessions(ctx).Subject("subject2").Execute()
+ csGot, _, err = sdk.OAuth2API.ListOAuth2ConsentSessions(ctx).Subject("subject2").Execute()
require.NoError(t, err)
assert.Equal(t, 0, len(csGot))
- csGot, _, err = sdk.OAuth2Api.ListOAuth2ConsentSessions(ctx).Subject("subject3").LoginSessionId("fk-login-session-t1-3").Execute()
+ csGot, _, err = sdk.OAuth2API.ListOAuth2ConsentSessions(ctx).Subject("subject3").LoginSessionId("fk-login-session-t1-3").Execute()
require.NoError(t, err)
assert.Equal(t, 1, len(csGot))
- csGot, _, err = sdk.OAuth2Api.ListOAuth2ConsentSessions(ctx).Subject("subject3").LoginSessionId("fk-login-session-t1-X").Execute()
+ csGot, _, err = sdk.OAuth2API.ListOAuth2ConsentSessions(ctx).Subject("subject3").LoginSessionId("fk-login-session-t1-X").Execute()
require.NoError(t, err)
assert.Equal(t, 0, len(csGot))
- luGot, _, err := sdk.OAuth2Api.GetOAuth2LogoutRequest(ctx).LogoutChallenge(makeID("challenge", network, "testsdk-1")).Execute()
+ luGot, _, err := sdk.OAuth2API.GetOAuth2LogoutRequest(ctx).LogoutChallenge(makeID("challenge", network, "testsdk-1")).Execute()
require.NoError(t, err)
compareSDKLogoutRequest(t, lur1, luGot)
- luaGot, _, err := sdk.OAuth2Api.AcceptOAuth2LogoutRequest(ctx).LogoutChallenge(makeID("challenge", network, "testsdk-1")).Execute()
+ luaGot, _, err := sdk.OAuth2API.AcceptOAuth2LogoutRequest(ctx).LogoutChallenge(makeID("challenge", network, "testsdk-1")).Execute()
require.NoError(t, err)
assert.EqualValues(t, "https://www.ory.sh/oauth2/sessions/logout?logout_verifier="+makeID("verifier", network, "testsdk-1"), luaGot.RedirectTo)
- _, err = sdk.OAuth2Api.RejectOAuth2LogoutRequest(ctx).LogoutChallenge(lur2.ID).Execute()
+ _, err = sdk.OAuth2API.RejectOAuth2LogoutRequest(ctx).LogoutChallenge(lur2.ID).Execute()
require.NoError(t, err)
- _, _, err = sdk.OAuth2Api.GetOAuth2LogoutRequest(ctx).LogoutChallenge(lur2.ID).Execute()
+ _, _, err = sdk.OAuth2API.GetOAuth2LogoutRequest(ctx).LogoutChallenge(lur2.ID).Execute()
require.Error(t, err)
}
diff --git a/consent/strategy.go b/consent/strategy.go
index 08e8788c756..0def2866e27 100644
--- a/consent/strategy.go
+++ b/consent/strategy.go
@@ -20,6 +20,11 @@ type Strategy interface {
r *http.Request,
req fosite.AuthorizeRequester,
) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error)
+ HandleOAuth2DeviceAuthorizationRequest(
+ ctx context.Context,
+ w http.ResponseWriter,
+ r *http.Request,
+ ) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error)
HandleOpenIDConnectLogout(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error)
HandleHeadlessLogout(ctx context.Context, w http.ResponseWriter, r *http.Request, sid string) error
ObfuscateSubjectIdentifier(ctx context.Context, cl fosite.Client, subject, forcedIdentifier string) (string, error)
diff --git a/consent/strategy_default.go b/consent/strategy_default.go
index 28fba843443..bf1a8125721 100644
--- a/consent/strategy_default.go
+++ b/consent/strategy_default.go
@@ -40,6 +40,7 @@ import (
)
const (
+ DeviceVerificationPath = "/oauth2/device/verify"
CookieAuthenticationSIDName = "sid"
)
@@ -120,18 +121,24 @@ func (s *DefaultStrategy) authenticationSession(ctx context.Context, _ http.Resp
return session, nil
}
-func (s *DefaultStrategy) requestAuthentication(ctx context.Context, w http.ResponseWriter, r *http.Request, ar fosite.AuthorizeRequester) (err error) {
+func (s *DefaultStrategy) requestAuthentication(
+ ctx context.Context,
+ w http.ResponseWriter,
+ r *http.Request,
+ ar fosite.AuthorizeRequester,
+ f *flow.Flow,
+) (err error) {
ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("").Start(ctx, "DefaultStrategy.requestAuthentication")
defer otelx.End(span, &err)
prompt := stringsx.Splitx(ar.GetRequestForm().Get("prompt"), " ")
if stringslice.Has(prompt, "login") {
- return s.forwardAuthenticationRequest(ctx, w, r, ar, "", time.Time{}, nil)
+ return s.forwardAuthenticationRequest(ctx, w, r, ar, "", time.Time{}, nil, f)
}
session, err := s.authenticationSession(ctx, w, r)
if errors.Is(err, ErrNoAuthenticationSessionFound) {
- return s.forwardAuthenticationRequest(ctx, w, r, ar, "", time.Time{}, nil)
+ return s.forwardAuthenticationRequest(ctx, w, r, ar, "", time.Time{}, nil, f)
} else if err != nil {
return err
}
@@ -149,12 +156,12 @@ func (s *DefaultStrategy) requestAuthentication(ctx context.Context, w http.Resp
if stringslice.Has(prompt, "none") {
return errorsx.WithStack(fosite.ErrLoginRequired.WithHint("Request failed because prompt is set to 'none' and authentication time reached 'max_age'."))
}
- return s.forwardAuthenticationRequest(ctx, w, r, ar, "", time.Time{}, nil)
+ return s.forwardAuthenticationRequest(ctx, w, r, ar, "", time.Time{}, nil, f)
}
idTokenHint := ar.GetRequestForm().Get("id_token_hint")
if idTokenHint == "" {
- return s.forwardAuthenticationRequest(ctx, w, r, ar, session.Subject, time.Time(session.AuthenticatedAt), session)
+ return s.forwardAuthenticationRequest(ctx, w, r, ar, session.Subject, time.Time(session.AuthenticatedAt), session, f)
}
hintSub, err := s.getSubjectFromIDTokenHint(r.Context(), idTokenHint)
@@ -166,7 +173,7 @@ func (s *DefaultStrategy) requestAuthentication(ctx context.Context, w http.Resp
return errorsx.WithStack(fosite.ErrLoginRequired.WithHint("Request failed because subject claim from id_token_hint does not match subject from authentication session."))
}
- return s.forwardAuthenticationRequest(ctx, w, r, ar, session.Subject, time.Time(session.AuthenticatedAt), session)
+ return s.forwardAuthenticationRequest(ctx, w, r, ar, session.Subject, time.Time(session.AuthenticatedAt), session, f)
}
func (s *DefaultStrategy) getIDTokenHintClaims(ctx context.Context, idTokenHint string) (jwt.MapClaims, error) {
@@ -193,7 +200,16 @@ func (s *DefaultStrategy) getSubjectFromIDTokenHint(ctx context.Context, idToken
return sub, nil
}
-func (s *DefaultStrategy) forwardAuthenticationRequest(ctx context.Context, w http.ResponseWriter, r *http.Request, ar fosite.AuthorizeRequester, subject string, authenticatedAt time.Time, session *flow.LoginSession) error {
+func (s *DefaultStrategy) forwardAuthenticationRequest(
+ ctx context.Context,
+ w http.ResponseWriter,
+ r *http.Request,
+ ar fosite.AuthorizeRequester,
+ subject string,
+ authenticatedAt time.Time,
+ session *flow.LoginSession,
+ f *flow.Flow,
+) error {
if (subject != "" && authenticatedAt.IsZero()) || (subject == "" && !authenticatedAt.IsZero()) {
return errorsx.WithStack(fosite.ErrServerError.WithHint("Consent strategy returned a non-empty subject with an empty auth date, or an empty subject with a non-empty auth date."))
}
@@ -215,8 +231,14 @@ func (s *DefaultStrategy) forwardAuthenticationRequest(ctx context.Context, w ht
csrf := strings.Replace(uuid.New(), "-", "", -1)
// Generate the request URL
- iu := s.c.OAuth2AuthURL(ctx)
- iu.RawQuery = r.URL.RawQuery
+ var requestURL string
+ if f != nil {
+ requestURL = f.RequestURL
+ } else {
+ oauth2URL := s.c.OAuth2AuthURL(ctx)
+ oauth2URL.RawQuery = r.URL.RawQuery
+ requestURL = oauth2URL.String()
+ }
var idTokenHintClaims jwt.MapClaims
if idTokenHint := ar.GetRequestForm().Get("id_token_hint"); len(idTokenHint) > 0 {
@@ -244,7 +266,7 @@ func (s *DefaultStrategy) forwardAuthenticationRequest(ctx context.Context, w ht
RequestedAudience: []string(ar.GetRequestedAudience()),
Subject: subject,
Client: cl,
- RequestURL: iu.String(),
+ RequestURL: requestURL,
AuthenticatedAt: sqlxx.NullTime(authenticatedAt),
RequestedAt: time.Now().Truncate(time.Second).UTC(),
SessionID: sqlxx.NullString(sessionID),
@@ -258,6 +280,7 @@ func (s *DefaultStrategy) forwardAuthenticationRequest(ctx context.Context, w ht
}
f, err := s.r.ConsentManager().CreateLoginRequest(
ctx,
+ f,
loginRequest,
)
if err != nil {
@@ -370,7 +393,7 @@ func (s *DefaultStrategy) verifyAuthentication(
}
clientSpecificCookieNameLoginCSRF := fmt.Sprintf("%s_%s", s.r.Config().CookieNameLoginCSRF(ctx), session.LoginRequest.Client.CookieSuffix())
- if err := validateCsrfSession(r, s.r.Config(), store, clientSpecificCookieNameLoginCSRF, session.LoginRequest.CSRF); err != nil {
+ if err := ValidateCsrfSession(r, s.r.Config(), store, clientSpecificCookieNameLoginCSRF, session.LoginRequest.CSRF, f); err != nil {
return nil, err
}
@@ -535,9 +558,13 @@ func (s *DefaultStrategy) requestConsent(
// The OpenID Connect Test Tool fails if this returns `consent_required` when `prompt=none` is used.
// According to the quote above, it should be ok to allow https to skip consent.
//
+ // Device initiated flows are never allowed to skip consent, the user must always implicitly authorize the device.
+ //
// This is tracked as issue: https://github.com/ory/hydra/issues/866
// This is also tracked as upstream issue: https://github.com/openid-certification/oidctest/issues/97
- if !(ar.GetRedirectURI().Scheme == "https" || (fosite.IsLocalhost(ar.GetRedirectURI()) && ar.GetRedirectURI().Scheme == "http")) {
+ if f.DeviceChallengeID != "" {
+ return s.forwardConsentRequest(ctx, w, r, ar, f, nil)
+ } else if !(ar.GetRedirectURI().Scheme == "https" || (fosite.IsLocalhost(ar.GetRedirectURI()) && ar.GetRedirectURI().Scheme == "http")) {
return s.forwardConsentRequest(ctx, w, r, ar, f, nil)
}
}
@@ -684,7 +711,7 @@ func (s *DefaultStrategy) verifyConsent(ctx context.Context, _ http.ResponseWrit
}
clientSpecificCookieNameConsentCSRF := fmt.Sprintf("%s_%s", s.r.Config().CookieNameConsentCSRF(ctx), session.ConsentRequest.Client.CookieSuffix())
- if err := validateCsrfSession(r, s.r.Config(), store, clientSpecificCookieNameConsentCSRF, session.ConsentRequest.CSRF); err != nil {
+ if err := ValidateCsrfSession(r, s.r.Config(), store, clientSpecificCookieNameConsentCSRF, session.ConsentRequest.CSRF, f); err != nil {
return nil, nil, err
}
@@ -791,8 +818,8 @@ func (s *DefaultStrategy) executeBackChannelLogout(r *http.Request, subject, sid
}
defer res.Body.Close()
- if res.StatusCode != http.StatusOK {
- log.WithError(errors.Errorf("expected HTTP status code %d but got %d", http.StatusOK, res.StatusCode)).
+ if res.StatusCode != http.StatusOK && res.StatusCode != http.StatusNoContent {
+ log.WithError(errors.Errorf("expected HTTP status code %d or %d but got %d", http.StatusOK, http.StatusNoContent, res.StatusCode)).
Error("Unable to execute OpenID Connect Back-Channel Logout Request")
return
} else {
@@ -860,6 +887,8 @@ func (s *DefaultStrategy) issueLogoutVerifier(ctx context.Context, w http.Respon
Subject: session.Subject,
SessionID: session.ID,
Verifier: uuid.New(),
+ RequestedAt: sqlxx.NullTime(time.Now().UTC().Round(time.Second)),
+ ExpiresAt: sqlxx.NullTime(time.Now().UTC().Round(time.Second).Add(s.c.ConsentRequestMaxAge(ctx))),
RPInitiated: false,
// PostLogoutRedirectURI is set to the value from config.Provider().LogoutRedirectURL()
@@ -1128,11 +1157,11 @@ func (s *DefaultStrategy) HandleOAuth2AuthorizationRequest(
ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("").Start(ctx, "DefaultStrategy.HandleOAuth2AuthorizationRequest")
defer otelx.End(span, &err)
- loginVerifier := strings.TrimSpace(req.GetRequestForm().Get("login_verifier"))
- consentVerifier := strings.TrimSpace(req.GetRequestForm().Get("consent_verifier"))
+ loginVerifier := strings.TrimSpace(r.URL.Query().Get("login_verifier"))
+ consentVerifier := strings.TrimSpace(r.URL.Query().Get("consent_verifier"))
if loginVerifier == "" && consentVerifier == "" {
- // ok, we need to process this request and redirect to auth endpoint
- return nil, nil, s.requestAuthentication(ctx, w, r, req)
+ // ok, we need to process this request and redirect to the original endpoint
+ return nil, nil, s.requestAuthentication(ctx, w, r, req, nil)
} else if loginVerifier != "" {
f, err := s.verifyAuthentication(ctx, w, r, req, loginVerifier)
if err != nil {
@@ -1151,6 +1180,76 @@ func (s *DefaultStrategy) HandleOAuth2AuthorizationRequest(
return consentSession, f, nil
}
+// HandleOAuth2DeviceAuthorizationRequest handles the device authorization flow
+func (s *DefaultStrategy) HandleOAuth2DeviceAuthorizationRequest(
+ ctx context.Context,
+ w http.ResponseWriter,
+ r *http.Request,
+) (_ *flow.AcceptOAuth2ConsentRequest, _ *flow.Flow, err error) {
+ ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("").Start(ctx, "DefaultStrategy.HandleOAuth2DeviceAuthorizationRequest")
+ defer otelx.End(span, &err)
+
+ deviceVerifier := strings.TrimSpace(r.URL.Query().Get("device_verifier"))
+ loginVerifier := strings.TrimSpace(r.URL.Query().Get("login_verifier"))
+ consentVerifier := strings.TrimSpace(r.URL.Query().Get("consent_verifier"))
+
+ var deviceFlow *flow.Flow
+ if deviceVerifier == "" && loginVerifier == "" && consentVerifier == "" {
+ // ok, we need to process this request and redirect to device auth endpoint
+ return nil, nil, s.requestDevice(ctx, w, r)
+ } else if deviceVerifier != "" && loginVerifier == "" && consentVerifier == "" {
+ var err error
+ deviceFlow, err = s.verifyDevice(ctx, w, r, deviceVerifier)
+ if err != nil {
+ return nil, nil, err
+ }
+ }
+
+ // Validate client_id
+ clientID := r.URL.Query().Get("client_id")
+ if clientID == "" {
+ return nil, nil, errorsx.WithStack(fosite.ErrInvalidClient.WithHintf(`client_id query parameter is missing`))
+ }
+ c, err := s.r.ClientManager().GetConcreteClient(r.Context(), clientID)
+ if errors.Is(err, x.ErrNotFound) {
+ return nil, nil, errorsx.WithStack(fosite.ErrInvalidClient.WithHintf(`Unknown client_id %s`, clientID))
+ } else if err != nil {
+ return nil, nil, err
+ }
+
+ // Fake an authorization request to instantiate the flow.
+ ar := fosite.NewAuthorizeRequest()
+ ar.Client = c
+ ar.Form = r.Form
+ if deviceFlow != nil {
+ ar.RequestedScope = fosite.Arguments(deviceFlow.RequestedScope)
+ ar.RequestedAudience = fosite.Arguments(deviceFlow.RequestedAudience)
+ }
+
+ if loginVerifier == "" && consentVerifier == "" {
+ // ok, we need to process this request and redirect to the authentication endpoint
+ return nil, nil, s.requestAuthentication(ctx, w, r, ar, deviceFlow)
+ } else if loginVerifier != "" {
+ f, err := s.verifyAuthentication(ctx, w, r, ar, loginVerifier)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ // ok, we need to process this request and redirect to consent endpoint
+ return nil, f, s.requestConsent(ctx, w, r, ar, f)
+ }
+
+ var consentSession *flow.AcceptOAuth2ConsentRequest
+ var f *flow.Flow
+
+ consentSession, f, err = s.verifyConsent(ctx, w, r, consentVerifier)
+ if err != nil {
+ return nil, nil, err
+ }
+
+ return consentSession, f, err
+}
+
func (s *DefaultStrategy) ObfuscateSubjectIdentifier(ctx context.Context, cl fosite.Client, subject, forcedIdentifier string) (string, error) {
if c, ok := cl.(*client.Client); ok && c.SubjectType == "pairwise" {
algorithm, ok := s.r.SubjectIdentifierAlgorithm(ctx)[c.SubjectType]
@@ -1169,12 +1268,99 @@ func (s *DefaultStrategy) ObfuscateSubjectIdentifier(ctx context.Context, cl fos
return subject, nil
}
-func (s *DefaultStrategy) loginSessionFromCookie(r *http.Request) *flow.LoginSession {
- clientID := r.URL.Query().Get("client_id")
- if clientID == "" {
- return nil
+func (s *DefaultStrategy) requestDevice(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
+ return s.forwardDeviceRequest(ctx, w, r)
+}
+
+func (s *DefaultStrategy) forwardDeviceRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) error {
+ // Set up csrf/challenge/verifier values
+ verifier := strings.Replace(uuid.New(), "-", "", -1)
+ challenge := strings.Replace(uuid.New(), "-", "", -1)
+ csrf := strings.Replace(uuid.New(), "-", "", -1)
+
+ // Generate the request URL
+ iu := s.getDeviceVerificationPath(ctx)
+ iu.RawQuery = r.URL.RawQuery
+
+ f, err := s.r.ConsentManager().CreateDeviceUserAuthRequest(
+ r.Context(),
+ &flow.DeviceUserAuthRequest{
+ ID: challenge,
+ Verifier: verifier,
+ CSRF: csrf,
+ RequestURL: iu.String(),
+ RequestedAt: time.Now().Truncate(time.Second).UTC(),
+ },
+ )
+ if err != nil {
+ return errorsx.WithStack(err)
+ }
+
+ encodedFlow, err := f.ToDeviceChallenge(ctx, s.r)
+ if err != nil {
+ return err
+ }
+ store, err := s.r.CookieStore(ctx)
+ if err != nil {
+ return err
+ }
+
+ CookieNameDeviceCSRF := s.r.Config().CookieNameDeviceCSRF(ctx)
+ if err := createCsrfSession(w, r, s.r.Config(), store, CookieNameDeviceCSRF, csrf, s.c.ConsentRequestMaxAge(ctx)); err != nil {
+ return errorsx.WithStack(err)
+ }
+
+ query := url.Values{"device_challenge": {encodedFlow}}
+ if r.URL.Query().Has("user_code") {
+ query.Add("user_code", r.URL.Query().Get("user_code"))
+ }
+
+ http.Redirect(
+ w,
+ r,
+ urlx.SetQuery(s.c.DeviceVerificationURL(ctx), query).String(),
+ http.StatusFound,
+ )
+
+ // generate the verifier
+ return errorsx.WithStack(ErrAbortOAuth2Request)
+}
+
+func (s *DefaultStrategy) verifyDevice(ctx context.Context, _ http.ResponseWriter, r *http.Request, verifier string) (_ *flow.Flow, err error) {
+ ctx, span := trace.SpanFromContext(ctx).TracerProvider().Tracer("").Start(ctx, "DefaultStrategy.verifyDevice")
+ defer otelx.End(span, &err)
+
+ // We decode the flow from the cookie again because VerifyAndInvalidateDeviceRequest does not return the flow
+ f, err := flowctx.Decode[flow.Flow](ctx, s.r.FlowCipher(), verifier, flowctx.AsDeviceVerifier)
+ if err != nil {
+ return nil, errorsx.WithStack(fosite.ErrAccessDenied.WithHint("The device verifier is invalid."))
+ }
+
+ session, err := s.r.ConsentManager().VerifyAndInvalidateDeviceUserAuthRequest(ctx, verifier)
+ if errors.Is(err, sqlcon.ErrNoRows) {
+ return nil, errorsx.WithStack(fosite.ErrAccessDenied.WithHint("The device verifier has already been used, has not been granted, or is invalid."))
+ } else if err != nil {
+ return nil, err
}
- ls, _ := flowctx.FromCookie[flow.LoginSession](r.Context(), r, s.r.FlowCipher(), flowctx.LoginSessionCookie(flowctx.SuffixFromStatic(clientID)))
- return ls
+ if session.HasError() {
+ session.Error.SetDefaults(flow.DeviceRequestDeniedErrorName)
+ return nil, errorsx.WithStack(session.Error.ToRFCError())
+ }
+
+ store, err := s.r.CookieStore(ctx)
+ if err != nil {
+ return nil, err
+ }
+
+ cookieNameDeviceCSRF := s.r.Config().CookieNameDeviceCSRF(ctx)
+ if err := ValidateCsrfSession(r, s.r.Config(), store, cookieNameDeviceCSRF, session.Request.CSRF, f); err != nil {
+ return nil, err
+ }
+
+ return f, nil
+}
+
+func (s *DefaultStrategy) getDeviceVerificationPath(ctx context.Context) *url.URL {
+ return urlx.AppendPaths(s.c.PublicURL(ctx), DeviceVerificationPath)
}
diff --git a/consent/strategy_default_test.go b/consent/strategy_default_test.go
index 5a38c859ef8..b4fa0498bd6 100644
--- a/consent/strategy_default_test.go
+++ b/consent/strategy_default_test.go
@@ -9,6 +9,7 @@ import (
"net/http/cookiejar"
"net/http/httptest"
"net/url"
+ "strings"
"testing"
"github.com/google/uuid"
@@ -21,17 +22,35 @@ import (
. "github.com/ory/hydra/v2/consent"
"github.com/ory/hydra/v2/driver"
"github.com/ory/hydra/v2/internal/testhelpers"
+ "github.com/ory/hydra/v2/oauth2"
"github.com/ory/x/ioutilx"
"github.com/ory/x/urlx"
)
+func checkAndAcceptDeviceHandler(t *testing.T, apiClient *hydra.APIClient) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ userCode := r.URL.Query().Get("user_code")
+ payload := hydra.AcceptDeviceUserCodeRequest{
+ UserCode: &userCode,
+ }
+
+ v, _, err := apiClient.OAuth2API.AcceptUserCodeRequest(context.Background()).
+ DeviceChallenge(r.URL.Query().Get("device_challenge")).
+ AcceptDeviceUserCodeRequest(payload).
+ Execute()
+ require.NoError(t, err)
+ require.NotEmpty(t, v.RedirectTo)
+ http.Redirect(w, r, v.RedirectTo, http.StatusFound)
+ }
+}
+
func checkAndAcceptLoginHandler(t *testing.T, apiClient *hydra.APIClient, subject string, cb func(*testing.T, *hydra.OAuth2LoginRequest, error) hydra.AcceptOAuth2LoginRequest) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- res, _, err := apiClient.OAuth2Api.GetOAuth2LoginRequest(context.Background()).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
+ res, _, err := apiClient.OAuth2API.GetOAuth2LoginRequest(context.Background()).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
payload := cb(t, res, err)
payload.Subject = subject
- v, _, err := apiClient.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
+ v, _, err := apiClient.OAuth2API.AcceptOAuth2LoginRequest(context.Background()).
LoginChallenge(r.URL.Query().Get("login_challenge")).
AcceptOAuth2LoginRequest(payload).
Execute()
@@ -43,10 +62,10 @@ func checkAndAcceptLoginHandler(t *testing.T, apiClient *hydra.APIClient, subjec
func checkAndAcceptConsentHandler(t *testing.T, apiClient *hydra.APIClient, cb func(*testing.T, *hydra.OAuth2ConsentRequest, error) hydra.AcceptOAuth2ConsentRequest) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- res, _, err := apiClient.OAuth2Api.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
+ res, _, err := apiClient.OAuth2API.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
payload := cb(t, res, err)
- v, _, err := apiClient.OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).
+ v, _, err := apiClient.OAuth2API.AcceptOAuth2ConsentRequest(context.Background()).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
AcceptOAuth2ConsentRequest(payload).
Execute()
@@ -65,6 +84,7 @@ func makeOAuth2Request(t *testing.T, reg driver.Registry, hc *http.Client, oc *c
values.Add("response_type", "code")
values.Add("state", uuid.New().String())
values.Add("client_id", oc.GetID())
+ values.Add("redirect_uri", oc.GetRedirectURIs()[0])
res, err := hc.Get(urlx.CopyWithQuery(reg.Config().OAuth2AuthURL(ctx), values).String())
require.NoError(t, err)
defer res.Body.Close()
@@ -72,6 +92,46 @@ func makeOAuth2Request(t *testing.T, reg driver.Registry, hc *http.Client, oc *c
return gjson.ParseBytes(ioutilx.MustReadAll(res.Body)), res
}
+func makeOAuth2DeviceAuthRequest(t *testing.T, reg driver.Registry, hc *http.Client, oc *client.Client, scope string) (gjson.Result, *http.Response) {
+ ctx := context.Background()
+ if hc == nil {
+ hc = testhelpers.NewEmptyJarClient(t)
+ }
+
+ data := url.Values{}
+ data.Set("scope", scope)
+ data.Set("client_id", oc.GetID())
+ req, err := http.NewRequest(
+ http.MethodPost,
+ reg.Config().OAuth2DeviceAuthorisationURL(ctx).String(),
+ strings.NewReader(data.Encode()),
+ )
+ require.NoError(t, err)
+ req.SetBasicAuth(oc.GetID(), oc.Secret)
+ req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
+
+ res, err := hc.Do(req)
+ require.NoError(t, err)
+
+ defer res.Body.Close()
+
+ return gjson.ParseBytes(ioutilx.MustReadAll(res.Body)), res
+}
+
+func makeOAuth2DeviceVerificationRequest(t *testing.T, reg driver.Registry, hc *http.Client, oc *client.Client, values url.Values) (gjson.Result, *http.Response) {
+ ctx := context.Background()
+ if hc == nil {
+ hc = testhelpers.NewEmptyJarClient(t)
+ }
+
+ values.Add("client_id", oc.GetID())
+ res, err := hc.Get(urlx.CopyWithQuery(urlx.AppendPaths(reg.Config().PublicURL(ctx), oauth2.DeviceVerificationPath), values).String())
+ require.NoError(t, err)
+ defer res.Body.Close()
+
+ return gjson.ParseBytes(ioutilx.MustReadAll(res.Body)), res
+}
+
func createClient(t *testing.T, reg driver.Registry, c *client.Client) *client.Client {
secret := uuid.New().String()
c.Secret = secret
@@ -110,18 +170,18 @@ func genIDToken(t *testing.T, reg driver.Registry, c jwt.MapClaims) string {
func checkAndDuplicateAcceptLoginHandler(t *testing.T, apiClient *hydra.APIClient, subject string, cb func(*testing.T, *hydra.OAuth2LoginRequest, error) hydra.AcceptOAuth2LoginRequest) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- res, _, err := apiClient.OAuth2Api.GetOAuth2LoginRequest(context.Background()).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
+ res, _, err := apiClient.OAuth2API.GetOAuth2LoginRequest(context.Background()).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
payload := cb(t, res, err)
payload.Subject = subject
- v, _, err := apiClient.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
+ v, _, err := apiClient.OAuth2API.AcceptOAuth2LoginRequest(context.Background()).
LoginChallenge(r.URL.Query().Get("login_challenge")).
AcceptOAuth2LoginRequest(payload).
Execute()
require.NoError(t, err)
require.NotEmpty(t, v.RedirectTo)
- v2, _, err := apiClient.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
+ v2, _, err := apiClient.OAuth2API.AcceptOAuth2LoginRequest(context.Background()).
LoginChallenge(r.URL.Query().Get("login_challenge")).
AcceptOAuth2LoginRequest(payload).
Execute()
@@ -133,22 +193,22 @@ func checkAndDuplicateAcceptLoginHandler(t *testing.T, apiClient *hydra.APIClien
func checkAndDuplicateAcceptConsentHandler(t *testing.T, apiClient *hydra.APIClient, cb func(*testing.T, *hydra.OAuth2ConsentRequest, error) hydra.AcceptOAuth2ConsentRequest) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- res, _, err := apiClient.OAuth2Api.GetOAuth2ConsentRequest(context.Background()).
+ res, _, err := apiClient.OAuth2API.GetOAuth2ConsentRequest(context.Background()).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
Execute()
payload := cb(t, res, err)
- v, _, err := apiClient.OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).
+ v, _, err := apiClient.OAuth2API.AcceptOAuth2ConsentRequest(context.Background()).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
AcceptOAuth2ConsentRequest(payload).
Execute()
require.NoError(t, err)
require.NotEmpty(t, v.RedirectTo)
- res2, _, err := apiClient.OAuth2Api.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
+ res2, _, err := apiClient.OAuth2API.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
payload2 := cb(t, res2, err)
- v2, _, err := apiClient.OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).
+ v2, _, err := apiClient.OAuth2API.AcceptOAuth2ConsentRequest(context.Background()).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
AcceptOAuth2ConsentRequest(payload2).
Execute()
diff --git a/consent/strategy_logout_test.go b/consent/strategy_logout_test.go
index d64c843b1c9..6432a3e13a0 100644
--- a/consent/strategy_logout_test.go
+++ b/consent/strategy_logout_test.go
@@ -40,6 +40,7 @@ func TestLogoutFlows(t *testing.T) {
reg := internal.NewMockedRegistry(t, &contextx.Default{})
reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
reg.Config().MustSet(ctx, config.KeyConsentRequestMaxAge, time.Hour)
+
reg.WithKratos(fakeKratos)
defaultRedirectedMessage := "redirected to default server"
@@ -163,14 +164,14 @@ func TestLogoutFlows(t *testing.T) {
defer wg.Done()
}
- res, _, err := adminApi.OAuth2Api.GetOAuth2LogoutRequest(ctx).LogoutChallenge(r.URL.Query().Get("logout_challenge")).Execute()
+ res, _, err := adminApi.OAuth2API.GetOAuth2LogoutRequest(ctx).LogoutChallenge(r.URL.Query().Get("logout_challenge")).Execute()
if cb != nil {
cb(t, res, err)
} else {
require.NoError(t, err)
}
- v, _, err := adminApi.OAuth2Api.AcceptOAuth2LogoutRequest(ctx).LogoutChallenge(r.URL.Query().Get("logout_challenge")).Execute()
+ v, _, err := adminApi.OAuth2API.AcceptOAuth2LogoutRequest(ctx).LogoutChallenge(r.URL.Query().Get("logout_challenge")).Execute()
require.NoError(t, err)
require.NotEmpty(t, v.RedirectTo)
http.Redirect(w, r, v.RedirectTo, http.StatusFound)
@@ -287,10 +288,10 @@ func TestLogoutFlows(t *testing.T) {
logoutAndExpectPostLogoutPage(t, browser, http.MethodGet, url.Values{}, defaultRedirectedMessage)
// run again to ensure that the logout challenge is invalid
- _, _, err := adminApi.OAuth2Api.GetOAuth2LogoutRequest(ctx).LogoutChallenge(logoutReq.GetChallenge()).Execute()
+ _, _, err := adminApi.OAuth2API.GetOAuth2LogoutRequest(ctx).LogoutChallenge(logoutReq.GetChallenge()).Execute()
assert.Error(t, err)
- v, _, err := adminApi.OAuth2Api.AcceptOAuth2LogoutRequest(ctx).LogoutChallenge(logoutReq.GetChallenge()).Execute()
+ v, _, err := adminApi.OAuth2API.AcceptOAuth2LogoutRequest(ctx).LogoutChallenge(logoutReq.GetChallenge()).Execute()
require.NoError(t, err)
require.NotEmpty(t, v.RedirectTo)
@@ -300,15 +301,15 @@ func TestLogoutFlows(t *testing.T) {
})
t.Run("case=should handle an invalid logout challenge", func(t *testing.T) {
- _, res, err := adminApi.OAuth2Api.GetOAuth2LogoutRequest(ctx).LogoutChallenge("some-invalid-challenge").Execute()
+ _, res, err := adminApi.OAuth2API.GetOAuth2LogoutRequest(ctx).LogoutChallenge("some-invalid-challenge").Execute()
assert.Error(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
- _, res, err = adminApi.OAuth2Api.AcceptOAuth2LogoutRequest(ctx).LogoutChallenge("some-invalid-challenge").Execute()
+ _, res, err = adminApi.OAuth2API.AcceptOAuth2LogoutRequest(ctx).LogoutChallenge("some-invalid-challenge").Execute()
assert.Error(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
- res, err = adminApi.OAuth2Api.RejectOAuth2LogoutRequest(ctx).LogoutChallenge("some-invalid-challenge").Execute()
+ res, err = adminApi.OAuth2API.RejectOAuth2LogoutRequest(ctx).LogoutChallenge("some-invalid-challenge").Execute()
assert.Error(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
})
diff --git a/consent/strategy_oauth_test.go b/consent/strategy_oauth_test.go
index fb9503fdbc3..1037af5210f 100644
--- a/consent/strategy_oauth_test.go
+++ b/consent/strategy_oauth_test.go
@@ -155,7 +155,7 @@ func TestStrategyLoginConsentNext(t *testing.T) {
t.Run("case=should fail because the request was redirected but the login endpoint rejected the request", func(t *testing.T) {
testhelpers.NewLoginConsentUI(t, reg.Config(), func(w http.ResponseWriter, r *http.Request) {
- vr, _, err := adminClient.OAuth2Api.RejectOAuth2LoginRequest(context.Background()).
+ vr, _, err := adminClient.OAuth2API.RejectOAuth2LoginRequest(context.Background()).
LoginChallenge(r.URL.Query().Get("login_challenge")).
RejectOAuth2Request(hydra.RejectOAuth2Request{
Error: pointerx.String(fosite.ErrInteractionRequired.ErrorField),
@@ -186,7 +186,7 @@ func TestStrategyLoginConsentNext(t *testing.T) {
testhelpers.NewLoginConsentUI(t, reg.Config(),
acceptLoginHandler(t, "aeneas-rekkas", nil),
func(w http.ResponseWriter, r *http.Request) {
- vr, _, err := adminClient.OAuth2Api.RejectOAuth2ConsentRequest(context.Background()).
+ vr, _, err := adminClient.OAuth2API.RejectOAuth2ConsentRequest(context.Background()).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
RejectOAuth2Request(hydra.RejectOAuth2Request{
Error: pointerx.String(fosite.ErrInteractionRequired.ErrorField),
@@ -208,13 +208,13 @@ func TestStrategyLoginConsentNext(t *testing.T) {
testhelpers.NewLoginConsentUI(t, reg.Config(),
func(w http.ResponseWriter, r *http.Request) {
- res, _, err := adminClient.OAuth2Api.GetOAuth2LoginRequest(ctx).
+ res, _, err := adminClient.OAuth2API.GetOAuth2LoginRequest(ctx).
LoginChallenge(r.URL.Query().Get("login_challenge")).
Execute()
require.NoError(t, err)
loginChallenge = res.Challenge
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2LoginRequest(ctx).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2LoginRequest(ctx).
LoginChallenge(loginChallenge).
AcceptOAuth2LoginRequest(hydra.AcceptOAuth2LoginRequest{Subject: "aeneas-rekkas"}).
Execute()
@@ -223,13 +223,13 @@ func TestStrategyLoginConsentNext(t *testing.T) {
http.Redirect(w, r, v.RedirectTo, http.StatusFound)
},
func(w http.ResponseWriter, r *http.Request) {
- res, _, err := adminClient.OAuth2Api.GetOAuth2ConsentRequest(ctx).
+ res, _, err := adminClient.OAuth2API.GetOAuth2ConsentRequest(ctx).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
Execute()
require.NoError(t, err)
consentChallenge = res.Challenge
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2ConsentRequest(ctx).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2ConsentRequest(ctx).
ConsentChallenge(consentChallenge).
AcceptOAuth2ConsentRequest(hydra.AcceptOAuth2ConsentRequest{}).
Execute()
@@ -241,7 +241,7 @@ func TestStrategyLoginConsentNext(t *testing.T) {
makeRequestAndExpectCode(t, hc, c, url.Values{})
t.Run("case=double-submit login verifier", func(t *testing.T) {
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2LoginRequest(ctx).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2LoginRequest(ctx).
LoginChallenge(loginChallenge).
AcceptOAuth2LoginRequest(hydra.AcceptOAuth2LoginRequest{Subject: "aeneas-rekkas"}).
Execute()
@@ -255,7 +255,7 @@ func TestStrategyLoginConsentNext(t *testing.T) {
})
t.Run("case=double-submit consent verifier", func(t *testing.T) {
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2ConsentRequest(ctx).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2ConsentRequest(ctx).
ConsentChallenge(consentChallenge).
AcceptOAuth2ConsentRequest(hydra.AcceptOAuth2ConsentRequest{}).
Execute()
@@ -289,6 +289,7 @@ func TestStrategyLoginConsentNext(t *testing.T) {
subject := "aeneas-rekkas"
c := createDefaultClient(t)
+ now := 1723546027 // Unix timestamps must round-trip through Hydra without converting to floats or similar
testhelpers.NewLoginConsentUI(t, reg.Config(),
acceptLoginHandler(t, subject, &hydra.AcceptOAuth2LoginRequest{
Remember: pointerx.Bool(true),
@@ -297,8 +298,14 @@ func TestStrategyLoginConsentNext(t *testing.T) {
Remember: pointerx.Bool(true),
GrantScope: []string{"openid"},
Session: &hydra.AcceptOAuth2ConsentRequestSession{
- AccessToken: map[string]interface{}{"foo": "bar"},
- IdToken: map[string]interface{}{"bar": "baz"},
+ AccessToken: map[string]interface{}{
+ "foo": "bar",
+ "ts1": now,
+ },
+ IdToken: map[string]interface{}{
+ "bar": "baz",
+ "ts2": now,
+ },
},
}))
@@ -314,12 +321,14 @@ func TestStrategyLoginConsentNext(t *testing.T) {
require.NoError(t, err)
claims := testhelpers.IntrospectToken(t, conf, token.AccessToken, adminTS)
- assert.Equal(t, "bar", claims.Get("ext.foo").String(), "%s", claims.Raw)
+ assert.Equalf(t, `"bar"`, claims.Get("ext.foo").Raw, "%s", claims.Raw) // Raw rather than .Int() or .Value() to verify the exact JSON payload
+ assert.Equalf(t, "1723546027", claims.Get("ext.ts1").Raw, "%s", claims.Raw) // must round-trip as integer
idClaims := testhelpers.DecodeIDToken(t, token)
- assert.Equal(t, "baz", idClaims.Get("bar").String(), "%s", idClaims.Raw)
+ assert.Equalf(t, `"baz"`, idClaims.Get("bar").Raw, "%s", idClaims.Raw) // Raw rather than .Int() or .Value() to verify the exact JSON payload
+ assert.Equalf(t, "1723546027", idClaims.Get("ts2").Raw, "%s", idClaims.Raw) // must round-trip as integer
sid = idClaims.Get("sid").String()
- assert.NotNil(t, sid)
+ assert.NotEmpty(t, sid)
}
t.Run("perform first flow", run)
@@ -334,21 +343,28 @@ func TestStrategyLoginConsentNext(t *testing.T) {
assert.Empty(t, pointerx.StringR(res.Client.ClientSecret))
return hydra.AcceptOAuth2LoginRequest{
Subject: subject,
- Context: map[string]interface{}{"foo": "bar"},
+ Context: map[string]interface{}{"xyz": "abc"},
}
}),
- checkAndAcceptConsentHandler(t, adminClient, func(t *testing.T, res *hydra.OAuth2ConsentRequest, err error) hydra.AcceptOAuth2ConsentRequest {
+ checkAndAcceptConsentHandler(t, adminClient, func(t *testing.T, req *hydra.OAuth2ConsentRequest, err error) hydra.AcceptOAuth2ConsentRequest {
require.NoError(t, err)
- assert.True(t, *res.Skip)
- assert.Equal(t, sid, *res.LoginSessionId)
- assert.Equal(t, subject, *res.Subject)
- assert.Empty(t, pointerx.StringR(res.Client.ClientSecret))
+ assert.True(t, *req.Skip)
+ assert.Equal(t, sid, *req.LoginSessionId)
+ assert.Equal(t, subject, *req.Subject)
+ assert.Empty(t, pointerx.StringR(req.Client.ClientSecret))
+ assert.Equal(t, map[string]interface{}{"xyz": "abc"}, req.Context)
return hydra.AcceptOAuth2ConsentRequest{
Remember: pointerx.Bool(true),
GrantScope: []string{"openid"},
Session: &hydra.AcceptOAuth2ConsentRequestSession{
- AccessToken: map[string]interface{}{"foo": "bar"},
- IdToken: map[string]interface{}{"bar": "baz"},
+ AccessToken: map[string]interface{}{
+ "foo": "bar",
+ "ts1": now,
+ },
+ IdToken: map[string]interface{}{
+ "bar": "baz",
+ "ts2": now,
+ },
},
}
}))
@@ -712,7 +728,7 @@ func TestStrategyLoginConsentNext(t *testing.T) {
testhelpers.NewLoginConsentUI(t, reg.Config(),
func(w http.ResponseWriter, r *http.Request) {
- res, _, err := adminClient.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
+ res, _, err := adminClient.OAuth2API.AcceptOAuth2LoginRequest(context.Background()).
LoginChallenge(r.URL.Query().Get("login_challenge")).
AcceptOAuth2LoginRequest(hydra.AcceptOAuth2LoginRequest{
Subject: "not-aeneas-rekkas",
@@ -807,7 +823,7 @@ func TestStrategyLoginConsentNext(t *testing.T) {
makeRequestAndExpectCode(t, hc, c, url.Values{})
// Make request with additional scope and prompt none, which fails
- makeRequestAndExpectError(t, hc, c, url.Values{"prompt": {"none"}, "scope": {"openid"}},
+ makeRequestAndExpectError(t, hc, c, url.Values{"prompt": {"none"}, "scope": {"openid"}, "redirect_uri": {c.RedirectURIs[0]}},
"Prompt 'none' was requested, but no previous consent was found")
})
@@ -914,11 +930,11 @@ func TestStrategyLoginConsentNext(t *testing.T) {
}{
{
d: "check all the sub claims",
- values: url.Values{"scope": {"openid"}},
+ values: url.Values{"scope": {"openid"}, "redirect_uri": {c.RedirectURIs[0]}},
},
{
d: "works with id_token_hint",
- values: url.Values{"scope": {"openid"}, "id_token_hint": {testhelpers.NewIDToken(t, reg, hash)}},
+ values: url.Values{"scope": {"openid"}, "redirect_uri": {c.RedirectURIs[0]}, "id_token_hint": {testhelpers.NewIDToken(t, reg, hash)}},
},
} {
t.Run("case="+tc.d, func(t *testing.T) {
@@ -958,7 +974,7 @@ func TestStrategyLoginConsentNext(t *testing.T) {
}),
acceptConsentHandler(t, &hydra.AcceptOAuth2ConsentRequest{GrantScope: []string{"openid"}}))
- code := makeRequestAndExpectCode(t, nil, c, url.Values{})
+ code := makeRequestAndExpectCode(t, nil, c, url.Values{"redirect_uri": {c.RedirectURIs[0]}})
conf := oauth2Config(t, c)
token, err := conf.Exchange(context.Background(), code)
@@ -1093,6 +1109,133 @@ func TestStrategyLoginConsentNext(t *testing.T) {
})
}
+func TestStrategyDeviceLoginConsent(t *testing.T) {
+ ctx := context.Background()
+ reg := internal.NewMockedRegistry(t, &contextx.Default{})
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
+ reg.Config().MustSet(ctx, config.KeyConsentRequestMaxAge, time.Hour)
+ reg.Config().MustSet(ctx, config.KeyConsentRequestMaxAge, time.Hour)
+ reg.Config().MustSet(ctx, config.KeyScopeStrategy, "exact")
+ reg.Config().MustSet(ctx, config.KeySubjectTypesSupported, []string{"pairwise", "public"})
+ reg.Config().MustSet(ctx, config.KeySubjectIdentifierAlgorithmSalt, "76d5d2bf-747f-4592-9fbd-d2b895a54b3a")
+
+ publicTS, adminTS := testhelpers.NewOAuth2Server(ctx, t, reg)
+ adminClient := hydra.NewAPIClient(hydra.NewConfiguration())
+ adminClient.GetConfig().Servers = hydra.ServerConfigurations{{URL: adminTS.URL}}
+
+ oauth2Config := func(t *testing.T, c *client.Client) *oauth2.Config {
+ return &oauth2.Config{
+ ClientID: c.GetID(),
+ ClientSecret: c.Secret,
+ Endpoint: oauth2.Endpoint{
+ DeviceAuthURL: publicTS.URL + "/oauth2/device/auth",
+ TokenURL: publicTS.URL + "/oauth2/token",
+ AuthStyle: oauth2.AuthStyleInHeader,
+ },
+ }
+ }
+
+ acceptDeviceHandler := func(t *testing.T) http.HandlerFunc {
+ return checkAndAcceptDeviceHandler(t, adminClient)
+ }
+
+ acceptLoginHandler := func(t *testing.T, subject string, payload *hydra.AcceptOAuth2LoginRequest) http.HandlerFunc {
+ return checkAndAcceptLoginHandler(t, adminClient, subject, func(*testing.T, *hydra.OAuth2LoginRequest, error) hydra.AcceptOAuth2LoginRequest {
+ if payload == nil {
+ return hydra.AcceptOAuth2LoginRequest{}
+ }
+ return *payload
+ })
+ }
+
+ acceptConsentHandler := func(t *testing.T, payload *hydra.AcceptOAuth2ConsentRequest) http.HandlerFunc {
+ return checkAndAcceptConsentHandler(t, adminClient, func(*testing.T, *hydra.OAuth2ConsentRequest, error) hydra.AcceptOAuth2ConsentRequest {
+ if payload == nil {
+ return hydra.AcceptOAuth2ConsentRequest{}
+ }
+ return *payload
+ })
+ }
+
+ createDefaultClient := func(t *testing.T) *client.Client {
+ c := &client.Client{GrantTypes: []string{"urn:ietf:params:oauth:grant-type:device_code"}}
+ return createClient(t, reg, c)
+ }
+ t.Run("case=should pass if both login and consent are granted and check remember flows as well as various payloads", func(t *testing.T) {
+ subject := "aeneas-rekkas"
+ c := createDefaultClient(t)
+ testhelpers.NewDeviceLoginConsentUI(t, reg.Config(),
+ acceptDeviceHandler(t),
+ acceptLoginHandler(t, subject, &hydra.AcceptOAuth2LoginRequest{
+ Remember: pointerx.Bool(true),
+ }),
+ acceptConsentHandler(t, &hydra.AcceptOAuth2ConsentRequest{
+ Remember: pointerx.Bool(true),
+ GrantScope: []string{"openid"},
+ Session: &hydra.AcceptOAuth2ConsentRequestSession{
+ AccessToken: map[string]interface{}{"foo": "bar"},
+ IdToken: map[string]interface{}{"bar": "baz"},
+ },
+ }))
+
+ hc := testhelpers.NewEmptyJarClient(t)
+
+ var run = func(t *testing.T) {
+ res, resp := makeOAuth2DeviceAuthRequest(t, reg, hc, c, "openid")
+ assert.EqualValues(t, http.StatusOK, resp.StatusCode)
+
+ devResp := new(oauth2.DeviceAuthResponse)
+ require.NoError(t, json.Unmarshal([]byte(res.Raw), devResp))
+
+ resp, err := hc.Get(devResp.VerificationURIComplete)
+ require.NoError(t, err)
+ require.Contains(t, reg.Config().DeviceDoneURL(ctx).String(), resp.Request.URL.Path, "did not end up in post device URL")
+ require.Equal(t, resp.Request.URL.Query().Get("client_id"), c.ID)
+
+ conf := oauth2Config(t, c)
+ token, err := conf.DeviceAccessToken(ctx, devResp)
+ require.NoError(t, err)
+
+ claims := testhelpers.IntrospectToken(t, conf, token.AccessToken, adminTS)
+ assert.Equal(t, "bar", claims.Get("ext.foo").String(), "%s", claims.Raw)
+
+ idClaims := testhelpers.DecodeIDToken(t, token)
+ assert.Equal(t, "baz", idClaims.Get("bar").String(), "%s", idClaims.Raw)
+ sid := idClaims.Get("sid").String()
+ assert.NotNil(t, sid)
+ }
+
+ t.Run("perform first flow", run)
+
+ })
+ t.Run("case=should fail because a device verifier was given that doesn't exist in the store", func(t *testing.T) {
+ testhelpers.NewDeviceLoginConsentUI(t, reg.Config(), testhelpers.HTTPServerNoExpectedCallHandler(t), testhelpers.HTTPServerNoExpectedCallHandler(t), testhelpers.HTTPServerNoExpectedCallHandler(t))
+ c := createDefaultClient(t)
+ hc := testhelpers.NewEmptyJarClient(t)
+
+ _, res := makeOAuth2DeviceVerificationRequest(t, reg, hc, c, url.Values{"device_verifier": {"does-not-exist"}})
+ assert.EqualValues(t, http.StatusForbidden, res.StatusCode)
+ })
+
+ t.Run("case=should fail because a login verifier was given that doesn't exist in the store", func(t *testing.T) {
+ testhelpers.NewLoginConsentUI(t, reg.Config(), testhelpers.HTTPServerNoExpectedCallHandler(t), testhelpers.HTTPServerNoExpectedCallHandler(t))
+ c := createDefaultClient(t)
+ hc := testhelpers.NewEmptyJarClient(t)
+
+ _, res := makeOAuth2DeviceVerificationRequest(t, reg, hc, c, url.Values{"login_verifier": {"does-not-exist"}})
+ assert.EqualValues(t, http.StatusForbidden, res.StatusCode)
+ })
+
+ t.Run("case=should fail because a consent verifier was given that doesn't exist in the store", func(t *testing.T) {
+ testhelpers.NewLoginConsentUI(t, reg.Config(), testhelpers.HTTPServerNoExpectedCallHandler(t), testhelpers.HTTPServerNoExpectedCallHandler(t))
+ c := createDefaultClient(t)
+ hc := testhelpers.NewEmptyJarClient(t)
+
+ _, res := makeOAuth2DeviceVerificationRequest(t, reg, hc, c, url.Values{"consent_verifier": {"does-not-exist"}})
+ assert.EqualValues(t, http.StatusForbidden, res.StatusCode)
+ })
+}
+
func DropCookieJar(drop *regexp.Regexp) http.CookieJar {
jar, _ := cookiejar.New(nil)
return &dropCSRFCookieJar{
diff --git a/consent/manager_test_helpers.go b/consent/test/manager_test_helpers.go
similarity index 88%
rename from consent/manager_test_helpers.go
rename to consent/test/manager_test_helpers.go
index f0a10eae1fc..fd94caf4054 100644
--- a/consent/manager_test_helpers.go
+++ b/consent/test/manager_test_helpers.go
@@ -1,7 +1,7 @@
// Copyright © 2022 Ory Corp
// SPDX-License-Identifier: Apache-2.0
-package consent
+package test
import (
"context"
@@ -10,6 +10,10 @@ import (
"testing"
"time"
+ "github.com/ory/fosite/handler/openid"
+ "github.com/ory/hydra/v2/consent"
+ "github.com/ory/hydra/v2/oauth2"
+
"github.com/ory/hydra/v2/aead"
"github.com/ory/hydra/v2/flow"
"github.com/ory/x/assertx"
@@ -126,6 +130,40 @@ func MockLogoutRequest(key string, withClient bool, network string) (c *flow.Log
}
}
+func MockDeviceRequest(key string, network string) (c *flow.DeviceUserAuthRequest, h *flow.HandledDeviceUserAuthRequest, f *flow.Flow) {
+ client := &client.Client{ID: "fk-client-" + key}
+ c = &flow.DeviceUserAuthRequest{
+ RequestedAt: time.Now().UTC().Add(-time.Minute),
+ Client: client,
+ RequestURL: "https://request-url/path" + key,
+ ID: makeID("challenge", network, key),
+ Verifier: makeID("verifier", network, key),
+ CSRF: "csrf" + key,
+ }
+
+ f = flow.NewDeviceFlow(c)
+
+ var err = &flow.RequestDeniedError{
+ Name: "error_name" + key,
+ Description: "error_description" + key,
+ Hint: "error_hint,omitempty" + key,
+ Code: 100,
+ Debug: "error_debug,omitempty" + key,
+ Valid: true,
+ }
+
+ h = &flow.HandledDeviceUserAuthRequest{
+ ID: makeID("challenge", network, key),
+ RequestedAt: time.Now().UTC().Add(-time.Minute),
+ Client: client,
+ Error: err,
+ Request: c,
+ WasHandled: false,
+ }
+
+ return c, h, f
+}
+
func MockAuthRequest(key string, authAt bool, network string) (c *flow.LoginRequest, h *flow.HandledLoginRequest, f *flow.Flow) {
c = &flow.LoginRequest{
OpenIDConnectContext: &flow.OAuth2ConsentRequestOpenIDConnectContext{
@@ -178,7 +216,7 @@ func MockAuthRequest(key string, authAt bool, network string) (c *flow.LoginRequ
return c, h, f
}
-func SaneMockHandleConsentRequest(t *testing.T, m Manager, f *flow.Flow, c *flow.OAuth2ConsentRequest, authAt time.Time, rememberFor int, remember bool, hasError bool) *flow.AcceptOAuth2ConsentRequest {
+func SaneMockHandleConsentRequest(t *testing.T, m consent.Manager, f *flow.Flow, c *flow.OAuth2ConsentRequest, authAt time.Time, rememberFor int, remember bool, hasError bool) *flow.AcceptOAuth2ConsentRequest {
var rde *flow.RequestDeniedError
if hasError {
rde = &flow.RequestDeniedError{
@@ -212,7 +250,7 @@ func SaneMockHandleConsentRequest(t *testing.T, m Manager, f *flow.Flow, c *flow
}
// SaneMockConsentRequest does the same thing as MockConsentRequest but uses less insanity and implicit dependencies.
-func SaneMockConsentRequest(t *testing.T, m Manager, f *flow.Flow, skip bool) (c *flow.OAuth2ConsentRequest) {
+func SaneMockConsentRequest(t *testing.T, m consent.Manager, f *flow.Flow, skip bool) (c *flow.OAuth2ConsentRequest) {
c = &flow.OAuth2ConsentRequest{
RequestedScope: []string{"scopea", "scopeb"},
RequestedAudience: []string{"auda", "audb"},
@@ -244,7 +282,7 @@ func SaneMockConsentRequest(t *testing.T, m Manager, f *flow.Flow, skip bool) (c
}
// SaneMockAuthRequest does the same thing as MockAuthRequest but uses less insanity and implicit dependencies.
-func SaneMockAuthRequest(t *testing.T, m Manager, ls *flow.LoginSession, cl *client.Client) (c *flow.LoginRequest) {
+func SaneMockAuthRequest(t *testing.T, m consent.Manager, ls *flow.LoginSession, cl *client.Client) (c *flow.LoginRequest) {
c = &flow.LoginRequest{
OpenIDConnectContext: &flow.OAuth2ConsentRequestOpenIDConnectContext{
ACRValues: []string{"1", "2"},
@@ -263,7 +301,7 @@ func SaneMockAuthRequest(t *testing.T, m Manager, ls *flow.LoginSession, cl *cli
ID: uuid.New().String(),
Verifier: uuid.New().String(),
}
- _, err := m.CreateLoginRequest(context.Background(), c)
+ _, err := m.CreateLoginRequest(context.Background(), nil, c)
require.NoError(t, err)
return c
}
@@ -275,7 +313,7 @@ func makeID(base string, network string, key string) string {
func TestHelperNID(r interface {
client.ManagerProvider
FlowCipher() *aead.XChaCha20Poly1305
-}, t1ValidNID Manager, t2InvalidNID Manager) func(t *testing.T) {
+}, t1ValidNID consent.Manager, t2InvalidNID consent.Manager) func(t *testing.T) {
testClient := client.Client{ID: "2022-03-11-client-nid-test-1"}
testLS := flow.LoginSession{
ID: "2022-03-11-ls-nid-test-1",
@@ -308,9 +346,9 @@ func TestHelperNID(r interface {
require.Error(t, t2InvalidNID.CreateLoginSession(ctx, &testLS))
require.NoError(t, t1ValidNID.CreateLoginSession(ctx, &testLS))
- _, err := t2InvalidNID.CreateLoginRequest(ctx, &testLR)
+ _, err := t2InvalidNID.CreateLoginRequest(ctx, nil, &testLR)
require.Error(t, err)
- f, err := t1ValidNID.CreateLoginRequest(ctx, &testLR)
+ f, err := t1ValidNID.CreateLoginRequest(ctx, nil, &testLR)
require.NoError(t, err)
testLR.ID = x.Must(f.ToLoginChallenge(ctx, r))
@@ -338,7 +376,7 @@ type Deps interface {
contextx.Provider
}
-func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeManager x.FositeStorer, network string, parallel bool) func(t *testing.T) {
+func ManagerTests(deps Deps, m consent.Manager, clientManager client.Manager, fositeManager x.FositeStorer, network string, parallel bool) func(t *testing.T) {
lr := make(map[string]*flow.LoginRequest)
return func(t *testing.T) {
@@ -368,7 +406,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
RequestedAt: time.Now(),
}
- _, err := m.CreateLoginRequest(ctx, lr[k])
+ _, err := m.CreateLoginRequest(ctx, nil, lr[k])
require.NoError(t, err)
}
})
@@ -455,6 +493,54 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
}
})
+ t.Run("case=device-request", func(t *testing.T) {
+ for _, tc := range []struct {
+ key string
+ }{
+ {"1"},
+ {"2"},
+ {"3"},
+ {"4"},
+ {"5"},
+ {"6"},
+ {"7"},
+ } {
+ tc := tc
+ t.Run("key="+tc.key, func(t *testing.T) {
+ c, h, f := MockDeviceRequest(tc.key, network)
+ _ = clientManager.CreateClient(ctx, c.Client) // Ignore errors that are caused by duplication
+ deviceChallenge := x.Must(f.ToDeviceChallenge(ctx, deps))
+
+ _, err := m.GetDeviceUserAuthRequest(ctx, deviceChallenge)
+ require.Error(t, err)
+
+ f, err = m.CreateDeviceUserAuthRequest(ctx, c)
+ require.NoError(t, err)
+
+ deviceChallenge = x.Must(f.ToDeviceChallenge(ctx, deps))
+
+ got1, err := m.GetDeviceUserAuthRequest(ctx, deviceChallenge)
+ require.NoError(t, err)
+ assert.False(t, got1.WasHandled)
+ compareDeviceRequest(t, c, got1)
+
+ got1, err = m.HandleDeviceUserAuthRequest(ctx, f, deviceChallenge, h)
+ require.NoError(t, err)
+ compareDeviceRequest(t, c, got1)
+
+ DeviceVerifier := x.Must(f.ToDeviceVerifier(ctx, deps))
+
+ got2, err := m.VerifyAndInvalidateDeviceUserAuthRequest(ctx, DeviceVerifier)
+ require.NoError(t, err)
+ compareDeviceRequest(t, c, got2.Request)
+
+ deviceChallenge = x.Must(f.ToDeviceChallenge(ctx, deps))
+ _, err = m.GetDeviceUserAuthRequest(ctx, deviceChallenge)
+ require.NoError(t, err)
+ })
+ }
+ })
+
t.Run("case=auth-request", func(t *testing.T) {
for _, tc := range []struct {
key string
@@ -476,7 +562,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
_, err := m.GetLoginRequest(ctx, loginChallenge)
require.Error(t, err)
- f, err = m.CreateLoginRequest(ctx, c)
+ f, err = m.CreateLoginRequest(ctx, nil, c)
require.NoError(t, err)
loginChallenge = x.Must(f.ToLoginChallenge(ctx, deps))
@@ -590,7 +676,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
rs, err := m.FindGrantedAndRememberedConsentRequests(ctx, "fk-client-"+tc.keyC, "subject"+tc.keyS)
if tc.expectedLength == 0 {
assert.Nil(t, rs)
- assert.EqualError(t, err, ErrNoPreviousConsentFound.Error())
+ assert.EqualError(t, err, consent.ErrNoPreviousConsentFound.Error())
} else {
require.NoError(t, err)
assert.Len(t, rs, tc.expectedLength)
@@ -674,22 +760,22 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
require.NoError(t, fositeManager.CreateAccessTokenSession(
ctx,
makeID("", network, "trva1"),
- &fosite.Request{Client: cr1.Client, ID: crr1.ID, RequestedAt: time.Now()},
+ &fosite.Request{Client: cr1.Client, ID: crr1.ID, RequestedAt: time.Now(), Session: &oauth2.Session{DefaultSession: openid.NewDefaultSession()}},
))
require.NoError(t, fositeManager.CreateRefreshTokenSession(
ctx,
makeID("", network, "rrva1"),
- &fosite.Request{Client: cr1.Client, ID: crr1.ID, RequestedAt: time.Now()},
+ &fosite.Request{Client: cr1.Client, ID: crr1.ID, RequestedAt: time.Now(), Session: &oauth2.Session{DefaultSession: openid.NewDefaultSession()}},
))
require.NoError(t, fositeManager.CreateAccessTokenSession(
ctx,
makeID("", network, "trva2"),
- &fosite.Request{Client: cr2.Client, ID: crr2.ID, RequestedAt: time.Now()},
+ &fosite.Request{Client: cr2.Client, ID: crr2.ID, RequestedAt: time.Now(), Session: &oauth2.Session{DefaultSession: openid.NewDefaultSession()}},
))
require.NoError(t, fositeManager.CreateRefreshTokenSession(
ctx,
makeID("", network, "rrva2"),
- &fosite.Request{Client: cr2.Client, ID: crr2.ID, RequestedAt: time.Now()},
+ &fosite.Request{Client: cr2.Client, ID: crr2.ID, RequestedAt: time.Now(), Session: &oauth2.Session{DefaultSession: openid.NewDefaultSession()}},
))
for i, tc := range []struct {
@@ -740,14 +826,14 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
})
}
- require.EqualError(t, m.RevokeSubjectConsentSession(ctx, "i-do-not-exist"), x.ErrNotFound.Error())
- require.EqualError(t, m.RevokeSubjectClientConsentSession(ctx, "i-do-not-exist", "i-do-not-exist"), x.ErrNotFound.Error())
+ require.NoError(t, m.RevokeSubjectConsentSession(ctx, "i-do-not-exist"))
+ require.NoError(t, m.RevokeSubjectClientConsentSession(ctx, "i-do-not-exist", "i-do-not-exist"))
})
t.Run("case=list-used-consent-requests", func(t *testing.T) {
- f1, err := m.CreateLoginRequest(ctx, lr["rv1"])
+ f1, err := m.CreateLoginRequest(ctx, nil, lr["rv1"])
require.NoError(t, err)
- f2, err := m.CreateLoginRequest(ctx, lr["rv2"])
+ f2, err := m.CreateLoginRequest(ctx, nil, lr["rv2"])
require.NoError(t, err)
cr1, hcr1, _ := MockConsentRequest("rv1", true, 0, false, false, false, "fk-login-challenge", network)
@@ -800,7 +886,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
assert.Equal(t, len(tc.challenges), len(consents))
if len(tc.challenges) == 0 {
- assert.EqualError(t, err, ErrNoPreviousConsentFound.Error())
+ assert.EqualError(t, err, consent.ErrNoPreviousConsentFound.Error())
} else {
require.NoError(t, err)
for _, consent := range consents {
@@ -842,7 +928,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
assert.Equal(t, len(tc.challenges), len(consents))
if len(tc.challenges) == 0 {
- assert.EqualError(t, err, ErrNoPreviousConsentFound.Error())
+ assert.EqualError(t, err, consent.ErrNoPreviousConsentFound.Error())
} else {
require.NoError(t, err)
for _, consent := range consents {
@@ -862,7 +948,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
_, err := m.GetForcedObfuscatedLoginSession(ctx, "fk-client-1", "obfuscated-1")
require.True(t, errors.Is(err, x.ErrNotFound))
- expect := &ForcedObfuscatedLoginSession{
+ expect := &consent.ForcedObfuscatedLoginSession{
ClientID: "fk-client-1",
Subject: "subject-1",
SubjectObfuscated: "obfuscated-1",
@@ -875,7 +961,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
got.NID = gofrsuuid.Nil
assert.EqualValues(t, expect, got)
- expect = &ForcedObfuscatedLoginSession{
+ expect = &consent.ForcedObfuscatedLoginSession{
ClientID: "fk-client-1",
Subject: "subject-1",
SubjectObfuscated: "obfuscated-2",
@@ -1067,7 +1153,7 @@ func ManagerTests(deps Deps, m Manager, clientManager client.Manager, fositeMana
SessionID: sqlxx.NullString(s.ID),
}
- f, err := m.CreateLoginRequest(ctx, lr)
+ f, err := m.CreateLoginRequest(ctx, nil, lr)
require.NoError(t, err)
expected := &flow.OAuth2ConsentRequest{
ID: x.Must(f.ToConsentChallenge(ctx, deps)),
@@ -1126,6 +1212,13 @@ func compareAuthenticationRequest(t *testing.T, a, b *flow.LoginRequest) {
assert.EqualValues(t, a.SessionID, b.SessionID)
}
+func compareDeviceRequest(t *testing.T, a, b *flow.DeviceUserAuthRequest) {
+ assert.EqualValues(t, a.Client.GetID(), b.Client.GetID())
+ assert.EqualValues(t, a.CSRF, b.CSRF)
+ assert.EqualValues(t, a.RequestURL, b.RequestURL)
+ assert.EqualValues(t, a.Verifier, b.Verifier)
+}
+
func compareConsentRequest(t *testing.T, a, b *flow.OAuth2ConsentRequest) {
assert.EqualValues(t, a.Client.GetID(), b.Client.GetID())
assert.EqualValues(t, a.ID, b.ID)
@@ -1138,4 +1231,5 @@ func compareConsentRequest(t *testing.T, a, b *flow.OAuth2ConsentRequest) {
assert.EqualValues(t, a.Skip, b.Skip)
assert.EqualValues(t, a.LoginChallenge, b.LoginChallenge)
assert.EqualValues(t, a.LoginSessionID, b.LoginSessionID)
+ assert.EqualValues(t, a.DeviceChallenge, b.DeviceChallenge)
}
diff --git a/contrib/quickstart/5-min/hydra.yml b/contrib/quickstart/5-min/hydra.yml
index 8d69cc1d243..3becd68594f 100644
--- a/contrib/quickstart/5-min/hydra.yml
+++ b/contrib/quickstart/5-min/hydra.yml
@@ -8,6 +8,8 @@ urls:
consent: http://127.0.0.1:3000/consent
login: http://127.0.0.1:3000/login
logout: http://127.0.0.1:3000/logout
+ device_verification: http://127.0.0.1:3000/device_code
+ post_device_done: http://127.0.0.1:3000/device_complete
secrets:
system:
diff --git a/contrib/quickstart/gitlab/config/gitlab.rb b/contrib/quickstart/gitlab/config/gitlab.rb
index 9540469d3bd..6cd8c378e34 100644
--- a/contrib/quickstart/gitlab/config/gitlab.rb
+++ b/contrib/quickstart/gitlab/config/gitlab.rb
@@ -70,7 +70,7 @@
### Request duration
###! Tells the rails application how long it has to complete a request
###! This value needs to be lower than the worker timeout set in unicorn/puma.
-###! By default, we'll allow 95% of the the worker timeout
+###! By default, we'll allow 95% of the worker timeout
# gitlab_rails['max_request_duration_seconds'] = 57
### Email Settings
diff --git a/driver/config/provider.go b/driver/config/provider.go
index ba1869498fe..8b5e5dff570 100644
--- a/driver/config/provider.go
+++ b/driver/config/provider.go
@@ -6,6 +6,7 @@ package config
import (
"context"
"fmt"
+ "math"
"net/http"
"net/url"
"strings"
@@ -14,6 +15,7 @@ import (
"github.com/pkg/errors"
"github.com/ory/x/hasherx"
+ "github.com/ory/x/randx"
"github.com/gofrs/uuid"
@@ -49,6 +51,7 @@ const (
KeyOIDCDiscoverySupportedClaims = "webfinger.oidc_discovery.supported_claims"
KeyOIDCDiscoverySupportedScope = "webfinger.oidc_discovery.supported_scope"
KeyOIDCDiscoveryUserinfoEndpoint = "webfinger.oidc_discovery.userinfo_url"
+ KeyOAuth2DeviceAuthorisationURL = "webfinger.oidc_discovery.device_authorization_url"
KeySubjectTypesSupported = "oidc.subject_identifiers.supported_types"
KeyDefaultClientScope = "oidc.dynamic_client_registration.default_scope"
KeyDSN = "dsn"
@@ -63,6 +66,7 @@ const (
KeyCookieDomain = "serve.cookies.domain"
KeyCookieSecure = "serve.cookies.secure"
KeyCookieLoginCSRFName = "serve.cookies.names.login_csrf"
+ KeyCookieDeviceCSRFName = "serve.cookies.names.device_csrf"
KeyCookieConsentCSRFName = "serve.cookies.names.consent_csrf"
KeyCookieSessionName = "serve.cookies.names.session"
KeyCookieSessionPath = "serve.cookies.paths.session"
@@ -72,6 +76,7 @@ const (
KeyVerifiableCredentialsNonceLifespan = "ttl.vc_nonce" // #nosec G101
KeyIDTokenLifespan = "ttl.id_token" // #nosec G101
KeyAuthCodeLifespan = "ttl.auth_code"
+ KeyDeviceAndUserCodeLifespan = "ttl.device_user_code"
KeyScopeStrategy = "strategies.scope"
KeyGetCookieSecrets = "secrets.cookie"
KeyGetSystemSecret = "secrets.system"
@@ -81,6 +86,8 @@ const (
KeyLogoutURL = "urls.logout"
KeyConsentURL = "urls.consent"
KeyErrorURL = "urls.error"
+ KeyDeviceVerificationURL = "urls.device_verification"
+ KeyDeviceDoneURL = "urls.post_device_done"
KeyPublicURL = "urls.self.public"
KeyAdminURL = "urls.self.admin"
KeyIssuerURL = "urls.self.issuer"
@@ -92,6 +99,7 @@ const (
KeyDBIgnoreUnknownTableColumns = "db.ignore_unknown_table_columns"
KeySubjectIdentifierAlgorithmSalt = "oidc.subject_identifiers.pairwise.salt"
KeyPublicAllowDynamicRegistration = "oidc.dynamic_client_registration.enabled"
+ KeyDeviceAuthTokenPollingInterval = "oauth2.device_authorization.token_polling_interval" // #nosec G101
KeyPKCEEnforced = "oauth2.pkce.enforced"
KeyPKCEEnforcedForPublicClients = "oauth2.pkce.enforced_for_public_clients"
KeyLogLevel = "log.level"
@@ -101,6 +109,7 @@ const (
KeyExcludeNotBeforeClaim = "oauth2.exclude_not_before_claim"
KeyAllowedTopLevelClaims = "oauth2.allowed_top_level_claims"
KeyMirrorTopLevelClaims = "oauth2.mirror_top_level_claims"
+ KeyRefreshTokenRotationGracePeriod = "oauth2.grant.refresh_token.rotation_grace_period" // #nosec G101
KeyOAuth2GrantJWTIDOptional = "oauth2.grant.jwt.jti_optional"
KeyOAuth2GrantJWTIssuedDateOptional = "oauth2.grant.jwt.iat_optional"
KeyOAuth2GrantJWTMaxDuration = "oauth2.grant.jwt.max_ttl"
@@ -134,15 +143,34 @@ func (p *DefaultProvider) GetHasherAlgorithm(ctx context.Context) x.HashAlgorith
}
func (p *DefaultProvider) HasherBcryptConfig(ctx context.Context) *hasherx.BCryptConfig {
+ var cost uint32
+ costInt := int64(p.GetBCryptCost(ctx))
+ if costInt < 0 {
+ cost = 10
+ } else if costInt > math.MaxUint32 {
+ cost = math.MaxUint32
+ } else {
+ cost = uint32(costInt)
+ }
return &hasherx.BCryptConfig{
- Cost: uint32(p.GetBCryptCost(ctx)),
+ Cost: cost,
}
}
func (p *DefaultProvider) HasherPBKDF2Config(ctx context.Context) *hasherx.PBKDF2Config {
+ var iters uint32
+ itersInt := p.getProvider(ctx).Int64(KeyPBKDF2Iterations)
+ if itersInt < 1 {
+ iters = 1
+ } else if int64(itersInt) > math.MaxUint32 {
+ iters = math.MaxUint32
+ } else {
+ iters = uint32(itersInt)
+ }
+
return &hasherx.PBKDF2Config{
Algorithm: "sha256",
- Iterations: uint32(p.getProvider(ctx).Int(KeyPBKDF2Iterations)),
+ Iterations: iters,
SaltLength: 16,
KeyLength: 32,
}
@@ -372,6 +400,26 @@ func (p *DefaultProvider) fallbackURL(ctx context.Context, path string, host str
return &u
}
+// GetDeviceAndUserCodeLifespan returns the device_code and user_code lifespan. Defaults to 15 minutes.
+func (p *DefaultProvider) GetDeviceAndUserCodeLifespan(ctx context.Context) time.Duration {
+ return p.p.DurationF(KeyDeviceAndUserCodeLifespan, time.Minute*15)
+}
+
+// GetDeviceAuthTokenPollingInterval returns device grant token endpoint polling interval. Defaults to 5 seconds.
+func (p *DefaultProvider) GetDeviceAuthTokenPollingInterval(ctx context.Context) time.Duration {
+ return p.p.DurationF(KeyDeviceAuthTokenPollingInterval, time.Second*5)
+}
+
+// GetUserCodeLength returns configured user_code length
+func (c *DefaultProvider) GetUserCodeLength(ctx context.Context) int {
+ return 8
+}
+
+// GetDeviceAuthTokenPollingInterval returns configured user_code allowed symbols
+func (c *DefaultProvider) GetUserCodeSymbols(ctx context.Context) []rune {
+ return []rune(randx.AlphaUpper)
+}
+
func (p *DefaultProvider) LoginURL(ctx context.Context) *url.URL {
return urlRoot(p.getProvider(ctx).URIF(KeyLoginURL, p.publicFallbackURL(ctx, "oauth2/fallbacks/login")))
}
@@ -392,6 +440,16 @@ func (p *DefaultProvider) ErrorURL(ctx context.Context) *url.URL {
return urlRoot(p.getProvider(ctx).RequestURIF(KeyErrorURL, p.publicFallbackURL(ctx, "oauth2/fallbacks/error")))
}
+// DeviceVerificationURL returns user_code verification page URL. Defaults to "oauth2/fallbacks/device".
+func (p *DefaultProvider) DeviceVerificationURL(ctx context.Context) *url.URL {
+ return urlRoot(p.getProvider(ctx).URIF(KeyDeviceVerificationURL, p.publicFallbackURL(ctx, "oauth2/fallbacks/device")))
+}
+
+// DeviceDoneURL returns the post device authorization URL. Defaults to "oauth2/fallbacks/device/done".
+func (p *DefaultProvider) DeviceDoneURL(ctx context.Context) *url.URL {
+ return urlRoot(p.getProvider(ctx).RequestURIF(KeyDeviceDoneURL, p.publicFallbackURL(ctx, "oauth2/fallbacks/device/done")))
+}
+
func (p *DefaultProvider) PublicURL(ctx context.Context) *url.URL {
return urlRoot(p.getProvider(ctx).RequestURIF(KeyPublicURL, p.IssuerURL(ctx)))
}
@@ -449,6 +507,11 @@ func (p *DefaultProvider) OAuth2AuthURL(ctx context.Context) *url.URL {
return p.getProvider(ctx).RequestURIF(KeyOAuth2AuthURL, urlx.AppendPaths(p.PublicURL(ctx), "/oauth2/auth"))
}
+// OAuth2DeviceAuthorisationURL returns device authorization endpoint. Defaults to "/oauth2/device/auth".
+func (p *DefaultProvider) OAuth2DeviceAuthorisationURL(ctx context.Context) *url.URL {
+ return p.getProvider(ctx).RequestURIF(KeyOAuth2DeviceAuthorisationURL, urlx.AppendPaths(p.PublicURL(ctx), "/oauth2/device/auth"))
+}
+
func (p *DefaultProvider) JWKSURL(ctx context.Context) *url.URL {
return p.getProvider(ctx).RequestURIF(KeyJWKSURL, urlx.AppendPaths(p.IssuerURL(ctx), "/.well-known/jwks.json"))
}
@@ -633,6 +696,11 @@ func (p *DefaultProvider) CookieNameLoginCSRF(ctx context.Context) string {
return p.cookieSuffix(ctx, KeyCookieLoginCSRFName)
}
+// CookieNameDeviceCSRF returns the device CSRF cookie name.
+func (p *DefaultProvider) CookieNameDeviceCSRF(ctx context.Context) string {
+ return p.cookieSuffix(ctx, KeyCookieDeviceCSRFName)
+}
+
func (p *DefaultProvider) CookieNameConsentCSRF(ctx context.Context) string {
return p.cookieSuffix(ctx, KeyCookieConsentCSRFName)
}
@@ -649,3 +717,11 @@ func (p *DefaultProvider) cookieSuffix(ctx context.Context, key string) string {
return p.getProvider(ctx).String(key) + suffix
}
+
+func (p *DefaultProvider) RefreshTokenRotationGracePeriod(ctx context.Context) time.Duration {
+ gracePeriod := p.getProvider(ctx).DurationF(KeyRefreshTokenRotationGracePeriod, 0)
+ if gracePeriod > time.Hour {
+ return time.Hour
+ }
+ return gracePeriod
+}
diff --git a/driver/config/provider_test.go b/driver/config/provider_test.go
index 8e5c44a9e2e..f52c81faf4a 100644
--- a/driver/config/provider_test.go
+++ b/driver/config/provider_test.go
@@ -279,6 +279,7 @@ func TestViperProviderValidates(t *testing.T) {
// webfinger
assert.Equal(t, []string{"hydra.openid.id-token", "hydra.jwt.access-token"}, c.WellKnownKeys(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://example.com"), c.OAuth2ClientRegistrationURL(ctx))
+ assert.Equal(t, urlx.ParseOrPanic("https://example.com/device_authorization"), c.OAuth2DeviceAuthorisationURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://example.com/jwks.json"), c.JWKSURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://example.com/auth"), c.OAuth2AuthURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://example.com/token"), c.OAuth2TokenURL(ctx))
@@ -291,12 +292,21 @@ func TestViperProviderValidates(t *testing.T) {
assert.Equal(t, "random_salt", c.SubjectIdentifierAlgorithmSalt(ctx))
assert.Equal(t, []string{"whatever"}, c.DefaultClientScope(ctx))
+ // refresh
+ assert.Equal(t, time.Duration(0), c.RefreshTokenRotationGracePeriod(ctx))
+ require.NoError(t, c.Set(ctx, KeyRefreshTokenRotationGracePeriod, "1s"))
+ assert.Equal(t, time.Second, c.RefreshTokenRotationGracePeriod(ctx))
+ require.NoError(t, c.Set(ctx, KeyRefreshTokenRotationGracePeriod, "2h"))
+ assert.Equal(t, time.Hour, c.RefreshTokenRotationGracePeriod(ctx))
+
// urls
assert.Equal(t, urlx.ParseOrPanic("https://issuer"), c.IssuerURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://public/"), c.PublicURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://admin/"), c.AdminURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://login/"), c.LoginURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://consent/"), c.ConsentURL(ctx))
+ assert.Equal(t, urlx.ParseOrPanic("https://device/"), c.DeviceVerificationURL(ctx))
+ assert.Equal(t, urlx.ParseOrPanic("https://device/callback"), c.DeviceDoneURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://logout/"), c.LogoutURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://error/"), c.ErrorURL(ctx))
assert.Equal(t, urlx.ParseOrPanic("https://post_logout/"), c.LogoutRedirectURL(ctx))
@@ -314,12 +324,14 @@ func TestViperProviderValidates(t *testing.T) {
assert.Equal(t, 2*time.Hour, c.GetRefreshTokenLifespan(ctx))
assert.Equal(t, 2*time.Hour, c.GetIDTokenLifespan(ctx))
assert.Equal(t, 2*time.Hour, c.GetAuthorizeCodeLifespan(ctx))
+ assert.Equal(t, 2*time.Hour, c.GetDeviceAndUserCodeLifespan(ctx))
// oauth2
assert.Equal(t, true, c.GetSendDebugMessagesToClients(ctx))
assert.Equal(t, 20, c.GetBCryptCost(ctx))
assert.Equal(t, true, c.GetEnforcePKCE(ctx))
assert.Equal(t, true, c.GetEnforcePKCEForPublicClients(ctx))
+ assert.Equal(t, 2*time.Hour, c.GetDeviceAuthTokenPollingInterval(ctx))
// secrets
secret, err := c.GetGlobalSecret(ctx)
@@ -388,16 +400,20 @@ func TestLoginConsentURL(t *testing.T) {
p := MustNew(context.Background(), l)
p.MustSet(ctx, KeyLoginURL, "http://localhost:8080/oauth/login")
p.MustSet(ctx, KeyConsentURL, "http://localhost:8080/oauth/consent")
+ p.MustSet(ctx, KeyDeviceVerificationURL, "http://localhost:8080/oauth/device")
assert.Equal(t, "http://localhost:8080/oauth/login", p.LoginURL(ctx).String())
assert.Equal(t, "http://localhost:8080/oauth/consent", p.ConsentURL(ctx).String())
+ assert.Equal(t, "http://localhost:8080/oauth/device", p.DeviceVerificationURL(ctx).String())
p2 := MustNew(context.Background(), l)
p2.MustSet(ctx, KeyLoginURL, "http://localhost:3000/#/oauth/login")
p2.MustSet(ctx, KeyConsentURL, "http://localhost:3000/#/oauth/consent")
+ p2.MustSet(ctx, KeyDeviceVerificationURL, "http://localhost:3000/#/oauth/device")
assert.Equal(t, "http://localhost:3000/#/oauth/login", p2.LoginURL(ctx).String())
assert.Equal(t, "http://localhost:3000/#/oauth/consent", p2.ConsentURL(ctx).String())
+ assert.Equal(t, "http://localhost:3000/#/oauth/device", p2.DeviceVerificationURL(ctx).String())
}
func TestInfinitRefreshTokenTTL(t *testing.T) {
diff --git a/driver/config/serve.go b/driver/config/serve.go
index f37dcde41eb..21932e3078f 100644
--- a/driver/config/serve.go
+++ b/driver/config/serve.go
@@ -6,7 +6,8 @@ package config
import (
"context"
"fmt"
- "os"
+ "io/fs"
+ "math"
"strings"
"github.com/ory/x/contextx"
@@ -63,10 +64,22 @@ func (p *DefaultProvider) ListenOn(iface ServeInterface) string {
}
func (p *DefaultProvider) SocketPermission(iface ServeInterface) *configx.UnixPermission {
+ modeInt := int64(0o755)
+ if p.getProvider(contextx.RootContext).Exists(iface.Key(KeySuffixSocketMode)) {
+ modeInt = int64(p.getProvider(contextx.RootContext).Int(iface.Key(KeySuffixSocketMode)))
+ }
+ mode := fs.FileMode(0)
+ if modeInt < 0 {
+ mode = 0
+ } else if modeInt > math.MaxUint32 {
+ mode = 0777
+ } else {
+ mode = fs.FileMode(modeInt)
+ }
return &configx.UnixPermission{
Owner: p.getProvider(contextx.RootContext).String(iface.Key(KeySuffixSocketOwner)),
Group: p.getProvider(contextx.RootContext).String(iface.Key(KeySuffixSocketGroup)),
- Mode: os.FileMode(p.getProvider(contextx.RootContext).IntF(iface.Key(KeySuffixSocketMode), 0755)),
+ Mode: mode,
}
}
diff --git a/driver/di.go b/driver/di.go
new file mode 100644
index 00000000000..584bf76c043
--- /dev/null
+++ b/driver/di.go
@@ -0,0 +1,70 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package driver
+
+import (
+ "github.com/pkg/errors"
+ "go.opentelemetry.io/otel/trace"
+
+ "github.com/ory/fosite"
+ "github.com/ory/fosite/handler/oauth2"
+ "github.com/ory/hydra/v2/consent"
+ "github.com/ory/hydra/v2/driver/config"
+ "github.com/ory/hydra/v2/fositex"
+ "github.com/ory/hydra/v2/hsm"
+ "github.com/ory/hydra/v2/internal/kratos"
+ "github.com/ory/x/contextx"
+ "github.com/ory/x/logrusx"
+)
+
+// WritableRegistry is a deprecated interface that should not be used anymore.
+//
+// Deprecate this at some point.
+type WritableRegistry interface {
+ // WithBuildInfo(v, h, d string) Registry
+
+ WithConfig(c *config.DefaultProvider) Registry
+ WithContextualizer(ctxer contextx.Contextualizer) Registry
+ WithLogger(l *logrusx.Logger) Registry
+ WithTracer(t trace.Tracer) Registry
+ WithTracerWrapper(TracerWrapper) Registry
+ WithKratos(k kratos.Client) Registry
+ WithExtraFositeFactories(f []fositex.Factory) Registry
+ ExtraFositeFactories() []fositex.Factory
+ WithOAuth2Provider(f fosite.OAuth2Provider)
+ WithConsentStrategy(c consent.Strategy)
+ WithHsmContext(h hsm.Context)
+}
+
+type RegistryModifier func(r Registry) error
+
+func WithRegistryModifiers(f ...RegistryModifier) OptionsModifier {
+ return func(o *Options) {
+ o.registryModifiers = f
+ }
+}
+
+func RegistryWithHMACSHAStrategy(s func(r Registry) oauth2.CoreStrategy) RegistryModifier {
+ return func(r Registry) error {
+ switch rt := r.(type) {
+ case *RegistrySQL:
+ rt.hmacs = s(r)
+ default:
+ return errors.Errorf("unable to set HMAC strategy on registry of type %T", r)
+ }
+ return nil
+ }
+}
+
+func RegistryWithHsmContext(h hsm.Context) RegistryModifier {
+ return func(r Registry) error {
+ switch rt := r.(type) {
+ case *RegistrySQL:
+ rt.hsm = h
+ default:
+ return errors.Errorf("unable to set HMAC strategy on registry of type %T", r)
+ }
+ return nil
+ }
+}
diff --git a/driver/factory.go b/driver/factory.go
index dbcefebe663..c7b5d30c3f4 100644
--- a/driver/factory.go
+++ b/driver/factory.go
@@ -7,6 +7,8 @@ import (
"context"
"io/fs"
+ "github.com/pkg/errors"
+
"github.com/ory/hydra/v2/driver/config"
"github.com/ory/hydra/v2/fositex"
"github.com/ory/x/configx"
@@ -17,39 +19,45 @@ import (
)
type (
- options struct {
+ Options struct {
preload bool
validate bool
opts []configx.OptionModifier
config *config.DefaultProvider
// The first default refers to determining the NID at startup; the second default referes to the fact that the Contextualizer may dynamically change the NID.
- skipNetworkInit bool
- tracerWrapper TracerWrapper
- extraMigrations []fs.FS
- goMigrations []popx.Migration
- fositexFactories []fositex.Factory
+ skipNetworkInit bool
+ tracerWrapper TracerWrapper
+ extraMigrations []fs.FS
+ goMigrations []popx.Migration
+ fositexFactories []fositex.Factory
+ registryModifiers []RegistryModifier
+ inspect func(Registry) error
}
- OptionsModifier func(*options)
+ OptionsModifier func(*Options)
TracerWrapper func(*otelx.Tracer) *otelx.Tracer
)
-func newOptions() *options {
- return &options{
+func NewOptions(opts []OptionsModifier) *Options {
+ o := &Options{
validate: true,
preload: true,
opts: []configx.OptionModifier{},
}
+ for _, f := range opts {
+ f(o)
+ }
+ return o
}
func WithConfig(config *config.DefaultProvider) OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.config = config
}
}
func WithOptions(opts ...configx.OptionModifier) OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.opts = append(o.opts, opts...)
}
}
@@ -58,55 +66,58 @@ func WithOptions(opts ...configx.OptionModifier) OptionsModifier {
//
// This does not affect schema validation!
func DisableValidation() OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.validate = false
}
}
// DisablePreloading will not preload the config.
func DisablePreloading() OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.preload = false
}
}
func SkipNetworkInit() OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.skipNetworkInit = true
}
}
// WithTracerWrapper sets a function that wraps the tracer.
func WithTracerWrapper(wrapper TracerWrapper) OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.tracerWrapper = wrapper
}
}
// WithExtraMigrations specifies additional database migration.
func WithExtraMigrations(m ...fs.FS) OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.extraMigrations = append(o.extraMigrations, m...)
}
}
func WithGoMigrations(m ...popx.Migration) OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.goMigrations = append(o.goMigrations, m...)
}
}
func WithExtraFositeFactories(f ...fositex.Factory) OptionsModifier {
- return func(o *options) {
+ return func(o *Options) {
o.fositexFactories = append(o.fositexFactories, f...)
}
}
-func New(ctx context.Context, sl *servicelocatorx.Options, opts []OptionsModifier) (Registry, error) {
- o := newOptions()
- for _, f := range opts {
- f(o)
+func Inspect(f func(Registry) error) OptionsModifier {
+ return func(o *Options) {
+ o.inspect = f
}
+}
+
+func New(ctx context.Context, sl *servicelocatorx.Options, opts []OptionsModifier) (Registry, error) {
+ o := NewOptions(opts)
l := sl.Logger()
if l == nil {
@@ -142,6 +153,12 @@ func New(ctx context.Context, sl *servicelocatorx.Options, opts []OptionsModifie
r.WithExtraFositeFactories(o.fositexFactories)
+ for _, f := range o.registryModifiers {
+ if err := f(r); err != nil {
+ return nil, err
+ }
+ }
+
if err = r.Init(ctx, o.skipNetworkInit, false, ctxter, o.extraMigrations, o.goMigrations); err != nil {
l.WithError(err).Error("Unable to initialize service registry.")
return nil, err
@@ -152,6 +169,11 @@ func New(ctx context.Context, sl *servicelocatorx.Options, opts []OptionsModifie
CallRegistry(ctx, r)
}
- c.Source(ctx).SetTracer(ctx, r.Tracer(ctx))
+ if o.inspect != nil {
+ if err := o.inspect(r); err != nil {
+ return nil, errors.WithStack(err)
+ }
+ }
+
return r, nil
}
diff --git a/driver/registry.go b/driver/registry.go
index c28aafcdfc9..954d77a5ad4 100644
--- a/driver/registry.go
+++ b/driver/registry.go
@@ -8,23 +8,16 @@ import (
"io/fs"
"net/http"
- "go.opentelemetry.io/otel/trace"
-
- "github.com/ory/hydra/v2/fositex"
- "github.com/ory/hydra/v2/internal/kratos"
- "github.com/ory/x/httprouterx"
+ enigma "github.com/ory/fosite/token/hmac"
"github.com/ory/x/popx"
"github.com/ory/hydra/v2/aead"
- "github.com/ory/hydra/v2/hsm"
+ "github.com/ory/hydra/v2/internal/kratos"
"github.com/ory/x/contextx"
+ "github.com/ory/x/httprouterx"
"github.com/ory/hydra/v2/oauth2/trust"
- "github.com/pkg/errors"
-
- "github.com/ory/x/errorsx"
-
"github.com/ory/fosite"
foauth2 "github.com/ory/fosite/handler/oauth2"
@@ -47,22 +40,13 @@ import (
type Registry interface {
dbal.Driver
+ WritableRegistry
Init(ctx context.Context, skipNetworkInit bool, migrate bool, ctxer contextx.Contextualizer, extraMigrations []fs.FS, goMigrations []popx.Migration) error
- WithBuildInfo(v, h, d string) Registry
- WithConfig(c *config.DefaultProvider) Registry
- WithContextualizer(ctxer contextx.Contextualizer) Registry
- WithLogger(l *logrusx.Logger) Registry
- WithTracer(t trace.Tracer) Registry
- WithTracerWrapper(TracerWrapper) Registry
- WithKratos(k kratos.Client) Registry
x.HTTPClientProvider
GetJWKSFetcherStrategy() fosite.JWKSFetcherStrategy
- WithExtraFositeFactories(f []fositex.Factory) Registry
- ExtraFositeFactories() []fositex.Factory
-
contextx.Provider
config.Provider
persistence.Provider
@@ -86,12 +70,10 @@ type Registry interface {
ConsentHandler() *consent.Handler
OAuth2Handler() *oauth2.Handler
HealthHandler() *healthx.Handler
+ OAuth2EnigmaStrategy() *enigma.HMACStrategy
OAuth2AwareMiddleware() func(h http.Handler) http.Handler
- OAuth2HMACStrategy() *foauth2.HMACSHAStrategy
- WithOAuth2Provider(f fosite.OAuth2Provider)
- WithConsentStrategy(c consent.Strategy)
- WithHsmContext(h hsm.Context)
+ OAuth2HMACStrategy() foauth2.CoreStrategy
}
func NewRegistryFromDSN(ctx context.Context, c *config.DefaultProvider, l *logrusx.Logger, skipNetworkInit bool, migrate bool, ctxer contextx.Contextualizer) (Registry, error) {
@@ -99,22 +81,26 @@ func NewRegistryFromDSN(ctx context.Context, c *config.DefaultProvider, l *logru
if err != nil {
return nil, err
}
+
if err := registry.Init(ctx, skipNetworkInit, migrate, ctxer, nil, nil); err != nil {
return nil, err
}
+
return registry, nil
}
func NewRegistryWithoutInit(c *config.DefaultProvider, l *logrusx.Logger) (Registry, error) {
- driver, err := dbal.GetDriverFor(c.DSN())
- if err != nil {
- return nil, errorsx.WithStack(err)
- }
- registry, ok := driver.(Registry)
- if !ok {
- return nil, errors.Errorf("driver of type %T does not implement interface Registry", driver)
+ registry := NewRegistrySQL(
+ c, l, config.Version, config.Commit, config.Date,
+ )
+
+ if !registry.CanHandle(c.DSN()) {
+ if dbal.IsSQLite(c.DSN()) {
+ return nil, dbal.ErrSQLiteSupportMissing
+ }
+
+ return nil, dbal.ErrNoResponsibleDriverFound
}
- registry = registry.WithLogger(l).WithConfig(c).WithBuildInfo(config.Version, config.Commit, config.Date)
return registry, nil
}
diff --git a/driver/registry_base.go b/driver/registry_base.go
deleted file mode 100644
index a541e06ce19..00000000000
--- a/driver/registry_base.go
+++ /dev/null
@@ -1,583 +0,0 @@
-// Copyright © 2022 Ory Corp
-// SPDX-License-Identifier: Apache-2.0
-
-package driver
-
-import (
- "context"
- "crypto/sha256"
- "fmt"
- "net/http"
- "time"
-
- "github.com/gorilla/sessions"
- "github.com/hashicorp/go-retryablehttp"
- "github.com/pkg/errors"
- "github.com/prometheus/client_golang/prometheus/promhttp"
- "github.com/rs/cors"
- "go.opentelemetry.io/otel/trace"
-
- "github.com/ory/fosite"
- "github.com/ory/fosite/compose"
- foauth2 "github.com/ory/fosite/handler/oauth2"
- "github.com/ory/fosite/handler/openid"
- "github.com/ory/herodot"
- "github.com/ory/hydra/v2/aead"
- "github.com/ory/hydra/v2/client"
- "github.com/ory/hydra/v2/consent"
- "github.com/ory/hydra/v2/driver/config"
- "github.com/ory/hydra/v2/fositex"
- "github.com/ory/hydra/v2/hsm"
- "github.com/ory/hydra/v2/internal/kratos"
- "github.com/ory/hydra/v2/jwk"
- "github.com/ory/hydra/v2/oauth2"
- "github.com/ory/hydra/v2/oauth2/trust"
- "github.com/ory/hydra/v2/persistence"
- "github.com/ory/hydra/v2/x"
- "github.com/ory/hydra/v2/x/oauth2cors"
- "github.com/ory/x/contextx"
- "github.com/ory/x/healthx"
- "github.com/ory/x/httprouterx"
- "github.com/ory/x/httpx"
- "github.com/ory/x/logrusx"
- "github.com/ory/x/otelx"
- "github.com/ory/x/popx"
- prometheus "github.com/ory/x/prometheusx"
-)
-
-var (
- _ contextx.Provider = (*RegistryBase)(nil)
-)
-
-type RegistryBase struct {
- l *logrusx.Logger
- al *logrusx.Logger
- conf *config.DefaultProvider
- ch *client.Handler
- fh fosite.Hasher
- jwtGrantH *trust.Handler
- jwtGrantV *trust.GrantValidator
- kh *jwk.Handler
- cv *client.Validator
- ctxer contextx.Contextualizer
- hh *healthx.Handler
- migrationStatus *popx.MigrationStatuses
- kc *aead.AESGCM
- flowc *aead.XChaCha20Poly1305
- cos consent.Strategy
- writer herodot.Writer
- hsm hsm.Context
- forv *openid.OpenIDConnectRequestValidator
- fop fosite.OAuth2Provider
- coh *consent.Handler
- oah *oauth2.Handler
- sia map[string]consent.SubjectIdentifierAlgorithm
- trc *otelx.Tracer
- tracerWrapper func(*otelx.Tracer) *otelx.Tracer
- pmm *prometheus.MetricsManager
- oa2mw func(h http.Handler) http.Handler
- arhs []oauth2.AccessRequestHook
- buildVersion string
- buildHash string
- buildDate string
- r Registry
- persister persistence.Persister
- jfs fosite.JWKSFetcherStrategy
- oc fosite.Configurator
- oidcs jwk.JWTSigner
- ats jwk.JWTSigner
- hmacs *foauth2.HMACSHAStrategy
- fc *fositex.Config
- publicCORS *cors.Cors
- kratos kratos.Client
- fositeFactories []fositex.Factory
-}
-
-func (m *RegistryBase) GetJWKSFetcherStrategy() fosite.JWKSFetcherStrategy {
- if m.jfs == nil {
- m.jfs = fosite.NewDefaultJWKSFetcherStrategy(fosite.JWKSFetcherWithHTTPClientSource(func(ctx context.Context) *retryablehttp.Client {
- return m.HTTPClient(ctx)
- }))
- }
- return m.jfs
-}
-
-func (m *RegistryBase) WithContextualizer(ctxer contextx.Contextualizer) Registry {
- m.ctxer = ctxer
- return m.r
-}
-
-func (m *RegistryBase) Contextualizer() contextx.Contextualizer {
- if m.ctxer == nil {
- panic("registry Contextualizer not set")
- }
- return m.ctxer
-}
-
-func (m *RegistryBase) with(r Registry) *RegistryBase {
- m.r = r
- return m
-}
-
-func (m *RegistryBase) WithBuildInfo(version, hash, date string) Registry {
- m.buildVersion = version
- m.buildHash = hash
- m.buildDate = date
- return m.r
-}
-
-func (m *RegistryBase) OAuth2AwareMiddleware() func(h http.Handler) http.Handler {
- if m.oa2mw == nil {
- m.oa2mw = oauth2cors.Middleware(m.r)
- }
- return m.oa2mw
-}
-
-func (m *RegistryBase) addPublicCORSOnHandler(ctx context.Context) func(http.Handler) http.Handler {
- corsConfig, corsEnabled := m.Config().CORS(ctx, config.PublicInterface)
- if !corsEnabled {
- return func(h http.Handler) http.Handler {
- return h
- }
- }
- if m.publicCORS == nil {
- m.publicCORS = cors.New(corsConfig)
- }
- return func(h http.Handler) http.Handler {
- return m.publicCORS.Handler(h)
- }
-}
-
-func (m *RegistryBase) RegisterRoutes(ctx context.Context, admin *httprouterx.RouterAdmin, public *httprouterx.RouterPublic) {
- m.HealthHandler().SetHealthRoutes(admin.Router, true)
- m.HealthHandler().SetVersionRoutes(admin.Router)
-
- m.HealthHandler().SetHealthRoutes(public.Router, false, healthx.WithMiddleware(m.addPublicCORSOnHandler(ctx)))
-
- admin.Handler("GET", prometheus.MetricsPrometheusPath, promhttp.Handler())
-
- m.ConsentHandler().SetRoutes(admin)
- m.KeyHandler().SetRoutes(admin, public, m.OAuth2AwareMiddleware())
- m.ClientHandler().SetRoutes(admin, public)
- m.OAuth2Handler().SetRoutes(admin, public, m.OAuth2AwareMiddleware())
- m.JWTGrantHandler().SetRoutes(admin)
-}
-
-func (m *RegistryBase) BuildVersion() string {
- return m.buildVersion
-}
-
-func (m *RegistryBase) BuildDate() string {
- return m.buildDate
-}
-
-func (m *RegistryBase) BuildHash() string {
- return m.buildHash
-}
-
-func (m *RegistryBase) WithConfig(c *config.DefaultProvider) Registry {
- m.conf = c
- return m.r
-}
-
-func (m *RegistryBase) Writer() herodot.Writer {
- if m.writer == nil {
- h := herodot.NewJSONWriter(m.Logger())
- h.ErrorEnhancer = x.ErrorEnhancer
- m.writer = h
- }
- return m.writer
-}
-
-func (m *RegistryBase) WithLogger(l *logrusx.Logger) Registry {
- m.l = l
- return m.r
-}
-
-func (m *RegistryBase) WithTracer(t trace.Tracer) Registry {
- m.trc = new(otelx.Tracer).WithOTLP(t)
- return m.r
-}
-
-func (m *RegistryBase) WithTracerWrapper(wrapper TracerWrapper) Registry {
- m.tracerWrapper = wrapper
- return m.r
-}
-
-func (m *RegistryBase) WithKratos(k kratos.Client) Registry {
- m.kratos = k
- return m.r
-}
-
-func (m *RegistryBase) Logger() *logrusx.Logger {
- if m.l == nil {
- m.l = logrusx.New("Ory Hydra", m.BuildVersion())
- }
- return m.l
-}
-
-func (m *RegistryBase) AuditLogger() *logrusx.Logger {
- if m.al == nil {
- m.al = logrusx.NewAudit("Ory Hydra", m.BuildVersion())
- m.al.UseConfig(m.Config().Source(contextx.RootContext))
- }
- return m.al
-}
-
-func (m *RegistryBase) ClientHasher() fosite.Hasher {
- if m.fh == nil {
- m.fh = x.NewHasher(m.Config())
- }
- return m.fh
-}
-
-func (m *RegistryBase) ClientHandler() *client.Handler {
- if m.ch == nil {
- m.ch = client.NewHandler(m.r)
- }
- return m.ch
-}
-
-func (m *RegistryBase) ClientValidator() *client.Validator {
- if m.cv == nil {
- m.cv = client.NewValidator(m.r)
- }
- return m.cv
-}
-
-func (m *RegistryBase) KeyHandler() *jwk.Handler {
- if m.kh == nil {
- m.kh = jwk.NewHandler(m.r)
- }
- return m.kh
-}
-
-func (m *RegistryBase) JWTGrantHandler() *trust.Handler {
- if m.jwtGrantH == nil {
- m.jwtGrantH = trust.NewHandler(m.r)
- }
- return m.jwtGrantH
-}
-
-func (m *RegistryBase) GrantValidator() *trust.GrantValidator {
- if m.jwtGrantV == nil {
- m.jwtGrantV = trust.NewGrantValidator()
- }
- return m.jwtGrantV
-}
-
-func (m *RegistryBase) HealthHandler() *healthx.Handler {
- if m.hh == nil {
- m.hh = healthx.NewHandler(m.Writer(), m.buildVersion, healthx.ReadyCheckers{
- "database": func(_ *http.Request) error {
- return m.r.Ping()
- },
- "migrations": func(r *http.Request) error {
- if m.migrationStatus != nil && !m.migrationStatus.HasPending() {
- return nil
- }
-
- status, err := m.r.Persister().MigrationStatus(r.Context())
- if err != nil {
- return err
- }
-
- if status.HasPending() {
- err := errors.Errorf("migrations have not yet been fully applied: %+v", status)
- m.Logger().WithField("status", fmt.Sprintf("%+v", status)).WithError(err).Warn("Instance is not yet ready because migrations have not yet been fully applied.")
- return err
- }
-
- m.migrationStatus = &status
- return nil
- },
- })
- }
-
- return m.hh
-}
-
-func (m *RegistryBase) ConsentStrategy() consent.Strategy {
- if m.cos == nil {
- m.cos = consent.NewStrategy(m.r, m.Config())
- }
- return m.cos
-}
-
-func (m *RegistryBase) KeyCipher() *aead.AESGCM {
- if m.kc == nil {
- m.kc = aead.NewAESGCM(m.Config())
- }
- return m.kc
-}
-
-func (m *RegistryBase) FlowCipher() *aead.XChaCha20Poly1305 {
- if m.flowc == nil {
- m.flowc = aead.NewXChaCha20Poly1305(m.Config())
- }
- return m.flowc
-}
-
-func (m *RegistryBase) CookieStore(ctx context.Context) (sessions.Store, error) {
- var keys [][]byte
- secrets, err := m.conf.GetCookieSecrets(ctx)
- if err != nil {
- return nil, err
- }
-
- for _, k := range secrets {
- encrypt := sha256.Sum256(k)
- keys = append(keys, k, encrypt[:])
- }
-
- cs := sessions.NewCookieStore(keys...)
- cs.Options.Secure = m.Config().CookieSecure(ctx)
- cs.Options.HttpOnly = true
-
- // CookieStore MaxAge is set to 86400 * 30 by default. This prevents secure cookies retrieval with expiration > 30 days.
- // MaxAge(0) disables internal MaxAge check by SecureCookie, see:
- //
- // https://github.com/ory/hydra/pull/2488#discussion_r618992698
- cs.MaxAge(0)
-
- if domain := m.Config().CookieDomain(ctx); domain != "" {
- cs.Options.Domain = domain
- }
-
- cs.Options.Path = "/"
- if sameSite := m.Config().CookieSameSiteMode(ctx); sameSite != 0 {
- cs.Options.SameSite = sameSite
- }
-
- return cs, nil
-}
-
-func (m *RegistryBase) HTTPClient(ctx context.Context, opts ...httpx.ResilientOptions) *retryablehttp.Client {
- opts = append(opts,
- httpx.ResilientClientWithLogger(m.Logger()),
- httpx.ResilientClientWithMaxRetry(2),
- httpx.ResilientClientWithConnectionTimeout(30*time.Second))
-
- tracer := m.Tracer(ctx)
- if tracer.IsLoaded() {
- opts = append(opts, httpx.ResilientClientWithTracer(tracer.Tracer()))
- }
-
- if m.Config().ClientHTTPNoPrivateIPRanges() {
- opts = append(
- opts,
- httpx.ResilientClientDisallowInternalIPs(),
- httpx.ResilientClientAllowInternalIPRequestsTo(m.Config().ClientHTTPPrivateIPExceptionURLs()...),
- )
- }
- return httpx.NewResilientClient(opts...)
-}
-
-func (m *RegistryBase) OAuth2Provider() fosite.OAuth2Provider {
- if m.fop != nil {
- return m.fop
- }
-
- m.fop = fosite.NewOAuth2Provider(m.r.OAuth2Storage(), m.OAuth2ProviderConfig())
- return m.fop
-}
-
-func (m *RegistryBase) OpenIDJWTStrategy() jwk.JWTSigner {
- if m.oidcs != nil {
- return m.oidcs
- }
-
- m.oidcs = jwk.NewDefaultJWTSigner(m.Config(), m.r, x.OpenIDConnectKeyName)
- return m.oidcs
-}
-
-func (m *RegistryBase) AccessTokenJWTStrategy() jwk.JWTSigner {
- if m.ats != nil {
- return m.ats
- }
-
- m.ats = jwk.NewDefaultJWTSigner(m.Config(), m.r, x.OAuth2JWTKeyName)
- return m.ats
-}
-
-func (m *RegistryBase) OAuth2HMACStrategy() *foauth2.HMACSHAStrategy {
- if m.hmacs != nil {
- return m.hmacs
- }
-
- m.hmacs = compose.NewOAuth2HMACStrategy(m.OAuth2Config())
- return m.hmacs
-}
-
-func (m *RegistryBase) OAuth2Config() *fositex.Config {
- if m.fc != nil {
- return m.fc
- }
-
- m.fc = fositex.NewConfig(m.r)
- return m.fc
-}
-
-func (m *RegistryBase) ExtraFositeFactories() []fositex.Factory {
- return m.fositeFactories
-}
-
-func (m *RegistryBase) WithExtraFositeFactories(f []fositex.Factory) Registry {
- m.fositeFactories = f
-
- return m.r
-}
-
-func (m *RegistryBase) OAuth2ProviderConfig() fosite.Configurator {
- if m.oc != nil {
- return m.oc
- }
-
- conf := m.OAuth2Config()
- hmacAtStrategy := m.OAuth2HMACStrategy()
- oidcSigner := m.OpenIDJWTStrategy()
- atSigner := m.AccessTokenJWTStrategy()
- jwtAtStrategy := &foauth2.DefaultJWTStrategy{
- Signer: atSigner,
- HMACSHAStrategy: hmacAtStrategy,
- Config: conf,
- }
-
- conf.LoadDefaultHandlers(&compose.CommonStrategy{
- CoreStrategy: fositex.NewTokenStrategy(m.Config(), hmacAtStrategy, &foauth2.DefaultJWTStrategy{
- Signer: jwtAtStrategy,
- HMACSHAStrategy: hmacAtStrategy,
- Config: conf,
- }),
- OpenIDConnectTokenStrategy: &openid.DefaultStrategy{
- Config: conf,
- Signer: oidcSigner,
- },
- Signer: oidcSigner,
- })
-
- m.oc = conf
- return m.oc
-}
-
-func (m *RegistryBase) OpenIDConnectRequestValidator() *openid.OpenIDConnectRequestValidator {
- if m.forv == nil {
- m.forv = openid.NewOpenIDConnectRequestValidator(&openid.DefaultStrategy{
- Config: m.OAuth2ProviderConfig(),
- Signer: m.OpenIDJWTStrategy(),
- }, m.OAuth2ProviderConfig())
- }
- return m.forv
-}
-
-func (m *RegistryBase) AudienceStrategy() fosite.AudienceMatchingStrategy {
- return fosite.DefaultAudienceMatchingStrategy
-}
-
-func (m *RegistryBase) ConsentHandler() *consent.Handler {
- if m.coh == nil {
- m.coh = consent.NewHandler(m.r, m.Config())
- }
- return m.coh
-}
-
-func (m *RegistryBase) OAuth2Handler() *oauth2.Handler {
- if m.oah == nil {
- m.oah = oauth2.NewHandler(m.r, m.Config())
- }
- return m.oah
-}
-
-func (m *RegistryBase) SubjectIdentifierAlgorithm(ctx context.Context) map[string]consent.SubjectIdentifierAlgorithm {
- if m.sia == nil {
- m.sia = map[string]consent.SubjectIdentifierAlgorithm{}
- for _, t := range m.Config().SubjectTypesSupported(ctx) {
- switch t {
- case "public":
- m.sia["public"] = consent.NewSubjectIdentifierAlgorithmPublic()
- case "pairwise":
- m.sia["pairwise"] = consent.NewSubjectIdentifierAlgorithmPairwise([]byte(m.Config().SubjectIdentifierAlgorithmSalt(ctx)))
- }
- }
- }
- return m.sia
-}
-
-func (m *RegistryBase) Tracer(_ context.Context) *otelx.Tracer {
- if m.trc == nil {
- t, err := otelx.New("Ory Hydra", m.l, m.conf.Tracing())
- if err != nil {
- m.Logger().WithError(err).Error("Unable to initialize Tracer.")
- } else {
- // Wrap the tracer if required
- if m.tracerWrapper != nil {
- t = m.tracerWrapper(t)
- }
-
- m.trc = t
- }
- }
- if m.trc.Tracer() == nil {
- m.trc = otelx.NewNoop(m.l, m.Config().Tracing())
- }
-
- return m.trc
-}
-
-func (m *RegistryBase) PrometheusManager() *prometheus.MetricsManager {
- if m.pmm == nil {
- m.pmm = prometheus.NewMetricsManagerWithPrefix("hydra", prometheus.HTTPMetrics, m.buildVersion, m.buildHash, m.buildDate)
- }
- return m.pmm
-}
-
-func (m *RegistryBase) Persister() persistence.Persister {
- return m.persister
-}
-
-// Config returns the configuration for the given context. It may or may not be the same as the global configuration.
-func (m *RegistryBase) Config() *config.DefaultProvider {
- return m.conf
-}
-
-// WithOAuth2Provider forces an oauth2 provider which is only used for testing.
-func (m *RegistryBase) WithOAuth2Provider(f fosite.OAuth2Provider) {
- m.fop = f
-}
-
-// WithConsentStrategy forces a consent strategy which is only used for testing.
-func (m *RegistryBase) WithConsentStrategy(c consent.Strategy) {
- m.cos = c
-}
-
-func (m *RegistryBase) AccessRequestHooks() []oauth2.AccessRequestHook {
- if m.arhs == nil {
- m.arhs = []oauth2.AccessRequestHook{
- oauth2.RefreshTokenHook(m),
- oauth2.TokenHook(m),
- }
- }
- return m.arhs
-}
-
-func (m *RegistryBase) WithHsmContext(h hsm.Context) {
- m.hsm = h
-}
-
-func (m *RegistryBase) HSMContext() hsm.Context {
- if m.hsm == nil {
- m.hsm = hsm.NewContext(m.Config(), m.l)
- }
- return m.hsm
-}
-
-func (m *RegistrySQL) ClientAuthenticator() x.ClientAuthenticator {
- return m.OAuth2Provider().(*fosite.Fosite)
-}
-
-func (m *RegistryBase) Kratos() kratos.Client {
- if m.kratos == nil {
- m.kratos = kratos.New(m)
- }
- return m.kratos
-}
diff --git a/driver/registry_base_test.go b/driver/registry_base_test.go
deleted file mode 100644
index 5f0d4fc29cd..00000000000
--- a/driver/registry_base_test.go
+++ /dev/null
@@ -1,124 +0,0 @@
-// Copyright © 2022 Ory Corp
-// SPDX-License-Identifier: Apache-2.0
-
-package driver
-
-import (
- "context"
- "errors"
- "fmt"
- "io"
- "net/http"
- "net/http/httptest"
- "testing"
-
- "github.com/ory/x/randx"
-
- "github.com/stretchr/testify/require"
-
- "github.com/ory/x/httpx"
-
- "github.com/sirupsen/logrus"
- "github.com/sirupsen/logrus/hooks/test"
- "github.com/stretchr/testify/assert"
-
- "github.com/ory/hydra/v2/driver/config"
- "github.com/ory/x/configx"
- "github.com/ory/x/contextx"
- "github.com/ory/x/logrusx"
-
- "github.com/gorilla/sessions"
-)
-
-func TestGetJWKSFetcherStrategyHostEnforcment(t *testing.T) {
- ctx := context.Background()
- l := logrusx.New("", "")
- c := config.MustNew(context.Background(), l, configx.WithConfigFiles("../internal/.hydra.yaml"))
- c.MustSet(ctx, config.KeyDSN, "memory")
- c.MustSet(ctx, config.HSMEnabled, "false")
- c.MustSet(ctx, config.KeyClientHTTPNoPrivateIPRanges, true)
-
- registry, err := NewRegistryWithoutInit(c, l)
- require.NoError(t, err)
-
- _, err = registry.GetJWKSFetcherStrategy().Resolve(ctx, "http://localhost:8080", true)
- require.ErrorAs(t, err, new(httpx.ErrPrivateIPAddressDisallowed))
-}
-
-func TestRegistryBase_newKeyStrategy_handlesNetworkError(t *testing.T) {
- // Test ensures any network specific error is logged with a
- // specific message when attempting to create a new key strategy: issue #2338
-
- hook := test.Hook{} // Test hook for asserting log messages
- ctx := context.Background()
-
- l := logrusx.New("", "", logrusx.WithHook(&hook))
- l.Logrus().SetOutput(io.Discard)
- l.Logrus().ExitFunc = func(int) {} // Override the exit func to avoid call to os.Exit
-
- // Create a config and set a valid but unresolvable DSN
- c := config.MustNew(context.Background(), l, configx.WithConfigFiles("../internal/.hydra.yaml"))
- c.MustSet(ctx, config.KeyDSN, "postgres://user:password@127.0.0.1:9999/postgres")
- c.MustSet(ctx, config.HSMEnabled, "false")
-
- registry, err := NewRegistryWithoutInit(c, l)
- if err != nil {
- t.Errorf("Failed to create registry: %s", err)
- return
- }
-
- r := registry.(*RegistrySQL)
- r.initialPing = failedPing(errors.New("snizzles"))
-
- _ = r.Init(context.Background(), true, false, &contextx.TestContextualizer{}, nil, nil)
-
- registryBase := RegistryBase{r: r, l: l}
- registryBase.WithConfig(c)
-
- assert.Equal(t, logrus.FatalLevel, hook.LastEntry().Level)
- assert.Contains(t, hook.LastEntry().Message, "snizzles")
-}
-
-func TestRegistryBase_CookieStore_MaxAgeZero(t *testing.T) {
- // Test ensures that CookieStore MaxAge option is equal to zero after initialization
-
- ctx := context.Background()
- r := new(RegistryBase)
- r.WithConfig(config.MustNew(context.Background(), logrusx.New("", ""), configx.WithValue(config.KeyGetSystemSecret, []string{randx.MustString(32, randx.AlphaNum)})))
-
- s, err := r.CookieStore(ctx)
- require.NoError(t, err)
- cs := s.(*sessions.CookieStore)
-
- assert.Equal(t, cs.Options.MaxAge, 0)
-}
-
-func TestRegistryBase_HTTPClient(t *testing.T) {
- ts := httptest.NewServer(http.HandlerFunc(func(writer http.ResponseWriter, _ *http.Request) {
- writer.WriteHeader(http.StatusOK)
- }))
- defer ts.Close()
-
- t.Setenv("CLIENTS_HTTP_PRIVATE_IP_EXCEPTION_URLS", fmt.Sprintf("[%q]", ts.URL+"/exception/*"))
-
- ctx := context.Background()
- r := new(RegistryBase)
- r.WithConfig(config.MustNew(
- ctx,
- logrusx.New("", ""),
- configx.WithValues(map[string]interface{}{
- config.KeyClientHTTPNoPrivateIPRanges: true,
- }),
- ))
-
- t.Run("case=matches exception glob", func(t *testing.T) {
- res, err := r.HTTPClient(ctx).Get(ts.URL + "/exception/foo")
- require.NoError(t, err)
- assert.Equal(t, 200, res.StatusCode)
- })
-
- t.Run("case=does not match exception glob", func(t *testing.T) {
- _, err := r.HTTPClient(ctx).Get(ts.URL + "/foo")
- require.Error(t, err)
- })
-}
diff --git a/driver/registry_sql.go b/driver/registry_sql.go
index 1fa8b9bbb61..3d8160a42dd 100644
--- a/driver/registry_sql.go
+++ b/driver/registry_sql.go
@@ -5,14 +5,46 @@ package driver
import (
"context"
+ "crypto/sha256"
+ "fmt"
"io/fs"
+ "net/http"
"strings"
"time"
+ "github.com/gorilla/sessions"
+ "github.com/hashicorp/go-retryablehttp"
+ "github.com/pkg/errors"
+ "github.com/prometheus/client_golang/prometheus/promhttp"
+ "github.com/rs/cors"
+
+ "github.com/ory/fosite"
+ "github.com/ory/fosite/compose"
+ foauth2 "github.com/ory/fosite/handler/oauth2"
+ "github.com/ory/fosite/handler/openid"
+ "github.com/ory/fosite/handler/rfc8628"
+ "github.com/ory/fosite/token/hmac"
+ "github.com/ory/herodot"
+ "github.com/ory/hydra/v2/aead"
+ "github.com/ory/hydra/v2/driver/config"
+ "github.com/ory/hydra/v2/fositex"
+ "github.com/ory/hydra/v2/internal/kratos"
+ "github.com/ory/hydra/v2/oauth2"
+ "github.com/ory/hydra/v2/persistence"
+ "github.com/ory/hydra/v2/x/oauth2cors"
+ "github.com/ory/x/healthx"
+ "github.com/ory/x/httprouterx"
+ "github.com/ory/x/httpx"
+ "github.com/ory/x/logrusx"
+ "github.com/ory/x/otelx"
+ prometheus "github.com/ory/x/prometheusx"
+
"github.com/gobuffalo/pop/v6"
- _ "github.com/jackc/pgx/v4/stdlib"
+ _ "github.com/jackc/pgx/v5/stdlib"
"github.com/luna-duclos/instrumentedsql"
+ "go.opentelemetry.io/otel/trace"
+
"github.com/ory/hydra/v2/client"
"github.com/ory/hydra/v2/consent"
"github.com/ory/hydra/v2/hsm"
@@ -30,12 +62,58 @@ import (
)
type RegistrySQL struct {
- *RegistryBase
+ l *logrusx.Logger
+ al *logrusx.Logger
+ conf *config.DefaultProvider
+ ch *client.Handler
+ fh fosite.Hasher
+ jwtGrantH *trust.Handler
+ jwtGrantV *trust.GrantValidator
+ kh *jwk.Handler
+ cv *client.Validator
+ ctxer contextx.Contextualizer
+ hh *healthx.Handler
+ migrationStatus *popx.MigrationStatuses
+ kc *aead.AESGCM
+ flowc *aead.XChaCha20Poly1305
+ cos consent.Strategy
+ writer herodot.Writer
+ hsm hsm.Context
+ forv *openid.OpenIDConnectRequestValidator
+ fop fosite.OAuth2Provider
+ coh *consent.Handler
+ oah *oauth2.Handler
+ sia map[string]consent.SubjectIdentifierAlgorithm
+ trc *otelx.Tracer
+ tracerWrapper func(*otelx.Tracer) *otelx.Tracer
+ pmm *prometheus.MetricsManager
+ oa2mw func(h http.Handler) http.Handler
+ arhs []oauth2.AccessRequestHook
+ buildVersion string
+ buildHash string
+ buildDate string
+ r Registry
+ persister persistence.Persister
+ jfs fosite.JWKSFetcherStrategy
+ oc fosite.Configurator
+ oidcs jwk.JWTSigner
+ ats jwk.JWTSigner
+ hmacs foauth2.CoreStrategy
+ enigmaHMAC *hmac.HMACStrategy
+ deviceHmac rfc8628.RFC8628CodeStrategy
+ fc *fositex.Config
+ publicCORS *cors.Cors
+ kratos kratos.Client
+ fositeFactories []fositex.Factory
+
defaultKeyManager jwk.Manager
initialPing func(r *RegistrySQL) error
}
-var _ Registry = new(RegistrySQL)
+var (
+ _ contextx.Provider = (*RegistrySQL)(nil)
+ _ Registry = (*RegistrySQL)(nil)
+)
// defaultInitialPing is the default function that will be called within RegistrySQL.Init to make sure
// the database is reachable. It can be injected for test purposes by changing the value
@@ -48,20 +126,20 @@ var defaultInitialPing = func(m *RegistrySQL) error {
return nil
}
-func init() {
- dbal.RegisterDriver(
- func() dbal.Driver {
- return NewRegistrySQL()
- },
- )
-}
-
-func NewRegistrySQL() *RegistrySQL {
+func NewRegistrySQL(
+ c *config.DefaultProvider,
+ l *logrusx.Logger,
+ version, hash, date string,
+) *RegistrySQL {
r := &RegistrySQL{
- RegistryBase: new(RegistryBase),
+ buildVersion: version,
+ buildHash: hash,
+ buildDate: date,
+ l: l,
+ conf: c,
initialPing: defaultInitialPing,
}
- r.RegistryBase.with(r)
+
return r
}
@@ -198,3 +276,501 @@ func (m *RegistrySQL) SoftwareKeyManager() jwk.Manager {
func (m *RegistrySQL) GrantManager() trust.GrantManager {
return m.Persister()
}
+
+func (m *RegistrySQL) GetJWKSFetcherStrategy() fosite.JWKSFetcherStrategy {
+ if m.jfs == nil {
+ m.jfs = fosite.NewDefaultJWKSFetcherStrategy(fosite.JWKSFetcherWithHTTPClientSource(func(ctx context.Context) *retryablehttp.Client {
+ return m.HTTPClient(ctx)
+ }))
+ }
+ return m.jfs
+}
+
+func (m *RegistrySQL) WithContextualizer(ctxer contextx.Contextualizer) Registry {
+ m.ctxer = ctxer
+ return m
+}
+
+func (m *RegistrySQL) Contextualizer() contextx.Contextualizer {
+ if m.ctxer == nil {
+ panic("registry Contextualizer not set")
+ }
+ return m.ctxer
+}
+
+func (m *RegistrySQL) OAuth2AwareMiddleware() func(h http.Handler) http.Handler {
+ if m.oa2mw == nil {
+ m.oa2mw = oauth2cors.Middleware(m)
+ }
+ return m.oa2mw
+}
+
+func (m *RegistrySQL) addPublicCORSOnHandler(ctx context.Context) func(http.Handler) http.Handler {
+ corsConfig, corsEnabled := m.Config().CORS(ctx, config.PublicInterface)
+ if !corsEnabled {
+ return func(h http.Handler) http.Handler {
+ return h
+ }
+ }
+ if m.publicCORS == nil {
+ m.publicCORS = cors.New(corsConfig)
+ }
+ return func(h http.Handler) http.Handler {
+ return m.publicCORS.Handler(h)
+ }
+}
+
+func (m *RegistrySQL) RegisterRoutes(ctx context.Context, admin *httprouterx.RouterAdmin, public *httprouterx.RouterPublic) {
+ m.HealthHandler().SetHealthRoutes(admin.Router, true)
+ m.HealthHandler().SetVersionRoutes(admin.Router)
+
+ m.HealthHandler().SetHealthRoutes(public.Router, false, healthx.WithMiddleware(m.addPublicCORSOnHandler(ctx)))
+
+ admin.Handler("GET", prometheus.MetricsPrometheusPath, promhttp.Handler())
+
+ m.ConsentHandler().SetRoutes(admin)
+ m.KeyHandler().SetRoutes(admin, public, m.OAuth2AwareMiddleware())
+ m.ClientHandler().SetRoutes(admin, public)
+ m.OAuth2Handler().SetRoutes(admin, public, m.OAuth2AwareMiddleware())
+ m.JWTGrantHandler().SetRoutes(admin)
+}
+
+func (m *RegistrySQL) BuildVersion() string {
+ return m.buildVersion
+}
+
+func (m *RegistrySQL) BuildDate() string {
+ return m.buildDate
+}
+
+func (m *RegistrySQL) BuildHash() string {
+ return m.buildHash
+}
+
+func (m *RegistrySQL) WithConfig(c *config.DefaultProvider) Registry {
+ m.conf = c
+ return m
+}
+
+func (m *RegistrySQL) Writer() herodot.Writer {
+ if m.writer == nil {
+ h := herodot.NewJSONWriter(m.Logger())
+ h.ErrorEnhancer = x.ErrorEnhancer
+ m.writer = h
+ }
+ return m.writer
+}
+
+func (m *RegistrySQL) WithLogger(l *logrusx.Logger) Registry {
+ m.l = l
+ return m
+}
+
+func (m *RegistrySQL) WithTracer(t trace.Tracer) Registry {
+ m.trc = new(otelx.Tracer).WithOTLP(t)
+ return m
+}
+
+func (m *RegistrySQL) WithTracerWrapper(wrapper TracerWrapper) Registry {
+ m.tracerWrapper = wrapper
+ return m
+}
+
+func (m *RegistrySQL) WithKratos(k kratos.Client) Registry {
+ m.kratos = k
+ return m
+}
+
+func (m *RegistrySQL) Logger() *logrusx.Logger {
+ if m.l == nil {
+ m.l = logrusx.New("Ory Hydra", m.BuildVersion())
+ }
+ return m.l
+}
+
+func (m *RegistrySQL) AuditLogger() *logrusx.Logger {
+ if m.al == nil {
+ m.al = logrusx.NewAudit("Ory Hydra", m.BuildVersion())
+ m.al.UseConfig(m.Config().Source(contextx.RootContext))
+ }
+ return m.al
+}
+
+func (m *RegistrySQL) ClientHasher() fosite.Hasher {
+ if m.fh == nil {
+ m.fh = x.NewHasher(m.Config())
+ }
+ return m.fh
+}
+
+func (m *RegistrySQL) ClientHandler() *client.Handler {
+ if m.ch == nil {
+ m.ch = client.NewHandler(m)
+ }
+ return m.ch
+}
+
+func (m *RegistrySQL) ClientValidator() *client.Validator {
+ if m.cv == nil {
+ m.cv = client.NewValidator(m)
+ }
+ return m.cv
+}
+
+func (m *RegistrySQL) KeyHandler() *jwk.Handler {
+ if m.kh == nil {
+ m.kh = jwk.NewHandler(m)
+ }
+ return m.kh
+}
+
+func (m *RegistrySQL) JWTGrantHandler() *trust.Handler {
+ if m.jwtGrantH == nil {
+ m.jwtGrantH = trust.NewHandler(m)
+ }
+ return m.jwtGrantH
+}
+
+func (m *RegistrySQL) GrantValidator() *trust.GrantValidator {
+ if m.jwtGrantV == nil {
+ m.jwtGrantV = trust.NewGrantValidator()
+ }
+ return m.jwtGrantV
+}
+
+func (m *RegistrySQL) HealthHandler() *healthx.Handler {
+ if m.hh == nil {
+ m.hh = healthx.NewHandler(m.Writer(), m.buildVersion, healthx.ReadyCheckers{
+ "database": func(_ *http.Request) error {
+ return m.Ping()
+ },
+ "migrations": func(r *http.Request) error {
+ if m.migrationStatus != nil && !m.migrationStatus.HasPending() {
+ return nil
+ }
+
+ status, err := m.Persister().MigrationStatus(r.Context())
+ if err != nil {
+ return err
+ }
+
+ if status.HasPending() {
+ err := errors.Errorf("migrations have not yet been fully applied: %+v", status)
+ m.Logger().WithField("status", fmt.Sprintf("%+v", status)).WithError(err).Warn("Instance is not yet ready because migrations have not yet been fully applied.")
+ return err
+ }
+
+ m.migrationStatus = &status
+ return nil
+ },
+ })
+ }
+
+ return m.hh
+}
+
+func (m *RegistrySQL) ConsentStrategy() consent.Strategy {
+ if m.cos == nil {
+ m.cos = consent.NewStrategy(m, m.Config())
+ }
+ return m.cos
+}
+
+func (m *RegistrySQL) KeyCipher() *aead.AESGCM {
+ if m.kc == nil {
+ m.kc = aead.NewAESGCM(m.Config())
+ }
+ return m.kc
+}
+
+func (m *RegistrySQL) FlowCipher() *aead.XChaCha20Poly1305 {
+ if m.flowc == nil {
+ m.flowc = aead.NewXChaCha20Poly1305(m.Config())
+ }
+ return m.flowc
+}
+
+func (m *RegistrySQL) CookieStore(ctx context.Context) (sessions.Store, error) {
+ var keys [][]byte
+ secrets, err := m.conf.GetCookieSecrets(ctx)
+ if err != nil {
+ return nil, err
+ }
+
+ for _, k := range secrets {
+ encrypt := sha256.Sum256(k)
+ keys = append(keys, k, encrypt[:])
+ }
+
+ cs := sessions.NewCookieStore(keys...)
+ cs.Options.Secure = m.Config().CookieSecure(ctx)
+ cs.Options.HttpOnly = true
+
+ // CookieStore MaxAge is set to 86400 * 30 by default. This prevents secure cookies retrieval with expiration > 30 days.
+ // MaxAge(0) disables internal MaxAge check by SecureCookie, see:
+ //
+ // https://github.com/ory/hydra/pull/2488#discussion_r618992698
+ cs.MaxAge(0)
+
+ if domain := m.Config().CookieDomain(ctx); domain != "" {
+ cs.Options.Domain = domain
+ }
+
+ cs.Options.Path = "/"
+ if sameSite := m.Config().CookieSameSiteMode(ctx); sameSite != 0 {
+ cs.Options.SameSite = sameSite
+ }
+
+ return cs, nil
+}
+
+func (m *RegistrySQL) HTTPClient(ctx context.Context, opts ...httpx.ResilientOptions) *retryablehttp.Client {
+ opts = append(opts,
+ httpx.ResilientClientWithLogger(m.Logger()),
+ httpx.ResilientClientWithMaxRetry(2),
+ httpx.ResilientClientWithConnectionTimeout(30*time.Second))
+
+ tracer := m.Tracer(ctx)
+ if tracer.IsLoaded() {
+ opts = append(opts, httpx.ResilientClientWithTracer(tracer.Tracer()))
+ }
+
+ if m.Config().ClientHTTPNoPrivateIPRanges() {
+ opts = append(
+ opts,
+ httpx.ResilientClientDisallowInternalIPs(),
+ httpx.ResilientClientAllowInternalIPRequestsTo(m.Config().ClientHTTPPrivateIPExceptionURLs()...),
+ )
+ }
+ return httpx.NewResilientClient(opts...)
+}
+
+func (m *RegistrySQL) OAuth2Provider() fosite.OAuth2Provider {
+ if m.fop != nil {
+ return m.fop
+ }
+
+ m.fop = fosite.NewOAuth2Provider(m.OAuth2Storage(), m.OAuth2ProviderConfig())
+ return m.fop
+}
+
+func (m *RegistrySQL) OpenIDJWTStrategy() jwk.JWTSigner {
+ if m.oidcs != nil {
+ return m.oidcs
+ }
+
+ m.oidcs = jwk.NewDefaultJWTSigner(m.Config(), m, x.OpenIDConnectKeyName)
+ return m.oidcs
+}
+
+func (m *RegistrySQL) AccessTokenJWTStrategy() jwk.JWTSigner {
+ if m.ats != nil {
+ return m.ats
+ }
+
+ m.ats = jwk.NewDefaultJWTSigner(m.Config(), m, x.OAuth2JWTKeyName)
+ return m.ats
+}
+
+func (m *RegistrySQL) OAuth2EnigmaStrategy() *hmac.HMACStrategy {
+ if m.enigmaHMAC != nil {
+ return m.enigmaHMAC
+ }
+
+ m.enigmaHMAC = &hmac.HMACStrategy{Config: m.OAuth2Config()}
+ return m.enigmaHMAC
+}
+
+func (m *RegistrySQL) OAuth2HMACStrategy() foauth2.CoreStrategy {
+ if m.hmacs != nil {
+ return m.hmacs
+ }
+
+ m.hmacs = foauth2.NewHMACSHAStrategy(m.OAuth2EnigmaStrategy(), m.OAuth2Config())
+ return m.hmacs
+}
+
+// RFC8628HMACStrategy returns the rfc8628 strategy
+func (m *RegistrySQL) RFC8628HMACStrategy() rfc8628.RFC8628CodeStrategy {
+ if m.deviceHmac != nil {
+ return m.deviceHmac
+ }
+
+ m.deviceHmac = compose.NewDeviceStrategy(m.OAuth2Config())
+ return m.deviceHmac
+}
+
+func (m *RegistrySQL) OAuth2Config() *fositex.Config {
+ if m.fc != nil {
+ return m.fc
+ }
+
+ m.fc = fositex.NewConfig(m)
+ return m.fc
+}
+
+func (m *RegistrySQL) ExtraFositeFactories() []fositex.Factory {
+ return m.fositeFactories
+}
+
+func (m *RegistrySQL) WithExtraFositeFactories(f []fositex.Factory) Registry {
+ m.fositeFactories = f
+
+ return m
+}
+
+func (m *RegistrySQL) OAuth2ProviderConfig() fosite.Configurator {
+ if m.oc != nil {
+ return m.oc
+ }
+
+ conf := m.OAuth2Config()
+ hmacAtStrategy := m.OAuth2HMACStrategy()
+ deviceHmacAtStrategy := m.RFC8628HMACStrategy()
+ oidcSigner := m.OpenIDJWTStrategy()
+ atSigner := m.AccessTokenJWTStrategy()
+ jwtAtStrategy := &foauth2.DefaultJWTStrategy{
+ Signer: atSigner,
+ HMACSHAStrategy: hmacAtStrategy,
+ Config: conf,
+ }
+
+ conf.LoadDefaultHandlers(&compose.CommonStrategy{
+ CoreStrategy: fositex.NewTokenStrategy(m.Config(), hmacAtStrategy, &foauth2.DefaultJWTStrategy{
+ Signer: jwtAtStrategy,
+ HMACSHAStrategy: hmacAtStrategy,
+ Config: conf,
+ }),
+ RFC8628CodeStrategy: deviceHmacAtStrategy,
+ OpenIDConnectTokenStrategy: &openid.DefaultStrategy{
+ Config: conf,
+ Signer: oidcSigner,
+ },
+ Signer: oidcSigner,
+ })
+
+ m.oc = conf
+ return m.oc
+}
+
+func (m *RegistrySQL) OpenIDConnectRequestValidator() *openid.OpenIDConnectRequestValidator {
+ if m.forv == nil {
+ m.forv = openid.NewOpenIDConnectRequestValidator(&openid.DefaultStrategy{
+ Config: m.OAuth2ProviderConfig(),
+ Signer: m.OpenIDJWTStrategy(),
+ }, m.OAuth2ProviderConfig())
+ }
+ return m.forv
+}
+
+func (m *RegistrySQL) AudienceStrategy() fosite.AudienceMatchingStrategy {
+ return fosite.DefaultAudienceMatchingStrategy
+}
+
+func (m *RegistrySQL) ConsentHandler() *consent.Handler {
+ if m.coh == nil {
+ m.coh = consent.NewHandler(m, m.Config())
+ }
+ return m.coh
+}
+
+func (m *RegistrySQL) OAuth2Handler() *oauth2.Handler {
+ if m.oah == nil {
+ m.oah = oauth2.NewHandler(m, m.Config())
+ }
+ return m.oah
+}
+
+func (m *RegistrySQL) SubjectIdentifierAlgorithm(ctx context.Context) map[string]consent.SubjectIdentifierAlgorithm {
+ if m.sia == nil {
+ m.sia = map[string]consent.SubjectIdentifierAlgorithm{}
+ for _, t := range m.Config().SubjectTypesSupported(ctx) {
+ switch t {
+ case "public":
+ m.sia["public"] = consent.NewSubjectIdentifierAlgorithmPublic()
+ case "pairwise":
+ m.sia["pairwise"] = consent.NewSubjectIdentifierAlgorithmPairwise([]byte(m.Config().SubjectIdentifierAlgorithmSalt(ctx)))
+ }
+ }
+ }
+ return m.sia
+}
+
+func (m *RegistrySQL) Tracer(_ context.Context) *otelx.Tracer {
+ if m.trc == nil {
+ t, err := otelx.New("Ory Hydra", m.l, m.conf.Tracing())
+ if err != nil {
+ m.Logger().WithError(err).Error("Unable to initialize Tracer.")
+ } else {
+ // Wrap the tracer if required
+ if m.tracerWrapper != nil {
+ t = m.tracerWrapper(t)
+ }
+
+ m.trc = t
+ }
+ }
+ if m.trc.Tracer() == nil {
+ m.trc = otelx.NewNoop(m.l, m.Config().Tracing())
+ }
+
+ return m.trc
+}
+
+func (m *RegistrySQL) PrometheusManager() *prometheus.MetricsManager {
+ if m.pmm == nil {
+ m.pmm = prometheus.NewMetricsManagerWithPrefix("hydra", prometheus.HTTPMetrics, m.buildVersion, m.buildHash, m.buildDate)
+ }
+ return m.pmm
+}
+
+func (m *RegistrySQL) Persister() persistence.Persister {
+ return m.persister
+}
+
+// Config returns the configuration for the given context. It may or may not be the same as the global configuration.
+func (m *RegistrySQL) Config() *config.DefaultProvider {
+ return m.conf
+}
+
+// WithOAuth2Provider forces an oauth2 provider which is only used for testing.
+func (m *RegistrySQL) WithOAuth2Provider(f fosite.OAuth2Provider) {
+ m.fop = f
+}
+
+// WithConsentStrategy forces a consent strategy which is only used for testing.
+func (m *RegistrySQL) WithConsentStrategy(c consent.Strategy) {
+ m.cos = c
+}
+
+func (m *RegistrySQL) AccessRequestHooks() []oauth2.AccessRequestHook {
+ if m.arhs == nil {
+ m.arhs = []oauth2.AccessRequestHook{
+ oauth2.RefreshTokenHook(m),
+ oauth2.TokenHook(m),
+ }
+ }
+ return m.arhs
+}
+
+func (m *RegistrySQL) WithHsmContext(h hsm.Context) {
+ m.hsm = h
+}
+
+func (m *RegistrySQL) HSMContext() hsm.Context {
+ if m.hsm == nil {
+ m.hsm = hsm.NewContext(m.Config(), m.l)
+ }
+ return m.hsm
+}
+
+func (m *RegistrySQL) ClientAuthenticator() x.ClientAuthenticator {
+ return m.OAuth2Provider().(*fosite.Fosite)
+}
+
+func (m *RegistrySQL) Kratos() kratos.Client {
+ if m.kratos == nil {
+ m.kratos = kratos.New(m)
+ }
+ return m.kratos
+}
diff --git a/driver/registry_sql_test.go b/driver/registry_sql_test.go
index d4a88ef0b9d..38bc27f0746 100644
--- a/driver/registry_sql_test.go
+++ b/driver/registry_sql_test.go
@@ -21,8 +21,112 @@ import (
"github.com/ory/x/errorsx"
"github.com/ory/x/logrusx"
"github.com/ory/x/sqlcon/dockertest"
+
+ "errors"
+ "fmt"
+ "io"
+ "net/http"
+ "net/http/httptest"
+
+ "github.com/ory/x/randx"
+
+ "github.com/ory/x/httpx"
+
+ "github.com/gorilla/sessions"
+ "github.com/sirupsen/logrus"
+ "github.com/sirupsen/logrus/hooks/test"
)
+func TestGetJWKSFetcherStrategyHostEnforcment(t *testing.T) {
+ ctx := context.Background()
+ l := logrusx.New("", "")
+ c := config.MustNew(context.Background(), l, configx.WithConfigFiles("../internal/.hydra.yaml"))
+ c.MustSet(ctx, config.KeyDSN, "memory")
+ c.MustSet(ctx, config.HSMEnabled, "false")
+ c.MustSet(ctx, config.KeyClientHTTPNoPrivateIPRanges, true)
+
+ registry, err := NewRegistryWithoutInit(c, l)
+ require.NoError(t, err)
+
+ _, err = registry.GetJWKSFetcherStrategy().Resolve(ctx, "http://localhost:8080", true)
+ require.ErrorAs(t, err, new(httpx.ErrPrivateIPAddressDisallowed))
+}
+
+func TestRegistrySQL_newKeyStrategy_handlesNetworkError(t *testing.T) {
+ // Test ensures any network specific error is logged with a
+ // specific message when attempting to create a new key strategy: issue #2338
+
+ hook := test.Hook{} // Test hook for asserting log messages
+ ctx := context.Background()
+
+ l := logrusx.New("", "", logrusx.WithHook(&hook))
+ l.Logrus().SetOutput(io.Discard)
+ l.Logrus().ExitFunc = func(int) {} // Override the exit func to avoid call to os.Exit
+
+ // Create a config and set a valid but unresolvable DSN
+ c := config.MustNew(context.Background(), l, configx.WithConfigFiles("../internal/.hydra.yaml"))
+ c.MustSet(ctx, config.KeyDSN, "postgres://user:password@127.0.0.1:9999/postgres")
+ c.MustSet(ctx, config.HSMEnabled, "false")
+
+ registry, err := NewRegistryWithoutInit(c, l)
+ if err != nil {
+ t.Errorf("Failed to create registry: %s", err)
+ return
+ }
+
+ r := registry.(*RegistrySQL)
+ r.initialPing = failedPing(errors.New("snizzles"))
+
+ _ = r.Init(context.Background(), true, false, &contextx.TestContextualizer{}, nil, nil)
+
+ assert.Equal(t, logrus.FatalLevel, hook.LastEntry().Level)
+ assert.Contains(t, hook.LastEntry().Message, "snizzles")
+}
+
+func TestRegistrySQL_CookieStore_MaxAgeZero(t *testing.T) {
+ // Test ensures that CookieStore MaxAge option is equal to zero after initialization
+
+ ctx := context.Background()
+ r := new(RegistrySQL)
+ r.WithConfig(config.MustNew(context.Background(), logrusx.New("", ""), configx.WithValue(config.KeyGetSystemSecret, []string{randx.MustString(32, randx.AlphaNum)})))
+
+ s, err := r.CookieStore(ctx)
+ require.NoError(t, err)
+ cs := s.(*sessions.CookieStore)
+
+ assert.Equal(t, cs.Options.MaxAge, 0)
+}
+
+func TestRegistrySQL_HTTPClient(t *testing.T) {
+ ts := httptest.NewServer(http.HandlerFunc(func(writer http.ResponseWriter, _ *http.Request) {
+ writer.WriteHeader(http.StatusOK)
+ }))
+ defer ts.Close()
+
+ t.Setenv("CLIENTS_HTTP_PRIVATE_IP_EXCEPTION_URLS", fmt.Sprintf("[%q]", ts.URL+"/exception/*"))
+
+ ctx := context.Background()
+ r := new(RegistrySQL)
+ r.WithConfig(config.MustNew(
+ ctx,
+ logrusx.New("", ""),
+ configx.WithValues(map[string]interface{}{
+ config.KeyClientHTTPNoPrivateIPRanges: true,
+ }),
+ ))
+
+ t.Run("case=matches exception glob", func(t *testing.T) {
+ res, err := r.HTTPClient(ctx).Get(ts.URL + "/exception/foo")
+ require.NoError(t, err)
+ assert.Equal(t, 200, res.StatusCode)
+ })
+
+ t.Run("case=does not match exception glob", func(t *testing.T) {
+ _, err := r.HTTPClient(ctx).Get(ts.URL + "/foo")
+ require.Error(t, err)
+ })
+}
+
func TestDefaultKeyManager_HsmDisabled(t *testing.T) {
l := logrusx.New("", "")
c := config.MustNew(context.Background(), l, configx.SkipValidation())
diff --git a/flow/.snapshots/TestAcceptOAuth2ConsentRequestSession_MarshalJSON.json b/flow/.snapshots/TestAcceptOAuth2ConsentRequestSession_MarshalJSON.json
new file mode 100644
index 00000000000..5a8c295bfab
--- /dev/null
+++ b/flow/.snapshots/TestAcceptOAuth2ConsentRequestSession_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"access_token\":{},\"id_token\":{}}"
diff --git a/flow/.snapshots/TestAcceptOAuth2ConsentRequest_MarshalJSON.json b/flow/.snapshots/TestAcceptOAuth2ConsentRequest_MarshalJSON.json
new file mode 100644
index 00000000000..1e75db45a81
--- /dev/null
+++ b/flow/.snapshots/TestAcceptOAuth2ConsentRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"grant_scope\":[],\"grant_access_token_audience\":[],\"session\":null,\"remember\":false,\"remember_for\":0,\"handled_at\":null,\"context\":{}}"
diff --git a/flow/.snapshots/TestHandledLoginRequest_MarshalJSON.json b/flow/.snapshots/TestHandledLoginRequest_MarshalJSON.json
new file mode 100644
index 00000000000..e49c8bdcde2
--- /dev/null
+++ b/flow/.snapshots/TestHandledLoginRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"remember\":false,\"remember_for\":0,\"extend_session_lifespan\":false,\"acr\":\"\",\"amr\":[],\"subject\":\"\",\"force_subject_identifier\":\"\",\"context\":{}}"
diff --git a/flow/.snapshots/TestLoginRequest_MarshalJSON.json b/flow/.snapshots/TestLoginRequest_MarshalJSON.json
new file mode 100644
index 00000000000..b74c562e2ce
--- /dev/null
+++ b/flow/.snapshots/TestLoginRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"challenge\":\"\",\"requested_scope\":[],\"requested_access_token_audience\":[],\"skip\":false,\"subject\":\"\",\"oidc_context\":null,\"client\":null,\"request_url\":\"\",\"session_id\":\"\"}"
diff --git a/flow/.snapshots/TestLogoutRequest_MarshalJSON.json b/flow/.snapshots/TestLogoutRequest_MarshalJSON.json
new file mode 100644
index 00000000000..4132efb0269
--- /dev/null
+++ b/flow/.snapshots/TestLogoutRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"challenge\":\"\",\"subject\":\"\",\"request_url\":\"\",\"rp_initiated\":false,\"expires_at\":null,\"requested_at\":null,\"client\":null}"
diff --git a/flow/.snapshots/TestOAuth2ConsentRequestOpenIDConnectContext_MarshalJSON.json b/flow/.snapshots/TestOAuth2ConsentRequestOpenIDConnectContext_MarshalJSON.json
new file mode 100644
index 00000000000..71829adca73
--- /dev/null
+++ b/flow/.snapshots/TestOAuth2ConsentRequestOpenIDConnectContext_MarshalJSON.json
@@ -0,0 +1 @@
+"{}"
diff --git a/flow/.snapshots/TestOAuth2ConsentRequest_MarshalJSON.json b/flow/.snapshots/TestOAuth2ConsentRequest_MarshalJSON.json
new file mode 100644
index 00000000000..58c3808115d
--- /dev/null
+++ b/flow/.snapshots/TestOAuth2ConsentRequest_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"challenge\":\"\",\"requested_scope\":[],\"requested_access_token_audience\":[],\"skip\":false,\"subject\":\"\",\"oidc_context\":null,\"client\":null,\"request_url\":\"\",\"login_challenge\":\"\",\"login_session_id\":\"\",\"device_challenge_id\":\"\",\"acr\":\"\",\"amr\":[]}"
diff --git a/flow/.snapshots/TestOAuth2ConsentSession_MarshalJSON.json b/flow/.snapshots/TestOAuth2ConsentSession_MarshalJSON.json
new file mode 100644
index 00000000000..c08b431eac6
--- /dev/null
+++ b/flow/.snapshots/TestOAuth2ConsentSession_MarshalJSON.json
@@ -0,0 +1 @@
+"{\"grant_scope\":[],\"grant_access_token_audience\":[],\"session\":null,\"remember\":false,\"remember_for\":0,\"handled_at\":null,\"context\":{},\"consent_request\":null}"
diff --git a/flow/consent_types.go b/flow/consent_types.go
index 0f6237b7dc7..b93d238b245 100644
--- a/flow/consent_types.go
+++ b/flow/consent_types.go
@@ -23,6 +23,7 @@ import (
)
const (
+ DeviceRequestDeniedErrorName = "device request denied"
ConsentRequestDeniedErrorName = "consent request denied"
LoginRequestDeniedErrorName = "login request denied"
)
@@ -174,6 +175,11 @@ type AcceptOAuth2ConsentRequest struct {
// the flow.
WasHandled bool `json:"-"`
+ // Context is an optional object which can hold arbitrary data. The data will be made available when fetching the
+ // consent request under the "context" field. This is useful in scenarios where login and consent endpoints share
+ // data.
+ Context sqlxx.JSONRawMessage `json:"context"`
+
ConsentRequest *OAuth2ConsentRequest `json:"-"`
Error *RequestDeniedError `json:"-"`
RequestedAt time.Time `json:"-"`
@@ -183,6 +189,25 @@ type AcceptOAuth2ConsentRequest struct {
SessionAccessToken sqlxx.MapStringInterface `json:"-" faker:"-"`
}
+func (r *AcceptOAuth2ConsentRequest) MarshalJSON() ([]byte, error) {
+ type Alias AcceptOAuth2ConsentRequest
+ alias := Alias(*r)
+
+ if alias.Context == nil {
+ alias.Context = []byte("{}")
+ }
+
+ if alias.GrantedScope == nil {
+ alias.GrantedScope = []string{}
+ }
+
+ if alias.GrantedAudience == nil {
+ alias.GrantedAudience = []string{}
+ }
+
+ return json.Marshal(alias)
+}
+
func (r *AcceptOAuth2ConsentRequest) HasError() bool {
return r.Error.IsError()
}
@@ -240,6 +265,11 @@ type OAuth2ConsentSession struct {
// the flow.
WasHandled bool `json:"-" db:"was_used"`
+ // Context is an optional object which can hold arbitrary data. The data will be made available when fetching the
+ // consent request under the "context" field. This is useful in scenarios where login and consent endpoints share
+ // data.
+ Context sqlxx.JSONRawMessage `json:"context"`
+
// Consent Request
//
// The consent request that lead to this consent session.
@@ -253,6 +283,25 @@ type OAuth2ConsentSession struct {
SessionAccessToken sqlxx.MapStringInterface `db:"session_access_token" json:"-"`
}
+func (r *OAuth2ConsentSession) MarshalJSON() ([]byte, error) {
+ type Alias OAuth2ConsentSession
+ alias := Alias(*r)
+
+ if alias.Context == nil {
+ alias.Context = []byte("{}")
+ }
+
+ if alias.GrantedScope == nil {
+ alias.GrantedScope = []string{}
+ }
+
+ if alias.GrantedAudience == nil {
+ alias.GrantedAudience = []string{}
+ }
+
+ return json.Marshal(alias)
+}
+
// HandledLoginRequest is the request payload used to accept a login request.
//
// swagger:model acceptOAuth2LoginRequest
@@ -335,6 +384,20 @@ type HandledLoginRequest struct {
AuthenticatedAt sqlxx.NullTime `json:"-"`
}
+func (r *HandledLoginRequest) MarshalJSON() ([]byte, error) {
+ type Alias HandledLoginRequest
+ alias := Alias(*r)
+ if alias.Context == nil {
+ alias.Context = []byte("{}")
+ }
+
+ if alias.AMR == nil {
+ alias.AMR = []string{}
+ }
+
+ return json.Marshal(alias)
+}
+
func (r *HandledLoginRequest) HasError() bool {
return r.Error.IsError()
}
@@ -382,6 +445,24 @@ type OAuth2ConsentRequestOpenIDConnectContext struct {
LoginHint string `json:"login_hint,omitempty"`
}
+func (n *OAuth2ConsentRequestOpenIDConnectContext) MarshalJSON() ([]byte, error) {
+ type Alias OAuth2ConsentRequestOpenIDConnectContext
+ alias := Alias(*n)
+ if alias.IDTokenHintClaims == nil {
+ alias.IDTokenHintClaims = map[string]interface{}{}
+ }
+
+ if alias.ACRValues == nil {
+ alias.ACRValues = []string{}
+ }
+
+ if alias.UILocales == nil {
+ alias.UILocales = []string{}
+ }
+
+ return json.Marshal(alias)
+}
+
func (n *OAuth2ConsentRequestOpenIDConnectContext) Scan(value interface{}) error {
v := fmt.Sprintf("%s", value)
if len(v) == 0 {
@@ -427,6 +508,8 @@ type LogoutRequest struct {
Accepted bool `json:"-" db:"accepted"`
Rejected bool `db:"rejected" json:"-"`
ClientID sql.NullString `json:"-" db:"client_id"`
+ ExpiresAt sqlxx.NullTime `json:"expires_at" db:"expires_at"`
+ RequestedAt sqlxx.NullTime `json:"requested_at" db:"requested_at"`
Client *client.Client `json:"client" db:"-"`
}
@@ -460,6 +543,66 @@ type LogoutResult struct {
FrontChannelLogoutURLs []string
}
+// Contains information on an ongoing device grant request.
+//
+// swagger:model DeviceUserAuthRequest
+type DeviceUserAuthRequest struct {
+ // ID is the identifier ("device challenge") of the device grant request. It is used to
+ // identify the session.
+ //
+ // required: true
+ ID string `json:"challenge"`
+ CSRF string `json:"-"`
+ Verifier string `json:"-"`
+
+ // Client is the OAuth 2.0 Client that initiated the request.
+ Client *client.Client `json:"client"`
+ // RequestURL is the original Device Authorization URL requested.
+ RequestURL string `json:"request_url"`
+
+ // RequestedScope contains the OAuth 2.0 Scope requested by the OAuth 2.0 Client.
+ RequestedScope sqlxx.StringSliceJSONFormat `json:"requested_scope"`
+ // RequestedAudience contains the access token audience as requested by the OAuth 2.0 Client.
+ RequestedAudience sqlxx.StringSliceJSONFormat `json:"requested_access_token_audience"`
+
+ RequestedAt time.Time `json:"-"`
+ HandledAt sqlxx.NullTime `json:"handled_at"`
+ WasHandled bool `json:"-"`
+}
+
+// HandledDeviceUserAuthRequest is the request payload used to accept a device user_code.
+//
+// swagger:model verifyUserCodeRequest
+type HandledDeviceUserAuthRequest struct {
+ // ID is the identifier ("device challenge") of the device request. It is used to
+ // identify the session.
+ ID string `json:"challenge"`
+
+ Request *DeviceUserAuthRequest `json:"-" faker:"-"`
+ // RequestURL is the original Device Authorization URL requested.
+ RequestURL string `json:"request_url"`
+ // RequestedScope contains the OAuth 2.0 Scope requested by the OAuth 2.0 Client.
+ RequestedScope sqlxx.StringSliceJSONFormat `json:"requested_scope"`
+ // RequestedAudience contains the access token audience as requested by the OAuth 2.0 Client.
+ RequestedAudience sqlxx.StringSliceJSONFormat `json:"requested_access_token_audience"`
+
+ DeviceCodeRequestID string `json:"device_code_request_id"`
+
+ // Client is the OAuth 2.0 Client that initiated the request.
+ Client *client.Client `json:"client"`
+
+ RequestedAt time.Time `json:"-"`
+
+ HandledAt sqlxx.NullTime `json:"handled_at"`
+ WasHandled bool `json:"-"`
+ Error *RequestDeniedError `json:"-"`
+}
+
+// HasError returns whether the request has errors.
+func (r *HandledDeviceUserAuthRequest) HasError() bool {
+ return r.Error.IsError()
+}
+
// Contains information on an ongoing login request.
//
// swagger:model oAuth2LoginRequest
@@ -529,6 +672,27 @@ type LoginRequest struct {
RequestedAt time.Time `json:"-"`
}
+func (r *LoginRequest) MarshalJSON() ([]byte, error) {
+ type Alias LoginRequest
+ alias := Alias(*r)
+ if alias.RequestedScope == nil {
+ alias.RequestedScope = []string{}
+ }
+
+ if alias.RequestedAudience == nil {
+ alias.RequestedAudience = []string{}
+ }
+
+ return json.Marshal(alias)
+}
+
+// Contains information on an device verification
+//
+// swagger:model acceptDeviceUserCodeRequest
+type AcceptDeviceUserCodeRequest struct {
+ UserCode string `json:"user_code"`
+}
+
// Contains information on an ongoing consent request.
//
// swagger:model oAuth2ConsentRequest
@@ -577,6 +741,9 @@ type OAuth2ConsentRequest struct {
// channel logout. It's value can generally be used to associate consecutive login requests by a certain user.
LoginSessionID sqlxx.NullString `json:"login_session_id"`
+ // DeviceChallenge is the device challenge this consent challenge belongs to, if this flow was initiated by a device.
+ DeviceChallenge sqlxx.NullString `json:"device_challenge_id" faker:"-"`
+
// ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
// to express that, for example, a user authenticated using two factor authentication.
ACR string `json:"acr"`
@@ -604,6 +771,24 @@ type OAuth2ConsentRequest struct {
RequestedAt time.Time `json:"-"`
}
+func (r *OAuth2ConsentRequest) MarshalJSON() ([]byte, error) {
+ type Alias OAuth2ConsentRequest
+ alias := Alias(*r)
+ if alias.RequestedScope == nil {
+ alias.RequestedScope = []string{}
+ }
+
+ if alias.RequestedAudience == nil {
+ alias.RequestedAudience = []string{}
+ }
+
+ if alias.AMR == nil {
+ alias.AMR = []string{}
+ }
+
+ return json.Marshal(alias)
+}
+
// Pass session data to a consent request.
//
// swagger:model acceptOAuth2ConsentRequestSession
@@ -626,3 +811,16 @@ func NewConsentRequestSessionData() *AcceptOAuth2ConsentRequestSession {
IDToken: map[string]interface{}{},
}
}
+
+func (r *AcceptOAuth2ConsentRequestSession) MarshalJSON() ([]byte, error) {
+ type Alias AcceptOAuth2ConsentRequestSession
+ alias := Alias(*r)
+ if alias.AccessToken == nil {
+ alias.AccessToken = map[string]interface{}{}
+ }
+
+ if alias.IDToken == nil {
+ alias.IDToken = map[string]interface{}{}
+ }
+ return json.Marshal(alias)
+}
diff --git a/flow/consent_types_test.go b/flow/consent_types_test.go
index 116b0f328bb..25261a04ac6 100644
--- a/flow/consent_types_test.go
+++ b/flow/consent_types_test.go
@@ -4,9 +4,12 @@
package flow
import (
+ "encoding/json"
"fmt"
"testing"
+ "github.com/ory/x/snapshotx"
+
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
@@ -66,3 +69,51 @@ func TestRequestDeniedError(t *testing.T) {
require.NoError(t, err)
assert.EqualValues(t, "{}", fmt.Sprintf("%v", v))
}
+
+func TestAcceptOAuth2ConsentRequest_MarshalJSON(t *testing.T) {
+ out, err := json.Marshal(new(AcceptOAuth2ConsentRequest))
+ require.NoError(t, err)
+ snapshotx.SnapshotT(t, string(out))
+}
+
+func TestOAuth2ConsentSession_MarshalJSON(t *testing.T) {
+ out, err := json.Marshal(new(OAuth2ConsentSession))
+ require.NoError(t, err)
+ snapshotx.SnapshotT(t, string(out))
+}
+
+func TestHandledLoginRequest_MarshalJSON(t *testing.T) {
+ out, err := json.Marshal(new(HandledLoginRequest))
+ require.NoError(t, err)
+ snapshotx.SnapshotT(t, string(out))
+}
+
+func TestOAuth2ConsentRequestOpenIDConnectContext_MarshalJSON(t *testing.T) {
+ out, err := json.Marshal(new(OAuth2ConsentRequestOpenIDConnectContext))
+ require.NoError(t, err)
+ snapshotx.SnapshotT(t, string(out))
+}
+
+func TestLogoutRequest_MarshalJSON(t *testing.T) {
+ out, err := json.Marshal(new(LogoutRequest))
+ require.NoError(t, err)
+ snapshotx.SnapshotT(t, string(out))
+}
+
+func TestLoginRequest_MarshalJSON(t *testing.T) {
+ out, err := json.Marshal(new(LoginRequest))
+ require.NoError(t, err)
+ snapshotx.SnapshotT(t, string(out))
+}
+
+func TestOAuth2ConsentRequest_MarshalJSON(t *testing.T) {
+ out, err := json.Marshal(new(OAuth2ConsentRequest))
+ require.NoError(t, err)
+ snapshotx.SnapshotT(t, string(out))
+}
+
+func TestAcceptOAuth2ConsentRequestSession_MarshalJSON(t *testing.T) {
+ out, err := json.Marshal(new(AcceptOAuth2ConsentRequestSession))
+ require.NoError(t, err)
+ snapshotx.SnapshotT(t, string(out))
+}
diff --git a/flow/error.go b/flow/error.go
new file mode 100644
index 00000000000..a6793b633b5
--- /dev/null
+++ b/flow/error.go
@@ -0,0 +1,8 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package flow
+
+import "github.com/ory/fosite"
+
+var ErrorLogoutFlowExpired = fosite.ErrRequestUnauthorized.WithHint("The logout request has expired, please try the flow again.")
diff --git a/flow/flow.go b/flow/flow.go
index 7e8eeb077c8..f424f707f7c 100644
--- a/flow/flow.go
+++ b/flow/flow.go
@@ -24,6 +24,10 @@ import (
//
// graph TD
//
+// DEVICE_INITIALIZED --> DEVICE_UNUSED
+// DEVICE_UNUSED --> DEVICE_USED
+// DEVICE_UNUSED --> DEVICE_ERROR
+// DEVICE_USED --> LOGIN_INITIALIZED
// LOGIN_INITIALIZED --> LOGIN_UNUSED
// LOGIN_UNUSED --> LOGIN_USED
// LOGIN_UNUSED --> LOGIN_ERROR
@@ -53,6 +57,19 @@ const (
FlowStateConsentUnused = int16(5)
FlowStateConsentUsed = int16(6)
+ // DeviceFlowStateLoginInitialized applies before the login app either
+ // accepts or rejects the login request.
+ DeviceFlowStateInitialized = int16(7)
+
+ // DeviceFlowStateUnused indicates that the login has been authenticated, but
+ // the User Agent hasn't picked up the result yet.
+ DeviceFlowStateUnused = int16(8)
+
+ // DeviceFlowStateUsed indicates that the User Agent is requesting consent and
+ // Hydra has invalidated the login request. This is a short-lived state
+ // because the transition to DeviceFlowStateConsentInitialized should happen while
+ // handling the request that triggered the transition to DeviceFlowStateUsed.
+ DeviceFlowStateUsed = int16(9)
// TODO: Refactor error handling to persist error codes instead of JSON
// strings. Currently we persist errors as JSON strings in the LoginError
@@ -65,6 +82,7 @@ const (
// If the above is implemented, merge the LoginError and ConsentError fields
// and use the following FlowStates when converting to/from
// [Handled]{Login|Consent}Request:
+ DeviceFlowStateError = int16(127)
FlowStateLoginError = int16(128)
FlowStateConsentError = int16(129)
)
@@ -84,18 +102,18 @@ type Flow struct {
// identify the session.
//
// required: true
- ID string `db:"login_challenge"`
- NID uuid.UUID `db:"nid"`
+ ID string `db:"login_challenge" json:"i"`
+ NID uuid.UUID `db:"nid" json:"n"`
// RequestedScope contains the OAuth 2.0 Scope requested by the OAuth 2.0 Client.
//
// required: true
- RequestedScope sqlxx.StringSliceJSONFormat `db:"requested_scope"`
+ RequestedScope sqlxx.StringSliceJSONFormat `db:"requested_scope" json:"rs,omitempty"`
// RequestedAudience contains the access token audience as requested by the OAuth 2.0 Client.
//
// required: true
- RequestedAudience sqlxx.StringSliceJSONFormat `db:"requested_at_audience"`
+ RequestedAudience sqlxx.StringSliceJSONFormat `db:"requested_at_audience" json:"ra,omitempty"`
// LoginSkip, if true, implies that the client has requested the same scopes from the same user previously.
// If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.
@@ -103,73 +121,72 @@ type Flow struct {
// This feature allows you to update / set session information.
//
// required: true
- LoginSkip bool `db:"login_skip"`
+ LoginSkip bool `db:"login_skip" json:"ls,omitempty"`
// Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope
// requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type
// when accepting the login request, or the request will fail.
//
// required: true
- Subject string `db:"subject"`
+ Subject string `db:"subject" json:"s,omitempty"`
// OpenIDConnectContext provides context for the (potential) OpenID Connect context. Implementation of these
// values in your app are optional but can be useful if you want to be fully compliant with the OpenID Connect spec.
- OpenIDConnectContext *OAuth2ConsentRequestOpenIDConnectContext `db:"oidc_context"`
+ OpenIDConnectContext *OAuth2ConsentRequestOpenIDConnectContext `db:"oidc_context" json:"oc"`
// Client is the OAuth 2.0 Client that initiated the request.
//
// required: true
- Client *client.Client `db:"-"`
-
- ClientID string `db:"client_id"`
+ Client *client.Client `db:"-" json:"c,omitempty"`
+ ClientID string `db:"client_id" json:"ci,omitempty"`
// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which
// initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but
// might come in handy if you want to deal with additional request parameters.
//
// required: true
- RequestURL string `db:"request_url"`
+ RequestURL string `db:"request_url" json:"r,omitempty"`
// SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag)
// this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false)
// this will be a new random value. This value is used as the "sid" parameter in the ID Token and in OIDC Front-/Back-
// channel logout. Its value can generally be used to associate consecutive login requests by a certain user.
- SessionID sqlxx.NullString `db:"login_session_id"`
+ SessionID sqlxx.NullString `db:"login_session_id" json:"si,omitempty"`
// IdentityProviderSessionID is the session ID of the end-user that authenticated.
// If specified, we will use this value to propagate the logout.
- IdentityProviderSessionID sqlxx.NullString `db:"identity_provider_session_id"`
+ IdentityProviderSessionID sqlxx.NullString `db:"identity_provider_session_id" json:"is,omitempty"`
- LoginVerifier string `db:"login_verifier"`
- LoginCSRF string `db:"login_csrf"`
+ LoginVerifier string `db:"login_verifier" json:"lv,omitempty"`
+ LoginCSRF string `db:"login_csrf" json:"lc,omitempty"`
- LoginInitializedAt sqlxx.NullTime `db:"login_initialized_at"`
- RequestedAt time.Time `db:"requested_at"`
+ LoginInitializedAt sqlxx.NullTime `db:"login_initialized_at" json:"li,omitempty"`
+ RequestedAt time.Time `db:"requested_at" json:"ia,omitempty"`
- State int16 `db:"state"`
+ State int16 `db:"state" json:"q,omitempty"`
// LoginRemember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store
// a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she
// will not be asked to log in again.
- LoginRemember bool `db:"login_remember"`
+ LoginRemember bool `db:"login_remember" json:"lr,omitempty"`
// LoginRememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the
// authorization will be remembered for the duration of the browser session (using a session cookie).
- LoginRememberFor int `db:"login_remember_for"`
+ LoginRememberFor int `db:"login_remember_for" json:"lf,omitempty"`
// LoginExtendSessionLifespan, if set to true, session cookie expiry time will be updated when session is
// refreshed (login skip=true).
- LoginExtendSessionLifespan bool `db:"login_extend_session_lifespan"`
+ LoginExtendSessionLifespan bool `db:"login_extend_session_lifespan" json:"ll,omitempty"`
// ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
// to express that, for example, a user authenticated using two factor authentication.
- ACR string `db:"acr"`
+ ACR string `db:"acr" json:"a,omitempty"`
// AMR sets the Authentication Methods References value for this
// authentication session. You can use it to specify the method a user used to
// authenticate. For example, if the acr indicates a user used two factor
// authentication, the amr can express they used a software-secured key.
- AMR sqlxx.StringSliceJSONFormat `db:"amr"`
+ AMR sqlxx.StringSliceJSONFormat `db:"amr" json:"am,omitempty"`
// ForceSubjectIdentifier forces the "pairwise" user ID of the end-user that authenticated. The "pairwise" user ID refers to the
// (Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID
@@ -188,58 +205,173 @@ type Flow struct {
// other unique value).
//
// If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail.
- ForceSubjectIdentifier string `db:"forced_subject_identifier"`
+ ForceSubjectIdentifier string `db:"forced_subject_identifier" json:"fs,omitempty"`
// Context is an optional object which can hold arbitrary data. The data will be made available when fetching the
// consent request under the "context" field. This is useful in scenarios where login and consent endpoints share
// data.
- Context sqlxx.JSONRawMessage `db:"context"`
+ Context sqlxx.JSONRawMessage `db:"context" json:"ct"`
// LoginWasUsed set to true means that the login request was already handled.
// This can happen on form double-submit or other errors. If this is set we
// recommend redirecting the user to `request_url` to re-initiate the flow.
- LoginWasUsed bool `db:"login_was_used"`
-
- LoginError *RequestDeniedError `db:"login_error"`
- LoginAuthenticatedAt sqlxx.NullTime `db:"login_authenticated_at"`
+ LoginWasUsed bool `db:"login_was_used" json:"lu,omitempty"`
+
+ LoginError *RequestDeniedError `db:"login_error" json:"le,omitempty"`
+ LoginAuthenticatedAt sqlxx.NullTime `db:"login_authenticated_at" json:"la,omitempty"`
+
+ // DeviceChallengeID is the device request's challenge ID
+ DeviceChallengeID sqlxx.NullString `db:"device_challenge_id" json:"di,omitempty"`
+ // DeviceCodeRequestID is the device request's ID
+ DeviceCodeRequestID sqlxx.NullString `db:"device_code_request_id" json:"dr,omitempty"`
+ // DeviceVerifier is the device request's verifier
+ DeviceVerifier sqlxx.NullString `db:"device_verifier" json:"dv,omitempty"`
+ // DeviceVerifier is the device request's CSRF
+ DeviceCSRF sqlxx.NullString `db:"device_csrf" json:"dc,omitempty"`
+ // DeviceUserCodeAcceptedAt is the time when device user_code was accepted
+ DeviceUserCodeAcceptedAt sqlxx.NullTime `db:"device_user_code_accepted_at" json:"da,omitempty"`
+ // DeviceWasUsed set to true means that the device request was already handled
+ DeviceWasUsed sqlxx.NullBool `db:"device_was_used" json:"du,omitempty"`
+ // DeviceHandledAt contains the timestamp the device user_code verification request was handled
+ DeviceHandledAt sqlxx.NullTime `db:"device_handled_at" json:"dh,omitempty"`
+ // DeviceError contains any error that happened during the handling of the device flow
+ DeviceError *RequestDeniedError `db:"device_error" json:"de,omitempty"`
// ConsentChallengeID is the identifier ("authorization challenge") of the consent authorization request. It is used to
// identify the session.
//
// required: true
- ConsentChallengeID sqlxx.NullString `db:"consent_challenge_id"`
+ ConsentChallengeID sqlxx.NullString `db:"consent_challenge_id" json:"cc,omitempty"`
// ConsentSkip, if true, implies that the client has requested the same scopes from the same user previously.
// If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the
// consent request using the usual API call.
- ConsentSkip bool `db:"consent_skip"`
- ConsentVerifier sqlxx.NullString `db:"consent_verifier"`
- ConsentCSRF sqlxx.NullString `db:"consent_csrf"`
+ ConsentSkip bool `db:"consent_skip" json:"cs,omitempty"`
+ ConsentVerifier sqlxx.NullString `db:"consent_verifier" json:"cv,omitempty"`
+ ConsentCSRF sqlxx.NullString `db:"consent_csrf" json:"cr,omitempty"`
// GrantedScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope`.
- GrantedScope sqlxx.StringSliceJSONFormat `db:"granted_scope"`
+ GrantedScope sqlxx.StringSliceJSONFormat `db:"granted_scope" json:"gs,omitempty"`
// GrantedAudience sets the audience the user authorized the client to use. Should be a subset of `requested_access_token_audience`.
- GrantedAudience sqlxx.StringSliceJSONFormat `db:"granted_at_audience"`
+ GrantedAudience sqlxx.StringSliceJSONFormat `db:"granted_at_audience" json:"ga,omitempty"`
// ConsentRemember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same
// client asks the same user for the same, or a subset of, scope.
- ConsentRemember bool `db:"consent_remember"`
+ ConsentRemember bool `db:"consent_remember" json:"ce,omitempty"`
// ConsentRememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the
// authorization will be remembered indefinitely.
- ConsentRememberFor *int `db:"consent_remember_for"`
+ ConsentRememberFor *int `db:"consent_remember_for" json:"cf"`
// ConsentHandledAt contains the timestamp the consent request was handled.
- ConsentHandledAt sqlxx.NullTime `db:"consent_handled_at"`
+ ConsentHandledAt sqlxx.NullTime `db:"consent_handled_at" json:"ch,omitempty"`
// ConsentWasHandled set to true means that the request was already handled.
// This can happen on form double-submit or other errors. If this is set we
// recommend redirecting the user to `request_url` to re-initiate the flow.
- ConsentWasHandled bool `db:"consent_was_used"`
- ConsentError *RequestDeniedError `db:"consent_error"`
- SessionIDToken sqlxx.MapStringInterface `db:"session_id_token" faker:"-"`
- SessionAccessToken sqlxx.MapStringInterface `db:"session_access_token" faker:"-"`
+ ConsentWasHandled bool `db:"consent_was_used" json:"cw,omitempty"`
+ ConsentError *RequestDeniedError `db:"consent_error" json:"cx"`
+ SessionIDToken sqlxx.MapStringInterface `db:"session_id_token" faker:"-" json:"st"`
+ SessionAccessToken sqlxx.MapStringInterface `db:"session_access_token" faker:"-" json:"sa"`
+}
+
+// NewDeviceFlow return a new Flow from a DeviceUserAuthRequest.
+func NewDeviceFlow(r *DeviceUserAuthRequest) *Flow {
+ f := &Flow{
+ DeviceChallengeID: sqlxx.NullString(r.ID),
+ Client: r.Client,
+ RequestURL: r.RequestURL,
+ DeviceVerifier: sqlxx.NullString(r.Verifier),
+ DeviceCSRF: sqlxx.NullString(r.CSRF),
+ RequestedAt: r.RequestedAt,
+ RequestedScope: r.RequestedScope,
+ RequestedAudience: r.RequestedAudience,
+ DeviceWasUsed: sqlxx.NullBool{Bool: r.WasHandled, Valid: true},
+ DeviceHandledAt: r.HandledAt,
+ State: DeviceFlowStateInitialized,
+ }
+ if r.Client != nil {
+ f.ClientID = r.Client.GetID()
+ }
+ return f
+}
+
+// GetDeviceUserAuthRequest return the DeviceUserAuthRequest from a Flow.
+func (f *Flow) GetDeviceUserAuthRequest() *DeviceUserAuthRequest {
+ return &DeviceUserAuthRequest{
+ ID: f.DeviceChallengeID.String(),
+ Client: f.Client,
+ RequestURL: f.RequestURL,
+ Verifier: f.DeviceVerifier.String(),
+ CSRF: f.DeviceCSRF.String(),
+ RequestedAt: f.RequestedAt,
+ RequestedScope: f.RequestedScope,
+ RequestedAudience: f.RequestedAudience,
+ WasHandled: f.DeviceWasUsed.Bool,
+ HandledAt: f.DeviceHandledAt,
+ }
+}
+
+// GetHandledDeviceUserAuthRequest return the HandledDeviceUserAuthRequest from a Flow.
+func (f *Flow) GetHandledDeviceUserAuthRequest() *HandledDeviceUserAuthRequest {
+ return &HandledDeviceUserAuthRequest{
+ ID: f.DeviceChallengeID.String(),
+ Client: f.Client,
+ Request: f.GetDeviceUserAuthRequest(),
+ DeviceCodeRequestID: f.DeviceCodeRequestID.String(),
+ RequestURL: f.RequestURL,
+ RequestedAt: f.RequestedAt,
+ RequestedScope: f.RequestedScope,
+ RequestedAudience: f.RequestedAudience,
+ WasHandled: f.DeviceWasUsed.Bool,
+ HandledAt: f.DeviceHandledAt,
+ Error: f.DeviceError,
+ }
+}
+
+// HandleDeviceUserAuthRequest updates the flows fields from a handled request.
+func (f *Flow) HandleDeviceUserAuthRequest(h *HandledDeviceUserAuthRequest) error {
+ if f.DeviceWasUsed.Bool {
+ return errors.WithStack(x.ErrConflict.WithHint("The device verifier was already used and can no longer be changed."))
+ }
+
+ if f.State != DeviceFlowStateInitialized && f.State != DeviceFlowStateUnused && f.State != DeviceFlowStateError {
+ return errors.Errorf("invalid flow state: expected %d/%d/%d, got %d", DeviceFlowStateInitialized, DeviceFlowStateUnused, DeviceFlowStateError, f.State)
+ }
+
+ if f.DeviceChallengeID.String() != h.ID {
+ return errors.Errorf("flow device challenge ID %s does not match HandledDeviceUserAuthRequest ID %s", f.ID, h.ID)
+ }
+
+ f.State = DeviceFlowStateUnused
+ if h.Error != nil {
+ f.State = DeviceFlowStateError
+ }
+ f.Client = h.Client
+ f.ClientID = h.Client.GetID()
+ f.DeviceCodeRequestID = sqlxx.NullString(h.DeviceCodeRequestID)
+ f.DeviceHandledAt = h.HandledAt
+ f.DeviceWasUsed = sqlxx.NullBool{Bool: h.WasHandled, Valid: true}
+ f.RequestedScope = h.RequestedScope
+ f.RequestedAudience = h.RequestedAudience
+ f.DeviceError = h.Error
+
+ return nil
+}
+
+// InvalidateDeviceRequest shifts the flow state to DeviceFlowStateUsed. This
+// transition is executed upon device completion.
+func (f *Flow) InvalidateDeviceRequest() error {
+ if f.State != DeviceFlowStateUnused && f.State != DeviceFlowStateError {
+ return errors.Errorf("invalid flow state: expected %d or %d, got %d", DeviceFlowStateUnused, DeviceFlowStateError, f.State)
+ }
+ if f.DeviceWasUsed.Bool {
+ return errors.New("device verifier has already been used")
+ }
+ f.DeviceWasUsed = sqlxx.NullBool{Bool: true, Valid: true}
+ f.State = DeviceFlowStateUsed
+ return nil
}
func NewFlow(r *LoginRequest) *Flow {
@@ -290,6 +422,11 @@ func (f *Flow) HandleLoginRequest(h *HandledLoginRequest) error {
} else {
f.State = FlowStateLoginUnused
}
+
+ if f.Context != nil {
+ f.Context = h.Context
+ }
+
f.ID = h.ID
f.Subject = h.Subject
f.ForceSubjectIdentifier = h.ForceSubjectIdentifier
@@ -301,7 +438,6 @@ func (f *Flow) HandleLoginRequest(h *HandledLoginRequest) error {
f.LoginExtendSessionLifespan = h.ExtendSessionLifespan
f.ACR = h.ACR
f.AMR = h.AMR
- f.Context = h.Context
f.LoginWasUsed = h.WasHandled
f.LoginAuthenticatedAt = h.AuthenticatedAt
return nil
@@ -394,6 +530,9 @@ func (f *Flow) HandleConsentRequest(r *AcceptOAuth2ConsentRequest) error {
f.ConsentHandledAt = r.HandledAt
f.ConsentWasHandled = r.WasHandled
f.ConsentError = r.Error
+ if r.Context != nil {
+ f.Context = r.Context
+ }
if r.Session != nil {
f.SessionIDToken = r.Session.IDToken
@@ -428,6 +567,7 @@ func (f *Flow) GetConsentRequest() *OAuth2ConsentRequest {
RequestURL: f.RequestURL,
LoginChallenge: sqlxx.NullString(f.ID),
LoginSessionID: f.SessionID,
+ DeviceChallenge: f.DeviceChallengeID,
ACR: f.ACR,
AMR: f.AMR,
Context: f.Context,
@@ -458,6 +598,7 @@ func (f *Flow) GetHandledConsentRequest() *AcceptOAuth2ConsentRequest {
RememberFor: crf,
HandledAt: f.ConsentHandledAt,
WasHandled: f.ConsentWasHandled,
+ Context: f.Context,
ConsentRequest: f.GetConsentRequest(),
Error: f.ConsentError,
RequestedAt: f.RequestedAt,
@@ -502,22 +643,44 @@ type CipherProvider interface {
FlowCipher() *aead.XChaCha20Poly1305
}
+// ToDeviceChallenge converts the flow into a device challenge.
+func (f *Flow) ToDeviceChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+ return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsDeviceChallenge)
+}
+
+// ToDeviceVerifier converts the flow into a device verifier.
+func (f *Flow) ToDeviceVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+ return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsDeviceVerifier)
+}
+
// ToLoginChallenge converts the flow into a login challenge.
-func (f *Flow) ToLoginChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+func (f Flow) ToLoginChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+ if f.Client != nil {
+ f.ClientID = f.Client.GetID()
+ }
return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsLoginChallenge)
}
// ToLoginVerifier converts the flow into a login verifier.
-func (f *Flow) ToLoginVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+func (f Flow) ToLoginVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+ if f.Client != nil {
+ f.ClientID = f.Client.GetID()
+ }
return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsLoginVerifier)
}
// ToConsentChallenge converts the flow into a consent challenge.
-func (f *Flow) ToConsentChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+func (f Flow) ToConsentChallenge(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+ if f.Client != nil {
+ f.ClientID = f.Client.GetID()
+ }
return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsConsentChallenge)
}
// ToConsentVerifier converts the flow into a consent verifier.
-func (f *Flow) ToConsentVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+func (f Flow) ToConsentVerifier(ctx context.Context, cipherProvider CipherProvider) (string, error) {
+ if f.Client != nil {
+ f.ClientID = f.Client.GetID()
+ }
return flowctx.Encode(ctx, cipherProvider.FlowCipher(), f, flowctx.AsConsentVerifier)
}
diff --git a/flow/flow_test.go b/flow/flow_test.go
index 25a832c780e..43acf151a3c 100644
--- a/flow/flow_test.go
+++ b/flow/flow_test.go
@@ -87,6 +87,97 @@ func (f *Flow) setHandledConsentRequest(r AcceptOAuth2ConsentRequest) {
f.LoginAuthenticatedAt = r.AuthenticatedAt
f.SessionIDToken = r.SessionIDToken
f.SessionAccessToken = r.SessionAccessToken
+ if r.Context != nil {
+ f.Context = r.Context
+ }
+}
+
+func (f *Flow) setDeviceRequest(r *DeviceUserAuthRequest) {
+ f.DeviceChallengeID = sqlxx.NullString(r.ID)
+ f.DeviceCSRF = sqlxx.NullString(r.CSRF)
+ f.DeviceVerifier = sqlxx.NullString(r.Verifier)
+ f.Client = r.Client
+ f.RequestURL = r.RequestURL
+ f.RequestedAt = r.RequestedAt
+ f.RequestedScope = r.RequestedScope
+ f.RequestedAudience = r.RequestedAudience
+ f.DeviceWasUsed = sqlxx.NullBool{Bool: r.WasHandled, Valid: true}
+ f.DeviceHandledAt = r.HandledAt
+}
+
+func (f *Flow) setHandledDeviceRequest(r *HandledDeviceUserAuthRequest) {
+ f.DeviceChallengeID = sqlxx.NullString(r.ID)
+ f.Client = r.Client
+ f.RequestURL = r.RequestURL
+ f.RequestedAt = r.RequestedAt
+ f.RequestedScope = r.RequestedScope
+ f.RequestedAudience = r.RequestedAudience
+ f.DeviceError = r.Error
+ f.RequestedAt = r.RequestedAt
+ f.DeviceCodeRequestID = sqlxx.NullString(r.DeviceCodeRequestID)
+ f.DeviceWasUsed = sqlxx.NullBool{Bool: r.WasHandled, Valid: true}
+ f.DeviceHandledAt = r.HandledAt
+}
+
+func TestFlow_GetDeviceUserAuthRequest(t *testing.T) {
+ t.Run("GetDeviceUserAuthRequest should set all fields on its return value", func(t *testing.T) {
+ f := Flow{}
+ expected := DeviceUserAuthRequest{}
+ assert.NoError(t, faker.FakeData(&expected))
+ f.setDeviceRequest(&expected)
+ actual := f.GetDeviceUserAuthRequest()
+ assert.Equal(t, expected, *actual)
+ })
+}
+
+func TestFlow_GetHandledDeviceUserAuthRequest(t *testing.T) {
+ t.Run("GetHandledDeviceUserAuthRequest should set all fields on its return value", func(t *testing.T) {
+ f := Flow{}
+ expected := HandledDeviceUserAuthRequest{}
+ assert.NoError(t, faker.FakeData(&expected))
+ f.setHandledDeviceRequest(&expected)
+ actual := f.GetHandledDeviceUserAuthRequest()
+ assert.NotNil(t, actual.Request)
+ expected.Request = nil
+ actual.Request = nil
+ assert.Equal(t, expected, *actual)
+ })
+}
+
+func TestFlow_NewDeviceFlow(t *testing.T) {
+ t.Run("NewDeviceFlow and GetDeviceUserAuthRequest should use all DeviceUserAuthRequest fields", func(t *testing.T) {
+ expected := &DeviceUserAuthRequest{}
+ assert.NoError(t, faker.FakeData(expected))
+ actual := NewDeviceFlow(expected).GetDeviceUserAuthRequest()
+ assert.Equal(t, expected, actual)
+ })
+}
+
+func TestFlow_HandleDeviceUserAuthRequest(t *testing.T) {
+ t.Run(
+ "HandleDeviceUserAuthRequest should ignore RequestedAt in its argument and copy the other fields",
+ func(t *testing.T) {
+ f := Flow{}
+ assert.NoError(t, faker.FakeData(&f))
+ f.State = DeviceFlowStateInitialized
+
+ r := HandledDeviceUserAuthRequest{}
+ assert.NoError(t, faker.FakeData(&r))
+ r.ID = f.DeviceChallengeID.String()
+ f.DeviceWasUsed = sqlxx.NullBool{Bool: false, Valid: true}
+ f.RequestedAudience = r.RequestedAudience
+ f.RequestedScope = r.RequestedScope
+ f.RequestURL = r.RequestURL
+
+ assert.NoError(t, f.HandleDeviceUserAuthRequest(&r))
+
+ actual := f.GetHandledDeviceUserAuthRequest()
+ assert.NotEqual(t, r.RequestedAt, actual.RequestedAt)
+ r.Request = f.GetDeviceUserAuthRequest()
+ actual.RequestedAt = r.RequestedAt
+ assert.Equal(t, r, *actual)
+ },
+ )
}
func TestFlow_GetLoginRequest(t *testing.T) {
diff --git a/fositex/config.go b/fositex/config.go
index 4377efb1f6d..40efcd33de3 100644
--- a/fositex/config.go
+++ b/fositex/config.go
@@ -42,6 +42,7 @@ type Config struct {
tokenEndpointHandlers fosite.TokenEndpointHandlers
tokenIntrospectionHandlers fosite.TokenIntrospectionHandlers
revocationHandlers fosite.RevocationHandlers
+ deviceEndpointHandlers fosite.DeviceEndpointHandlers
*config.DefaultProvider
}
@@ -61,6 +62,9 @@ var defaultFactories = []Factory{
compose.OAuth2PKCEFactory,
compose.RFC7523AssertionGrantFactory,
compose.OIDCUserinfoVerifiableCredentialFactory,
+ compose.RFC8628DeviceFactory,
+ compose.RFC8628DeviceAuthorizationTokenFactory,
+ compose.OpenIDConnectDeviceFactory,
}
func NewConfig(deps configDependencies) *Config {
@@ -87,6 +91,9 @@ func (c *Config) LoadDefaultHandlers(strategy interface{}) {
if rh, ok := res.(fosite.RevocationHandler); ok {
c.revocationHandlers.Append(rh)
}
+ if dh, ok := res.(fosite.DeviceEndpointHandler); ok {
+ c.deviceEndpointHandlers.Append(dh)
+ }
}
}
@@ -114,6 +121,11 @@ func (c *Config) GetRevocationHandlers(context.Context) fosite.RevocationHandler
return c.revocationHandlers
}
+// GetDeviceEndpointHandlers returns the deviceEndpointHandlers
+func (c *Config) GetDeviceEndpointHandlers(ctx context.Context) fosite.DeviceEndpointHandlers {
+ return c.deviceEndpointHandlers
+}
+
func (c *Config) GetGrantTypeJWTBearerCanSkipClientAuth(context.Context) bool {
return false
}
@@ -206,3 +218,8 @@ func (c *Config) GetTokenURLs(ctx context.Context) []string {
urlx.AppendPaths(c.deps.Config().PublicURL(ctx), oauth2.TokenPath).String(),
})
}
+
+// GetDeviceVerificationURL returns the device verification url
+func (c *Config) GetDeviceVerificationURL(ctx context.Context) string {
+ return urlx.AppendPaths(c.deps.Config().PublicURL(ctx), oauth2.DeviceVerificationPath).String()
+}
diff --git a/fositex/token_strategy.go b/fositex/token_strategy.go
index 2a84822a246..116a904c7ef 100644
--- a/fositex/token_strategy.go
+++ b/fositex/token_strategy.go
@@ -18,12 +18,12 @@ var _ foauth2.CoreStrategy = (*TokenStrategy)(nil)
// TokenStrategy uses the correct token strategy (jwt, opaque) depending on the configuration.
type TokenStrategy struct {
c *config.DefaultProvider
- hmac *foauth2.HMACSHAStrategy
- jwt *foauth2.DefaultJWTStrategy
+ hmac foauth2.CoreStrategy
+ jwt foauth2.CoreStrategy
}
// NewTokenStrategy returns a new TokenStrategy.
-func NewTokenStrategy(c *config.DefaultProvider, hmac *foauth2.HMACSHAStrategy, jwt *foauth2.DefaultJWTStrategy) *TokenStrategy {
+func NewTokenStrategy(c *config.DefaultProvider, hmac foauth2.CoreStrategy, jwt *foauth2.DefaultJWTStrategy) *TokenStrategy {
return &TokenStrategy{c: c, hmac: hmac, jwt: jwt}
}
diff --git a/fositex/token_strategy_test.go b/fositex/token_strategy_test.go
index e308de58ef4..5572311346a 100644
--- a/fositex/token_strategy_test.go
+++ b/fositex/token_strategy_test.go
@@ -7,6 +7,8 @@ import (
"context"
"testing"
+ "github.com/ory/fosite/token/hmac"
+
"github.com/stretchr/testify/assert"
"github.com/ory/fosite/handler/oauth2"
@@ -34,7 +36,7 @@ func TestAccessTokenSignature(t *testing.T) {
}
})
t.Run("strategy=HMACStrategy", func(t *testing.T) {
- strategy := new(oauth2.HMACSHAStrategy)
+ strategy := oauth2.NewHMACSHAStrategy(&hmac.HMACStrategy{}, nil)
for _, tc := range []struct{ token string }{
{""},
{"foo"},
diff --git a/go.mod b/go.mod
index 89e43c36dad..3b0db8496b9 100644
--- a/go.mod
+++ b/go.mod
@@ -1,170 +1,173 @@
module github.com/ory/hydra/v2
-go 1.21
+go 1.22
-toolchain go1.21.0
-
-replace (
- github.com/jackc/pcmock => github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65
- github.com/jackc/pgconn => github.com/jackc/pgconn v1.14.1
- github.com/mattn/go-sqlite3 => github.com/mattn/go-sqlite3 v1.14.16
-)
+toolchain go1.22.5
replace github.com/ory/hydra-client-go/v2 => ./internal/httpclient
+replace github.com/gobuffalo/pop/v6 => github.com/ory/pop/v6 v6.2.0
+
+// Bump Fosite to https://github.com/ory/fosite/tree/hperl/v0.47.0%2B168636f, which contains
+// https://github.com/ory/fosite/commit/b40b1cbb1997e2160eaaf97fb6f73960db4c6118 and https://github.com/ory/fosite/pull/833/commits/eab241e153a4c97abe2e4c6e654f20b9ae206473 on top of the latest release.
+//
+// This is needed until we release the next version of the master branch, as that branch already contains the redirect URI validation fix, which
+// may be breaking for some users.
+// replace github.com/ory/fosite => github.com/ory/fosite v0.47.1-0.20241101073333-eab241e153a4
+
require (
github.com/ThalesIgnite/crypto11 v1.2.5
github.com/bradleyjkemp/cupaloy/v2 v2.8.0
github.com/cenkalti/backoff/v3 v3.2.2
github.com/fatih/structs v1.1.0
- github.com/go-faker/faker/v4 v4.1.1
- github.com/go-jose/go-jose/v3 v3.0.1
- github.com/go-swagger/go-swagger v0.30.5
+ github.com/go-faker/faker/v4 v4.4.2
+ github.com/go-jose/go-jose/v3 v3.0.3
+ github.com/go-swagger/go-swagger v0.31.0
github.com/gobuffalo/pop/v6 v6.1.2-0.20230318123913-c85387acc9a0
github.com/gobwas/glob v0.2.3
github.com/gofrs/uuid v4.4.0+incompatible
- github.com/golang-jwt/jwt/v5 v5.0.0
+ github.com/golang-jwt/jwt/v5 v5.2.1
github.com/golang/mock v1.6.0
- github.com/google/uuid v1.4.0
+ github.com/google/uuid v1.6.0
github.com/gorilla/securecookie v1.1.2
- github.com/gorilla/sessions v1.2.2
- github.com/hashicorp/go-retryablehttp v0.7.4
- github.com/jackc/pgx/v4 v4.18.1
+ github.com/gorilla/sessions v1.3.0
+ github.com/hashicorp/go-retryablehttp v0.7.7
+ github.com/jackc/pgx/v5 v5.6.0
github.com/julienschmidt/httprouter v1.3.0
github.com/luna-duclos/instrumentedsql v1.1.3
github.com/miekg/pkcs11 v1.1.1
- github.com/mikefarah/yq/v4 v4.34.2
+ github.com/mikefarah/yq/v4 v4.44.2
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826
github.com/oleiade/reflections v1.0.1
github.com/ory/analytics-go/v5 v5.0.1
- github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7
+ github.com/ory/fosite v0.47.0
github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe
github.com/ory/graceful v0.1.3
github.com/ory/herodot v0.10.3-0.20230626083119-d7e5192f0d88
- github.com/ory/hydra-client-go/v2 v2.1.1
+ github.com/ory/hydra-client-go/v2 v2.2.1
github.com/ory/jsonschema/v3 v3.0.8
- github.com/ory/kratos-client-go v0.13.1
- github.com/ory/x v0.0.607
+ github.com/ory/kratos-client-go v1.2.1
+ github.com/ory/x v0.0.668
github.com/pborman/uuid v1.2.1
github.com/pkg/errors v0.9.1
- github.com/prometheus/client_golang v1.16.0
- github.com/rs/cors v1.9.0
- github.com/sawadashota/encrypta v0.0.3
+ github.com/prometheus/client_golang v1.19.1
+ github.com/rs/cors v1.11.0
+ github.com/sawadashota/encrypta v0.0.5
github.com/sirupsen/logrus v1.9.3
- github.com/spf13/cobra v1.7.0
+ github.com/spf13/cobra v1.8.1
github.com/spf13/pflag v1.0.5
- github.com/stretchr/testify v1.8.4
- github.com/tidwall/gjson v1.17.0
+ github.com/stretchr/testify v1.9.0
+ github.com/tidwall/gjson v1.17.3
github.com/tidwall/sjson v1.2.5
github.com/tomnomnom/linkheader v0.0.0-20180905144013-02ca5825eb80
github.com/toqueteos/webbrowser v1.2.0
github.com/twmb/murmur3 v1.1.8
github.com/urfave/negroni v1.0.0
- go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1
- go.opentelemetry.io/otel v1.21.0
- go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0
- go.opentelemetry.io/otel/sdk v1.21.0
- go.opentelemetry.io/otel/trace v1.21.0
+ go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0
+ go.opentelemetry.io/otel v1.28.0
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0
+ go.opentelemetry.io/otel/sdk v1.28.0
+ go.opentelemetry.io/otel/trace v1.28.0
go.uber.org/automaxprocs v1.5.3
- golang.org/x/crypto v0.17.0
- golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa
- golang.org/x/oauth2 v0.14.0
- golang.org/x/sync v0.5.0
- golang.org/x/tools v0.15.0
+ golang.org/x/crypto v0.25.0
+ golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56
+ golang.org/x/oauth2 v0.21.0
+ golang.org/x/sync v0.7.0
+ golang.org/x/tools v0.23.0
)
-require github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-
require (
code.dny.dev/ssrf v0.2.0 // indirect
+ dario.cat/mergo v1.0.0 // indirect
+ filippo.io/edwards25519 v1.1.0 // indirect
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.2.1 // indirect
github.com/Masterminds/sprig/v3 v3.2.3 // indirect
- github.com/Microsoft/go-winio v0.6.1 // indirect
+ github.com/Microsoft/go-winio v0.6.2 // indirect
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
+ github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 // indirect
+ github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect
+ github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect
github.com/a8m/envsubst v1.4.2 // indirect
- github.com/alecthomas/participle/v2 v2.0.0 // indirect
+ github.com/alecthomas/participle/v2 v2.1.1 // indirect
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
github.com/avast/retry-go/v4 v4.5.0 // indirect
github.com/aymerick/douceur v0.2.0 // indirect
github.com/beorn7/perks v1.0.1 // indirect
- github.com/cenkalti/backoff/v4 v4.2.1 // indirect
- github.com/cespare/xxhash/v2 v2.2.0 // indirect
+ github.com/cenkalti/backoff/v4 v4.3.0 // indirect
+ github.com/cespare/xxhash/v2 v2.3.0 // indirect
+ github.com/cloudflare/circl v1.3.7 // indirect
github.com/cockroachdb/cockroach-go/v2 v2.3.5 // indirect
- github.com/containerd/continuity v0.4.1 // indirect
- github.com/creasty/defaults v1.7.0 // indirect
+ github.com/containerd/continuity v0.4.3 // indirect
github.com/cristalhq/jwt/v4 v4.0.2 // indirect
- github.com/dave/jennifer v1.7.0 // indirect
- github.com/davecgh/go-spew v1.1.1 // indirect
- github.com/dgraph-io/ristretto v0.1.1 // indirect
+ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
+ github.com/dgraph-io/ristretto v1.0.0 // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
- github.com/docker/cli v20.10.21+incompatible // indirect
- github.com/docker/distribution v2.8.2+incompatible // indirect
- github.com/docker/docker v20.10.24+incompatible // indirect
- github.com/docker/go-connections v0.4.0 // indirect
+ github.com/distribution/reference v0.6.0 // indirect
+ github.com/docker/cli v26.1.4+incompatible // indirect
+ github.com/docker/docker v26.1.5+incompatible // indirect
+ github.com/docker/go-connections v0.5.0 // indirect
github.com/docker/go-units v0.5.0 // indirect
github.com/dustin/go-humanize v1.0.1 // indirect
- github.com/ecordell/optgen v0.0.9 // indirect
- github.com/elliotchance/orderedmap v1.5.0 // indirect
+ github.com/elliotchance/orderedmap v1.6.0 // indirect
github.com/evanphx/json-patch/v5 v5.6.0 // indirect
- github.com/fatih/color v1.15.0 // indirect
- github.com/fatih/structtag v1.2.0 // indirect
+ github.com/fatih/color v1.17.0 // indirect
github.com/felixge/fgprof v0.9.3 // indirect
github.com/felixge/httpsnoop v1.0.4 // indirect
- github.com/fsnotify/fsnotify v1.6.0 // indirect
- github.com/go-logr/logr v1.3.0 // indirect
+ github.com/fsnotify/fsnotify v1.7.0 // indirect
+ github.com/go-logr/logr v1.4.2 // indirect
github.com/go-logr/stdr v1.2.2 // indirect
- github.com/go-openapi/analysis v0.21.4 // indirect
- github.com/go-openapi/errors v0.20.4 // indirect
- github.com/go-openapi/inflect v0.19.0 // indirect
- github.com/go-openapi/jsonpointer v0.20.0 // indirect
- github.com/go-openapi/jsonreference v0.20.2 // indirect
- github.com/go-openapi/loads v0.21.2 // indirect
- github.com/go-openapi/runtime v0.26.0 // indirect
- github.com/go-openapi/spec v0.20.9 // indirect
- github.com/go-openapi/strfmt v0.21.7 // indirect
- github.com/go-openapi/swag v0.22.4 // indirect
- github.com/go-openapi/validate v0.22.1 // indirect
- github.com/go-sql-driver/mysql v1.7.1 // indirect
+ github.com/go-openapi/analysis v0.23.0 // indirect
+ github.com/go-openapi/errors v0.22.0 // indirect
+ github.com/go-openapi/inflect v0.21.0 // indirect
+ github.com/go-openapi/jsonpointer v0.21.0 // indirect
+ github.com/go-openapi/jsonreference v0.21.0 // indirect
+ github.com/go-openapi/loads v0.22.0 // indirect
+ github.com/go-openapi/runtime v0.28.0 // indirect
+ github.com/go-openapi/spec v0.21.0 // indirect
+ github.com/go-openapi/strfmt v0.23.0 // indirect
+ github.com/go-openapi/swag v0.23.0 // indirect
+ github.com/go-openapi/validate v0.24.0 // indirect
+ github.com/go-sql-driver/mysql v1.8.1 // indirect
github.com/gobuffalo/envy v1.10.2 // indirect
github.com/gobuffalo/fizz v1.14.4 // indirect
github.com/gobuffalo/flect v1.0.2 // indirect
github.com/gobuffalo/github_flavored_markdown v1.1.4 // indirect
github.com/gobuffalo/helpers v0.6.7 // indirect
github.com/gobuffalo/nulls v0.4.2 // indirect
- github.com/gobuffalo/plush/v4 v4.1.19 // indirect
+ github.com/gobuffalo/plush/v4 v4.1.21 // indirect
github.com/gobuffalo/tags/v3 v3.1.4 // indirect
github.com/gobuffalo/validate/v3 v3.3.3 // indirect
- github.com/goccy/go-json v0.10.2 // indirect
- github.com/goccy/go-yaml v1.11.0 // indirect
+ github.com/goccy/go-json v0.10.3 // indirect
+ github.com/goccy/go-yaml v1.11.3 // indirect
github.com/gofrs/flock v0.8.1 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
- github.com/golang/glog v1.1.2 // indirect
- github.com/golang/protobuf v1.5.3 // indirect
+ github.com/golang/protobuf v1.5.4 // indirect
github.com/google/pprof v0.0.0-20230808223545-4887780b67fb // indirect
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
- github.com/gorilla/css v1.0.0 // indirect
- github.com/gorilla/handlers v1.5.1 // indirect
+ github.com/gorilla/css v1.0.1 // indirect
+ github.com/gorilla/handlers v1.5.2 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 // indirect
- github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 // indirect
+ github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 // indirect
+ github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/hcl v1.0.0 // indirect
github.com/huandu/xstrings v1.4.0 // indirect
github.com/imdario/mergo v0.3.16 // indirect
github.com/inconshreveable/mousetrap v1.1.0 // indirect
github.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf // indirect
github.com/jackc/chunkreader/v2 v2.0.1 // indirect
- github.com/jackc/pgconn v1.14.1 // indirect
+ github.com/jackc/pgconn v1.14.3 // indirect
github.com/jackc/pgio v1.0.0 // indirect
github.com/jackc/pgpassfile v1.0.0 // indirect
- github.com/jackc/pgproto3/v2 v2.3.2 // indirect
- github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
- github.com/jackc/pgtype v1.14.0 // indirect
+ github.com/jackc/pgproto3/v2 v2.3.3 // indirect
+ github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect
+ github.com/jackc/puddle/v2 v2.2.1 // indirect
github.com/jandelgado/gcov2lcov v1.0.5 // indirect
github.com/jessevdk/go-flags v1.5.0 // indirect
- github.com/jinzhu/copier v0.3.5 // indirect
- github.com/jmoiron/sqlx v1.3.5 // indirect
+ github.com/jinzhu/copier v0.4.0 // indirect
+ github.com/jmoiron/sqlx v1.4.0 // indirect
github.com/joho/godotenv v1.5.1 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
@@ -180,42 +183,44 @@ require (
github.com/magiconair/properties v1.8.7 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/mattn/go-colorable v0.1.13 // indirect
- github.com/mattn/go-isatty v0.0.19 // indirect
- github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
+ github.com/mattn/go-isatty v0.0.20 // indirect
+ github.com/mattn/go-sqlite3 v1.14.22 // indirect
github.com/mattn/goveralls v0.0.12 // indirect
- github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect
github.com/microcosm-cc/bluemonday v1.0.26 // indirect
github.com/mitchellh/copystructure v1.2.0 // indirect
github.com/mitchellh/mapstructure v1.5.0 // indirect
github.com/mitchellh/reflectwalk v1.0.2 // indirect
+ github.com/moby/docker-image-spec v1.3.1 // indirect
github.com/moby/term v0.5.0 // indirect
github.com/nyaruka/phonenumbers v1.1.7 // indirect
github.com/oklog/ulid v1.3.1 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
- github.com/opencontainers/image-spec v1.1.0-rc4 // indirect
- github.com/opencontainers/runc v1.1.8 // indirect
+ github.com/opencontainers/image-spec v1.1.0 // indirect
+ github.com/opencontainers/runc v1.1.14 // indirect
github.com/openzipkin/zipkin-go v0.4.2 // indirect
- github.com/ory/dockertest/v3 v3.10.0 // indirect
+ github.com/ory/dockertest/v3 v3.10.1-0.20240704115616-d229e74b748d // indirect
github.com/ory/go-convenience v0.1.0 // indirect
github.com/pelletier/go-toml v1.9.5 // indirect
- github.com/pelletier/go-toml/v2 v2.0.9 // indirect
+ github.com/pelletier/go-toml/v2 v2.2.2 // indirect
github.com/pkg/profile v1.7.0 // indirect
- github.com/pmezard/go-difflib v1.0.0 // indirect
- github.com/prometheus/client_model v0.4.0 // indirect
- github.com/prometheus/common v0.44.0 // indirect
- github.com/prometheus/procfs v0.11.1 // indirect
- github.com/rogpeppe/go-internal v1.11.0 // indirect
+ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
+ github.com/prometheus/client_model v0.5.0 // indirect
+ github.com/prometheus/common v0.48.0 // indirect
+ github.com/prometheus/procfs v0.12.0 // indirect
+ github.com/rogpeppe/go-internal v1.12.0 // indirect
+ github.com/sagikazarmark/locafero v0.4.0 // indirect
+ github.com/sagikazarmark/slog-shim v0.1.0 // indirect
github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 // indirect
github.com/segmentio/backo-go v1.0.1 // indirect
github.com/sergi/go-diff v1.3.1 // indirect
github.com/shopspring/decimal v1.3.1 // indirect
github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d // indirect
+ github.com/sourcegraph/conc v0.3.0 // indirect
github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e // indirect
- github.com/spf13/afero v1.9.5 // indirect
- github.com/spf13/cast v1.5.1 // indirect
- github.com/spf13/jwalterweatherman v1.1.0 // indirect
- github.com/spf13/viper v1.16.0 // indirect
- github.com/subosito/gotenv v1.4.2 // indirect
+ github.com/spf13/afero v1.11.0 // indirect
+ github.com/spf13/cast v1.6.0 // indirect
+ github.com/spf13/viper v1.18.2 // indirect
+ github.com/subosito/gotenv v1.6.0 // indirect
github.com/thales-e-security/pool v0.0.2 // indirect
github.com/tidwall/match v1.1.1 // indirect
github.com/tidwall/pretty v1.2.1 // indirect
@@ -223,29 +228,32 @@ require (
github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c // indirect
- go.mongodb.org/mongo-driver v1.12.1 // indirect
+ github.com/yuin/gopher-lua v1.1.1 // indirect
+ go.mongodb.org/mongo-driver v1.14.0 // indirect
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1 // indirect
- go.opentelemetry.io/contrib/propagators/b3 v1.20.0 // indirect
- go.opentelemetry.io/contrib/propagators/jaeger v1.20.0 // indirect
+ go.opentelemetry.io/contrib/propagators/b3 v1.21.0 // indirect
+ go.opentelemetry.io/contrib/propagators/jaeger v1.21.1 // indirect
go.opentelemetry.io/contrib/samplers/jaegerremote v0.15.1 // indirect
go.opentelemetry.io/otel/exporters/jaeger v1.17.0 // indirect
- go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 // indirect
+ go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 // indirect
go.opentelemetry.io/otel/exporters/zipkin v1.21.0 // indirect
- go.opentelemetry.io/otel/metric v1.21.0 // indirect
- go.opentelemetry.io/proto/otlp v1.0.0 // indirect
- golang.org/x/mod v0.14.0 // indirect
- golang.org/x/net v0.18.0 // indirect
- golang.org/x/sys v0.15.0 // indirect
- golang.org/x/text v0.14.0 // indirect
+ go.opentelemetry.io/otel/metric v1.28.0 // indirect
+ go.opentelemetry.io/proto/otlp v1.3.1 // indirect
+ go.uber.org/mock v0.5.0 // indirect
+ go.uber.org/multierr v1.11.0 // indirect
+ golang.org/x/mod v0.19.0 // indirect
+ golang.org/x/net v0.27.0 // indirect
+ golang.org/x/sys v0.25.0 // indirect
+ golang.org/x/text v0.16.0 // indirect
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
- google.golang.org/appengine v1.6.8 // indirect
- google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect
- google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect
- google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect
- google.golang.org/grpc v1.59.0 // indirect
- google.golang.org/protobuf v1.31.0 // indirect
+ google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect
+ google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect
+ google.golang.org/grpc v1.64.1 // indirect
+ google.golang.org/protobuf v1.34.2 // indirect
gopkg.in/ini.v1 v1.67.0 // indirect
gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
)
+
+replace github.com/ory/fosite => github.com/canonical/fosite v0.0.0-20241118093308-ae6e4e3654c5
diff --git a/go.sum b/go.sum
index 2bf92299cfa..ebf39b86044 100644
--- a/go.sum
+++ b/go.sum
@@ -1,47 +1,11 @@
-cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
-cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
-cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
-cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.44.3/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
-cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
-cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
-cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
-cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
-cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
-cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
-cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
-cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
-cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
-cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
-cloud.google.com/go v0.72.0/go.mod h1:M+5Vjvlc2wnp6tjzE102Dw08nGShTscUx2nZMufOKPI=
-cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmWk=
-cloud.google.com/go v0.75.0/go.mod h1:VGuuCn7PG0dwsd5XPVm2Mm3wlh3EL55/79EKB6hlPTY=
-cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
-cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
-cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
-cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
-cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
-cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
-cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
-cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
-cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
-cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
-cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
-cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
-cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
-cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
-cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
-cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
-cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
-cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo=
code.dny.dev/ssrf v0.2.0 h1:wCBP990rQQ1CYfRpW+YK1+8xhwUjv189AQ3WMo1jQaI=
code.dny.dev/ssrf v0.2.0/go.mod h1:B+91l25OnyaLIeCx0WRJN5qfJ/4/ZTZxRXgm0lj/2w8=
-dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk=
+dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0=
github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E=
-github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI=
github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU=
github.com/Masterminds/semver/v3 v3.1.1/go.mod h1:VPu/7SZ7ePZ3QOrcuXROw5FAcLl4a0cBrbBpGY/8hQs=
@@ -50,23 +14,26 @@ github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0
github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ=
github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA=
github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM=
-github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow=
-github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM=
+github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY=
+github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 h1:TngWCqHvy9oXAN6lEVMRuU21PR1EtLVZJmdB18Gu3Rw=
github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5/go.mod h1:lmUJ/7eu/Q8D7ML55dXQrVaamCz2vxCfdQBasLZfHKk=
-github.com/PuerkitoBio/purell v1.1.1/go.mod h1:c11w/QuzBsJSee3cPx9rAFu61PvFxuPbtSwDGJws/X0=
-github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578/go.mod h1:uGdkoq3SwY9Y+13GIhn11/XLaGBb4BfwItxLd5jeuXE=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95 h1:KLq8BE0KwCL+mmXnjLWEAOYO+2l2AE4YMmqG1ZpZHBs=
+github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k=
+github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw=
+github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA=
+github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g=
github.com/ThalesIgnite/crypto11 v1.2.5 h1:1IiIIEqYmBvUYFeMnHqRft4bwf/O36jryEUpY+9ef8E=
github.com/ThalesIgnite/crypto11 v1.2.5/go.mod h1:ILDKtnCKiQ7zRoNxcp36Y1ZR8LBPmR2E23+wTQe/MlE=
github.com/a8m/envsubst v1.4.2 h1:4yWIHXOLEJHQEFd4UjrWDrYeYlV7ncFWJOCBRLOZHQg=
github.com/a8m/envsubst v1.4.2/go.mod h1:MVUTQNGQ3tsjOOtKCNd+fl8RzhsXcDvvAEzkhGtlsbY=
-github.com/alecthomas/assert/v2 v2.2.2 h1:Z/iVC0xZfWTaFNE6bA3z07T86hd45Xe2eLt6WVy2bbk=
-github.com/alecthomas/assert/v2 v2.2.2/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ=
-github.com/alecthomas/participle/v2 v2.0.0 h1:Fgrq+MbuSsJwIkw3fEj9h75vDP0Er5JzepJ0/HNHv0g=
-github.com/alecthomas/participle/v2 v2.0.0/go.mod h1:rAKZdJldHu8084ojcWevWAL8KmEU+AT+Olodb+WoN2Y=
-github.com/alecthomas/repr v0.2.0 h1:HAzS41CIzNW5syS8Mf9UwXhNH1J9aix/BvDRf1Ml2Yk=
-github.com/alecthomas/repr v0.2.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
-github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
+github.com/alecthomas/assert/v2 v2.3.0 h1:mAsH2wmvjsuvyBvAmCtm7zFsBlb8mIHx5ySLVdDZXL0=
+github.com/alecthomas/assert/v2 v2.3.0/go.mod h1:pXcQ2Asjp247dahGEmsZ6ru0UVwnkhktn7S0bBDLxvQ=
+github.com/alecthomas/participle/v2 v2.1.1 h1:hrjKESvSqGHzRb4yW1ciisFJ4p3MGYih6icjJvbsmV8=
+github.com/alecthomas/participle/v2 v2.1.1/go.mod h1:Y1+hAs8DHPmc3YUFzqllV+eSQ9ljPTk0ZkPMtEdAx2c=
+github.com/alecthomas/repr v0.4.0 h1:GhI2A8MACjfegCPVq9f1FLvIBS+DrQ2KQBFZP1iFzXc=
+github.com/alecthomas/repr v0.4.0/go.mod h1:Fr0507jx4eOXV7AlPV6AVZLYrLIuIeSOWtW57eE/O/4=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
github.com/avast/retry-go/v4 v4.5.0 h1:QoRAZZ90cj5oni2Lsgl2GW8mNTnUCnmpx/iKpwVisHg=
@@ -79,145 +46,104 @@ github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869 h1:DDGfHa7BWjL4Yn
github.com/bmizerany/assert v0.0.0-20160611221934-b7ed37b82869/go.mod h1:Ekp36dRnpXw/yCqJaO+ZrUyxD+3VXMFFr56k5XYrpB4=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0 h1:any4BmKE+jGIaMpnU8YgH/I2LPiLBufr6oMMlVBbn9M=
github.com/bradleyjkemp/cupaloy/v2 v2.8.0/go.mod h1:bm7JXdkRd4BHJk9HpwqAI8BoAY1lps46Enkdqw6aRX0=
+github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
+github.com/canonical/fosite v0.0.0-20241118093308-ae6e4e3654c5 h1:jaKZL299cY0juQKGJ3tdHDl8evDbAGevfN6EGoTgR/E=
+github.com/canonical/fosite v0.0.0-20241118093308-ae6e4e3654c5/go.mod h1:A8nrQ4txReSzKzg/QRCBL13Agy61kt65EJb3iH/vRE0=
github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M=
github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs=
-github.com/cenkalti/backoff/v4 v4.2.1 h1:y4OZtCnogmCPw98Zjyt5a6+QwPLGkiQsYW5oUqylYbM=
-github.com/cenkalti/backoff/v4 v4.2.1/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
-github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
-github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
-github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
+github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8=
+github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
+github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
+github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
-github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
-github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
-github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
-github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
-github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
+github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
github.com/cockroachdb/cockroach-go/v2 v2.3.5 h1:Khtm8K6fTTz/ZCWPzU9Ne3aOW9VyAnj4qIPCJgKtwK0=
github.com/cockroachdb/cockroach-go/v2 v2.3.5/go.mod h1:1wNJ45eSXW9AnOc3skntW9ZUZz6gxrQK3cOj3rK+BC8=
-github.com/containerd/continuity v0.4.1 h1:wQnVrjIyQ8vhU2sgOiL5T07jo+ouqc2bnKsv5/EqGhU=
-github.com/containerd/continuity v0.4.1/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
-github.com/coreos/go-systemd v0.0.0-20190321100706-95778dfbb74e/go.mod h1:F5haX7vjVVG0kc13fIWeqUViNPyEJxv/OmvnBo0Yme4=
-github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8=
+github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
+github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I=
+github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo=
+github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY=
github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4=
-github.com/creasty/defaults v1.7.0 h1:eNdqZvc5B509z18lD8yc212CAqJNvfT1Jq6L8WowdBA=
-github.com/creasty/defaults v1.7.0/go.mod h1:iGzKe6pbEHnpMPtfDXZEr0NVxWnPTjb1bbDy08fPzYM=
github.com/cristalhq/jwt/v4 v4.0.2 h1:g/AD3h0VicDamtlM70GWGElp8kssQEv+5wYd7L9WOhU=
github.com/cristalhq/jwt/v4 v4.0.2/go.mod h1:HnYraSNKDRag1DZP92rYHyrjyQHnVEHPNqesmzs+miQ=
-github.com/dave/jennifer v1.7.0 h1:uRbSBH9UTS64yXbh4FrMHfgfY762RD+C7bUPKODpSJE=
-github.com/dave/jennifer v1.7.0/go.mod h1:nXbxhEmQfOZhWml3D1cDK5M1FLnMSozpbFN/m3RmGZc=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8=
-github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA=
-github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2 h1:tdlZCpZ/P9DhczCTSixgIKmwPv6+wP5DGjqLYw5SUiA=
-github.com/dgryski/go-farm v0.0.0-20190423205320-6a90982ecee2/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM=
+github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dgraph-io/ristretto v1.0.0 h1:SYG07bONKMlFDUYu5pEu3DGAh8c2OFNzKm6G9J4Si84=
+github.com/dgraph-io/ristretto v1.0.0/go.mod h1:jTi2FiYEhQ1NsMmA7DeBykizjOuY88NhKBkepyu1jPc=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13 h1:fAjc9m62+UWV/WAFKLNi6ZS0675eEUC9y3AlwSbQu1Y=
+github.com/dgryski/go-farm v0.0.0-20200201041132-a6ae2369ad13/go.mod h1:SqUrOPUnsFjfmXRMNPybcSiG0BgUW2AuFH8PAnS2iTw=
github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
-github.com/docker/cli v20.10.21+incompatible h1:qVkgyYUnOLQ98LtXBrwd/duVqPT2X4SHndOuGsfwyhU=
-github.com/docker/cli v20.10.21+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
-github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8=
-github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w=
-github.com/docker/docker v20.10.24+incompatible h1:Ugvxm7a8+Gz6vqQYQQ2W7GYq5EUPaAiuPgIfVyI3dYE=
-github.com/docker/docker v20.10.24+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
-github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ=
-github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec=
+github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk=
+github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E=
+github.com/docker/cli v26.1.4+incompatible h1:I8PHdc0MtxEADqYJZvhBrW9bo8gawKwwenxRM7/rLu8=
+github.com/docker/cli v26.1.4+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8=
+github.com/docker/docker v26.1.5+incompatible h1:NEAxTwEjxV6VbBMBoGG3zPqbiJosIApZjxlbrG9q3/g=
+github.com/docker/docker v26.1.5+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk=
+github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c=
+github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc=
github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4=
github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk=
-github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY=
github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
-github.com/ecordell/optgen v0.0.9 h1:kmRMqOkbNsWayOnZSk2m5SeGaOTOc7amfi+MAnaMOeI=
-github.com/ecordell/optgen v0.0.9/go.mod h1:+YZ4tk5pNGMoeH+Y4F4HeDDj0SLOlIgMMNae7az4h5g=
-github.com/elliotchance/orderedmap v1.5.0 h1:1IsExUsjv5XNBD3ZdC7jkAAqLWOOKdbPTmkHx63OsBg=
-github.com/elliotchance/orderedmap v1.5.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys=
-github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
-github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
-github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po=
-github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk=
-github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/elliotchance/orderedmap v1.6.0 h1:xjn+kbbKXeDq6v9RVE+WYwRbYfAZKvlWfcJNxM8pvEw=
+github.com/elliotchance/orderedmap v1.6.0/go.mod h1:wsDwEaX5jEoyhbs7x93zk2H/qv0zwuhg4inXhDkYqys=
github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww=
github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4=
-github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk=
-github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs=
-github.com/fatih/color v1.15.0/go.mod h1:0h5ZqXfHYED7Bhv2ZJamyIOUej9KtShiJESRwBDUSsw=
+github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4=
+github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI=
github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
-github.com/fatih/structtag v1.2.0 h1:/OdNE99OxoI/PqaW/SuSK9uxxT3f/tcSZgon/ssNSx4=
-github.com/fatih/structtag v1.2.0/go.mod h1:mBJUNpUnHmRKrKlQQlmCrh5PuhftFbNv8Ys4/aAZl94=
github.com/felixge/fgprof v0.9.3 h1:VvyZxILNuCiUCSXtPtYmmtGvb65nqXh2QFWc0Wpf2/g=
github.com/felixge/fgprof v0.9.3/go.mod h1:RdbpDgzqYVh/T9fPELJyV7EYJuHB55UTEULNun8eiPw=
-github.com/felixge/httpsnoop v1.0.1/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg=
github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
-github.com/frankban/quicktest v1.14.4 h1:g2rn0vABPOOXmZUj+vbmUp0lPoXEMuhTpIluN0XL9UY=
-github.com/frankban/quicktest v1.14.4/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY=
-github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw=
+github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
+github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
+github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA=
+github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM=
github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-faker/faker/v4 v4.1.1 h1:zkxj/JH/aezB4R6cTEMKU7qcVScGhlB3qRtF3D7K+rI=
-github.com/go-faker/faker/v4 v4.1.1/go.mod h1:uuNc0PSRxF8nMgjGrrrU4Nw5cF30Jc6Kd0/FUTTYbhg=
-github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-jose/go-jose/v3 v3.0.1 h1:pWmKFVtt+Jl0vBZTIpz/eAKwsm6LkIxDVVbFHKkchhA=
-github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8=
-github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY=
-github.com/go-logfmt/logfmt v0.5.0/go.mod h1:wCYkCAKZfumFQihp8CzCvQ3paCTfi41vtzG1KdI/P7A=
+github.com/go-faker/faker/v4 v4.4.2 h1:96WeU9QKEqRUVYdjHquY2/5bAqmVM0IfGKHV5mbfqmQ=
+github.com/go-faker/faker/v4 v4.4.2/go.mod h1:4K3v4AbKXYNHMQNaREMc9/kRB9j5JJzpFo6KHRvrcIw=
+github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k=
+github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ=
github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
-github.com/go-logr/logr v1.3.0 h1:2y3SDp0ZXuc6/cjLSZ+Q3ir+QB9T/iG5yYRXqsagWSY=
-github.com/go-logr/logr v1.3.0/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
+github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY=
+github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag=
github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE=
-github.com/go-openapi/analysis v0.21.2/go.mod h1:HZwRk4RRisyG8vx2Oe6aqeSQcoxRp47Xkp3+K6q+LdY=
-github.com/go-openapi/analysis v0.21.4 h1:ZDFLvSNxpDaomuCueM0BlSXxpANBlFYiBvr+GXrvIHc=
-github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9QyAgQRPp9y3pfo=
-github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M=
-github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWLG6M=
-github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk=
-github.com/go-openapi/inflect v0.19.0 h1:9jCH9scKIbHeV9m12SmPilScz6krDxKRasNNSNPXu/4=
-github.com/go-openapi/inflect v0.19.0/go.mod h1:lHpZVlpIQqLyKwJ4N+YSc9hchQy/i12fJykb83CRBH4=
-github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg=
-github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
-github.com/go-openapi/jsonpointer v0.20.0 h1:ESKJdU9ASRfaPNOPRx12IUyA1vn3R9GiE3KYD14BXdQ=
-github.com/go-openapi/jsonpointer v0.20.0/go.mod h1:6PGzBjjIIumbLYysB73Klnms1mwnU4G3YHOECG3CedA=
-github.com/go-openapi/jsonreference v0.19.6/go.mod h1:diGHMEHg2IqXZGKxqyvWdfWU/aim5Dprw5bqpKkTvns=
-github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXymS4zJbYVCZmcgkasdo=
-github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
-github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
-github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g=
-github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro=
-github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw=
-github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc=
-github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ=
-github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I=
-github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/spec v0.20.9 h1:xnlYNQAwKd2VQRRfwTEI0DcK+2cbuvI/0c7jx3gA8/8=
-github.com/go-openapi/spec v0.20.9/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA=
-github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg=
-github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k=
-github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg=
-github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k=
-github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew=
-github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk=
-github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ=
-github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU=
-github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
-github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU=
-github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg=
+github.com/go-openapi/analysis v0.23.0 h1:aGday7OWupfMs+LbmLZG4k0MYXIANxcuBTYUC03zFCU=
+github.com/go-openapi/analysis v0.23.0/go.mod h1:9mz9ZWaSlV8TvjQHLl2mUW2PbZtemkE8yA5v22ohupo=
+github.com/go-openapi/errors v0.22.0 h1:c4xY/OLxUBSTiepAg3j/MHuAv5mJhnf53LLMWFB+u/w=
+github.com/go-openapi/errors v0.22.0/go.mod h1:J3DmZScxCDufmIMsdOuDHxJbdOGC0xtUynjIx092vXE=
+github.com/go-openapi/inflect v0.21.0 h1:FoBjBTQEcbg2cJUWX6uwL9OyIW8eqc9k4KhN4lfbeYk=
+github.com/go-openapi/inflect v0.21.0/go.mod h1:INezMuUu7SJQc2AyR3WO0DqqYUJSj8Kb4hBd7WtjlAw=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/loads v0.22.0 h1:ECPGd4jX1U6NApCGG1We+uEozOAvXvJSF4nnwHZ8Aco=
+github.com/go-openapi/loads v0.22.0/go.mod h1:yLsaTCS92mnSAZX5WWoxszLj0u+Ojl+Zs5Stn1oF+rs=
+github.com/go-openapi/runtime v0.28.0 h1:gpPPmWSNGo214l6n8hzdXYhPuJcGtziTOgUpvsFWGIQ=
+github.com/go-openapi/runtime v0.28.0/go.mod h1:QN7OzcS+XuYmkQLw05akXk0jRH/eZ3kb18+1KwW9gyc=
+github.com/go-openapi/spec v0.21.0 h1:LTVzPc3p/RzRnkQqLRndbAzjY0d0BCL72A6j3CdL9ZY=
+github.com/go-openapi/spec v0.21.0/go.mod h1:78u6VdPw81XU44qEWGhtr982gJ5BWg2c0I5XwVMotYk=
+github.com/go-openapi/strfmt v0.23.0 h1:nlUS6BCqcnAk0pyhi9Y+kdDVZdZMHfEKQiS4HaMgO/c=
+github.com/go-openapi/strfmt v0.23.0/go.mod h1:NrtIpfKtWIygRkKVsxh7XQMDQW5HKQl6S5ik2elW+K4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
+github.com/go-openapi/validate v0.24.0 h1:LdfDKwNbpB6Vn40xhTdNZAnfLECL81w+VX3BumrGD58=
+github.com/go-openapi/validate v0.24.0/go.mod h1:iyeX1sEufmv3nPbBdX3ieNviWnOZaJ1+zquzJEf2BAQ=
github.com/go-playground/locales v0.13.0 h1:HyWk6mgj5qFqCT5fjGBuRArbVDfE4hi8+e8ceBS/t7Q=
github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
github.com/go-playground/universal-translator v0.17.0 h1:icxd5fm+REJzpZx7ZfpaD876Lmtgy7VtROAbHHXk8no=
@@ -225,188 +151,87 @@ github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+
github.com/go-playground/validator/v10 v10.4.1 h1:pH2c5ADXtd66mxoE0Zm9SUhxE20r7aM3F26W0hOn+GE=
github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
github.com/go-sql-driver/mysql v1.6.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg=
-github.com/go-sql-driver/mysql v1.7.0/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
-github.com/go-sql-driver/mysql v1.7.1 h1:lUIinVbN1DY0xBg0eMOzmmtGoHwWBbvnWubQUrtU8EI=
-github.com/go-sql-driver/mysql v1.7.1/go.mod h1:OXbVy3sEdcQ2Doequ6Z5BW6fXNQTmx+9S1MCJN5yJMI=
-github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
-github.com/go-swagger/go-swagger v0.30.5 h1:SQ2+xSonWjjoEMOV5tcOnZJVlfyUfCBhGQGArS1b9+U=
-github.com/go-swagger/go-swagger v0.30.5/go.mod h1:cWUhSyCNqV7J1wkkxfr5QmbcnCewetCdvEXqgPvbc/Q=
-github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013 h1:l9rI6sNaZgNC0LnF3MiE+qTmyBA/tZAg1rtyrGbUMK0=
-github.com/go-swagger/scan-repo-boundary v0.0.0-20180623220736-973b3573c013/go.mod h1:b65mBPzqzZWxOZGxSWrqs4GInLIn+u99Q9q7p+GKni0=
-github.com/gobuffalo/attrs v0.0.0-20190224210810-a9411de4debd/go.mod h1:4duuawTqi2wkkpB4ePgWMaai6/Kc6WEz83bhFwpHzj0=
-github.com/gobuffalo/attrs v1.0.3/go.mod h1:KvDJCE0avbufqS0Bw3UV7RQynESY0jjod+572ctX4t8=
-github.com/gobuffalo/depgen v0.0.0-20190329151759-d478694a28d3/go.mod h1:3STtPUQYuzV0gBVOY3vy6CfMm/ljR4pABfrTeHNLHUY=
-github.com/gobuffalo/depgen v0.1.0/go.mod h1:+ifsuy7fhi15RWncXQQKjWS9JPkdah5sZvtHc2RXGlg=
-github.com/gobuffalo/envy v1.6.15/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
-github.com/gobuffalo/envy v1.7.0/go.mod h1:n7DRkBerg/aorDM8kbduw5dN3oXGswK5liaSCx4T5NI=
+github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y=
+github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg=
+github.com/go-swagger/go-swagger v0.31.0 h1:H8eOYQnY2u7vNKWDNykv2xJP3pBhRG/R+SOCAmKrLlc=
+github.com/go-swagger/go-swagger v0.31.0/go.mod h1:WSigRRWEig8zV6t6Sm8Y+EmUjlzA/HoaZJ5edupq7po=
github.com/gobuffalo/envy v1.10.2 h1:EIi03p9c3yeuRCFPOKcSfajzkLb3hrRjEpHGI8I2Wo4=
github.com/gobuffalo/envy v1.10.2/go.mod h1:qGAGwdvDsaEtPhfBzb3o0SfDea8ByGn9j8bKmVft9z8=
github.com/gobuffalo/fizz v1.14.4 h1:8uume7joF6niTNWN582IQ2jhGTUoa9g1fiV/tIoGdBs=
github.com/gobuffalo/fizz v1.14.4/go.mod h1:9/2fGNXNeIFOXEEgTPJwiK63e44RjG+Nc4hfMm1ArGM=
-github.com/gobuffalo/flect v0.1.0/go.mod h1:d2ehjJqGOH/Kjqcoz+F7jHTBbmDb38yXA598Hb50EGs=
-github.com/gobuffalo/flect v0.1.1/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
-github.com/gobuffalo/flect v0.1.3/go.mod h1:8JCgGVbRjJhVgD6399mQr4fx5rRfGKVzFjbj6RE/9UI=
github.com/gobuffalo/flect v0.3.0/go.mod h1:5pf3aGnsvqvCj50AVni7mJJF8ICxGZ8HomberC3pXLE=
-github.com/gobuffalo/flect v1.0.0/go.mod h1:l9V6xSb4BlXwsxEMj3FVEub2nkdQjWhPvD8XTTlHPQc=
github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA=
github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs=
-github.com/gobuffalo/genny v0.0.0-20190329151137-27723ad26ef9/go.mod h1:rWs4Z12d1Zbf19rlsn0nurr75KqhYp52EAGGxTbBhNk=
-github.com/gobuffalo/genny v0.0.0-20190403191548-3ca520ef0d9e/go.mod h1:80lIj3kVJWwOrXWWMRzzdhW3DsrdjILVil/SFKBzF28=
-github.com/gobuffalo/genny v0.1.0/go.mod h1:XidbUqzak3lHdS//TPu2OgiFB+51Ur5f7CSnXZ/JDvo=
-github.com/gobuffalo/genny v0.1.1/go.mod h1:5TExbEyY48pfunL4QSXxlDOmdsD44RRq4mVZ0Ex28Xk=
-github.com/gobuffalo/genny/v2 v2.1.0/go.mod h1:4yoTNk4bYuP3BMM6uQKYPvtP6WsXFGm2w2EFYZdRls8=
-github.com/gobuffalo/gitgen v0.0.0-20190315122116-cc086187d211/go.mod h1:vEHJk/E9DmhejeLeNt7UVvlSGv3ziL+djtTr3yyzcOw=
github.com/gobuffalo/github_flavored_markdown v1.1.3/go.mod h1:IzgO5xS6hqkDmUh91BW/+Qxo/qYnvfzoz3A7uLkg77I=
github.com/gobuffalo/github_flavored_markdown v1.1.4 h1:WacrEGPXUDX+BpU1GM/Y0ADgMzESKNWls9hOTG1MHVs=
github.com/gobuffalo/github_flavored_markdown v1.1.4/go.mod h1:Vl9686qrVVQou4GrHRK/KOG3jCZOKLUqV8MMOAYtlso=
-github.com/gobuffalo/gogen v0.0.0-20190315121717-8f38393713f5/go.mod h1:V9QVDIxsgKNZs6L2IYiGR8datgMhB577vzTDqypH360=
-github.com/gobuffalo/gogen v0.1.0/go.mod h1:8NTelM5qd8RZ15VjQTFkAW6qOMx5wBbW4dSCS3BY8gg=
-github.com/gobuffalo/gogen v0.1.1/go.mod h1:y8iBtmHmGc4qa3urIyo1shvOD8JftTtfcKi+71xfDNE=
github.com/gobuffalo/helpers v0.6.7 h1:C9CedoRSfgWg2ZoIkVXgjI5kgmSpL34Z3qdnzpfNVd8=
github.com/gobuffalo/helpers v0.6.7/go.mod h1:j0u1iC1VqlCaJEEVkZN8Ia3TEzfj/zoXANqyJExTMTA=
-github.com/gobuffalo/here v0.6.7 h1:hpfhh+kt2y9JLDfhYUxxCRxQol540jsVfKUZzjlbp8o=
-github.com/gobuffalo/here v0.6.7/go.mod h1:vuCfanjqckTuRlqAitJz6QC4ABNnS27wLb816UhsPcc=
github.com/gobuffalo/httptest v1.5.2 h1:GpGy520SfY1QEmyPvaqmznTpG4gEQqQ82HtHqyNEreM=
github.com/gobuffalo/httptest v1.5.2/go.mod h1:FA23yjsWLGj92mVV74Qtc8eqluc11VqcWr8/C1vxt4g=
-github.com/gobuffalo/logger v0.0.0-20190315122211-86e12af44bc2/go.mod h1:QdxcLw541hSGtBnhUc4gaNIXRjiDppFGaDqzbrBd3v8=
-github.com/gobuffalo/logger v1.0.7/go.mod h1:u40u6Bq3VVvaMcy5sRBclD8SXhBYPS0Qk95ubt+1xJM=
-github.com/gobuffalo/mapi v1.0.1/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
-github.com/gobuffalo/mapi v1.0.2/go.mod h1:4VAGh89y6rVOvm5A8fKFxYG+wIW6LO1FMTG9hnKStFc=
github.com/gobuffalo/nulls v0.4.2 h1:GAqBR29R3oPY+WCC7JL9KKk9erchaNuV6unsOSZGQkw=
github.com/gobuffalo/nulls v0.4.2/go.mod h1:EElw2zmBYafU2R9W4Ii1ByIj177wA/pc0JdjtD0EsH8=
-github.com/gobuffalo/packd v0.0.0-20190315124812-a385830c7fc0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packd v0.1.0/go.mod h1:M2Juc+hhDXf/PnmBANFCqx4DM3wRbgDvnVWeG2RIxq4=
-github.com/gobuffalo/packd v1.0.2/go.mod h1:sUc61tDqGMXON80zpKGp92lDb86Km28jfvX7IAyxFT8=
-github.com/gobuffalo/packr/v2 v2.0.9/go.mod h1:emmyGweYTm6Kdper+iywB6YK5YzuKchGtJQZ0Odn4pQ=
-github.com/gobuffalo/packr/v2 v2.2.0/go.mod h1:CaAwI0GPIAv+5wKLtv8Afwl+Cm78K/I/VCm/3ptBN+0=
github.com/gobuffalo/plush/v4 v4.1.16/go.mod h1:6t7swVsarJ8qSLw1qyAH/KbrcSTwdun2ASEQkOznakg=
-github.com/gobuffalo/plush/v4 v4.1.18/go.mod h1:xi2tJIhFI4UdzIL8sxZtzGYOd2xbBpcFbLZlIPGGZhU=
-github.com/gobuffalo/plush/v4 v4.1.19 h1:o0E5gEJw+ozkAwQoCeiaWC6VOU2lEmX+GhtGkwpqZ8o=
-github.com/gobuffalo/plush/v4 v4.1.19/go.mod h1:WiKHJx3qBvfaDVlrv8zT7NCd3dEMaVR/fVxW4wqV17M=
-github.com/gobuffalo/pop/v6 v6.1.2-0.20230318123913-c85387acc9a0 h1:+LF3Enal3HZ+rFmaLZfBRNHKqtnoA0d8jk0Iio8InZM=
-github.com/gobuffalo/pop/v6 v6.1.2-0.20230318123913-c85387acc9a0/go.mod h1:1n7jAmI1i7fxuXPZjZb0VBPQDbksRtCoFnrDV5IsvaI=
-github.com/gobuffalo/syncx v0.0.0-20190224160051-33c29581e754/go.mod h1:HhnNqWY95UYwwW3uSASeV7vtgYkT2t16hJgV3AEPUpw=
+github.com/gobuffalo/plush/v4 v4.1.21 h1:YVfauGshxyQ+beh4jHR6Ct3NEXohn+1EboMjzdUDo30=
+github.com/gobuffalo/plush/v4 v4.1.21/go.mod h1:WiKHJx3qBvfaDVlrv8zT7NCd3dEMaVR/fVxW4wqV17M=
github.com/gobuffalo/tags/v3 v3.1.4 h1:X/ydLLPhgXV4h04Hp2xlbI2oc5MDaa7eub6zw8oHjsM=
github.com/gobuffalo/tags/v3 v3.1.4/go.mod h1:ArRNo3ErlHO8BtdA0REaZxijuWnWzF6PUXngmMXd2I0=
github.com/gobuffalo/validate/v3 v3.3.3 h1:o7wkIGSvZBYBd6ChQoLxkz2y1pfmhbI4jNJYh6PuNJ4=
github.com/gobuffalo/validate/v3 v3.3.3/go.mod h1:YC7FsbJ/9hW/VjQdmXPvFqvRis4vrRYFxr69WiNZw6g=
github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y=
github.com/gobwas/glob v0.2.3/go.mod h1:d3Ez4x06l9bZtSvzIay5+Yzi0fmZzPgnTbPcKjJAkT8=
-github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU=
-github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I=
-github.com/goccy/go-yaml v1.11.0 h1:n7Z+zx8S9f9KgzG6KtQKf+kwqXZlLNR2F6018Dgau54=
-github.com/goccy/go-yaml v1.11.0/go.mod h1:H+mJrWtjPTJAHvRbV09MCK9xYwODM+wRTVFFTWckfng=
+github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA=
+github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M=
+github.com/goccy/go-yaml v1.11.3 h1:B3W9IdWbvrUu2OYQGwvU1nZtvMQJPBKgBUuweJjLj6I=
+github.com/goccy/go-yaml v1.11.3/go.mod h1:wKnAMd44+9JAAnGQpWVEgBzGt3YuTaQ4uXoHvE4m7WU=
github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw=
github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU=
-github.com/gofrs/uuid v4.0.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gofrs/uuid v4.2.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
-github.com/gofrs/uuid v4.3.1+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gofrs/uuid v4.4.0+incompatible h1:3qXRTX8/NbyulANqlc0lchS1gqAVxRgsuW1YrTJupqA=
github.com/gofrs/uuid v4.4.0+incompatible/go.mod h1:b2aQJv3Z4Fp6yNu3cdSllBxTCLRxnplIgP/c0N/04lM=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
-github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE=
-github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
-github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.1.2 h1:DVjP2PbBOzHyzA+dn3WhHIq4NdVu3Q+pvivFICf/7fo=
-github.com/golang/glog v1.1.2/go.mod h1:zR+okUeTbrL6EL3xHUDxZuEtGv04p5shwip1+mL/rLQ=
-github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
-github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
-github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
-github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
-github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
+github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk=
+github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk=
github.com/golang/mock v1.6.0 h1:ErTB+efbowRARo13NNdxyJji2egdxLGQhRaY+DUumQc=
github.com/golang/mock v1.6.0/go.mod h1:p6yTPP+5HYm5mzsMV8JkE6ZKdX+/wYM6Hr+LicevLPs=
-github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
-github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
-github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
-github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
-github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
-github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
-github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
-github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
-github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.4.3/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
-github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
-github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
-github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
-github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
-github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
-github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
-github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
-github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
-github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek=
+github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
-github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
-github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/martian/v3 v3.1.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
-github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
-github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
-github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
-github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/pprof v0.0.0-20211214055906-6f57359322fd/go.mod h1:KgnwoLYCZ8IQu3XUZ8Nc/bM9CCZFOyjUNOSygVozoDg=
github.com/google/pprof v0.0.0-20230808223545-4887780b67fb h1:oqpb3Cwpc7EOml5PVGMYbSGmwNui2R7i8IW83gs4W0c=
github.com/google/pprof v0.0.0-20230808223545-4887780b67fb/go.mod h1:Jh3hGz2jkYak8qXPD19ryItVnUgpgeqzdkY/D0EaeuA=
-github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4=
github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ=
github.com/google/uuid v1.0.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/google/uuid v1.4.0 h1:MtMxsa51/r9yyhkyLsVeVt0B+BGQZzpQiTQ4eHZ8bc4=
-github.com/google/uuid v1.4.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
-github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
-github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
-github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g=
-github.com/gorilla/css v1.0.0 h1:BQqNyPTi50JCFMTw/b67hByjMVXZRwGha6wxVGkeihY=
+github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0=
+github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/gorilla/css v1.0.0/go.mod h1:Dn721qIggHpt4+EFCcTLTU/vk5ySda2ReITrtgBl60c=
-github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4=
-github.com/gorilla/handlers v1.5.1/go.mod h1:t8XrUpc4KVXb7HGyJ4/cEnwQiaxrX/hz1Zv/4g96P1Q=
+github.com/gorilla/css v1.0.1 h1:ntNaBIghp6JmvWnxbZKANoLyuXTPZ4cAMlo6RyhlbO8=
+github.com/gorilla/css v1.0.1/go.mod h1:BvnYkspnSzMmwRK+b8/xgNPLiIuNZr6vbZBTPQ2A3b0=
+github.com/gorilla/handlers v1.5.2 h1:cLTUSsNkgcwhgRqvCNmdbRWG0A3N4F+M2nWKdScwyEE=
+github.com/gorilla/handlers v1.5.2/go.mod h1:dX+xVpaxdSw+q0Qek8SSsl3dfMk3jNddUkMzo0GtH0w=
github.com/gorilla/securecookie v1.1.2 h1:YCIWL56dvtr73r6715mJs5ZvhtnY73hBvEF8kXD8ePA=
github.com/gorilla/securecookie v1.1.2/go.mod h1:NfCASbcHqRSY+3a8tlWJwsQap2VX5pwzwo4h3eOamfo=
-github.com/gorilla/sessions v1.2.2 h1:lqzMYz6bOfvn2WriPUjNByzeXIlVzURcPmgMczkmTjY=
-github.com/gorilla/sessions v1.2.2/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
+github.com/gorilla/sessions v1.3.0 h1:XYlkq7KcpOB2ZhHBPv5WpjMIxrQosiZanfoy1HLZFzg=
+github.com/gorilla/sessions v1.3.0/go.mod h1:ePLdVu+jbEgHH+KWw8I1z2wqd0BAdAQh/8LRvBeoNcQ=
github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc=
github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 h1:Ovs26xHkKqVztRpIrF/92BcuyuQ/YW4NSIpoGtfXNho=
github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0/go.mod h1:8NvIoxWQoOIhqOTXgfV/d3M/q6VIi02HzZEHgUlZvzk=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1 h1:6UKoz5ujsI55KNpsJH3UwCq3T8kKbZwNZBNPuTTje8U=
-github.com/grpc-ecosystem/grpc-gateway/v2 v2.18.1/go.mod h1:YvJ2f6MplWDhfxiUC3KpyTy76kYUZA4W3pTv/wdKQ9Y=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0 h1:bkypFPDjIYGfCYD5mRBvpqxfYX1YCS1PXdKYWi8FsN0=
+github.com/grpc-ecosystem/grpc-gateway/v2 v2.20.0/go.mod h1:P+Lt/0by1T8bfcF3z737NnSbmxQAppXMRziHUxPOC8k=
github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ=
github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48=
-github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ=
-github.com/hashicorp/go-hclog v1.2.0 h1:La19f8d7WIlm4ogzNHB0JGqs5AUDAZ2UfCY4sJXcJdM=
-github.com/hashicorp/go-hclog v1.2.0/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ=
-github.com/hashicorp/go-retryablehttp v0.7.4 h1:ZQgVdpTdAL7WpMIwLzCfbalOcSUdkDZnpUv3/+BxzFA=
-github.com/hashicorp/go-retryablehttp v0.7.4/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8=
-github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k=
+github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M=
+github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU=
+github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk=
github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4=
github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ=
github.com/hexops/gotextdiff v1.0.3 h1:gitA9+qJrrTCsiCl7+kh75nPqQt1cx4ZkudSTLoUqJM=
@@ -414,14 +239,10 @@ github.com/hexops/gotextdiff v1.0.3/go.mod h1:pSWU5MAI3yDq+fZBTazCSJysOMbxWL1BSo
github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU=
github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE=
-github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/ianlancetaylor/demangle v0.0.0-20210905161508-09a460cdf81d/go.mod h1:aYm2/VgdVmcIU8iMfdMvDMsRAQjcfZSKFby6HOFvi/w=
github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA=
github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4=
github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
-github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANytuPF1OarO4DADm73n8=
-github.com/inconshreveable/mousetrap v1.0.1/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
github.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf h1:FtEj8sfIcaaBfAKrE1Cwb61YDtYq9JxChK1c7AKce7s=
@@ -429,56 +250,47 @@ github.com/inhies/go-bytesize v0.0.0-20220417184213-4913239db9cf/go.mod h1:yrqSX
github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8=
github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk=
-github.com/jackc/pgconn v1.14.1 h1:smbxIaZA08n6YuxEX1sDyjV/qkbtUtkH20qLkR9MUR4=
-github.com/jackc/pgconn v1.14.1/go.mod h1:9mBNlny0UvkgJdCDvdVHYSjI+8tD2rnKK69Wz8ti++E=
+github.com/jackc/pgconn v1.14.3 h1:bVoTr12EGANZz66nZPkMInAV/KHD2TxH9npjXXgiB3w=
+github.com/jackc/pgconn v1.14.3/go.mod h1:RZbme4uasqzybK2RK5c65VsHxoyaml09lx3tXOcO/VM=
github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE=
github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8=
github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc=
github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak=
github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
-github.com/jackc/pgproto3/v2 v2.1.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.3.1/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgproto3/v2 v2.3.2 h1:7eY55bdBeCz1F2fTzSz69QC+pG46jYq9/jtSPiJ5nn0=
-github.com/jackc/pgproto3/v2 v2.3.2/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
-github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a h1:bbPeKD0xmW/Y25WS6cokEszi5g+S0QxI/d45PkRi7Nk=
-github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
-github.com/jackc/pgtype v1.8.1-0.20210724151600-32e20a603178/go.mod h1:C516IlIV9NKqfsMCXTdChteoXmwgUceqaLfjg2e3NlM=
-github.com/jackc/pgtype v1.12.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
+github.com/jackc/pgproto3/v2 v2.3.3 h1:1HLSx5H+tXR9pW3in3zaztoEwQYRC9SQaYUHjTSUOag=
+github.com/jackc/pgproto3/v2 v2.3.3/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo=
+github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM=
github.com/jackc/pgtype v1.14.0 h1:y+xUdabmyMkJLyApYuPj38mW+aAIqCe5uuBB51rH3Vw=
github.com/jackc/pgtype v1.14.0/go.mod h1:LUMuVrfsFfdKGLw+AFFVv6KtHOFMwRgDDzBt76IqCA4=
-github.com/jackc/pgx/v4 v4.12.1-0.20210724153913-640aa07df17c/go.mod h1:1QD0+tgSXP7iUjYm9C1NxKhny7lq6ee99u/z+IHFcgs=
-github.com/jackc/pgx/v4 v4.17.2/go.mod h1:lcxIZN44yMIrWI78a5CpucdD14hX0SBDbNRvjDBItsw=
-github.com/jackc/pgx/v4 v4.18.1 h1:YP7G1KABtKpB5IHrO9vYwSrCOhs7p3uqhvhhQBptya0=
-github.com/jackc/pgx/v4 v4.18.1/go.mod h1:FydWkUyadDmdNH/mHnGob881GawxeEm7TcMCzkb+qQE=
-github.com/jackc/puddle v1.1.3/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
-github.com/jackc/puddle v1.3.0/go.mod h1:m4B5Dj62Y0fbyuIc15OsIqK0+JU8nkqQjsgx7dvjSWk=
+github.com/jackc/pgx/v4 v4.18.2 h1:xVpYkNR5pk5bMCZGfClbO962UIqVABcAGt7ha1s/FeU=
+github.com/jackc/pgx/v4 v4.18.2/go.mod h1:Ey4Oru5tH5sB6tV7hDmfWFahwF15Eb7DNXlRKx2CkVw=
+github.com/jackc/pgx/v5 v5.6.0 h1:SWJzexBzPL5jb0GEsrPMLIsi/3jOo7RHlzTjcAeDrPY=
+github.com/jackc/pgx/v5 v5.6.0/go.mod h1:DNZ/vlrUnhWCoFGxHAG8U2ljioxukquj7utPDgtQdTw=
+github.com/jackc/puddle/v2 v2.2.1 h1:RhxXJtFG022u4ibrCSMSiu5aOq1i77R3OHKNJj77OAk=
+github.com/jackc/puddle/v2 v2.2.1/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4=
github.com/jandelgado/gcov2lcov v1.0.5 h1:rkBt40h0CVK4oCb8Dps950gvfd1rYvQ8+cWa346lVU0=
github.com/jandelgado/gcov2lcov v1.0.5/go.mod h1:NnSxK6TMlg1oGDBfGelGbjgorT5/L3cchlbtgFYZSss=
github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
-github.com/jinzhu/copier v0.3.5 h1:GlvfUwHk62RokgqVNvYsku0TATCF7bAHVwEXoBh3iJg=
-github.com/jinzhu/copier v0.3.5/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
-github.com/jmoiron/sqlx v1.3.5 h1:vFFPA71p1o5gAeqtEAwLU4dnX2napprKtHr7PYIcN3g=
+github.com/jinzhu/copier v0.4.0 h1:w3ciUoD19shMCRargcpm0cm91ytaBhDvuRpz1ODO/U8=
+github.com/jinzhu/copier v0.4.0/go.mod h1:DfbEm0FYsaqBcKcFuvmOZb218JkPGtvSHsKg8S8hyyg=
github.com/jmoiron/sqlx v1.3.5/go.mod h1:nRVWtLre0KfCLJvgxzCsLVMogSvQ1zNJtpYr2Ccp0mQ=
-github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o=
+github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY=
github.com/joho/godotenv v1.4.0/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/joho/godotenv v1.5.1 h1:7eLL/+HRGLY0ldzfGMeQkb7vMd0as4CfYvUVzLqw0N0=
github.com/joho/godotenv v1.5.1/go.mod h1:f4LDr5Voq0i2e/R5DDNOoa2zzDfwtkZa6DnEwAbqwq4=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
-github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
-github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
github.com/julienschmidt/httprouter v1.3.0 h1:U0609e9tgbseu3rBINet9P48AI/D3oJs4dN7jwJOQ1U=
github.com/julienschmidt/httprouter v1.3.0/go.mod h1:JR6WtHb+2LUe8TCKY3cZOxFyyO8IZAc4RVcycCCAKdM=
-github.com/karrick/godirwalk v1.8.0/go.mod h1:H5KPZjojv4lE+QYImBI8xVtrBRgYrIVsaRPx4tDPEn4=
-github.com/karrick/godirwalk v1.10.3/go.mod h1:RoGL9dQei4vP9ilrpETWE8CLOZ1kiN0LhBygSwrAsHA=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 h1:Z9n2FFNUXsshfwJMBgNA0RU6/i7WVaAegv3PtuIHPMs=
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
-github.com/klauspost/compress v1.13.6/go.mod h1:/3/Vjq9QcHkK5uEr5lBEmyoZ1iFhe47etQ6QUkpK6sk=
github.com/knadh/koanf/maps v0.1.1 h1:G5TjmUh2D7G2YWf5SQQqSiHRJEjaicvU0KpypqB3NIs=
github.com/knadh/koanf/maps v0.1.1/go.mod h1:npD/QZY3V6ghQDdcQzl1W4ICNVTkohC8E73eI2xW4yI=
github.com/knadh/koanf/parsers/json v0.1.0 h1:dzSZl5pf5bBcW0Acnu20Djleto19T0CfHcvZ14NJ6fU=
@@ -493,11 +305,7 @@ github.com/knadh/koanf/providers/rawbytes v0.1.0 h1:dpzgu2KO6uf6oCb4aP05KDmKmAmI
github.com/knadh/koanf/providers/rawbytes v0.1.0/go.mod h1:mMTB1/IcJ/yE++A2iEZbY1MLygX7vttU+C+S/YmPu9c=
github.com/knadh/koanf/v2 v2.0.1 h1:1dYGITt1I23x8cfx8ZnldtezdyaZtfAuRtIFOiRzK7g=
github.com/knadh/koanf/v2 v2.0.1/go.mod h1:ZeiIlIDXTE7w1lMT6UVcNiRAS2/rCeLn/GdLNvY1Dus=
-github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/konsorten/go-windows-terminal-sequences v1.0.2/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
-github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg=
github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
-github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk=
@@ -510,38 +318,25 @@ github.com/laher/mergefs v0.1.1/go.mod h1:FSY1hYy94on4Tz60waRMGdO1awwS23BacqJlqf
github.com/leodido/go-urn v1.2.0 h1:hpXL4XnriNwQ/ABnpepYM/1vCLWNDfUNts8dX3xTG6Y=
github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
github.com/lib/pq v1.2.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
-github.com/lib/pq v1.10.2/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
-github.com/lib/pq v1.10.7/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
github.com/luna-duclos/instrumentedsql v1.1.3 h1:t7mvC0z1jUt5A0UQ6I/0H31ryymuQRnJcWCiqV3lSAA=
github.com/luna-duclos/instrumentedsql v1.1.3/go.mod h1:9J1njvFds+zN7y85EDhN9XNQLANWwZt2ULeIC8yMNYs=
github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY=
github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
-github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc=
-github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
-github.com/markbates/oncer v0.0.0-20181203154359-bf2de49a0be2/go.mod h1:Ld9puTsIW75CHf65OeIOkyKbteujpZVXDpWK6YGZbxE=
-github.com/markbates/pkger v0.17.1 h1:/MKEtWqtc0mZvu9OinB9UzVN9iYCwLWuyUv4Bw+PCno=
-github.com/markbates/pkger v0.17.1/go.mod h1:0JoVlrol20BSywW79rN3kdFFsE5xYM+rSCQDXbLhiuI=
-github.com/markbates/safe v1.0.1/go.mod h1:nAqgmRi7cY2nqMc92/bSEeQA+R4OheNU2T1kNSCBdG0=
-github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
-github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc=
github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA=
github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg=
-github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
-github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94=
github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM=
-github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA=
-github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
-github.com/mattn/go-sqlite3 v1.14.16 h1:yOQRA0RpS5PFz/oikGwBEqvAWhWg5ufRz4ETLjwpU1Y=
-github.com/mattn/go-sqlite3 v1.14.16/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-sqlite3 v1.14.6/go.mod h1:NyWgC/yNuGj7Q9rpYnZvas74GogHl5/Z4A/KQRfk6bU=
+github.com/mattn/go-sqlite3 v1.14.15/go.mod h1:2eHXhiwb8IkHr+BDWZGa96P6+rkvnG63S2DGjv9HUNg=
+github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
+github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
github.com/mattn/goveralls v0.0.12 h1:PEEeF0k1SsTjOBQ8FOmrOAoCu4ytuMaWCnWe94zxbCg=
github.com/mattn/goveralls v0.0.12/go.mod h1:44ImGEUfmqH8bBtaMrYKsM65LXfNLWmwaxFGjZwgMSQ=
-github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo=
-github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4=
github.com/microcosm-cc/bluemonday v1.0.20/go.mod h1:yfBmMi8mxvaZut3Yytv+jTXRY8mxyjJ0/kQBTElld50=
github.com/microcosm-cc/bluemonday v1.0.22/go.mod h1:ytNkv4RrDrLJ2pqlsSI46O6IVXmZOBBD4SaJyDwwTkM=
github.com/microcosm-cc/bluemonday v1.0.26 h1:xbqSvqzQMeEHCqMi64VAs4d8uy6Mequs3rQ0k/Khz58=
@@ -549,26 +344,24 @@ github.com/microcosm-cc/bluemonday v1.0.26/go.mod h1:JyzOCs9gkyQyjs+6h10UEVSe02C
github.com/miekg/pkcs11 v1.0.3-0.20190429190417-a667d056470f/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
github.com/miekg/pkcs11 v1.1.1 h1:Ugu9pdy6vAYku5DEpVWVFPYnzV+bxB+iRdbuFSu7TvU=
github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs=
-github.com/mikefarah/yq/v4 v4.34.2 h1:FmhqW52kPBQGOQHQhq+FHEU/GgLDmJMAkj4mtelhs4s=
-github.com/mikefarah/yq/v4 v4.34.2/go.mod h1:EsGfyWg6sNpnva274ASzb54TJrCBAOKsBgJaifOmcqw=
+github.com/mikefarah/yq/v4 v4.44.2 h1:J+ezWCDTg+SUs0jXdcE0HIPH1+rEr0Tbn9Y1SwiWtH0=
+github.com/mikefarah/yq/v4 v4.44.2/go.mod h1:9bnz36uZJDEyxdIjRronBcqStS953k3y3DrSRXr4F/w=
github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw=
github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw=
github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s=
-github.com/mitchellh/mapstructure v1.3.3/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
-github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY=
github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo=
github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ=
github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw=
+github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0=
+github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo=
github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0=
github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y=
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826 h1:RWengNIwukTxcDr9M+97sNutRR1RKhG96O6jWumTTnw=
github.com/mohae/deepcopy v0.0.0-20170929034955-c48cc78d4826/go.mod h1:TaXosZuwdSHYgviHp1DAtfrULt5eUgsSMsZf+YrPgl8=
-github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe/go.mod h1:wL8QJuTMNUDYhXwkmfOly8iTdp5TEcJFWZD2D7SIkUc=
github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A=
github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc=
-github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
github.com/nyaruka/phonenumbers v1.1.7 h1:5UUI9hE79Kk0dymSquXbMYB7IlNDNhvu2aNlJpm9et8=
github.com/nyaruka/phonenumbers v1.1.7/go.mod h1:DC7jZd321FqUe+qWSNcHi10tyIyGNXGcNbfkPvdp1Vs=
github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4=
@@ -577,18 +370,16 @@ github.com/oleiade/reflections v1.0.1 h1:D1XO3LVEYroYskEsoSiGItp9RUxG6jWnCVvrqH0
github.com/oleiade/reflections v1.0.1/go.mod h1:rdFxbxq4QXVZWj0F+e9jqjDkc7dbp97vkRixKo2JR60=
github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
-github.com/opencontainers/image-spec v1.1.0-rc4 h1:oOxKUJWnFC4YGHCCMNql1x4YaDfYBTS5Y4x/Cgeo1E0=
-github.com/opencontainers/image-spec v1.1.0-rc4/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8=
-github.com/opencontainers/runc v1.1.8 h1:zICRlc+C1XzivLc3nzE+cbJV4LIi8tib6YG0MqC6OqA=
-github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh/smNYNOhA50=
+github.com/opencontainers/image-spec v1.1.0 h1:8SG7/vwALn54lVB/0yZ/MMwhFrPYtpEHQb2IpWsCzug=
+github.com/opencontainers/image-spec v1.1.0/go.mod h1:W4s4sFTMaBeK1BQLXbG4AdM2szdn85PY75RI83NrTrM=
+github.com/opencontainers/runc v1.1.14 h1:rgSuzbmgz5DUJjeSnw337TxDbRuqjs6iqQck/2weR6w=
+github.com/opencontainers/runc v1.1.14/go.mod h1:E4C2z+7BxR7GHXp0hAY53mek+x49X1LjPNeMTfRGvOA=
github.com/openzipkin/zipkin-go v0.4.2 h1:zjqfqHjUpPmB3c1GlCvvgsM1G4LkvqQbBDueDOCg/jA=
github.com/openzipkin/zipkin-go v0.4.2/go.mod h1:ZeVkFjuuBiSy13y8vpSDCjMi9GoI3hPpCJSBx/EYFhY=
github.com/ory/analytics-go/v5 v5.0.1 h1:LX8T5B9FN8KZXOtxgN+R3I4THRRVB6+28IKgKBpXmAM=
github.com/ory/analytics-go/v5 v5.0.1/go.mod h1:lWCiCjAaJkKfgR/BN5DCLMol8BjKS1x+4jxBxff/FF0=
-github.com/ory/dockertest/v3 v3.10.0 h1:4K3z2VMe8Woe++invjaTB7VRyQXQy5UY+loujO4aNE4=
-github.com/ory/dockertest/v3 v3.10.0/go.mod h1:nr57ZbRWMqfsdGdFNLHz5jjNdDb7VVFnzAeW1n5N1Lg=
-github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7 h1:EZEUk9sdC9cIKSqXipBz4eO84byOLLeVUnptgX7QFvM=
-github.com/ory/fosite v0.44.1-0.20231218095112-ac9ae4bd99d7/go.mod h1:fkMPsnm/UjiefE9dE9CdZQGOH48TWJLIzUcdGIXg8Kk=
+github.com/ory/dockertest/v3 v3.10.1-0.20240704115616-d229e74b748d h1:By96ZSVuH5LyjXLVVMfvJoLVGHaT96LdOnwgFSLVf0E=
+github.com/ory/dockertest/v3 v3.10.1-0.20240704115616-d229e74b748d/go.mod h1:F2FIjwwAk6CsNAs//B8+aPFQF0t84pbM8oliyNXwQrk=
github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe h1:rvu4obdvqR0fkSIJ8IfgzKOWwZ5kOT2UNfLq81Qk7rc=
github.com/ory/go-acc v0.2.9-0.20230103102148-6b1c9a70dbbe/go.mod h1:z4n3u6as84LbV4YmgjHhnwtccQqzf4cZlSk9f1FhygI=
github.com/ory/go-convenience v0.1.0 h1:zouLKfF2GoSGnJwGq+PE/nJAE6dj2Zj5QlTgmMTsTS8=
@@ -599,55 +390,53 @@ github.com/ory/herodot v0.10.3-0.20230626083119-d7e5192f0d88 h1:J0CIFKdpUeqKbVMw
github.com/ory/herodot v0.10.3-0.20230626083119-d7e5192f0d88/go.mod h1:MMNmY6MG1uB6fnXYFaHoqdV23DTWctlPsmRCeq/2+wc=
github.com/ory/jsonschema/v3 v3.0.8 h1:Ssdb3eJ4lDZ/+XnGkvQS/te0p+EkolqwTsDOCxr/FmU=
github.com/ory/jsonschema/v3 v3.0.8/go.mod h1:ZPzqjDkwd3QTnb2Z6PAS+OTvBE2x5i6m25wCGx54W/0=
-github.com/ory/kratos-client-go v0.13.1 h1:o+pFV9ZRMFSBa4QeNJYbJeLz036UWU4p+7yfKghK+0E=
-github.com/ory/kratos-client-go v0.13.1/go.mod h1:hkrFJuHSBQw+qN6Ks0faOAYhAKwtpjvhCZzsQ7g/Ufc=
-github.com/ory/x v0.0.607 h1:qNP1gU6RWVtsEB04rPht+1rV2DqQhvOAN2sF+4eqVWo=
-github.com/ory/x v0.0.607/go.mod h1:fCYvVVHo8wYrCwLyU8+9hFY3IRo4EZM3KI30ysDsDYY=
+github.com/ory/kratos-client-go v1.2.1 h1:Q3T/adfAfAkHFcV1LGLnwz4QkY6ghBdX9zde5T8uO/4=
+github.com/ory/kratos-client-go v1.2.1/go.mod h1:WiQYlrqW4Atj6Js7oDN5ArbZxo0nTO2u/e1XaDv2yMI=
+github.com/ory/pop/v6 v6.2.0 h1:hRFOGAOEHw91kUHQ32k5NHqCkcHrRou/romvrJP1w0E=
+github.com/ory/pop/v6 v6.2.0/go.mod h1:okVAYKGtgunD/wbW3NGhZTndJCS+6FqO+cA89rQ4doc=
+github.com/ory/x v0.0.668 h1:HfJgq+vRwC6ptzc3+Y1VFpo9zc8eXHEtX24qxAPqr5s=
+github.com/ory/x v0.0.668/go.mod h1:0Av1u/Gh7WXCrEDJJnySAJrDzluaWllOfl5zqf9Dky8=
github.com/pborman/uuid v1.2.1 h1:+ZZIw58t/ozdjRaXh/3awHfmWRbzYxJoAdNJxe/3pvw=
github.com/pborman/uuid v1.2.1/go.mod h1:X/NO0urCmaxf9VXbdlT7C2Yzkj2IKimNn4k+gtPdI/k=
-github.com/pelletier/go-toml v1.7.0/go.mod h1:vwGMzjaWMwyfHwgIBhI2YUM4fB6nL6lVAvS1LBMMhTE=
github.com/pelletier/go-toml v1.9.5 h1:4yBQzkHv+7BHq2PQUZF3Mx0IYxG7LsP222s7Agd3ve8=
github.com/pelletier/go-toml v1.9.5/go.mod h1:u1nR/EPcESfeI/szUZKdtJ0xRNbUoANCkoOuaOx1Y+c=
-github.com/pelletier/go-toml/v2 v2.0.9 h1:uH2qQXheeefCCkuBBSLi7jCiSmj3VRh2+Goq2N7Xxu0=
-github.com/pelletier/go-toml/v2 v2.0.9/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdUvyaeZurnPPDc=
+github.com/pelletier/go-toml/v2 v2.2.2 h1:aYUidT7k73Pcl9nb2gScu7NSrKCSHIDE89b3+6Wq+LM=
+github.com/pelletier/go-toml/v2 v2.2.2/go.mod h1:1t835xjRzz80PqgE6HHgN2JOsmgYu/h4qDAS4n929Rs=
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2 h1:JhzVVoYvbOACxoUmOs6V/G4D5nPVUW73rKvXxP4XUJc=
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2/go.mod h1:iIss55rKnNBTvrwdmkUpLnDpZoAHvWaiq5+iMmen4AE=
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e h1:aoZm08cpOy4WuID//EZDgcC4zIxODThtZNPirFr42+A=
github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA=
-github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pkg/profile v1.7.0 h1:hnbDkaNWPCLMO9wGLdBFTIZvzDrDfBM2072E1S9gJkA=
github.com/pkg/profile v1.7.0/go.mod h1:8Uer0jas47ZQMJ7VD+OHknK4YDY07LPUC6dEvqDjvNo=
-github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U=
+github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/prashantv/gostub v1.1.0 h1:BTyx3RfQjRHnUWaGF9oQos79AlQ5k8WNktv7VGvVH4g=
github.com/prashantv/gostub v1.1.0/go.mod h1:A5zLQHz7ieHGG7is6LLXLz7I8+3LZzsrV0P1IAHhP5U=
-github.com/prometheus/client_golang v1.16.0 h1:yk/hx9hDbrGHovbci4BY+pRMfSuuat626eFsHb7tmT8=
-github.com/prometheus/client_golang v1.16.0/go.mod h1:Zsulrv/L9oM40tJ7T815tM89lFEugiJ9HzIqaAx4LKc=
-github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
-github.com/prometheus/client_model v0.4.0 h1:5lQXD3cAg1OXBf4Wq03gTrXHeaV0TQvGfUooCfx1yqY=
-github.com/prometheus/client_model v0.4.0/go.mod h1:oMQmHW1/JoDwqLtg57MGgP/Fb1CJEYF2imWWhWtMkYU=
-github.com/prometheus/common v0.44.0 h1:+5BrQJwiBB9xsMygAB3TNvpQKOwlkc25LbISbrdOOfY=
-github.com/prometheus/common v0.44.0/go.mod h1:ofAIvZbQ1e/nugmZGz4/qCb9Ap1VoSTIO7x0VV9VvuY=
-github.com/prometheus/procfs v0.11.1 h1:xRC8Iq1yyca5ypa9n1EZnWZkt7dwcoRPQwX/5gwaUuI=
-github.com/prometheus/procfs v0.11.1/go.mod h1:eesXgaPo1q7lBpVMoMy0ZOFTth9hBn4W/y0/p/ScXhY=
-github.com/rogpeppe/go-internal v1.1.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.2.2/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE=
+github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho=
+github.com/prometheus/client_model v0.5.0 h1:VQw1hfvPvk3Uv6Qf29VrPF32JB6rtbgI6cYPYQjL0Qw=
+github.com/prometheus/client_model v0.5.0/go.mod h1:dTiFglRmd66nLR9Pv9f0mZi7B7fk5Pm3gvsjB5tr+kI=
+github.com/prometheus/common v0.48.0 h1:QO8U2CdOzSn1BBsmXJXduaaW+dY/5QLjfB8svtSzKKE=
+github.com/prometheus/common v0.48.0/go.mod h1:0/KsvlIEfPQCQ5I2iNSAWKPZziNCvRs5EC6ILDTlAPc=
+github.com/prometheus/procfs v0.12.0 h1:jluTpSng7V9hY0O2R9DzzJHYb2xULk9VTR1V1R/k6Bo=
+github.com/prometheus/procfs v0.12.0/go.mod h1:pcuDEFsWDnvcgNzo4EEweacyhjeA9Zk3cnaOZAZEfOo=
github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc=
github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M=
-github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA=
-github.com/rs/cors v1.9.0 h1:l9HGsTsHJcvW14Nk7J9KFz8bzeAWXn3CG6bgt7LsrAE=
-github.com/rs/cors v1.9.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
-github.com/rs/xid v1.2.1/go.mod h1:+uKXf+4Djp6Md1KODXJxgGQPKngRmWyn10oCKFzNHOQ=
-github.com/rs/zerolog v1.15.0/go.mod h1:xYTKnLHcpfU2225ny5qZjxnj9NvkumZYjJHlAThCjNc=
+github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
+github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rs/cors v1.11.0 h1:0B9GE/r9Bc2UxRMMtymBkHTenPkHDv0CW4Y98GBY+po=
+github.com/rs/cors v1.11.0/go.mod h1:XyqrcTp5zjWr1wsJ8PIRZssZ8b/WMcMf71DJnit4EMU=
github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
-github.com/sawadashota/encrypta v0.0.3 h1:NWo2S6oBzZmD/tlm6iH1eYLZA99NsFPvc33MhklME6o=
-github.com/sawadashota/encrypta v0.0.3/go.mod h1:W3Nja83iH22fOS8sGgKCf4rCehZqLrca1+oQbtFUFck=
+github.com/sagikazarmark/locafero v0.4.0 h1:HApY1R9zGo4DBgr7dqsTH/JJxLTTsOt7u6keLGt6kNQ=
+github.com/sagikazarmark/locafero v0.4.0/go.mod h1:Pe1W6UlPYUk/+wc/6KFhbORCfqzgYEpgQ3O5fPuL3H4=
+github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE=
+github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ=
+github.com/sawadashota/encrypta v0.0.5 h1:boMQmISmg62WEgU5AMu3WDLhi5TAP2iidYP+AxgxMJM=
+github.com/sawadashota/encrypta v0.0.5/go.mod h1:jeRi1jWo+bQoBVwXLPhuArSZTA6TOqXj/+wqnFiScik=
github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761 h1:0b8DF5kR0PhRoRXDiEEdzrgBc8UqVY4JWLkQJCRsLME=
github.com/seatgeek/logrus-gelf-formatter v0.0.0-20210414080842-5b05eb8ff761/go.mod h1:/THDZYi7F/BsVEcYzYPqdcWFQ+1C2InkawTKfLOAnzg=
github.com/segmentio/analytics-go v3.1.0+incompatible/go.mod h1:C7CYBtQWk4vRk2RyLu0qOcbHJ18E3F1HV2C/8JvKN48=
@@ -663,37 +452,31 @@ github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NF
github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8=
github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o=
-github.com/sirupsen/logrus v1.4.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
-github.com/sirupsen/logrus v1.4.1/go.mod h1:ni0Sbl8bgC9z8RoU9G6nDWqqs/fq4eDPysMBDgk/93Q=
-github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE=
-github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d h1:yKm7XZV6j9Ev6lojP2XaIshpT4ymkqhMeSghO5Ps00E=
github.com/sourcegraph/annotate v0.0.0-20160123013949-f4cad6c6324d/go.mod h1:UdhH50NIW0fCiwBSr0co2m7BnFLdv4fQTgdqdJTHFeE=
+github.com/sourcegraph/conc v0.3.0 h1:OQTbbt6P72L20UqAkXXuLOj79LfEanQ+YQFNpLA9ySo=
+github.com/sourcegraph/conc v0.3.0/go.mod h1:Sdozi7LEKbFPqYX2/J+iBAM6HpqSLTASQIKqDmF7Mt0=
github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e h1:qpG93cPwA5f7s/ZPBJnGOYQNK/vKsaDaseuKT5Asee8=
github.com/sourcegraph/syntaxhighlight v0.0.0-20170531221838-bd320f5d308e/go.mod h1:HuIsMU8RRBOtsCgI77wP899iHVBQpCmg4ErYMZB+2IA=
-github.com/spf13/afero v1.9.5 h1:stMpOSZFs//0Lv29HduCmli3GUfpFoF3Y1Q/aXj/wVM=
-github.com/spf13/afero v1.9.5/go.mod h1:UBogFpq8E9Hx+xc5CNTTEpTnuHVmXDwZcZcE1eb/UhQ=
+github.com/spf13/afero v1.11.0 h1:WJQKhtpdm3v2IzqG8VMqrr6Rf3UYpEF239Jy9wNepM8=
+github.com/spf13/afero v1.11.0/go.mod h1:GH9Y3pIexgf1MTIWtNGyogA5MwRIDXGUr+hbWNoBjkY=
github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE=
-github.com/spf13/cast v1.5.1 h1:R+kOtfhWQE6TVQzY+4D7wJLBgkdVasCEFxSUBYBYIlA=
-github.com/spf13/cast v1.5.1/go.mod h1:b9PdjNptOpzXr7Rq1q9gJML/2cdGQAo69NKzQ10KN48=
-github.com/spf13/cobra v0.0.3/go.mod h1:1l0Ry5zgKvJasoi3XT1TypsSe7PqH0Sj9dhYf7v3XqQ=
-github.com/spf13/cobra v1.6.1/go.mod h1:IOw/AERYS7UzyrGinqmz6HLUo219MORXGxhbaJUqzrY=
-github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
-github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
-github.com/spf13/jwalterweatherman v1.1.0 h1:ue6voC5bR5F8YxI5S67j9i582FU4Qvo2bmqnqMYADFk=
-github.com/spf13/jwalterweatherman v1.1.0/go.mod h1:aNWZUN0dPAAO/Ljvb5BEdw96iTZ0EXowPYD95IqWIGo=
-github.com/spf13/pflag v1.0.3/go.mod h1:DYY7MBk1bdzusC3SYhjObp+wFpr4gzcvqqNjLnInEg4=
+github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0=
+github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo=
+github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM=
+github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
-github.com/spf13/viper v1.16.0 h1:rGGH0XDZhdUOryiDWjmIvUSWpbNqisK8Wk0Vyefw8hc=
-github.com/spf13/viper v1.16.0/go.mod h1:yg78JgCJcbrQOvV9YLXgkLaZqUidkY9K+Dd1FofRzQg=
+github.com/spf13/viper v1.18.2 h1:LUXCnvUvSM6FXAsj6nnfc8Q2tp1dIgUfY9Kc8GsSOiQ=
+github.com/spf13/viper v1.18.2/go.mod h1:EKmWIqdnk5lOcmR72yw6hS+8OPYcwD0jteitLMVB+yk=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
-github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY=
+github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@@ -703,18 +486,18 @@ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
-github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
-github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8=
-github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0=
+github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg=
+github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
+github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
+github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
github.com/thales-e-security/pool v0.0.2 h1:RAPs4q2EbWsTit6tpzuvTFlgFRJ3S8Evf5gtvVDbmPg=
github.com/thales-e-security/pool v0.0.2/go.mod h1:qtpMm2+thHtqhLzTwgDBj/OuNnMpupY8mv0Phz0gjhU=
github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
-github.com/tidwall/gjson v1.17.0 h1:/Jocvlh98kcTfpN2+JzGQWQcqrPQwDrVEMApx/M5ZwM=
-github.com/tidwall/gjson v1.17.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
+github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94=
+github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk=
github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA=
github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM=
-github.com/tidwall/pretty v1.0.0/go.mod h1:XNkn88O1ChpSDQmQeStsy+sBenx6DDtFZJxhVysOjyk=
github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
github.com/tidwall/pretty v1.2.1 h1:qjsOFOWWQl+N3RsoF5/ssm1pHmJJwhjlSbZ51I6wMl4=
github.com/tidwall/pretty v1.2.1/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU=
@@ -728,13 +511,6 @@ github.com/twmb/murmur3 v1.1.8 h1:8Yt9taO/WN3l08xErzjeschgZU2QSrwm1kclYq+0aRg=
github.com/twmb/murmur3 v1.1.8/go.mod h1:Qq/R7NUyOfr65zD+6Q5IHKsJLwP7exErjN6lyyq3OSQ=
github.com/urfave/negroni v1.0.0 h1:kIimOitoypq34K7TG7DUaJ9kq/N4Ofuwi1sjz0KipXc=
github.com/urfave/negroni v1.0.0/go.mod h1:Meg73S6kFm/4PpbYdq35yYWoCZ9mS/YSx+lKnmiohz4=
-github.com/xdg-go/pbkdf2 v1.0.0/go.mod h1:jrpuAogTd400dnrH08LKmI/xc1MbPOebTwRqcT5RDeI=
-github.com/xdg-go/scram v1.0.2/go.mod h1:1WAq6h33pAW+iRreB34OORO2Nf7qel3VV3fjBj+hCSs=
-github.com/xdg-go/scram v1.1.1/go.mod h1:RaEWvsqvNKKvBPvcKeFjrG2cJqOkHTiyTpzz23ni57g=
-github.com/xdg-go/scram v1.1.2/go.mod h1:RT/sEzTbU5y00aCK8UOx6R7YryM0iF1N2MOmC3kKLN4=
-github.com/xdg-go/stringprep v1.0.2/go.mod h1:8F9zXuvzgwmyT5DUm4GUfZGDdT3W+LCvS6+da4O5kxM=
-github.com/xdg-go/stringprep v1.0.3/go.mod h1:W3f5j4i+9rC0kuIEJL0ky1VpHXQU3ocBgklLGvcBnW8=
-github.com/xdg-go/stringprep v1.0.4/go.mod h1:mPGuuIYwz7CmR2bT9j4GbQqutWS1zV24gijq1dTyGkM=
github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo=
github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU=
@@ -744,465 +520,177 @@ github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17
github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c h1:3lbZUMbMiGUW/LMkfsEABsc5zNT9+b1CvsJx47JzJ8g=
github.com/xtgo/uuid v0.0.0-20140804021211-a0b114877d4c/go.mod h1:UrdRz5enIKZ63MEE3IF9l2/ebyx59GyGgPi+tICQdmM=
-github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d/go.mod h1:rHwXgn7JulP+udvsHwJoVG1YGAP6VLg4y9I5dyZdqmA=
-github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
-github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-github.com/zenazn/goji v0.9.0/go.mod h1:7S9M489iMyHBNxwZnk9/EHS098H4/F6TATF2mIxtB1Q=
-go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg=
-go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng=
-go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8=
-go.mongodb.org/mongo-driver v1.12.1 h1:nLkghSU8fQNaK7oUmDhQFsnrtcoNy7Z6LVFKsEecqgE=
-go.mongodb.org/mongo-driver v1.12.1/go.mod h1:/rGBTebI3XYboVmgz+Wv3Bcbl3aD0QF9zl6kDDw18rQ=
-go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
-go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
-go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
-go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
+github.com/yuin/gopher-lua v1.1.1 h1:kYKnWBjvbNP4XLT3+bPEwAXJx262OhaHDWDVOPjL46M=
+github.com/yuin/gopher-lua v1.1.1/go.mod h1:GBR0iDaNXjAgGg9zfCvksxSRnQx76gclCIb7kdAd1Pw=
+go.mongodb.org/mongo-driver v1.14.0 h1:P98w8egYRjYe3XDjxhYJagTokP/H6HzlsnojRgZRd80=
+go.mongodb.org/mongo-driver v1.14.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c=
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1 h1:gbhw/u49SS3gkPWiYweQNJGm/uJN5GkI/FrosxSHT7A=
go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace v0.46.1/go.mod h1:GnOaBaFQ2we3b9AGWJpsBa7v1S5RlQzlC3O7dRMxZhM=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1 h1:aFJWCqJMNjENlcleuuOkGAPH82y0yULBScfXcIEdS24=
-go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.46.1/go.mod h1:sEGXWArGqc3tVa+ekntsN65DmVbVeW+7lTKTjZF3/Fo=
-go.opentelemetry.io/contrib/propagators/b3 v1.20.0 h1:Yty9Vs4F3D6/liF1o6FNt0PvN85h/BJJ6DQKJ3nrcM0=
-go.opentelemetry.io/contrib/propagators/b3 v1.20.0/go.mod h1:On4VgbkqYL18kbJlWsa18+cMNe6rYpBnPi1ARI/BrsU=
-go.opentelemetry.io/contrib/propagators/jaeger v1.20.0 h1:iVhNKkMIpzyZqxk8jkDU2n4DFTD+FbpGacvooxEvyyc=
-go.opentelemetry.io/contrib/propagators/jaeger v1.20.0/go.mod h1:cpSABr0cm/AH/HhbJjn+AudBVUMgZWdfN3Gb+ZqxSZc=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg=
+go.opentelemetry.io/contrib/propagators/b3 v1.21.0 h1:uGdgDPNzwQWRwCXJgw/7h29JaRqcq9B87Iv4hJDKAZw=
+go.opentelemetry.io/contrib/propagators/b3 v1.21.0/go.mod h1:D9GQXvVGT2pzyTfp1QBOnD1rzKEWzKjjwu5q2mslCUI=
+go.opentelemetry.io/contrib/propagators/jaeger v1.21.1 h1:f4beMGDKiVzg9IcX7/VuWVy+oGdjx3dNJ72YehmtY5k=
+go.opentelemetry.io/contrib/propagators/jaeger v1.21.1/go.mod h1:U9jhkEl8d1LL+QXY7q3kneJWJugiN3kZJV2OWz3hkBY=
go.opentelemetry.io/contrib/samplers/jaegerremote v0.15.1 h1:Qb+5A+JbIjXwO7l4HkRUhgIn4Bzz0GNS2q+qdmSx+0c=
go.opentelemetry.io/contrib/samplers/jaegerremote v0.15.1/go.mod h1:G4vNCm7fRk0kjZ6pGNLo5SpLxAUvOfSrcaegnT8TPck=
-go.opentelemetry.io/otel v1.21.0 h1:hzLeKBZEL7Okw2mGzZ0cc4k/A7Fta0uoPgaJCr8fsFc=
-go.opentelemetry.io/otel v1.21.0/go.mod h1:QZzNPQPm1zLX4gZK4cMi+71eaorMSGT3A4znnUvNNEo=
+go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo=
+go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4=
go.opentelemetry.io/otel/exporters/jaeger v1.17.0 h1:D7UpUy2Xc2wsi1Ras6V40q806WM07rqoCWzXu7Sqy+4=
go.opentelemetry.io/otel/exporters/jaeger v1.17.0/go.mod h1:nPCqOnEH9rNLKqH/+rrUjiMzHJdV1BlpKcTwRTyKkKI=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0 h1:cl5P5/GIfFh4t6xyruOgJP5QiA1pw4fYYdv6nc6CBWw=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.21.0/go.mod h1:zgBdWWAu7oEEMC06MMKc5NLbA/1YDXV1sMpSqEeLQLg=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0 h1:digkEZCJWobwBqMwC0cwCq8/wkkRy/OowZg5OArWZrM=
-go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.21.0/go.mod h1:/OpE/y70qVkndM0TrxT4KBoN3RsFZP0QaofcfYrj76I=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0 h1:3Q/xZUyC1BBkualc9ROb4G8qkH90LXEIICcs5zv1OYY=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.28.0/go.mod h1:s75jGIWA9OfCMzF0xr+ZgfrB5FEbbV7UuYo32ahUiFI=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0 h1:j9+03ymgYhPKmeXGk5Zu+cIZOlVzd9Zv7QIiyItjFBU=
+go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.28.0/go.mod h1:Y5+XiUG4Emn1hTfciPzGPJaSI+RpDts6BnCIir0SLqk=
go.opentelemetry.io/otel/exporters/zipkin v1.21.0 h1:D+Gv6lSfrFBWmQYyxKjDd0Zuld9SRXpIrEsKZvE4DO4=
go.opentelemetry.io/otel/exporters/zipkin v1.21.0/go.mod h1:83oMKR6DzmHisFOW3I+yIMGZUTjxiWaiBI8M8+TU5zE=
-go.opentelemetry.io/otel/metric v1.21.0 h1:tlYWfeo+Bocx5kLEloTjbcDwBuELRrIFxwdQ36PlJu4=
-go.opentelemetry.io/otel/metric v1.21.0/go.mod h1:o1p3CA8nNHW8j5yuQLdc1eeqEaPfzug24uvsyIEJRWM=
-go.opentelemetry.io/otel/sdk v1.21.0 h1:FTt8qirL1EysG6sTQRZ5TokkU8d0ugCj8htOgThZXQ8=
-go.opentelemetry.io/otel/sdk v1.21.0/go.mod h1:Nna6Yv7PWTdgJHVRD9hIYywQBRx7pbox6nwBnZIxl/E=
-go.opentelemetry.io/otel/trace v1.21.0 h1:WD9i5gzvoUPuXIXH24ZNBudiarZDKuekPqi/E8fpfLc=
-go.opentelemetry.io/otel/trace v1.21.0/go.mod h1:LGbsEB0f9LGjN+OZaQQ26sohbOmiMR+BaslueVtS/qQ=
-go.opentelemetry.io/proto/otlp v1.0.0 h1:T0TX0tmXU8a3CbNXzEKGeU5mIVOdf0oykP+u2lIVU/I=
-go.opentelemetry.io/proto/otlp v1.0.0/go.mod h1:Sy6pihPLfYHkr3NkUbEhGHFhINUSI/v80hjKIs5JXpM=
-go.uber.org/atomic v1.5.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
-go.uber.org/atomic v1.6.0/go.mod h1:sABNBOSYdrvTF6hTgEIbc7YasKWGhgEQZyfxyTvoXHQ=
+go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q=
+go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s=
+go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE=
+go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg=
+go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g=
+go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI=
+go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
+go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
go.uber.org/automaxprocs v1.5.3 h1:kWazyxZUrS3Gs4qUpbwo5kEIMGe/DAvi5Z4tl2NW4j8=
go.uber.org/automaxprocs v1.5.3/go.mod h1:eRbA25aqJrxAbsLO0xy5jVwPt7FQnRgjW+efnwa1WM0=
go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A=
go.uber.org/goleak v1.2.1/go.mod h1:qlT2yGI9QafXHhZZLxlSuNsMw3FFLxBr+tBRlmO1xH4=
-go.uber.org/multierr v1.3.0/go.mod h1:VgVr7evmIr6uPjLBxg28wmKNXyqE9akIJ5XnfpiKl+4=
-go.uber.org/multierr v1.5.0/go.mod h1:FeouvMocqHpRaaGuG9EjoKcStLC43Zu/fmqdUMPcKYU=
-go.uber.org/tools v0.0.0-20190618225709-2cfd321de3ee/go.mod h1:vJERXedbb3MVM5f9Ejo0C68/HhF8uaILCdgjnY+goOA=
-go.uber.org/zap v1.13.0/go.mod h1:zwrFLgMcdUuIBviXEYEH1YKNaOBnKXsx2IPda5bBwHM=
-golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+go.uber.org/mock v0.5.0 h1:KAMbZvZPyBPWgD14IrIQ38QCyjwpvVVV6K/bHl1IwQU=
+go.uber.org/mock v0.5.0/go.mod h1:ge71pBPLYDk7QIi1LupWxdAykm7KIEFchiOqd6z7qMM=
+go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0=
+go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
-golang.org/x/crypto v0.0.0-20190422162423-af44ce270edf/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
-golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4=
-golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
-golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58=
-golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k=
-golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
-golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
-golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
-golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
-golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
-golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
-golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
-golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
-golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa h1:FRnLl4eNAQl8hwxVVC17teOw8kdjVDVAiFMtgUdTSRQ=
-golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa/go.mod h1:zk2irFbV9DP96SEBUUAy67IdHUaZuSnrz1n472HUCLE=
-golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
-golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
-golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
-golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
-golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
-golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
-golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/lint v0.0.0-20201208152925-83fdc39ff7b5/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
-golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
-golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
-golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
-golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
-golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
-golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4=
+golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU=
+golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU=
+golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30=
+golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8=
+golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
-golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4=
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
-golang.org/x/mod v0.14.0 h1:dGoOF9QVLYng8IHTm7BAyWqCqSheQ5pYWGhzW00YJr0=
-golang.org/x/mod v0.14.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
-golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8=
+golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
-golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
-golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
-golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201031054903-ff519b6c9102/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
-golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
-golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM=
-golang.org/x/net v0.0.0-20210421230115-4e50805a0758/go.mod h1:72T/g9IO56b78aLF+1Kcs5dz7/ng1VjMUvfKvpfy+jM=
-golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
golang.org/x/net v0.0.0-20220826154423-83b083e8dc8b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.0.0-20221002022538-bcab6841153b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY=
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
+golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc=
golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns=
-golang.org/x/net v0.18.0 h1:mIYleuAkSbHh0tCv7RvjL3F6ZVbLjq4+R7zbOn3Kokg=
-golang.org/x/net v0.18.0/go.mod h1:/czyP5RqHAH4odGYxBJ1qz0+CE5WZ+2j1YgoEo8F2jQ=
-golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
-golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
-golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
-golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0=
-golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM=
-golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20190412183630-56d357773e84/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
+golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys=
+golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE=
+golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs=
+golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
-golang.org/x/sync v0.5.0 h1:60k92dhOjHxJkrqnwsfl8KuaHbn/5dl0lUPUklKo3qE=
-golang.org/x/sync v0.5.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
-golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M=
+golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190419153524-e8e3143a4f4a/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190531175056-4c3a928424d2/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210420072515-93ed5bcd2bfe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20210616094352-59db8d763f22/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20211007075335-d3039528d8ac/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
-golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34=
+golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
+golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY=
-golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
+golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
-golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
+golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
-golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
-golang.org/x/time v0.4.0 h1:Z81tqI5ddIoXDPvVQ7/7CC9TnLM7ubaFG2qXYd5BbYY=
-golang.org/x/time v0.4.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
+golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4=
+golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI=
+golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk=
+golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
-golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
-golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190329151228-23e29df326fe/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190416151739-9c9e1878f421/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190420181800-aa740d480789/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
-golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190425163242-31fd60d6bfdc/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
-golang.org/x/tools v0.0.0-20190531172133-b3315ee88b7d/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
-golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029041327-9cc4af7d6b2c/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191029190741-b9c20aec41a5/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
-golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200103221440-774c71fcf114/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
-golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
-golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
-golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
-golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
-golang.org/x/tools v0.0.0-20200904185747-39188db58858/go.mod h1:Cj7w3i3Rnn0Xh82ur9kSqwfTHTeVxaDqrfMjpcNT6bE=
-golang.org/x/tools v0.0.0-20201110124207-079ba7bd75cd/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201201161351-ac6f37ff4c2a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20201208233053-a543418bbed2/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210105154028-b0ab187a4818/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.0.0-20210108195828-e2f9c7f1fc8e/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0=
golang.org/x/tools v0.1.1/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk=
golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc=
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
-golang.org/x/tools v0.15.0 h1:zdAyfUGbYmuVokhzVmghFl2ZJh5QhcfebBgmVPFYA+8=
-golang.org/x/tools v0.15.0/go.mod h1:hpksKq4dtpQWS1uQ61JkdqWM3LscIS6Slf+VVkm+wQk=
+golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg=
+golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 h1:+cNy6SZtPcJQH3LJVLOSmiC7MMxXNOb3PU/VUEz+EhU=
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028/go.mod h1:NDW/Ps6MPRej6fsCIbMTohpP40sJ/P/vI1MoTEGwX90=
-google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
-google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
-google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
-google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
-google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
-google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
-google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
-google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
-google.golang.org/api v0.35.0/go.mod h1:/XrVsuzM0rZmrsbjJutiuftIzeuTQcEeaYcSk/mQ1dg=
-google.golang.org/api v0.36.0/go.mod h1:+z5ficQTmoYpPn8LCUNVpK5I7hwkpjbcgqA7I34qYtE=
-google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjRCQ8=
-google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
-google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
-google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
-google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
-google.golang.org/appengine v1.6.8 h1:IhEN5q69dyKagZPYMSdIjS2HqprW324FRQZJcGqPAsM=
-google.golang.org/appengine v1.6.8/go.mod h1:1jJ3jBArFh5pcgW8gCtRJnepW8FzD1V44FJffLiz/Ds=
-google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
-google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
-google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
-google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
-google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
-google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
-google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
-google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
-google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
-google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
-google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20200904004341-0bd0a958aa1d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201109203340-2640f1f9cdfb/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201201144952-b05cb90ed32e/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201210142538-e3217bee35cc/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20201214200347-8c77b98c765d/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210108203827-ffc7fda8c3d7/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20210226172003-ab064af71705/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
-google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ=
-google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY=
-google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo=
-google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA=
-google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
-google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
-google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
-google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
-google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
-google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
-google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
-google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
-google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc=
-google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8=
-google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU=
-google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk=
-google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0=
+google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY=
+google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA=
+google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0=
google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99 h1:qA8rMbz1wQ4DOFfM2ouD29DG9aHWBm6ZOy9BGxiUMmY=
google.golang.org/grpc/examples v0.0.0-20210304020650-930c79186c99/go.mod h1:Ly7ZA/ARzg8fnPU9TyZIxoz33sEUuWX7txiqs8lPTgE=
-google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
-google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
-google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
-google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
-google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
-google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
-google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
-google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
-google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
-google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
-google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8=
-google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
+google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg=
+google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
gopkg.in/go-playground/assert.v1 v1.2.1/go.mod h1:9RXL0bg/zibRAgZUYszZSwO/z8Y/a8bDuhia5mkpMnE=
gopkg.in/go-playground/mold.v2 v2.2.0/go.mod h1:XMyyRsGtakkDPbxXbrA5VODo6bUXyvoDjLd5l3T0XoA=
-gopkg.in/inconshreveable/log15.v2 v2.0.0-20180818164646-67afb5ed74ec/go.mod h1:aPpfJ7XW+gOuirDoZ8gHhLh3kZ1B08FtV2bbmy7Jv3s=
gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA=
gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
gopkg.in/op/go-logging.v1 v1.0.0-20160211212156-b2cb9fa56473 h1:6D+BvnJ/j6e222UW8s2qTSe3wGBtvo0MbVQG/c5k8RE=
@@ -1211,25 +699,11 @@ gopkg.in/validator.v2 v2.0.0-20180514200540-135c24b11c19/go.mod h1:o4V0GXN9/CAmC
gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gotest.tools/v3 v3.3.0 h1:MfDY1b1/0xN1CyMlQDac0ziEy9zJQd9CXBRRDHw2jJo=
-gotest.tools/v3 v3.3.0/go.mod h1:Mcr9QNxkg0uMvy/YElmo4SpXgJKWgQvYrT7Kw5RzJ1A=
-honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
-honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
-honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
-rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
-rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
+gotest.tools/v3 v3.5.1 h1:EENdUnS3pdur5nybKYIh2Vfgc8IUNBjxDPSjtiJcOzU=
+gotest.tools/v3 v3.5.1/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU=
diff --git a/hsm/manager_hsm.go b/hsm/manager_hsm.go
index 870fc10ab49..75badb1cc5f 100644
--- a/hsm/manager_hsm.go
+++ b/hsm/manager_hsm.go
@@ -34,6 +34,8 @@ import (
"github.com/go-jose/go-jose/v3"
"github.com/go-jose/go-jose/v3/cryptosigner"
"go.opentelemetry.io/otel"
+ "go.opentelemetry.io/otel/attribute"
+ "go.opentelemetry.io/otel/trace"
)
const tracingComponent = "github.com/ory/hydra/hsm"
@@ -58,23 +60,21 @@ func NewKeyManager(hsm Context, config *config.DefaultProvider) *KeyManager {
}
}
-func (m *KeyManager) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg, use string) (*jose.JSONWebKeySet, error) {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- "kid": kid,
- "alg": alg,
- "use": use,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m *KeyManager) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg, use string) (_ *jose.JSONWebKeySet, err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.GenerateAndPersistKeySet",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", kid),
+ attribute.String("alg", alg),
+ attribute.String("use", use)))
+ defer otelx.End(span, &err)
m.Lock()
defer m.Unlock()
set = m.prefixKeySet(set)
- err := m.deleteExistingKeySet(set)
+ err = m.deleteExistingKeySet(set)
if err != nil {
return nil, err
}
@@ -119,14 +119,10 @@ func (m *KeyManager) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg
}
}
-func (m *KeyManager) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error) {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.GetKey")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- "kid": kid,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m *KeyManager) GetKey(ctx context.Context, set, kid string) (_ *jose.JSONWebKeySet, err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.GetKey",
+ trace.WithAttributes(attribute.String("set", set), attribute.String("kid", kid)))
+ defer otelx.End(span, &err)
m.RLock()
defer m.RUnlock()
@@ -150,13 +146,9 @@ func (m *KeyManager) GetKey(ctx context.Context, set, kid string) (*jose.JSONWeb
return createKeySet(keyPair, id, alg, use)
}
-func (m *KeyManager) GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error) {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.GetKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m *KeyManager) GetKeySet(ctx context.Context, set string) (_ *jose.JSONWebKeySet, err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.GetKeySet", trace.WithAttributes(attribute.String("set", set)))
+ otelx.End(span, &err)
m.RLock()
defer m.RUnlock()
@@ -186,14 +178,12 @@ func (m *KeyManager) GetKeySet(ctx context.Context, set string) (*jose.JSONWebKe
}, nil
}
-func (m *KeyManager) DeleteKey(ctx context.Context, set, kid string) error {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.DeleteKey")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- "kid": kid,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m *KeyManager) DeleteKey(ctx context.Context, set, kid string) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.DeleteKey",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", kid)))
+ defer otelx.End(span, &err)
m.Lock()
defer m.Unlock()
@@ -216,13 +206,9 @@ func (m *KeyManager) DeleteKey(ctx context.Context, set, kid string) error {
return nil
}
-func (m *KeyManager) DeleteKeySet(ctx context.Context, set string) error {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.DeleteKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m *KeyManager) DeleteKeySet(ctx context.Context, set string) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "hsm.DeleteKeySet", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
m.Lock()
defer m.Unlock()
diff --git a/hsm/manager_hsm_test.go b/hsm/manager_hsm_test.go
index 186fcc0d295..17f4be0dfc9 100644
--- a/hsm/manager_hsm_test.go
+++ b/hsm/manager_hsm_test.go
@@ -48,12 +48,10 @@ func TestDefaultKeyManager_HSMEnabled(t *testing.T) {
c := config.MustNew(context.Background(), l, configx.SkipValidation())
c.MustSet(context.Background(), config.KeyDSN, "memory")
c.MustSet(context.Background(), config.HSMEnabled, "true")
- reg := driver.NewRegistrySQL()
- reg.WithLogger(l)
- reg.WithConfig(c)
+ reg, err := driver.NewRegistryWithoutInit(c, l)
+ require.NoError(t, err)
reg.WithHsmContext(mockHsmContext)
- err := reg.Init(context.Background(), false, true, &contextx.TestContextualizer{}, nil, nil)
- assert.NoError(t, err)
+ assert.NoError(t, reg.Init(context.Background(), false, true, &contextx.TestContextualizer{}, nil, nil))
assert.IsType(t, &jwk.ManagerStrategy{}, reg.KeyManager())
assert.IsType(t, &sql.Persister{}, reg.SoftwareKeyManager())
}
diff --git a/internal/.hydra.yaml b/internal/.hydra.yaml
index bb02d986ad6..4e7cbb0143c 100644
--- a/internal/.hydra.yaml
+++ b/internal/.hydra.yaml
@@ -74,6 +74,7 @@ webfinger:
auth_url: https://example.com/auth
token_url: https://example.com/token
client_registration_url: https://example.com
+ device_authorization_url: https://example.com/device_authorization
supported_claims:
- username
supported_scope:
@@ -100,6 +101,8 @@ urls:
consent: https://consent
logout: https://logout
error: https://error
+ device_verification: https://device
+ post_device_done: https://device/callback
post_logout_redirect: https://post_logout
strategies:
@@ -112,12 +115,15 @@ ttl:
refresh_token: 2h
id_token: 2h
auth_code: 2h
+ device_user_code: 2h
oauth2:
expose_internal_errors: true
hashers:
bcrypt:
cost: 20
+ device_authorization:
+ token_polling_interval: 2h
pkce:
enforced: true
enforced_for_public_clients: true
diff --git a/internal/certification/scripts/install.sh b/internal/certification/scripts/install.sh
index 6690b7df6ab..3982585f6f0 100644
--- a/internal/certification/scripts/install.sh
+++ b/internal/certification/scripts/install.sh
@@ -36,14 +36,13 @@ sudo add-apt-repository \
$(lsb_release -cs) \
stable"
sudo apt-get update
-sudo apt-get -y install docker-ce python-pip
+sudo apt-get -y install docker-ce
# Dockerize
export DOCKERIZE_VERSION=v0.6.1
wget https://github.com/jwilder/dockerize/releases/download/$DOCKERIZE_VERSION/dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& tar -C /usr/local/bin -xzvf dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz \
&& rm dockerize-alpine-linux-amd64-$DOCKERIZE_VERSION.tar.gz
-sudo pip install docker-compose
git clone https://github.com/ory/hydra-login-consent-node.git
diff --git a/internal/config/config.yaml b/internal/config/config.yaml
index f3e8bff399c..49615d95966 100644
--- a/internal/config/config.yaml
+++ b/internal/config/config.yaml
@@ -402,6 +402,18 @@ oauth2:
session:
# store encrypted data in database, default true
encrypt_at_rest: true
+ ## refresh_token_rotation
+ # By default Refresh Tokens are rotated and invalidated with each use. See https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-4.13.2 for more details
+ refresh_token_rotation:
+ #
+ ## grace_period
+ #
+ # Set the grace period for refresh tokens to be reused. Such reused tokens will result in multiple refresh tokens being issued.
+ #
+ # Examples:
+ # - 5s
+ # - 1m
+ grace_period: 0s
# The secrets section configures secrets used for encryption and signing of several systems. All secrets can be rotated,
# for more information on this topic navigate to:
diff --git a/internal/driver.go b/internal/driver.go
index 39526b62cd6..38a8d8144d4 100644
--- a/internal/driver.go
+++ b/internal/driver.go
@@ -9,19 +9,16 @@ import (
"testing"
"github.com/go-jose/go-jose/v3"
-
- "github.com/ory/x/configx"
-
"github.com/stretchr/testify/require"
- "github.com/ory/hydra/v2/x"
- "github.com/ory/x/contextx"
- "github.com/ory/x/sqlcon/dockertest"
-
"github.com/ory/hydra/v2/driver"
"github.com/ory/hydra/v2/driver/config"
"github.com/ory/hydra/v2/jwk"
+ "github.com/ory/hydra/v2/x"
+ "github.com/ory/x/configx"
+ "github.com/ory/x/contextx"
"github.com/ory/x/logrusx"
+ "github.com/ory/x/sqlcon/dockertest"
)
func resetConfig(p *config.DefaultProvider) {
@@ -79,15 +76,15 @@ func CleanAndMigrate(reg driver.Registry) func(*testing.T) {
}
func ConnectToMySQL(t testing.TB) string {
- return dockertest.RunTestMySQLWithVersion(t, "8.0.26")
+ return dockertest.RunTestMySQLWithVersion(t, "8.0")
}
func ConnectToPG(t testing.TB) string {
- return dockertest.RunTestPostgreSQLWithVersion(t, "11.8")
+ return dockertest.RunTestPostgreSQLWithVersion(t, "16")
}
func ConnectToCRDB(t testing.TB) string {
- return dockertest.RunTestCockroachDBWithVersion(t, "v22.1.2")
+ return dockertest.RunTestCockroachDBWithVersion(t, "latest-v24.1")
}
func ConnectDatabases(t *testing.T, migrate bool, ctxer contextx.Contextualizer) (pg, mysql, crdb driver.Registry, clean func(*testing.T)) {
diff --git a/internal/httpclient/.openapi-generator/FILES b/internal/httpclient/.openapi-generator/FILES
index 8fd9b406238..395d900b30e 100644
--- a/internal/httpclient/.openapi-generator/FILES
+++ b/internal/httpclient/.openapi-generator/FILES
@@ -10,12 +10,15 @@ api_oidc.go
api_wellknown.go
client.go
configuration.go
+docs/AcceptDeviceUserCodeRequest.md
docs/AcceptOAuth2ConsentRequest.md
docs/AcceptOAuth2ConsentRequestSession.md
docs/AcceptOAuth2LoginRequest.md
docs/CreateJsonWebKeySet.md
docs/CreateVerifiableCredentialRequestBody.md
docs/CredentialSupportedDraft00.md
+docs/DeviceAuthorization.md
+docs/DeviceUserAuthRequest.md
docs/ErrorOAuth2.md
docs/GenericError.md
docs/GetVersion200Response.md
@@ -27,9 +30,9 @@ docs/IsReady503Response.md
docs/JsonPatch.md
docs/JsonWebKey.md
docs/JsonWebKeySet.md
-docs/JwkApi.md
-docs/MetadataApi.md
-docs/OAuth2Api.md
+docs/JwkAPI.md
+docs/MetadataAPI.md
+docs/OAuth2API.md
docs/OAuth2Client.md
docs/OAuth2ClientTokenLifespans.md
docs/OAuth2ConsentRequest.md
@@ -40,7 +43,7 @@ docs/OAuth2LoginRequest.md
docs/OAuth2LogoutRequest.md
docs/OAuth2RedirectTo.md
docs/OAuth2TokenExchange.md
-docs/OidcApi.md
+docs/OidcAPI.md
docs/OidcConfiguration.md
docs/OidcUserInfo.md
docs/Pagination.md
@@ -57,17 +60,21 @@ docs/TrustedOAuth2JwtGrantJsonWebKey.md
docs/VerifiableCredentialPrimingResponse.md
docs/VerifiableCredentialProof.md
docs/VerifiableCredentialResponse.md
+docs/VerifyUserCodeRequest.md
docs/Version.md
-docs/WellknownApi.md
+docs/WellknownAPI.md
git_push.sh
go.mod
go.sum
+model_accept_device_user_code_request.go
model_accept_o_auth2_consent_request.go
model_accept_o_auth2_consent_request_session.go
model_accept_o_auth2_login_request.go
model_create_json_web_key_set.go
model_create_verifiable_credential_request_body.go
model_credential_supported_draft00.go
+model_device_authorization.go
+model_device_user_auth_request.go
model_error_o_auth2.go
model_generic_error.go
model_get_version_200_response.go
@@ -105,6 +112,7 @@ model_trusted_o_auth2_jwt_grant_json_web_key.go
model_verifiable_credential_priming_response.go
model_verifiable_credential_proof.go
model_verifiable_credential_response.go
+model_verify_user_code_request.go
model_version.go
response.go
utils.go
diff --git a/internal/httpclient/.openapi-generator/VERSION b/internal/httpclient/.openapi-generator/VERSION
index 6d54bbd7751..4b49d9bb63e 100644
--- a/internal/httpclient/.openapi-generator/VERSION
+++ b/internal/httpclient/.openapi-generator/VERSION
@@ -1 +1 @@
-6.0.1
\ No newline at end of file
+7.2.0
\ No newline at end of file
diff --git a/internal/httpclient/README.md b/internal/httpclient/README.md
index 54e38678e69..f5ccc0e780c 100644
--- a/internal/httpclient/README.md
+++ b/internal/httpclient/README.md
@@ -14,7 +14,7 @@ This API client was generated by the [OpenAPI Generator](https://openapi-generat
Install the following dependencies:
-```shell
+```sh
go get github.com/stretchr/testify/assert
go get golang.org/x/oauth2
go get golang.org/x/net/context
@@ -22,13 +22,13 @@ go get golang.org/x/net/context
Put the package under your project folder and add the following in import:
-```golang
-import openapi "github.com/ory/hydra-client-go"
+```go
+import openapi "github.com/ory/hydra-client-go/v2"
```
To use a proxy, set the environment variable `HTTP_PROXY`:
-```golang
+```go
os.Setenv("HTTP_PROXY", "http://proxy_name:proxy_port")
```
@@ -38,17 +38,17 @@ Default configuration comes with `Servers` field that contains server objects as
### Select Server Configuration
-For using other server than the one defined on index 0 set context value `sw.ContextServerIndex` of type `int`.
+For using other server than the one defined on index 0 set context value `openapi.ContextServerIndex` of type `int`.
-```golang
+```go
ctx := context.WithValue(context.Background(), openapi.ContextServerIndex, 1)
```
### Templated Server URL
-Templated server URL is formatted using default variables from configuration or from context value `sw.ContextServerVariables` of type `map[string]string`.
+Templated server URL is formatted using default variables from configuration or from context value `openapi.ContextServerVariables` of type `map[string]string`.
-```golang
+```go
ctx := context.WithValue(context.Background(), openapi.ContextServerVariables, map[string]string{
"basePath": "v2",
})
@@ -60,9 +60,9 @@ Note, enum values are always validated and all unused variables are silently ign
Each operation can use different server URL defined using `OperationServers` map in the `Configuration`.
An operation is uniquely identified by `"{classname}Service.{nickname}"` string.
-Similar rules for overriding default operation server index and variables applies by using `sw.ContextOperationServerIndices` and `sw.ContextOperationServerVariables` context maps.
+Similar rules for overriding default operation server index and variables applies by using `openapi.ContextOperationServerIndices` and `openapi.ContextOperationServerVariables` context maps.
-```
+```go
ctx := context.WithValue(context.Background(), openapi.ContextOperationServerIndices, map[string]int{
"{classname}Service.{nickname}": 2,
})
@@ -79,63 +79,69 @@ All URIs are relative to *http://localhost*
Class | Method | HTTP request | Description
------------ | ------------- | ------------- | -------------
-*JwkApi* | [**CreateJsonWebKeySet**](docs/JwkApi.md#createjsonwebkeyset) | **Post** /admin/keys/{set} | Create JSON Web Key
-*JwkApi* | [**DeleteJsonWebKey**](docs/JwkApi.md#deletejsonwebkey) | **Delete** /admin/keys/{set}/{kid} | Delete JSON Web Key
-*JwkApi* | [**DeleteJsonWebKeySet**](docs/JwkApi.md#deletejsonwebkeyset) | **Delete** /admin/keys/{set} | Delete JSON Web Key Set
-*JwkApi* | [**GetJsonWebKey**](docs/JwkApi.md#getjsonwebkey) | **Get** /admin/keys/{set}/{kid} | Get JSON Web Key
-*JwkApi* | [**GetJsonWebKeySet**](docs/JwkApi.md#getjsonwebkeyset) | **Get** /admin/keys/{set} | Retrieve a JSON Web Key Set
-*JwkApi* | [**SetJsonWebKey**](docs/JwkApi.md#setjsonwebkey) | **Put** /admin/keys/{set}/{kid} | Set JSON Web Key
-*JwkApi* | [**SetJsonWebKeySet**](docs/JwkApi.md#setjsonwebkeyset) | **Put** /admin/keys/{set} | Update a JSON Web Key Set
-*MetadataApi* | [**GetVersion**](docs/MetadataApi.md#getversion) | **Get** /version | Return Running Software Version.
-*MetadataApi* | [**IsAlive**](docs/MetadataApi.md#isalive) | **Get** /health/alive | Check HTTP Server Status
-*MetadataApi* | [**IsReady**](docs/MetadataApi.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status
-*OAuth2Api* | [**AcceptOAuth2ConsentRequest**](docs/OAuth2Api.md#acceptoauth2consentrequest) | **Put** /admin/oauth2/auth/requests/consent/accept | Accept OAuth 2.0 Consent Request
-*OAuth2Api* | [**AcceptOAuth2LoginRequest**](docs/OAuth2Api.md#acceptoauth2loginrequest) | **Put** /admin/oauth2/auth/requests/login/accept | Accept OAuth 2.0 Login Request
-*OAuth2Api* | [**AcceptOAuth2LogoutRequest**](docs/OAuth2Api.md#acceptoauth2logoutrequest) | **Put** /admin/oauth2/auth/requests/logout/accept | Accept OAuth 2.0 Session Logout Request
-*OAuth2Api* | [**CreateOAuth2Client**](docs/OAuth2Api.md#createoauth2client) | **Post** /admin/clients | Create OAuth 2.0 Client
-*OAuth2Api* | [**DeleteOAuth2Client**](docs/OAuth2Api.md#deleteoauth2client) | **Delete** /admin/clients/{id} | Delete OAuth 2.0 Client
-*OAuth2Api* | [**DeleteOAuth2Token**](docs/OAuth2Api.md#deleteoauth2token) | **Delete** /admin/oauth2/tokens | Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client
-*OAuth2Api* | [**DeleteTrustedOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#deletetrustedoauth2jwtgrantissuer) | **Delete** /admin/trust/grants/jwt-bearer/issuers/{id} | Delete Trusted OAuth2 JWT Bearer Grant Type Issuer
-*OAuth2Api* | [**GetOAuth2Client**](docs/OAuth2Api.md#getoauth2client) | **Get** /admin/clients/{id} | Get an OAuth 2.0 Client
-*OAuth2Api* | [**GetOAuth2ConsentRequest**](docs/OAuth2Api.md#getoauth2consentrequest) | **Get** /admin/oauth2/auth/requests/consent | Get OAuth 2.0 Consent Request
-*OAuth2Api* | [**GetOAuth2LoginRequest**](docs/OAuth2Api.md#getoauth2loginrequest) | **Get** /admin/oauth2/auth/requests/login | Get OAuth 2.0 Login Request
-*OAuth2Api* | [**GetOAuth2LogoutRequest**](docs/OAuth2Api.md#getoauth2logoutrequest) | **Get** /admin/oauth2/auth/requests/logout | Get OAuth 2.0 Session Logout Request
-*OAuth2Api* | [**GetTrustedOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#gettrustedoauth2jwtgrantissuer) | **Get** /admin/trust/grants/jwt-bearer/issuers/{id} | Get Trusted OAuth2 JWT Bearer Grant Type Issuer
-*OAuth2Api* | [**IntrospectOAuth2Token**](docs/OAuth2Api.md#introspectoauth2token) | **Post** /admin/oauth2/introspect | Introspect OAuth2 Access and Refresh Tokens
-*OAuth2Api* | [**ListOAuth2Clients**](docs/OAuth2Api.md#listoauth2clients) | **Get** /admin/clients | List OAuth 2.0 Clients
-*OAuth2Api* | [**ListOAuth2ConsentSessions**](docs/OAuth2Api.md#listoauth2consentsessions) | **Get** /admin/oauth2/auth/sessions/consent | List OAuth 2.0 Consent Sessions of a Subject
-*OAuth2Api* | [**ListTrustedOAuth2JwtGrantIssuers**](docs/OAuth2Api.md#listtrustedoauth2jwtgrantissuers) | **Get** /admin/trust/grants/jwt-bearer/issuers | List Trusted OAuth2 JWT Bearer Grant Type Issuers
-*OAuth2Api* | [**OAuth2Authorize**](docs/OAuth2Api.md#oauth2authorize) | **Get** /oauth2/auth | OAuth 2.0 Authorize Endpoint
-*OAuth2Api* | [**Oauth2TokenExchange**](docs/OAuth2Api.md#oauth2tokenexchange) | **Post** /oauth2/token | The OAuth 2.0 Token Endpoint
-*OAuth2Api* | [**PatchOAuth2Client**](docs/OAuth2Api.md#patchoauth2client) | **Patch** /admin/clients/{id} | Patch OAuth 2.0 Client
-*OAuth2Api* | [**RejectOAuth2ConsentRequest**](docs/OAuth2Api.md#rejectoauth2consentrequest) | **Put** /admin/oauth2/auth/requests/consent/reject | Reject OAuth 2.0 Consent Request
-*OAuth2Api* | [**RejectOAuth2LoginRequest**](docs/OAuth2Api.md#rejectoauth2loginrequest) | **Put** /admin/oauth2/auth/requests/login/reject | Reject OAuth 2.0 Login Request
-*OAuth2Api* | [**RejectOAuth2LogoutRequest**](docs/OAuth2Api.md#rejectoauth2logoutrequest) | **Put** /admin/oauth2/auth/requests/logout/reject | Reject OAuth 2.0 Session Logout Request
-*OAuth2Api* | [**RevokeOAuth2ConsentSessions**](docs/OAuth2Api.md#revokeoauth2consentsessions) | **Delete** /admin/oauth2/auth/sessions/consent | Revoke OAuth 2.0 Consent Sessions of a Subject
-*OAuth2Api* | [**RevokeOAuth2LoginSessions**](docs/OAuth2Api.md#revokeoauth2loginsessions) | **Delete** /admin/oauth2/auth/sessions/login | Revokes OAuth 2.0 Login Sessions by either a Subject or a SessionID
-*OAuth2Api* | [**RevokeOAuth2Token**](docs/OAuth2Api.md#revokeoauth2token) | **Post** /oauth2/revoke | Revoke OAuth 2.0 Access or Refresh Token
-*OAuth2Api* | [**SetOAuth2Client**](docs/OAuth2Api.md#setoauth2client) | **Put** /admin/clients/{id} | Set OAuth 2.0 Client
-*OAuth2Api* | [**SetOAuth2ClientLifespans**](docs/OAuth2Api.md#setoauth2clientlifespans) | **Put** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans
-*OAuth2Api* | [**TrustOAuth2JwtGrantIssuer**](docs/OAuth2Api.md#trustoauth2jwtgrantissuer) | **Post** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer
-*OidcApi* | [**CreateOidcDynamicClient**](docs/OidcApi.md#createoidcdynamicclient) | **Post** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration
-*OidcApi* | [**CreateVerifiableCredential**](docs/OidcApi.md#createverifiablecredential) | **Post** /credentials | Issues a Verifiable Credential
-*OidcApi* | [**DeleteOidcDynamicClient**](docs/OidcApi.md#deleteoidcdynamicclient) | **Delete** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol
-*OidcApi* | [**DiscoverOidcConfiguration**](docs/OidcApi.md#discoveroidcconfiguration) | **Get** /.well-known/openid-configuration | OpenID Connect Discovery
-*OidcApi* | [**GetOidcDynamicClient**](docs/OidcApi.md#getoidcdynamicclient) | **Get** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration
-*OidcApi* | [**GetOidcUserInfo**](docs/OidcApi.md#getoidcuserinfo) | **Get** /userinfo | OpenID Connect Userinfo
-*OidcApi* | [**RevokeOidcSession**](docs/OidcApi.md#revokeoidcsession) | **Get** /oauth2/sessions/logout | OpenID Connect Front- and Back-channel Enabled Logout
-*OidcApi* | [**SetOidcDynamicClient**](docs/OidcApi.md#setoidcdynamicclient) | **Put** /oauth2/register/{id} | Set OAuth2 Client using OpenID Dynamic Client Registration
-*WellknownApi* | [**DiscoverJsonWebKeys**](docs/WellknownApi.md#discoverjsonwebkeys) | **Get** /.well-known/jwks.json | Discover Well-Known JSON Web Keys
+*JwkAPI* | [**CreateJsonWebKeySet**](docs/JwkAPI.md#createjsonwebkeyset) | **Post** /admin/keys/{set} | Create JSON Web Key
+*JwkAPI* | [**DeleteJsonWebKey**](docs/JwkAPI.md#deletejsonwebkey) | **Delete** /admin/keys/{set}/{kid} | Delete JSON Web Key
+*JwkAPI* | [**DeleteJsonWebKeySet**](docs/JwkAPI.md#deletejsonwebkeyset) | **Delete** /admin/keys/{set} | Delete JSON Web Key Set
+*JwkAPI* | [**GetJsonWebKey**](docs/JwkAPI.md#getjsonwebkey) | **Get** /admin/keys/{set}/{kid} | Get JSON Web Key
+*JwkAPI* | [**GetJsonWebKeySet**](docs/JwkAPI.md#getjsonwebkeyset) | **Get** /admin/keys/{set} | Retrieve a JSON Web Key Set
+*JwkAPI* | [**SetJsonWebKey**](docs/JwkAPI.md#setjsonwebkey) | **Put** /admin/keys/{set}/{kid} | Set JSON Web Key
+*JwkAPI* | [**SetJsonWebKeySet**](docs/JwkAPI.md#setjsonwebkeyset) | **Put** /admin/keys/{set} | Update a JSON Web Key Set
+*MetadataAPI* | [**GetVersion**](docs/MetadataAPI.md#getversion) | **Get** /version | Return Running Software Version.
+*MetadataAPI* | [**IsAlive**](docs/MetadataAPI.md#isalive) | **Get** /health/alive | Check HTTP Server Status
+*MetadataAPI* | [**IsReady**](docs/MetadataAPI.md#isready) | **Get** /health/ready | Check HTTP Server and Database Status
+*OAuth2API* | [**AcceptOAuth2ConsentRequest**](docs/OAuth2API.md#acceptoauth2consentrequest) | **Put** /admin/oauth2/auth/requests/consent/accept | Accept OAuth 2.0 Consent Request
+*OAuth2API* | [**AcceptOAuth2LoginRequest**](docs/OAuth2API.md#acceptoauth2loginrequest) | **Put** /admin/oauth2/auth/requests/login/accept | Accept OAuth 2.0 Login Request
+*OAuth2API* | [**AcceptOAuth2LogoutRequest**](docs/OAuth2API.md#acceptoauth2logoutrequest) | **Put** /admin/oauth2/auth/requests/logout/accept | Accept OAuth 2.0 Session Logout Request
+*OAuth2API* | [**AcceptUserCodeRequest**](docs/OAuth2API.md#acceptusercoderequest) | **Put** /admin/oauth2/auth/requests/device/accept | Accepts a device grant user_code request
+*OAuth2API* | [**CreateOAuth2Client**](docs/OAuth2API.md#createoauth2client) | **Post** /admin/clients | Create OAuth 2.0 Client
+*OAuth2API* | [**DeleteOAuth2Client**](docs/OAuth2API.md#deleteoauth2client) | **Delete** /admin/clients/{id} | Delete OAuth 2.0 Client
+*OAuth2API* | [**DeleteOAuth2Token**](docs/OAuth2API.md#deleteoauth2token) | **Delete** /admin/oauth2/tokens | Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client
+*OAuth2API* | [**DeleteTrustedOAuth2JwtGrantIssuer**](docs/OAuth2API.md#deletetrustedoauth2jwtgrantissuer) | **Delete** /admin/trust/grants/jwt-bearer/issuers/{id} | Delete Trusted OAuth2 JWT Bearer Grant Type Issuer
+*OAuth2API* | [**GetOAuth2Client**](docs/OAuth2API.md#getoauth2client) | **Get** /admin/clients/{id} | Get an OAuth 2.0 Client
+*OAuth2API* | [**GetOAuth2ConsentRequest**](docs/OAuth2API.md#getoauth2consentrequest) | **Get** /admin/oauth2/auth/requests/consent | Get OAuth 2.0 Consent Request
+*OAuth2API* | [**GetOAuth2LoginRequest**](docs/OAuth2API.md#getoauth2loginrequest) | **Get** /admin/oauth2/auth/requests/login | Get OAuth 2.0 Login Request
+*OAuth2API* | [**GetOAuth2LogoutRequest**](docs/OAuth2API.md#getoauth2logoutrequest) | **Get** /admin/oauth2/auth/requests/logout | Get OAuth 2.0 Session Logout Request
+*OAuth2API* | [**GetTrustedOAuth2JwtGrantIssuer**](docs/OAuth2API.md#gettrustedoauth2jwtgrantissuer) | **Get** /admin/trust/grants/jwt-bearer/issuers/{id} | Get Trusted OAuth2 JWT Bearer Grant Type Issuer
+*OAuth2API* | [**IntrospectOAuth2Token**](docs/OAuth2API.md#introspectoauth2token) | **Post** /admin/oauth2/introspect | Introspect OAuth2 Access and Refresh Tokens
+*OAuth2API* | [**ListOAuth2Clients**](docs/OAuth2API.md#listoauth2clients) | **Get** /admin/clients | List OAuth 2.0 Clients
+*OAuth2API* | [**ListOAuth2ConsentSessions**](docs/OAuth2API.md#listoauth2consentsessions) | **Get** /admin/oauth2/auth/sessions/consent | List OAuth 2.0 Consent Sessions of a Subject
+*OAuth2API* | [**ListTrustedOAuth2JwtGrantIssuers**](docs/OAuth2API.md#listtrustedoauth2jwtgrantissuers) | **Get** /admin/trust/grants/jwt-bearer/issuers | List Trusted OAuth2 JWT Bearer Grant Type Issuers
+*OAuth2API* | [**OAuth2Authorize**](docs/OAuth2API.md#oauth2authorize) | **Get** /oauth2/auth | OAuth 2.0 Authorize Endpoint
+*OAuth2API* | [**OAuth2DeviceFlow**](docs/OAuth2API.md#oauth2deviceflow) | **Post** /oauth2/device/auth | The OAuth 2.0 Device Authorize Endpoint
+*OAuth2API* | [**Oauth2TokenExchange**](docs/OAuth2API.md#oauth2tokenexchange) | **Post** /oauth2/token | The OAuth 2.0 Token Endpoint
+*OAuth2API* | [**PatchOAuth2Client**](docs/OAuth2API.md#patchoauth2client) | **Patch** /admin/clients/{id} | Patch OAuth 2.0 Client
+*OAuth2API* | [**PerformOAuth2DeviceVerificationFlow**](docs/OAuth2API.md#performoauth2deviceverificationflow) | **Get** /oauth2/device/verify | OAuth 2.0 Device Verification Endpoint
+*OAuth2API* | [**RejectOAuth2ConsentRequest**](docs/OAuth2API.md#rejectoauth2consentrequest) | **Put** /admin/oauth2/auth/requests/consent/reject | Reject OAuth 2.0 Consent Request
+*OAuth2API* | [**RejectOAuth2LoginRequest**](docs/OAuth2API.md#rejectoauth2loginrequest) | **Put** /admin/oauth2/auth/requests/login/reject | Reject OAuth 2.0 Login Request
+*OAuth2API* | [**RejectOAuth2LogoutRequest**](docs/OAuth2API.md#rejectoauth2logoutrequest) | **Put** /admin/oauth2/auth/requests/logout/reject | Reject OAuth 2.0 Session Logout Request
+*OAuth2API* | [**RevokeOAuth2ConsentSessions**](docs/OAuth2API.md#revokeoauth2consentsessions) | **Delete** /admin/oauth2/auth/sessions/consent | Revoke OAuth 2.0 Consent Sessions of a Subject
+*OAuth2API* | [**RevokeOAuth2LoginSessions**](docs/OAuth2API.md#revokeoauth2loginsessions) | **Delete** /admin/oauth2/auth/sessions/login | Revokes OAuth 2.0 Login Sessions by either a Subject or a SessionID
+*OAuth2API* | [**RevokeOAuth2Token**](docs/OAuth2API.md#revokeoauth2token) | **Post** /oauth2/revoke | Revoke OAuth 2.0 Access or Refresh Token
+*OAuth2API* | [**SetOAuth2Client**](docs/OAuth2API.md#setoauth2client) | **Put** /admin/clients/{id} | Set OAuth 2.0 Client
+*OAuth2API* | [**SetOAuth2ClientLifespans**](docs/OAuth2API.md#setoauth2clientlifespans) | **Put** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans
+*OAuth2API* | [**TrustOAuth2JwtGrantIssuer**](docs/OAuth2API.md#trustoauth2jwtgrantissuer) | **Post** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer
+*OidcAPI* | [**CreateOidcDynamicClient**](docs/OidcAPI.md#createoidcdynamicclient) | **Post** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration
+*OidcAPI* | [**CreateVerifiableCredential**](docs/OidcAPI.md#createverifiablecredential) | **Post** /credentials | Issues a Verifiable Credential
+*OidcAPI* | [**DeleteOidcDynamicClient**](docs/OidcAPI.md#deleteoidcdynamicclient) | **Delete** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol
+*OidcAPI* | [**DiscoverOidcConfiguration**](docs/OidcAPI.md#discoveroidcconfiguration) | **Get** /.well-known/openid-configuration | OpenID Connect Discovery
+*OidcAPI* | [**GetOidcDynamicClient**](docs/OidcAPI.md#getoidcdynamicclient) | **Get** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration
+*OidcAPI* | [**GetOidcUserInfo**](docs/OidcAPI.md#getoidcuserinfo) | **Get** /userinfo | OpenID Connect Userinfo
+*OidcAPI* | [**RevokeOidcSession**](docs/OidcAPI.md#revokeoidcsession) | **Get** /oauth2/sessions/logout | OpenID Connect Front- and Back-channel Enabled Logout
+*OidcAPI* | [**SetOidcDynamicClient**](docs/OidcAPI.md#setoidcdynamicclient) | **Put** /oauth2/register/{id} | Set OAuth2 Client using OpenID Dynamic Client Registration
+*WellknownAPI* | [**DiscoverJsonWebKeys**](docs/WellknownAPI.md#discoverjsonwebkeys) | **Get** /.well-known/jwks.json | Discover Well-Known JSON Web Keys
## Documentation For Models
+ - [AcceptDeviceUserCodeRequest](docs/AcceptDeviceUserCodeRequest.md)
- [AcceptOAuth2ConsentRequest](docs/AcceptOAuth2ConsentRequest.md)
- [AcceptOAuth2ConsentRequestSession](docs/AcceptOAuth2ConsentRequestSession.md)
- [AcceptOAuth2LoginRequest](docs/AcceptOAuth2LoginRequest.md)
- [CreateJsonWebKeySet](docs/CreateJsonWebKeySet.md)
- [CreateVerifiableCredentialRequestBody](docs/CreateVerifiableCredentialRequestBody.md)
- [CredentialSupportedDraft00](docs/CredentialSupportedDraft00.md)
+ - [DeviceAuthorization](docs/DeviceAuthorization.md)
+ - [DeviceUserAuthRequest](docs/DeviceUserAuthRequest.md)
- [ErrorOAuth2](docs/ErrorOAuth2.md)
- [GenericError](docs/GenericError.md)
- [GetVersion200Response](docs/GetVersion200Response.md)
@@ -173,40 +179,39 @@ Class | Method | HTTP request | Description
- [VerifiableCredentialPrimingResponse](docs/VerifiableCredentialPrimingResponse.md)
- [VerifiableCredentialProof](docs/VerifiableCredentialProof.md)
- [VerifiableCredentialResponse](docs/VerifiableCredentialResponse.md)
+ - [VerifyUserCodeRequest](docs/VerifyUserCodeRequest.md)
- [Version](docs/Version.md)
## Documentation For Authorization
-
+Authentication schemes defined for the API:
### basic
- **Type**: HTTP basic authentication
Example
-```golang
-auth := context.WithValue(context.Background(), sw.ContextBasicAuth, sw.BasicAuth{
- UserName: "username",
- Password: "password",
+```go
+auth := context.WithValue(context.Background(), openapi.ContextBasicAuth, openapi.BasicAuth{
+ UserName: "username",
+ Password: "password",
})
r, err := client.Service.Operation(auth, args)
```
-
### bearer
- **Type**: HTTP Bearer token authentication
Example
-```golang
-auth := context.WithValue(context.Background(), sw.ContextAccessToken, "BEARER_TOKEN_STRING")
+```go
+auth := context.WithValue(context.Background(), openapi.ContextAccessToken, "BEARER_TOKEN_STRING")
r, err := client.Service.Operation(auth, args)
```
-
### oauth2
@@ -220,20 +225,20 @@ r, err := client.Service.Operation(auth, args)
Example
-```golang
-auth := context.WithValue(context.Background(), sw.ContextAccessToken, "ACCESSTOKENSTRING")
+```go
+auth := context.WithValue(context.Background(), openapi.ContextAccessToken, "ACCESSTOKENSTRING")
r, err := client.Service.Operation(auth, args)
```
Or via OAuth2 module to automatically refresh tokens and perform user authentication.
-```golang
+```go
import "golang.org/x/oauth2"
/* Perform OAuth2 round trip request and obtain a token */
tokenSource := oauth2cfg.TokenSource(createContext(httpClient), &token)
-auth := context.WithValue(oauth2.NoContext, sw.ContextOAuth2, tokenSource)
+auth := context.WithValue(oauth2.NoContext, openapi.ContextOAuth2, tokenSource)
r, err := client.Service.Operation(auth, args)
```
diff --git a/internal/httpclient/api/openapi.yaml b/internal/httpclient/api/openapi.yaml
index 1d1de8ec753..92edea6ebea 100644
--- a/internal/httpclient/api/openapi.yaml
+++ b/internal/httpclient/api/openapi.yaml
@@ -24,10 +24,13 @@ tags:
paths:
/.well-known/jwks.json:
get:
- description: "This endpoint returns JSON Web Keys required to verifying OpenID\
- \ Connect ID Tokens and,\nif enabled, OAuth 2.0 JWT Access Tokens. This endpoint\
- \ can be used with client libraries like\n[node-jwks-rsa](https://github.com/auth0/node-jwks-rsa)\
- \ among others."
+ description: |-
+ This endpoint returns JSON Web Keys required to verifying OpenID Connect ID Tokens and,
+ if enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like
+ [node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.
+
+ Adding custom keys requires first creating a keyset via the createJsonWebKeySet operation,
+ and then configuring the webfinger.jwks.broadcast_keys configuration value to include the keyset name.
operationId: discoverJsonWebKeys
responses:
"200":
@@ -47,11 +50,11 @@ paths:
- wellknown
/.well-known/openid-configuration:
get:
- description: "A mechanism for an OpenID Connect Relying Party to discover the\
- \ End-User's OpenID Provider and obtain information needed to interact with\
- \ it, including its OAuth 2.0 endpoint locations.\n\nPopular libraries for\
- \ OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang),\
- \ and others.\nFor a full list of clients go here: https://openid.net/developers/certified/"
+ description: |-
+ A mechanism for an OpenID Connect Relying Party to discover the End-User's OpenID Provider and obtain information needed to interact with it, including its OAuth 2.0 endpoint locations.
+
+ Popular libraries for OpenID Connect clients include oidc-client-js (JavaScript), go-oidc (Golang), and others.
+ For a full list of clients go here: https://openid.net/developers/certified/
operationId: discoverOidcConfiguration
responses:
"200":
@@ -71,12 +74,16 @@ paths:
- oidc
/admin/clients:
get:
- description: "This endpoint lists all clients in the database, and never returns\
- \ client secrets.\nAs a default it lists the first 100 clients."
+ description: |-
+ This endpoint lists all clients in the database, and never returns client secrets.
+ As a default it lists the first 100 clients.
operationId: listOAuth2Clients
parameters:
- - description: "Items per Page\n\nThis is the number of items per page to return.\n\
- For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ - description: |-
+ Items per Page
+
+ This is the number of items per page to return.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
explode: true
in: query
name: page_size
@@ -88,8 +95,11 @@ paths:
minimum: 1
type: integer
style: form
- - description: "Next Page Token\n\nThe next page token.\nFor details on pagination\
- \ please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ - description: |-
+ Next Page Token
+
+ The next page token.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
explode: true
in: query
name: page_token
@@ -134,9 +144,9 @@ paths:
tags:
- oAuth2
post:
- description: "Create a new OAuth 2.0 client. If you pass `client_secret` the\
- \ secret is used, otherwise a random secret\nis generated. The secret is echoed\
- \ in the response. It is not possible to retrieve it later on."
+ description: |-
+ Create a new OAuth 2.0 client. If you pass `client_secret` the secret is used, otherwise a random secret
+ is generated. The secret is echoed in the response. It is not possible to retrieve it later on.
operationId: createOAuth2Client
requestBody:
content:
@@ -170,11 +180,13 @@ paths:
- oAuth2
/admin/clients/{id}:
delete:
- description: "Delete an existing OAuth 2.0 Client by its ID.\n\nOAuth 2.0 clients\
- \ are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0\
- \ clients are\ngenerated for applications which want to consume your OAuth\
- \ 2.0 or OpenID Connect capabilities.\n\nMake sure that this endpoint is well\
- \ protected and only callable by first-party components."
+ description: |-
+ Delete an existing OAuth 2.0 Client by its ID.
+
+ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are
+ generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
+
+ Make sure that this endpoint is well protected and only callable by first-party components.
operationId: deleteOAuth2Client
parameters:
- description: The id of the OAuth 2.0 Client.
@@ -187,8 +199,9 @@ paths:
style: simple
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -199,10 +212,11 @@ paths:
tags:
- oAuth2
get:
- description: "Get an OAuth 2.0 client by its ID. This endpoint never returns\
- \ the client secret.\n\nOAuth 2.0 clients are used to perform OAuth 2.0 and\
- \ OpenID Connect flows. Usually, OAuth 2.0 clients are\ngenerated for applications\
- \ which want to consume your OAuth 2.0 or OpenID Connect capabilities."
+ description: |-
+ Get an OAuth 2.0 client by its ID. This endpoint never returns the client secret.
+
+ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are
+ generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
operationId: getOAuth2Client
parameters:
- description: The id of the OAuth 2.0 Client.
@@ -230,13 +244,13 @@ paths:
tags:
- oAuth2
patch:
- description: "Patch an existing OAuth 2.0 Client using JSON Patch. If you pass\
- \ `client_secret`\nthe secret will be updated and returned via the API. This\
- \ is the\nonly time you will be able to retrieve the client secret, so write\
- \ it down and keep it safe.\n\nOAuth 2.0 clients are used to perform OAuth\
- \ 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are\ngenerated\
- \ for applications which want to consume your OAuth 2.0 or OpenID Connect\
- \ capabilities."
+ description: |-
+ Patch an existing OAuth 2.0 Client using JSON Patch. If you pass `client_secret`
+ the secret will be updated and returned via the API. This is the
+ only time you will be able to retrieve the client secret, so write it down and keep it safe.
+
+ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are
+ generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
operationId: patchOAuth2Client
parameters:
- description: The id of the OAuth 2.0 Client.
@@ -278,13 +292,14 @@ paths:
tags:
- oAuth2
put:
- description: "Replaces an existing OAuth 2.0 Client with the payload you send.\
- \ If you pass `client_secret` the secret is used,\notherwise the existing\
- \ secret is used.\n\nIf set, the secret is echoed in the response. It is not\
- \ possible to retrieve it later on.\n\nOAuth 2.0 Clients are used to perform\
- \ OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are\ngenerated\
- \ for applications which want to consume your OAuth 2.0 or OpenID Connect\
- \ capabilities."
+ description: |-
+ Replaces an existing OAuth 2.0 Client with the payload you send. If you pass `client_secret` the secret is used,
+ otherwise the existing secret is used.
+
+ If set, the secret is echoed in the response. It is not possible to retrieve it later on.
+
+ OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are
+ generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
operationId: setOAuth2Client
parameters:
- description: OAuth 2.0 Client ID
@@ -369,13 +384,10 @@ paths:
- oAuth2
/admin/keys/{set}:
delete:
- description: "Use this endpoint to delete a complete JSON Web Key Set and all\
- \ the keys in that set.\n\nA JSON Web Key (JWK) is a JavaScript Object Notation\
- \ (JSON) data structure that represents a cryptographic key. A JWK Set is\
- \ a JSON data structure that represents a set of JWKs. A JSON Web Key is identified\
- \ by its set and key id. ORY Hydra uses this functionality to store cryptographic\
- \ keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens),\
- \ and allows storing user-defined keys as well."
+ description: |-
+ Use this endpoint to delete a complete JSON Web Key Set and all the keys in that set.
+
+ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
operationId: deleteJsonWebKeySet
parameters:
- description: The JSON Web Key Set
@@ -388,8 +400,9 @@ paths:
style: simple
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -400,13 +413,10 @@ paths:
tags:
- jwk
get:
- description: "This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.\n\
- \nA JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure\
- \ that represents a cryptographic key. A JWK Set is a JSON data structure\
- \ that represents a set of JWKs. A JSON Web Key is identified by its set and\
- \ key id. ORY Hydra uses this functionality to store cryptographic keys used\
- \ for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows\
- \ storing user-defined keys as well."
+ description: |-
+ This endpoint can be used to retrieve JWK Sets stored in ORY Hydra.
+
+ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
operationId: getJsonWebKeySet
parameters:
- description: JSON Web Key Set ID
@@ -434,16 +444,10 @@ paths:
tags:
- jwk
post:
- description: "This endpoint is capable of generating JSON Web Key Sets for you.\
- \ There a different strategies available, such as symmetric cryptographic\
- \ keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If\
- \ the specified JSON Web Key Set does not exist, it will be created.\n\nA\
- \ JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure\
- \ that represents a cryptographic key. A JWK Set is a JSON data structure\
- \ that represents a set of JWKs. A JSON Web Key is identified by its set and\
- \ key id. ORY Hydra uses this functionality to store cryptographic keys used\
- \ for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows\
- \ storing user-defined keys as well."
+ description: |-
+ This endpoint is capable of generating JSON Web Key Sets for you. There a different strategies available, such as symmetric cryptographic keys (HS256, HS512) and asymetric cryptographic keys (RS256, ECDSA). If the specified JSON Web Key Set does not exist, it will be created.
+
+ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
operationId: createJsonWebKeySet
parameters:
- description: The JSON Web Key Set ID
@@ -478,13 +482,10 @@ paths:
tags:
- jwk
put:
- description: "Use this method if you do not want to let Hydra generate the JWKs\
- \ for you, but instead save your own.\n\nA JSON Web Key (JWK) is a JavaScript\
- \ Object Notation (JSON) data structure that represents a cryptographic key.\
- \ A JWK Set is a JSON data structure that represents a set of JWKs. A JSON\
- \ Web Key is identified by its set and key id. ORY Hydra uses this functionality\
- \ to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID\
- \ Connect ID tokens), and allows storing user-defined keys as well."
+ description: |-
+ Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.
+
+ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
operationId: setJsonWebKeySet
parameters:
- description: The JSON Web Key Set ID
@@ -519,13 +520,13 @@ paths:
- jwk
/admin/keys/{set}/{kid}:
delete:
- description: "Use this endpoint to delete a single JSON Web Key.\n\nA JSON Web\
- \ Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents\
- \ a cryptographic key. A\nJWK Set is a JSON data structure that represents\
- \ a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra\
- \ uses\nthis functionality to store cryptographic keys used for TLS and JSON\
- \ Web Tokens (such as OpenID Connect ID tokens),\nand allows storing user-defined\
- \ keys as well."
+ description: |-
+ Use this endpoint to delete a single JSON Web Key.
+
+ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A
+ JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses
+ this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens),
+ and allows storing user-defined keys as well.
operationId: deleteJsonWebKey
parameters:
- description: The JSON Web Key Set
@@ -546,8 +547,9 @@ paths:
style: simple
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -595,13 +597,10 @@ paths:
tags:
- jwk
put:
- description: "Use this method if you do not want to let Hydra generate the JWKs\
- \ for you, but instead save your own.\n\nA JSON Web Key (JWK) is a JavaScript\
- \ Object Notation (JSON) data structure that represents a cryptographic key.\
- \ A JWK Set is a JSON data structure that represents a set of JWKs. A JSON\
- \ Web Key is identified by its set and key id. ORY Hydra uses this functionality\
- \ to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID\
- \ Connect ID tokens), and allows storing user-defined keys as well."
+ description: |-
+ Use this method if you do not want to let Hydra generate the JWKs for you, but instead save your own.
+
+ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that represents a cryptographic key. A JWK Set is a JSON data structure that represents a set of JWKs. A JSON Web Key is identified by its set and key id. ORY Hydra uses this functionality to store cryptographic keys used for TLS and JSON Web Tokens (such as OpenID Connect ID tokens), and allows storing user-defined keys as well.
operationId: setJsonWebKey
parameters:
- description: The JSON Web Key Set ID
@@ -644,17 +643,17 @@ paths:
- jwk
/admin/oauth2/auth/requests/consent:
get:
- description: "When an authorization code, hybrid, or implicit OAuth 2.0 Flow\
- \ is initiated, Ory asks the login provider\nto authenticate the subject and\
- \ then tell Ory now about it. If the subject authenticated, he/she must now\
- \ be asked if\nthe OAuth 2.0 Client which initiated the flow should be allowed\
- \ to access the resources on the subject's behalf.\n\nThe consent challenge\
- \ is appended to the consent provider's URL to which the subject's user-agent\
- \ (browser) is redirected to. The consent\nprovider uses that challenge to\
- \ fetch information on the OAuth2 request and then tells Ory if the subject\
- \ accepted\nor rejected the request.\n\nThe default consent provider is available\
- \ via the Ory Managed Account Experience. To customize the consent provider,\
- \ please\nhead over to the OAuth 2.0 documentation."
+ description: |-
+ When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider
+ to authenticate the subject and then tell Ory now about it. If the subject authenticated, he/she must now be asked if
+ the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf.
+
+ The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent
+ provider uses that challenge to fetch information on the OAuth2 request and then tells Ory if the subject accepted
+ or rejected the request.
+
+ The default consent provider is available via the Ory Managed Account Experience. To customize the consent provider, please
+ head over to the OAuth 2.0 documentation.
operationId: getOAuth2ConsentRequest
parameters:
- description: OAuth 2.0 Consent Request Challenge
@@ -689,22 +688,23 @@ paths:
- oAuth2
/admin/oauth2/auth/requests/consent/accept:
put:
- description: "When an authorization code, hybrid, or implicit OAuth 2.0 Flow\
- \ is initiated, Ory asks the login provider\nto authenticate the subject and\
- \ then tell Ory now about it. If the subject authenticated, he/she must now\
- \ be asked if\nthe OAuth 2.0 Client which initiated the flow should be allowed\
- \ to access the resources on the subject's behalf.\n\nThe consent challenge\
- \ is appended to the consent provider's URL to which the subject's user-agent\
- \ (browser) is redirected to. The consent\nprovider uses that challenge to\
- \ fetch information on the OAuth2 request and then tells Ory if the subject\
- \ accepted\nor rejected the request.\n\nThis endpoint tells Ory that the subject\
- \ has authorized the OAuth 2.0 client to access resources on his/her behalf.\n\
- The consent provider includes additional information, such as session data\
- \ for access and ID tokens, and if the\nconsent request should be used as\
- \ basis for future requests.\n\nThe response contains a redirect URL which\
- \ the consent provider should redirect the user-agent to.\n\nThe default consent\
- \ provider is available via the Ory Managed Account Experience. To customize\
- \ the consent provider, please\nhead over to the OAuth 2.0 documentation."
+ description: |-
+ When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider
+ to authenticate the subject and then tell Ory now about it. If the subject authenticated, he/she must now be asked if
+ the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf.
+
+ The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent
+ provider uses that challenge to fetch information on the OAuth2 request and then tells Ory if the subject accepted
+ or rejected the request.
+
+ This endpoint tells Ory that the subject has authorized the OAuth 2.0 client to access resources on his/her behalf.
+ The consent provider includes additional information, such as session data for access and ID tokens, and if the
+ consent request should be used as basis for future requests.
+
+ The response contains a redirect URL which the consent provider should redirect the user-agent to.
+
+ The default consent provider is available via the Ory Managed Account Experience. To customize the consent provider, please
+ head over to the OAuth 2.0 documentation.
operationId: acceptOAuth2ConsentRequest
parameters:
- description: OAuth 2.0 Consent Request Challenge
@@ -739,21 +739,22 @@ paths:
- oAuth2
/admin/oauth2/auth/requests/consent/reject:
put:
- description: "When an authorization code, hybrid, or implicit OAuth 2.0 Flow\
- \ is initiated, Ory asks the login provider\nto authenticate the subject and\
- \ then tell Ory now about it. If the subject authenticated, he/she must now\
- \ be asked if\nthe OAuth 2.0 Client which initiated the flow should be allowed\
- \ to access the resources on the subject's behalf.\n\nThe consent challenge\
- \ is appended to the consent provider's URL to which the subject's user-agent\
- \ (browser) is redirected to. The consent\nprovider uses that challenge to\
- \ fetch information on the OAuth2 request and then tells Ory if the subject\
- \ accepted\nor rejected the request.\n\nThis endpoint tells Ory that the subject\
- \ has not authorized the OAuth 2.0 client to access resources on his/her behalf.\n\
- The consent provider must include a reason why the consent was not granted.\n\
- \nThe response contains a redirect URL which the consent provider should redirect\
- \ the user-agent to.\n\nThe default consent provider is available via the\
- \ Ory Managed Account Experience. To customize the consent provider, please\n\
- head over to the OAuth 2.0 documentation."
+ description: |-
+ When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider
+ to authenticate the subject and then tell Ory now about it. If the subject authenticated, he/she must now be asked if
+ the OAuth 2.0 Client which initiated the flow should be allowed to access the resources on the subject's behalf.
+
+ The consent challenge is appended to the consent provider's URL to which the subject's user-agent (browser) is redirected to. The consent
+ provider uses that challenge to fetch information on the OAuth2 request and then tells Ory if the subject accepted
+ or rejected the request.
+
+ This endpoint tells Ory that the subject has not authorized the OAuth 2.0 client to access resources on his/her behalf.
+ The consent provider must include a reason why the consent was not granted.
+
+ The response contains a redirect URL which the consent provider should redirect the user-agent to.
+
+ The default consent provider is available via the Ory Managed Account Experience. To customize the consent provider, please
+ head over to the OAuth 2.0 documentation.
operationId: rejectOAuth2ConsentRequest
parameters:
- description: OAuth 2.0 Consent Request Challenge
@@ -786,19 +787,52 @@ paths:
summary: Reject OAuth 2.0 Consent Request
tags:
- oAuth2
+ /admin/oauth2/auth/requests/device/accept:
+ put:
+ description: Accepts a device grant user_code request
+ operationId: acceptUserCodeRequest
+ parameters:
+ - explode: true
+ in: query
+ name: device_challenge
+ required: true
+ schema:
+ type: string
+ style: form
+ requestBody:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/acceptDeviceUserCodeRequest'
+ x-originalParamName: Body
+ responses:
+ "200":
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/oAuth2RedirectTo'
+ description: oAuth2RedirectTo
+ default:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/errorOAuth2'
+ description: errorOAuth2
+ summary: Accepts a device grant user_code request
+ tags:
+ - oAuth2
/admin/oauth2/auth/requests/login:
get:
- description: "When an authorization code, hybrid, or implicit OAuth 2.0 Flow\
- \ is initiated, Ory asks the login provider\nto authenticate the subject and\
- \ then tell the Ory OAuth2 Service about it.\n\nPer default, the login provider\
- \ is Ory itself. You may use a different login provider which needs to be\
- \ a web-app\nyou write and host, and it must be able to authenticate (\"show\
- \ the subject a login screen\")\na subject (in OAuth2 the proper name for\
- \ subject is \"resource owner\").\n\nThe authentication challenge is appended\
- \ to the login provider URL to which the subject's user-agent (browser) is\
- \ redirected to. The login\nprovider uses that challenge to fetch information\
- \ on the OAuth2 request and then accept or reject the requested authentication\
- \ process."
+ description: |-
+ When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider
+ to authenticate the subject and then tell the Ory OAuth2 Service about it.
+
+ Per default, the login provider is Ory itself. You may use a different login provider which needs to be a web-app
+ you write and host, and it must be able to authenticate ("show the subject a login screen")
+ a subject (in OAuth2 the proper name for subject is "resource owner").
+
+ The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login
+ provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process.
operationId: getOAuth2LoginRequest
parameters:
- description: OAuth 2.0 Login Request Challenge
@@ -833,17 +867,18 @@ paths:
- oAuth2
/admin/oauth2/auth/requests/login/accept:
put:
- description: "When an authorization code, hybrid, or implicit OAuth 2.0 Flow\
- \ is initiated, Ory asks the login provider\nto authenticate the subject and\
- \ then tell the Ory OAuth2 Service about it.\n\nThe authentication challenge\
- \ is appended to the login provider URL to which the subject's user-agent\
- \ (browser) is redirected to. The login\nprovider uses that challenge to fetch\
- \ information on the OAuth2 request and then accept or reject the requested\
- \ authentication process.\n\nThis endpoint tells Ory that the subject has\
- \ successfully authenticated and includes additional information such as\n\
- the subject's ID and if Ory should remember the subject's subject agent for\
- \ future authentication attempts by setting\na cookie.\n\nThe response contains\
- \ a redirect URL which the login provider should redirect the user-agent to."
+ description: |-
+ When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider
+ to authenticate the subject and then tell the Ory OAuth2 Service about it.
+
+ The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login
+ provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process.
+
+ This endpoint tells Ory that the subject has successfully authenticated and includes additional information such as
+ the subject's ID and if Ory should remember the subject's subject agent for future authentication attempts by setting
+ a cookie.
+
+ The response contains a redirect URL which the login provider should redirect the user-agent to.
operationId: acceptOAuth2LoginRequest
parameters:
- description: OAuth 2.0 Login Request Challenge
@@ -878,16 +913,17 @@ paths:
- oAuth2
/admin/oauth2/auth/requests/login/reject:
put:
- description: "When an authorization code, hybrid, or implicit OAuth 2.0 Flow\
- \ is initiated, Ory asks the login provider\nto authenticate the subject and\
- \ then tell the Ory OAuth2 Service about it.\n\nThe authentication challenge\
- \ is appended to the login provider URL to which the subject's user-agent\
- \ (browser) is redirected to. The login\nprovider uses that challenge to fetch\
- \ information on the OAuth2 request and then accept or reject the requested\
- \ authentication process.\n\nThis endpoint tells Ory that the subject has\
- \ not authenticated and includes a reason why the authentication\nwas denied.\n\
- \nThe response contains a redirect URL which the login provider should redirect\
- \ the user-agent to."
+ description: |-
+ When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider
+ to authenticate the subject and then tell the Ory OAuth2 Service about it.
+
+ The authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login
+ provider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process.
+
+ This endpoint tells Ory that the subject has not authenticated and includes a reason why the authentication
+ was denied.
+
+ The response contains a redirect URL which the login provider should redirect the user-agent to.
operationId: rejectOAuth2LoginRequest
parameters:
- description: OAuth 2.0 Login Request Challenge
@@ -956,10 +992,10 @@ paths:
- oAuth2
/admin/oauth2/auth/requests/logout/accept:
put:
- description: "When a user or an application requests Ory OAuth 2.0 to remove\
- \ the session state of a subject, this endpoint is used to confirm that logout\
- \ request.\n\nThe response contains a redirect URL which the consent provider\
- \ should redirect the user-agent to."
+ description: |-
+ When a user or an application requests Ory OAuth 2.0 to remove the session state of a subject, this endpoint is used to confirm that logout request.
+
+ The response contains a redirect URL which the consent provider should redirect the user-agent to.
operationId: acceptOAuth2LogoutRequest
parameters:
- description: OAuth 2.0 Logout Request Challenge
@@ -988,10 +1024,11 @@ paths:
- oAuth2
/admin/oauth2/auth/requests/logout/reject:
put:
- description: "When a user or an application requests Ory OAuth 2.0 to remove\
- \ the session state of a subject, this endpoint is used to deny that logout\
- \ request.\nNo HTTP request body is required.\n\nThe response is empty as\
- \ the logout provider has to chose what action to perform next."
+ description: |-
+ When a user or an application requests Ory OAuth 2.0 to remove the session state of a subject, this endpoint is used to deny that logout request.
+ No HTTP request body is required.
+
+ The response is empty as the logout provider has to chose what action to perform next.
operationId: rejectOAuth2LogoutRequest
parameters:
- explode: true
@@ -1003,8 +1040,9 @@ paths:
style: form
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -1032,8 +1070,10 @@ paths:
schema:
type: string
style: form
- - description: "OAuth 2.0 Client ID\n\nIf set, deletes only those consent sessions\
- \ that have been granted to the specified OAuth 2.0 Client ID."
+ - description: |-
+ OAuth 2.0 Client ID
+
+ If set, deletes only those consent sessions that have been granted to the specified OAuth 2.0 Client ID.
explode: true
in: query
name: client
@@ -1054,8 +1094,9 @@ paths:
style: form
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -1066,14 +1107,17 @@ paths:
tags:
- oAuth2
get:
- description: "This endpoint lists all subject's granted consent sessions, including\
- \ client and granted scope.\nIf the subject is unknown or has not granted\
- \ any consent sessions yet, the endpoint returns an\nempty JSON array with\
- \ status code 200 OK."
+ description: |-
+ This endpoint lists all subject's granted consent sessions, including client and granted scope.
+ If the subject is unknown or has not granted any consent sessions yet, the endpoint returns an
+ empty JSON array with status code 200 OK.
operationId: listOAuth2ConsentSessions
parameters:
- - description: "Items per Page\n\nThis is the number of items per page to return.\n\
- For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ - description: |-
+ Items per Page
+
+ This is the number of items per page to return.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
explode: true
in: query
name: page_size
@@ -1085,8 +1129,11 @@ paths:
minimum: 1
type: integer
style: form
- - description: "Next Page Token\n\nThe next page token.\nFor details on pagination\
- \ please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ - description: |-
+ Next Page Token
+
+ The next page token.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
explode: true
in: query
name: page_token
@@ -1130,15 +1177,15 @@ paths:
- oAuth2
/admin/oauth2/auth/sessions/login:
delete:
- description: "This endpoint invalidates authentication sessions. After revoking\
- \ the authentication session(s), the subject\nhas to re-authenticate at the\
- \ Ory OAuth2 Provider. This endpoint does not invalidate any tokens.\n\nIf\
- \ you send the subject in a query param, all authentication sessions that\
- \ belong to that subject are revoked.\nNo OpenID Connect Front- or Back-channel\
- \ logout is performed in this case.\n\nAlternatively, you can send a SessionID\
- \ via `sid` query param, in which case, only the session that is connected\n\
- to that SessionID is revoked. OpenID Connect Back-channel logout is performed\
- \ in this case."
+ description: |-
+ This endpoint invalidates authentication sessions. After revoking the authentication session(s), the subject
+ has to re-authenticate at the Ory OAuth2 Provider. This endpoint does not invalidate any tokens.
+
+ If you send the subject in a query param, all authentication sessions that belong to that subject are revoked.
+ No OpenID Connect Front- or Back-channel logout is performed in this case.
+
+ Alternatively, you can send a SessionID via `sid` query param, in which case, only the session that is connected
+ to that SessionID is revoked. OpenID Connect Back-channel logout is performed in this case.
operationId: revokeOAuth2LoginSessions
parameters:
- description: |-
@@ -1153,9 +1200,9 @@ paths:
type: string
style: form
- description: |-
- OAuth 2.0 Subject
+ Login Session ID
- The subject to revoke authentication sessions for.
+ The login session to revoke.
explode: true
in: query
name: sid
@@ -1165,8 +1212,9 @@ paths:
style: form
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -1178,11 +1226,10 @@ paths:
- oAuth2
/admin/oauth2/introspect:
post:
- description: "The introspection endpoint allows to check if a token (both refresh\
- \ and access) is active or not. An active token\nis neither expired nor revoked.\
- \ If a token is active, additional information on the token will be included.\
- \ You can\nset additional data for a token by setting `session.access_token`\
- \ during the consent flow."
+ description: |-
+ The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token
+ is neither expired nor revoked. If a token is active, additional information on the token will be included. You can
+ set additional data for a token by setting `session.access_token` during the consent flow.
operationId: introspectOAuth2Token
requestBody:
content:
@@ -1221,8 +1268,9 @@ paths:
style: form
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -1279,9 +1327,10 @@ paths:
tags:
- oAuth2
post:
- description: "Use this endpoint to establish a trust relationship for a JWT\
- \ issuer\nto perform JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication\n\
- and Authorization Grants [RFC7523](https://datatracker.ietf.org/doc/html/rfc7523)."
+ description: |-
+ Use this endpoint to establish a trust relationship for a JWT issuer
+ to perform JSON Web Token (JWT) Profile for OAuth 2.0 Client Authentication
+ and Authorization Grants [RFC7523](https://datatracker.ietf.org/doc/html/rfc7523).
operationId: trustOAuth2JwtGrantIssuer
requestBody:
content:
@@ -1307,11 +1356,12 @@ paths:
- oAuth2
/admin/trust/grants/jwt-bearer/issuers/{id}:
delete:
- description: "Use this endpoint to delete trusted JWT Bearer Grant Type Issuer.\
- \ The ID is the one returned when you\ncreated the trust relationship.\n\n\
- Once deleted, the associated issuer will no longer be able to perform the\
- \ JSON Web Token (JWT) Profile\nfor OAuth 2.0 Client Authentication and Authorization\
- \ Grant."
+ description: |-
+ Use this endpoint to delete trusted JWT Bearer Grant Type Issuer. The ID is the one returned when you
+ created the trust relationship.
+
+ Once deleted, the associated issuer will no longer be able to perform the JSON Web Token (JWT) Profile
+ for OAuth 2.0 Client Authentication and Authorization Grant.
operationId: deleteTrustedOAuth2JwtGrantIssuer
parameters:
- description: The id of the desired grant
@@ -1324,8 +1374,9 @@ paths:
style: simple
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -1405,13 +1456,15 @@ paths:
- oidc
/health/alive:
get:
- description: "This endpoint returns a HTTP 200 status code when Ory Hydra is\
- \ accepting incoming\nHTTP requests. This status does currently not include\
- \ checks whether the database connection is working.\n\nIf the service supports\
- \ TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto`\
- \ header to be set.\n\nBe aware that if you are running multiple nodes of\
- \ this service, the health status will never\nrefer to the cluster state,\
- \ only to a single instance."
+ description: |-
+ This endpoint returns a HTTP 200 status code when Ory Hydra is accepting incoming
+ HTTP requests. This status does currently not include checks whether the database connection is working.
+
+ If the service supports TLS Edge Termination, this endpoint does not require the
+ `X-Forwarded-Proto` header to be set.
+
+ Be aware that if you are running multiple nodes of this service, the health status will never
+ refer to the cluster state, only to a single instance.
operationId: isAlive
responses:
"200":
@@ -1431,12 +1484,15 @@ paths:
- metadata
/health/ready:
get:
- description: "This endpoint returns a HTTP 200 status code when Ory Hydra is\
- \ up running and the environment dependencies (e.g.\nthe database) are responsive\
- \ as well.\n\nIf the service supports TLS Edge Termination, this endpoint\
- \ does not require the\n`X-Forwarded-Proto` header to be set.\n\nBe aware\
- \ that if you are running multiple nodes of Ory Hydra, the health status will\
- \ never\nrefer to the cluster state, only to a single instance."
+ description: |-
+ This endpoint returns a HTTP 200 status code when Ory Hydra is up running and the environment dependencies (e.g.
+ the database) are responsive as well.
+
+ If the service supports TLS Edge Termination, this endpoint does not require the
+ `X-Forwarded-Proto` header to be set.
+
+ Be aware that if you are running multiple nodes of Ory Hydra, the health status will never
+ refer to the cluster state, only to a single instance.
operationId: isReady
responses:
"200":
@@ -1460,12 +1516,14 @@ paths:
Use open source libraries to perform OAuth 2.0 and OpenID Connect
available for any programming language. You can find a list of libraries at https://oauth.net/code/
- The Ory SDK is not yet able to this endpoint properly.
+ This endpoint should not be used via the Ory SDK and is only included for technical reasons.
+ Instead, use one of the libraries linked above.
operationId: oAuth2Authorize
responses:
"302":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -1475,6 +1533,49 @@ paths:
summary: OAuth 2.0 Authorize Endpoint
tags:
- oAuth2
+ /oauth2/device/auth:
+ post:
+ description: |-
+ This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.
+ OAuth2 is a very popular protocol and a library for your programming language will exists.
+
+ To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc8628
+ operationId: oAuth2DeviceFlow
+ responses:
+ "200":
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/deviceAuthorization'
+ description: deviceAuthorization
+ default:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/errorOAuth2'
+ description: errorOAuth2
+ summary: The OAuth 2.0 Device Authorize Endpoint
+ tags:
+ - oAuth2
+ /oauth2/device/verify:
+ get:
+ description: This is the device user verification endpoint. The user is redirected
+ her when trying to login using the device flow.
+ operationId: performOAuth2DeviceVerificationFlow
+ responses:
+ "302":
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 201.
+ default:
+ content:
+ application/json:
+ schema:
+ $ref: '#/components/schemas/errorOAuth2'
+ description: errorOAuth2
+ summary: OAuth 2.0 Device Verification Endpoint
+ tags:
+ - oAuth2
/oauth2/register:
post:
description: |-
@@ -1522,18 +1623,18 @@ paths:
- oidc
/oauth2/register/{id}:
delete:
- description: "This endpoint behaves like the administrative counterpart (`deleteOAuth2Client`)\
- \ but is capable of facing the\npublic internet directly and can be used in\
- \ self-service. It implements the OpenID Connect\nDynamic Client Registration\
- \ Protocol. This feature needs to be enabled in the configuration. This endpoint\n\
- is disabled by default. It can be enabled by an administrator.\n\nTo use this\
- \ endpoint, you will need to present the client's authentication credentials.\
- \ If the OAuth2 Client\nuses the Token Endpoint Authentication Method `client_secret_post`,\
- \ you need to present the client secret in the URL query.\nIf it uses `client_secret_basic`,\
- \ present the Client ID and the Client Secret in the Authorization header.\n\
- \nOAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows.\
- \ Usually, OAuth 2.0 clients are\ngenerated for applications which want to\
- \ consume your OAuth 2.0 or OpenID Connect capabilities."
+ description: |-
+ This endpoint behaves like the administrative counterpart (`deleteOAuth2Client`) but is capable of facing the
+ public internet directly and can be used in self-service. It implements the OpenID Connect
+ Dynamic Client Registration Protocol. This feature needs to be enabled in the configuration. This endpoint
+ is disabled by default. It can be enabled by an administrator.
+
+ To use this endpoint, you will need to present the client's authentication credentials. If the OAuth2 Client
+ uses the Token Endpoint Authentication Method `client_secret_post`, you need to present the client secret in the URL query.
+ If it uses `client_secret_basic`, present the Client ID and the Client Secret in the Authorization header.
+
+ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are
+ generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
operationId: deleteOidcDynamicClient
parameters:
- description: The id of the OAuth 2.0 Client.
@@ -1546,8 +1647,9 @@ paths:
style: simple
responses:
"204":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -1561,14 +1663,14 @@ paths:
tags:
- oidc
get:
- description: "This endpoint behaves like the administrative counterpart (`getOAuth2Client`)\
- \ but is capable of facing the\npublic internet directly and can be used in\
- \ self-service. It implements the OpenID Connect\nDynamic Client Registration\
- \ Protocol.\n\nTo use this endpoint, you will need to present the client's\
- \ authentication credentials. If the OAuth2 Client\nuses the Token Endpoint\
- \ Authentication Method `client_secret_post`, you need to present the client\
- \ secret in the URL query.\nIf it uses `client_secret_basic`, present the\
- \ Client ID and the Client Secret in the Authorization header."
+ description: |-
+ This endpoint behaves like the administrative counterpart (`getOAuth2Client`) but is capable of facing the
+ public internet directly and can be used in self-service. It implements the OpenID Connect
+ Dynamic Client Registration Protocol.
+
+ To use this endpoint, you will need to present the client's authentication credentials. If the OAuth2 Client
+ uses the Token Endpoint Authentication Method `client_secret_post`, you need to present the client secret in the URL query.
+ If it uses `client_secret_basic`, present the Client ID and the Client Secret in the Authorization header.
operationId: getOidcDynamicClient
parameters:
- description: The id of the OAuth 2.0 Client.
@@ -1598,20 +1700,22 @@ paths:
tags:
- oidc
put:
- description: "This endpoint behaves like the administrative counterpart (`setOAuth2Client`)\
- \ but is capable of facing the\npublic internet directly to be used by third\
- \ parties. It implements the OpenID Connect\nDynamic Client Registration Protocol.\n\
- \nThis feature is disabled per default. It can be enabled by a system administrator.\n\
- \nIf you pass `client_secret` the secret is used, otherwise the existing secret\
- \ is used. If set, the secret is echoed in the response.\nIt is not possible\
- \ to retrieve it later on.\n\nTo use this endpoint, you will need to present\
- \ the client's authentication credentials. If the OAuth2 Client\nuses the\
- \ Token Endpoint Authentication Method `client_secret_post`, you need to present\
- \ the client secret in the URL query.\nIf it uses `client_secret_basic`, present\
- \ the Client ID and the Client Secret in the Authorization header.\n\nOAuth\
- \ 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually,\
- \ OAuth 2.0 clients are\ngenerated for applications which want to consume\
- \ your OAuth 2.0 or OpenID Connect capabilities."
+ description: |-
+ This endpoint behaves like the administrative counterpart (`setOAuth2Client`) but is capable of facing the
+ public internet directly to be used by third parties. It implements the OpenID Connect
+ Dynamic Client Registration Protocol.
+
+ This feature is disabled per default. It can be enabled by a system administrator.
+
+ If you pass `client_secret` the secret is used, otherwise the existing secret is used. If set, the secret is echoed in the response.
+ It is not possible to retrieve it later on.
+
+ To use this endpoint, you will need to present the client's authentication credentials. If the OAuth2 Client
+ uses the Token Endpoint Authentication Method `client_secret_post`, you need to present the client secret in the URL query.
+ If it uses `client_secret_basic`, present the Client ID and the Client Secret in the Authorization header.
+
+ OAuth 2.0 clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are
+ generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
operationId: setOidcDynamicClient
parameters:
- description: OAuth 2.0 Client ID
@@ -1656,12 +1760,11 @@ paths:
- oidc
/oauth2/revoke:
post:
- description: "Revoking a token (both access and refresh) means that the tokens\
- \ will be invalid. A revoked access token can no\nlonger be used to make access\
- \ requests, and a revoked refresh token can no longer be used to refresh an\
- \ access token.\nRevoking a refresh token also invalidates the access token\
- \ that was created with it. A token may only be revoked by\nthe client the\
- \ token was generated for."
+ description: |-
+ Revoking a token (both access and refresh) means that the tokens will be invalid. A revoked access token can no
+ longer be used to make access requests, and a revoked refresh token can no longer be used to refresh an access token.
+ Revoking a refresh token also invalidates the access token that was created with it. A token may only be revoked by
+ the client the token was generated for.
operationId: revokeOAuth2Token
requestBody:
content:
@@ -1670,8 +1773,9 @@ paths:
$ref: '#/components/schemas/revokeOAuth2Token_request'
responses:
"200":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
default:
content:
application/json:
@@ -1696,8 +1800,9 @@ paths:
operationId: revokeOidcSession
responses:
"302":
- description: "Empty responses are sent when, for example, resources are\
- \ deleted. The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
summary: OpenID Connect Front- and Back-channel Enabled Logout
tags:
- oidc
@@ -1707,7 +1812,8 @@ paths:
Use open source libraries to perform OAuth 2.0 and OpenID Connect
available for any programming language. You can find a list of libraries here https://oauth.net/code/
- The Ory SDK is not yet able to this endpoint properly.
+ This endpoint should not be used via the Ory SDK and is only included for technical reasons.
+ Instead, use one of the libraries linked above.
operationId: oauth2TokenExchange
requestBody:
content:
@@ -1735,11 +1841,13 @@ paths:
- oAuth2
/userinfo:
get:
- description: "This endpoint returns the payload of the ID Token, including `session.id_token`\
- \ values, of\nthe provided OAuth 2.0 Access Token's consent request.\n\nIn\
- \ the case of authentication error, a WWW-Authenticate header might be set\
- \ in the response\nwith more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3)\n\
- for more details about header format."
+ description: |-
+ This endpoint returns the payload of the ID Token, including `session.id_token` values, of
+ the provided OAuth 2.0 Access Token's consent request.
+
+ In the case of authentication error, a WWW-Authenticate header might be set in the response
+ with more information about the error. See [the spec](https://datatracker.ietf.org/doc/html/rfc6750#section-3)
+ for more details about header format.
operationId: getOidcUserInfo
responses:
"200":
@@ -1761,11 +1869,14 @@ paths:
- oidc
/version:
get:
- description: "This endpoint returns the version of Ory Hydra.\n\nIf the service\
- \ supports TLS Edge Termination, this endpoint does not require the\n`X-Forwarded-Proto`\
- \ header to be set.\n\nBe aware that if you are running multiple nodes of\
- \ this service, the version will never\nrefer to the cluster state, only to\
- \ a single instance."
+ description: |-
+ This endpoint returns the version of Ory Hydra.
+
+ If the service supports TLS Edge Termination, this endpoint does not require the
+ `X-Forwarded-Proto` header to be set.
+
+ Be aware that if you are running multiple nodes of this service, the version will never
+ refer to the cluster state, only to a single instance.
operationId: getVersion
responses:
"200":
@@ -1780,8 +1891,9 @@ paths:
components:
responses:
emptyResponse:
- description: "Empty responses are sent when, for example, resources are deleted.\
- \ The HTTP status code for empty responses is\ntypically 201."
+ description: |-
+ Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
+ typically 204.
errorOAuth2BadRequest:
content:
application/json:
@@ -1831,6 +1943,38 @@ components:
a verifiable credential.
type: object
DefaultError: {}
+ DeviceUserAuthRequest:
+ properties:
+ challenge:
+ description: |-
+ ID is the identifier ("device challenge") of the device grant request. It is used to
+ identify the session.
+ type: string
+ client:
+ $ref: '#/components/schemas/oAuth2Client'
+ handled_at:
+ format: date-time
+ title: NullTime implements sql.NullTime functionality.
+ type: string
+ request_url:
+ description: RequestURL is the original Device Authorization URL requested.
+ type: string
+ requested_access_token_audience:
+ items:
+ type: string
+ title: "StringSliceJSONFormat represents []string{} which is encoded to/from\
+ \ JSON for SQL storage."
+ type: array
+ requested_scope:
+ items:
+ type: string
+ title: "StringSliceJSONFormat represents []string{} which is encoded to/from\
+ \ JSON for SQL storage."
+ type: array
+ required:
+ - challenge
+ title: Contains information on an ongoing device grant request.
+ type: object
JSONRawMessage:
title: "JSONRawMessage represents a json.RawMessage that works well with JSON,\
\ SQL, and Swagger."
@@ -1894,8 +2038,17 @@ components:
type: string
title: VerifiableCredentialProof contains the proof of a verifiable credential.
type: object
+ acceptDeviceUserCodeRequest:
+ description: Contains information on an device verification
+ properties:
+ user_code:
+ type: string
+ type: object
acceptOAuth2ConsentRequest:
properties:
+ context:
+ title: "JSONRawMessage represents a json.RawMessage that works well with\
+ \ JSON, SQL, and Swagger."
grant_access_token_audience:
items:
type: string
@@ -1913,14 +2066,14 @@ components:
title: NullTime implements sql.NullTime functionality.
type: string
remember:
- description: "Remember, if set to true, tells ORY Hydra to remember this\
- \ consent authorization and reuse it if the same\nclient asks the same\
- \ user for the same, or a subset of, scope."
+ description: |-
+ Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same
+ client asks the same user for the same, or a subset of, scope.
type: boolean
remember_for:
- description: "RememberFor sets how long the consent authorization should\
- \ be remembered for in seconds. If set to `0`, the\nauthorization will\
- \ be remembered indefinitely."
+ description: |-
+ RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the
+ authorization will be remembered indefinitely.
format: int64
type: integer
session:
@@ -1933,13 +2086,11 @@ components:
id_token: ""
properties:
access_token:
- description: "AccessToken sets session data for the access and refresh token,\
- \ as well as any future tokens issued by the\nrefresh grant. Keep in mind\
- \ that this data will be available to anyone performing OAuth 2.0 Challenge\
- \ Introspection.\nIf only your services can perform OAuth 2.0 Challenge\
- \ Introspection, this is usually fine. But if third parties\ncan access\
- \ that endpoint as well, sensitive data from the session might be exposed\
- \ to them. Use with care!"
+ description: |-
+ AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the
+ refresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.
+ If only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties
+ can access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!
id_token:
description: |-
IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable
@@ -1949,9 +2100,9 @@ components:
acceptOAuth2LoginRequest:
properties:
acr:
- description: "ACR sets the Authentication AuthorizationContext Class Reference\
- \ value for this authentication session. You can use it\nto express that,\
- \ for example, a user authenticated using two factor authentication."
+ description: |-
+ ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
+ to express that, for example, a user authenticated using two factor authentication.
type: string
amr:
items:
@@ -1963,47 +2114,48 @@ components:
title: "JSONRawMessage represents a json.RawMessage that works well with\
\ JSON, SQL, and Swagger."
extend_session_lifespan:
- description: "Extend OAuth2 authentication session lifespan\n\nIf set to\
- \ `true`, the OAuth2 authentication cookie lifespan is extended. This\
- \ is for example useful if you want the user to be able to use `prompt=none`\
- \ continuously.\n\nThis value can only be set to `true` if the user has\
- \ an authentication, which is the case if the `skip` value is `true`."
+ description: |-
+ Extend OAuth2 authentication session lifespan
+
+ If set to `true`, the OAuth2 authentication cookie lifespan is extended. This is for example useful if you want the user to be able to use `prompt=none` continuously.
+
+ This value can only be set to `true` if the user has an authentication, which is the case if the `skip` value is `true`.
type: boolean
force_subject_identifier:
- description: "ForceSubjectIdentifier forces the \"pairwise\" user ID of\
- \ the end-user that authenticated. The \"pairwise\" user ID refers to\
- \ the\n(Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg]\
- \ of the OpenID\nConnect specification. It allows you to set an obfuscated\
- \ subject (\"user\") identifier that is unique to the client.\n\nPlease\
- \ note that this changes the user ID on endpoint /userinfo and sub claim\
- \ of the ID Token. It does not change the\nsub claim in the OAuth 2.0\
- \ Introspection.\n\nPer default, ORY Hydra handles this value with its\
- \ own algorithm. In case you want to set this yourself\nyou can use this\
- \ field. Please note that setting this field has no effect if `pairwise`\
- \ is not configured in\nORY Hydra or the OAuth 2.0 Client does not expect\
- \ a pairwise identifier (set via `subject_type` key in the client's\n\
- configuration).\n\nPlease also be aware that ORY Hydra is unable to properly\
- \ compute this value during authentication. This implies\nthat you have\
- \ to compute this value on every authentication process (probably depending\
- \ on the client ID or some\nother unique value).\n\nIf you fail to compute\
- \ the proper value, then authentication processes which have id_token_hint\
- \ set might fail."
+ description: |-
+ ForceSubjectIdentifier forces the "pairwise" user ID of the end-user that authenticated. The "pairwise" user ID refers to the
+ (Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID
+ Connect specification. It allows you to set an obfuscated subject ("user") identifier that is unique to the client.
+
+ Please note that this changes the user ID on endpoint /userinfo and sub claim of the ID Token. It does not change the
+ sub claim in the OAuth 2.0 Introspection.
+
+ Per default, ORY Hydra handles this value with its own algorithm. In case you want to set this yourself
+ you can use this field. Please note that setting this field has no effect if `pairwise` is not configured in
+ ORY Hydra or the OAuth 2.0 Client does not expect a pairwise identifier (set via `subject_type` key in the client's
+ configuration).
+
+ Please also be aware that ORY Hydra is unable to properly compute this value during authentication. This implies
+ that you have to compute this value on every authentication process (probably depending on the client ID or some
+ other unique value).
+
+ If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail.
type: string
identity_provider_session_id:
- description: "IdentityProviderSessionID is the session ID of the end-user\
- \ that authenticated.\nIf specified, we will use this value to propagate\
- \ the logout."
+ description: |-
+ IdentityProviderSessionID is the session ID of the end-user that authenticated.
+ If specified, we will use this value to propagate the logout.
type: string
remember:
- description: "Remember, if set to true, tells ORY Hydra to remember this\
- \ user by telling the user agent (browser) to store\na cookie with authentication\
- \ data. If the same user performs another OAuth 2.0 Authorization Request,\
- \ he/she\nwill not be asked to log in again."
+ description: |-
+ Remember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store
+ a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she
+ will not be asked to log in again.
type: boolean
remember_for:
- description: "RememberFor sets how long the authentication should be remembered\
- \ for in seconds. If set to `0`, the\nauthorization will be remembered\
- \ for the duration of the browser session (using a session cookie)."
+ description: |-
+ RememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the
+ authorization will be remembered for the duration of the browser session (using a session cookie).
format: int64
type: integer
subject:
@@ -2017,8 +2169,10 @@ components:
description: Create JSON Web Key Set Request Body
properties:
alg:
- description: "JSON Web Key Algorithm\n\nThe algorithm to be used for creating\
- \ the key. Supports `RS256`, `ES256`, `ES512`, `HS512`, and `HS256`."
+ description: |-
+ JSON Web Key Algorithm
+
+ The algorithm to be used for creating the key. Supports `RS256`, `ES256`, `ES512`, `HS512`, and `HS256`.
type: string
kid:
description: |-
@@ -2086,6 +2240,53 @@ components:
type: array
title: Verifiable Credentials Metadata (Draft 00)
type: object
+ deviceAuthorization:
+ description: '# Ory''s OAuth 2.0 Device Authorization API'
+ example:
+ user_code: AAAAAA
+ device_code: ory_dc_smldfksmdfkl.mslkmlkmlk
+ interval: 5
+ verification_uri_complete: https://auth.ory.sh/tv?user_code=AAAAAA
+ verification_uri: https://auth.ory.sh/tv
+ expires_in: 16830
+ properties:
+ device_code:
+ description: The device verification code.
+ example: ory_dc_smldfksmdfkl.mslkmlkmlk
+ type: string
+ expires_in:
+ description: The lifetime in seconds of the "device_code" and "user_code".
+ example: 16830
+ format: int64
+ type: integer
+ interval:
+ description: |-
+ The minimum amount of time in seconds that the client
+ SHOULD wait between polling requests to the token endpoint. If no
+ value is provided, clients MUST use 5 as the default.
+ example: 5
+ format: int64
+ type: integer
+ user_code:
+ description: The end-user verification code.
+ example: AAAAAA
+ type: string
+ verification_uri:
+ description: |-
+ The end-user verification URI on the authorization
+ server. The URI should be short and easy to remember as end users
+ will be asked to manually type it into their user agent.
+ example: https://auth.ory.sh/tv
+ type: string
+ verification_uri_complete:
+ description: |-
+ A verification URI that includes the "user_code" (or
+ other information with the same function as the "user_code"),
+ which is designed for non-textual transmission.
+ example: https://auth.ory.sh/tv?user_code=AAAAAA
+ type: string
+ title: OAuth2 Device Flow
+ type: object
errorOAuth2:
description: Error
example:
@@ -2177,6 +2378,7 @@ components:
description: Errors contains a list of errors that caused the not ready
status.
type: object
+ title: The not ready status of the service.
type: object
healthStatus:
example:
@@ -2185,10 +2387,12 @@ components:
status:
description: Status always contains "ok".
type: string
+ title: The health status of the service.
type: object
introspectedOAuth2Token:
- description: "Introspection contains an access token's session data as specified\
- \ by\n[IETF RFC 7662](https://tools.ietf.org/html/rfc7662)"
+ description: |-
+ Introspection contains an access token's session data as specified by
+ [IETF RFC 7662](https://tools.ietf.org/html/rfc7662)
example:
ext:
key: ""
@@ -2209,14 +2413,16 @@ components:
username: username
properties:
active:
- description: "Active is a boolean indicator of whether or not the presented\
- \ token\nis currently active. The specifics of a token's \"active\" state\n\
- will vary depending on the implementation of the authorization\nserver\
- \ and the information it keeps about its tokens, but a \"true\"\nvalue\
- \ return for the \"active\" property will generally indicate\nthat a given\
- \ token has been issued by this authorization server,\nhas not been revoked\
- \ by the resource owner, and is within its\ngiven time window of validity\
- \ (e.g., after its issuance time and\nbefore its expiration time)."
+ description: |-
+ Active is a boolean indicator of whether or not the presented token
+ is currently active. The specifics of a token's "active" state
+ will vary depending on the implementation of the authorization
+ server and the information it keeps about its tokens, but a "true"
+ value return for the "active" property will generally indicate
+ that a given token has been issued by this authorization server,
+ has not been revoked by the resource owner, and is within its
+ given time window of validity (e.g., after its issuance time and
+ before its expiration time).
type: boolean
aud:
description: Audience contains a list of the token's intended audiences.
@@ -2229,9 +2435,9 @@ components:
requested this token.
type: string
exp:
- description: "Expires at is an integer timestamp, measured in the number\
- \ of seconds\nsince January 1 1970 UTC, indicating when this token will\
- \ expire."
+ description: |-
+ Expires at is an integer timestamp, measured in the number of seconds
+ since January 1 1970 UTC, indicating when this token will expire.
format: int64
type: integer
ext:
@@ -2239,18 +2445,20 @@ components:
description: Extra is arbitrary data set by the session.
type: object
iat:
- description: "Issued at is an integer timestamp, measured in the number\
- \ of seconds\nsince January 1 1970 UTC, indicating when this token was\n\
- originally issued."
+ description: |-
+ Issued at is an integer timestamp, measured in the number of seconds
+ since January 1 1970 UTC, indicating when this token was
+ originally issued.
format: int64
type: integer
iss:
description: IssuerURL is a string representing the issuer of this token
type: string
nbf:
- description: "NotBefore is an integer timestamp, measured in the number\
- \ of seconds\nsince January 1 1970 UTC, indicating when this token is\
- \ not to be\nused before."
+ description: |-
+ NotBefore is an integer timestamp, measured in the number of seconds
+ since January 1 1970 UTC, indicating when this token is not to be
+ used before.
format: int64
type: integer
obfuscated_subject:
@@ -2264,9 +2472,10 @@ components:
scopes associated with this token.
type: string
sub:
- description: "Subject of the token, as defined in JWT [RFC7519].\nUsually\
- \ a machine-readable identifier of the resource owner who\nauthorized\
- \ this token."
+ description: |-
+ Subject of the token, as defined in JWT [RFC7519].
+ Usually a machine-readable identifier of the resource owner who
+ authorized this token.
type: string
token_type:
description: "TokenType is the introspected token's type, typically `Bearer`."
@@ -2287,8 +2496,10 @@ components:
description: A JSONPatch document as defined by RFC 6902
properties:
from:
- description: "This field is used together with operation \"move\" and uses\
- \ JSON Pointer notation.\n\nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5)."
+ description: |-
+ This field is used together with operation "move" and uses JSON Pointer notation.
+
+ Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).
example: /name
type: string
op:
@@ -2297,13 +2508,17 @@ components:
example: replace
type: string
path:
- description: "The path to the target path. Uses JSON pointer notation.\n\
- \nLearn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5)."
+ description: |-
+ The path to the target path. Uses JSON pointer notation.
+
+ Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).
example: /name
type: string
value:
- description: "The value to be used within the operations.\n\nLearn more\
- \ [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5)."
+ description: |-
+ The value to be used within the operations.
+
+ Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).
example: foobar
required:
- op
@@ -2337,11 +2552,12 @@ components:
alg: RS256
properties:
alg:
- description: "The \"alg\" (algorithm) parameter identifies the algorithm\
- \ intended for\nuse with the key. The values used should either be registered\
- \ in the\nIANA \"JSON Web Signature and Encryption Algorithms\" registry\n\
- established by [JWA] or be a value that contains a Collision-\nResistant\
- \ Name."
+ description: |-
+ The "alg" (algorithm) parameter identifies the algorithm intended for
+ use with the key. The values used should either be registered in the
+ IANA "JSON Web Signature and Encryption Algorithms" registry
+ established by [JWA] or be a value that contains a Collision-
+ Resistant Name.
example: RS256
type: string
crv:
@@ -2363,23 +2579,25 @@ components:
example: GawgguFyGrWKav7AX4VKUg
type: string
kid:
- description: "The \"kid\" (key ID) parameter is used to match a specific\
- \ key. This\nis used, for instance, to choose among a set of keys within\
- \ a JWK Set\nduring key rollover. The structure of the \"kid\" value\
- \ is\nunspecified. When \"kid\" values are used within a JWK Set, different\n\
- keys within the JWK Set SHOULD use distinct \"kid\" values. (One\nexample\
- \ in which different keys might use the same \"kid\" value is if\nthey\
- \ have different \"kty\" (key type) values but are considered to be\n\
- equivalent alternatives by the application using them.) The \"kid\"\n\
- value is a case-sensitive string."
+ description: |-
+ The "kid" (key ID) parameter is used to match a specific key. This
+ is used, for instance, to choose among a set of keys within a JWK Set
+ during key rollover. The structure of the "kid" value is
+ unspecified. When "kid" values are used within a JWK Set, different
+ keys within the JWK Set SHOULD use distinct "kid" values. (One
+ example in which different keys might use the same "kid" value is if
+ they have different "kty" (key type) values but are considered to be
+ equivalent alternatives by the application using them.) The "kid"
+ value is a case-sensitive string.
example: 1603dfe0af8f4596
type: string
kty:
- description: "The \"kty\" (key type) parameter identifies the cryptographic\
- \ algorithm\nfamily used with the key, such as \"RSA\" or \"EC\". \"kty\"\
- \ values should\neither be registered in the IANA \"JSON Web Key Types\"\
- \ registry\nestablished by [JWA] or be a value that contains a Collision-\n\
- Resistant Name. The \"kty\" value is a case-sensitive string."
+ description: |-
+ The "kty" (key type) parameter identifies the cryptographic algorithm
+ family used with the key, such as "RSA" or "EC". "kty" values should
+ either be registered in the IANA "JSON Web Key Types" registry
+ established by [JWA] or be a value that contains a Collision-
+ Resistant Name. The "kty" value is a case-sensitive string.
example: RSA
type: string
"n":
@@ -2406,12 +2624,14 @@ components:
example: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU
type: string
x5c:
- description: "The \"x5c\" (X.509 certificate chain) parameter contains a\
- \ chain of one\nor more PKIX certificates [RFC5280]. The certificate\
- \ chain is\nrepresented as a JSON array of certificate value strings.\
- \ Each\nstring in the array is a base64-encoded (Section 4 of [RFC4648]\
- \ --\nnot base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.\n\
- The PKIX certificate containing the key value MUST be the first\ncertificate."
+ description: |-
+ The "x5c" (X.509 certificate chain) parameter contains a chain of one
+ or more PKIX certificates [RFC5280]. The certificate chain is
+ represented as a JSON array of certificate value strings. Each
+ string in the array is a base64-encoded (Section 4 of [RFC4648] --
+ not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
+ The PKIX certificate containing the key value MUST be the first
+ certificate.
items:
type: string
type: array
@@ -2468,12 +2688,15 @@ components:
alg: RS256
properties:
keys:
- description: "List of JSON Web Keys\n\nThe value of the \"keys\" parameter\
- \ is an array of JSON Web Key (JWK)\nvalues. By default, the order of\
- \ the JWK values within the array does\nnot imply an order of preference\
- \ among them, although applications\nof JWK Sets can choose to assign\
- \ a meaning to the order for their\npurposes, if desired."
- items:
+ description: |-
+ List of JSON Web Keys
+
+ The value of the "keys" parameter is an array of JSON Web Key (JWK)
+ values. By default, the order of the JWK values within the array does
+ not imply an order of preference among them, although applications
+ of JWK Sets can choose to assign a meaning to the order for their
+ purposes, if desired.
+ items:
$ref: '#/components/schemas/jsonWebKey'
type: array
type: object
@@ -2489,52 +2712,33 @@ components:
title: NullTime implements sql.NullTime functionality.
type: string
oAuth2Client:
- description: "OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect\
- \ flows. Usually, OAuth 2.0 clients are\ngenerated for applications which\
- \ want to consume your OAuth 2.0 or OpenID Connect capabilities."
+ description: |-
+ OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are
+ generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
example:
metadata: ""
- token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
- client_uri: client_uri
- jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
- jwks: ""
logo_uri: logo_uri
- created_at: 2000-01-23T04:56:07.000+00:00
- registration_client_uri: registration_client_uri
allowed_cors_origins:
- allowed_cors_origins
- allowed_cors_origins
refresh_token_grant_access_token_lifespan: refresh_token_grant_access_token_lifespan
- registration_access_token: registration_access_token
client_id: client_id
- token_endpoint_auth_method: client_secret_basic
- userinfo_signed_response_alg: userinfo_signed_response_alg
- authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
authorization_code_grant_refresh_token_lifespan: authorization_code_grant_refresh_token_lifespan
client_credentials_grant_access_token_lifespan: client_credentials_grant_access_token_lifespan
- updated_at: 2000-01-23T04:56:07.000+00:00
- scope: scope1 scope-2 scope.3 scope:4
request_uris:
- request_uris
- request_uris
client_secret: client_secret
backchannel_logout_session_required: true
backchannel_logout_uri: backchannel_logout_uri
- client_name: client_name
- policy_uri: policy_uri
- owner: owner
- skip_consent: true
audience:
- audience
- audience
- authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
post_logout_redirect_uris:
- post_logout_redirect_uris
- post_logout_redirect_uris
- grant_types:
- - grant_types
- - grant_types
- subject_type: subject_type
+ device_authorization_grant_id_token_lifespan: device_authorization_grant_id_token_lifespan
+ device_authorization_grant_access_token_lifespan: device_authorization_grant_access_token_lifespan
refresh_token_grant_refresh_token_lifespan: refresh_token_grant_refresh_token_lifespan
redirect_uris:
- redirect_uris
@@ -2543,25 +2747,50 @@ components:
frontchannel_logout_session_required: true
frontchannel_logout_uri: frontchannel_logout_uri
refresh_token_grant_id_token_lifespan: refresh_token_grant_id_token_lifespan
+ access_token_strategy: access_token_strategy
+ request_object_signing_alg: request_object_signing_alg
+ tos_uri: tos_uri
+ response_types:
+ - response_types
+ - response_types
+ token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+ client_uri: client_uri
+ jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
+ jwks: ""
+ created_at: 2000-01-23T04:56:07.000+00:00
+ registration_client_uri: registration_client_uri
+ registration_access_token: registration_access_token
+ token_endpoint_auth_method: client_secret_basic
+ userinfo_signed_response_alg: userinfo_signed_response_alg
+ authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
+ updated_at: 2000-01-23T04:56:07.000+00:00
+ scope: scope1 scope-2 scope.3 scope:4
+ device_authorization_grant_refresh_token_lifespan: device_authorization_grant_refresh_token_lifespan
+ client_name: client_name
+ policy_uri: policy_uri
+ owner: owner
+ skip_consent: true
+ authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
+ grant_types:
+ - grant_types
+ - grant_types
+ subject_type: subject_type
+ skip_logout_consent: true
implicit_grant_id_token_lifespan: implicit_grant_id_token_lifespan
client_secret_expires_at: 0
implicit_grant_access_token_lifespan: implicit_grant_access_token_lifespan
- access_token_strategy: access_token_strategy
jwks_uri: jwks_uri
- request_object_signing_alg: request_object_signing_alg
- tos_uri: tos_uri
contacts:
- contacts
- contacts
- response_types:
- - response_types
- - response_types
properties:
access_token_strategy:
- description: "OAuth 2.0 Access Token Strategy\n\nAccessTokenStrategy is\
- \ the strategy used to generate access tokens.\nValid options are `jwt`\
- \ and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens\n\
- Setting the stragegy here overrides the global setting in `strategies.access_token`."
+ description: |-
+ OAuth 2.0 Access Token Strategy
+
+ AccessTokenStrategy is the strategy used to generate access tokens.
+ Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens
+ Setting the stragegy here overrides the global setting in `strategies.access_token`.
type: string
allowed_cors_origins:
items:
@@ -2594,11 +2823,12 @@ components:
title: Time duration
type: string
backchannel_logout_session_required:
- description: "OpenID Connect Back-Channel Logout Session Required\n\nBoolean\
- \ value specifying whether the RP requires that a sid (session ID) Claim\
- \ be included in the Logout\nToken to identify the RP session with the\
- \ OP when the backchannel_logout_uri is used.\nIf omitted, the default\
- \ value is false."
+ description: |-
+ OpenID Connect Back-Channel Logout Session Required
+
+ Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout
+ Token to identify the RP session with the OP when the backchannel_logout_uri is used.
+ If omitted, the default value is false.
type: boolean
backchannel_logout_uri:
description: |-
@@ -2613,8 +2843,10 @@ components:
title: Time duration
type: string
client_id:
- description: "OAuth 2.0 Client ID\n\nThe ID is immutable. If no ID is provided,\
- \ a UUID4 will be generated."
+ description: |-
+ OAuth 2.0 Client ID
+
+ The ID is immutable. If no ID is provided, a UUID4 will be generated.
type: string
client_name:
description: |-
@@ -2624,9 +2856,11 @@ components:
end-user during authorization.
type: string
client_secret:
- description: "OAuth 2.0 Client Secret\n\nThe secret will be included in\
- \ the create request as cleartext, and then\nnever again. The secret is\
- \ kept in hashed format and is not recoverable once lost."
+ description: |-
+ OAuth 2.0 Client Secret
+
+ The secret will be included in the create request as cleartext, and then
+ never again. The secret is kept in hashed format and is not recoverable once lost.
type: string
client_secret_expires_at:
description: |-
@@ -2636,9 +2870,12 @@ components:
format: int64
type: integer
client_uri:
- description: "OAuth 2.0 Client URI\n\nClientURI is a URL string of a web\
- \ page providing information about the client.\nIf present, the server\
- \ SHOULD display this URL to the end-user in\na clickable fashion."
+ description: |-
+ OAuth 2.0 Client URI
+
+ ClientURI is a URL string of a web page providing information about the client.
+ If present, the server SHOULD display this URL to the end-user in
+ a clickable fashion.
type: string
contacts:
items:
@@ -2653,20 +2890,40 @@ components:
CreatedAt returns the timestamp of the client's creation.
format: date-time
type: string
+ device_authorization_grant_access_token_lifespan:
+ description: "Specify a time duration in milliseconds, seconds, minutes,\
+ \ hours."
+ pattern: "^([0-9]+(ns|us|ms|s|m|h))*$"
+ title: Time duration
+ type: string
+ device_authorization_grant_id_token_lifespan:
+ description: "Specify a time duration in milliseconds, seconds, minutes,\
+ \ hours."
+ pattern: "^([0-9]+(ns|us|ms|s|m|h))*$"
+ title: Time duration
+ type: string
+ device_authorization_grant_refresh_token_lifespan:
+ description: "Specify a time duration in milliseconds, seconds, minutes,\
+ \ hours."
+ pattern: "^([0-9]+(ns|us|ms|s|m|h))*$"
+ title: Time duration
+ type: string
frontchannel_logout_session_required:
- description: "OpenID Connect Front-Channel Logout Session Required\n\nBoolean\
- \ value specifying whether the RP requires that iss (issuer) and sid (session\
- \ ID) query parameters be\nincluded to identify the RP session with the\
- \ OP when the frontchannel_logout_uri is used.\nIf omitted, the default\
- \ value is false."
+ description: |-
+ OpenID Connect Front-Channel Logout Session Required
+
+ Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be
+ included to identify the RP session with the OP when the frontchannel_logout_uri is used.
+ If omitted, the default value is false.
type: boolean
frontchannel_logout_uri:
- description: "OpenID Connect Front-Channel Logout URI\n\nRP URL that will\
- \ cause the RP to log itself out when rendered in an iframe by the OP.\
- \ An iss (issuer) query\nparameter and a sid (session ID) query parameter\
- \ MAY be included by the OP to enable the RP to validate the\nrequest\
- \ and to determine which of the potentially multiple sessions is to be\
- \ logged out; if either is\nincluded, both MUST be."
+ description: |-
+ OpenID Connect Front-Channel Logout URI
+
+ RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query
+ parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the
+ request and to determine which of the potentially multiple sessions is to be logged out; if either is
+ included, both MUST be.
type: string
grant_types:
items:
@@ -2687,31 +2944,28 @@ components:
title: Time duration
type: string
jwks:
- description: "OAuth 2.0 Client JSON Web Key Set\n\nClient's JSON Web Key\
- \ Set [JWK] document, passed by value. The semantics of the jwks parameter\
- \ are the same as\nthe jwks_uri parameter, other than that the JWK Set\
- \ is passed by value, rather than by reference. This parameter\nis intended\
- \ only to be used by Clients that, for some reason, are unable to use\
- \ the jwks_uri parameter, for\ninstance, by native applications that might\
- \ not have a location to host the contents of the JWK Set. If a Client\n\
- can use jwks_uri, it MUST NOT use jwks. One significant downside of jwks\
- \ is that it does not enable key rotation\n(which jwks_uri does, as described\
- \ in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri\
- \ and jwks\nparameters MUST NOT be used together."
+ description: |-
+ OAuth 2.0 Client JSON Web Key Set
+
+ Client's JSON Web Key Set [JWK] document, passed by value. The semantics of the jwks parameter are the same as
+ the jwks_uri parameter, other than that the JWK Set is passed by value, rather than by reference. This parameter
+ is intended only to be used by Clients that, for some reason, are unable to use the jwks_uri parameter, for
+ instance, by native applications that might not have a location to host the contents of the JWK Set. If a Client
+ can use jwks_uri, it MUST NOT use jwks. One significant downside of jwks is that it does not enable key rotation
+ (which jwks_uri does, as described in Section 10 of OpenID Connect Core 1.0 [OpenID.Core]). The jwks_uri and jwks
+ parameters MUST NOT be used together.
jwks_uri:
- description: "OAuth 2.0 Client JSON Web Key Set URL\n\nURL for the Client's\
- \ JSON Web Key Set [JWK] document. If the Client signs requests to the\
- \ Server, it contains\nthe signing key(s) the Server uses to validate\
- \ signatures from the Client. The JWK Set MAY also contain the\nClient's\
- \ encryption keys(s), which are used by the Server to encrypt responses\
- \ to the Client. When both signing\nand encryption keys are made available,\
- \ a use (Key Use) parameter value is REQUIRED for all keys in the referenced\n\
- JWK Set to indicate each key's intended usage. Although some algorithms\
- \ allow the same key to be used for both\nsignatures and encryption, doing\
- \ so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY\
- \ be used\nto provide X.509 representations of keys provided. When used,\
- \ the bare key values MUST still be present and MUST\nmatch those in the\
- \ certificate."
+ description: |-
+ OAuth 2.0 Client JSON Web Key Set URL
+
+ URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains
+ the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the
+ Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing
+ and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced
+ JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both
+ signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used
+ to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST
+ match those in the certificate.
type: string
jwt_bearer_grant_access_token_lifespan:
description: "Specify a time duration in milliseconds, seconds, minutes,\
@@ -2735,10 +2989,12 @@ components:
Owner is a string identifying the owner of the OAuth 2.0 Client.
type: string
policy_uri:
- description: "OAuth 2.0 Client Policy URI\n\nPolicyURI is a URL string that\
- \ points to a human-readable privacy policy document\nthat describes how\
- \ the deployment organization collects, uses,\nretains, and discloses\
- \ personal data."
+ description: |-
+ OAuth 2.0 Client Policy URI
+
+ PolicyURI is a URL string that points to a human-readable privacy policy document
+ that describes how the deployment organization collects, uses,
+ retains, and discloses personal data.
type: string
post_logout_redirect_uris:
items:
@@ -2771,19 +3027,24 @@ components:
title: Time duration
type: string
registration_access_token:
- description: "OpenID Connect Dynamic Client Registration Access Token\n\n\
- RegistrationAccessToken can be used to update, get, or delete the OAuth2\
- \ Client. It is sent when creating a client\nusing Dynamic Client Registration."
+ description: |-
+ OpenID Connect Dynamic Client Registration Access Token
+
+ RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client. It is sent when creating a client
+ using Dynamic Client Registration.
type: string
registration_client_uri:
- description: "OpenID Connect Dynamic Client Registration URL\n\nRegistrationClientURI\
- \ is the URL used to update, get, or delete the OAuth2 Client."
+ description: |-
+ OpenID Connect Dynamic Client Registration URL
+
+ RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client.
type: string
request_object_signing_alg:
- description: "OpenID Connect Request Object Signing Algorithm\n\nJWS [JWS]\
- \ alg algorithm [JWA] that MUST be used for signing Request Objects sent\
- \ to the OP. All Request Objects\nfrom this Client MUST be rejected, if\
- \ not signed with this algorithm."
+ description: |-
+ OpenID Connect Request Object Signing Algorithm
+
+ JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects
+ from this Client MUST be rejected, if not signed with this algorithm.
type: string
request_uris:
items:
@@ -2798,9 +3059,12 @@ components:
\ JSON for SQL storage."
type: array
scope:
- description: "OAuth 2.0 Client Scope\n\nScope is a string containing a space-separated\
- \ list of scope values (as\ndescribed in Section 3.3 of OAuth 2.0 [RFC6749])\
- \ that the client\ncan use when requesting access tokens."
+ description: |-
+ OAuth 2.0 Client Scope
+
+ Scope is a string containing a space-separated list of scope values (as
+ described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
+ can use when requesting access tokens.
example: scope1 scope-2 scope.3 scope:4
type: string
sector_identifier_uri:
@@ -2815,6 +3079,11 @@ components:
SkipConsent skips the consent screen for this client. This field can only
be set from the admin API.
type: boolean
+ skip_logout_consent:
+ description: |-
+ SkipLogoutConsent skips the logout consent screen for this client. This field can only
+ be set from the admin API.
+ type: boolean
subject_type:
description: |-
OpenID Connect Subject Type
@@ -2824,14 +3093,15 @@ components:
type: string
token_endpoint_auth_method:
default: client_secret_basic
- description: "OAuth 2.0 Token Endpoint Authentication Method\n\nRequested\
- \ Client Authentication method for the Token Endpoint. The options are:\n\
- \n`client_secret_basic`: (default) Send `client_id` and `client_secret`\
- \ as `application/x-www-form-urlencoded` encoded in the HTTP Authorization\
- \ header.\n`client_secret_post`: Send `client_id` and `client_secret`\
- \ as `application/x-www-form-urlencoded` in the HTTP body.\n`private_key_jwt`:\
- \ Use JSON Web Tokens to authenticate the client.\n`none`: Used for public\
- \ clients (native apps, mobile apps) which can not have secrets."
+ description: |-
+ OAuth 2.0 Token Endpoint Authentication Method
+
+ Requested Client Authentication method for the Token Endpoint. The options are:
+
+ `client_secret_basic`: (default) Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` encoded in the HTTP Authorization header.
+ `client_secret_post`: Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` in the HTTP body.
+ `private_key_jwt`: Use JSON Web Tokens to authenticate the client.
+ `none`: Used for public clients (native apps, mobile apps) which can not have secrets.
type: string
token_endpoint_auth_signing_alg:
description: |-
@@ -2856,12 +3126,12 @@ components:
format: date-time
type: string
userinfo_signed_response_alg:
- description: "OpenID Connect Request Userinfo Signed Response Algorithm\n\
- \nJWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If\
- \ this is specified, the response will be JWT\n[JWT] serialized, and signed\
- \ using JWS. The default, if omitted, is for the UserInfo Response to\
- \ return the Claims\nas a UTF-8 encoded JSON object using the application/json\
- \ content-type."
+ description: |-
+ OpenID Connect Request Userinfo Signed Response Algorithm
+
+ JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT
+ [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims
+ as a UTF-8 encoded JSON object using the application/json content-type.
type: string
title: OAuth 2.0 Client
type: object
@@ -2892,6 +3162,24 @@ components:
pattern: "^([0-9]+(ns|us|ms|s|m|h))*$"
title: Time duration
type: string
+ device_authorization_grant_access_token_lifespan:
+ description: "Specify a time duration in milliseconds, seconds, minutes,\
+ \ hours."
+ pattern: "^([0-9]+(ns|us|ms|s|m|h))*$"
+ title: Time duration
+ type: string
+ device_authorization_grant_id_token_lifespan:
+ description: "Specify a time duration in milliseconds, seconds, minutes,\
+ \ hours."
+ pattern: "^([0-9]+(ns|us|ms|s|m|h))*$"
+ title: Time duration
+ type: string
+ device_authorization_grant_refresh_token_lifespan:
+ description: "Specify a time duration in milliseconds, seconds, minutes,\
+ \ hours."
+ pattern: "^([0-9]+(ns|us|ms|s|m|h))*$"
+ title: Time duration
+ type: string
implicit_grant_access_token_lifespan:
description: "Specify a time duration in milliseconds, seconds, minutes,\
\ hours."
@@ -2951,6 +3239,7 @@ components:
- acr_values
- acr_values
display: display
+ device_challenge_id: device_challenge_id
skip: true
request_url: request_url
acr: acr
@@ -2958,47 +3247,28 @@ components:
challenge: challenge
client:
metadata: ""
- token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
- client_uri: client_uri
- jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
- jwks: ""
logo_uri: logo_uri
- created_at: 2000-01-23T04:56:07.000+00:00
- registration_client_uri: registration_client_uri
allowed_cors_origins:
- allowed_cors_origins
- allowed_cors_origins
refresh_token_grant_access_token_lifespan: refresh_token_grant_access_token_lifespan
- registration_access_token: registration_access_token
client_id: client_id
- token_endpoint_auth_method: client_secret_basic
- userinfo_signed_response_alg: userinfo_signed_response_alg
- authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
authorization_code_grant_refresh_token_lifespan: authorization_code_grant_refresh_token_lifespan
client_credentials_grant_access_token_lifespan: client_credentials_grant_access_token_lifespan
- updated_at: 2000-01-23T04:56:07.000+00:00
- scope: scope1 scope-2 scope.3 scope:4
request_uris:
- request_uris
- request_uris
client_secret: client_secret
backchannel_logout_session_required: true
backchannel_logout_uri: backchannel_logout_uri
- client_name: client_name
- policy_uri: policy_uri
- owner: owner
- skip_consent: true
audience:
- audience
- audience
- authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
post_logout_redirect_uris:
- post_logout_redirect_uris
- post_logout_redirect_uris
- grant_types:
- - grant_types
- - grant_types
- subject_type: subject_type
+ device_authorization_grant_id_token_lifespan: device_authorization_grant_id_token_lifespan
+ device_authorization_grant_access_token_lifespan: device_authorization_grant_access_token_lifespan
refresh_token_grant_refresh_token_lifespan: refresh_token_grant_refresh_token_lifespan
redirect_uris:
- redirect_uris
@@ -3007,28 +3277,51 @@ components:
frontchannel_logout_session_required: true
frontchannel_logout_uri: frontchannel_logout_uri
refresh_token_grant_id_token_lifespan: refresh_token_grant_id_token_lifespan
+ access_token_strategy: access_token_strategy
+ request_object_signing_alg: request_object_signing_alg
+ tos_uri: tos_uri
+ response_types:
+ - response_types
+ - response_types
+ token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+ client_uri: client_uri
+ jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
+ jwks: ""
+ created_at: 2000-01-23T04:56:07.000+00:00
+ registration_client_uri: registration_client_uri
+ registration_access_token: registration_access_token
+ token_endpoint_auth_method: client_secret_basic
+ userinfo_signed_response_alg: userinfo_signed_response_alg
+ authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
+ updated_at: 2000-01-23T04:56:07.000+00:00
+ scope: scope1 scope-2 scope.3 scope:4
+ device_authorization_grant_refresh_token_lifespan: device_authorization_grant_refresh_token_lifespan
+ client_name: client_name
+ policy_uri: policy_uri
+ owner: owner
+ skip_consent: true
+ authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
+ grant_types:
+ - grant_types
+ - grant_types
+ subject_type: subject_type
+ skip_logout_consent: true
implicit_grant_id_token_lifespan: implicit_grant_id_token_lifespan
client_secret_expires_at: 0
implicit_grant_access_token_lifespan: implicit_grant_access_token_lifespan
- access_token_strategy: access_token_strategy
jwks_uri: jwks_uri
- request_object_signing_alg: request_object_signing_alg
- tos_uri: tos_uri
contacts:
- contacts
- contacts
- response_types:
- - response_types
- - response_types
login_session_id: login_session_id
requested_scope:
- requested_scope
- requested_scope
properties:
acr:
- description: "ACR represents the Authentication AuthorizationContext Class\
- \ Reference value for this authentication session. You can use it\nto\
- \ express that, for example, a user authenticated using two factor authentication."
+ description: |-
+ ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
+ to express that, for example, a user authenticated using two factor authentication.
type: string
amr:
items:
@@ -3046,6 +3339,10 @@ components:
context:
title: "JSONRawMessage represents a json.RawMessage that works well with\
\ JSON, SQL, and Swagger."
+ device_challenge_id:
+ description: "DeviceChallenge is the device challenge this consent challenge\
+ \ belongs to, if this flow was initiated by a device."
+ type: string
login_challenge:
description: |-
LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate
@@ -3061,11 +3358,10 @@ components:
oidc_context:
$ref: '#/components/schemas/oAuth2ConsentRequestOpenIDConnectContext'
request_url:
- description: "RequestURL is the original OAuth 2.0 Authorization URL requested\
- \ by the OAuth 2.0 client. It is the URL which\ninitiates the OAuth 2.0\
- \ Authorization Code or OAuth 2.0 Implicit flow. This URL is typically\
- \ not needed, but\nmight come in handy if you want to deal with additional\
- \ request parameters."
+ description: |-
+ RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which
+ initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but
+ might come in handy if you want to deal with additional request parameters.
type: string
requested_access_token_audience:
items:
@@ -3080,15 +3376,15 @@ components:
\ JSON for SQL storage."
type: array
skip:
- description: "Skip, if true, implies that the client has requested the same\
- \ scopes from the same user previously.\nIf true, you must not ask the\
- \ user to grant the requested scopes. You must however either allow or\
- \ deny the\nconsent request using the usual API call."
+ description: |-
+ Skip, if true, implies that the client has requested the same scopes from the same user previously.
+ If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the
+ consent request using the usual API call.
type: boolean
subject:
- description: "Subject is the user ID of the end-user that authenticated.\
- \ Now, that end user needs to grant or deny the scope\nrequested by the\
- \ OAuth 2.0 client."
+ description: |-
+ Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope
+ requested by the OAuth 2.0 client.
type: string
required:
- challenge
@@ -3108,36 +3404,29 @@ components:
display: display
properties:
acr_values:
- description: "ACRValues is the Authentication AuthorizationContext Class\
- \ Reference requested in the OAuth 2.0 Authorization request.\nIt is a\
- \ parameter defined by OpenID Connect and expresses which level of authentication\
- \ (e.g. 2FA) is required.\n\nOpenID Connect defines it as follows:\n>\
- \ Requested Authentication AuthorizationContext Class Reference values.\
- \ Space-separated string that specifies the acr values\nthat the Authorization\
- \ Server is being requested to use for processing this Authentication\
- \ Request, with the\nvalues appearing in order of preference. The Authentication\
- \ AuthorizationContext Class satisfied by the authentication\nperformed\
- \ is returned as the acr Claim Value, as specified in Section 2. The acr\
- \ Claim is requested as a\nVoluntary Claim by this parameter."
+ description: |-
+ ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request.
+ It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.
+
+ OpenID Connect defines it as follows:
+ > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values
+ that the Authorization Server is being requested to use for processing this Authentication Request, with the
+ values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication
+ performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a
+ Voluntary Claim by this parameter.
items:
type: string
type: array
display:
- description: "Display is a string value that specifies how the Authorization\
- \ Server displays the authentication and consent user interface pages\
- \ to the End-User.\nThe defined values are:\npage: The Authorization Server\
- \ SHOULD display the authentication and consent UI consistent with a full\
- \ User Agent page view. If the display parameter is not specified, this\
- \ is the default display mode.\npopup: The Authorization Server SHOULD\
- \ display the authentication and consent UI consistent with a popup User\
- \ Agent window. The popup User Agent window should be of an appropriate\
- \ size for a login-focused dialog and should not obscure the entire window\
- \ that it is popping up over.\ntouch: The Authorization Server SHOULD\
- \ display the authentication and consent UI consistent with a device that\
- \ leverages a touch interface.\nwap: The Authorization Server SHOULD display\
- \ the authentication and consent UI consistent with a \"feature phone\"\
- \ type display.\n\nThe Authorization Server MAY also attempt to detect\
- \ the capabilities of the User Agent and present an appropriate display."
+ description: |-
+ Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User.
+ The defined values are:
+ page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode.
+ popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over.
+ touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface.
+ wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display.
+
+ The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.
type: string
id_token_hint_claims:
additionalProperties: {}
@@ -3153,14 +3442,12 @@ components:
phone number in the format specified for the phone_number Claim. The use of this parameter is optional.
type: string
ui_locales:
- description: "UILocales is the End-User'id preferred languages and scripts\
- \ for the user interface, represented as a\nspace-separated list of BCP47\
- \ [RFC5646] language tag values, ordered by preference. For instance,\
- \ the value\n\"fr-CA fr en\" represents a preference for French as spoken\
- \ in Canada, then French (without a region designation),\nfollowed by\
- \ English (without a region designation). An error SHOULD NOT result if\
- \ some or all of the requested\nlocales are not supported by the OpenID\
- \ Provider."
+ description: |-
+ UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a
+ space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value
+ "fr-CA fr en" represents a preference for French as spoken in Canada, then French (without a region designation),
+ followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested
+ locales are not supported by the OpenID Provider.
items:
type: string
type: array
@@ -3190,6 +3477,7 @@ components:
- acr_values
- acr_values
display: display
+ device_challenge_id: device_challenge_id
skip: true
request_url: request_url
acr: acr
@@ -3197,47 +3485,28 @@ components:
challenge: challenge
client:
metadata: ""
- token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
- client_uri: client_uri
- jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
- jwks: ""
logo_uri: logo_uri
- created_at: 2000-01-23T04:56:07.000+00:00
- registration_client_uri: registration_client_uri
allowed_cors_origins:
- allowed_cors_origins
- allowed_cors_origins
refresh_token_grant_access_token_lifespan: refresh_token_grant_access_token_lifespan
- registration_access_token: registration_access_token
client_id: client_id
- token_endpoint_auth_method: client_secret_basic
- userinfo_signed_response_alg: userinfo_signed_response_alg
- authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
authorization_code_grant_refresh_token_lifespan: authorization_code_grant_refresh_token_lifespan
client_credentials_grant_access_token_lifespan: client_credentials_grant_access_token_lifespan
- updated_at: 2000-01-23T04:56:07.000+00:00
- scope: scope1 scope-2 scope.3 scope:4
request_uris:
- request_uris
- request_uris
client_secret: client_secret
backchannel_logout_session_required: true
backchannel_logout_uri: backchannel_logout_uri
- client_name: client_name
- policy_uri: policy_uri
- owner: owner
- skip_consent: true
audience:
- audience
- audience
- authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
post_logout_redirect_uris:
- post_logout_redirect_uris
- post_logout_redirect_uris
- grant_types:
- - grant_types
- - grant_types
- subject_type: subject_type
+ device_authorization_grant_id_token_lifespan: device_authorization_grant_id_token_lifespan
+ device_authorization_grant_access_token_lifespan: device_authorization_grant_access_token_lifespan
refresh_token_grant_refresh_token_lifespan: refresh_token_grant_refresh_token_lifespan
redirect_uris:
- redirect_uris
@@ -3246,19 +3515,42 @@ components:
frontchannel_logout_session_required: true
frontchannel_logout_uri: frontchannel_logout_uri
refresh_token_grant_id_token_lifespan: refresh_token_grant_id_token_lifespan
+ access_token_strategy: access_token_strategy
+ request_object_signing_alg: request_object_signing_alg
+ tos_uri: tos_uri
+ response_types:
+ - response_types
+ - response_types
+ token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+ client_uri: client_uri
+ jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
+ jwks: ""
+ created_at: 2000-01-23T04:56:07.000+00:00
+ registration_client_uri: registration_client_uri
+ registration_access_token: registration_access_token
+ token_endpoint_auth_method: client_secret_basic
+ userinfo_signed_response_alg: userinfo_signed_response_alg
+ authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
+ updated_at: 2000-01-23T04:56:07.000+00:00
+ scope: scope1 scope-2 scope.3 scope:4
+ device_authorization_grant_refresh_token_lifespan: device_authorization_grant_refresh_token_lifespan
+ client_name: client_name
+ policy_uri: policy_uri
+ owner: owner
+ skip_consent: true
+ authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
+ grant_types:
+ - grant_types
+ - grant_types
+ subject_type: subject_type
+ skip_logout_consent: true
implicit_grant_id_token_lifespan: implicit_grant_id_token_lifespan
client_secret_expires_at: 0
implicit_grant_access_token_lifespan: implicit_grant_access_token_lifespan
- access_token_strategy: access_token_strategy
jwks_uri: jwks_uri
- request_object_signing_alg: request_object_signing_alg
- tos_uri: tos_uri
contacts:
- contacts
- contacts
- response_types:
- - response_types
- - response_types
login_session_id: login_session_id
requested_scope:
- requested_scope
@@ -3272,6 +3564,7 @@ components:
session:
access_token: ""
id_token: ""
+ context: ""
grant_access_token_audience:
- grant_access_token_audience
- grant_access_token_audience
@@ -3283,6 +3576,9 @@ components:
properties:
consent_request:
$ref: '#/components/schemas/oAuth2ConsentRequest'
+ context:
+ title: "JSONRawMessage represents a json.RawMessage that works well with\
+ \ JSON, SQL, and Swagger."
expires_at:
$ref: '#/components/schemas/oAuth2ConsentSession_expires_at'
grant_access_token_audience:
@@ -3302,14 +3598,18 @@ components:
title: NullTime implements sql.NullTime functionality.
type: string
remember:
- description: "Remember Consent\n\nRemember, if set to true, tells ORY Hydra\
- \ to remember this consent authorization and reuse it if the same\nclient\
- \ asks the same user for the same, or a subset of, scope."
+ description: |-
+ Remember Consent
+
+ Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same
+ client asks the same user for the same, or a subset of, scope.
type: boolean
remember_for:
- description: "Remember Consent For\n\nRememberFor sets how long the consent\
- \ authorization should be remembered for in seconds. If set to `0`, the\n\
- authorization will be remembered indefinitely."
+ description: |-
+ Remember Consent For
+
+ RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the
+ authorization will be remembered indefinitely.
format: int64
type: integer
session:
@@ -3341,47 +3641,28 @@ components:
challenge: challenge
client:
metadata: ""
- token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
- client_uri: client_uri
- jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
- jwks: ""
logo_uri: logo_uri
- created_at: 2000-01-23T04:56:07.000+00:00
- registration_client_uri: registration_client_uri
allowed_cors_origins:
- allowed_cors_origins
- allowed_cors_origins
refresh_token_grant_access_token_lifespan: refresh_token_grant_access_token_lifespan
- registration_access_token: registration_access_token
client_id: client_id
- token_endpoint_auth_method: client_secret_basic
- userinfo_signed_response_alg: userinfo_signed_response_alg
- authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
authorization_code_grant_refresh_token_lifespan: authorization_code_grant_refresh_token_lifespan
client_credentials_grant_access_token_lifespan: client_credentials_grant_access_token_lifespan
- updated_at: 2000-01-23T04:56:07.000+00:00
- scope: scope1 scope-2 scope.3 scope:4
request_uris:
- request_uris
- request_uris
client_secret: client_secret
backchannel_logout_session_required: true
backchannel_logout_uri: backchannel_logout_uri
- client_name: client_name
- policy_uri: policy_uri
- owner: owner
- skip_consent: true
audience:
- audience
- audience
- authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
post_logout_redirect_uris:
- post_logout_redirect_uris
- post_logout_redirect_uris
- grant_types:
- - grant_types
- - grant_types
- subject_type: subject_type
+ device_authorization_grant_id_token_lifespan: device_authorization_grant_id_token_lifespan
+ device_authorization_grant_access_token_lifespan: device_authorization_grant_access_token_lifespan
refresh_token_grant_refresh_token_lifespan: refresh_token_grant_refresh_token_lifespan
redirect_uris:
- redirect_uris
@@ -3390,19 +3671,42 @@ components:
frontchannel_logout_session_required: true
frontchannel_logout_uri: frontchannel_logout_uri
refresh_token_grant_id_token_lifespan: refresh_token_grant_id_token_lifespan
+ access_token_strategy: access_token_strategy
+ request_object_signing_alg: request_object_signing_alg
+ tos_uri: tos_uri
+ response_types:
+ - response_types
+ - response_types
+ token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+ client_uri: client_uri
+ jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
+ jwks: ""
+ created_at: 2000-01-23T04:56:07.000+00:00
+ registration_client_uri: registration_client_uri
+ registration_access_token: registration_access_token
+ token_endpoint_auth_method: client_secret_basic
+ userinfo_signed_response_alg: userinfo_signed_response_alg
+ authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
+ updated_at: 2000-01-23T04:56:07.000+00:00
+ scope: scope1 scope-2 scope.3 scope:4
+ device_authorization_grant_refresh_token_lifespan: device_authorization_grant_refresh_token_lifespan
+ client_name: client_name
+ policy_uri: policy_uri
+ owner: owner
+ skip_consent: true
+ authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
+ grant_types:
+ - grant_types
+ - grant_types
+ subject_type: subject_type
+ skip_logout_consent: true
implicit_grant_id_token_lifespan: implicit_grant_id_token_lifespan
client_secret_expires_at: 0
implicit_grant_access_token_lifespan: implicit_grant_access_token_lifespan
- access_token_strategy: access_token_strategy
jwks_uri: jwks_uri
- request_object_signing_alg: request_object_signing_alg
- tos_uri: tos_uri
contacts:
- contacts
- contacts
- response_types:
- - response_types
- - response_types
session_id: session_id
skip: true
request_url: request_url
@@ -3420,11 +3724,10 @@ components:
oidc_context:
$ref: '#/components/schemas/oAuth2ConsentRequestOpenIDConnectContext'
request_url:
- description: "RequestURL is the original OAuth 2.0 Authorization URL requested\
- \ by the OAuth 2.0 client. It is the URL which\ninitiates the OAuth 2.0\
- \ Authorization Code or OAuth 2.0 Implicit flow. This URL is typically\
- \ not needed, but\nmight come in handy if you want to deal with additional\
- \ request parameters."
+ description: |-
+ RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which
+ initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but
+ might come in handy if you want to deal with additional request parameters.
type: string
requested_access_token_audience:
items:
@@ -3446,18 +3749,17 @@ components:
channel logout. It's value can generally be used to associate consecutive login requests by a certain user.
type: string
skip:
- description: "Skip, if true, implies that the client has requested the same\
- \ scopes from the same user previously.\nIf true, you can skip asking\
- \ the user to grant the requested scopes, and simply forward the user\
- \ to the redirect URL.\n\nThis feature allows you to update / set session\
- \ information."
+ description: |-
+ Skip, if true, implies that the client has requested the same scopes from the same user previously.
+ If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.
+
+ This feature allows you to update / set session information.
type: boolean
subject:
- description: "Subject is the user ID of the end-user that authenticated.\
- \ Now, that end user needs to grant or deny the scope\nrequested by the\
- \ OAuth 2.0 client. If this value is set and `skip` is true, you MUST\
- \ include this subject type\nwhen accepting the login request, or the\
- \ request will fail."
+ description: |-
+ Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope
+ requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type
+ when accepting the login request, or the request will fail.
type: string
required:
- challenge
@@ -3473,47 +3775,28 @@ components:
challenge: challenge
client:
metadata: ""
- token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
- client_uri: client_uri
- jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
- jwks: ""
logo_uri: logo_uri
- created_at: 2000-01-23T04:56:07.000+00:00
- registration_client_uri: registration_client_uri
allowed_cors_origins:
- allowed_cors_origins
- allowed_cors_origins
refresh_token_grant_access_token_lifespan: refresh_token_grant_access_token_lifespan
- registration_access_token: registration_access_token
client_id: client_id
- token_endpoint_auth_method: client_secret_basic
- userinfo_signed_response_alg: userinfo_signed_response_alg
- authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
authorization_code_grant_refresh_token_lifespan: authorization_code_grant_refresh_token_lifespan
client_credentials_grant_access_token_lifespan: client_credentials_grant_access_token_lifespan
- updated_at: 2000-01-23T04:56:07.000+00:00
- scope: scope1 scope-2 scope.3 scope:4
request_uris:
- request_uris
- request_uris
client_secret: client_secret
backchannel_logout_session_required: true
backchannel_logout_uri: backchannel_logout_uri
- client_name: client_name
- policy_uri: policy_uri
- owner: owner
- skip_consent: true
audience:
- audience
- audience
- authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
post_logout_redirect_uris:
- post_logout_redirect_uris
- post_logout_redirect_uris
- grant_types:
- - grant_types
- - grant_types
- subject_type: subject_type
+ device_authorization_grant_id_token_lifespan: device_authorization_grant_id_token_lifespan
+ device_authorization_grant_access_token_lifespan: device_authorization_grant_access_token_lifespan
refresh_token_grant_refresh_token_lifespan: refresh_token_grant_refresh_token_lifespan
redirect_uris:
- redirect_uris
@@ -3522,19 +3805,42 @@ components:
frontchannel_logout_session_required: true
frontchannel_logout_uri: frontchannel_logout_uri
refresh_token_grant_id_token_lifespan: refresh_token_grant_id_token_lifespan
+ access_token_strategy: access_token_strategy
+ request_object_signing_alg: request_object_signing_alg
+ tos_uri: tos_uri
+ response_types:
+ - response_types
+ - response_types
+ token_endpoint_auth_signing_alg: token_endpoint_auth_signing_alg
+ client_uri: client_uri
+ jwt_bearer_grant_access_token_lifespan: jwt_bearer_grant_access_token_lifespan
+ jwks: ""
+ created_at: 2000-01-23T04:56:07.000+00:00
+ registration_client_uri: registration_client_uri
+ registration_access_token: registration_access_token
+ token_endpoint_auth_method: client_secret_basic
+ userinfo_signed_response_alg: userinfo_signed_response_alg
+ authorization_code_grant_id_token_lifespan: authorization_code_grant_id_token_lifespan
+ updated_at: 2000-01-23T04:56:07.000+00:00
+ scope: scope1 scope-2 scope.3 scope:4
+ device_authorization_grant_refresh_token_lifespan: device_authorization_grant_refresh_token_lifespan
+ client_name: client_name
+ policy_uri: policy_uri
+ owner: owner
+ skip_consent: true
+ authorization_code_grant_access_token_lifespan: authorization_code_grant_access_token_lifespan
+ grant_types:
+ - grant_types
+ - grant_types
+ subject_type: subject_type
+ skip_logout_consent: true
implicit_grant_id_token_lifespan: implicit_grant_id_token_lifespan
client_secret_expires_at: 0
implicit_grant_access_token_lifespan: implicit_grant_access_token_lifespan
- access_token_strategy: access_token_strategy
jwks_uri: jwks_uri
- request_object_signing_alg: request_object_signing_alg
- tos_uri: tos_uri
contacts:
- contacts
- contacts
- response_types:
- - response_types
- - response_types
rp_initiated: true
request_url: request_url
sid: sid
@@ -3590,18 +3896,19 @@ components:
description: The access token issued by the authorization server.
type: string
expires_in:
- description: "The lifetime in seconds of the access token. For\nexample,\
- \ the value \"3600\" denotes that the access token will\nexpire in one\
- \ hour from the time the response was generated."
+ description: |-
+ The lifetime in seconds of the access token. For
+ example, the value "3600" denotes that the access token will
+ expire in one hour from the time the response was generated.
format: int64
type: integer
id_token:
description: To retrieve a refresh token request the id_token scope.
type: string
refresh_token:
- description: "The refresh token, which can be used to obtain new\naccess\
- \ tokens. To retrieve it add the scope \"offline\" to your access token\
- \ request."
+ description: |-
+ The refresh token, which can be used to obtain new
+ access tokens. To retrieve it add the scope "offline" to your access token request.
type: string
scope:
description: The scope of the access token
@@ -3626,6 +3933,7 @@ components:
- userinfo_signed_response_alg
- userinfo_signed_response_alg
authorization_endpoint: https://playground.ory.sh/ory-hydra/public/oauth2/auth
+ device_authorization_endpoint: https://playground.ory.sh/ory-hydra/public/oauth2/device/oauth
claims_supported:
- claims_supported
- claims_supported
@@ -3698,33 +4006,39 @@ components:
example: https://playground.ory.sh/ory-hydra/public/oauth2/auth
type: string
backchannel_logout_session_supported:
- description: "OpenID Connect Back-Channel Logout Session Required\n\nBoolean\
- \ value specifying whether the OP can pass a sid (session ID) Claim in\
- \ the Logout Token to identify the RP\nsession with the OP. If supported,\
- \ the sid Claim is also included in ID Tokens issued by the OP"
+ description: |-
+ OpenID Connect Back-Channel Logout Session Required
+
+ Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP
+ session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP
type: boolean
backchannel_logout_supported:
- description: "OpenID Connect Back-Channel Logout Supported\n\nBoolean value\
- \ specifying whether the OP supports back-channel logout, with true indicating\
- \ support."
+ description: |-
+ OpenID Connect Back-Channel Logout Supported
+
+ Boolean value specifying whether the OP supports back-channel logout, with true indicating support.
type: boolean
claims_parameter_supported:
- description: "OpenID Connect Claims Parameter Parameter Supported\n\nBoolean\
- \ value specifying whether the OP supports use of the claims parameter,\
- \ with true indicating support."
+ description: |-
+ OpenID Connect Claims Parameter Parameter Supported
+
+ Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support.
type: boolean
claims_supported:
- description: "OpenID Connect Supported Claims\n\nJSON array containing a\
- \ list of the Claim Names of the Claims that the OpenID Provider MAY be\
- \ able to supply\nvalues for. Note that for privacy or other reasons,\
- \ this might not be an exhaustive list."
+ description: |-
+ OpenID Connect Supported Claims
+
+ JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply
+ values for. Note that for privacy or other reasons, this might not be an exhaustive list.
items:
type: string
type: array
code_challenge_methods_supported:
- description: "OAuth 2.0 PKCE Supported Code Challenge Methods\n\nJSON array\
- \ containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code\
- \ challenge methods supported\nby this authorization server."
+ description: |-
+ OAuth 2.0 PKCE Supported Code Challenge Methods
+
+ JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported
+ by this authorization server.
items:
type: string
type: array
@@ -3742,6 +4056,10 @@ components:
items:
$ref: '#/components/schemas/credentialSupportedDraft00'
type: array
+ device_authorization_endpoint:
+ description: OAuth 2.0 Device Authorization Endpoint URL
+ example: https://playground.ory.sh/ory-hydra/public/oauth2/device/oauth
+ type: string
end_session_endpoint:
description: |-
OpenID Connect End-Session Endpoint
@@ -3749,16 +4067,18 @@ components:
URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
type: string
frontchannel_logout_session_supported:
- description: "OpenID Connect Front-Channel Logout Session Required\n\nBoolean\
- \ value specifying whether the OP can pass iss (issuer) and sid (session\
- \ ID) query parameters to identify\nthe RP session with the OP when the\
- \ frontchannel_logout_uri is used. If supported, the sid Claim is also\n\
- included in ID Tokens issued by the OP."
+ description: |-
+ OpenID Connect Front-Channel Logout Session Required
+
+ Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify
+ the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also
+ included in ID Tokens issued by the OP.
type: boolean
frontchannel_logout_supported:
- description: "OpenID Connect Front-Channel Logout Supported\n\nBoolean value\
- \ specifying whether the OP supports HTTP-based logout, with true indicating\
- \ support."
+ description: |-
+ OpenID Connect Front-Channel Logout Supported
+
+ Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support.
type: boolean
grant_types_supported:
description: |-
@@ -3786,26 +4106,25 @@ components:
type: string
type: array
issuer:
- description: "OpenID Connect Issuer URL\n\nAn URL using the https scheme\
- \ with no query or fragment component that the OP asserts as its IssuerURL\
- \ Identifier.\nIf IssuerURL discovery is supported , this value MUST be\
- \ identical to the issuer value returned\nby WebFinger. This also MUST\
- \ be identical to the iss Claim value in ID Tokens issued from this IssuerURL."
+ description: |-
+ OpenID Connect Issuer URL
+
+ An URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier.
+ If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned
+ by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.
example: https://playground.ory.sh/ory-hydra/public/
type: string
jwks_uri:
- description: "OpenID Connect Well-Known JSON Web Keys URL\n\nURL of the\
- \ OP's JSON Web Key Set [JWK] document. This contains the signing key(s)\
- \ the RP uses to validate\nsignatures from the OP. The JWK Set MAY also\
- \ contain the Server's encryption key(s), which are used by RPs\nto encrypt\
- \ requests to the Server. When both signing and encryption keys are made\
- \ available, a use (Key Use)\nparameter value is REQUIRED for all keys\
- \ in the referenced JWK Set to indicate each key's intended usage.\nAlthough\
- \ some algorithms allow the same key to be used for both signatures and\
- \ encryption, doing so is\nNOT RECOMMENDED, as it is less secure. The\
- \ JWK x5c parameter MAY be used to provide X.509 representations of\n\
- keys provided. When used, the bare key values MUST still be present and\
- \ MUST match those in the certificate."
+ description: |-
+ OpenID Connect Well-Known JSON Web Keys URL
+
+ URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate
+ signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs
+ to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use)
+ parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.
+ Although some algorithms allow the same key to be used for both signatures and encryption, doing so is
+ NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of
+ keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
example: "https://{slug}.projects.oryapis.com/.well-known/jwks.json"
type: string
registration_endpoint:
@@ -3813,25 +4132,27 @@ components:
example: https://playground.ory.sh/ory-hydra/admin/client
type: string
request_object_signing_alg_values_supported:
- description: "OpenID Connect Supported Request Object Signing Algorithms\n\
- \nJSON array containing a list of the JWS signing algorithms (alg values)\
- \ supported by the OP for Request Objects,\nwhich are described in Section\
- \ 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used\
- \ both when\nthe Request Object is passed by value (using the request\
- \ parameter) and when it is passed by reference\n(using the request_uri\
- \ parameter)."
+ description: |-
+ OpenID Connect Supported Request Object Signing Algorithms
+
+ JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects,
+ which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when
+ the Request Object is passed by value (using the request parameter) and when it is passed by reference
+ (using the request_uri parameter).
items:
type: string
type: array
request_parameter_supported:
- description: "OpenID Connect Request Parameter Supported\n\nBoolean value\
- \ specifying whether the OP supports use of the request parameter, with\
- \ true indicating support."
+ description: |-
+ OpenID Connect Request Parameter Supported
+
+ Boolean value specifying whether the OP supports use of the request parameter, with true indicating support.
type: boolean
request_uri_parameter_supported:
- description: "OpenID Connect Request URI Parameter Supported\n\nBoolean\
- \ value specifying whether the OP supports use of the request_uri parameter,\
- \ with true indicating support."
+ description: |-
+ OpenID Connect Request URI Parameter Supported
+
+ Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.
type: boolean
require_request_uri_registration:
description: |-
@@ -3849,10 +4170,11 @@ components:
type: string
type: array
response_types_supported:
- description: "OAuth 2.0 Supported Response Types\n\nJSON array containing\
- \ a list of the OAuth 2.0 response_type values that this OP supports.\
- \ Dynamic OpenID\nProviders MUST support the code, id_token, and the token\
- \ id_token Response Type values."
+ description: |-
+ OAuth 2.0 Supported Response Types
+
+ JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID
+ Providers MUST support the code, id_token, and the token id_token Response Type values.
items:
type: string
type: array
@@ -3863,11 +4185,11 @@ components:
URL of the authorization server's OAuth 2.0 revocation endpoint.
type: string
scopes_supported:
- description: "OAuth 2.0 Supported Scope Values\n\nJSON array containing\
- \ a list of the OAuth 2.0 [RFC6749] scope values that this server supports.\
- \ The server MUST\nsupport the openid scope value. Servers MAY choose\
- \ not to advertise some supported scope values even when this parameter\
- \ is used"
+ description: |-
+ OAuth 2.0 Supported Scope Values
+
+ JSON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST
+ support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used
items:
type: string
type: array
@@ -3885,11 +4207,11 @@ components:
example: https://playground.ory.sh/ory-hydra/public/oauth2/token
type: string
token_endpoint_auth_methods_supported:
- description: "OAuth 2.0 Supported Client Authentication Methods\n\nJSON\
- \ array containing a list of Client Authentication methods supported by\
- \ this Token Endpoint. The options are\nclient_secret_post, client_secret_basic,\
- \ client_secret_jwt, and private_key_jwt, as described in Section 9 of\
- \ OpenID Connect Core 1.0"
+ description: |-
+ OAuth 2.0 Supported Client Authentication Methods
+
+ JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are
+ client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0
items:
type: string
type: array
@@ -3908,15 +4230,16 @@ components:
type: string
type: array
userinfo_signing_alg_values_supported:
- description: "OpenID Connect Supported Userinfo Signing Algorithm\n\nJSON\
- \ array containing a list of the JWS [JWS] signing algorithms (alg values)\
- \ [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT\
- \ [JWT]."
+ description: |-
+ OpenID Connect Supported Userinfo Signing Algorithm
+
+ JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
items:
type: string
type: array
required:
- authorization_endpoint
+ - device_authorization_endpoint
- id_token_signed_response_alg
- id_token_signing_alg_values_supported
- issuer
@@ -4069,36 +4392,49 @@ components:
properties:
page_size:
default: 250
- description: "Items per page\n\nThis is the number of items per page to\
- \ return.\nFor details on pagination please head over to the [pagination\
- \ documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ description: |-
+ Items per page
+
+ This is the number of items per page to return.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
format: int64
maximum: 1000
minimum: 1
type: integer
page_token:
default: "1"
- description: "Next Page Token\n\nThe next page token.\nFor details on pagination\
- \ please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ description: |-
+ Next Page Token
+
+ The next page token.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
minimum: 1
type: string
type: object
paginationHeaders:
properties:
link:
- description: "The link header contains pagination links.\n\nFor details\
- \ on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\
- \nin: header"
+ description: |-
+ The link header contains pagination links.
+
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
+
+ in: header
type: string
x-total-count:
- description: "The total number of clients.\n\nin: header"
+ description: |-
+ The total number of clients.
+
+ in: header
type: string
type: object
rejectOAuth2Request:
properties:
error:
- description: "The error should follow the OAuth2 error format (e.g. `invalid_request`,\
- \ `login_required`).\n\nDefaults to `request_denied`."
+ description: |-
+ The error should follow the OAuth2 error format (e.g. `invalid_request`, `login_required`).
+
+ Defaults to `request_denied`.
type: string
error_debug:
description: |-
@@ -4124,69 +4460,92 @@ components:
properties:
page_size:
default: 250
- description: "Items per page\n\nThis is the number of items per page to\
- \ return.\nFor details on pagination please head over to the [pagination\
- \ documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ description: |-
+ Items per page
+
+ This is the number of items per page to return.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
format: int64
maximum: 1000
minimum: 1
type: integer
page_token:
default: "1"
- description: "Next Page Token\n\nThe next page token.\nFor details on pagination\
- \ please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ description: |-
+ Next Page Token
+
+ The next page token.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
minimum: 1
type: string
type: object
tokenPaginationHeaders:
properties:
link:
- description: "The link header contains pagination links.\n\nFor details\
- \ on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).\n\
- \nin: header"
+ description: |-
+ The link header contains pagination links.
+
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
+
+ in: header
type: string
x-total-count:
- description: "The total number of clients.\n\nin: header"
+ description: |-
+ The total number of clients.
+
+ in: header
type: string
type: object
tokenPaginationRequestParameters:
- description: "The `Link` HTTP header contains multiple links (`first`, `next`,\
- \ `last`, `previous`) formatted as:\n`;\
- \ rel=\"{page}\"`\n\nFor details on pagination please head over to the [pagination\
- \ documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ description: |-
+ The `Link` HTTP header contains multiple links (`first`, `next`, `last`, `previous`) formatted as:
+ `; rel="{page}"`
+
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
properties:
page_size:
default: 250
- description: "Items per Page\n\nThis is the number of items per page to\
- \ return.\nFor details on pagination please head over to the [pagination\
- \ documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ description: |-
+ Items per Page
+
+ This is the number of items per page to return.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
format: int64
maximum: 500
minimum: 1
type: integer
page_token:
default: "1"
- description: "Next Page Token\n\nThe next page token.\nFor details on pagination\
- \ please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ description: |-
+ Next Page Token
+
+ The next page token.
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
minimum: 1
type: string
title: Pagination Request Parameters
type: object
tokenPaginationResponseHeaders:
- description: "The `Link` HTTP header contains multiple links (`first`, `next`,\
- \ `last`, `previous`) formatted as:\n`;\
- \ rel=\"{page}\"`\n\nFor details on pagination please head over to the [pagination\
- \ documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination)."
+ description: |-
+ The `Link` HTTP header contains multiple links (`first`, `next`, `last`, `previous`) formatted as:
+ `; rel="{page}"`
+
+ For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
properties:
link:
- description: "The Link HTTP Header\n\nThe `Link` header contains a comma-delimited\
- \ list of links to the following pages:\n\nfirst: The first page of results.\n\
- next: The next page of results.\nprev: The previous page of results.\n\
- last: The last page of results.\n\nPages are omitted if they do not exist.\
- \ For example, if there is no next page, the `next` link is omitted. Examples:\n\
- \n; rel=\"first\",;\
- \ rel=\"next\",; rel=\"prev\",;\
- \ rel=\"last\""
+ description: |-
+ The Link HTTP Header
+
+ The `Link` header contains a comma-delimited list of links to the following pages:
+
+ first: The first page of results.
+ next: The next page of results.
+ prev: The previous page of results.
+ last: The last page of results.
+
+ Pages are omitted if they do not exist. For example, if there is no next page, the `next` link is omitted. Examples:
+
+ ; rel="first",; rel="next",; rel="prev",; rel="last"
type: string
x-total-count:
description: |-
@@ -4348,6 +4707,39 @@ components:
type: string
title: VerifiableCredentialResponse contains the verifiable credential.
type: object
+ verifyUserCodeRequest:
+ properties:
+ challenge:
+ description: |-
+ ID is the identifier ("device challenge") of the device request. It is used to
+ identify the session.
+ type: string
+ client:
+ $ref: '#/components/schemas/oAuth2Client'
+ device_code_request_id:
+ type: string
+ handled_at:
+ format: date-time
+ title: NullTime implements sql.NullTime functionality.
+ type: string
+ request_url:
+ description: RequestURL is the original Device Authorization URL requested.
+ type: string
+ requested_access_token_audience:
+ items:
+ type: string
+ title: "StringSliceJSONFormat represents []string{} which is encoded to/from\
+ \ JSON for SQL storage."
+ type: array
+ requested_scope:
+ items:
+ type: string
+ title: "StringSliceJSONFormat represents []string{} which is encoded to/from\
+ \ JSON for SQL storage."
+ type: array
+ title: HandledDeviceUserAuthRequest is the request payload used to accept a
+ device user_code.
+ type: object
version:
properties:
version:
@@ -4357,16 +4749,17 @@ components:
introspectOAuth2Token_request:
properties:
scope:
- description: "An optional, space separated list of required scopes. If the\
- \ access token was not granted one of the\nscopes, the result of active\
- \ will be false."
+ description: |-
+ An optional, space separated list of required scopes. If the access token was not granted one of the
+ scopes, the result of active will be false.
type: string
x-formData-name: scope
token:
- description: "The string value of the token. For access tokens, this\nis\
- \ the \"access_token\" value returned from the token endpoint\ndefined\
- \ in OAuth 2.0. For refresh tokens, this is the \"refresh_token\"\nvalue\
- \ returned."
+ description: |-
+ The string value of the token. For access tokens, this
+ is the "access_token" value returned from the token endpoint
+ defined in OAuth 2.0. For refresh tokens, this is the "refresh_token"
+ value returned.
required:
- token
type: string
diff --git a/internal/httpclient/api_jwk.go b/internal/httpclient/api_jwk.go
index eac14c93c1f..76c32a6e4d6 100644
--- a/internal/httpclient/api_jwk.go
+++ b/internal/httpclient/api_jwk.go
@@ -14,18 +14,18 @@ package openapi
import (
"bytes"
"context"
- "io/ioutil"
+ "io"
"net/http"
"net/url"
"strings"
)
-// JwkApiService JwkApi service
-type JwkApiService service
+// JwkAPIService JwkAPI service
+type JwkAPIService service
type ApiCreateJsonWebKeySetRequest struct {
ctx context.Context
- ApiService *JwkApiService
+ ApiService *JwkAPIService
set string
createJsonWebKeySet *CreateJsonWebKeySet
}
@@ -50,7 +50,7 @@ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that
@param set The JSON Web Key Set ID
@return ApiCreateJsonWebKeySetRequest
*/
-func (a *JwkApiService) CreateJsonWebKeySet(ctx context.Context, set string) ApiCreateJsonWebKeySetRequest {
+func (a *JwkAPIService) CreateJsonWebKeySet(ctx context.Context, set string) ApiCreateJsonWebKeySetRequest {
return ApiCreateJsonWebKeySetRequest{
ApiService: a,
ctx: ctx,
@@ -61,7 +61,7 @@ func (a *JwkApiService) CreateJsonWebKeySet(ctx context.Context, set string) Api
// Execute executes the request
//
// @return JsonWebKeySet
-func (a *JwkApiService) CreateJsonWebKeySetExecute(r ApiCreateJsonWebKeySetRequest) (*JsonWebKeySet, *http.Response, error) {
+func (a *JwkAPIService) CreateJsonWebKeySetExecute(r ApiCreateJsonWebKeySetRequest) (*JsonWebKeySet, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
@@ -69,13 +69,13 @@ func (a *JwkApiService) CreateJsonWebKeySetExecute(r ApiCreateJsonWebKeySetReque
localVarReturnValue *JsonWebKeySet
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkApiService.CreateJsonWebKeySet")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkAPIService.CreateJsonWebKeySet")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/keys/{set}"
- localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterToString(r.set, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterValueToString(r.set, "set")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -113,9 +113,9 @@ func (a *JwkApiService) CreateJsonWebKeySetExecute(r ApiCreateJsonWebKeySetReque
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -131,6 +131,7 @@ func (a *JwkApiService) CreateJsonWebKeySetExecute(r ApiCreateJsonWebKeySetReque
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -149,7 +150,7 @@ func (a *JwkApiService) CreateJsonWebKeySetExecute(r ApiCreateJsonWebKeySetReque
type ApiDeleteJsonWebKeyRequest struct {
ctx context.Context
- ApiService *JwkApiService
+ ApiService *JwkAPIService
set string
kid string
}
@@ -173,7 +174,7 @@ and allows storing user-defined keys as well.
@param kid The JSON Web Key ID (kid)
@return ApiDeleteJsonWebKeyRequest
*/
-func (a *JwkApiService) DeleteJsonWebKey(ctx context.Context, set string, kid string) ApiDeleteJsonWebKeyRequest {
+func (a *JwkAPIService) DeleteJsonWebKey(ctx context.Context, set string, kid string) ApiDeleteJsonWebKeyRequest {
return ApiDeleteJsonWebKeyRequest{
ApiService: a,
ctx: ctx,
@@ -183,21 +184,21 @@ func (a *JwkApiService) DeleteJsonWebKey(ctx context.Context, set string, kid st
}
// Execute executes the request
-func (a *JwkApiService) DeleteJsonWebKeyExecute(r ApiDeleteJsonWebKeyRequest) (*http.Response, error) {
+func (a *JwkAPIService) DeleteJsonWebKeyExecute(r ApiDeleteJsonWebKeyRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodDelete
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkApiService.DeleteJsonWebKey")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkAPIService.DeleteJsonWebKey")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/keys/{set}/{kid}"
- localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterToString(r.set, "")), -1)
- localVarPath = strings.Replace(localVarPath, "{"+"kid"+"}", url.PathEscape(parameterToString(r.kid, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterValueToString(r.set, "set")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"kid"+"}", url.PathEscape(parameterValueToString(r.kid, "kid")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -230,9 +231,9 @@ func (a *JwkApiService) DeleteJsonWebKeyExecute(r ApiDeleteJsonWebKeyRequest) (*
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -248,6 +249,7 @@ func (a *JwkApiService) DeleteJsonWebKeyExecute(r ApiDeleteJsonWebKeyRequest) (*
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -257,7 +259,7 @@ func (a *JwkApiService) DeleteJsonWebKeyExecute(r ApiDeleteJsonWebKeyRequest) (*
type ApiDeleteJsonWebKeySetRequest struct {
ctx context.Context
- ApiService *JwkApiService
+ ApiService *JwkAPIService
set string
}
@@ -276,7 +278,7 @@ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that
@param set The JSON Web Key Set
@return ApiDeleteJsonWebKeySetRequest
*/
-func (a *JwkApiService) DeleteJsonWebKeySet(ctx context.Context, set string) ApiDeleteJsonWebKeySetRequest {
+func (a *JwkAPIService) DeleteJsonWebKeySet(ctx context.Context, set string) ApiDeleteJsonWebKeySetRequest {
return ApiDeleteJsonWebKeySetRequest{
ApiService: a,
ctx: ctx,
@@ -285,20 +287,20 @@ func (a *JwkApiService) DeleteJsonWebKeySet(ctx context.Context, set string) Api
}
// Execute executes the request
-func (a *JwkApiService) DeleteJsonWebKeySetExecute(r ApiDeleteJsonWebKeySetRequest) (*http.Response, error) {
+func (a *JwkAPIService) DeleteJsonWebKeySetExecute(r ApiDeleteJsonWebKeySetRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodDelete
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkApiService.DeleteJsonWebKeySet")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkAPIService.DeleteJsonWebKeySet")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/keys/{set}"
- localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterToString(r.set, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterValueToString(r.set, "set")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -331,9 +333,9 @@ func (a *JwkApiService) DeleteJsonWebKeySetExecute(r ApiDeleteJsonWebKeySetReque
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -349,6 +351,7 @@ func (a *JwkApiService) DeleteJsonWebKeySetExecute(r ApiDeleteJsonWebKeySetReque
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -358,7 +361,7 @@ func (a *JwkApiService) DeleteJsonWebKeySetExecute(r ApiDeleteJsonWebKeySetReque
type ApiGetJsonWebKeyRequest struct {
ctx context.Context
- ApiService *JwkApiService
+ ApiService *JwkAPIService
set string
kid string
}
@@ -377,7 +380,7 @@ This endpoint returns a singular JSON Web Key contained in a set. It is identifi
@param kid JSON Web Key ID
@return ApiGetJsonWebKeyRequest
*/
-func (a *JwkApiService) GetJsonWebKey(ctx context.Context, set string, kid string) ApiGetJsonWebKeyRequest {
+func (a *JwkAPIService) GetJsonWebKey(ctx context.Context, set string, kid string) ApiGetJsonWebKeyRequest {
return ApiGetJsonWebKeyRequest{
ApiService: a,
ctx: ctx,
@@ -389,7 +392,7 @@ func (a *JwkApiService) GetJsonWebKey(ctx context.Context, set string, kid strin
// Execute executes the request
//
// @return JsonWebKeySet
-func (a *JwkApiService) GetJsonWebKeyExecute(r ApiGetJsonWebKeyRequest) (*JsonWebKeySet, *http.Response, error) {
+func (a *JwkAPIService) GetJsonWebKeyExecute(r ApiGetJsonWebKeyRequest) (*JsonWebKeySet, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -397,14 +400,14 @@ func (a *JwkApiService) GetJsonWebKeyExecute(r ApiGetJsonWebKeyRequest) (*JsonWe
localVarReturnValue *JsonWebKeySet
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkApiService.GetJsonWebKey")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkAPIService.GetJsonWebKey")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/keys/{set}/{kid}"
- localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterToString(r.set, "")), -1)
- localVarPath = strings.Replace(localVarPath, "{"+"kid"+"}", url.PathEscape(parameterToString(r.kid, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterValueToString(r.set, "set")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"kid"+"}", url.PathEscape(parameterValueToString(r.kid, "kid")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -437,9 +440,9 @@ func (a *JwkApiService) GetJsonWebKeyExecute(r ApiGetJsonWebKeyRequest) (*JsonWe
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -455,6 +458,7 @@ func (a *JwkApiService) GetJsonWebKeyExecute(r ApiGetJsonWebKeyRequest) (*JsonWe
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -473,7 +477,7 @@ func (a *JwkApiService) GetJsonWebKeyExecute(r ApiGetJsonWebKeyRequest) (*JsonWe
type ApiGetJsonWebKeySetRequest struct {
ctx context.Context
- ApiService *JwkApiService
+ ApiService *JwkAPIService
set string
}
@@ -492,7 +496,7 @@ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that
@param set JSON Web Key Set ID
@return ApiGetJsonWebKeySetRequest
*/
-func (a *JwkApiService) GetJsonWebKeySet(ctx context.Context, set string) ApiGetJsonWebKeySetRequest {
+func (a *JwkAPIService) GetJsonWebKeySet(ctx context.Context, set string) ApiGetJsonWebKeySetRequest {
return ApiGetJsonWebKeySetRequest{
ApiService: a,
ctx: ctx,
@@ -503,7 +507,7 @@ func (a *JwkApiService) GetJsonWebKeySet(ctx context.Context, set string) ApiGet
// Execute executes the request
//
// @return JsonWebKeySet
-func (a *JwkApiService) GetJsonWebKeySetExecute(r ApiGetJsonWebKeySetRequest) (*JsonWebKeySet, *http.Response, error) {
+func (a *JwkAPIService) GetJsonWebKeySetExecute(r ApiGetJsonWebKeySetRequest) (*JsonWebKeySet, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -511,13 +515,13 @@ func (a *JwkApiService) GetJsonWebKeySetExecute(r ApiGetJsonWebKeySetRequest) (*
localVarReturnValue *JsonWebKeySet
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkApiService.GetJsonWebKeySet")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkAPIService.GetJsonWebKeySet")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/keys/{set}"
- localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterToString(r.set, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterValueToString(r.set, "set")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -550,9 +554,9 @@ func (a *JwkApiService) GetJsonWebKeySetExecute(r ApiGetJsonWebKeySetRequest) (*
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -568,6 +572,7 @@ func (a *JwkApiService) GetJsonWebKeySetExecute(r ApiGetJsonWebKeySetRequest) (*
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -586,7 +591,7 @@ func (a *JwkApiService) GetJsonWebKeySetExecute(r ApiGetJsonWebKeySetRequest) (*
type ApiSetJsonWebKeyRequest struct {
ctx context.Context
- ApiService *JwkApiService
+ ApiService *JwkAPIService
set string
kid string
jsonWebKey *JsonWebKey
@@ -613,7 +618,7 @@ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that
@param kid JSON Web Key ID
@return ApiSetJsonWebKeyRequest
*/
-func (a *JwkApiService) SetJsonWebKey(ctx context.Context, set string, kid string) ApiSetJsonWebKeyRequest {
+func (a *JwkAPIService) SetJsonWebKey(ctx context.Context, set string, kid string) ApiSetJsonWebKeyRequest {
return ApiSetJsonWebKeyRequest{
ApiService: a,
ctx: ctx,
@@ -625,7 +630,7 @@ func (a *JwkApiService) SetJsonWebKey(ctx context.Context, set string, kid strin
// Execute executes the request
//
// @return JsonWebKey
-func (a *JwkApiService) SetJsonWebKeyExecute(r ApiSetJsonWebKeyRequest) (*JsonWebKey, *http.Response, error) {
+func (a *JwkAPIService) SetJsonWebKeyExecute(r ApiSetJsonWebKeyRequest) (*JsonWebKey, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -633,14 +638,14 @@ func (a *JwkApiService) SetJsonWebKeyExecute(r ApiSetJsonWebKeyRequest) (*JsonWe
localVarReturnValue *JsonWebKey
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkApiService.SetJsonWebKey")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkAPIService.SetJsonWebKey")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/keys/{set}/{kid}"
- localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterToString(r.set, "")), -1)
- localVarPath = strings.Replace(localVarPath, "{"+"kid"+"}", url.PathEscape(parameterToString(r.kid, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterValueToString(r.set, "set")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"kid"+"}", url.PathEscape(parameterValueToString(r.kid, "kid")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -675,9 +680,9 @@ func (a *JwkApiService) SetJsonWebKeyExecute(r ApiSetJsonWebKeyRequest) (*JsonWe
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -693,6 +698,7 @@ func (a *JwkApiService) SetJsonWebKeyExecute(r ApiSetJsonWebKeyRequest) (*JsonWe
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -711,7 +717,7 @@ func (a *JwkApiService) SetJsonWebKeyExecute(r ApiSetJsonWebKeyRequest) (*JsonWe
type ApiSetJsonWebKeySetRequest struct {
ctx context.Context
- ApiService *JwkApiService
+ ApiService *JwkAPIService
set string
jsonWebKeySet *JsonWebKeySet
}
@@ -736,7 +742,7 @@ A JSON Web Key (JWK) is a JavaScript Object Notation (JSON) data structure that
@param set The JSON Web Key Set ID
@return ApiSetJsonWebKeySetRequest
*/
-func (a *JwkApiService) SetJsonWebKeySet(ctx context.Context, set string) ApiSetJsonWebKeySetRequest {
+func (a *JwkAPIService) SetJsonWebKeySet(ctx context.Context, set string) ApiSetJsonWebKeySetRequest {
return ApiSetJsonWebKeySetRequest{
ApiService: a,
ctx: ctx,
@@ -747,7 +753,7 @@ func (a *JwkApiService) SetJsonWebKeySet(ctx context.Context, set string) ApiSet
// Execute executes the request
//
// @return JsonWebKeySet
-func (a *JwkApiService) SetJsonWebKeySetExecute(r ApiSetJsonWebKeySetRequest) (*JsonWebKeySet, *http.Response, error) {
+func (a *JwkAPIService) SetJsonWebKeySetExecute(r ApiSetJsonWebKeySetRequest) (*JsonWebKeySet, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -755,13 +761,13 @@ func (a *JwkApiService) SetJsonWebKeySetExecute(r ApiSetJsonWebKeySetRequest) (*
localVarReturnValue *JsonWebKeySet
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkApiService.SetJsonWebKeySet")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "JwkAPIService.SetJsonWebKeySet")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/keys/{set}"
- localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterToString(r.set, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"set"+"}", url.PathEscape(parameterValueToString(r.set, "set")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -796,9 +802,9 @@ func (a *JwkApiService) SetJsonWebKeySetExecute(r ApiSetJsonWebKeySetRequest) (*
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -814,6 +820,7 @@ func (a *JwkApiService) SetJsonWebKeySetExecute(r ApiSetJsonWebKeySetRequest) (*
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
diff --git a/internal/httpclient/api_metadata.go b/internal/httpclient/api_metadata.go
index c57ea8ff5db..5f7d316b9fc 100644
--- a/internal/httpclient/api_metadata.go
+++ b/internal/httpclient/api_metadata.go
@@ -14,17 +14,17 @@ package openapi
import (
"bytes"
"context"
- "io/ioutil"
+ "io"
"net/http"
"net/url"
)
-// MetadataApiService MetadataApi service
-type MetadataApiService service
+// MetadataAPIService MetadataAPI service
+type MetadataAPIService service
type ApiGetVersionRequest struct {
ctx context.Context
- ApiService *MetadataApiService
+ ApiService *MetadataAPIService
}
func (r ApiGetVersionRequest) Execute() (*GetVersion200Response, *http.Response, error) {
@@ -45,7 +45,7 @@ refer to the cluster state, only to a single instance.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiGetVersionRequest
*/
-func (a *MetadataApiService) GetVersion(ctx context.Context) ApiGetVersionRequest {
+func (a *MetadataAPIService) GetVersion(ctx context.Context) ApiGetVersionRequest {
return ApiGetVersionRequest{
ApiService: a,
ctx: ctx,
@@ -55,7 +55,7 @@ func (a *MetadataApiService) GetVersion(ctx context.Context) ApiGetVersionReques
// Execute executes the request
//
// @return GetVersion200Response
-func (a *MetadataApiService) GetVersionExecute(r ApiGetVersionRequest) (*GetVersion200Response, *http.Response, error) {
+func (a *MetadataAPIService) GetVersionExecute(r ApiGetVersionRequest) (*GetVersion200Response, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -63,7 +63,7 @@ func (a *MetadataApiService) GetVersionExecute(r ApiGetVersionRequest) (*GetVers
localVarReturnValue *GetVersion200Response
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "MetadataApiService.GetVersion")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "MetadataAPIService.GetVersion")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -101,9 +101,9 @@ func (a *MetadataApiService) GetVersionExecute(r ApiGetVersionRequest) (*GetVers
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -130,7 +130,7 @@ func (a *MetadataApiService) GetVersionExecute(r ApiGetVersionRequest) (*GetVers
type ApiIsAliveRequest struct {
ctx context.Context
- ApiService *MetadataApiService
+ ApiService *MetadataAPIService
}
func (r ApiIsAliveRequest) Execute() (*HealthStatus, *http.Response, error) {
@@ -152,7 +152,7 @@ refer to the cluster state, only to a single instance.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiIsAliveRequest
*/
-func (a *MetadataApiService) IsAlive(ctx context.Context) ApiIsAliveRequest {
+func (a *MetadataAPIService) IsAlive(ctx context.Context) ApiIsAliveRequest {
return ApiIsAliveRequest{
ApiService: a,
ctx: ctx,
@@ -162,7 +162,7 @@ func (a *MetadataApiService) IsAlive(ctx context.Context) ApiIsAliveRequest {
// Execute executes the request
//
// @return HealthStatus
-func (a *MetadataApiService) IsAliveExecute(r ApiIsAliveRequest) (*HealthStatus, *http.Response, error) {
+func (a *MetadataAPIService) IsAliveExecute(r ApiIsAliveRequest) (*HealthStatus, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -170,7 +170,7 @@ func (a *MetadataApiService) IsAliveExecute(r ApiIsAliveRequest) (*HealthStatus,
localVarReturnValue *HealthStatus
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "MetadataApiService.IsAlive")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "MetadataAPIService.IsAlive")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -208,9 +208,9 @@ func (a *MetadataApiService) IsAliveExecute(r ApiIsAliveRequest) (*HealthStatus,
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -227,6 +227,7 @@ func (a *MetadataApiService) IsAliveExecute(r ApiIsAliveRequest) (*HealthStatus,
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
}
return localVarReturnValue, localVarHTTPResponse, newErr
@@ -246,7 +247,7 @@ func (a *MetadataApiService) IsAliveExecute(r ApiIsAliveRequest) (*HealthStatus,
type ApiIsReadyRequest struct {
ctx context.Context
- ApiService *MetadataApiService
+ ApiService *MetadataAPIService
}
func (r ApiIsReadyRequest) Execute() (*IsReady200Response, *http.Response, error) {
@@ -268,7 +269,7 @@ refer to the cluster state, only to a single instance.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiIsReadyRequest
*/
-func (a *MetadataApiService) IsReady(ctx context.Context) ApiIsReadyRequest {
+func (a *MetadataAPIService) IsReady(ctx context.Context) ApiIsReadyRequest {
return ApiIsReadyRequest{
ApiService: a,
ctx: ctx,
@@ -278,7 +279,7 @@ func (a *MetadataApiService) IsReady(ctx context.Context) ApiIsReadyRequest {
// Execute executes the request
//
// @return IsReady200Response
-func (a *MetadataApiService) IsReadyExecute(r ApiIsReadyRequest) (*IsReady200Response, *http.Response, error) {
+func (a *MetadataAPIService) IsReadyExecute(r ApiIsReadyRequest) (*IsReady200Response, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -286,7 +287,7 @@ func (a *MetadataApiService) IsReadyExecute(r ApiIsReadyRequest) (*IsReady200Res
localVarReturnValue *IsReady200Response
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "MetadataApiService.IsReady")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "MetadataAPIService.IsReady")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -324,9 +325,9 @@ func (a *MetadataApiService) IsReadyExecute(r ApiIsReadyRequest) (*IsReady200Res
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -343,6 +344,7 @@ func (a *MetadataApiService) IsReadyExecute(r ApiIsReadyRequest) (*IsReady200Res
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
}
return localVarReturnValue, localVarHTTPResponse, newErr
diff --git a/internal/httpclient/api_o_auth2.go b/internal/httpclient/api_o_auth2.go
index f1b8f0348ae..59e687f0e2b 100644
--- a/internal/httpclient/api_o_auth2.go
+++ b/internal/httpclient/api_o_auth2.go
@@ -14,18 +14,18 @@ package openapi
import (
"bytes"
"context"
- "io/ioutil"
+ "io"
"net/http"
"net/url"
"strings"
)
-// OAuth2ApiService OAuth2Api service
-type OAuth2ApiService service
+// OAuth2APIService OAuth2API service
+type OAuth2APIService service
type ApiAcceptOAuth2ConsentRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
consentChallenge *string
acceptOAuth2ConsentRequest *AcceptOAuth2ConsentRequest
}
@@ -68,7 +68,7 @@ head over to the OAuth 2.0 documentation.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiAcceptOAuth2ConsentRequestRequest
*/
-func (a *OAuth2ApiService) AcceptOAuth2ConsentRequest(ctx context.Context) ApiAcceptOAuth2ConsentRequestRequest {
+func (a *OAuth2APIService) AcceptOAuth2ConsentRequest(ctx context.Context) ApiAcceptOAuth2ConsentRequestRequest {
return ApiAcceptOAuth2ConsentRequestRequest{
ApiService: a,
ctx: ctx,
@@ -78,7 +78,7 @@ func (a *OAuth2ApiService) AcceptOAuth2ConsentRequest(ctx context.Context) ApiAc
// Execute executes the request
//
// @return OAuth2RedirectTo
-func (a *OAuth2ApiService) AcceptOAuth2ConsentRequestExecute(r ApiAcceptOAuth2ConsentRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
+func (a *OAuth2APIService) AcceptOAuth2ConsentRequestExecute(r ApiAcceptOAuth2ConsentRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -86,7 +86,7 @@ func (a *OAuth2ApiService) AcceptOAuth2ConsentRequestExecute(r ApiAcceptOAuth2Co
localVarReturnValue *OAuth2RedirectTo
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.AcceptOAuth2ConsentRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.AcceptOAuth2ConsentRequest")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -100,7 +100,7 @@ func (a *OAuth2ApiService) AcceptOAuth2ConsentRequestExecute(r ApiAcceptOAuth2Co
return localVarReturnValue, nil, reportError("consentChallenge is required and must be specified")
}
- localVarQueryParams.Add("consent_challenge", parameterToString(*r.consentChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "consent_challenge", r.consentChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{"application/json"}
@@ -130,9 +130,9 @@ func (a *OAuth2ApiService) AcceptOAuth2ConsentRequestExecute(r ApiAcceptOAuth2Co
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -148,6 +148,7 @@ func (a *OAuth2ApiService) AcceptOAuth2ConsentRequestExecute(r ApiAcceptOAuth2Co
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -166,7 +167,7 @@ func (a *OAuth2ApiService) AcceptOAuth2ConsentRequestExecute(r ApiAcceptOAuth2Co
type ApiAcceptOAuth2LoginRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
loginChallenge *string
acceptOAuth2LoginRequest *AcceptOAuth2LoginRequest
}
@@ -204,7 +205,7 @@ The response contains a redirect URL which the login provider should redirect th
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiAcceptOAuth2LoginRequestRequest
*/
-func (a *OAuth2ApiService) AcceptOAuth2LoginRequest(ctx context.Context) ApiAcceptOAuth2LoginRequestRequest {
+func (a *OAuth2APIService) AcceptOAuth2LoginRequest(ctx context.Context) ApiAcceptOAuth2LoginRequestRequest {
return ApiAcceptOAuth2LoginRequestRequest{
ApiService: a,
ctx: ctx,
@@ -214,7 +215,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LoginRequest(ctx context.Context) ApiAcce
// Execute executes the request
//
// @return OAuth2RedirectTo
-func (a *OAuth2ApiService) AcceptOAuth2LoginRequestExecute(r ApiAcceptOAuth2LoginRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
+func (a *OAuth2APIService) AcceptOAuth2LoginRequestExecute(r ApiAcceptOAuth2LoginRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -222,7 +223,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LoginRequestExecute(r ApiAcceptOAuth2Logi
localVarReturnValue *OAuth2RedirectTo
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.AcceptOAuth2LoginRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.AcceptOAuth2LoginRequest")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -236,7 +237,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LoginRequestExecute(r ApiAcceptOAuth2Logi
return localVarReturnValue, nil, reportError("loginChallenge is required and must be specified")
}
- localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "login_challenge", r.loginChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{"application/json"}
@@ -266,9 +267,9 @@ func (a *OAuth2ApiService) AcceptOAuth2LoginRequestExecute(r ApiAcceptOAuth2Logi
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -284,6 +285,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LoginRequestExecute(r ApiAcceptOAuth2Logi
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -302,7 +304,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LoginRequestExecute(r ApiAcceptOAuth2Logi
type ApiAcceptOAuth2LogoutRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
logoutChallenge *string
}
@@ -326,7 +328,7 @@ The response contains a redirect URL which the consent provider should redirect
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiAcceptOAuth2LogoutRequestRequest
*/
-func (a *OAuth2ApiService) AcceptOAuth2LogoutRequest(ctx context.Context) ApiAcceptOAuth2LogoutRequestRequest {
+func (a *OAuth2APIService) AcceptOAuth2LogoutRequest(ctx context.Context) ApiAcceptOAuth2LogoutRequestRequest {
return ApiAcceptOAuth2LogoutRequestRequest{
ApiService: a,
ctx: ctx,
@@ -336,7 +338,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LogoutRequest(ctx context.Context) ApiAcc
// Execute executes the request
//
// @return OAuth2RedirectTo
-func (a *OAuth2ApiService) AcceptOAuth2LogoutRequestExecute(r ApiAcceptOAuth2LogoutRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
+func (a *OAuth2APIService) AcceptOAuth2LogoutRequestExecute(r ApiAcceptOAuth2LogoutRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -344,7 +346,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LogoutRequestExecute(r ApiAcceptOAuth2Log
localVarReturnValue *OAuth2RedirectTo
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.AcceptOAuth2LogoutRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.AcceptOAuth2LogoutRequest")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -358,7 +360,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LogoutRequestExecute(r ApiAcceptOAuth2Log
return localVarReturnValue, nil, reportError("logoutChallenge is required and must be specified")
}
- localVarQueryParams.Add("logout_challenge", parameterToString(*r.logoutChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "logout_challenge", r.logoutChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -386,9 +388,9 @@ func (a *OAuth2ApiService) AcceptOAuth2LogoutRequestExecute(r ApiAcceptOAuth2Log
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -404,6 +406,133 @@ func (a *OAuth2ApiService) AcceptOAuth2LogoutRequestExecute(r ApiAcceptOAuth2Log
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+ newErr.model = v
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+
+ err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr := &GenericOpenAPIError{
+ body: localVarBody,
+ error: err.Error(),
+ }
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+
+ return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiAcceptUserCodeRequestRequest struct {
+ ctx context.Context
+ ApiService *OAuth2APIService
+ deviceChallenge *string
+ acceptDeviceUserCodeRequest *AcceptDeviceUserCodeRequest
+}
+
+func (r ApiAcceptUserCodeRequestRequest) DeviceChallenge(deviceChallenge string) ApiAcceptUserCodeRequestRequest {
+ r.deviceChallenge = &deviceChallenge
+ return r
+}
+
+func (r ApiAcceptUserCodeRequestRequest) AcceptDeviceUserCodeRequest(acceptDeviceUserCodeRequest AcceptDeviceUserCodeRequest) ApiAcceptUserCodeRequestRequest {
+ r.acceptDeviceUserCodeRequest = &acceptDeviceUserCodeRequest
+ return r
+}
+
+func (r ApiAcceptUserCodeRequestRequest) Execute() (*OAuth2RedirectTo, *http.Response, error) {
+ return r.ApiService.AcceptUserCodeRequestExecute(r)
+}
+
+/*
+AcceptUserCodeRequest Accepts a device grant user_code request
+
+Accepts a device grant user_code request
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @return ApiAcceptUserCodeRequestRequest
+*/
+func (a *OAuth2APIService) AcceptUserCodeRequest(ctx context.Context) ApiAcceptUserCodeRequestRequest {
+ return ApiAcceptUserCodeRequestRequest{
+ ApiService: a,
+ ctx: ctx,
+ }
+}
+
+// Execute executes the request
+//
+// @return OAuth2RedirectTo
+func (a *OAuth2APIService) AcceptUserCodeRequestExecute(r ApiAcceptUserCodeRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
+ var (
+ localVarHTTPMethod = http.MethodPut
+ localVarPostBody interface{}
+ formFiles []formFile
+ localVarReturnValue *OAuth2RedirectTo
+ )
+
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.AcceptUserCodeRequest")
+ if err != nil {
+ return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+ }
+
+ localVarPath := localBasePath + "/admin/oauth2/auth/requests/device/accept"
+
+ localVarHeaderParams := make(map[string]string)
+ localVarQueryParams := url.Values{}
+ localVarFormParams := url.Values{}
+ if r.deviceChallenge == nil {
+ return localVarReturnValue, nil, reportError("deviceChallenge is required and must be specified")
+ }
+
+ parameterAddToHeaderOrQuery(localVarQueryParams, "device_challenge", r.deviceChallenge, "")
+ // to determine the Content-Type header
+ localVarHTTPContentTypes := []string{"application/json"}
+
+ // set Content-Type header
+ localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+ if localVarHTTPContentType != "" {
+ localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+ }
+
+ // to determine the Accept header
+ localVarHTTPHeaderAccepts := []string{"application/json"}
+
+ // set Accept header
+ localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+ if localVarHTTPHeaderAccept != "" {
+ localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+ }
+ // body params
+ localVarPostBody = r.acceptDeviceUserCodeRequest
+ req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+ if err != nil {
+ return localVarReturnValue, nil, err
+ }
+
+ localVarHTTPResponse, err := a.client.callAPI(req)
+ if err != nil || localVarHTTPResponse == nil {
+ return localVarReturnValue, localVarHTTPResponse, err
+ }
+
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+ localVarHTTPResponse.Body.Close()
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+ if err != nil {
+ return localVarReturnValue, localVarHTTPResponse, err
+ }
+
+ if localVarHTTPResponse.StatusCode >= 300 {
+ newErr := &GenericOpenAPIError{
+ body: localVarBody,
+ error: localVarHTTPResponse.Status,
+ }
+ var v ErrorOAuth2
+ err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr.error = err.Error()
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -422,7 +551,7 @@ func (a *OAuth2ApiService) AcceptOAuth2LogoutRequestExecute(r ApiAcceptOAuth2Log
type ApiCreateOAuth2ClientRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
oAuth2Client *OAuth2Client
}
@@ -445,7 +574,7 @@ is generated. The secret is echoed in the response. It is not possible to retrie
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiCreateOAuth2ClientRequest
*/
-func (a *OAuth2ApiService) CreateOAuth2Client(ctx context.Context) ApiCreateOAuth2ClientRequest {
+func (a *OAuth2APIService) CreateOAuth2Client(ctx context.Context) ApiCreateOAuth2ClientRequest {
return ApiCreateOAuth2ClientRequest{
ApiService: a,
ctx: ctx,
@@ -455,7 +584,7 @@ func (a *OAuth2ApiService) CreateOAuth2Client(ctx context.Context) ApiCreateOAut
// Execute executes the request
//
// @return OAuth2Client
-func (a *OAuth2ApiService) CreateOAuth2ClientExecute(r ApiCreateOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
+func (a *OAuth2APIService) CreateOAuth2ClientExecute(r ApiCreateOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
@@ -463,7 +592,7 @@ func (a *OAuth2ApiService) CreateOAuth2ClientExecute(r ApiCreateOAuth2ClientRequ
localVarReturnValue *OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.CreateOAuth2Client")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.CreateOAuth2Client")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -506,9 +635,9 @@ func (a *OAuth2ApiService) CreateOAuth2ClientExecute(r ApiCreateOAuth2ClientRequ
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -525,6 +654,7 @@ func (a *OAuth2ApiService) CreateOAuth2ClientExecute(r ApiCreateOAuth2ClientRequ
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -534,6 +664,7 @@ func (a *OAuth2ApiService) CreateOAuth2ClientExecute(r ApiCreateOAuth2ClientRequ
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -552,7 +683,7 @@ func (a *OAuth2ApiService) CreateOAuth2ClientExecute(r ApiCreateOAuth2ClientRequ
type ApiDeleteOAuth2ClientRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
id string
}
@@ -574,7 +705,7 @@ Make sure that this endpoint is well protected and only callable by first-party
@param id The id of the OAuth 2.0 Client.
@return ApiDeleteOAuth2ClientRequest
*/
-func (a *OAuth2ApiService) DeleteOAuth2Client(ctx context.Context, id string) ApiDeleteOAuth2ClientRequest {
+func (a *OAuth2APIService) DeleteOAuth2Client(ctx context.Context, id string) ApiDeleteOAuth2ClientRequest {
return ApiDeleteOAuth2ClientRequest{
ApiService: a,
ctx: ctx,
@@ -583,20 +714,20 @@ func (a *OAuth2ApiService) DeleteOAuth2Client(ctx context.Context, id string) Ap
}
// Execute executes the request
-func (a *OAuth2ApiService) DeleteOAuth2ClientExecute(r ApiDeleteOAuth2ClientRequest) (*http.Response, error) {
+func (a *OAuth2APIService) DeleteOAuth2ClientExecute(r ApiDeleteOAuth2ClientRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodDelete
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.DeleteOAuth2Client")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.DeleteOAuth2Client")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/clients/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -629,9 +760,9 @@ func (a *OAuth2ApiService) DeleteOAuth2ClientExecute(r ApiDeleteOAuth2ClientRequ
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -647,6 +778,7 @@ func (a *OAuth2ApiService) DeleteOAuth2ClientExecute(r ApiDeleteOAuth2ClientRequ
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -656,7 +788,7 @@ func (a *OAuth2ApiService) DeleteOAuth2ClientExecute(r ApiDeleteOAuth2ClientRequ
type ApiDeleteOAuth2TokenRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
clientId *string
}
@@ -678,7 +810,7 @@ This endpoint deletes OAuth2 access tokens issued to an OAuth 2.0 Client from th
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiDeleteOAuth2TokenRequest
*/
-func (a *OAuth2ApiService) DeleteOAuth2Token(ctx context.Context) ApiDeleteOAuth2TokenRequest {
+func (a *OAuth2APIService) DeleteOAuth2Token(ctx context.Context) ApiDeleteOAuth2TokenRequest {
return ApiDeleteOAuth2TokenRequest{
ApiService: a,
ctx: ctx,
@@ -686,14 +818,14 @@ func (a *OAuth2ApiService) DeleteOAuth2Token(ctx context.Context) ApiDeleteOAuth
}
// Execute executes the request
-func (a *OAuth2ApiService) DeleteOAuth2TokenExecute(r ApiDeleteOAuth2TokenRequest) (*http.Response, error) {
+func (a *OAuth2APIService) DeleteOAuth2TokenExecute(r ApiDeleteOAuth2TokenRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodDelete
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.DeleteOAuth2Token")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.DeleteOAuth2Token")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -707,7 +839,7 @@ func (a *OAuth2ApiService) DeleteOAuth2TokenExecute(r ApiDeleteOAuth2TokenReques
return nil, reportError("clientId is required and must be specified")
}
- localVarQueryParams.Add("client_id", parameterToString(*r.clientId, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "client_id", r.clientId, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -735,9 +867,9 @@ func (a *OAuth2ApiService) DeleteOAuth2TokenExecute(r ApiDeleteOAuth2TokenReques
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -753,6 +885,7 @@ func (a *OAuth2ApiService) DeleteOAuth2TokenExecute(r ApiDeleteOAuth2TokenReques
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -762,7 +895,7 @@ func (a *OAuth2ApiService) DeleteOAuth2TokenExecute(r ApiDeleteOAuth2TokenReques
type ApiDeleteTrustedOAuth2JwtGrantIssuerRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
id string
}
@@ -783,7 +916,7 @@ for OAuth 2.0 Client Authentication and Authorization Grant.
@param id The id of the desired grant
@return ApiDeleteTrustedOAuth2JwtGrantIssuerRequest
*/
-func (a *OAuth2ApiService) DeleteTrustedOAuth2JwtGrantIssuer(ctx context.Context, id string) ApiDeleteTrustedOAuth2JwtGrantIssuerRequest {
+func (a *OAuth2APIService) DeleteTrustedOAuth2JwtGrantIssuer(ctx context.Context, id string) ApiDeleteTrustedOAuth2JwtGrantIssuerRequest {
return ApiDeleteTrustedOAuth2JwtGrantIssuerRequest{
ApiService: a,
ctx: ctx,
@@ -792,20 +925,20 @@ func (a *OAuth2ApiService) DeleteTrustedOAuth2JwtGrantIssuer(ctx context.Context
}
// Execute executes the request
-func (a *OAuth2ApiService) DeleteTrustedOAuth2JwtGrantIssuerExecute(r ApiDeleteTrustedOAuth2JwtGrantIssuerRequest) (*http.Response, error) {
+func (a *OAuth2APIService) DeleteTrustedOAuth2JwtGrantIssuerExecute(r ApiDeleteTrustedOAuth2JwtGrantIssuerRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodDelete
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.DeleteTrustedOAuth2JwtGrantIssuer")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.DeleteTrustedOAuth2JwtGrantIssuer")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/trust/grants/jwt-bearer/issuers/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -838,9 +971,9 @@ func (a *OAuth2ApiService) DeleteTrustedOAuth2JwtGrantIssuerExecute(r ApiDeleteT
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -856,6 +989,7 @@ func (a *OAuth2ApiService) DeleteTrustedOAuth2JwtGrantIssuerExecute(r ApiDeleteT
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -865,7 +999,7 @@ func (a *OAuth2ApiService) DeleteTrustedOAuth2JwtGrantIssuerExecute(r ApiDeleteT
type ApiGetOAuth2ClientRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
id string
}
@@ -885,7 +1019,7 @@ generated for applications which want to consume your OAuth 2.0 or OpenID Connec
@param id The id of the OAuth 2.0 Client.
@return ApiGetOAuth2ClientRequest
*/
-func (a *OAuth2ApiService) GetOAuth2Client(ctx context.Context, id string) ApiGetOAuth2ClientRequest {
+func (a *OAuth2APIService) GetOAuth2Client(ctx context.Context, id string) ApiGetOAuth2ClientRequest {
return ApiGetOAuth2ClientRequest{
ApiService: a,
ctx: ctx,
@@ -896,7 +1030,7 @@ func (a *OAuth2ApiService) GetOAuth2Client(ctx context.Context, id string) ApiGe
// Execute executes the request
//
// @return OAuth2Client
-func (a *OAuth2ApiService) GetOAuth2ClientExecute(r ApiGetOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
+func (a *OAuth2APIService) GetOAuth2ClientExecute(r ApiGetOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -904,13 +1038,13 @@ func (a *OAuth2ApiService) GetOAuth2ClientExecute(r ApiGetOAuth2ClientRequest) (
localVarReturnValue *OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.GetOAuth2Client")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.GetOAuth2Client")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/clients/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -943,9 +1077,9 @@ func (a *OAuth2ApiService) GetOAuth2ClientExecute(r ApiGetOAuth2ClientRequest) (
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -961,6 +1095,7 @@ func (a *OAuth2ApiService) GetOAuth2ClientExecute(r ApiGetOAuth2ClientRequest) (
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -979,7 +1114,7 @@ func (a *OAuth2ApiService) GetOAuth2ClientExecute(r ApiGetOAuth2ClientRequest) (
type ApiGetOAuth2ConsentRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
consentChallenge *string
}
@@ -1010,7 +1145,7 @@ head over to the OAuth 2.0 documentation.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiGetOAuth2ConsentRequestRequest
*/
-func (a *OAuth2ApiService) GetOAuth2ConsentRequest(ctx context.Context) ApiGetOAuth2ConsentRequestRequest {
+func (a *OAuth2APIService) GetOAuth2ConsentRequest(ctx context.Context) ApiGetOAuth2ConsentRequestRequest {
return ApiGetOAuth2ConsentRequestRequest{
ApiService: a,
ctx: ctx,
@@ -1020,7 +1155,7 @@ func (a *OAuth2ApiService) GetOAuth2ConsentRequest(ctx context.Context) ApiGetOA
// Execute executes the request
//
// @return OAuth2ConsentRequest
-func (a *OAuth2ApiService) GetOAuth2ConsentRequestExecute(r ApiGetOAuth2ConsentRequestRequest) (*OAuth2ConsentRequest, *http.Response, error) {
+func (a *OAuth2APIService) GetOAuth2ConsentRequestExecute(r ApiGetOAuth2ConsentRequestRequest) (*OAuth2ConsentRequest, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -1028,7 +1163,7 @@ func (a *OAuth2ApiService) GetOAuth2ConsentRequestExecute(r ApiGetOAuth2ConsentR
localVarReturnValue *OAuth2ConsentRequest
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.GetOAuth2ConsentRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.GetOAuth2ConsentRequest")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -1042,7 +1177,7 @@ func (a *OAuth2ApiService) GetOAuth2ConsentRequestExecute(r ApiGetOAuth2ConsentR
return localVarReturnValue, nil, reportError("consentChallenge is required and must be specified")
}
- localVarQueryParams.Add("consent_challenge", parameterToString(*r.consentChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "consent_challenge", r.consentChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -1070,9 +1205,9 @@ func (a *OAuth2ApiService) GetOAuth2ConsentRequestExecute(r ApiGetOAuth2ConsentR
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -1089,6 +1224,7 @@ func (a *OAuth2ApiService) GetOAuth2ConsentRequestExecute(r ApiGetOAuth2ConsentR
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1098,6 +1234,7 @@ func (a *OAuth2ApiService) GetOAuth2ConsentRequestExecute(r ApiGetOAuth2ConsentR
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1116,7 +1253,7 @@ func (a *OAuth2ApiService) GetOAuth2ConsentRequestExecute(r ApiGetOAuth2ConsentR
type ApiGetOAuth2LoginRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
loginChallenge *string
}
@@ -1146,7 +1283,7 @@ provider uses that challenge to fetch information on the OAuth2 request and then
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiGetOAuth2LoginRequestRequest
*/
-func (a *OAuth2ApiService) GetOAuth2LoginRequest(ctx context.Context) ApiGetOAuth2LoginRequestRequest {
+func (a *OAuth2APIService) GetOAuth2LoginRequest(ctx context.Context) ApiGetOAuth2LoginRequestRequest {
return ApiGetOAuth2LoginRequestRequest{
ApiService: a,
ctx: ctx,
@@ -1156,7 +1293,7 @@ func (a *OAuth2ApiService) GetOAuth2LoginRequest(ctx context.Context) ApiGetOAut
// Execute executes the request
//
// @return OAuth2LoginRequest
-func (a *OAuth2ApiService) GetOAuth2LoginRequestExecute(r ApiGetOAuth2LoginRequestRequest) (*OAuth2LoginRequest, *http.Response, error) {
+func (a *OAuth2APIService) GetOAuth2LoginRequestExecute(r ApiGetOAuth2LoginRequestRequest) (*OAuth2LoginRequest, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -1164,7 +1301,7 @@ func (a *OAuth2ApiService) GetOAuth2LoginRequestExecute(r ApiGetOAuth2LoginReque
localVarReturnValue *OAuth2LoginRequest
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.GetOAuth2LoginRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.GetOAuth2LoginRequest")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -1178,7 +1315,7 @@ func (a *OAuth2ApiService) GetOAuth2LoginRequestExecute(r ApiGetOAuth2LoginReque
return localVarReturnValue, nil, reportError("loginChallenge is required and must be specified")
}
- localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "login_challenge", r.loginChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -1206,9 +1343,9 @@ func (a *OAuth2ApiService) GetOAuth2LoginRequestExecute(r ApiGetOAuth2LoginReque
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -1225,6 +1362,7 @@ func (a *OAuth2ApiService) GetOAuth2LoginRequestExecute(r ApiGetOAuth2LoginReque
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1234,6 +1372,7 @@ func (a *OAuth2ApiService) GetOAuth2LoginRequestExecute(r ApiGetOAuth2LoginReque
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1252,7 +1391,7 @@ func (a *OAuth2ApiService) GetOAuth2LoginRequestExecute(r ApiGetOAuth2LoginReque
type ApiGetOAuth2LogoutRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
logoutChallenge *string
}
@@ -1273,7 +1412,7 @@ Use this endpoint to fetch an Ory OAuth 2.0 logout request.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiGetOAuth2LogoutRequestRequest
*/
-func (a *OAuth2ApiService) GetOAuth2LogoutRequest(ctx context.Context) ApiGetOAuth2LogoutRequestRequest {
+func (a *OAuth2APIService) GetOAuth2LogoutRequest(ctx context.Context) ApiGetOAuth2LogoutRequestRequest {
return ApiGetOAuth2LogoutRequestRequest{
ApiService: a,
ctx: ctx,
@@ -1283,7 +1422,7 @@ func (a *OAuth2ApiService) GetOAuth2LogoutRequest(ctx context.Context) ApiGetOAu
// Execute executes the request
//
// @return OAuth2LogoutRequest
-func (a *OAuth2ApiService) GetOAuth2LogoutRequestExecute(r ApiGetOAuth2LogoutRequestRequest) (*OAuth2LogoutRequest, *http.Response, error) {
+func (a *OAuth2APIService) GetOAuth2LogoutRequestExecute(r ApiGetOAuth2LogoutRequestRequest) (*OAuth2LogoutRequest, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -1291,7 +1430,7 @@ func (a *OAuth2ApiService) GetOAuth2LogoutRequestExecute(r ApiGetOAuth2LogoutReq
localVarReturnValue *OAuth2LogoutRequest
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.GetOAuth2LogoutRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.GetOAuth2LogoutRequest")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -1305,7 +1444,7 @@ func (a *OAuth2ApiService) GetOAuth2LogoutRequestExecute(r ApiGetOAuth2LogoutReq
return localVarReturnValue, nil, reportError("logoutChallenge is required and must be specified")
}
- localVarQueryParams.Add("logout_challenge", parameterToString(*r.logoutChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "logout_challenge", r.logoutChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -1333,9 +1472,9 @@ func (a *OAuth2ApiService) GetOAuth2LogoutRequestExecute(r ApiGetOAuth2LogoutReq
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -1352,6 +1491,7 @@ func (a *OAuth2ApiService) GetOAuth2LogoutRequestExecute(r ApiGetOAuth2LogoutReq
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1361,6 +1501,7 @@ func (a *OAuth2ApiService) GetOAuth2LogoutRequestExecute(r ApiGetOAuth2LogoutReq
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1379,7 +1520,7 @@ func (a *OAuth2ApiService) GetOAuth2LogoutRequestExecute(r ApiGetOAuth2LogoutReq
type ApiGetTrustedOAuth2JwtGrantIssuerRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
id string
}
@@ -1397,7 +1538,7 @@ created the trust relationship.
@param id The id of the desired grant
@return ApiGetTrustedOAuth2JwtGrantIssuerRequest
*/
-func (a *OAuth2ApiService) GetTrustedOAuth2JwtGrantIssuer(ctx context.Context, id string) ApiGetTrustedOAuth2JwtGrantIssuerRequest {
+func (a *OAuth2APIService) GetTrustedOAuth2JwtGrantIssuer(ctx context.Context, id string) ApiGetTrustedOAuth2JwtGrantIssuerRequest {
return ApiGetTrustedOAuth2JwtGrantIssuerRequest{
ApiService: a,
ctx: ctx,
@@ -1408,7 +1549,7 @@ func (a *OAuth2ApiService) GetTrustedOAuth2JwtGrantIssuer(ctx context.Context, i
// Execute executes the request
//
// @return TrustedOAuth2JwtGrantIssuer
-func (a *OAuth2ApiService) GetTrustedOAuth2JwtGrantIssuerExecute(r ApiGetTrustedOAuth2JwtGrantIssuerRequest) (*TrustedOAuth2JwtGrantIssuer, *http.Response, error) {
+func (a *OAuth2APIService) GetTrustedOAuth2JwtGrantIssuerExecute(r ApiGetTrustedOAuth2JwtGrantIssuerRequest) (*TrustedOAuth2JwtGrantIssuer, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -1416,13 +1557,13 @@ func (a *OAuth2ApiService) GetTrustedOAuth2JwtGrantIssuerExecute(r ApiGetTrusted
localVarReturnValue *TrustedOAuth2JwtGrantIssuer
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.GetTrustedOAuth2JwtGrantIssuer")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.GetTrustedOAuth2JwtGrantIssuer")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/trust/grants/jwt-bearer/issuers/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -1455,9 +1596,9 @@ func (a *OAuth2ApiService) GetTrustedOAuth2JwtGrantIssuerExecute(r ApiGetTrusted
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -1473,6 +1614,7 @@ func (a *OAuth2ApiService) GetTrustedOAuth2JwtGrantIssuerExecute(r ApiGetTrusted
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1491,7 +1633,7 @@ func (a *OAuth2ApiService) GetTrustedOAuth2JwtGrantIssuerExecute(r ApiGetTrusted
type ApiIntrospectOAuth2TokenRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
token *string
scope *string
}
@@ -1522,7 +1664,7 @@ set additional data for a token by setting `session.access_token` during the con
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiIntrospectOAuth2TokenRequest
*/
-func (a *OAuth2ApiService) IntrospectOAuth2Token(ctx context.Context) ApiIntrospectOAuth2TokenRequest {
+func (a *OAuth2APIService) IntrospectOAuth2Token(ctx context.Context) ApiIntrospectOAuth2TokenRequest {
return ApiIntrospectOAuth2TokenRequest{
ApiService: a,
ctx: ctx,
@@ -1532,7 +1674,7 @@ func (a *OAuth2ApiService) IntrospectOAuth2Token(ctx context.Context) ApiIntrosp
// Execute executes the request
//
// @return IntrospectedOAuth2Token
-func (a *OAuth2ApiService) IntrospectOAuth2TokenExecute(r ApiIntrospectOAuth2TokenRequest) (*IntrospectedOAuth2Token, *http.Response, error) {
+func (a *OAuth2APIService) IntrospectOAuth2TokenExecute(r ApiIntrospectOAuth2TokenRequest) (*IntrospectedOAuth2Token, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
@@ -1540,7 +1682,7 @@ func (a *OAuth2ApiService) IntrospectOAuth2TokenExecute(r ApiIntrospectOAuth2Tok
localVarReturnValue *IntrospectedOAuth2Token
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.IntrospectOAuth2Token")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.IntrospectOAuth2Token")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -1572,9 +1714,9 @@ func (a *OAuth2ApiService) IntrospectOAuth2TokenExecute(r ApiIntrospectOAuth2Tok
localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
}
if r.scope != nil {
- localVarFormParams.Add("scope", parameterToString(*r.scope, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "scope", r.scope, "")
}
- localVarFormParams.Add("token", parameterToString(*r.token, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "token", r.token, "")
req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
if err != nil {
return localVarReturnValue, nil, err
@@ -1585,9 +1727,9 @@ func (a *OAuth2ApiService) IntrospectOAuth2TokenExecute(r ApiIntrospectOAuth2Tok
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -1603,6 +1745,7 @@ func (a *OAuth2ApiService) IntrospectOAuth2TokenExecute(r ApiIntrospectOAuth2Tok
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1621,7 +1764,7 @@ func (a *OAuth2ApiService) IntrospectOAuth2TokenExecute(r ApiIntrospectOAuth2Tok
type ApiListOAuth2ClientsRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
pageSize *int64
pageToken *string
clientName *string
@@ -1665,7 +1808,7 @@ As a default it lists the first 100 clients.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiListOAuth2ClientsRequest
*/
-func (a *OAuth2ApiService) ListOAuth2Clients(ctx context.Context) ApiListOAuth2ClientsRequest {
+func (a *OAuth2APIService) ListOAuth2Clients(ctx context.Context) ApiListOAuth2ClientsRequest {
return ApiListOAuth2ClientsRequest{
ApiService: a,
ctx: ctx,
@@ -1675,7 +1818,7 @@ func (a *OAuth2ApiService) ListOAuth2Clients(ctx context.Context) ApiListOAuth2C
// Execute executes the request
//
// @return []OAuth2Client
-func (a *OAuth2ApiService) ListOAuth2ClientsExecute(r ApiListOAuth2ClientsRequest) ([]OAuth2Client, *http.Response, error) {
+func (a *OAuth2APIService) ListOAuth2ClientsExecute(r ApiListOAuth2ClientsRequest) ([]OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -1683,7 +1826,7 @@ func (a *OAuth2ApiService) ListOAuth2ClientsExecute(r ApiListOAuth2ClientsReques
localVarReturnValue []OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.ListOAuth2Clients")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.ListOAuth2Clients")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -1695,16 +1838,22 @@ func (a *OAuth2ApiService) ListOAuth2ClientsExecute(r ApiListOAuth2ClientsReques
localVarFormParams := url.Values{}
if r.pageSize != nil {
- localVarQueryParams.Add("page_size", parameterToString(*r.pageSize, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "page_size", r.pageSize, "")
+ } else {
+ var defaultValue int64 = 250
+ r.pageSize = &defaultValue
}
if r.pageToken != nil {
- localVarQueryParams.Add("page_token", parameterToString(*r.pageToken, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "page_token", r.pageToken, "")
+ } else {
+ var defaultValue string = "1"
+ r.pageToken = &defaultValue
}
if r.clientName != nil {
- localVarQueryParams.Add("client_name", parameterToString(*r.clientName, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "client_name", r.clientName, "")
}
if r.owner != nil {
- localVarQueryParams.Add("owner", parameterToString(*r.owner, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "owner", r.owner, "")
}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -1733,9 +1882,9 @@ func (a *OAuth2ApiService) ListOAuth2ClientsExecute(r ApiListOAuth2ClientsReques
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -1751,6 +1900,7 @@ func (a *OAuth2ApiService) ListOAuth2ClientsExecute(r ApiListOAuth2ClientsReques
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1769,7 +1919,7 @@ func (a *OAuth2ApiService) ListOAuth2ClientsExecute(r ApiListOAuth2ClientsReques
type ApiListOAuth2ConsentSessionsRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
subject *string
pageSize *int64
pageToken *string
@@ -1814,7 +1964,7 @@ empty JSON array with status code 200 OK.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiListOAuth2ConsentSessionsRequest
*/
-func (a *OAuth2ApiService) ListOAuth2ConsentSessions(ctx context.Context) ApiListOAuth2ConsentSessionsRequest {
+func (a *OAuth2APIService) ListOAuth2ConsentSessions(ctx context.Context) ApiListOAuth2ConsentSessionsRequest {
return ApiListOAuth2ConsentSessionsRequest{
ApiService: a,
ctx: ctx,
@@ -1824,7 +1974,7 @@ func (a *OAuth2ApiService) ListOAuth2ConsentSessions(ctx context.Context) ApiLis
// Execute executes the request
//
// @return []OAuth2ConsentSession
-func (a *OAuth2ApiService) ListOAuth2ConsentSessionsExecute(r ApiListOAuth2ConsentSessionsRequest) ([]OAuth2ConsentSession, *http.Response, error) {
+func (a *OAuth2APIService) ListOAuth2ConsentSessionsExecute(r ApiListOAuth2ConsentSessionsRequest) ([]OAuth2ConsentSession, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -1832,7 +1982,7 @@ func (a *OAuth2ApiService) ListOAuth2ConsentSessionsExecute(r ApiListOAuth2Conse
localVarReturnValue []OAuth2ConsentSession
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.ListOAuth2ConsentSessions")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.ListOAuth2ConsentSessions")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -1847,14 +1997,20 @@ func (a *OAuth2ApiService) ListOAuth2ConsentSessionsExecute(r ApiListOAuth2Conse
}
if r.pageSize != nil {
- localVarQueryParams.Add("page_size", parameterToString(*r.pageSize, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "page_size", r.pageSize, "")
+ } else {
+ var defaultValue int64 = 250
+ r.pageSize = &defaultValue
}
if r.pageToken != nil {
- localVarQueryParams.Add("page_token", parameterToString(*r.pageToken, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "page_token", r.pageToken, "")
+ } else {
+ var defaultValue string = "1"
+ r.pageToken = &defaultValue
}
- localVarQueryParams.Add("subject", parameterToString(*r.subject, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "subject", r.subject, "")
if r.loginSessionId != nil {
- localVarQueryParams.Add("login_session_id", parameterToString(*r.loginSessionId, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "login_session_id", r.loginSessionId, "")
}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -1883,9 +2039,9 @@ func (a *OAuth2ApiService) ListOAuth2ConsentSessionsExecute(r ApiListOAuth2Conse
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -1901,6 +2057,7 @@ func (a *OAuth2ApiService) ListOAuth2ConsentSessionsExecute(r ApiListOAuth2Conse
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -1919,7 +2076,7 @@ func (a *OAuth2ApiService) ListOAuth2ConsentSessionsExecute(r ApiListOAuth2Conse
type ApiListTrustedOAuth2JwtGrantIssuersRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
maxItems *int64
defaultItems *int64
issuer *string
@@ -1953,7 +2110,7 @@ Use this endpoint to list all trusted JWT Bearer Grant Type Issuers.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiListTrustedOAuth2JwtGrantIssuersRequest
*/
-func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuers(ctx context.Context) ApiListTrustedOAuth2JwtGrantIssuersRequest {
+func (a *OAuth2APIService) ListTrustedOAuth2JwtGrantIssuers(ctx context.Context) ApiListTrustedOAuth2JwtGrantIssuersRequest {
return ApiListTrustedOAuth2JwtGrantIssuersRequest{
ApiService: a,
ctx: ctx,
@@ -1963,7 +2120,7 @@ func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuers(ctx context.Context)
// Execute executes the request
//
// @return []TrustedOAuth2JwtGrantIssuer
-func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuersExecute(r ApiListTrustedOAuth2JwtGrantIssuersRequest) ([]TrustedOAuth2JwtGrantIssuer, *http.Response, error) {
+func (a *OAuth2APIService) ListTrustedOAuth2JwtGrantIssuersExecute(r ApiListTrustedOAuth2JwtGrantIssuersRequest) ([]TrustedOAuth2JwtGrantIssuer, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -1971,7 +2128,7 @@ func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuersExecute(r ApiListTrus
localVarReturnValue []TrustedOAuth2JwtGrantIssuer
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.ListTrustedOAuth2JwtGrantIssuers")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.ListTrustedOAuth2JwtGrantIssuers")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -1983,13 +2140,13 @@ func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuersExecute(r ApiListTrus
localVarFormParams := url.Values{}
if r.maxItems != nil {
- localVarQueryParams.Add("MaxItems", parameterToString(*r.maxItems, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "MaxItems", r.maxItems, "")
}
if r.defaultItems != nil {
- localVarQueryParams.Add("DefaultItems", parameterToString(*r.defaultItems, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "DefaultItems", r.defaultItems, "")
}
if r.issuer != nil {
- localVarQueryParams.Add("issuer", parameterToString(*r.issuer, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "issuer", r.issuer, "")
}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -2018,9 +2175,9 @@ func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuersExecute(r ApiListTrus
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -2036,6 +2193,7 @@ func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuersExecute(r ApiListTrus
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -2054,7 +2212,7 @@ func (a *OAuth2ApiService) ListTrustedOAuth2JwtGrantIssuersExecute(r ApiListTrus
type ApiOAuth2AuthorizeRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
}
func (r ApiOAuth2AuthorizeRequest) Execute() (*ErrorOAuth2, *http.Response, error) {
@@ -2067,12 +2225,13 @@ OAuth2Authorize OAuth 2.0 Authorize Endpoint
Use open source libraries to perform OAuth 2.0 and OpenID Connect
available for any programming language. You can find a list of libraries at https://oauth.net/code/
-The Ory SDK is not yet able to this endpoint properly.
+This endpoint should not be used via the Ory SDK and is only included for technical reasons.
+Instead, use one of the libraries linked above.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiOAuth2AuthorizeRequest
*/
-func (a *OAuth2ApiService) OAuth2Authorize(ctx context.Context) ApiOAuth2AuthorizeRequest {
+func (a *OAuth2APIService) OAuth2Authorize(ctx context.Context) ApiOAuth2AuthorizeRequest {
return ApiOAuth2AuthorizeRequest{
ApiService: a,
ctx: ctx,
@@ -2082,7 +2241,7 @@ func (a *OAuth2ApiService) OAuth2Authorize(ctx context.Context) ApiOAuth2Authori
// Execute executes the request
//
// @return ErrorOAuth2
-func (a *OAuth2ApiService) OAuth2AuthorizeExecute(r ApiOAuth2AuthorizeRequest) (*ErrorOAuth2, *http.Response, error) {
+func (a *OAuth2APIService) OAuth2AuthorizeExecute(r ApiOAuth2AuthorizeRequest) (*ErrorOAuth2, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -2090,7 +2249,7 @@ func (a *OAuth2ApiService) OAuth2AuthorizeExecute(r ApiOAuth2AuthorizeRequest) (
localVarReturnValue *ErrorOAuth2
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.OAuth2Authorize")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.OAuth2Authorize")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -2128,9 +2287,120 @@ func (a *OAuth2ApiService) OAuth2AuthorizeExecute(r ApiOAuth2AuthorizeRequest) (
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+ localVarHTTPResponse.Body.Close()
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+ if err != nil {
+ return localVarReturnValue, localVarHTTPResponse, err
+ }
+
+ if localVarHTTPResponse.StatusCode >= 300 {
+ newErr := &GenericOpenAPIError{
+ body: localVarBody,
+ error: localVarHTTPResponse.Status,
+ }
+ var v ErrorOAuth2
+ err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr.error = err.Error()
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+ newErr.model = v
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+
+ err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr := &GenericOpenAPIError{
+ body: localVarBody,
+ error: err.Error(),
+ }
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+
+ return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiOAuth2DeviceFlowRequest struct {
+ ctx context.Context
+ ApiService *OAuth2APIService
+}
+
+func (r ApiOAuth2DeviceFlowRequest) Execute() (*DeviceAuthorization, *http.Response, error) {
+ return r.ApiService.OAuth2DeviceFlowExecute(r)
+}
+
+/*
+OAuth2DeviceFlow The OAuth 2.0 Device Authorize Endpoint
+
+This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.
+OAuth2 is a very popular protocol and a library for your programming language will exists.
+
+To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc8628
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @return ApiOAuth2DeviceFlowRequest
+*/
+func (a *OAuth2APIService) OAuth2DeviceFlow(ctx context.Context) ApiOAuth2DeviceFlowRequest {
+ return ApiOAuth2DeviceFlowRequest{
+ ApiService: a,
+ ctx: ctx,
+ }
+}
+
+// Execute executes the request
+//
+// @return DeviceAuthorization
+func (a *OAuth2APIService) OAuth2DeviceFlowExecute(r ApiOAuth2DeviceFlowRequest) (*DeviceAuthorization, *http.Response, error) {
+ var (
+ localVarHTTPMethod = http.MethodPost
+ localVarPostBody interface{}
+ formFiles []formFile
+ localVarReturnValue *DeviceAuthorization
+ )
+
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.OAuth2DeviceFlow")
+ if err != nil {
+ return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+ }
+
+ localVarPath := localBasePath + "/oauth2/device/auth"
+
+ localVarHeaderParams := make(map[string]string)
+ localVarQueryParams := url.Values{}
+ localVarFormParams := url.Values{}
+
+ // to determine the Content-Type header
+ localVarHTTPContentTypes := []string{}
+
+ // set Content-Type header
+ localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+ if localVarHTTPContentType != "" {
+ localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+ }
+
+ // to determine the Accept header
+ localVarHTTPHeaderAccepts := []string{"application/json"}
+
+ // set Accept header
+ localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+ if localVarHTTPHeaderAccept != "" {
+ localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+ }
+ req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+ if err != nil {
+ return localVarReturnValue, nil, err
+ }
+
+ localVarHTTPResponse, err := a.client.callAPI(req)
+ if err != nil || localVarHTTPResponse == nil {
+ return localVarReturnValue, localVarHTTPResponse, err
+ }
+
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -2146,6 +2416,7 @@ func (a *OAuth2ApiService) OAuth2AuthorizeExecute(r ApiOAuth2AuthorizeRequest) (
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -2164,7 +2435,7 @@ func (a *OAuth2ApiService) OAuth2AuthorizeExecute(r ApiOAuth2AuthorizeRequest) (
type ApiOauth2TokenExchangeRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
grantType *string
clientId *string
code *string
@@ -2207,12 +2478,13 @@ Oauth2TokenExchange The OAuth 2.0 Token Endpoint
Use open source libraries to perform OAuth 2.0 and OpenID Connect
available for any programming language. You can find a list of libraries here https://oauth.net/code/
-The Ory SDK is not yet able to this endpoint properly.
+This endpoint should not be used via the Ory SDK and is only included for technical reasons.
+Instead, use one of the libraries linked above.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiOauth2TokenExchangeRequest
*/
-func (a *OAuth2ApiService) Oauth2TokenExchange(ctx context.Context) ApiOauth2TokenExchangeRequest {
+func (a *OAuth2APIService) Oauth2TokenExchange(ctx context.Context) ApiOauth2TokenExchangeRequest {
return ApiOauth2TokenExchangeRequest{
ApiService: a,
ctx: ctx,
@@ -2222,7 +2494,7 @@ func (a *OAuth2ApiService) Oauth2TokenExchange(ctx context.Context) ApiOauth2Tok
// Execute executes the request
//
// @return OAuth2TokenExchange
-func (a *OAuth2ApiService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRequest) (*OAuth2TokenExchange, *http.Response, error) {
+func (a *OAuth2APIService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRequest) (*OAuth2TokenExchange, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
@@ -2230,7 +2502,7 @@ func (a *OAuth2ApiService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRe
localVarReturnValue *OAuth2TokenExchange
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.Oauth2TokenExchange")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.Oauth2TokenExchange")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -2262,17 +2534,17 @@ func (a *OAuth2ApiService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRe
localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
}
if r.clientId != nil {
- localVarFormParams.Add("client_id", parameterToString(*r.clientId, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "client_id", r.clientId, "")
}
if r.code != nil {
- localVarFormParams.Add("code", parameterToString(*r.code, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "code", r.code, "")
}
- localVarFormParams.Add("grant_type", parameterToString(*r.grantType, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "grant_type", r.grantType, "")
if r.redirectUri != nil {
- localVarFormParams.Add("redirect_uri", parameterToString(*r.redirectUri, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "redirect_uri", r.redirectUri, "")
}
if r.refreshToken != nil {
- localVarFormParams.Add("refresh_token", parameterToString(*r.refreshToken, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "refresh_token", r.refreshToken, "")
}
req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
if err != nil {
@@ -2284,9 +2556,9 @@ func (a *OAuth2ApiService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRe
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -2302,6 +2574,7 @@ func (a *OAuth2ApiService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRe
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -2320,7 +2593,7 @@ func (a *OAuth2ApiService) Oauth2TokenExchangeExecute(r ApiOauth2TokenExchangeRe
type ApiPatchOAuth2ClientRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
id string
jsonPatch *[]JsonPatch
}
@@ -2349,7 +2622,7 @@ generated for applications which want to consume your OAuth 2.0 or OpenID Connec
@param id The id of the OAuth 2.0 Client.
@return ApiPatchOAuth2ClientRequest
*/
-func (a *OAuth2ApiService) PatchOAuth2Client(ctx context.Context, id string) ApiPatchOAuth2ClientRequest {
+func (a *OAuth2APIService) PatchOAuth2Client(ctx context.Context, id string) ApiPatchOAuth2ClientRequest {
return ApiPatchOAuth2ClientRequest{
ApiService: a,
ctx: ctx,
@@ -2360,7 +2633,7 @@ func (a *OAuth2ApiService) PatchOAuth2Client(ctx context.Context, id string) Api
// Execute executes the request
//
// @return OAuth2Client
-func (a *OAuth2ApiService) PatchOAuth2ClientExecute(r ApiPatchOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
+func (a *OAuth2APIService) PatchOAuth2ClientExecute(r ApiPatchOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPatch
localVarPostBody interface{}
@@ -2368,13 +2641,13 @@ func (a *OAuth2ApiService) PatchOAuth2ClientExecute(r ApiPatchOAuth2ClientReques
localVarReturnValue *OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.PatchOAuth2Client")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.PatchOAuth2Client")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/clients/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -2412,9 +2685,9 @@ func (a *OAuth2ApiService) PatchOAuth2ClientExecute(r ApiPatchOAuth2ClientReques
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -2431,6 +2704,7 @@ func (a *OAuth2ApiService) PatchOAuth2ClientExecute(r ApiPatchOAuth2ClientReques
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -2440,6 +2714,115 @@ func (a *OAuth2ApiService) PatchOAuth2ClientExecute(r ApiPatchOAuth2ClientReques
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
+ newErr.model = v
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+
+ err = a.client.decode(&localVarReturnValue, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr := &GenericOpenAPIError{
+ body: localVarBody,
+ error: err.Error(),
+ }
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+
+ return localVarReturnValue, localVarHTTPResponse, nil
+}
+
+type ApiPerformOAuth2DeviceVerificationFlowRequest struct {
+ ctx context.Context
+ ApiService *OAuth2APIService
+}
+
+func (r ApiPerformOAuth2DeviceVerificationFlowRequest) Execute() (*ErrorOAuth2, *http.Response, error) {
+ return r.ApiService.PerformOAuth2DeviceVerificationFlowExecute(r)
+}
+
+/*
+PerformOAuth2DeviceVerificationFlow OAuth 2.0 Device Verification Endpoint
+
+This is the device user verification endpoint. The user is redirected her when trying to login using the device flow.
+
+ @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
+ @return ApiPerformOAuth2DeviceVerificationFlowRequest
+*/
+func (a *OAuth2APIService) PerformOAuth2DeviceVerificationFlow(ctx context.Context) ApiPerformOAuth2DeviceVerificationFlowRequest {
+ return ApiPerformOAuth2DeviceVerificationFlowRequest{
+ ApiService: a,
+ ctx: ctx,
+ }
+}
+
+// Execute executes the request
+//
+// @return ErrorOAuth2
+func (a *OAuth2APIService) PerformOAuth2DeviceVerificationFlowExecute(r ApiPerformOAuth2DeviceVerificationFlowRequest) (*ErrorOAuth2, *http.Response, error) {
+ var (
+ localVarHTTPMethod = http.MethodGet
+ localVarPostBody interface{}
+ formFiles []formFile
+ localVarReturnValue *ErrorOAuth2
+ )
+
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.PerformOAuth2DeviceVerificationFlow")
+ if err != nil {
+ return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
+ }
+
+ localVarPath := localBasePath + "/oauth2/device/verify"
+
+ localVarHeaderParams := make(map[string]string)
+ localVarQueryParams := url.Values{}
+ localVarFormParams := url.Values{}
+
+ // to determine the Content-Type header
+ localVarHTTPContentTypes := []string{}
+
+ // set Content-Type header
+ localVarHTTPContentType := selectHeaderContentType(localVarHTTPContentTypes)
+ if localVarHTTPContentType != "" {
+ localVarHeaderParams["Content-Type"] = localVarHTTPContentType
+ }
+
+ // to determine the Accept header
+ localVarHTTPHeaderAccepts := []string{"application/json"}
+
+ // set Accept header
+ localVarHTTPHeaderAccept := selectHeaderAccept(localVarHTTPHeaderAccepts)
+ if localVarHTTPHeaderAccept != "" {
+ localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
+ }
+ req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
+ if err != nil {
+ return localVarReturnValue, nil, err
+ }
+
+ localVarHTTPResponse, err := a.client.callAPI(req)
+ if err != nil || localVarHTTPResponse == nil {
+ return localVarReturnValue, localVarHTTPResponse, err
+ }
+
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
+ localVarHTTPResponse.Body.Close()
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
+ if err != nil {
+ return localVarReturnValue, localVarHTTPResponse, err
+ }
+
+ if localVarHTTPResponse.StatusCode >= 300 {
+ newErr := &GenericOpenAPIError{
+ body: localVarBody,
+ error: localVarHTTPResponse.Status,
+ }
+ var v ErrorOAuth2
+ err = a.client.decode(&v, localVarBody, localVarHTTPResponse.Header.Get("Content-Type"))
+ if err != nil {
+ newErr.error = err.Error()
+ return localVarReturnValue, localVarHTTPResponse, newErr
+ }
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -2458,7 +2841,7 @@ func (a *OAuth2ApiService) PatchOAuth2ClientExecute(r ApiPatchOAuth2ClientReques
type ApiRejectOAuth2ConsentRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
consentChallenge *string
rejectOAuth2Request *RejectOAuth2Request
}
@@ -2500,7 +2883,7 @@ head over to the OAuth 2.0 documentation.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiRejectOAuth2ConsentRequestRequest
*/
-func (a *OAuth2ApiService) RejectOAuth2ConsentRequest(ctx context.Context) ApiRejectOAuth2ConsentRequestRequest {
+func (a *OAuth2APIService) RejectOAuth2ConsentRequest(ctx context.Context) ApiRejectOAuth2ConsentRequestRequest {
return ApiRejectOAuth2ConsentRequestRequest{
ApiService: a,
ctx: ctx,
@@ -2510,7 +2893,7 @@ func (a *OAuth2ApiService) RejectOAuth2ConsentRequest(ctx context.Context) ApiRe
// Execute executes the request
//
// @return OAuth2RedirectTo
-func (a *OAuth2ApiService) RejectOAuth2ConsentRequestExecute(r ApiRejectOAuth2ConsentRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
+func (a *OAuth2APIService) RejectOAuth2ConsentRequestExecute(r ApiRejectOAuth2ConsentRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -2518,7 +2901,7 @@ func (a *OAuth2ApiService) RejectOAuth2ConsentRequestExecute(r ApiRejectOAuth2Co
localVarReturnValue *OAuth2RedirectTo
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.RejectOAuth2ConsentRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.RejectOAuth2ConsentRequest")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -2532,7 +2915,7 @@ func (a *OAuth2ApiService) RejectOAuth2ConsentRequestExecute(r ApiRejectOAuth2Co
return localVarReturnValue, nil, reportError("consentChallenge is required and must be specified")
}
- localVarQueryParams.Add("consent_challenge", parameterToString(*r.consentChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "consent_challenge", r.consentChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{"application/json"}
@@ -2562,9 +2945,9 @@ func (a *OAuth2ApiService) RejectOAuth2ConsentRequestExecute(r ApiRejectOAuth2Co
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -2580,6 +2963,7 @@ func (a *OAuth2ApiService) RejectOAuth2ConsentRequestExecute(r ApiRejectOAuth2Co
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -2598,7 +2982,7 @@ func (a *OAuth2ApiService) RejectOAuth2ConsentRequestExecute(r ApiRejectOAuth2Co
type ApiRejectOAuth2LoginRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
loginChallenge *string
rejectOAuth2Request *RejectOAuth2Request
}
@@ -2635,7 +3019,7 @@ The response contains a redirect URL which the login provider should redirect th
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiRejectOAuth2LoginRequestRequest
*/
-func (a *OAuth2ApiService) RejectOAuth2LoginRequest(ctx context.Context) ApiRejectOAuth2LoginRequestRequest {
+func (a *OAuth2APIService) RejectOAuth2LoginRequest(ctx context.Context) ApiRejectOAuth2LoginRequestRequest {
return ApiRejectOAuth2LoginRequestRequest{
ApiService: a,
ctx: ctx,
@@ -2645,7 +3029,7 @@ func (a *OAuth2ApiService) RejectOAuth2LoginRequest(ctx context.Context) ApiReje
// Execute executes the request
//
// @return OAuth2RedirectTo
-func (a *OAuth2ApiService) RejectOAuth2LoginRequestExecute(r ApiRejectOAuth2LoginRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
+func (a *OAuth2APIService) RejectOAuth2LoginRequestExecute(r ApiRejectOAuth2LoginRequestRequest) (*OAuth2RedirectTo, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -2653,7 +3037,7 @@ func (a *OAuth2ApiService) RejectOAuth2LoginRequestExecute(r ApiRejectOAuth2Logi
localVarReturnValue *OAuth2RedirectTo
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.RejectOAuth2LoginRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.RejectOAuth2LoginRequest")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -2667,7 +3051,7 @@ func (a *OAuth2ApiService) RejectOAuth2LoginRequestExecute(r ApiRejectOAuth2Logi
return localVarReturnValue, nil, reportError("loginChallenge is required and must be specified")
}
- localVarQueryParams.Add("login_challenge", parameterToString(*r.loginChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "login_challenge", r.loginChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{"application/json"}
@@ -2697,9 +3081,9 @@ func (a *OAuth2ApiService) RejectOAuth2LoginRequestExecute(r ApiRejectOAuth2Logi
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -2715,6 +3099,7 @@ func (a *OAuth2ApiService) RejectOAuth2LoginRequestExecute(r ApiRejectOAuth2Logi
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -2733,7 +3118,7 @@ func (a *OAuth2ApiService) RejectOAuth2LoginRequestExecute(r ApiRejectOAuth2Logi
type ApiRejectOAuth2LogoutRequestRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
logoutChallenge *string
}
@@ -2757,7 +3142,7 @@ The response is empty as the logout provider has to chose what action to perform
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiRejectOAuth2LogoutRequestRequest
*/
-func (a *OAuth2ApiService) RejectOAuth2LogoutRequest(ctx context.Context) ApiRejectOAuth2LogoutRequestRequest {
+func (a *OAuth2APIService) RejectOAuth2LogoutRequest(ctx context.Context) ApiRejectOAuth2LogoutRequestRequest {
return ApiRejectOAuth2LogoutRequestRequest{
ApiService: a,
ctx: ctx,
@@ -2765,14 +3150,14 @@ func (a *OAuth2ApiService) RejectOAuth2LogoutRequest(ctx context.Context) ApiRej
}
// Execute executes the request
-func (a *OAuth2ApiService) RejectOAuth2LogoutRequestExecute(r ApiRejectOAuth2LogoutRequestRequest) (*http.Response, error) {
+func (a *OAuth2APIService) RejectOAuth2LogoutRequestExecute(r ApiRejectOAuth2LogoutRequestRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.RejectOAuth2LogoutRequest")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.RejectOAuth2LogoutRequest")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -2786,7 +3171,7 @@ func (a *OAuth2ApiService) RejectOAuth2LogoutRequestExecute(r ApiRejectOAuth2Log
return nil, reportError("logoutChallenge is required and must be specified")
}
- localVarQueryParams.Add("logout_challenge", parameterToString(*r.logoutChallenge, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "logout_challenge", r.logoutChallenge, "")
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -2814,9 +3199,9 @@ func (a *OAuth2ApiService) RejectOAuth2LogoutRequestExecute(r ApiRejectOAuth2Log
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -2832,6 +3217,7 @@ func (a *OAuth2ApiService) RejectOAuth2LogoutRequestExecute(r ApiRejectOAuth2Log
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -2841,7 +3227,7 @@ func (a *OAuth2ApiService) RejectOAuth2LogoutRequestExecute(r ApiRejectOAuth2Log
type ApiRevokeOAuth2ConsentSessionsRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
subject *string
client *string
all *bool
@@ -2878,7 +3264,7 @@ associated OAuth 2.0 Access Tokens. You may also only revoke sessions for a spec
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiRevokeOAuth2ConsentSessionsRequest
*/
-func (a *OAuth2ApiService) RevokeOAuth2ConsentSessions(ctx context.Context) ApiRevokeOAuth2ConsentSessionsRequest {
+func (a *OAuth2APIService) RevokeOAuth2ConsentSessions(ctx context.Context) ApiRevokeOAuth2ConsentSessionsRequest {
return ApiRevokeOAuth2ConsentSessionsRequest{
ApiService: a,
ctx: ctx,
@@ -2886,14 +3272,14 @@ func (a *OAuth2ApiService) RevokeOAuth2ConsentSessions(ctx context.Context) ApiR
}
// Execute executes the request
-func (a *OAuth2ApiService) RevokeOAuth2ConsentSessionsExecute(r ApiRevokeOAuth2ConsentSessionsRequest) (*http.Response, error) {
+func (a *OAuth2APIService) RevokeOAuth2ConsentSessionsExecute(r ApiRevokeOAuth2ConsentSessionsRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodDelete
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.RevokeOAuth2ConsentSessions")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.RevokeOAuth2ConsentSessions")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -2907,12 +3293,12 @@ func (a *OAuth2ApiService) RevokeOAuth2ConsentSessionsExecute(r ApiRevokeOAuth2C
return nil, reportError("subject is required and must be specified")
}
- localVarQueryParams.Add("subject", parameterToString(*r.subject, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "subject", r.subject, "")
if r.client != nil {
- localVarQueryParams.Add("client", parameterToString(*r.client, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "client", r.client, "")
}
if r.all != nil {
- localVarQueryParams.Add("all", parameterToString(*r.all, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "all", r.all, "")
}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -2941,9 +3327,9 @@ func (a *OAuth2ApiService) RevokeOAuth2ConsentSessionsExecute(r ApiRevokeOAuth2C
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -2959,6 +3345,7 @@ func (a *OAuth2ApiService) RevokeOAuth2ConsentSessionsExecute(r ApiRevokeOAuth2C
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -2968,7 +3355,7 @@ func (a *OAuth2ApiService) RevokeOAuth2ConsentSessionsExecute(r ApiRevokeOAuth2C
type ApiRevokeOAuth2LoginSessionsRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
subject *string
sid *string
}
@@ -2979,7 +3366,7 @@ func (r ApiRevokeOAuth2LoginSessionsRequest) Subject(subject string) ApiRevokeOA
return r
}
-// OAuth 2.0 Subject The subject to revoke authentication sessions for.
+// Login Session ID The login session to revoke.
func (r ApiRevokeOAuth2LoginSessionsRequest) Sid(sid string) ApiRevokeOAuth2LoginSessionsRequest {
r.sid = &sid
return r
@@ -3004,7 +3391,7 @@ to that SessionID is revoked. OpenID Connect Back-channel logout is performed in
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiRevokeOAuth2LoginSessionsRequest
*/
-func (a *OAuth2ApiService) RevokeOAuth2LoginSessions(ctx context.Context) ApiRevokeOAuth2LoginSessionsRequest {
+func (a *OAuth2APIService) RevokeOAuth2LoginSessions(ctx context.Context) ApiRevokeOAuth2LoginSessionsRequest {
return ApiRevokeOAuth2LoginSessionsRequest{
ApiService: a,
ctx: ctx,
@@ -3012,14 +3399,14 @@ func (a *OAuth2ApiService) RevokeOAuth2LoginSessions(ctx context.Context) ApiRev
}
// Execute executes the request
-func (a *OAuth2ApiService) RevokeOAuth2LoginSessionsExecute(r ApiRevokeOAuth2LoginSessionsRequest) (*http.Response, error) {
+func (a *OAuth2APIService) RevokeOAuth2LoginSessionsExecute(r ApiRevokeOAuth2LoginSessionsRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodDelete
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.RevokeOAuth2LoginSessions")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.RevokeOAuth2LoginSessions")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -3031,10 +3418,10 @@ func (a *OAuth2ApiService) RevokeOAuth2LoginSessionsExecute(r ApiRevokeOAuth2Log
localVarFormParams := url.Values{}
if r.subject != nil {
- localVarQueryParams.Add("subject", parameterToString(*r.subject, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "subject", r.subject, "")
}
if r.sid != nil {
- localVarQueryParams.Add("sid", parameterToString(*r.sid, ""))
+ parameterAddToHeaderOrQuery(localVarQueryParams, "sid", r.sid, "")
}
// to determine the Content-Type header
localVarHTTPContentTypes := []string{}
@@ -3063,9 +3450,9 @@ func (a *OAuth2ApiService) RevokeOAuth2LoginSessionsExecute(r ApiRevokeOAuth2Log
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -3081,6 +3468,7 @@ func (a *OAuth2ApiService) RevokeOAuth2LoginSessionsExecute(r ApiRevokeOAuth2Log
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -3090,7 +3478,7 @@ func (a *OAuth2ApiService) RevokeOAuth2LoginSessionsExecute(r ApiRevokeOAuth2Log
type ApiRevokeOAuth2TokenRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
token *string
clientId *string
clientSecret *string
@@ -3126,7 +3514,7 @@ the client the token was generated for.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiRevokeOAuth2TokenRequest
*/
-func (a *OAuth2ApiService) RevokeOAuth2Token(ctx context.Context) ApiRevokeOAuth2TokenRequest {
+func (a *OAuth2APIService) RevokeOAuth2Token(ctx context.Context) ApiRevokeOAuth2TokenRequest {
return ApiRevokeOAuth2TokenRequest{
ApiService: a,
ctx: ctx,
@@ -3134,14 +3522,14 @@ func (a *OAuth2ApiService) RevokeOAuth2Token(ctx context.Context) ApiRevokeOAuth
}
// Execute executes the request
-func (a *OAuth2ApiService) RevokeOAuth2TokenExecute(r ApiRevokeOAuth2TokenRequest) (*http.Response, error) {
+func (a *OAuth2APIService) RevokeOAuth2TokenExecute(r ApiRevokeOAuth2TokenRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.RevokeOAuth2Token")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.RevokeOAuth2Token")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -3173,12 +3561,12 @@ func (a *OAuth2ApiService) RevokeOAuth2TokenExecute(r ApiRevokeOAuth2TokenReques
localVarHeaderParams["Accept"] = localVarHTTPHeaderAccept
}
if r.clientId != nil {
- localVarFormParams.Add("client_id", parameterToString(*r.clientId, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "client_id", r.clientId, "")
}
if r.clientSecret != nil {
- localVarFormParams.Add("client_secret", parameterToString(*r.clientSecret, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "client_secret", r.clientSecret, "")
}
- localVarFormParams.Add("token", parameterToString(*r.token, ""))
+ parameterAddToHeaderOrQuery(localVarFormParams, "token", r.token, "")
req, err := a.client.prepareRequest(r.ctx, localVarPath, localVarHTTPMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, formFiles)
if err != nil {
return nil, err
@@ -3189,9 +3577,9 @@ func (a *OAuth2ApiService) RevokeOAuth2TokenExecute(r ApiRevokeOAuth2TokenReques
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -3207,6 +3595,7 @@ func (a *OAuth2ApiService) RevokeOAuth2TokenExecute(r ApiRevokeOAuth2TokenReques
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -3216,7 +3605,7 @@ func (a *OAuth2ApiService) RevokeOAuth2TokenExecute(r ApiRevokeOAuth2TokenReques
type ApiSetOAuth2ClientRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
id string
oAuth2Client *OAuth2Client
}
@@ -3246,7 +3635,7 @@ generated for applications which want to consume your OAuth 2.0 or OpenID Connec
@param id OAuth 2.0 Client ID
@return ApiSetOAuth2ClientRequest
*/
-func (a *OAuth2ApiService) SetOAuth2Client(ctx context.Context, id string) ApiSetOAuth2ClientRequest {
+func (a *OAuth2APIService) SetOAuth2Client(ctx context.Context, id string) ApiSetOAuth2ClientRequest {
return ApiSetOAuth2ClientRequest{
ApiService: a,
ctx: ctx,
@@ -3257,7 +3646,7 @@ func (a *OAuth2ApiService) SetOAuth2Client(ctx context.Context, id string) ApiSe
// Execute executes the request
//
// @return OAuth2Client
-func (a *OAuth2ApiService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
+func (a *OAuth2APIService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (*OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -3265,13 +3654,13 @@ func (a *OAuth2ApiService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (
localVarReturnValue *OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.SetOAuth2Client")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.SetOAuth2Client")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/clients/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -3309,9 +3698,9 @@ func (a *OAuth2ApiService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -3328,6 +3717,7 @@ func (a *OAuth2ApiService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -3338,6 +3728,7 @@ func (a *OAuth2ApiService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -3347,6 +3738,7 @@ func (a *OAuth2ApiService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -3365,7 +3757,7 @@ func (a *OAuth2ApiService) SetOAuth2ClientExecute(r ApiSetOAuth2ClientRequest) (
type ApiSetOAuth2ClientLifespansRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
id string
oAuth2ClientTokenLifespans *OAuth2ClientTokenLifespans
}
@@ -3388,7 +3780,7 @@ Set lifespans of different token types issued for this OAuth 2.0 client. Does no
@param id OAuth 2.0 Client ID
@return ApiSetOAuth2ClientLifespansRequest
*/
-func (a *OAuth2ApiService) SetOAuth2ClientLifespans(ctx context.Context, id string) ApiSetOAuth2ClientLifespansRequest {
+func (a *OAuth2APIService) SetOAuth2ClientLifespans(ctx context.Context, id string) ApiSetOAuth2ClientLifespansRequest {
return ApiSetOAuth2ClientLifespansRequest{
ApiService: a,
ctx: ctx,
@@ -3399,7 +3791,7 @@ func (a *OAuth2ApiService) SetOAuth2ClientLifespans(ctx context.Context, id stri
// Execute executes the request
//
// @return OAuth2Client
-func (a *OAuth2ApiService) SetOAuth2ClientLifespansExecute(r ApiSetOAuth2ClientLifespansRequest) (*OAuth2Client, *http.Response, error) {
+func (a *OAuth2APIService) SetOAuth2ClientLifespansExecute(r ApiSetOAuth2ClientLifespansRequest) (*OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -3407,13 +3799,13 @@ func (a *OAuth2ApiService) SetOAuth2ClientLifespansExecute(r ApiSetOAuth2ClientL
localVarReturnValue *OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.SetOAuth2ClientLifespans")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.SetOAuth2ClientLifespans")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/admin/clients/{id}/lifespans"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -3448,9 +3840,9 @@ func (a *OAuth2ApiService) SetOAuth2ClientLifespansExecute(r ApiSetOAuth2ClientL
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -3466,6 +3858,7 @@ func (a *OAuth2ApiService) SetOAuth2ClientLifespansExecute(r ApiSetOAuth2ClientL
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -3484,7 +3877,7 @@ func (a *OAuth2ApiService) SetOAuth2ClientLifespansExecute(r ApiSetOAuth2ClientL
type ApiTrustOAuth2JwtGrantIssuerRequest struct {
ctx context.Context
- ApiService *OAuth2ApiService
+ ApiService *OAuth2APIService
trustOAuth2JwtGrantIssuer *TrustOAuth2JwtGrantIssuer
}
@@ -3507,7 +3900,7 @@ and Authorization Grants [RFC7523](https://datatracker.ietf.org/doc/html/rfc7523
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiTrustOAuth2JwtGrantIssuerRequest
*/
-func (a *OAuth2ApiService) TrustOAuth2JwtGrantIssuer(ctx context.Context) ApiTrustOAuth2JwtGrantIssuerRequest {
+func (a *OAuth2APIService) TrustOAuth2JwtGrantIssuer(ctx context.Context) ApiTrustOAuth2JwtGrantIssuerRequest {
return ApiTrustOAuth2JwtGrantIssuerRequest{
ApiService: a,
ctx: ctx,
@@ -3517,7 +3910,7 @@ func (a *OAuth2ApiService) TrustOAuth2JwtGrantIssuer(ctx context.Context) ApiTru
// Execute executes the request
//
// @return TrustedOAuth2JwtGrantIssuer
-func (a *OAuth2ApiService) TrustOAuth2JwtGrantIssuerExecute(r ApiTrustOAuth2JwtGrantIssuerRequest) (*TrustedOAuth2JwtGrantIssuer, *http.Response, error) {
+func (a *OAuth2APIService) TrustOAuth2JwtGrantIssuerExecute(r ApiTrustOAuth2JwtGrantIssuerRequest) (*TrustedOAuth2JwtGrantIssuer, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
@@ -3525,7 +3918,7 @@ func (a *OAuth2ApiService) TrustOAuth2JwtGrantIssuerExecute(r ApiTrustOAuth2JwtG
localVarReturnValue *TrustedOAuth2JwtGrantIssuer
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2ApiService.TrustOAuth2JwtGrantIssuer")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OAuth2APIService.TrustOAuth2JwtGrantIssuer")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -3565,9 +3958,9 @@ func (a *OAuth2ApiService) TrustOAuth2JwtGrantIssuerExecute(r ApiTrustOAuth2JwtG
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -3583,6 +3976,7 @@ func (a *OAuth2ApiService) TrustOAuth2JwtGrantIssuerExecute(r ApiTrustOAuth2JwtG
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
diff --git a/internal/httpclient/api_oidc.go b/internal/httpclient/api_oidc.go
index 814348a1376..406711e3192 100644
--- a/internal/httpclient/api_oidc.go
+++ b/internal/httpclient/api_oidc.go
@@ -14,18 +14,18 @@ package openapi
import (
"bytes"
"context"
- "io/ioutil"
+ "io"
"net/http"
"net/url"
"strings"
)
-// OidcApiService OidcApi service
-type OidcApiService service
+// OidcAPIService OidcAPI service
+type OidcAPIService service
type ApiCreateOidcDynamicClientRequest struct {
ctx context.Context
- ApiService *OidcApiService
+ ApiService *OidcAPIService
oAuth2Client *OAuth2Client
}
@@ -57,7 +57,7 @@ Write the secret down and keep it somewhere safe.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiCreateOidcDynamicClientRequest
*/
-func (a *OidcApiService) CreateOidcDynamicClient(ctx context.Context) ApiCreateOidcDynamicClientRequest {
+func (a *OidcAPIService) CreateOidcDynamicClient(ctx context.Context) ApiCreateOidcDynamicClientRequest {
return ApiCreateOidcDynamicClientRequest{
ApiService: a,
ctx: ctx,
@@ -67,7 +67,7 @@ func (a *OidcApiService) CreateOidcDynamicClient(ctx context.Context) ApiCreateO
// Execute executes the request
//
// @return OAuth2Client
-func (a *OidcApiService) CreateOidcDynamicClientExecute(r ApiCreateOidcDynamicClientRequest) (*OAuth2Client, *http.Response, error) {
+func (a *OidcAPIService) CreateOidcDynamicClientExecute(r ApiCreateOidcDynamicClientRequest) (*OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
@@ -75,7 +75,7 @@ func (a *OidcApiService) CreateOidcDynamicClientExecute(r ApiCreateOidcDynamicCl
localVarReturnValue *OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.CreateOidcDynamicClient")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcAPIService.CreateOidcDynamicClient")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -118,9 +118,9 @@ func (a *OidcApiService) CreateOidcDynamicClientExecute(r ApiCreateOidcDynamicCl
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -137,6 +137,7 @@ func (a *OidcApiService) CreateOidcDynamicClientExecute(r ApiCreateOidcDynamicCl
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -146,6 +147,7 @@ func (a *OidcApiService) CreateOidcDynamicClientExecute(r ApiCreateOidcDynamicCl
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -164,7 +166,7 @@ func (a *OidcApiService) CreateOidcDynamicClientExecute(r ApiCreateOidcDynamicCl
type ApiCreateVerifiableCredentialRequest struct {
ctx context.Context
- ApiService *OidcApiService
+ ApiService *OidcAPIService
createVerifiableCredentialRequestBody *CreateVerifiableCredentialRequestBody
}
@@ -190,7 +192,7 @@ https://openid.net/specs/openid-connect-userinfo-vc-1_0.html.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiCreateVerifiableCredentialRequest
*/
-func (a *OidcApiService) CreateVerifiableCredential(ctx context.Context) ApiCreateVerifiableCredentialRequest {
+func (a *OidcAPIService) CreateVerifiableCredential(ctx context.Context) ApiCreateVerifiableCredentialRequest {
return ApiCreateVerifiableCredentialRequest{
ApiService: a,
ctx: ctx,
@@ -200,7 +202,7 @@ func (a *OidcApiService) CreateVerifiableCredential(ctx context.Context) ApiCrea
// Execute executes the request
//
// @return VerifiableCredentialResponse
-func (a *OidcApiService) CreateVerifiableCredentialExecute(r ApiCreateVerifiableCredentialRequest) (*VerifiableCredentialResponse, *http.Response, error) {
+func (a *OidcAPIService) CreateVerifiableCredentialExecute(r ApiCreateVerifiableCredentialRequest) (*VerifiableCredentialResponse, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPost
localVarPostBody interface{}
@@ -208,7 +210,7 @@ func (a *OidcApiService) CreateVerifiableCredentialExecute(r ApiCreateVerifiable
localVarReturnValue *VerifiableCredentialResponse
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.CreateVerifiableCredential")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcAPIService.CreateVerifiableCredential")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -248,9 +250,9 @@ func (a *OidcApiService) CreateVerifiableCredentialExecute(r ApiCreateVerifiable
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -267,6 +269,7 @@ func (a *OidcApiService) CreateVerifiableCredentialExecute(r ApiCreateVerifiable
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -276,6 +279,7 @@ func (a *OidcApiService) CreateVerifiableCredentialExecute(r ApiCreateVerifiable
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -294,7 +298,7 @@ func (a *OidcApiService) CreateVerifiableCredentialExecute(r ApiCreateVerifiable
type ApiDeleteOidcDynamicClientRequest struct {
ctx context.Context
- ApiService *OidcApiService
+ ApiService *OidcAPIService
id string
}
@@ -321,7 +325,7 @@ generated for applications which want to consume your OAuth 2.0 or OpenID Connec
@param id The id of the OAuth 2.0 Client.
@return ApiDeleteOidcDynamicClientRequest
*/
-func (a *OidcApiService) DeleteOidcDynamicClient(ctx context.Context, id string) ApiDeleteOidcDynamicClientRequest {
+func (a *OidcAPIService) DeleteOidcDynamicClient(ctx context.Context, id string) ApiDeleteOidcDynamicClientRequest {
return ApiDeleteOidcDynamicClientRequest{
ApiService: a,
ctx: ctx,
@@ -330,20 +334,20 @@ func (a *OidcApiService) DeleteOidcDynamicClient(ctx context.Context, id string)
}
// Execute executes the request
-func (a *OidcApiService) DeleteOidcDynamicClientExecute(r ApiDeleteOidcDynamicClientRequest) (*http.Response, error) {
+func (a *OidcAPIService) DeleteOidcDynamicClientExecute(r ApiDeleteOidcDynamicClientRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodDelete
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.DeleteOidcDynamicClient")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcAPIService.DeleteOidcDynamicClient")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/oauth2/register/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -376,9 +380,9 @@ func (a *OidcApiService) DeleteOidcDynamicClientExecute(r ApiDeleteOidcDynamicCl
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -394,6 +398,7 @@ func (a *OidcApiService) DeleteOidcDynamicClientExecute(r ApiDeleteOidcDynamicCl
newErr.error = err.Error()
return localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarHTTPResponse, newErr
}
@@ -403,7 +408,7 @@ func (a *OidcApiService) DeleteOidcDynamicClientExecute(r ApiDeleteOidcDynamicCl
type ApiDiscoverOidcConfigurationRequest struct {
ctx context.Context
- ApiService *OidcApiService
+ ApiService *OidcAPIService
}
func (r ApiDiscoverOidcConfigurationRequest) Execute() (*OidcConfiguration, *http.Response, error) {
@@ -421,7 +426,7 @@ For a full list of clients go here: https://openid.net/developers/certified/
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiDiscoverOidcConfigurationRequest
*/
-func (a *OidcApiService) DiscoverOidcConfiguration(ctx context.Context) ApiDiscoverOidcConfigurationRequest {
+func (a *OidcAPIService) DiscoverOidcConfiguration(ctx context.Context) ApiDiscoverOidcConfigurationRequest {
return ApiDiscoverOidcConfigurationRequest{
ApiService: a,
ctx: ctx,
@@ -431,7 +436,7 @@ func (a *OidcApiService) DiscoverOidcConfiguration(ctx context.Context) ApiDisco
// Execute executes the request
//
// @return OidcConfiguration
-func (a *OidcApiService) DiscoverOidcConfigurationExecute(r ApiDiscoverOidcConfigurationRequest) (*OidcConfiguration, *http.Response, error) {
+func (a *OidcAPIService) DiscoverOidcConfigurationExecute(r ApiDiscoverOidcConfigurationRequest) (*OidcConfiguration, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -439,7 +444,7 @@ func (a *OidcApiService) DiscoverOidcConfigurationExecute(r ApiDiscoverOidcConfi
localVarReturnValue *OidcConfiguration
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.DiscoverOidcConfiguration")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcAPIService.DiscoverOidcConfiguration")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -477,9 +482,9 @@ func (a *OidcApiService) DiscoverOidcConfigurationExecute(r ApiDiscoverOidcConfi
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -495,6 +500,7 @@ func (a *OidcApiService) DiscoverOidcConfigurationExecute(r ApiDiscoverOidcConfi
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -513,7 +519,7 @@ func (a *OidcApiService) DiscoverOidcConfigurationExecute(r ApiDiscoverOidcConfi
type ApiGetOidcDynamicClientRequest struct {
ctx context.Context
- ApiService *OidcApiService
+ ApiService *OidcAPIService
id string
}
@@ -536,7 +542,7 @@ If it uses `client_secret_basic`, present the Client ID and the Client Secret in
@param id The id of the OAuth 2.0 Client.
@return ApiGetOidcDynamicClientRequest
*/
-func (a *OidcApiService) GetOidcDynamicClient(ctx context.Context, id string) ApiGetOidcDynamicClientRequest {
+func (a *OidcAPIService) GetOidcDynamicClient(ctx context.Context, id string) ApiGetOidcDynamicClientRequest {
return ApiGetOidcDynamicClientRequest{
ApiService: a,
ctx: ctx,
@@ -547,7 +553,7 @@ func (a *OidcApiService) GetOidcDynamicClient(ctx context.Context, id string) Ap
// Execute executes the request
//
// @return OAuth2Client
-func (a *OidcApiService) GetOidcDynamicClientExecute(r ApiGetOidcDynamicClientRequest) (*OAuth2Client, *http.Response, error) {
+func (a *OidcAPIService) GetOidcDynamicClientExecute(r ApiGetOidcDynamicClientRequest) (*OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -555,13 +561,13 @@ func (a *OidcApiService) GetOidcDynamicClientExecute(r ApiGetOidcDynamicClientRe
localVarReturnValue *OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.GetOidcDynamicClient")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcAPIService.GetOidcDynamicClient")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/oauth2/register/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -594,9 +600,9 @@ func (a *OidcApiService) GetOidcDynamicClientExecute(r ApiGetOidcDynamicClientRe
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -612,6 +618,7 @@ func (a *OidcApiService) GetOidcDynamicClientExecute(r ApiGetOidcDynamicClientRe
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -630,7 +637,7 @@ func (a *OidcApiService) GetOidcDynamicClientExecute(r ApiGetOidcDynamicClientRe
type ApiGetOidcUserInfoRequest struct {
ctx context.Context
- ApiService *OidcApiService
+ ApiService *OidcAPIService
}
func (r ApiGetOidcUserInfoRequest) Execute() (*OidcUserInfo, *http.Response, error) {
@@ -650,7 +657,7 @@ for more details about header format.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiGetOidcUserInfoRequest
*/
-func (a *OidcApiService) GetOidcUserInfo(ctx context.Context) ApiGetOidcUserInfoRequest {
+func (a *OidcAPIService) GetOidcUserInfo(ctx context.Context) ApiGetOidcUserInfoRequest {
return ApiGetOidcUserInfoRequest{
ApiService: a,
ctx: ctx,
@@ -660,7 +667,7 @@ func (a *OidcApiService) GetOidcUserInfo(ctx context.Context) ApiGetOidcUserInfo
// Execute executes the request
//
// @return OidcUserInfo
-func (a *OidcApiService) GetOidcUserInfoExecute(r ApiGetOidcUserInfoRequest) (*OidcUserInfo, *http.Response, error) {
+func (a *OidcAPIService) GetOidcUserInfoExecute(r ApiGetOidcUserInfoRequest) (*OidcUserInfo, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -668,7 +675,7 @@ func (a *OidcApiService) GetOidcUserInfoExecute(r ApiGetOidcUserInfoRequest) (*O
localVarReturnValue *OidcUserInfo
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.GetOidcUserInfo")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcAPIService.GetOidcUserInfo")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -706,9 +713,9 @@ func (a *OidcApiService) GetOidcUserInfoExecute(r ApiGetOidcUserInfoRequest) (*O
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -724,6 +731,7 @@ func (a *OidcApiService) GetOidcUserInfoExecute(r ApiGetOidcUserInfoRequest) (*O
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -742,7 +750,7 @@ func (a *OidcApiService) GetOidcUserInfoExecute(r ApiGetOidcUserInfoRequest) (*O
type ApiRevokeOidcSessionRequest struct {
ctx context.Context
- ApiService *OidcApiService
+ ApiService *OidcAPIService
}
func (r ApiRevokeOidcSessionRequest) Execute() (*http.Response, error) {
@@ -762,7 +770,7 @@ Back-channel logout is performed asynchronously and does not affect logout flow.
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiRevokeOidcSessionRequest
*/
-func (a *OidcApiService) RevokeOidcSession(ctx context.Context) ApiRevokeOidcSessionRequest {
+func (a *OidcAPIService) RevokeOidcSession(ctx context.Context) ApiRevokeOidcSessionRequest {
return ApiRevokeOidcSessionRequest{
ApiService: a,
ctx: ctx,
@@ -770,14 +778,14 @@ func (a *OidcApiService) RevokeOidcSession(ctx context.Context) ApiRevokeOidcSes
}
// Execute executes the request
-func (a *OidcApiService) RevokeOidcSessionExecute(r ApiRevokeOidcSessionRequest) (*http.Response, error) {
+func (a *OidcAPIService) RevokeOidcSessionExecute(r ApiRevokeOidcSessionRequest) (*http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
formFiles []formFile
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.RevokeOidcSession")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcAPIService.RevokeOidcSession")
if err != nil {
return nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -815,9 +823,9 @@ func (a *OidcApiService) RevokeOidcSessionExecute(r ApiRevokeOidcSessionRequest)
return localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarHTTPResponse, err
}
@@ -835,7 +843,7 @@ func (a *OidcApiService) RevokeOidcSessionExecute(r ApiRevokeOidcSessionRequest)
type ApiSetOidcDynamicClientRequest struct {
ctx context.Context
- ApiService *OidcApiService
+ ApiService *OidcAPIService
id string
oAuth2Client *OAuth2Client
}
@@ -873,7 +881,7 @@ generated for applications which want to consume your OAuth 2.0 or OpenID Connec
@param id OAuth 2.0 Client ID
@return ApiSetOidcDynamicClientRequest
*/
-func (a *OidcApiService) SetOidcDynamicClient(ctx context.Context, id string) ApiSetOidcDynamicClientRequest {
+func (a *OidcAPIService) SetOidcDynamicClient(ctx context.Context, id string) ApiSetOidcDynamicClientRequest {
return ApiSetOidcDynamicClientRequest{
ApiService: a,
ctx: ctx,
@@ -884,7 +892,7 @@ func (a *OidcApiService) SetOidcDynamicClient(ctx context.Context, id string) Ap
// Execute executes the request
//
// @return OAuth2Client
-func (a *OidcApiService) SetOidcDynamicClientExecute(r ApiSetOidcDynamicClientRequest) (*OAuth2Client, *http.Response, error) {
+func (a *OidcAPIService) SetOidcDynamicClientExecute(r ApiSetOidcDynamicClientRequest) (*OAuth2Client, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodPut
localVarPostBody interface{}
@@ -892,13 +900,13 @@ func (a *OidcApiService) SetOidcDynamicClientExecute(r ApiSetOidcDynamicClientRe
localVarReturnValue *OAuth2Client
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcApiService.SetOidcDynamicClient")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "OidcAPIService.SetOidcDynamicClient")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
localVarPath := localBasePath + "/oauth2/register/{id}"
- localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterToString(r.id, "")), -1)
+ localVarPath = strings.Replace(localVarPath, "{"+"id"+"}", url.PathEscape(parameterValueToString(r.id, "id")), -1)
localVarHeaderParams := make(map[string]string)
localVarQueryParams := url.Values{}
@@ -936,9 +944,9 @@ func (a *OidcApiService) SetOidcDynamicClientExecute(r ApiSetOidcDynamicClientRe
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -955,6 +963,7 @@ func (a *OidcApiService) SetOidcDynamicClientExecute(r ApiSetOidcDynamicClientRe
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
@@ -964,6 +973,7 @@ func (a *OidcApiService) SetOidcDynamicClientExecute(r ApiSetOidcDynamicClientRe
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
diff --git a/internal/httpclient/api_wellknown.go b/internal/httpclient/api_wellknown.go
index 2ba904fa4ef..ed51efc44b9 100644
--- a/internal/httpclient/api_wellknown.go
+++ b/internal/httpclient/api_wellknown.go
@@ -14,17 +14,17 @@ package openapi
import (
"bytes"
"context"
- "io/ioutil"
+ "io"
"net/http"
"net/url"
)
-// WellknownApiService WellknownApi service
-type WellknownApiService service
+// WellknownAPIService WellknownAPI service
+type WellknownAPIService service
type ApiDiscoverJsonWebKeysRequest struct {
ctx context.Context
- ApiService *WellknownApiService
+ ApiService *WellknownAPIService
}
func (r ApiDiscoverJsonWebKeysRequest) Execute() (*JsonWebKeySet, *http.Response, error) {
@@ -38,10 +38,13 @@ This endpoint returns JSON Web Keys required to verifying OpenID Connect ID Toke
if enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like
[node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.
+Adding custom keys requires first creating a keyset via the createJsonWebKeySet operation,
+and then configuring the webfinger.jwks.broadcast_keys configuration value to include the keyset name.
+
@param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
@return ApiDiscoverJsonWebKeysRequest
*/
-func (a *WellknownApiService) DiscoverJsonWebKeys(ctx context.Context) ApiDiscoverJsonWebKeysRequest {
+func (a *WellknownAPIService) DiscoverJsonWebKeys(ctx context.Context) ApiDiscoverJsonWebKeysRequest {
return ApiDiscoverJsonWebKeysRequest{
ApiService: a,
ctx: ctx,
@@ -51,7 +54,7 @@ func (a *WellknownApiService) DiscoverJsonWebKeys(ctx context.Context) ApiDiscov
// Execute executes the request
//
// @return JsonWebKeySet
-func (a *WellknownApiService) DiscoverJsonWebKeysExecute(r ApiDiscoverJsonWebKeysRequest) (*JsonWebKeySet, *http.Response, error) {
+func (a *WellknownAPIService) DiscoverJsonWebKeysExecute(r ApiDiscoverJsonWebKeysRequest) (*JsonWebKeySet, *http.Response, error) {
var (
localVarHTTPMethod = http.MethodGet
localVarPostBody interface{}
@@ -59,7 +62,7 @@ func (a *WellknownApiService) DiscoverJsonWebKeysExecute(r ApiDiscoverJsonWebKey
localVarReturnValue *JsonWebKeySet
)
- localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WellknownApiService.DiscoverJsonWebKeys")
+ localBasePath, err := a.client.cfg.ServerURLWithContext(r.ctx, "WellknownAPIService.DiscoverJsonWebKeys")
if err != nil {
return localVarReturnValue, nil, &GenericOpenAPIError{error: err.Error()}
}
@@ -97,9 +100,9 @@ func (a *WellknownApiService) DiscoverJsonWebKeysExecute(r ApiDiscoverJsonWebKey
return localVarReturnValue, localVarHTTPResponse, err
}
- localVarBody, err := ioutil.ReadAll(localVarHTTPResponse.Body)
+ localVarBody, err := io.ReadAll(localVarHTTPResponse.Body)
localVarHTTPResponse.Body.Close()
- localVarHTTPResponse.Body = ioutil.NopCloser(bytes.NewBuffer(localVarBody))
+ localVarHTTPResponse.Body = io.NopCloser(bytes.NewBuffer(localVarBody))
if err != nil {
return localVarReturnValue, localVarHTTPResponse, err
}
@@ -115,6 +118,7 @@ func (a *WellknownApiService) DiscoverJsonWebKeysExecute(r ApiDiscoverJsonWebKey
newErr.error = err.Error()
return localVarReturnValue, localVarHTTPResponse, newErr
}
+ newErr.error = formatErrorMessage(localVarHTTPResponse.Status, &v)
newErr.model = v
return localVarReturnValue, localVarHTTPResponse, newErr
}
diff --git a/internal/httpclient/client.go b/internal/httpclient/client.go
index fe7ccccad0b..81e81275c1e 100644
--- a/internal/httpclient/client.go
+++ b/internal/httpclient/client.go
@@ -19,7 +19,6 @@ import (
"errors"
"fmt"
"io"
- "io/ioutil"
"log"
"mime/multipart"
"net/http"
@@ -38,8 +37,10 @@ import (
)
var (
- jsonCheck = regexp.MustCompile(`(?i:(?:application|text)/(?:vnd\.[^;]+\+)?json)`)
- xmlCheck = regexp.MustCompile(`(?i:(?:application|text)/xml)`)
+ JsonCheck = regexp.MustCompile(`(?i:(?:application|text)/(?:[^;]+\+)?json)`)
+ XmlCheck = regexp.MustCompile(`(?i:(?:application|text)/(?:[^;]+\+)?xml)`)
+ queryParamSplit = regexp.MustCompile(`(^|&)([^&]+)`)
+ queryDescape = strings.NewReplacer("%5B", "[", "%5D", "]")
)
// APIClient manages communication with the Ory Hydra API API v
@@ -50,15 +51,15 @@ type APIClient struct {
// API Services
- JwkApi *JwkApiService
+ JwkAPI *JwkAPIService
- MetadataApi *MetadataApiService
+ MetadataAPI *MetadataAPIService
- OAuth2Api *OAuth2ApiService
+ OAuth2API *OAuth2APIService
- OidcApi *OidcApiService
+ OidcAPI *OidcAPIService
- WellknownApi *WellknownApiService
+ WellknownAPI *WellknownAPIService
}
type service struct {
@@ -77,11 +78,11 @@ func NewAPIClient(cfg *Configuration) *APIClient {
c.common.client = c
// API Services
- c.JwkApi = (*JwkApiService)(&c.common)
- c.MetadataApi = (*MetadataApiService)(&c.common)
- c.OAuth2Api = (*OAuth2ApiService)(&c.common)
- c.OidcApi = (*OidcApiService)(&c.common)
- c.WellknownApi = (*WellknownApiService)(&c.common)
+ c.JwkAPI = (*JwkAPIService)(&c.common)
+ c.MetadataAPI = (*MetadataAPIService)(&c.common)
+ c.OAuth2API = (*OAuth2APIService)(&c.common)
+ c.OidcAPI = (*OidcAPIService)(&c.common)
+ c.WellknownAPI = (*WellknownAPIService)(&c.common)
return c
}
@@ -133,33 +134,111 @@ func typeCheckParameter(obj interface{}, expected string, name string) error {
// Check the type is as expected.
if reflect.TypeOf(obj).String() != expected {
- return fmt.Errorf("Expected %s to be of type %s but received %s.", name, expected, reflect.TypeOf(obj).String())
+ return fmt.Errorf("expected %s to be of type %s but received %s", name, expected, reflect.TypeOf(obj).String())
}
return nil
}
-// parameterToString convert interface{} parameters to string, using a delimiter if format is provided.
-func parameterToString(obj interface{}, collectionFormat string) string {
- var delimiter string
-
- switch collectionFormat {
- case "pipes":
- delimiter = "|"
- case "ssv":
- delimiter = " "
- case "tsv":
- delimiter = "\t"
- case "csv":
- delimiter = ","
+func parameterValueToString(obj interface{}, key string) string {
+ if reflect.TypeOf(obj).Kind() != reflect.Ptr {
+ return fmt.Sprintf("%v", obj)
+ }
+ var param, ok = obj.(MappedNullable)
+ if !ok {
+ return ""
+ }
+ dataMap, err := param.ToMap()
+ if err != nil {
+ return ""
}
+ return fmt.Sprintf("%v", dataMap[key])
+}
+
+// parameterAddToHeaderOrQuery adds the provided object to the request header or url query
+// supporting deep object syntax
+func parameterAddToHeaderOrQuery(headerOrQueryParams interface{}, keyPrefix string, obj interface{}, collectionType string) {
+ var v = reflect.ValueOf(obj)
+ var value = ""
+ if v == reflect.ValueOf(nil) {
+ value = "null"
+ } else {
+ switch v.Kind() {
+ case reflect.Invalid:
+ value = "invalid"
+
+ case reflect.Struct:
+ if t, ok := obj.(MappedNullable); ok {
+ dataMap, err := t.ToMap()
+ if err != nil {
+ return
+ }
+ parameterAddToHeaderOrQuery(headerOrQueryParams, keyPrefix, dataMap, collectionType)
+ return
+ }
+ if t, ok := obj.(time.Time); ok {
+ parameterAddToHeaderOrQuery(headerOrQueryParams, keyPrefix, t.Format(time.RFC3339), collectionType)
+ return
+ }
+ value = v.Type().String() + " value"
+ case reflect.Slice:
+ var indValue = reflect.ValueOf(obj)
+ if indValue == reflect.ValueOf(nil) {
+ return
+ }
+ var lenIndValue = indValue.Len()
+ for i := 0; i < lenIndValue; i++ {
+ var arrayValue = indValue.Index(i)
+ parameterAddToHeaderOrQuery(headerOrQueryParams, keyPrefix, arrayValue.Interface(), collectionType)
+ }
+ return
+
+ case reflect.Map:
+ var indValue = reflect.ValueOf(obj)
+ if indValue == reflect.ValueOf(nil) {
+ return
+ }
+ iter := indValue.MapRange()
+ for iter.Next() {
+ k, v := iter.Key(), iter.Value()
+ parameterAddToHeaderOrQuery(headerOrQueryParams, fmt.Sprintf("%s[%s]", keyPrefix, k.String()), v.Interface(), collectionType)
+ }
+ return
+
+ case reflect.Interface:
+ fallthrough
+ case reflect.Ptr:
+ parameterAddToHeaderOrQuery(headerOrQueryParams, keyPrefix, v.Elem().Interface(), collectionType)
+ return
- if reflect.TypeOf(obj).Kind() == reflect.Slice {
- return strings.Trim(strings.Replace(fmt.Sprint(obj), " ", delimiter, -1), "[]")
- } else if t, ok := obj.(time.Time); ok {
- return t.Format(time.RFC3339)
+ case reflect.Int, reflect.Int8, reflect.Int16,
+ reflect.Int32, reflect.Int64:
+ value = strconv.FormatInt(v.Int(), 10)
+ case reflect.Uint, reflect.Uint8, reflect.Uint16,
+ reflect.Uint32, reflect.Uint64, reflect.Uintptr:
+ value = strconv.FormatUint(v.Uint(), 10)
+ case reflect.Float32, reflect.Float64:
+ value = strconv.FormatFloat(v.Float(), 'g', -1, 32)
+ case reflect.Bool:
+ value = strconv.FormatBool(v.Bool())
+ case reflect.String:
+ value = v.String()
+ default:
+ value = v.Type().String() + " value"
+ }
}
- return fmt.Sprintf("%v", obj)
+ switch valuesMap := headerOrQueryParams.(type) {
+ case url.Values:
+ if collectionType == "csv" && valuesMap.Get(keyPrefix) != "" {
+ valuesMap.Set(keyPrefix, valuesMap.Get(keyPrefix)+","+value)
+ } else {
+ valuesMap.Add(keyPrefix, value)
+ }
+ break
+ case map[string]string:
+ valuesMap[keyPrefix] = value
+ break
+ }
}
// helper for converting interface{} parameters to json strings
@@ -311,7 +390,11 @@ func (c *APIClient) prepareRequest(
}
// Encode the parameters.
- url.RawQuery = query.Encode()
+ url.RawQuery = queryParamSplit.ReplaceAllStringFunc(query.Encode(), func(s string) string {
+ pieces := strings.Split(s, "=")
+ pieces[0] = queryDescape.Replace(pieces[0])
+ return strings.Join(pieces, "=")
+ })
// Generate a new request
if body != nil {
@@ -378,8 +461,20 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err
*s = string(b)
return nil
}
+ if f, ok := v.(*os.File); ok {
+ f, err = os.CreateTemp("", "HttpClientFile")
+ if err != nil {
+ return
+ }
+ _, err = f.Write(b)
+ if err != nil {
+ return
+ }
+ _, err = f.Seek(0, io.SeekStart)
+ return
+ }
if f, ok := v.(**os.File); ok {
- *f, err = ioutil.TempFile("", "HttpClientFile")
+ *f, err = os.CreateTemp("", "HttpClientFile")
if err != nil {
return
}
@@ -390,13 +485,13 @@ func (c *APIClient) decode(v interface{}, b []byte, contentType string) (err err
_, err = (*f).Seek(0, io.SeekStart)
return
}
- if xmlCheck.MatchString(contentType) {
+ if XmlCheck.MatchString(contentType) {
if err = xml.Unmarshal(b, v); err != nil {
return err
}
return nil
}
- if jsonCheck.MatchString(contentType) {
+ if JsonCheck.MatchString(contentType) {
if actualObj, ok := v.(interface{ GetActualInstance() interface{} }); ok { // oneOf, anyOf schemas
if unmarshalObj, ok := actualObj.(interface{ UnmarshalJSON([]byte) error }); ok { // make sure it has UnmarshalJSON defined
if err = unmarshalObj.UnmarshalJSON(b); err != nil {
@@ -453,18 +548,22 @@ func setBody(body interface{}, contentType string) (bodyBuf *bytes.Buffer, err e
if reader, ok := body.(io.Reader); ok {
_, err = bodyBuf.ReadFrom(reader)
- } else if fp, ok := body.(**os.File); ok {
- _, err = bodyBuf.ReadFrom(*fp)
+ } else if fp, ok := body.(*os.File); ok {
+ _, err = bodyBuf.ReadFrom(fp)
} else if b, ok := body.([]byte); ok {
_, err = bodyBuf.Write(b)
} else if s, ok := body.(string); ok {
_, err = bodyBuf.WriteString(s)
} else if s, ok := body.(*string); ok {
_, err = bodyBuf.WriteString(*s)
- } else if jsonCheck.MatchString(contentType) {
+ } else if JsonCheck.MatchString(contentType) {
err = json.NewEncoder(bodyBuf).Encode(body)
- } else if xmlCheck.MatchString(contentType) {
- err = xml.NewEncoder(bodyBuf).Encode(body)
+ } else if XmlCheck.MatchString(contentType) {
+ var bs []byte
+ bs, err = xml.Marshal(body)
+ if err == nil {
+ bodyBuf.Write(bs)
+ }
}
if err != nil {
@@ -472,7 +571,7 @@ func setBody(body interface{}, contentType string) (bodyBuf *bytes.Buffer, err e
}
if bodyBuf.Len() == 0 {
- err = fmt.Errorf("Invalid body type %s\n", contentType)
+ err = fmt.Errorf("invalid body type %s\n", contentType)
return nil, err
}
return bodyBuf, nil
@@ -574,3 +673,23 @@ func (e GenericOpenAPIError) Body() []byte {
func (e GenericOpenAPIError) Model() interface{} {
return e.model
}
+
+// format error message using title and detail when model implements rfc7807
+func formatErrorMessage(status string, v interface{}) string {
+ str := ""
+ metaValue := reflect.ValueOf(v).Elem()
+
+ if metaValue.Kind() == reflect.Struct {
+ field := metaValue.FieldByName("Title")
+ if field != (reflect.Value{}) {
+ str = fmt.Sprintf("%s", field.Interface())
+ }
+
+ field = metaValue.FieldByName("Detail")
+ if field != (reflect.Value{}) {
+ str = fmt.Sprintf("%s (%s)", str, field.Interface())
+ }
+ }
+
+ return strings.TrimSpace(fmt.Sprintf("%s %s", status, str))
+}
diff --git a/internal/httpclient/configuration.go b/internal/httpclient/configuration.go
index 548fdbb05c1..4a85bc09c1a 100644
--- a/internal/httpclient/configuration.go
+++ b/internal/httpclient/configuration.go
@@ -38,12 +38,6 @@ var (
// ContextAccessToken takes a string oauth2 access token as authentication for the request.
ContextAccessToken = contextKey("accesstoken")
- // ContextAPIKeys takes a string apikey as authentication for the request
- ContextAPIKeys = contextKey("apiKeys")
-
- // ContextHttpSignatureAuth takes HttpSignatureAuth as authentication for the request.
- ContextHttpSignatureAuth = contextKey("httpsignature")
-
// ContextServerIndex uses a server configuration from the index.
ContextServerIndex = contextKey("serverIndex")
@@ -123,7 +117,7 @@ func (c *Configuration) AddDefaultHeader(key string, value string) {
// URL formats template on a index using given variables
func (sc ServerConfigurations) URL(index int, variables map[string]string) (string, error) {
if index < 0 || len(sc) <= index {
- return "", fmt.Errorf("Index %v out of range %v", index, len(sc)-1)
+ return "", fmt.Errorf("index %v out of range %v", index, len(sc)-1)
}
server := sc[index]
url := server.URL
@@ -138,7 +132,7 @@ func (sc ServerConfigurations) URL(index int, variables map[string]string) (stri
}
}
if !found {
- return "", fmt.Errorf("The variable %s in the server URL has invalid value %v. Must be %v", name, value, variable.EnumValues)
+ return "", fmt.Errorf("the variable %s in the server URL has invalid value %v. Must be %v", name, value, variable.EnumValues)
}
url = strings.Replace(url, "{"+name+"}", value, -1)
} else {
diff --git a/internal/httpclient/docs/AcceptDeviceUserCodeRequest.md b/internal/httpclient/docs/AcceptDeviceUserCodeRequest.md
new file mode 100644
index 00000000000..2f892922a77
--- /dev/null
+++ b/internal/httpclient/docs/AcceptDeviceUserCodeRequest.md
@@ -0,0 +1,56 @@
+# AcceptDeviceUserCodeRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**UserCode** | Pointer to **string** | | [optional]
+
+## Methods
+
+### NewAcceptDeviceUserCodeRequest
+
+`func NewAcceptDeviceUserCodeRequest() *AcceptDeviceUserCodeRequest`
+
+NewAcceptDeviceUserCodeRequest instantiates a new AcceptDeviceUserCodeRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewAcceptDeviceUserCodeRequestWithDefaults
+
+`func NewAcceptDeviceUserCodeRequestWithDefaults() *AcceptDeviceUserCodeRequest`
+
+NewAcceptDeviceUserCodeRequestWithDefaults instantiates a new AcceptDeviceUserCodeRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetUserCode
+
+`func (o *AcceptDeviceUserCodeRequest) GetUserCode() string`
+
+GetUserCode returns the UserCode field if non-nil, zero value otherwise.
+
+### GetUserCodeOk
+
+`func (o *AcceptDeviceUserCodeRequest) GetUserCodeOk() (*string, bool)`
+
+GetUserCodeOk returns a tuple with the UserCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserCode
+
+`func (o *AcceptDeviceUserCodeRequest) SetUserCode(v string)`
+
+SetUserCode sets UserCode field to given value.
+
+### HasUserCode
+
+`func (o *AcceptDeviceUserCodeRequest) HasUserCode() bool`
+
+HasUserCode returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/AcceptOAuth2ConsentRequest.md b/internal/httpclient/docs/AcceptOAuth2ConsentRequest.md
index ec518b5d77d..c6284d0c66b 100644
--- a/internal/httpclient/docs/AcceptOAuth2ConsentRequest.md
+++ b/internal/httpclient/docs/AcceptOAuth2ConsentRequest.md
@@ -4,6 +4,7 @@
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
+**Context** | Pointer to **interface{}** | | [optional]
**GrantAccessTokenAudience** | Pointer to **[]string** | | [optional]
**GrantScope** | Pointer to **[]string** | | [optional]
**HandledAt** | Pointer to **time.Time** | | [optional]
@@ -30,6 +31,41 @@ NewAcceptOAuth2ConsentRequestWithDefaults instantiates a new AcceptOAuth2Consent
This constructor will only assign default values to properties that have it defined,
but it doesn't guarantee that properties required by API are set
+### GetContext
+
+`func (o *AcceptOAuth2ConsentRequest) GetContext() interface{}`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *AcceptOAuth2ConsentRequest) GetContextOk() (*interface{}, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *AcceptOAuth2ConsentRequest) SetContext(v interface{})`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *AcceptOAuth2ConsentRequest) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### SetContextNil
+
+`func (o *AcceptOAuth2ConsentRequest) SetContextNil(b bool)`
+
+ SetContextNil sets the value for Context to be an explicit nil
+
+### UnsetContext
+`func (o *AcceptOAuth2ConsentRequest) UnsetContext()`
+
+UnsetContext ensures that no value is present for Context, not even an explicit nil
### GetGrantAccessTokenAudience
`func (o *AcceptOAuth2ConsentRequest) GetGrantAccessTokenAudience() []string`
diff --git a/internal/httpclient/docs/DeviceAuthorization.md b/internal/httpclient/docs/DeviceAuthorization.md
new file mode 100644
index 00000000000..4ba933a4b24
--- /dev/null
+++ b/internal/httpclient/docs/DeviceAuthorization.md
@@ -0,0 +1,186 @@
+# DeviceAuthorization
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**DeviceCode** | Pointer to **string** | The device verification code. | [optional]
+**ExpiresIn** | Pointer to **int64** | The lifetime in seconds of the \"device_code\" and \"user_code\". | [optional]
+**Interval** | Pointer to **int64** | The minimum amount of time in seconds that the client SHOULD wait between polling requests to the token endpoint. If no value is provided, clients MUST use 5 as the default. | [optional]
+**UserCode** | Pointer to **string** | The end-user verification code. | [optional]
+**VerificationUri** | Pointer to **string** | The end-user verification URI on the authorization server. The URI should be short and easy to remember as end users will be asked to manually type it into their user agent. | [optional]
+**VerificationUriComplete** | Pointer to **string** | A verification URI that includes the \"user_code\" (or other information with the same function as the \"user_code\"), which is designed for non-textual transmission. | [optional]
+
+## Methods
+
+### NewDeviceAuthorization
+
+`func NewDeviceAuthorization() *DeviceAuthorization`
+
+NewDeviceAuthorization instantiates a new DeviceAuthorization object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceAuthorizationWithDefaults
+
+`func NewDeviceAuthorizationWithDefaults() *DeviceAuthorization`
+
+NewDeviceAuthorizationWithDefaults instantiates a new DeviceAuthorization object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetDeviceCode
+
+`func (o *DeviceAuthorization) GetDeviceCode() string`
+
+GetDeviceCode returns the DeviceCode field if non-nil, zero value otherwise.
+
+### GetDeviceCodeOk
+
+`func (o *DeviceAuthorization) GetDeviceCodeOk() (*string, bool)`
+
+GetDeviceCodeOk returns a tuple with the DeviceCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceCode
+
+`func (o *DeviceAuthorization) SetDeviceCode(v string)`
+
+SetDeviceCode sets DeviceCode field to given value.
+
+### HasDeviceCode
+
+`func (o *DeviceAuthorization) HasDeviceCode() bool`
+
+HasDeviceCode returns a boolean if a field has been set.
+
+### GetExpiresIn
+
+`func (o *DeviceAuthorization) GetExpiresIn() int64`
+
+GetExpiresIn returns the ExpiresIn field if non-nil, zero value otherwise.
+
+### GetExpiresInOk
+
+`func (o *DeviceAuthorization) GetExpiresInOk() (*int64, bool)`
+
+GetExpiresInOk returns a tuple with the ExpiresIn field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetExpiresIn
+
+`func (o *DeviceAuthorization) SetExpiresIn(v int64)`
+
+SetExpiresIn sets ExpiresIn field to given value.
+
+### HasExpiresIn
+
+`func (o *DeviceAuthorization) HasExpiresIn() bool`
+
+HasExpiresIn returns a boolean if a field has been set.
+
+### GetInterval
+
+`func (o *DeviceAuthorization) GetInterval() int64`
+
+GetInterval returns the Interval field if non-nil, zero value otherwise.
+
+### GetIntervalOk
+
+`func (o *DeviceAuthorization) GetIntervalOk() (*int64, bool)`
+
+GetIntervalOk returns a tuple with the Interval field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetInterval
+
+`func (o *DeviceAuthorization) SetInterval(v int64)`
+
+SetInterval sets Interval field to given value.
+
+### HasInterval
+
+`func (o *DeviceAuthorization) HasInterval() bool`
+
+HasInterval returns a boolean if a field has been set.
+
+### GetUserCode
+
+`func (o *DeviceAuthorization) GetUserCode() string`
+
+GetUserCode returns the UserCode field if non-nil, zero value otherwise.
+
+### GetUserCodeOk
+
+`func (o *DeviceAuthorization) GetUserCodeOk() (*string, bool)`
+
+GetUserCodeOk returns a tuple with the UserCode field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetUserCode
+
+`func (o *DeviceAuthorization) SetUserCode(v string)`
+
+SetUserCode sets UserCode field to given value.
+
+### HasUserCode
+
+`func (o *DeviceAuthorization) HasUserCode() bool`
+
+HasUserCode returns a boolean if a field has been set.
+
+### GetVerificationUri
+
+`func (o *DeviceAuthorization) GetVerificationUri() string`
+
+GetVerificationUri returns the VerificationUri field if non-nil, zero value otherwise.
+
+### GetVerificationUriOk
+
+`func (o *DeviceAuthorization) GetVerificationUriOk() (*string, bool)`
+
+GetVerificationUriOk returns a tuple with the VerificationUri field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerificationUri
+
+`func (o *DeviceAuthorization) SetVerificationUri(v string)`
+
+SetVerificationUri sets VerificationUri field to given value.
+
+### HasVerificationUri
+
+`func (o *DeviceAuthorization) HasVerificationUri() bool`
+
+HasVerificationUri returns a boolean if a field has been set.
+
+### GetVerificationUriComplete
+
+`func (o *DeviceAuthorization) GetVerificationUriComplete() string`
+
+GetVerificationUriComplete returns the VerificationUriComplete field if non-nil, zero value otherwise.
+
+### GetVerificationUriCompleteOk
+
+`func (o *DeviceAuthorization) GetVerificationUriCompleteOk() (*string, bool)`
+
+GetVerificationUriCompleteOk returns a tuple with the VerificationUriComplete field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetVerificationUriComplete
+
+`func (o *DeviceAuthorization) SetVerificationUriComplete(v string)`
+
+SetVerificationUriComplete sets VerificationUriComplete field to given value.
+
+### HasVerificationUriComplete
+
+`func (o *DeviceAuthorization) HasVerificationUriComplete() bool`
+
+HasVerificationUriComplete returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/DeviceUserAuthRequest.md b/internal/httpclient/docs/DeviceUserAuthRequest.md
new file mode 100644
index 00000000000..ae99e6223ff
--- /dev/null
+++ b/internal/httpclient/docs/DeviceUserAuthRequest.md
@@ -0,0 +1,181 @@
+# DeviceUserAuthRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Challenge** | **string** | ID is the identifier (\"device challenge\") of the device grant request. It is used to identify the session. |
+**Client** | Pointer to [**OAuth2Client**](OAuth2Client.md) | | [optional]
+**HandledAt** | Pointer to **time.Time** | | [optional]
+**RequestUrl** | Pointer to **string** | RequestURL is the original Device Authorization URL requested. | [optional]
+**RequestedAccessTokenAudience** | Pointer to **[]string** | | [optional]
+**RequestedScope** | Pointer to **[]string** | | [optional]
+
+## Methods
+
+### NewDeviceUserAuthRequest
+
+`func NewDeviceUserAuthRequest(challenge string, ) *DeviceUserAuthRequest`
+
+NewDeviceUserAuthRequest instantiates a new DeviceUserAuthRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewDeviceUserAuthRequestWithDefaults
+
+`func NewDeviceUserAuthRequestWithDefaults() *DeviceUserAuthRequest`
+
+NewDeviceUserAuthRequestWithDefaults instantiates a new DeviceUserAuthRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetChallenge
+
+`func (o *DeviceUserAuthRequest) GetChallenge() string`
+
+GetChallenge returns the Challenge field if non-nil, zero value otherwise.
+
+### GetChallengeOk
+
+`func (o *DeviceUserAuthRequest) GetChallengeOk() (*string, bool)`
+
+GetChallengeOk returns a tuple with the Challenge field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChallenge
+
+`func (o *DeviceUserAuthRequest) SetChallenge(v string)`
+
+SetChallenge sets Challenge field to given value.
+
+
+### GetClient
+
+`func (o *DeviceUserAuthRequest) GetClient() OAuth2Client`
+
+GetClient returns the Client field if non-nil, zero value otherwise.
+
+### GetClientOk
+
+`func (o *DeviceUserAuthRequest) GetClientOk() (*OAuth2Client, bool)`
+
+GetClientOk returns a tuple with the Client field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClient
+
+`func (o *DeviceUserAuthRequest) SetClient(v OAuth2Client)`
+
+SetClient sets Client field to given value.
+
+### HasClient
+
+`func (o *DeviceUserAuthRequest) HasClient() bool`
+
+HasClient returns a boolean if a field has been set.
+
+### GetHandledAt
+
+`func (o *DeviceUserAuthRequest) GetHandledAt() time.Time`
+
+GetHandledAt returns the HandledAt field if non-nil, zero value otherwise.
+
+### GetHandledAtOk
+
+`func (o *DeviceUserAuthRequest) GetHandledAtOk() (*time.Time, bool)`
+
+GetHandledAtOk returns a tuple with the HandledAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHandledAt
+
+`func (o *DeviceUserAuthRequest) SetHandledAt(v time.Time)`
+
+SetHandledAt sets HandledAt field to given value.
+
+### HasHandledAt
+
+`func (o *DeviceUserAuthRequest) HasHandledAt() bool`
+
+HasHandledAt returns a boolean if a field has been set.
+
+### GetRequestUrl
+
+`func (o *DeviceUserAuthRequest) GetRequestUrl() string`
+
+GetRequestUrl returns the RequestUrl field if non-nil, zero value otherwise.
+
+### GetRequestUrlOk
+
+`func (o *DeviceUserAuthRequest) GetRequestUrlOk() (*string, bool)`
+
+GetRequestUrlOk returns a tuple with the RequestUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestUrl
+
+`func (o *DeviceUserAuthRequest) SetRequestUrl(v string)`
+
+SetRequestUrl sets RequestUrl field to given value.
+
+### HasRequestUrl
+
+`func (o *DeviceUserAuthRequest) HasRequestUrl() bool`
+
+HasRequestUrl returns a boolean if a field has been set.
+
+### GetRequestedAccessTokenAudience
+
+`func (o *DeviceUserAuthRequest) GetRequestedAccessTokenAudience() []string`
+
+GetRequestedAccessTokenAudience returns the RequestedAccessTokenAudience field if non-nil, zero value otherwise.
+
+### GetRequestedAccessTokenAudienceOk
+
+`func (o *DeviceUserAuthRequest) GetRequestedAccessTokenAudienceOk() (*[]string, bool)`
+
+GetRequestedAccessTokenAudienceOk returns a tuple with the RequestedAccessTokenAudience field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestedAccessTokenAudience
+
+`func (o *DeviceUserAuthRequest) SetRequestedAccessTokenAudience(v []string)`
+
+SetRequestedAccessTokenAudience sets RequestedAccessTokenAudience field to given value.
+
+### HasRequestedAccessTokenAudience
+
+`func (o *DeviceUserAuthRequest) HasRequestedAccessTokenAudience() bool`
+
+HasRequestedAccessTokenAudience returns a boolean if a field has been set.
+
+### GetRequestedScope
+
+`func (o *DeviceUserAuthRequest) GetRequestedScope() []string`
+
+GetRequestedScope returns the RequestedScope field if non-nil, zero value otherwise.
+
+### GetRequestedScopeOk
+
+`func (o *DeviceUserAuthRequest) GetRequestedScopeOk() (*[]string, bool)`
+
+GetRequestedScopeOk returns a tuple with the RequestedScope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestedScope
+
+`func (o *DeviceUserAuthRequest) SetRequestedScope(v []string)`
+
+SetRequestedScope sets RequestedScope field to given value.
+
+### HasRequestedScope
+
+`func (o *DeviceUserAuthRequest) HasRequestedScope() bool`
+
+HasRequestedScope returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/JwkApi.md b/internal/httpclient/docs/JwkAPI.md
similarity index 61%
rename from internal/httpclient/docs/JwkApi.md
rename to internal/httpclient/docs/JwkAPI.md
index 3527e0b9622..73db4fd70ee 100644
--- a/internal/httpclient/docs/JwkApi.md
+++ b/internal/httpclient/docs/JwkAPI.md
@@ -1,16 +1,16 @@
-# \JwkApi
+# \JwkAPI
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
-[**CreateJsonWebKeySet**](JwkApi.md#CreateJsonWebKeySet) | **Post** /admin/keys/{set} | Create JSON Web Key
-[**DeleteJsonWebKey**](JwkApi.md#DeleteJsonWebKey) | **Delete** /admin/keys/{set}/{kid} | Delete JSON Web Key
-[**DeleteJsonWebKeySet**](JwkApi.md#DeleteJsonWebKeySet) | **Delete** /admin/keys/{set} | Delete JSON Web Key Set
-[**GetJsonWebKey**](JwkApi.md#GetJsonWebKey) | **Get** /admin/keys/{set}/{kid} | Get JSON Web Key
-[**GetJsonWebKeySet**](JwkApi.md#GetJsonWebKeySet) | **Get** /admin/keys/{set} | Retrieve a JSON Web Key Set
-[**SetJsonWebKey**](JwkApi.md#SetJsonWebKey) | **Put** /admin/keys/{set}/{kid} | Set JSON Web Key
-[**SetJsonWebKeySet**](JwkApi.md#SetJsonWebKeySet) | **Put** /admin/keys/{set} | Update a JSON Web Key Set
+[**CreateJsonWebKeySet**](JwkAPI.md#CreateJsonWebKeySet) | **Post** /admin/keys/{set} | Create JSON Web Key
+[**DeleteJsonWebKey**](JwkAPI.md#DeleteJsonWebKey) | **Delete** /admin/keys/{set}/{kid} | Delete JSON Web Key
+[**DeleteJsonWebKeySet**](JwkAPI.md#DeleteJsonWebKeySet) | **Delete** /admin/keys/{set} | Delete JSON Web Key Set
+[**GetJsonWebKey**](JwkAPI.md#GetJsonWebKey) | **Get** /admin/keys/{set}/{kid} | Get JSON Web Key
+[**GetJsonWebKeySet**](JwkAPI.md#GetJsonWebKeySet) | **Get** /admin/keys/{set} | Retrieve a JSON Web Key Set
+[**SetJsonWebKey**](JwkAPI.md#SetJsonWebKey) | **Put** /admin/keys/{set}/{kid} | Set JSON Web Key
+[**SetJsonWebKeySet**](JwkAPI.md#SetJsonWebKeySet) | **Put** /admin/keys/{set} | Update a JSON Web Key Set
@@ -28,25 +28,25 @@ Create JSON Web Key
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- set := "set_example" // string | The JSON Web Key Set ID
- createJsonWebKeySet := *openapiclient.NewCreateJsonWebKeySet("Alg_example", "Kid_example", "Use_example") // CreateJsonWebKeySet |
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.JwkApi.CreateJsonWebKeySet(context.Background(), set).CreateJsonWebKeySet(createJsonWebKeySet).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `JwkApi.CreateJsonWebKeySet``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `CreateJsonWebKeySet`: JsonWebKeySet
- fmt.Fprintf(os.Stdout, "Response from `JwkApi.CreateJsonWebKeySet`: %v\n", resp)
+ set := "set_example" // string | The JSON Web Key Set ID
+ createJsonWebKeySet := *openapiclient.NewCreateJsonWebKeySet("Alg_example", "Kid_example", "Use_example") // CreateJsonWebKeySet |
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.JwkAPI.CreateJsonWebKeySet(context.Background(), set).CreateJsonWebKeySet(createJsonWebKeySet).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `JwkAPI.CreateJsonWebKeySet``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `CreateJsonWebKeySet`: JsonWebKeySet
+ fmt.Fprintf(os.Stdout, "Response from `JwkAPI.CreateJsonWebKeySet`: %v\n", resp)
}
```
@@ -100,23 +100,23 @@ Delete JSON Web Key
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- set := "set_example" // string | The JSON Web Key Set
- kid := "kid_example" // string | The JSON Web Key ID (kid)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.JwkApi.DeleteJsonWebKey(context.Background(), set, kid).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `JwkApi.DeleteJsonWebKey``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ set := "set_example" // string | The JSON Web Key Set
+ kid := "kid_example" // string | The JSON Web Key ID (kid)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.JwkAPI.DeleteJsonWebKey(context.Background(), set, kid).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `JwkAPI.DeleteJsonWebKey``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -171,22 +171,22 @@ Delete JSON Web Key Set
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- set := "set_example" // string | The JSON Web Key Set
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.JwkApi.DeleteJsonWebKeySet(context.Background(), set).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `JwkApi.DeleteJsonWebKeySet``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ set := "set_example" // string | The JSON Web Key Set
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.JwkAPI.DeleteJsonWebKeySet(context.Background(), set).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `JwkAPI.DeleteJsonWebKeySet``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -239,25 +239,25 @@ Get JSON Web Key
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- set := "set_example" // string | JSON Web Key Set ID
- kid := "kid_example" // string | JSON Web Key ID
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.JwkApi.GetJsonWebKey(context.Background(), set, kid).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `JwkApi.GetJsonWebKey``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetJsonWebKey`: JsonWebKeySet
- fmt.Fprintf(os.Stdout, "Response from `JwkApi.GetJsonWebKey`: %v\n", resp)
+ set := "set_example" // string | JSON Web Key Set ID
+ kid := "kid_example" // string | JSON Web Key ID
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.JwkAPI.GetJsonWebKey(context.Background(), set, kid).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `JwkAPI.GetJsonWebKey``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetJsonWebKey`: JsonWebKeySet
+ fmt.Fprintf(os.Stdout, "Response from `JwkAPI.GetJsonWebKey`: %v\n", resp)
}
```
@@ -312,24 +312,24 @@ Retrieve a JSON Web Key Set
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- set := "set_example" // string | JSON Web Key Set ID
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.JwkApi.GetJsonWebKeySet(context.Background(), set).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `JwkApi.GetJsonWebKeySet``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetJsonWebKeySet`: JsonWebKeySet
- fmt.Fprintf(os.Stdout, "Response from `JwkApi.GetJsonWebKeySet`: %v\n", resp)
+ set := "set_example" // string | JSON Web Key Set ID
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.JwkAPI.GetJsonWebKeySet(context.Background(), set).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `JwkAPI.GetJsonWebKeySet``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetJsonWebKeySet`: JsonWebKeySet
+ fmt.Fprintf(os.Stdout, "Response from `JwkAPI.GetJsonWebKeySet`: %v\n", resp)
}
```
@@ -382,26 +382,26 @@ Set JSON Web Key
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- set := "set_example" // string | The JSON Web Key Set ID
- kid := "kid_example" // string | JSON Web Key ID
- jsonWebKey := *openapiclient.NewJsonWebKey("RS256", "1603dfe0af8f4596", "RSA", "sig") // JsonWebKey | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.JwkApi.SetJsonWebKey(context.Background(), set, kid).JsonWebKey(jsonWebKey).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `JwkApi.SetJsonWebKey``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `SetJsonWebKey`: JsonWebKey
- fmt.Fprintf(os.Stdout, "Response from `JwkApi.SetJsonWebKey`: %v\n", resp)
+ set := "set_example" // string | The JSON Web Key Set ID
+ kid := "kid_example" // string | JSON Web Key ID
+ jsonWebKey := *openapiclient.NewJsonWebKey("RS256", "1603dfe0af8f4596", "RSA", "sig") // JsonWebKey | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.JwkAPI.SetJsonWebKey(context.Background(), set, kid).JsonWebKey(jsonWebKey).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `JwkAPI.SetJsonWebKey``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `SetJsonWebKey`: JsonWebKey
+ fmt.Fprintf(os.Stdout, "Response from `JwkAPI.SetJsonWebKey`: %v\n", resp)
}
```
@@ -457,25 +457,25 @@ Update a JSON Web Key Set
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- set := "set_example" // string | The JSON Web Key Set ID
- jsonWebKeySet := *openapiclient.NewJsonWebKeySet() // JsonWebKeySet | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.JwkApi.SetJsonWebKeySet(context.Background(), set).JsonWebKeySet(jsonWebKeySet).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `JwkApi.SetJsonWebKeySet``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `SetJsonWebKeySet`: JsonWebKeySet
- fmt.Fprintf(os.Stdout, "Response from `JwkApi.SetJsonWebKeySet`: %v\n", resp)
+ set := "set_example" // string | The JSON Web Key Set ID
+ jsonWebKeySet := *openapiclient.NewJsonWebKeySet() // JsonWebKeySet | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.JwkAPI.SetJsonWebKeySet(context.Background(), set).JsonWebKeySet(jsonWebKeySet).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `JwkAPI.SetJsonWebKeySet``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `SetJsonWebKeySet`: JsonWebKeySet
+ fmt.Fprintf(os.Stdout, "Response from `JwkAPI.SetJsonWebKeySet`: %v\n", resp)
}
```
diff --git a/internal/httpclient/docs/MetadataApi.md b/internal/httpclient/docs/MetadataAPI.md
similarity index 56%
rename from internal/httpclient/docs/MetadataApi.md
rename to internal/httpclient/docs/MetadataAPI.md
index 064272fd09b..6280313b670 100644
--- a/internal/httpclient/docs/MetadataApi.md
+++ b/internal/httpclient/docs/MetadataAPI.md
@@ -1,12 +1,12 @@
-# \MetadataApi
+# \MetadataAPI
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
-[**GetVersion**](MetadataApi.md#GetVersion) | **Get** /version | Return Running Software Version.
-[**IsAlive**](MetadataApi.md#IsAlive) | **Get** /health/alive | Check HTTP Server Status
-[**IsReady**](MetadataApi.md#IsReady) | **Get** /health/ready | Check HTTP Server and Database Status
+[**GetVersion**](MetadataAPI.md#GetVersion) | **Get** /version | Return Running Software Version.
+[**IsAlive**](MetadataAPI.md#IsAlive) | **Get** /health/alive | Check HTTP Server Status
+[**IsReady**](MetadataAPI.md#IsReady) | **Get** /health/ready | Check HTTP Server and Database Status
@@ -24,23 +24,23 @@ Return Running Software Version.
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.MetadataApi.GetVersion(context.Background()).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `MetadataApi.GetVersion``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetVersion`: GetVersion200Response
- fmt.Fprintf(os.Stdout, "Response from `MetadataApi.GetVersion`: %v\n", resp)
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.MetadataAPI.GetVersion(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `MetadataAPI.GetVersion``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetVersion`: GetVersion200Response
+ fmt.Fprintf(os.Stdout, "Response from `MetadataAPI.GetVersion`: %v\n", resp)
}
```
@@ -85,23 +85,23 @@ Check HTTP Server Status
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.MetadataApi.IsAlive(context.Background()).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `MetadataApi.IsAlive``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `IsAlive`: HealthStatus
- fmt.Fprintf(os.Stdout, "Response from `MetadataApi.IsAlive`: %v\n", resp)
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.MetadataAPI.IsAlive(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `MetadataAPI.IsAlive``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `IsAlive`: HealthStatus
+ fmt.Fprintf(os.Stdout, "Response from `MetadataAPI.IsAlive`: %v\n", resp)
}
```
@@ -146,23 +146,23 @@ Check HTTP Server and Database Status
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.MetadataApi.IsReady(context.Background()).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `MetadataApi.IsReady``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `IsReady`: IsReady200Response
- fmt.Fprintf(os.Stdout, "Response from `MetadataApi.IsReady`: %v\n", resp)
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.MetadataAPI.IsReady(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `MetadataAPI.IsReady``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `IsReady`: IsReady200Response
+ fmt.Fprintf(os.Stdout, "Response from `MetadataAPI.IsReady`: %v\n", resp)
}
```
diff --git a/internal/httpclient/docs/OAuth2Api.md b/internal/httpclient/docs/OAuth2API.md
similarity index 53%
rename from internal/httpclient/docs/OAuth2Api.md
rename to internal/httpclient/docs/OAuth2API.md
index c5b4aff638c..0ca7f601f10 100644
--- a/internal/httpclient/docs/OAuth2Api.md
+++ b/internal/httpclient/docs/OAuth2API.md
@@ -1,37 +1,40 @@
-# \OAuth2Api
+# \OAuth2API
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
-[**AcceptOAuth2ConsentRequest**](OAuth2Api.md#AcceptOAuth2ConsentRequest) | **Put** /admin/oauth2/auth/requests/consent/accept | Accept OAuth 2.0 Consent Request
-[**AcceptOAuth2LoginRequest**](OAuth2Api.md#AcceptOAuth2LoginRequest) | **Put** /admin/oauth2/auth/requests/login/accept | Accept OAuth 2.0 Login Request
-[**AcceptOAuth2LogoutRequest**](OAuth2Api.md#AcceptOAuth2LogoutRequest) | **Put** /admin/oauth2/auth/requests/logout/accept | Accept OAuth 2.0 Session Logout Request
-[**CreateOAuth2Client**](OAuth2Api.md#CreateOAuth2Client) | **Post** /admin/clients | Create OAuth 2.0 Client
-[**DeleteOAuth2Client**](OAuth2Api.md#DeleteOAuth2Client) | **Delete** /admin/clients/{id} | Delete OAuth 2.0 Client
-[**DeleteOAuth2Token**](OAuth2Api.md#DeleteOAuth2Token) | **Delete** /admin/oauth2/tokens | Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client
-[**DeleteTrustedOAuth2JwtGrantIssuer**](OAuth2Api.md#DeleteTrustedOAuth2JwtGrantIssuer) | **Delete** /admin/trust/grants/jwt-bearer/issuers/{id} | Delete Trusted OAuth2 JWT Bearer Grant Type Issuer
-[**GetOAuth2Client**](OAuth2Api.md#GetOAuth2Client) | **Get** /admin/clients/{id} | Get an OAuth 2.0 Client
-[**GetOAuth2ConsentRequest**](OAuth2Api.md#GetOAuth2ConsentRequest) | **Get** /admin/oauth2/auth/requests/consent | Get OAuth 2.0 Consent Request
-[**GetOAuth2LoginRequest**](OAuth2Api.md#GetOAuth2LoginRequest) | **Get** /admin/oauth2/auth/requests/login | Get OAuth 2.0 Login Request
-[**GetOAuth2LogoutRequest**](OAuth2Api.md#GetOAuth2LogoutRequest) | **Get** /admin/oauth2/auth/requests/logout | Get OAuth 2.0 Session Logout Request
-[**GetTrustedOAuth2JwtGrantIssuer**](OAuth2Api.md#GetTrustedOAuth2JwtGrantIssuer) | **Get** /admin/trust/grants/jwt-bearer/issuers/{id} | Get Trusted OAuth2 JWT Bearer Grant Type Issuer
-[**IntrospectOAuth2Token**](OAuth2Api.md#IntrospectOAuth2Token) | **Post** /admin/oauth2/introspect | Introspect OAuth2 Access and Refresh Tokens
-[**ListOAuth2Clients**](OAuth2Api.md#ListOAuth2Clients) | **Get** /admin/clients | List OAuth 2.0 Clients
-[**ListOAuth2ConsentSessions**](OAuth2Api.md#ListOAuth2ConsentSessions) | **Get** /admin/oauth2/auth/sessions/consent | List OAuth 2.0 Consent Sessions of a Subject
-[**ListTrustedOAuth2JwtGrantIssuers**](OAuth2Api.md#ListTrustedOAuth2JwtGrantIssuers) | **Get** /admin/trust/grants/jwt-bearer/issuers | List Trusted OAuth2 JWT Bearer Grant Type Issuers
-[**OAuth2Authorize**](OAuth2Api.md#OAuth2Authorize) | **Get** /oauth2/auth | OAuth 2.0 Authorize Endpoint
-[**Oauth2TokenExchange**](OAuth2Api.md#Oauth2TokenExchange) | **Post** /oauth2/token | The OAuth 2.0 Token Endpoint
-[**PatchOAuth2Client**](OAuth2Api.md#PatchOAuth2Client) | **Patch** /admin/clients/{id} | Patch OAuth 2.0 Client
-[**RejectOAuth2ConsentRequest**](OAuth2Api.md#RejectOAuth2ConsentRequest) | **Put** /admin/oauth2/auth/requests/consent/reject | Reject OAuth 2.0 Consent Request
-[**RejectOAuth2LoginRequest**](OAuth2Api.md#RejectOAuth2LoginRequest) | **Put** /admin/oauth2/auth/requests/login/reject | Reject OAuth 2.0 Login Request
-[**RejectOAuth2LogoutRequest**](OAuth2Api.md#RejectOAuth2LogoutRequest) | **Put** /admin/oauth2/auth/requests/logout/reject | Reject OAuth 2.0 Session Logout Request
-[**RevokeOAuth2ConsentSessions**](OAuth2Api.md#RevokeOAuth2ConsentSessions) | **Delete** /admin/oauth2/auth/sessions/consent | Revoke OAuth 2.0 Consent Sessions of a Subject
-[**RevokeOAuth2LoginSessions**](OAuth2Api.md#RevokeOAuth2LoginSessions) | **Delete** /admin/oauth2/auth/sessions/login | Revokes OAuth 2.0 Login Sessions by either a Subject or a SessionID
-[**RevokeOAuth2Token**](OAuth2Api.md#RevokeOAuth2Token) | **Post** /oauth2/revoke | Revoke OAuth 2.0 Access or Refresh Token
-[**SetOAuth2Client**](OAuth2Api.md#SetOAuth2Client) | **Put** /admin/clients/{id} | Set OAuth 2.0 Client
-[**SetOAuth2ClientLifespans**](OAuth2Api.md#SetOAuth2ClientLifespans) | **Put** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans
-[**TrustOAuth2JwtGrantIssuer**](OAuth2Api.md#TrustOAuth2JwtGrantIssuer) | **Post** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer
+[**AcceptOAuth2ConsentRequest**](OAuth2API.md#AcceptOAuth2ConsentRequest) | **Put** /admin/oauth2/auth/requests/consent/accept | Accept OAuth 2.0 Consent Request
+[**AcceptOAuth2LoginRequest**](OAuth2API.md#AcceptOAuth2LoginRequest) | **Put** /admin/oauth2/auth/requests/login/accept | Accept OAuth 2.0 Login Request
+[**AcceptOAuth2LogoutRequest**](OAuth2API.md#AcceptOAuth2LogoutRequest) | **Put** /admin/oauth2/auth/requests/logout/accept | Accept OAuth 2.0 Session Logout Request
+[**AcceptUserCodeRequest**](OAuth2API.md#AcceptUserCodeRequest) | **Put** /admin/oauth2/auth/requests/device/accept | Accepts a device grant user_code request
+[**CreateOAuth2Client**](OAuth2API.md#CreateOAuth2Client) | **Post** /admin/clients | Create OAuth 2.0 Client
+[**DeleteOAuth2Client**](OAuth2API.md#DeleteOAuth2Client) | **Delete** /admin/clients/{id} | Delete OAuth 2.0 Client
+[**DeleteOAuth2Token**](OAuth2API.md#DeleteOAuth2Token) | **Delete** /admin/oauth2/tokens | Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client
+[**DeleteTrustedOAuth2JwtGrantIssuer**](OAuth2API.md#DeleteTrustedOAuth2JwtGrantIssuer) | **Delete** /admin/trust/grants/jwt-bearer/issuers/{id} | Delete Trusted OAuth2 JWT Bearer Grant Type Issuer
+[**GetOAuth2Client**](OAuth2API.md#GetOAuth2Client) | **Get** /admin/clients/{id} | Get an OAuth 2.0 Client
+[**GetOAuth2ConsentRequest**](OAuth2API.md#GetOAuth2ConsentRequest) | **Get** /admin/oauth2/auth/requests/consent | Get OAuth 2.0 Consent Request
+[**GetOAuth2LoginRequest**](OAuth2API.md#GetOAuth2LoginRequest) | **Get** /admin/oauth2/auth/requests/login | Get OAuth 2.0 Login Request
+[**GetOAuth2LogoutRequest**](OAuth2API.md#GetOAuth2LogoutRequest) | **Get** /admin/oauth2/auth/requests/logout | Get OAuth 2.0 Session Logout Request
+[**GetTrustedOAuth2JwtGrantIssuer**](OAuth2API.md#GetTrustedOAuth2JwtGrantIssuer) | **Get** /admin/trust/grants/jwt-bearer/issuers/{id} | Get Trusted OAuth2 JWT Bearer Grant Type Issuer
+[**IntrospectOAuth2Token**](OAuth2API.md#IntrospectOAuth2Token) | **Post** /admin/oauth2/introspect | Introspect OAuth2 Access and Refresh Tokens
+[**ListOAuth2Clients**](OAuth2API.md#ListOAuth2Clients) | **Get** /admin/clients | List OAuth 2.0 Clients
+[**ListOAuth2ConsentSessions**](OAuth2API.md#ListOAuth2ConsentSessions) | **Get** /admin/oauth2/auth/sessions/consent | List OAuth 2.0 Consent Sessions of a Subject
+[**ListTrustedOAuth2JwtGrantIssuers**](OAuth2API.md#ListTrustedOAuth2JwtGrantIssuers) | **Get** /admin/trust/grants/jwt-bearer/issuers | List Trusted OAuth2 JWT Bearer Grant Type Issuers
+[**OAuth2Authorize**](OAuth2API.md#OAuth2Authorize) | **Get** /oauth2/auth | OAuth 2.0 Authorize Endpoint
+[**OAuth2DeviceFlow**](OAuth2API.md#OAuth2DeviceFlow) | **Post** /oauth2/device/auth | The OAuth 2.0 Device Authorize Endpoint
+[**Oauth2TokenExchange**](OAuth2API.md#Oauth2TokenExchange) | **Post** /oauth2/token | The OAuth 2.0 Token Endpoint
+[**PatchOAuth2Client**](OAuth2API.md#PatchOAuth2Client) | **Patch** /admin/clients/{id} | Patch OAuth 2.0 Client
+[**PerformOAuth2DeviceVerificationFlow**](OAuth2API.md#PerformOAuth2DeviceVerificationFlow) | **Get** /oauth2/device/verify | OAuth 2.0 Device Verification Endpoint
+[**RejectOAuth2ConsentRequest**](OAuth2API.md#RejectOAuth2ConsentRequest) | **Put** /admin/oauth2/auth/requests/consent/reject | Reject OAuth 2.0 Consent Request
+[**RejectOAuth2LoginRequest**](OAuth2API.md#RejectOAuth2LoginRequest) | **Put** /admin/oauth2/auth/requests/login/reject | Reject OAuth 2.0 Login Request
+[**RejectOAuth2LogoutRequest**](OAuth2API.md#RejectOAuth2LogoutRequest) | **Put** /admin/oauth2/auth/requests/logout/reject | Reject OAuth 2.0 Session Logout Request
+[**RevokeOAuth2ConsentSessions**](OAuth2API.md#RevokeOAuth2ConsentSessions) | **Delete** /admin/oauth2/auth/sessions/consent | Revoke OAuth 2.0 Consent Sessions of a Subject
+[**RevokeOAuth2LoginSessions**](OAuth2API.md#RevokeOAuth2LoginSessions) | **Delete** /admin/oauth2/auth/sessions/login | Revokes OAuth 2.0 Login Sessions by either a Subject or a SessionID
+[**RevokeOAuth2Token**](OAuth2API.md#RevokeOAuth2Token) | **Post** /oauth2/revoke | Revoke OAuth 2.0 Access or Refresh Token
+[**SetOAuth2Client**](OAuth2API.md#SetOAuth2Client) | **Put** /admin/clients/{id} | Set OAuth 2.0 Client
+[**SetOAuth2ClientLifespans**](OAuth2API.md#SetOAuth2ClientLifespans) | **Put** /admin/clients/{id}/lifespans | Set OAuth2 Client Token Lifespans
+[**TrustOAuth2JwtGrantIssuer**](OAuth2API.md#TrustOAuth2JwtGrantIssuer) | **Post** /admin/trust/grants/jwt-bearer/issuers | Trust OAuth2 JWT Bearer Grant Type Issuer
@@ -49,25 +52,25 @@ Accept OAuth 2.0 Consent Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- consentChallenge := "consentChallenge_example" // string | OAuth 2.0 Consent Request Challenge
- acceptOAuth2ConsentRequest := *openapiclient.NewAcceptOAuth2ConsentRequest() // AcceptOAuth2ConsentRequest | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).ConsentChallenge(consentChallenge).AcceptOAuth2ConsentRequest(acceptOAuth2ConsentRequest).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.AcceptOAuth2ConsentRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `AcceptOAuth2ConsentRequest`: OAuth2RedirectTo
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.AcceptOAuth2ConsentRequest`: %v\n", resp)
+ consentChallenge := "consentChallenge_example" // string | OAuth 2.0 Consent Request Challenge
+ acceptOAuth2ConsentRequest := *openapiclient.NewAcceptOAuth2ConsentRequest() // AcceptOAuth2ConsentRequest | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.AcceptOAuth2ConsentRequest(context.Background()).ConsentChallenge(consentChallenge).AcceptOAuth2ConsentRequest(acceptOAuth2ConsentRequest).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.AcceptOAuth2ConsentRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `AcceptOAuth2ConsentRequest`: OAuth2RedirectTo
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.AcceptOAuth2ConsentRequest`: %v\n", resp)
}
```
@@ -117,25 +120,25 @@ Accept OAuth 2.0 Login Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- loginChallenge := "loginChallenge_example" // string | OAuth 2.0 Login Request Challenge
- acceptOAuth2LoginRequest := *openapiclient.NewAcceptOAuth2LoginRequest("Subject_example") // AcceptOAuth2LoginRequest | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).LoginChallenge(loginChallenge).AcceptOAuth2LoginRequest(acceptOAuth2LoginRequest).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.AcceptOAuth2LoginRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `AcceptOAuth2LoginRequest`: OAuth2RedirectTo
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.AcceptOAuth2LoginRequest`: %v\n", resp)
+ loginChallenge := "loginChallenge_example" // string | OAuth 2.0 Login Request Challenge
+ acceptOAuth2LoginRequest := *openapiclient.NewAcceptOAuth2LoginRequest("Subject_example") // AcceptOAuth2LoginRequest | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.AcceptOAuth2LoginRequest(context.Background()).LoginChallenge(loginChallenge).AcceptOAuth2LoginRequest(acceptOAuth2LoginRequest).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.AcceptOAuth2LoginRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `AcceptOAuth2LoginRequest`: OAuth2RedirectTo
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.AcceptOAuth2LoginRequest`: %v\n", resp)
}
```
@@ -185,24 +188,24 @@ Accept OAuth 2.0 Session Logout Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- logoutChallenge := "logoutChallenge_example" // string | OAuth 2.0 Logout Request Challenge
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.AcceptOAuth2LogoutRequest(context.Background()).LogoutChallenge(logoutChallenge).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.AcceptOAuth2LogoutRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `AcceptOAuth2LogoutRequest`: OAuth2RedirectTo
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.AcceptOAuth2LogoutRequest`: %v\n", resp)
+ logoutChallenge := "logoutChallenge_example" // string | OAuth 2.0 Logout Request Challenge
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.AcceptOAuth2LogoutRequest(context.Background()).LogoutChallenge(logoutChallenge).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.AcceptOAuth2LogoutRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `AcceptOAuth2LogoutRequest`: OAuth2RedirectTo
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.AcceptOAuth2LogoutRequest`: %v\n", resp)
}
```
@@ -237,6 +240,74 @@ No authorization required
[[Back to README]](../README.md)
+## AcceptUserCodeRequest
+
+> OAuth2RedirectTo AcceptUserCodeRequest(ctx).DeviceChallenge(deviceChallenge).AcceptDeviceUserCodeRequest(acceptDeviceUserCodeRequest).Execute()
+
+Accepts a device grant user_code request
+
+
+
+### Example
+
+```go
+package main
+
+import (
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
+)
+
+func main() {
+ deviceChallenge := "deviceChallenge_example" // string |
+ acceptDeviceUserCodeRequest := *openapiclient.NewAcceptDeviceUserCodeRequest() // AcceptDeviceUserCodeRequest | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.AcceptUserCodeRequest(context.Background()).DeviceChallenge(deviceChallenge).AcceptDeviceUserCodeRequest(acceptDeviceUserCodeRequest).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.AcceptUserCodeRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `AcceptUserCodeRequest`: OAuth2RedirectTo
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.AcceptUserCodeRequest`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiAcceptUserCodeRequestRequest struct via the builder pattern
+
+
+Name | Type | Description | Notes
+------------- | ------------- | ------------- | -------------
+ **deviceChallenge** | **string** | |
+ **acceptDeviceUserCodeRequest** | [**AcceptDeviceUserCodeRequest**](AcceptDeviceUserCodeRequest.md) | |
+
+### Return type
+
+[**OAuth2RedirectTo**](OAuth2RedirectTo.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: application/json
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
## CreateOAuth2Client
> OAuth2Client CreateOAuth2Client(ctx).OAuth2Client(oAuth2Client).Execute()
@@ -251,24 +322,24 @@ Create OAuth 2.0 Client
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- oAuth2Client := *openapiclient.NewOAuth2Client() // OAuth2Client | OAuth 2.0 Client Request Body
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.CreateOAuth2Client(context.Background()).OAuth2Client(oAuth2Client).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.CreateOAuth2Client``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `CreateOAuth2Client`: OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.CreateOAuth2Client`: %v\n", resp)
+ oAuth2Client := *openapiclient.NewOAuth2Client() // OAuth2Client | OAuth 2.0 Client Request Body
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.CreateOAuth2Client(context.Background()).OAuth2Client(oAuth2Client).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.CreateOAuth2Client``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `CreateOAuth2Client`: OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.CreateOAuth2Client`: %v\n", resp)
}
```
@@ -317,22 +388,22 @@ Delete OAuth 2.0 Client
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | The id of the OAuth 2.0 Client.
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.DeleteOAuth2Client(context.Background(), id).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.DeleteOAuth2Client``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ id := "id_example" // string | The id of the OAuth 2.0 Client.
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OAuth2API.DeleteOAuth2Client(context.Background(), id).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.DeleteOAuth2Client``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -385,22 +456,22 @@ Delete OAuth 2.0 Access Tokens from specific OAuth 2.0 Client
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- clientId := "clientId_example" // string | OAuth 2.0 Client ID
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.DeleteOAuth2Token(context.Background()).ClientId(clientId).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.DeleteOAuth2Token``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ clientId := "clientId_example" // string | OAuth 2.0 Client ID
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OAuth2API.DeleteOAuth2Token(context.Background()).ClientId(clientId).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.DeleteOAuth2Token``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -449,22 +520,22 @@ Delete Trusted OAuth2 JWT Bearer Grant Type Issuer
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | The id of the desired grant
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.DeleteTrustedOAuth2JwtGrantIssuer(context.Background(), id).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.DeleteTrustedOAuth2JwtGrantIssuer``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ id := "id_example" // string | The id of the desired grant
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OAuth2API.DeleteTrustedOAuth2JwtGrantIssuer(context.Background(), id).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.DeleteTrustedOAuth2JwtGrantIssuer``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -517,24 +588,24 @@ Get an OAuth 2.0 Client
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | The id of the OAuth 2.0 Client.
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.GetOAuth2Client(context.Background(), id).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.GetOAuth2Client``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetOAuth2Client`: OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.GetOAuth2Client`: %v\n", resp)
+ id := "id_example" // string | The id of the OAuth 2.0 Client.
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.GetOAuth2Client(context.Background(), id).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.GetOAuth2Client``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetOAuth2Client`: OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.GetOAuth2Client`: %v\n", resp)
}
```
@@ -587,24 +658,24 @@ Get OAuth 2.0 Consent Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- consentChallenge := "consentChallenge_example" // string | OAuth 2.0 Consent Request Challenge
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(consentChallenge).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.GetOAuth2ConsentRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetOAuth2ConsentRequest`: OAuth2ConsentRequest
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.GetOAuth2ConsentRequest`: %v\n", resp)
+ consentChallenge := "consentChallenge_example" // string | OAuth 2.0 Consent Request Challenge
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(consentChallenge).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.GetOAuth2ConsentRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetOAuth2ConsentRequest`: OAuth2ConsentRequest
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.GetOAuth2ConsentRequest`: %v\n", resp)
}
```
@@ -653,24 +724,24 @@ Get OAuth 2.0 Login Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- loginChallenge := "loginChallenge_example" // string | OAuth 2.0 Login Request Challenge
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.GetOAuth2LoginRequest(context.Background()).LoginChallenge(loginChallenge).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.GetOAuth2LoginRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetOAuth2LoginRequest`: OAuth2LoginRequest
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.GetOAuth2LoginRequest`: %v\n", resp)
+ loginChallenge := "loginChallenge_example" // string | OAuth 2.0 Login Request Challenge
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.GetOAuth2LoginRequest(context.Background()).LoginChallenge(loginChallenge).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.GetOAuth2LoginRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetOAuth2LoginRequest`: OAuth2LoginRequest
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.GetOAuth2LoginRequest`: %v\n", resp)
}
```
@@ -719,24 +790,24 @@ Get OAuth 2.0 Session Logout Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- logoutChallenge := "logoutChallenge_example" // string |
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.GetOAuth2LogoutRequest(context.Background()).LogoutChallenge(logoutChallenge).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.GetOAuth2LogoutRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetOAuth2LogoutRequest`: OAuth2LogoutRequest
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.GetOAuth2LogoutRequest`: %v\n", resp)
+ logoutChallenge := "logoutChallenge_example" // string |
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.GetOAuth2LogoutRequest(context.Background()).LogoutChallenge(logoutChallenge).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.GetOAuth2LogoutRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetOAuth2LogoutRequest`: OAuth2LogoutRequest
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.GetOAuth2LogoutRequest`: %v\n", resp)
}
```
@@ -785,24 +856,24 @@ Get Trusted OAuth2 JWT Bearer Grant Type Issuer
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | The id of the desired grant
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.GetTrustedOAuth2JwtGrantIssuer(context.Background(), id).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.GetTrustedOAuth2JwtGrantIssuer``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetTrustedOAuth2JwtGrantIssuer`: TrustedOAuth2JwtGrantIssuer
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.GetTrustedOAuth2JwtGrantIssuer`: %v\n", resp)
+ id := "id_example" // string | The id of the desired grant
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.GetTrustedOAuth2JwtGrantIssuer(context.Background(), id).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.GetTrustedOAuth2JwtGrantIssuer``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetTrustedOAuth2JwtGrantIssuer`: TrustedOAuth2JwtGrantIssuer
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.GetTrustedOAuth2JwtGrantIssuer`: %v\n", resp)
}
```
@@ -855,25 +926,25 @@ Introspect OAuth2 Access and Refresh Tokens
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- token := "token_example" // string | The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned.
- scope := "scope_example" // string | An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false. (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.IntrospectOAuth2Token(context.Background()).Token(token).Scope(scope).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.IntrospectOAuth2Token``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `IntrospectOAuth2Token`: IntrospectedOAuth2Token
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.IntrospectOAuth2Token`: %v\n", resp)
+ token := "token_example" // string | The string value of the token. For access tokens, this is the \\\"access_token\\\" value returned from the token endpoint defined in OAuth 2.0. For refresh tokens, this is the \\\"refresh_token\\\" value returned.
+ scope := "scope_example" // string | An optional, space separated list of required scopes. If the access token was not granted one of the scopes, the result of active will be false. (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.IntrospectOAuth2Token(context.Background()).Token(token).Scope(scope).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.IntrospectOAuth2Token``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `IntrospectOAuth2Token`: IntrospectedOAuth2Token
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.IntrospectOAuth2Token`: %v\n", resp)
}
```
@@ -923,27 +994,27 @@ List OAuth 2.0 Clients
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- pageSize := int64(789) // int64 | Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to 250)
- pageToken := "pageToken_example" // string | Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to "1")
- clientName := "clientName_example" // string | The name of the clients to filter by. (optional)
- owner := "owner_example" // string | The owner of the clients to filter by. (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.ListOAuth2Clients(context.Background()).PageSize(pageSize).PageToken(pageToken).ClientName(clientName).Owner(owner).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.ListOAuth2Clients``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `ListOAuth2Clients`: []OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.ListOAuth2Clients`: %v\n", resp)
+ pageSize := int64(789) // int64 | Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to 250)
+ pageToken := "pageToken_example" // string | Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to "1")
+ clientName := "clientName_example" // string | The name of the clients to filter by. (optional)
+ owner := "owner_example" // string | The owner of the clients to filter by. (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.ListOAuth2Clients(context.Background()).PageSize(pageSize).PageToken(pageToken).ClientName(clientName).Owner(owner).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.ListOAuth2Clients``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `ListOAuth2Clients`: []OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.ListOAuth2Clients`: %v\n", resp)
}
```
@@ -995,27 +1066,27 @@ List OAuth 2.0 Consent Sessions of a Subject
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- subject := "subject_example" // string | The subject to list the consent sessions for.
- pageSize := int64(789) // int64 | Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to 250)
- pageToken := "pageToken_example" // string | Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to "1")
- loginSessionId := "loginSessionId_example" // string | The login session id to list the consent sessions for. (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.ListOAuth2ConsentSessions(context.Background()).Subject(subject).PageSize(pageSize).PageToken(pageToken).LoginSessionId(loginSessionId).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.ListOAuth2ConsentSessions``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `ListOAuth2ConsentSessions`: []OAuth2ConsentSession
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.ListOAuth2ConsentSessions`: %v\n", resp)
+ subject := "subject_example" // string | The subject to list the consent sessions for.
+ pageSize := int64(789) // int64 | Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to 250)
+ pageToken := "pageToken_example" // string | Next Page Token The next page token. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). (optional) (default to "1")
+ loginSessionId := "loginSessionId_example" // string | The login session id to list the consent sessions for. (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.ListOAuth2ConsentSessions(context.Background()).Subject(subject).PageSize(pageSize).PageToken(pageToken).LoginSessionId(loginSessionId).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.ListOAuth2ConsentSessions``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `ListOAuth2ConsentSessions`: []OAuth2ConsentSession
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.ListOAuth2ConsentSessions`: %v\n", resp)
}
```
@@ -1067,26 +1138,26 @@ List Trusted OAuth2 JWT Bearer Grant Type Issuers
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- maxItems := int64(789) // int64 | (optional)
- defaultItems := int64(789) // int64 | (optional)
- issuer := "issuer_example" // string | If optional \"issuer\" is supplied, only jwt-bearer grants with this issuer will be returned. (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.ListTrustedOAuth2JwtGrantIssuers(context.Background()).MaxItems(maxItems).DefaultItems(defaultItems).Issuer(issuer).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.ListTrustedOAuth2JwtGrantIssuers``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `ListTrustedOAuth2JwtGrantIssuers`: []TrustedOAuth2JwtGrantIssuer
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.ListTrustedOAuth2JwtGrantIssuers`: %v\n", resp)
+ maxItems := int64(789) // int64 | (optional)
+ defaultItems := int64(789) // int64 | (optional)
+ issuer := "issuer_example" // string | If optional \"issuer\" is supplied, only jwt-bearer grants with this issuer will be returned. (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.ListTrustedOAuth2JwtGrantIssuers(context.Background()).MaxItems(maxItems).DefaultItems(defaultItems).Issuer(issuer).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.ListTrustedOAuth2JwtGrantIssuers``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `ListTrustedOAuth2JwtGrantIssuers`: []TrustedOAuth2JwtGrantIssuer
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.ListTrustedOAuth2JwtGrantIssuers`: %v\n", resp)
}
```
@@ -1137,23 +1208,23 @@ OAuth 2.0 Authorize Endpoint
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.OAuth2Authorize(context.Background()).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.OAuth2Authorize``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `OAuth2Authorize`: ErrorOAuth2
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.OAuth2Authorize`: %v\n", resp)
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.OAuth2Authorize(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.OAuth2Authorize``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `OAuth2Authorize`: ErrorOAuth2
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.OAuth2Authorize`: %v\n", resp)
}
```
@@ -1184,6 +1255,67 @@ No authorization required
[[Back to README]](../README.md)
+## OAuth2DeviceFlow
+
+> DeviceAuthorization OAuth2DeviceFlow(ctx).Execute()
+
+The OAuth 2.0 Device Authorize Endpoint
+
+
+
+### Example
+
+```go
+package main
+
+import (
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
+)
+
+func main() {
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.OAuth2DeviceFlow(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.OAuth2DeviceFlow``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `OAuth2DeviceFlow`: DeviceAuthorization
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.OAuth2DeviceFlow`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiOAuth2DeviceFlowRequest struct via the builder pattern
+
+
+### Return type
+
+[**DeviceAuthorization**](DeviceAuthorization.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
## Oauth2TokenExchange
> OAuth2TokenExchange Oauth2TokenExchange(ctx).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute()
@@ -1198,28 +1330,28 @@ The OAuth 2.0 Token Endpoint
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- grantType := "grantType_example" // string |
- clientId := "clientId_example" // string | (optional)
- code := "code_example" // string | (optional)
- redirectUri := "redirectUri_example" // string | (optional)
- refreshToken := "refreshToken_example" // string | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.Oauth2TokenExchange(context.Background()).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.Oauth2TokenExchange``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `Oauth2TokenExchange`: OAuth2TokenExchange
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.Oauth2TokenExchange`: %v\n", resp)
+ grantType := "grantType_example" // string |
+ clientId := "clientId_example" // string | (optional)
+ code := "code_example" // string | (optional)
+ redirectUri := "redirectUri_example" // string | (optional)
+ refreshToken := "refreshToken_example" // string | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.Oauth2TokenExchange(context.Background()).GrantType(grantType).ClientId(clientId).Code(code).RedirectUri(redirectUri).RefreshToken(refreshToken).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.Oauth2TokenExchange``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `Oauth2TokenExchange`: OAuth2TokenExchange
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.Oauth2TokenExchange`: %v\n", resp)
}
```
@@ -1272,25 +1404,25 @@ Patch OAuth 2.0 Client
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | The id of the OAuth 2.0 Client.
- jsonPatch := []openapiclient.JsonPatch{*openapiclient.NewJsonPatch("replace", "/name")} // []JsonPatch | OAuth 2.0 Client JSON Patch Body
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.PatchOAuth2Client(context.Background(), id).JsonPatch(jsonPatch).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.PatchOAuth2Client``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `PatchOAuth2Client`: OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.PatchOAuth2Client`: %v\n", resp)
+ id := "id_example" // string | The id of the OAuth 2.0 Client.
+ jsonPatch := []openapiclient.JsonPatch{*openapiclient.NewJsonPatch("replace", "/name")} // []JsonPatch | OAuth 2.0 Client JSON Patch Body
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.PatchOAuth2Client(context.Background(), id).JsonPatch(jsonPatch).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.PatchOAuth2Client``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `PatchOAuth2Client`: OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.PatchOAuth2Client`: %v\n", resp)
}
```
@@ -1330,6 +1462,67 @@ No authorization required
[[Back to README]](../README.md)
+## PerformOAuth2DeviceVerificationFlow
+
+> ErrorOAuth2 PerformOAuth2DeviceVerificationFlow(ctx).Execute()
+
+OAuth 2.0 Device Verification Endpoint
+
+
+
+### Example
+
+```go
+package main
+
+import (
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
+)
+
+func main() {
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.PerformOAuth2DeviceVerificationFlow(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.PerformOAuth2DeviceVerificationFlow``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `PerformOAuth2DeviceVerificationFlow`: ErrorOAuth2
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.PerformOAuth2DeviceVerificationFlow`: %v\n", resp)
+}
+```
+
+### Path Parameters
+
+This endpoint does not need any parameter.
+
+### Other Parameters
+
+Other parameters are passed through a pointer to a apiPerformOAuth2DeviceVerificationFlowRequest struct via the builder pattern
+
+
+### Return type
+
+[**ErrorOAuth2**](ErrorOAuth2.md)
+
+### Authorization
+
+No authorization required
+
+### HTTP request headers
+
+- **Content-Type**: Not defined
+- **Accept**: application/json
+
+[[Back to top]](#) [[Back to API list]](../README.md#documentation-for-api-endpoints)
+[[Back to Model list]](../README.md#documentation-for-models)
+[[Back to README]](../README.md)
+
+
## RejectOAuth2ConsentRequest
> OAuth2RedirectTo RejectOAuth2ConsentRequest(ctx).ConsentChallenge(consentChallenge).RejectOAuth2Request(rejectOAuth2Request).Execute()
@@ -1344,25 +1537,25 @@ Reject OAuth 2.0 Consent Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- consentChallenge := "consentChallenge_example" // string | OAuth 2.0 Consent Request Challenge
- rejectOAuth2Request := *openapiclient.NewRejectOAuth2Request() // RejectOAuth2Request | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.RejectOAuth2ConsentRequest(context.Background()).ConsentChallenge(consentChallenge).RejectOAuth2Request(rejectOAuth2Request).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.RejectOAuth2ConsentRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `RejectOAuth2ConsentRequest`: OAuth2RedirectTo
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.RejectOAuth2ConsentRequest`: %v\n", resp)
+ consentChallenge := "consentChallenge_example" // string | OAuth 2.0 Consent Request Challenge
+ rejectOAuth2Request := *openapiclient.NewRejectOAuth2Request() // RejectOAuth2Request | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.RejectOAuth2ConsentRequest(context.Background()).ConsentChallenge(consentChallenge).RejectOAuth2Request(rejectOAuth2Request).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.RejectOAuth2ConsentRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `RejectOAuth2ConsentRequest`: OAuth2RedirectTo
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.RejectOAuth2ConsentRequest`: %v\n", resp)
}
```
@@ -1412,25 +1605,25 @@ Reject OAuth 2.0 Login Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- loginChallenge := "loginChallenge_example" // string | OAuth 2.0 Login Request Challenge
- rejectOAuth2Request := *openapiclient.NewRejectOAuth2Request() // RejectOAuth2Request | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.RejectOAuth2LoginRequest(context.Background()).LoginChallenge(loginChallenge).RejectOAuth2Request(rejectOAuth2Request).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.RejectOAuth2LoginRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `RejectOAuth2LoginRequest`: OAuth2RedirectTo
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.RejectOAuth2LoginRequest`: %v\n", resp)
+ loginChallenge := "loginChallenge_example" // string | OAuth 2.0 Login Request Challenge
+ rejectOAuth2Request := *openapiclient.NewRejectOAuth2Request() // RejectOAuth2Request | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.RejectOAuth2LoginRequest(context.Background()).LoginChallenge(loginChallenge).RejectOAuth2Request(rejectOAuth2Request).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.RejectOAuth2LoginRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `RejectOAuth2LoginRequest`: OAuth2RedirectTo
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.RejectOAuth2LoginRequest`: %v\n", resp)
}
```
@@ -1480,22 +1673,22 @@ Reject OAuth 2.0 Session Logout Request
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- logoutChallenge := "logoutChallenge_example" // string |
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.RejectOAuth2LogoutRequest(context.Background()).LogoutChallenge(logoutChallenge).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.RejectOAuth2LogoutRequest``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ logoutChallenge := "logoutChallenge_example" // string |
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OAuth2API.RejectOAuth2LogoutRequest(context.Background()).LogoutChallenge(logoutChallenge).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.RejectOAuth2LogoutRequest``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -1544,24 +1737,24 @@ Revoke OAuth 2.0 Consent Sessions of a Subject
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- subject := "subject_example" // string | OAuth 2.0 Consent Subject The subject whose consent sessions should be deleted.
- client := "client_example" // string | OAuth 2.0 Client ID If set, deletes only those consent sessions that have been granted to the specified OAuth 2.0 Client ID. (optional)
- all := true // bool | Revoke All Consent Sessions If set to `true` deletes all consent sessions by the Subject that have been granted. (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.RevokeOAuth2ConsentSessions(context.Background()).Subject(subject).Client(client).All(all).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.RevokeOAuth2ConsentSessions``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ subject := "subject_example" // string | OAuth 2.0 Consent Subject The subject whose consent sessions should be deleted.
+ client := "client_example" // string | OAuth 2.0 Client ID If set, deletes only those consent sessions that have been granted to the specified OAuth 2.0 Client ID. (optional)
+ all := true // bool | Revoke All Consent Sessions If set to `true` deletes all consent sessions by the Subject that have been granted. (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OAuth2API.RevokeOAuth2ConsentSessions(context.Background()).Subject(subject).Client(client).All(all).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.RevokeOAuth2ConsentSessions``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -1612,23 +1805,23 @@ Revokes OAuth 2.0 Login Sessions by either a Subject or a SessionID
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- subject := "subject_example" // string | OAuth 2.0 Subject The subject to revoke authentication sessions for. (optional)
- sid := "sid_example" // string | OAuth 2.0 Subject The subject to revoke authentication sessions for. (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.RevokeOAuth2LoginSessions(context.Background()).Subject(subject).Sid(sid).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.RevokeOAuth2LoginSessions``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ subject := "subject_example" // string | OAuth 2.0 Subject The subject to revoke authentication sessions for. (optional)
+ sid := "sid_example" // string | Login Session ID The login session to revoke. (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OAuth2API.RevokeOAuth2LoginSessions(context.Background()).Subject(subject).Sid(sid).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.RevokeOAuth2LoginSessions``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -1644,7 +1837,7 @@ Other parameters are passed through a pointer to a apiRevokeOAuth2LoginSessionsR
Name | Type | Description | Notes
------------- | ------------- | ------------- | -------------
**subject** | **string** | OAuth 2.0 Subject The subject to revoke authentication sessions for. |
- **sid** | **string** | OAuth 2.0 Subject The subject to revoke authentication sessions for. |
+ **sid** | **string** | Login Session ID The login session to revoke. |
### Return type
@@ -1678,24 +1871,24 @@ Revoke OAuth 2.0 Access or Refresh Token
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- token := "token_example" // string |
- clientId := "clientId_example" // string | (optional)
- clientSecret := "clientSecret_example" // string | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.RevokeOAuth2Token(context.Background()).Token(token).ClientId(clientId).ClientSecret(clientSecret).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.RevokeOAuth2Token``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ token := "token_example" // string |
+ clientId := "clientId_example" // string | (optional)
+ clientSecret := "clientSecret_example" // string | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OAuth2API.RevokeOAuth2Token(context.Background()).Token(token).ClientId(clientId).ClientSecret(clientSecret).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.RevokeOAuth2Token``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -1746,25 +1939,25 @@ Set OAuth 2.0 Client
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | OAuth 2.0 Client ID
- oAuth2Client := *openapiclient.NewOAuth2Client() // OAuth2Client | OAuth 2.0 Client Request Body
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.SetOAuth2Client(context.Background(), id).OAuth2Client(oAuth2Client).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.SetOAuth2Client``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `SetOAuth2Client`: OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.SetOAuth2Client`: %v\n", resp)
+ id := "id_example" // string | OAuth 2.0 Client ID
+ oAuth2Client := *openapiclient.NewOAuth2Client() // OAuth2Client | OAuth 2.0 Client Request Body
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.SetOAuth2Client(context.Background(), id).OAuth2Client(oAuth2Client).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.SetOAuth2Client``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `SetOAuth2Client`: OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.SetOAuth2Client`: %v\n", resp)
}
```
@@ -1818,25 +2011,25 @@ Set OAuth2 Client Token Lifespans
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | OAuth 2.0 Client ID
- oAuth2ClientTokenLifespans := *openapiclient.NewOAuth2ClientTokenLifespans() // OAuth2ClientTokenLifespans | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.SetOAuth2ClientLifespans(context.Background(), id).OAuth2ClientTokenLifespans(oAuth2ClientTokenLifespans).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.SetOAuth2ClientLifespans``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `SetOAuth2ClientLifespans`: OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.SetOAuth2ClientLifespans`: %v\n", resp)
+ id := "id_example" // string | OAuth 2.0 Client ID
+ oAuth2ClientTokenLifespans := *openapiclient.NewOAuth2ClientTokenLifespans() // OAuth2ClientTokenLifespans | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.SetOAuth2ClientLifespans(context.Background(), id).OAuth2ClientTokenLifespans(oAuth2ClientTokenLifespans).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.SetOAuth2ClientLifespans``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `SetOAuth2ClientLifespans`: OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.SetOAuth2ClientLifespans`: %v\n", resp)
}
```
@@ -1890,25 +2083,25 @@ Trust OAuth2 JWT Bearer Grant Type Issuer
package main
import (
- "context"
- "fmt"
- "os"
+ "context"
+ "fmt"
+ "os"
"time"
- openapiclient "./openapi"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- trustOAuth2JwtGrantIssuer := *openapiclient.NewTrustOAuth2JwtGrantIssuer(time.Now(), "https://jwt-idp.example.com", *openapiclient.NewJsonWebKey("RS256", "1603dfe0af8f4596", "RSA", "sig"), []string{"Scope_example"}) // TrustOAuth2JwtGrantIssuer | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(trustOAuth2JwtGrantIssuer).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OAuth2Api.TrustOAuth2JwtGrantIssuer``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `TrustOAuth2JwtGrantIssuer`: TrustedOAuth2JwtGrantIssuer
- fmt.Fprintf(os.Stdout, "Response from `OAuth2Api.TrustOAuth2JwtGrantIssuer`: %v\n", resp)
+ trustOAuth2JwtGrantIssuer := *openapiclient.NewTrustOAuth2JwtGrantIssuer(time.Now(), "https://jwt-idp.example.com", *openapiclient.NewJsonWebKey("RS256", "1603dfe0af8f4596", "RSA", "sig"), []string{"Scope_example"}) // TrustOAuth2JwtGrantIssuer | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(trustOAuth2JwtGrantIssuer).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OAuth2API.TrustOAuth2JwtGrantIssuer``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `TrustOAuth2JwtGrantIssuer`: TrustedOAuth2JwtGrantIssuer
+ fmt.Fprintf(os.Stdout, "Response from `OAuth2API.TrustOAuth2JwtGrantIssuer`: %v\n", resp)
}
```
diff --git a/internal/httpclient/docs/OAuth2Client.md b/internal/httpclient/docs/OAuth2Client.md
index 3ab9bc54432..de0c029e2ff 100644
--- a/internal/httpclient/docs/OAuth2Client.md
+++ b/internal/httpclient/docs/OAuth2Client.md
@@ -20,6 +20,9 @@ Name | Type | Description | Notes
**ClientUri** | Pointer to **string** | OAuth 2.0 Client URI ClientURI is a URL string of a web page providing information about the client. If present, the server SHOULD display this URL to the end-user in a clickable fashion. | [optional]
**Contacts** | Pointer to **[]string** | | [optional]
**CreatedAt** | Pointer to **time.Time** | OAuth 2.0 Client Creation Date CreatedAt returns the timestamp of the client's creation. | [optional]
+**DeviceAuthorizationGrantAccessTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
+**DeviceAuthorizationGrantIdTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
+**DeviceAuthorizationGrantRefreshTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
**FrontchannelLogoutSessionRequired** | Pointer to **bool** | OpenID Connect Front-Channel Logout Session Required Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false. | [optional]
**FrontchannelLogoutUri** | Pointer to **string** | OpenID Connect Front-Channel Logout URI RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be. | [optional]
**GrantTypes** | Pointer to **[]string** | | [optional]
@@ -45,6 +48,7 @@ Name | Type | Description | Notes
**Scope** | Pointer to **string** | OAuth 2.0 Client Scope Scope is a string containing a space-separated list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client can use when requesting access tokens. | [optional]
**SectorIdentifierUri** | Pointer to **string** | OpenID Connect Sector Identifier URI URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a file with a single JSON array of redirect_uri values. | [optional]
**SkipConsent** | Pointer to **bool** | SkipConsent skips the consent screen for this client. This field can only be set from the admin API. | [optional]
+**SkipLogoutConsent** | Pointer to **bool** | SkipLogoutConsent skips the logout consent screen for this client. This field can only be set from the admin API. | [optional]
**SubjectType** | Pointer to **string** | OpenID Connect Subject Type The `subject_types_supported` Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`. | [optional]
**TokenEndpointAuthMethod** | Pointer to **string** | OAuth 2.0 Token Endpoint Authentication Method Requested Client Authentication method for the Token Endpoint. The options are: `client_secret_basic`: (default) Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` encoded in the HTTP Authorization header. `client_secret_post`: Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` in the HTTP body. `private_key_jwt`: Use JSON Web Tokens to authenticate the client. `none`: Used for public clients (native apps, mobile apps) which can not have secrets. | [optional] [default to "client_secret_basic"]
**TokenEndpointAuthSigningAlg** | Pointer to **string** | OAuth 2.0 Token Endpoint Signing Algorithm Requested Client Authentication signing algorithm for the Token Endpoint. | [optional]
@@ -471,6 +475,81 @@ SetCreatedAt sets CreatedAt field to given value.
HasCreatedAt returns a boolean if a field has been set.
+### GetDeviceAuthorizationGrantAccessTokenLifespan
+
+`func (o *OAuth2Client) GetDeviceAuthorizationGrantAccessTokenLifespan() string`
+
+GetDeviceAuthorizationGrantAccessTokenLifespan returns the DeviceAuthorizationGrantAccessTokenLifespan field if non-nil, zero value otherwise.
+
+### GetDeviceAuthorizationGrantAccessTokenLifespanOk
+
+`func (o *OAuth2Client) GetDeviceAuthorizationGrantAccessTokenLifespanOk() (*string, bool)`
+
+GetDeviceAuthorizationGrantAccessTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantAccessTokenLifespan field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceAuthorizationGrantAccessTokenLifespan
+
+`func (o *OAuth2Client) SetDeviceAuthorizationGrantAccessTokenLifespan(v string)`
+
+SetDeviceAuthorizationGrantAccessTokenLifespan sets DeviceAuthorizationGrantAccessTokenLifespan field to given value.
+
+### HasDeviceAuthorizationGrantAccessTokenLifespan
+
+`func (o *OAuth2Client) HasDeviceAuthorizationGrantAccessTokenLifespan() bool`
+
+HasDeviceAuthorizationGrantAccessTokenLifespan returns a boolean if a field has been set.
+
+### GetDeviceAuthorizationGrantIdTokenLifespan
+
+`func (o *OAuth2Client) GetDeviceAuthorizationGrantIdTokenLifespan() string`
+
+GetDeviceAuthorizationGrantIdTokenLifespan returns the DeviceAuthorizationGrantIdTokenLifespan field if non-nil, zero value otherwise.
+
+### GetDeviceAuthorizationGrantIdTokenLifespanOk
+
+`func (o *OAuth2Client) GetDeviceAuthorizationGrantIdTokenLifespanOk() (*string, bool)`
+
+GetDeviceAuthorizationGrantIdTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantIdTokenLifespan field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceAuthorizationGrantIdTokenLifespan
+
+`func (o *OAuth2Client) SetDeviceAuthorizationGrantIdTokenLifespan(v string)`
+
+SetDeviceAuthorizationGrantIdTokenLifespan sets DeviceAuthorizationGrantIdTokenLifespan field to given value.
+
+### HasDeviceAuthorizationGrantIdTokenLifespan
+
+`func (o *OAuth2Client) HasDeviceAuthorizationGrantIdTokenLifespan() bool`
+
+HasDeviceAuthorizationGrantIdTokenLifespan returns a boolean if a field has been set.
+
+### GetDeviceAuthorizationGrantRefreshTokenLifespan
+
+`func (o *OAuth2Client) GetDeviceAuthorizationGrantRefreshTokenLifespan() string`
+
+GetDeviceAuthorizationGrantRefreshTokenLifespan returns the DeviceAuthorizationGrantRefreshTokenLifespan field if non-nil, zero value otherwise.
+
+### GetDeviceAuthorizationGrantRefreshTokenLifespanOk
+
+`func (o *OAuth2Client) GetDeviceAuthorizationGrantRefreshTokenLifespanOk() (*string, bool)`
+
+GetDeviceAuthorizationGrantRefreshTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantRefreshTokenLifespan field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceAuthorizationGrantRefreshTokenLifespan
+
+`func (o *OAuth2Client) SetDeviceAuthorizationGrantRefreshTokenLifespan(v string)`
+
+SetDeviceAuthorizationGrantRefreshTokenLifespan sets DeviceAuthorizationGrantRefreshTokenLifespan field to given value.
+
+### HasDeviceAuthorizationGrantRefreshTokenLifespan
+
+`func (o *OAuth2Client) HasDeviceAuthorizationGrantRefreshTokenLifespan() bool`
+
+HasDeviceAuthorizationGrantRefreshTokenLifespan returns a boolean if a field has been set.
+
### GetFrontchannelLogoutSessionRequired
`func (o *OAuth2Client) GetFrontchannelLogoutSessionRequired() bool`
@@ -1116,6 +1195,31 @@ SetSkipConsent sets SkipConsent field to given value.
HasSkipConsent returns a boolean if a field has been set.
+### GetSkipLogoutConsent
+
+`func (o *OAuth2Client) GetSkipLogoutConsent() bool`
+
+GetSkipLogoutConsent returns the SkipLogoutConsent field if non-nil, zero value otherwise.
+
+### GetSkipLogoutConsentOk
+
+`func (o *OAuth2Client) GetSkipLogoutConsentOk() (*bool, bool)`
+
+GetSkipLogoutConsentOk returns a tuple with the SkipLogoutConsent field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetSkipLogoutConsent
+
+`func (o *OAuth2Client) SetSkipLogoutConsent(v bool)`
+
+SetSkipLogoutConsent sets SkipLogoutConsent field to given value.
+
+### HasSkipLogoutConsent
+
+`func (o *OAuth2Client) HasSkipLogoutConsent() bool`
+
+HasSkipLogoutConsent returns a boolean if a field has been set.
+
### GetSubjectType
`func (o *OAuth2Client) GetSubjectType() string`
diff --git a/internal/httpclient/docs/OAuth2ClientTokenLifespans.md b/internal/httpclient/docs/OAuth2ClientTokenLifespans.md
index cda6ca600ca..b38aef35d74 100644
--- a/internal/httpclient/docs/OAuth2ClientTokenLifespans.md
+++ b/internal/httpclient/docs/OAuth2ClientTokenLifespans.md
@@ -8,6 +8,9 @@ Name | Type | Description | Notes
**AuthorizationCodeGrantIdTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
**AuthorizationCodeGrantRefreshTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
**ClientCredentialsGrantAccessTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
+**DeviceAuthorizationGrantAccessTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
+**DeviceAuthorizationGrantIdTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
+**DeviceAuthorizationGrantRefreshTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
**ImplicitGrantAccessTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
**ImplicitGrantIdTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
**JwtBearerGrantAccessTokenLifespan** | Pointer to **string** | Specify a time duration in milliseconds, seconds, minutes, hours. | [optional]
@@ -134,6 +137,81 @@ SetClientCredentialsGrantAccessTokenLifespan sets ClientCredentialsGrantAccessTo
HasClientCredentialsGrantAccessTokenLifespan returns a boolean if a field has been set.
+### GetDeviceAuthorizationGrantAccessTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantAccessTokenLifespan() string`
+
+GetDeviceAuthorizationGrantAccessTokenLifespan returns the DeviceAuthorizationGrantAccessTokenLifespan field if non-nil, zero value otherwise.
+
+### GetDeviceAuthorizationGrantAccessTokenLifespanOk
+
+`func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantAccessTokenLifespanOk() (*string, bool)`
+
+GetDeviceAuthorizationGrantAccessTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantAccessTokenLifespan field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceAuthorizationGrantAccessTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) SetDeviceAuthorizationGrantAccessTokenLifespan(v string)`
+
+SetDeviceAuthorizationGrantAccessTokenLifespan sets DeviceAuthorizationGrantAccessTokenLifespan field to given value.
+
+### HasDeviceAuthorizationGrantAccessTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) HasDeviceAuthorizationGrantAccessTokenLifespan() bool`
+
+HasDeviceAuthorizationGrantAccessTokenLifespan returns a boolean if a field has been set.
+
+### GetDeviceAuthorizationGrantIdTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantIdTokenLifespan() string`
+
+GetDeviceAuthorizationGrantIdTokenLifespan returns the DeviceAuthorizationGrantIdTokenLifespan field if non-nil, zero value otherwise.
+
+### GetDeviceAuthorizationGrantIdTokenLifespanOk
+
+`func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantIdTokenLifespanOk() (*string, bool)`
+
+GetDeviceAuthorizationGrantIdTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantIdTokenLifespan field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceAuthorizationGrantIdTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) SetDeviceAuthorizationGrantIdTokenLifespan(v string)`
+
+SetDeviceAuthorizationGrantIdTokenLifespan sets DeviceAuthorizationGrantIdTokenLifespan field to given value.
+
+### HasDeviceAuthorizationGrantIdTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) HasDeviceAuthorizationGrantIdTokenLifespan() bool`
+
+HasDeviceAuthorizationGrantIdTokenLifespan returns a boolean if a field has been set.
+
+### GetDeviceAuthorizationGrantRefreshTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantRefreshTokenLifespan() string`
+
+GetDeviceAuthorizationGrantRefreshTokenLifespan returns the DeviceAuthorizationGrantRefreshTokenLifespan field if non-nil, zero value otherwise.
+
+### GetDeviceAuthorizationGrantRefreshTokenLifespanOk
+
+`func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantRefreshTokenLifespanOk() (*string, bool)`
+
+GetDeviceAuthorizationGrantRefreshTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantRefreshTokenLifespan field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceAuthorizationGrantRefreshTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) SetDeviceAuthorizationGrantRefreshTokenLifespan(v string)`
+
+SetDeviceAuthorizationGrantRefreshTokenLifespan sets DeviceAuthorizationGrantRefreshTokenLifespan field to given value.
+
+### HasDeviceAuthorizationGrantRefreshTokenLifespan
+
+`func (o *OAuth2ClientTokenLifespans) HasDeviceAuthorizationGrantRefreshTokenLifespan() bool`
+
+HasDeviceAuthorizationGrantRefreshTokenLifespan returns a boolean if a field has been set.
+
### GetImplicitGrantAccessTokenLifespan
`func (o *OAuth2ClientTokenLifespans) GetImplicitGrantAccessTokenLifespan() string`
diff --git a/internal/httpclient/docs/OAuth2ConsentRequest.md b/internal/httpclient/docs/OAuth2ConsentRequest.md
index f01dc3f79f9..dfe3d0abecc 100644
--- a/internal/httpclient/docs/OAuth2ConsentRequest.md
+++ b/internal/httpclient/docs/OAuth2ConsentRequest.md
@@ -9,6 +9,7 @@ Name | Type | Description | Notes
**Challenge** | **string** | ID is the identifier (\"authorization challenge\") of the consent authorization request. It is used to identify the session. |
**Client** | Pointer to [**OAuth2Client**](OAuth2Client.md) | | [optional]
**Context** | Pointer to **interface{}** | | [optional]
+**DeviceChallengeId** | Pointer to **string** | DeviceChallenge is the device challenge this consent challenge belongs to, if this flow was initiated by a device. | [optional]
**LoginChallenge** | Pointer to **string** | LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate a login and consent request in the login & consent app. | [optional]
**LoginSessionId** | Pointer to **string** | LoginSessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \"sid\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It's value can generally be used to associate consecutive login requests by a certain user. | [optional]
**OidcContext** | Pointer to [**OAuth2ConsentRequestOpenIDConnectContext**](OAuth2ConsentRequestOpenIDConnectContext.md) | | [optional]
@@ -167,6 +168,31 @@ HasContext returns a boolean if a field has been set.
`func (o *OAuth2ConsentRequest) UnsetContext()`
UnsetContext ensures that no value is present for Context, not even an explicit nil
+### GetDeviceChallengeId
+
+`func (o *OAuth2ConsentRequest) GetDeviceChallengeId() string`
+
+GetDeviceChallengeId returns the DeviceChallengeId field if non-nil, zero value otherwise.
+
+### GetDeviceChallengeIdOk
+
+`func (o *OAuth2ConsentRequest) GetDeviceChallengeIdOk() (*string, bool)`
+
+GetDeviceChallengeIdOk returns a tuple with the DeviceChallengeId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceChallengeId
+
+`func (o *OAuth2ConsentRequest) SetDeviceChallengeId(v string)`
+
+SetDeviceChallengeId sets DeviceChallengeId field to given value.
+
+### HasDeviceChallengeId
+
+`func (o *OAuth2ConsentRequest) HasDeviceChallengeId() bool`
+
+HasDeviceChallengeId returns a boolean if a field has been set.
+
### GetLoginChallenge
`func (o *OAuth2ConsentRequest) GetLoginChallenge() string`
diff --git a/internal/httpclient/docs/OAuth2ConsentSession.md b/internal/httpclient/docs/OAuth2ConsentSession.md
index 732ecca2a3f..0399f2ab121 100644
--- a/internal/httpclient/docs/OAuth2ConsentSession.md
+++ b/internal/httpclient/docs/OAuth2ConsentSession.md
@@ -5,6 +5,7 @@
Name | Type | Description | Notes
------------ | ------------- | ------------- | -------------
**ConsentRequest** | Pointer to [**OAuth2ConsentRequest**](OAuth2ConsentRequest.md) | | [optional]
+**Context** | Pointer to **interface{}** | | [optional]
**ExpiresAt** | Pointer to [**OAuth2ConsentSessionExpiresAt**](OAuth2ConsentSessionExpiresAt.md) | | [optional]
**GrantAccessTokenAudience** | Pointer to **[]string** | | [optional]
**GrantScope** | Pointer to **[]string** | | [optional]
@@ -57,6 +58,41 @@ SetConsentRequest sets ConsentRequest field to given value.
HasConsentRequest returns a boolean if a field has been set.
+### GetContext
+
+`func (o *OAuth2ConsentSession) GetContext() interface{}`
+
+GetContext returns the Context field if non-nil, zero value otherwise.
+
+### GetContextOk
+
+`func (o *OAuth2ConsentSession) GetContextOk() (*interface{}, bool)`
+
+GetContextOk returns a tuple with the Context field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetContext
+
+`func (o *OAuth2ConsentSession) SetContext(v interface{})`
+
+SetContext sets Context field to given value.
+
+### HasContext
+
+`func (o *OAuth2ConsentSession) HasContext() bool`
+
+HasContext returns a boolean if a field has been set.
+
+### SetContextNil
+
+`func (o *OAuth2ConsentSession) SetContextNil(b bool)`
+
+ SetContextNil sets the value for Context to be an explicit nil
+
+### UnsetContext
+`func (o *OAuth2ConsentSession) UnsetContext()`
+
+UnsetContext ensures that no value is present for Context, not even an explicit nil
### GetExpiresAt
`func (o *OAuth2ConsentSession) GetExpiresAt() OAuth2ConsentSessionExpiresAt`
diff --git a/internal/httpclient/docs/OidcApi.md b/internal/httpclient/docs/OidcAPI.md
similarity index 59%
rename from internal/httpclient/docs/OidcApi.md
rename to internal/httpclient/docs/OidcAPI.md
index e1884fa2ad4..7ec0f5b17a0 100644
--- a/internal/httpclient/docs/OidcApi.md
+++ b/internal/httpclient/docs/OidcAPI.md
@@ -1,17 +1,17 @@
-# \OidcApi
+# \OidcAPI
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
-[**CreateOidcDynamicClient**](OidcApi.md#CreateOidcDynamicClient) | **Post** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration
-[**CreateVerifiableCredential**](OidcApi.md#CreateVerifiableCredential) | **Post** /credentials | Issues a Verifiable Credential
-[**DeleteOidcDynamicClient**](OidcApi.md#DeleteOidcDynamicClient) | **Delete** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol
-[**DiscoverOidcConfiguration**](OidcApi.md#DiscoverOidcConfiguration) | **Get** /.well-known/openid-configuration | OpenID Connect Discovery
-[**GetOidcDynamicClient**](OidcApi.md#GetOidcDynamicClient) | **Get** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration
-[**GetOidcUserInfo**](OidcApi.md#GetOidcUserInfo) | **Get** /userinfo | OpenID Connect Userinfo
-[**RevokeOidcSession**](OidcApi.md#RevokeOidcSession) | **Get** /oauth2/sessions/logout | OpenID Connect Front- and Back-channel Enabled Logout
-[**SetOidcDynamicClient**](OidcApi.md#SetOidcDynamicClient) | **Put** /oauth2/register/{id} | Set OAuth2 Client using OpenID Dynamic Client Registration
+[**CreateOidcDynamicClient**](OidcAPI.md#CreateOidcDynamicClient) | **Post** /oauth2/register | Register OAuth2 Client using OpenID Dynamic Client Registration
+[**CreateVerifiableCredential**](OidcAPI.md#CreateVerifiableCredential) | **Post** /credentials | Issues a Verifiable Credential
+[**DeleteOidcDynamicClient**](OidcAPI.md#DeleteOidcDynamicClient) | **Delete** /oauth2/register/{id} | Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management Protocol
+[**DiscoverOidcConfiguration**](OidcAPI.md#DiscoverOidcConfiguration) | **Get** /.well-known/openid-configuration | OpenID Connect Discovery
+[**GetOidcDynamicClient**](OidcAPI.md#GetOidcDynamicClient) | **Get** /oauth2/register/{id} | Get OAuth2 Client using OpenID Dynamic Client Registration
+[**GetOidcUserInfo**](OidcAPI.md#GetOidcUserInfo) | **Get** /userinfo | OpenID Connect Userinfo
+[**RevokeOidcSession**](OidcAPI.md#RevokeOidcSession) | **Get** /oauth2/sessions/logout | OpenID Connect Front- and Back-channel Enabled Logout
+[**SetOidcDynamicClient**](OidcAPI.md#SetOidcDynamicClient) | **Put** /oauth2/register/{id} | Set OAuth2 Client using OpenID Dynamic Client Registration
@@ -29,24 +29,24 @@ Register OAuth2 Client using OpenID Dynamic Client Registration
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- oAuth2Client := *openapiclient.NewOAuth2Client() // OAuth2Client | Dynamic Client Registration Request Body
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OidcApi.CreateOidcDynamicClient(context.Background()).OAuth2Client(oAuth2Client).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.CreateOidcDynamicClient``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `CreateOidcDynamicClient`: OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OidcApi.CreateOidcDynamicClient`: %v\n", resp)
+ oAuth2Client := *openapiclient.NewOAuth2Client() // OAuth2Client | Dynamic Client Registration Request Body
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OidcAPI.CreateOidcDynamicClient(context.Background()).OAuth2Client(oAuth2Client).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OidcAPI.CreateOidcDynamicClient``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `CreateOidcDynamicClient`: OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OidcAPI.CreateOidcDynamicClient`: %v\n", resp)
}
```
@@ -95,24 +95,24 @@ Issues a Verifiable Credential
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- createVerifiableCredentialRequestBody := *openapiclient.NewCreateVerifiableCredentialRequestBody() // CreateVerifiableCredentialRequestBody | (optional)
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OidcApi.CreateVerifiableCredential(context.Background()).CreateVerifiableCredentialRequestBody(createVerifiableCredentialRequestBody).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.CreateVerifiableCredential``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `CreateVerifiableCredential`: VerifiableCredentialResponse
- fmt.Fprintf(os.Stdout, "Response from `OidcApi.CreateVerifiableCredential`: %v\n", resp)
+ createVerifiableCredentialRequestBody := *openapiclient.NewCreateVerifiableCredentialRequestBody() // CreateVerifiableCredentialRequestBody | (optional)
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OidcAPI.CreateVerifiableCredential(context.Background()).CreateVerifiableCredentialRequestBody(createVerifiableCredentialRequestBody).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OidcAPI.CreateVerifiableCredential``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `CreateVerifiableCredential`: VerifiableCredentialResponse
+ fmt.Fprintf(os.Stdout, "Response from `OidcAPI.CreateVerifiableCredential`: %v\n", resp)
}
```
@@ -161,22 +161,22 @@ Delete OAuth 2.0 Client using the OpenID Dynamic Client Registration Management
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | The id of the OAuth 2.0 Client.
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OidcApi.DeleteOidcDynamicClient(context.Background(), id).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.DeleteOidcDynamicClient``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ id := "id_example" // string | The id of the OAuth 2.0 Client.
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OidcAPI.DeleteOidcDynamicClient(context.Background(), id).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OidcAPI.DeleteOidcDynamicClient``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -229,23 +229,23 @@ OpenID Connect Discovery
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OidcApi.DiscoverOidcConfiguration(context.Background()).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.DiscoverOidcConfiguration``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `DiscoverOidcConfiguration`: OidcConfiguration
- fmt.Fprintf(os.Stdout, "Response from `OidcApi.DiscoverOidcConfiguration`: %v\n", resp)
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OidcAPI.DiscoverOidcConfiguration(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OidcAPI.DiscoverOidcConfiguration``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `DiscoverOidcConfiguration`: OidcConfiguration
+ fmt.Fprintf(os.Stdout, "Response from `OidcAPI.DiscoverOidcConfiguration`: %v\n", resp)
}
```
@@ -290,24 +290,24 @@ Get OAuth2 Client using OpenID Dynamic Client Registration
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | The id of the OAuth 2.0 Client.
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OidcApi.GetOidcDynamicClient(context.Background(), id).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.GetOidcDynamicClient``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetOidcDynamicClient`: OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OidcApi.GetOidcDynamicClient`: %v\n", resp)
+ id := "id_example" // string | The id of the OAuth 2.0 Client.
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OidcAPI.GetOidcDynamicClient(context.Background(), id).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OidcAPI.GetOidcDynamicClient``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetOidcDynamicClient`: OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OidcAPI.GetOidcDynamicClient`: %v\n", resp)
}
```
@@ -360,23 +360,23 @@ OpenID Connect Userinfo
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OidcApi.GetOidcUserInfo(context.Background()).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.GetOidcUserInfo``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `GetOidcUserInfo`: OidcUserInfo
- fmt.Fprintf(os.Stdout, "Response from `OidcApi.GetOidcUserInfo`: %v\n", resp)
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OidcAPI.GetOidcUserInfo(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OidcAPI.GetOidcUserInfo``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `GetOidcUserInfo`: OidcUserInfo
+ fmt.Fprintf(os.Stdout, "Response from `OidcAPI.GetOidcUserInfo`: %v\n", resp)
}
```
@@ -421,21 +421,21 @@ OpenID Connect Front- and Back-channel Enabled Logout
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OidcApi.RevokeOidcSession(context.Background()).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.RevokeOidcSession``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ r, err := apiClient.OidcAPI.RevokeOidcSession(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OidcAPI.RevokeOidcSession``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
}
```
@@ -480,25 +480,25 @@ Set OAuth2 Client using OpenID Dynamic Client Registration
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- id := "id_example" // string | OAuth 2.0 Client ID
- oAuth2Client := *openapiclient.NewOAuth2Client() // OAuth2Client | OAuth 2.0 Client Request Body
-
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.OidcApi.SetOidcDynamicClient(context.Background(), id).OAuth2Client(oAuth2Client).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `OidcApi.SetOidcDynamicClient``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `SetOidcDynamicClient`: OAuth2Client
- fmt.Fprintf(os.Stdout, "Response from `OidcApi.SetOidcDynamicClient`: %v\n", resp)
+ id := "id_example" // string | OAuth 2.0 Client ID
+ oAuth2Client := *openapiclient.NewOAuth2Client() // OAuth2Client | OAuth 2.0 Client Request Body
+
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.OidcAPI.SetOidcDynamicClient(context.Background(), id).OAuth2Client(oAuth2Client).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `OidcAPI.SetOidcDynamicClient``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `SetOidcDynamicClient`: OAuth2Client
+ fmt.Fprintf(os.Stdout, "Response from `OidcAPI.SetOidcDynamicClient`: %v\n", resp)
}
```
diff --git a/internal/httpclient/docs/OidcConfiguration.md b/internal/httpclient/docs/OidcConfiguration.md
index 1b20c7d8733..27f0134440c 100644
--- a/internal/httpclient/docs/OidcConfiguration.md
+++ b/internal/httpclient/docs/OidcConfiguration.md
@@ -12,6 +12,7 @@ Name | Type | Description | Notes
**CodeChallengeMethodsSupported** | Pointer to **[]string** | OAuth 2.0 PKCE Supported Code Challenge Methods JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported by this authorization server. | [optional]
**CredentialsEndpointDraft00** | Pointer to **string** | OpenID Connect Verifiable Credentials Endpoint Contains the URL of the Verifiable Credentials Endpoint. | [optional]
**CredentialsSupportedDraft00** | Pointer to [**[]CredentialSupportedDraft00**](CredentialSupportedDraft00.md) | OpenID Connect Verifiable Credentials Supported JSON array containing a list of the Verifiable Credentials supported by this authorization server. | [optional]
+**DeviceAuthorizationEndpoint** | **string** | OAuth 2.0 Device Authorization Endpoint URL |
**EndSessionEndpoint** | Pointer to **string** | OpenID Connect End-Session Endpoint URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. | [optional]
**FrontchannelLogoutSessionSupported** | Pointer to **bool** | OpenID Connect Front-Channel Logout Session Required Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also included in ID Tokens issued by the OP. | [optional]
**FrontchannelLogoutSupported** | Pointer to **bool** | OpenID Connect Front-Channel Logout Supported Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support. | [optional]
@@ -40,7 +41,7 @@ Name | Type | Description | Notes
### NewOidcConfiguration
-`func NewOidcConfiguration(authorizationEndpoint string, idTokenSignedResponseAlg []string, idTokenSigningAlgValuesSupported []string, issuer string, jwksUri string, responseTypesSupported []string, subjectTypesSupported []string, tokenEndpoint string, userinfoSignedResponseAlg []string, ) *OidcConfiguration`
+`func NewOidcConfiguration(authorizationEndpoint string, deviceAuthorizationEndpoint string, idTokenSignedResponseAlg []string, idTokenSigningAlgValuesSupported []string, issuer string, jwksUri string, responseTypesSupported []string, subjectTypesSupported []string, tokenEndpoint string, userinfoSignedResponseAlg []string, ) *OidcConfiguration`
NewOidcConfiguration instantiates a new OidcConfiguration object
This constructor will assign default values to properties that have it defined,
@@ -250,6 +251,26 @@ SetCredentialsSupportedDraft00 sets CredentialsSupportedDraft00 field to given v
HasCredentialsSupportedDraft00 returns a boolean if a field has been set.
+### GetDeviceAuthorizationEndpoint
+
+`func (o *OidcConfiguration) GetDeviceAuthorizationEndpoint() string`
+
+GetDeviceAuthorizationEndpoint returns the DeviceAuthorizationEndpoint field if non-nil, zero value otherwise.
+
+### GetDeviceAuthorizationEndpointOk
+
+`func (o *OidcConfiguration) GetDeviceAuthorizationEndpointOk() (*string, bool)`
+
+GetDeviceAuthorizationEndpointOk returns a tuple with the DeviceAuthorizationEndpoint field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceAuthorizationEndpoint
+
+`func (o *OidcConfiguration) SetDeviceAuthorizationEndpoint(v string)`
+
+SetDeviceAuthorizationEndpoint sets DeviceAuthorizationEndpoint field to given value.
+
+
### GetEndSessionEndpoint
`func (o *OidcConfiguration) GetEndSessionEndpoint() string`
diff --git a/internal/httpclient/docs/VerifyUserCodeRequest.md b/internal/httpclient/docs/VerifyUserCodeRequest.md
new file mode 100644
index 00000000000..09a2270ab44
--- /dev/null
+++ b/internal/httpclient/docs/VerifyUserCodeRequest.md
@@ -0,0 +1,212 @@
+# VerifyUserCodeRequest
+
+## Properties
+
+Name | Type | Description | Notes
+------------ | ------------- | ------------- | -------------
+**Challenge** | Pointer to **string** | ID is the identifier (\"device challenge\") of the device request. It is used to identify the session. | [optional]
+**Client** | Pointer to [**OAuth2Client**](OAuth2Client.md) | | [optional]
+**DeviceCodeRequestId** | Pointer to **string** | | [optional]
+**HandledAt** | Pointer to **time.Time** | | [optional]
+**RequestUrl** | Pointer to **string** | RequestURL is the original Device Authorization URL requested. | [optional]
+**RequestedAccessTokenAudience** | Pointer to **[]string** | | [optional]
+**RequestedScope** | Pointer to **[]string** | | [optional]
+
+## Methods
+
+### NewVerifyUserCodeRequest
+
+`func NewVerifyUserCodeRequest() *VerifyUserCodeRequest`
+
+NewVerifyUserCodeRequest instantiates a new VerifyUserCodeRequest object
+This constructor will assign default values to properties that have it defined,
+and makes sure properties required by API are set, but the set of arguments
+will change when the set of required properties is changed
+
+### NewVerifyUserCodeRequestWithDefaults
+
+`func NewVerifyUserCodeRequestWithDefaults() *VerifyUserCodeRequest`
+
+NewVerifyUserCodeRequestWithDefaults instantiates a new VerifyUserCodeRequest object
+This constructor will only assign default values to properties that have it defined,
+but it doesn't guarantee that properties required by API are set
+
+### GetChallenge
+
+`func (o *VerifyUserCodeRequest) GetChallenge() string`
+
+GetChallenge returns the Challenge field if non-nil, zero value otherwise.
+
+### GetChallengeOk
+
+`func (o *VerifyUserCodeRequest) GetChallengeOk() (*string, bool)`
+
+GetChallengeOk returns a tuple with the Challenge field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetChallenge
+
+`func (o *VerifyUserCodeRequest) SetChallenge(v string)`
+
+SetChallenge sets Challenge field to given value.
+
+### HasChallenge
+
+`func (o *VerifyUserCodeRequest) HasChallenge() bool`
+
+HasChallenge returns a boolean if a field has been set.
+
+### GetClient
+
+`func (o *VerifyUserCodeRequest) GetClient() OAuth2Client`
+
+GetClient returns the Client field if non-nil, zero value otherwise.
+
+### GetClientOk
+
+`func (o *VerifyUserCodeRequest) GetClientOk() (*OAuth2Client, bool)`
+
+GetClientOk returns a tuple with the Client field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetClient
+
+`func (o *VerifyUserCodeRequest) SetClient(v OAuth2Client)`
+
+SetClient sets Client field to given value.
+
+### HasClient
+
+`func (o *VerifyUserCodeRequest) HasClient() bool`
+
+HasClient returns a boolean if a field has been set.
+
+### GetDeviceCodeRequestId
+
+`func (o *VerifyUserCodeRequest) GetDeviceCodeRequestId() string`
+
+GetDeviceCodeRequestId returns the DeviceCodeRequestId field if non-nil, zero value otherwise.
+
+### GetDeviceCodeRequestIdOk
+
+`func (o *VerifyUserCodeRequest) GetDeviceCodeRequestIdOk() (*string, bool)`
+
+GetDeviceCodeRequestIdOk returns a tuple with the DeviceCodeRequestId field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetDeviceCodeRequestId
+
+`func (o *VerifyUserCodeRequest) SetDeviceCodeRequestId(v string)`
+
+SetDeviceCodeRequestId sets DeviceCodeRequestId field to given value.
+
+### HasDeviceCodeRequestId
+
+`func (o *VerifyUserCodeRequest) HasDeviceCodeRequestId() bool`
+
+HasDeviceCodeRequestId returns a boolean if a field has been set.
+
+### GetHandledAt
+
+`func (o *VerifyUserCodeRequest) GetHandledAt() time.Time`
+
+GetHandledAt returns the HandledAt field if non-nil, zero value otherwise.
+
+### GetHandledAtOk
+
+`func (o *VerifyUserCodeRequest) GetHandledAtOk() (*time.Time, bool)`
+
+GetHandledAtOk returns a tuple with the HandledAt field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetHandledAt
+
+`func (o *VerifyUserCodeRequest) SetHandledAt(v time.Time)`
+
+SetHandledAt sets HandledAt field to given value.
+
+### HasHandledAt
+
+`func (o *VerifyUserCodeRequest) HasHandledAt() bool`
+
+HasHandledAt returns a boolean if a field has been set.
+
+### GetRequestUrl
+
+`func (o *VerifyUserCodeRequest) GetRequestUrl() string`
+
+GetRequestUrl returns the RequestUrl field if non-nil, zero value otherwise.
+
+### GetRequestUrlOk
+
+`func (o *VerifyUserCodeRequest) GetRequestUrlOk() (*string, bool)`
+
+GetRequestUrlOk returns a tuple with the RequestUrl field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestUrl
+
+`func (o *VerifyUserCodeRequest) SetRequestUrl(v string)`
+
+SetRequestUrl sets RequestUrl field to given value.
+
+### HasRequestUrl
+
+`func (o *VerifyUserCodeRequest) HasRequestUrl() bool`
+
+HasRequestUrl returns a boolean if a field has been set.
+
+### GetRequestedAccessTokenAudience
+
+`func (o *VerifyUserCodeRequest) GetRequestedAccessTokenAudience() []string`
+
+GetRequestedAccessTokenAudience returns the RequestedAccessTokenAudience field if non-nil, zero value otherwise.
+
+### GetRequestedAccessTokenAudienceOk
+
+`func (o *VerifyUserCodeRequest) GetRequestedAccessTokenAudienceOk() (*[]string, bool)`
+
+GetRequestedAccessTokenAudienceOk returns a tuple with the RequestedAccessTokenAudience field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestedAccessTokenAudience
+
+`func (o *VerifyUserCodeRequest) SetRequestedAccessTokenAudience(v []string)`
+
+SetRequestedAccessTokenAudience sets RequestedAccessTokenAudience field to given value.
+
+### HasRequestedAccessTokenAudience
+
+`func (o *VerifyUserCodeRequest) HasRequestedAccessTokenAudience() bool`
+
+HasRequestedAccessTokenAudience returns a boolean if a field has been set.
+
+### GetRequestedScope
+
+`func (o *VerifyUserCodeRequest) GetRequestedScope() []string`
+
+GetRequestedScope returns the RequestedScope field if non-nil, zero value otherwise.
+
+### GetRequestedScopeOk
+
+`func (o *VerifyUserCodeRequest) GetRequestedScopeOk() (*[]string, bool)`
+
+GetRequestedScopeOk returns a tuple with the RequestedScope field if it's non-nil, zero value otherwise
+and a boolean to check if the value has been set.
+
+### SetRequestedScope
+
+`func (o *VerifyUserCodeRequest) SetRequestedScope(v []string)`
+
+SetRequestedScope sets RequestedScope field to given value.
+
+### HasRequestedScope
+
+`func (o *VerifyUserCodeRequest) HasRequestedScope() bool`
+
+HasRequestedScope returns a boolean if a field has been set.
+
+
+[[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)
+
+
diff --git a/internal/httpclient/docs/WellknownApi.md b/internal/httpclient/docs/WellknownAPI.md
similarity index 58%
rename from internal/httpclient/docs/WellknownApi.md
rename to internal/httpclient/docs/WellknownAPI.md
index 5f184777044..f61bbbc5186 100644
--- a/internal/httpclient/docs/WellknownApi.md
+++ b/internal/httpclient/docs/WellknownAPI.md
@@ -1,10 +1,10 @@
-# \WellknownApi
+# \WellknownAPI
All URIs are relative to *http://localhost*
Method | HTTP request | Description
------------- | ------------- | -------------
-[**DiscoverJsonWebKeys**](WellknownApi.md#DiscoverJsonWebKeys) | **Get** /.well-known/jwks.json | Discover Well-Known JSON Web Keys
+[**DiscoverJsonWebKeys**](WellknownAPI.md#DiscoverJsonWebKeys) | **Get** /.well-known/jwks.json | Discover Well-Known JSON Web Keys
@@ -22,23 +22,23 @@ Discover Well-Known JSON Web Keys
package main
import (
- "context"
- "fmt"
- "os"
- openapiclient "./openapi"
+ "context"
+ "fmt"
+ "os"
+ openapiclient "github.com/ory/hydra-client-go/v2"
)
func main() {
- configuration := openapiclient.NewConfiguration()
- apiClient := openapiclient.NewAPIClient(configuration)
- resp, r, err := apiClient.WellknownApi.DiscoverJsonWebKeys(context.Background()).Execute()
- if err != nil {
- fmt.Fprintf(os.Stderr, "Error when calling `WellknownApi.DiscoverJsonWebKeys``: %v\n", err)
- fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
- }
- // response from `DiscoverJsonWebKeys`: JsonWebKeySet
- fmt.Fprintf(os.Stdout, "Response from `WellknownApi.DiscoverJsonWebKeys`: %v\n", resp)
+ configuration := openapiclient.NewConfiguration()
+ apiClient := openapiclient.NewAPIClient(configuration)
+ resp, r, err := apiClient.WellknownAPI.DiscoverJsonWebKeys(context.Background()).Execute()
+ if err != nil {
+ fmt.Fprintf(os.Stderr, "Error when calling `WellknownAPI.DiscoverJsonWebKeys``: %v\n", err)
+ fmt.Fprintf(os.Stderr, "Full HTTP response: %v\n", r)
+ }
+ // response from `DiscoverJsonWebKeys`: JsonWebKeySet
+ fmt.Fprintf(os.Stdout, "Response from `WellknownAPI.DiscoverJsonWebKeys`: %v\n", resp)
}
```
diff --git a/internal/httpclient/git_push.sh b/internal/httpclient/git_push.sh
index cb3fc304a3a..c25540340a5 100644
--- a/internal/httpclient/git_push.sh
+++ b/internal/httpclient/git_push.sh
@@ -19,7 +19,7 @@ if [ "$git_user_id" = "" ]; then
fi
if [ "$git_repo_id" = "" ]; then
- git_repo_id="hydra-client-go"
+ git_repo_id="hydra-client-go/v2"
echo "[INFO] No command line input provided. Set \$git_repo_id to $git_repo_id"
fi
diff --git a/internal/httpclient/go.mod b/internal/httpclient/go.mod
index 7f4824c2827..4a8378d605e 100644
--- a/internal/httpclient/go.mod
+++ b/internal/httpclient/go.mod
@@ -1,5 +1,7 @@
module github.com/ory/hydra-client-go/v2
-go 1.13
+go 1.18
-require golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558
+require (
+ golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558
+)
diff --git a/internal/httpclient/go.sum b/internal/httpclient/go.sum
index 734252e6815..3dee6d68163 100644
--- a/internal/httpclient/go.sum
+++ b/internal/httpclient/go.sum
@@ -1,13 +1,360 @@
+cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU=
+cloud.google.com/go v0.44.1/go.mod h1:iSa0KzasP4Uvy3f1mN/7PiObzGgflwredwwASm/v6AU=
+cloud.google.com/go v0.44.2/go.mod h1:60680Gw3Yr4ikxnPRS/oxxkBccT6SA1yMk63TGekxKY=
+cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTjc=
+cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
+cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
+cloud.google.com/go v0.56.0/go.mod h1:jr7tqZxxKOVYizybht9+26Z/gUq7tiRzu+ACVAMbKVk=
+cloud.google.com/go v0.57.0/go.mod h1:oXiQ6Rzq3RAkkY7N6t3TcE6jE+CIBBbA36lwQ1JyzZs=
+cloud.google.com/go v0.62.0/go.mod h1:jmCYTdRCQuc1PHIIJ/maLInMho30T/Y0M4hTdTShOYc=
+cloud.google.com/go v0.65.0/go.mod h1:O5N8zS7uWy9vkA9vayVHs65eM1ubvY4h553ofrNHObY=
+cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
+cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg=
+cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc=
+cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ=
+cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
+cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
+cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU=
+cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
+cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs=
+cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0=
+dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
+github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
+github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
+github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.3/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.4/go.mod h1:l3mdAwkq5BuhzHwde/uurv3sEJeZMXNpwsxVWU71h+4=
github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.5/go.mod h1:6O5/vntMXwX2lRkT1hjjk0nAC1IDOTvTlVgjlRvqsdk=
+github.com/golang/protobuf v1.4.0-rc.1/go.mod h1:ceaxUfeHdC40wWswd/P6IGgMaK3YpKi5j83Wpe3EHw8=
+github.com/golang/protobuf v1.4.0-rc.1.0.20200221234624-67d41d38c208/go.mod h1:xKAWHe0F5eneWXFV3EuXVDTCmh+JuBKY0li0aMyXATA=
+github.com/golang/protobuf v1.4.0-rc.2/go.mod h1:LlEzMj4AhA7rCAGe4KMBDvJI+AwstrUpVNzEA03Pprs=
+github.com/golang/protobuf v1.4.0-rc.4.0.20200313231945-b860323f09d0/go.mod h1:WU3c8KckQ9AFe+yFwt9sWVRKCVIyN9cPHBJSNnbL67w=
+github.com/golang/protobuf v1.4.0/go.mod h1:jodUvKwWbYaEsadDk5Fwe5c77LiNKVO9IDvqG2KuDX0=
+github.com/golang/protobuf v1.4.1/go.mod h1:U8fpvMrcmy5pZrNK1lt4xCsGvpyWQ/VVv6QDs8UjoX8=
+github.com/golang/protobuf v1.4.2/go.mod h1:oDoupMAO8OvCJWAcko0GGGIgR6R6ocIYbsSw735rRwI=
+github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.4.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.1/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
+github.com/google/martian/v3 v3.0.0/go.mod h1:y5Zk1BBys9G+gd6Jrk0W3cC1+ELVxBWuIGO+w/tUAp0=
+github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200430221834-fc25d7d30c6d/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200708004538-1a94d8640e99/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
+github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg=
+github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk=
+github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
+go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
+golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
+golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
+golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
+golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
+golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
+golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
+golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
+golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
+golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
+golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
+golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
+golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e h1:bRhVy7zSSasaqNksaRZiA5EEI+Ei4I1nO5Jh72wfHlg=
golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190501004415-9ce7a6920f09/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190503192946-f4e77d36d62c/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190628185345-da137c7871d7/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20190724013045-ca1201d0de80/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200520182314-0ba52f642ac2/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A=
+golang.org/x/net v0.0.0-20200625001655-4c5254603344/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20210323180902-22b0adad7558/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4 h1:YUO/7uOKsKeq9UokNS62b8FYywz3ker1l1vDZRCRefw=
golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190227155943-e225da77a7e6/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200331124033-c3d80250170d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200501052902-10377860bb8e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
+golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312151545-0bb0c0a6e846/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190312170243-e65039ee4138/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs=
+golang.org/x/tools v0.0.0-20190425150028-36563e24a262/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190506145303-2d16b83fe98c/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q=
+golang.org/x/tools v0.0.0-20190606124116-d0a3d012864b/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190621195816-6e04913cbbac/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190628153133-6cdbf07be9d0/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200227222343-706bc42d1f0d/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200312045724-11d5b4c81c7d/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
+golang.org/x/tools v0.0.0-20200331025713-a30bf2db82d4/go.mod h1:Sl4aGygMT6LrqrWclx+PTx3U+LnKx/seiNR+3G19Ar8=
+golang.org/x/tools v0.0.0-20200501065659-ab2804fb9c9d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200512131952-2bc93b1c0c88/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200515010526-7d3b6ebf133d/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200618134242-20370b0cb4b2/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20200729194436-6467de6f59a7/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200804011535-6c149bb5ef0d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/tools v0.0.0-20200825202427-b303f430e36d/go.mod h1:njjCfa9FT2d7l9Bc6FUM5FLjQPp3cFF28FI3qnDFljA=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE=
+google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M=
+google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.19.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.22.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.24.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.28.0/go.mod h1:lIXQywCXRcnZPGlsd8NbLnOjtAoL6em04bJ9+z0MncE=
+google.golang.org/api v0.29.0/go.mod h1:Lcubydp8VUV7KeIHD9z2Bys/sm/vGKnG1UHuDBSrHWM=
+google.golang.org/api v0.30.0/go.mod h1:QGmEvQ87FHZNiUVJkT14jQNYJ4ZJjdRF23ZXz5138Fc=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/appengine v1.6.6/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
+google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190425155659-357c62f0e4bb/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
+google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
+google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200228133532-8c2c7df3a383/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U=
+google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo=
+google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA=
+google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no=
+google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
+google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
+google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKal+60=
+google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk=
+google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak=
+google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
+google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
+google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM=
+google.golang.org/protobuf v1.20.1-0.20200309200217-e05f789c0967/go.mod h1:A+miEFZTKqfCUM6K7xSMQL9OKL/b6hQv+e19PK+JZNE=
+google.golang.org/protobuf v1.21.0/go.mod h1:47Nbq4nVaFHyn7ilMalzfO3qCViNmqZ2kzikPIcrTAo=
+google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU=
+google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4=
+google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
+honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
+rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
diff --git a/internal/httpclient/model_accept_device_user_code_request.go b/internal/httpclient/model_accept_device_user_code_request.go
new file mode 100644
index 00000000000..c34d1cd5045
--- /dev/null
+++ b/internal/httpclient/model_accept_device_user_code_request.go
@@ -0,0 +1,125 @@
+/*
+Ory Hydra API
+
+Documentation for all of Ory Hydra's APIs.
+
+API version:
+Contact: hi@ory.sh
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package openapi
+
+import (
+ "encoding/json"
+)
+
+// checks if the AcceptDeviceUserCodeRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &AcceptDeviceUserCodeRequest{}
+
+// AcceptDeviceUserCodeRequest Contains information on an device verification
+type AcceptDeviceUserCodeRequest struct {
+ UserCode *string `json:"user_code,omitempty"`
+}
+
+// NewAcceptDeviceUserCodeRequest instantiates a new AcceptDeviceUserCodeRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewAcceptDeviceUserCodeRequest() *AcceptDeviceUserCodeRequest {
+ this := AcceptDeviceUserCodeRequest{}
+ return &this
+}
+
+// NewAcceptDeviceUserCodeRequestWithDefaults instantiates a new AcceptDeviceUserCodeRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewAcceptDeviceUserCodeRequestWithDefaults() *AcceptDeviceUserCodeRequest {
+ this := AcceptDeviceUserCodeRequest{}
+ return &this
+}
+
+// GetUserCode returns the UserCode field value if set, zero value otherwise.
+func (o *AcceptDeviceUserCodeRequest) GetUserCode() string {
+ if o == nil || IsNil(o.UserCode) {
+ var ret string
+ return ret
+ }
+ return *o.UserCode
+}
+
+// GetUserCodeOk returns a tuple with the UserCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *AcceptDeviceUserCodeRequest) GetUserCodeOk() (*string, bool) {
+ if o == nil || IsNil(o.UserCode) {
+ return nil, false
+ }
+ return o.UserCode, true
+}
+
+// HasUserCode returns a boolean if a field has been set.
+func (o *AcceptDeviceUserCodeRequest) HasUserCode() bool {
+ if o != nil && !IsNil(o.UserCode) {
+ return true
+ }
+
+ return false
+}
+
+// SetUserCode gets a reference to the given string and assigns it to the UserCode field.
+func (o *AcceptDeviceUserCodeRequest) SetUserCode(v string) {
+ o.UserCode = &v
+}
+
+func (o AcceptDeviceUserCodeRequest) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o AcceptDeviceUserCodeRequest) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ if !IsNil(o.UserCode) {
+ toSerialize["user_code"] = o.UserCode
+ }
+ return toSerialize, nil
+}
+
+type NullableAcceptDeviceUserCodeRequest struct {
+ value *AcceptDeviceUserCodeRequest
+ isSet bool
+}
+
+func (v NullableAcceptDeviceUserCodeRequest) Get() *AcceptDeviceUserCodeRequest {
+ return v.value
+}
+
+func (v *NullableAcceptDeviceUserCodeRequest) Set(val *AcceptDeviceUserCodeRequest) {
+ v.value = val
+ v.isSet = true
+}
+
+func (v NullableAcceptDeviceUserCodeRequest) IsSet() bool {
+ return v.isSet
+}
+
+func (v *NullableAcceptDeviceUserCodeRequest) Unset() {
+ v.value = nil
+ v.isSet = false
+}
+
+func NewNullableAcceptDeviceUserCodeRequest(val *AcceptDeviceUserCodeRequest) *NullableAcceptDeviceUserCodeRequest {
+ return &NullableAcceptDeviceUserCodeRequest{value: val, isSet: true}
+}
+
+func (v NullableAcceptDeviceUserCodeRequest) MarshalJSON() ([]byte, error) {
+ return json.Marshal(v.value)
+}
+
+func (v *NullableAcceptDeviceUserCodeRequest) UnmarshalJSON(src []byte) error {
+ v.isSet = true
+ return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_accept_o_auth2_consent_request.go b/internal/httpclient/model_accept_o_auth2_consent_request.go
index 11d6459acfd..ff84659a399 100644
--- a/internal/httpclient/model_accept_o_auth2_consent_request.go
+++ b/internal/httpclient/model_accept_o_auth2_consent_request.go
@@ -16,11 +16,15 @@ import (
"time"
)
+// checks if the AcceptOAuth2ConsentRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &AcceptOAuth2ConsentRequest{}
+
// AcceptOAuth2ConsentRequest struct for AcceptOAuth2ConsentRequest
type AcceptOAuth2ConsentRequest struct {
- GrantAccessTokenAudience []string `json:"grant_access_token_audience,omitempty"`
- GrantScope []string `json:"grant_scope,omitempty"`
- HandledAt *time.Time `json:"handled_at,omitempty"`
+ Context interface{} `json:"context,omitempty"`
+ GrantAccessTokenAudience []string `json:"grant_access_token_audience,omitempty"`
+ GrantScope []string `json:"grant_scope,omitempty"`
+ HandledAt *time.Time `json:"handled_at,omitempty"`
// Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same client asks the same user for the same, or a subset of, scope.
Remember *bool `json:"remember,omitempty"`
// RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the authorization will be remembered indefinitely.
@@ -45,9 +49,42 @@ func NewAcceptOAuth2ConsentRequestWithDefaults() *AcceptOAuth2ConsentRequest {
return &this
}
+// GetContext returns the Context field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *AcceptOAuth2ConsentRequest) GetContext() interface{} {
+ if o == nil {
+ var ret interface{}
+ return ret
+ }
+ return o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *AcceptOAuth2ConsentRequest) GetContextOk() (*interface{}, bool) {
+ if o == nil || IsNil(o.Context) {
+ return nil, false
+ }
+ return &o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *AcceptOAuth2ConsentRequest) HasContext() bool {
+ if o != nil && IsNil(o.Context) {
+ return true
+ }
+
+ return false
+}
+
+// SetContext gets a reference to the given interface{} and assigns it to the Context field.
+func (o *AcceptOAuth2ConsentRequest) SetContext(v interface{}) {
+ o.Context = v
+}
+
// GetGrantAccessTokenAudience returns the GrantAccessTokenAudience field value if set, zero value otherwise.
func (o *AcceptOAuth2ConsentRequest) GetGrantAccessTokenAudience() []string {
- if o == nil || o.GrantAccessTokenAudience == nil {
+ if o == nil || IsNil(o.GrantAccessTokenAudience) {
var ret []string
return ret
}
@@ -57,7 +94,7 @@ func (o *AcceptOAuth2ConsentRequest) GetGrantAccessTokenAudience() []string {
// GetGrantAccessTokenAudienceOk returns a tuple with the GrantAccessTokenAudience field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2ConsentRequest) GetGrantAccessTokenAudienceOk() ([]string, bool) {
- if o == nil || o.GrantAccessTokenAudience == nil {
+ if o == nil || IsNil(o.GrantAccessTokenAudience) {
return nil, false
}
return o.GrantAccessTokenAudience, true
@@ -65,7 +102,7 @@ func (o *AcceptOAuth2ConsentRequest) GetGrantAccessTokenAudienceOk() ([]string,
// HasGrantAccessTokenAudience returns a boolean if a field has been set.
func (o *AcceptOAuth2ConsentRequest) HasGrantAccessTokenAudience() bool {
- if o != nil && o.GrantAccessTokenAudience != nil {
+ if o != nil && !IsNil(o.GrantAccessTokenAudience) {
return true
}
@@ -79,7 +116,7 @@ func (o *AcceptOAuth2ConsentRequest) SetGrantAccessTokenAudience(v []string) {
// GetGrantScope returns the GrantScope field value if set, zero value otherwise.
func (o *AcceptOAuth2ConsentRequest) GetGrantScope() []string {
- if o == nil || o.GrantScope == nil {
+ if o == nil || IsNil(o.GrantScope) {
var ret []string
return ret
}
@@ -89,7 +126,7 @@ func (o *AcceptOAuth2ConsentRequest) GetGrantScope() []string {
// GetGrantScopeOk returns a tuple with the GrantScope field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2ConsentRequest) GetGrantScopeOk() ([]string, bool) {
- if o == nil || o.GrantScope == nil {
+ if o == nil || IsNil(o.GrantScope) {
return nil, false
}
return o.GrantScope, true
@@ -97,7 +134,7 @@ func (o *AcceptOAuth2ConsentRequest) GetGrantScopeOk() ([]string, bool) {
// HasGrantScope returns a boolean if a field has been set.
func (o *AcceptOAuth2ConsentRequest) HasGrantScope() bool {
- if o != nil && o.GrantScope != nil {
+ if o != nil && !IsNil(o.GrantScope) {
return true
}
@@ -111,7 +148,7 @@ func (o *AcceptOAuth2ConsentRequest) SetGrantScope(v []string) {
// GetHandledAt returns the HandledAt field value if set, zero value otherwise.
func (o *AcceptOAuth2ConsentRequest) GetHandledAt() time.Time {
- if o == nil || o.HandledAt == nil {
+ if o == nil || IsNil(o.HandledAt) {
var ret time.Time
return ret
}
@@ -121,7 +158,7 @@ func (o *AcceptOAuth2ConsentRequest) GetHandledAt() time.Time {
// GetHandledAtOk returns a tuple with the HandledAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2ConsentRequest) GetHandledAtOk() (*time.Time, bool) {
- if o == nil || o.HandledAt == nil {
+ if o == nil || IsNil(o.HandledAt) {
return nil, false
}
return o.HandledAt, true
@@ -129,7 +166,7 @@ func (o *AcceptOAuth2ConsentRequest) GetHandledAtOk() (*time.Time, bool) {
// HasHandledAt returns a boolean if a field has been set.
func (o *AcceptOAuth2ConsentRequest) HasHandledAt() bool {
- if o != nil && o.HandledAt != nil {
+ if o != nil && !IsNil(o.HandledAt) {
return true
}
@@ -143,7 +180,7 @@ func (o *AcceptOAuth2ConsentRequest) SetHandledAt(v time.Time) {
// GetRemember returns the Remember field value if set, zero value otherwise.
func (o *AcceptOAuth2ConsentRequest) GetRemember() bool {
- if o == nil || o.Remember == nil {
+ if o == nil || IsNil(o.Remember) {
var ret bool
return ret
}
@@ -153,7 +190,7 @@ func (o *AcceptOAuth2ConsentRequest) GetRemember() bool {
// GetRememberOk returns a tuple with the Remember field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2ConsentRequest) GetRememberOk() (*bool, bool) {
- if o == nil || o.Remember == nil {
+ if o == nil || IsNil(o.Remember) {
return nil, false
}
return o.Remember, true
@@ -161,7 +198,7 @@ func (o *AcceptOAuth2ConsentRequest) GetRememberOk() (*bool, bool) {
// HasRemember returns a boolean if a field has been set.
func (o *AcceptOAuth2ConsentRequest) HasRemember() bool {
- if o != nil && o.Remember != nil {
+ if o != nil && !IsNil(o.Remember) {
return true
}
@@ -175,7 +212,7 @@ func (o *AcceptOAuth2ConsentRequest) SetRemember(v bool) {
// GetRememberFor returns the RememberFor field value if set, zero value otherwise.
func (o *AcceptOAuth2ConsentRequest) GetRememberFor() int64 {
- if o == nil || o.RememberFor == nil {
+ if o == nil || IsNil(o.RememberFor) {
var ret int64
return ret
}
@@ -185,7 +222,7 @@ func (o *AcceptOAuth2ConsentRequest) GetRememberFor() int64 {
// GetRememberForOk returns a tuple with the RememberFor field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2ConsentRequest) GetRememberForOk() (*int64, bool) {
- if o == nil || o.RememberFor == nil {
+ if o == nil || IsNil(o.RememberFor) {
return nil, false
}
return o.RememberFor, true
@@ -193,7 +230,7 @@ func (o *AcceptOAuth2ConsentRequest) GetRememberForOk() (*int64, bool) {
// HasRememberFor returns a boolean if a field has been set.
func (o *AcceptOAuth2ConsentRequest) HasRememberFor() bool {
- if o != nil && o.RememberFor != nil {
+ if o != nil && !IsNil(o.RememberFor) {
return true
}
@@ -207,7 +244,7 @@ func (o *AcceptOAuth2ConsentRequest) SetRememberFor(v int64) {
// GetSession returns the Session field value if set, zero value otherwise.
func (o *AcceptOAuth2ConsentRequest) GetSession() AcceptOAuth2ConsentRequestSession {
- if o == nil || o.Session == nil {
+ if o == nil || IsNil(o.Session) {
var ret AcceptOAuth2ConsentRequestSession
return ret
}
@@ -217,7 +254,7 @@ func (o *AcceptOAuth2ConsentRequest) GetSession() AcceptOAuth2ConsentRequestSess
// GetSessionOk returns a tuple with the Session field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2ConsentRequest) GetSessionOk() (*AcceptOAuth2ConsentRequestSession, bool) {
- if o == nil || o.Session == nil {
+ if o == nil || IsNil(o.Session) {
return nil, false
}
return o.Session, true
@@ -225,7 +262,7 @@ func (o *AcceptOAuth2ConsentRequest) GetSessionOk() (*AcceptOAuth2ConsentRequest
// HasSession returns a boolean if a field has been set.
func (o *AcceptOAuth2ConsentRequest) HasSession() bool {
- if o != nil && o.Session != nil {
+ if o != nil && !IsNil(o.Session) {
return true
}
@@ -238,26 +275,37 @@ func (o *AcceptOAuth2ConsentRequest) SetSession(v AcceptOAuth2ConsentRequestSess
}
func (o AcceptOAuth2ConsentRequest) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o AcceptOAuth2ConsentRequest) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.GrantAccessTokenAudience != nil {
+ if o.Context != nil {
+ toSerialize["context"] = o.Context
+ }
+ if !IsNil(o.GrantAccessTokenAudience) {
toSerialize["grant_access_token_audience"] = o.GrantAccessTokenAudience
}
- if o.GrantScope != nil {
+ if !IsNil(o.GrantScope) {
toSerialize["grant_scope"] = o.GrantScope
}
- if o.HandledAt != nil {
+ if !IsNil(o.HandledAt) {
toSerialize["handled_at"] = o.HandledAt
}
- if o.Remember != nil {
+ if !IsNil(o.Remember) {
toSerialize["remember"] = o.Remember
}
- if o.RememberFor != nil {
+ if !IsNil(o.RememberFor) {
toSerialize["remember_for"] = o.RememberFor
}
- if o.Session != nil {
+ if !IsNil(o.Session) {
toSerialize["session"] = o.Session
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableAcceptOAuth2ConsentRequest struct {
diff --git a/internal/httpclient/model_accept_o_auth2_consent_request_session.go b/internal/httpclient/model_accept_o_auth2_consent_request_session.go
index 33f78991a43..04f7d1356e0 100644
--- a/internal/httpclient/model_accept_o_auth2_consent_request_session.go
+++ b/internal/httpclient/model_accept_o_auth2_consent_request_session.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the AcceptOAuth2ConsentRequestSession type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &AcceptOAuth2ConsentRequestSession{}
+
// AcceptOAuth2ConsentRequestSession struct for AcceptOAuth2ConsentRequestSession
type AcceptOAuth2ConsentRequestSession struct {
// AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the refresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection. If only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties can access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!
@@ -53,7 +56,7 @@ func (o *AcceptOAuth2ConsentRequestSession) GetAccessToken() interface{} {
// and a boolean to check if the value has been set.
// NOTE: If the value is an explicit nil, `nil, true` will be returned
func (o *AcceptOAuth2ConsentRequestSession) GetAccessTokenOk() (*interface{}, bool) {
- if o == nil || o.AccessToken == nil {
+ if o == nil || IsNil(o.AccessToken) {
return nil, false
}
return &o.AccessToken, true
@@ -61,7 +64,7 @@ func (o *AcceptOAuth2ConsentRequestSession) GetAccessTokenOk() (*interface{}, bo
// HasAccessToken returns a boolean if a field has been set.
func (o *AcceptOAuth2ConsentRequestSession) HasAccessToken() bool {
- if o != nil && o.AccessToken != nil {
+ if o != nil && IsNil(o.AccessToken) {
return true
}
@@ -86,7 +89,7 @@ func (o *AcceptOAuth2ConsentRequestSession) GetIdToken() interface{} {
// and a boolean to check if the value has been set.
// NOTE: If the value is an explicit nil, `nil, true` will be returned
func (o *AcceptOAuth2ConsentRequestSession) GetIdTokenOk() (*interface{}, bool) {
- if o == nil || o.IdToken == nil {
+ if o == nil || IsNil(o.IdToken) {
return nil, false
}
return &o.IdToken, true
@@ -94,7 +97,7 @@ func (o *AcceptOAuth2ConsentRequestSession) GetIdTokenOk() (*interface{}, bool)
// HasIdToken returns a boolean if a field has been set.
func (o *AcceptOAuth2ConsentRequestSession) HasIdToken() bool {
- if o != nil && o.IdToken != nil {
+ if o != nil && IsNil(o.IdToken) {
return true
}
@@ -107,6 +110,14 @@ func (o *AcceptOAuth2ConsentRequestSession) SetIdToken(v interface{}) {
}
func (o AcceptOAuth2ConsentRequestSession) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o AcceptOAuth2ConsentRequestSession) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
if o.AccessToken != nil {
toSerialize["access_token"] = o.AccessToken
@@ -114,7 +125,7 @@ func (o AcceptOAuth2ConsentRequestSession) MarshalJSON() ([]byte, error) {
if o.IdToken != nil {
toSerialize["id_token"] = o.IdToken
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableAcceptOAuth2ConsentRequestSession struct {
diff --git a/internal/httpclient/model_accept_o_auth2_login_request.go b/internal/httpclient/model_accept_o_auth2_login_request.go
index 85c5355b2d6..6b3538dbe41 100644
--- a/internal/httpclient/model_accept_o_auth2_login_request.go
+++ b/internal/httpclient/model_accept_o_auth2_login_request.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the AcceptOAuth2LoginRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &AcceptOAuth2LoginRequest{}
+
// AcceptOAuth2LoginRequest struct for AcceptOAuth2LoginRequest
type AcceptOAuth2LoginRequest struct {
// ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it to express that, for example, a user authenticated using two factor authentication.
@@ -35,6 +40,8 @@ type AcceptOAuth2LoginRequest struct {
Subject string `json:"subject"`
}
+type _AcceptOAuth2LoginRequest AcceptOAuth2LoginRequest
+
// NewAcceptOAuth2LoginRequest instantiates a new AcceptOAuth2LoginRequest object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -55,7 +62,7 @@ func NewAcceptOAuth2LoginRequestWithDefaults() *AcceptOAuth2LoginRequest {
// GetAcr returns the Acr field value if set, zero value otherwise.
func (o *AcceptOAuth2LoginRequest) GetAcr() string {
- if o == nil || o.Acr == nil {
+ if o == nil || IsNil(o.Acr) {
var ret string
return ret
}
@@ -65,7 +72,7 @@ func (o *AcceptOAuth2LoginRequest) GetAcr() string {
// GetAcrOk returns a tuple with the Acr field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2LoginRequest) GetAcrOk() (*string, bool) {
- if o == nil || o.Acr == nil {
+ if o == nil || IsNil(o.Acr) {
return nil, false
}
return o.Acr, true
@@ -73,7 +80,7 @@ func (o *AcceptOAuth2LoginRequest) GetAcrOk() (*string, bool) {
// HasAcr returns a boolean if a field has been set.
func (o *AcceptOAuth2LoginRequest) HasAcr() bool {
- if o != nil && o.Acr != nil {
+ if o != nil && !IsNil(o.Acr) {
return true
}
@@ -87,7 +94,7 @@ func (o *AcceptOAuth2LoginRequest) SetAcr(v string) {
// GetAmr returns the Amr field value if set, zero value otherwise.
func (o *AcceptOAuth2LoginRequest) GetAmr() []string {
- if o == nil || o.Amr == nil {
+ if o == nil || IsNil(o.Amr) {
var ret []string
return ret
}
@@ -97,7 +104,7 @@ func (o *AcceptOAuth2LoginRequest) GetAmr() []string {
// GetAmrOk returns a tuple with the Amr field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2LoginRequest) GetAmrOk() ([]string, bool) {
- if o == nil || o.Amr == nil {
+ if o == nil || IsNil(o.Amr) {
return nil, false
}
return o.Amr, true
@@ -105,7 +112,7 @@ func (o *AcceptOAuth2LoginRequest) GetAmrOk() ([]string, bool) {
// HasAmr returns a boolean if a field has been set.
func (o *AcceptOAuth2LoginRequest) HasAmr() bool {
- if o != nil && o.Amr != nil {
+ if o != nil && !IsNil(o.Amr) {
return true
}
@@ -130,7 +137,7 @@ func (o *AcceptOAuth2LoginRequest) GetContext() interface{} {
// and a boolean to check if the value has been set.
// NOTE: If the value is an explicit nil, `nil, true` will be returned
func (o *AcceptOAuth2LoginRequest) GetContextOk() (*interface{}, bool) {
- if o == nil || o.Context == nil {
+ if o == nil || IsNil(o.Context) {
return nil, false
}
return &o.Context, true
@@ -138,7 +145,7 @@ func (o *AcceptOAuth2LoginRequest) GetContextOk() (*interface{}, bool) {
// HasContext returns a boolean if a field has been set.
func (o *AcceptOAuth2LoginRequest) HasContext() bool {
- if o != nil && o.Context != nil {
+ if o != nil && IsNil(o.Context) {
return true
}
@@ -152,7 +159,7 @@ func (o *AcceptOAuth2LoginRequest) SetContext(v interface{}) {
// GetExtendSessionLifespan returns the ExtendSessionLifespan field value if set, zero value otherwise.
func (o *AcceptOAuth2LoginRequest) GetExtendSessionLifespan() bool {
- if o == nil || o.ExtendSessionLifespan == nil {
+ if o == nil || IsNil(o.ExtendSessionLifespan) {
var ret bool
return ret
}
@@ -162,7 +169,7 @@ func (o *AcceptOAuth2LoginRequest) GetExtendSessionLifespan() bool {
// GetExtendSessionLifespanOk returns a tuple with the ExtendSessionLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2LoginRequest) GetExtendSessionLifespanOk() (*bool, bool) {
- if o == nil || o.ExtendSessionLifespan == nil {
+ if o == nil || IsNil(o.ExtendSessionLifespan) {
return nil, false
}
return o.ExtendSessionLifespan, true
@@ -170,7 +177,7 @@ func (o *AcceptOAuth2LoginRequest) GetExtendSessionLifespanOk() (*bool, bool) {
// HasExtendSessionLifespan returns a boolean if a field has been set.
func (o *AcceptOAuth2LoginRequest) HasExtendSessionLifespan() bool {
- if o != nil && o.ExtendSessionLifespan != nil {
+ if o != nil && !IsNil(o.ExtendSessionLifespan) {
return true
}
@@ -184,7 +191,7 @@ func (o *AcceptOAuth2LoginRequest) SetExtendSessionLifespan(v bool) {
// GetForceSubjectIdentifier returns the ForceSubjectIdentifier field value if set, zero value otherwise.
func (o *AcceptOAuth2LoginRequest) GetForceSubjectIdentifier() string {
- if o == nil || o.ForceSubjectIdentifier == nil {
+ if o == nil || IsNil(o.ForceSubjectIdentifier) {
var ret string
return ret
}
@@ -194,7 +201,7 @@ func (o *AcceptOAuth2LoginRequest) GetForceSubjectIdentifier() string {
// GetForceSubjectIdentifierOk returns a tuple with the ForceSubjectIdentifier field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2LoginRequest) GetForceSubjectIdentifierOk() (*string, bool) {
- if o == nil || o.ForceSubjectIdentifier == nil {
+ if o == nil || IsNil(o.ForceSubjectIdentifier) {
return nil, false
}
return o.ForceSubjectIdentifier, true
@@ -202,7 +209,7 @@ func (o *AcceptOAuth2LoginRequest) GetForceSubjectIdentifierOk() (*string, bool)
// HasForceSubjectIdentifier returns a boolean if a field has been set.
func (o *AcceptOAuth2LoginRequest) HasForceSubjectIdentifier() bool {
- if o != nil && o.ForceSubjectIdentifier != nil {
+ if o != nil && !IsNil(o.ForceSubjectIdentifier) {
return true
}
@@ -216,7 +223,7 @@ func (o *AcceptOAuth2LoginRequest) SetForceSubjectIdentifier(v string) {
// GetIdentityProviderSessionId returns the IdentityProviderSessionId field value if set, zero value otherwise.
func (o *AcceptOAuth2LoginRequest) GetIdentityProviderSessionId() string {
- if o == nil || o.IdentityProviderSessionId == nil {
+ if o == nil || IsNil(o.IdentityProviderSessionId) {
var ret string
return ret
}
@@ -226,7 +233,7 @@ func (o *AcceptOAuth2LoginRequest) GetIdentityProviderSessionId() string {
// GetIdentityProviderSessionIdOk returns a tuple with the IdentityProviderSessionId field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2LoginRequest) GetIdentityProviderSessionIdOk() (*string, bool) {
- if o == nil || o.IdentityProviderSessionId == nil {
+ if o == nil || IsNil(o.IdentityProviderSessionId) {
return nil, false
}
return o.IdentityProviderSessionId, true
@@ -234,7 +241,7 @@ func (o *AcceptOAuth2LoginRequest) GetIdentityProviderSessionIdOk() (*string, bo
// HasIdentityProviderSessionId returns a boolean if a field has been set.
func (o *AcceptOAuth2LoginRequest) HasIdentityProviderSessionId() bool {
- if o != nil && o.IdentityProviderSessionId != nil {
+ if o != nil && !IsNil(o.IdentityProviderSessionId) {
return true
}
@@ -248,7 +255,7 @@ func (o *AcceptOAuth2LoginRequest) SetIdentityProviderSessionId(v string) {
// GetRemember returns the Remember field value if set, zero value otherwise.
func (o *AcceptOAuth2LoginRequest) GetRemember() bool {
- if o == nil || o.Remember == nil {
+ if o == nil || IsNil(o.Remember) {
var ret bool
return ret
}
@@ -258,7 +265,7 @@ func (o *AcceptOAuth2LoginRequest) GetRemember() bool {
// GetRememberOk returns a tuple with the Remember field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2LoginRequest) GetRememberOk() (*bool, bool) {
- if o == nil || o.Remember == nil {
+ if o == nil || IsNil(o.Remember) {
return nil, false
}
return o.Remember, true
@@ -266,7 +273,7 @@ func (o *AcceptOAuth2LoginRequest) GetRememberOk() (*bool, bool) {
// HasRemember returns a boolean if a field has been set.
func (o *AcceptOAuth2LoginRequest) HasRemember() bool {
- if o != nil && o.Remember != nil {
+ if o != nil && !IsNil(o.Remember) {
return true
}
@@ -280,7 +287,7 @@ func (o *AcceptOAuth2LoginRequest) SetRemember(v bool) {
// GetRememberFor returns the RememberFor field value if set, zero value otherwise.
func (o *AcceptOAuth2LoginRequest) GetRememberFor() int64 {
- if o == nil || o.RememberFor == nil {
+ if o == nil || IsNil(o.RememberFor) {
var ret int64
return ret
}
@@ -290,7 +297,7 @@ func (o *AcceptOAuth2LoginRequest) GetRememberFor() int64 {
// GetRememberForOk returns a tuple with the RememberFor field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *AcceptOAuth2LoginRequest) GetRememberForOk() (*int64, bool) {
- if o == nil || o.RememberFor == nil {
+ if o == nil || IsNil(o.RememberFor) {
return nil, false
}
return o.RememberFor, true
@@ -298,7 +305,7 @@ func (o *AcceptOAuth2LoginRequest) GetRememberForOk() (*int64, bool) {
// HasRememberFor returns a boolean if a field has been set.
func (o *AcceptOAuth2LoginRequest) HasRememberFor() bool {
- if o != nil && o.RememberFor != nil {
+ if o != nil && !IsNil(o.RememberFor) {
return true
}
@@ -335,35 +342,78 @@ func (o *AcceptOAuth2LoginRequest) SetSubject(v string) {
}
func (o AcceptOAuth2LoginRequest) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o AcceptOAuth2LoginRequest) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Acr != nil {
+ if !IsNil(o.Acr) {
toSerialize["acr"] = o.Acr
}
- if o.Amr != nil {
+ if !IsNil(o.Amr) {
toSerialize["amr"] = o.Amr
}
if o.Context != nil {
toSerialize["context"] = o.Context
}
- if o.ExtendSessionLifespan != nil {
+ if !IsNil(o.ExtendSessionLifespan) {
toSerialize["extend_session_lifespan"] = o.ExtendSessionLifespan
}
- if o.ForceSubjectIdentifier != nil {
+ if !IsNil(o.ForceSubjectIdentifier) {
toSerialize["force_subject_identifier"] = o.ForceSubjectIdentifier
}
- if o.IdentityProviderSessionId != nil {
+ if !IsNil(o.IdentityProviderSessionId) {
toSerialize["identity_provider_session_id"] = o.IdentityProviderSessionId
}
- if o.Remember != nil {
+ if !IsNil(o.Remember) {
toSerialize["remember"] = o.Remember
}
- if o.RememberFor != nil {
+ if !IsNil(o.RememberFor) {
toSerialize["remember_for"] = o.RememberFor
}
- if true {
- toSerialize["subject"] = o.Subject
+ toSerialize["subject"] = o.Subject
+ return toSerialize, nil
+}
+
+func (o *AcceptOAuth2LoginRequest) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "subject",
}
- return json.Marshal(toSerialize)
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varAcceptOAuth2LoginRequest := _AcceptOAuth2LoginRequest{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varAcceptOAuth2LoginRequest)
+
+ if err != nil {
+ return err
+ }
+
+ *o = AcceptOAuth2LoginRequest(varAcceptOAuth2LoginRequest)
+
+ return err
}
type NullableAcceptOAuth2LoginRequest struct {
diff --git a/internal/httpclient/model_create_json_web_key_set.go b/internal/httpclient/model_create_json_web_key_set.go
index 3c0f429b21b..4170214875e 100644
--- a/internal/httpclient/model_create_json_web_key_set.go
+++ b/internal/httpclient/model_create_json_web_key_set.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the CreateJsonWebKeySet type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &CreateJsonWebKeySet{}
+
// CreateJsonWebKeySet Create JSON Web Key Set Request Body
type CreateJsonWebKeySet struct {
// JSON Web Key Algorithm The algorithm to be used for creating the key. Supports `RS256`, `ES256`, `ES512`, `HS512`, and `HS256`.
@@ -25,6 +30,8 @@ type CreateJsonWebKeySet struct {
Use string `json:"use"`
}
+type _CreateJsonWebKeySet CreateJsonWebKeySet
+
// NewCreateJsonWebKeySet instantiates a new CreateJsonWebKeySet object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -118,17 +125,58 @@ func (o *CreateJsonWebKeySet) SetUse(v string) {
}
func (o CreateJsonWebKeySet) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o CreateJsonWebKeySet) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if true {
- toSerialize["alg"] = o.Alg
+ toSerialize["alg"] = o.Alg
+ toSerialize["kid"] = o.Kid
+ toSerialize["use"] = o.Use
+ return toSerialize, nil
+}
+
+func (o *CreateJsonWebKeySet) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "alg",
+ "kid",
+ "use",
}
- if true {
- toSerialize["kid"] = o.Kid
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
}
- if true {
- toSerialize["use"] = o.Use
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
}
- return json.Marshal(toSerialize)
+
+ varCreateJsonWebKeySet := _CreateJsonWebKeySet{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varCreateJsonWebKeySet)
+
+ if err != nil {
+ return err
+ }
+
+ *o = CreateJsonWebKeySet(varCreateJsonWebKeySet)
+
+ return err
}
type NullableCreateJsonWebKeySet struct {
diff --git a/internal/httpclient/model_create_verifiable_credential_request_body.go b/internal/httpclient/model_create_verifiable_credential_request_body.go
index 290f703722a..463e4ac6501 100644
--- a/internal/httpclient/model_create_verifiable_credential_request_body.go
+++ b/internal/httpclient/model_create_verifiable_credential_request_body.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the CreateVerifiableCredentialRequestBody type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &CreateVerifiableCredentialRequestBody{}
+
// CreateVerifiableCredentialRequestBody struct for CreateVerifiableCredentialRequestBody
type CreateVerifiableCredentialRequestBody struct {
Format *string `json:"format,omitempty"`
@@ -41,7 +44,7 @@ func NewCreateVerifiableCredentialRequestBodyWithDefaults() *CreateVerifiableCre
// GetFormat returns the Format field value if set, zero value otherwise.
func (o *CreateVerifiableCredentialRequestBody) GetFormat() string {
- if o == nil || o.Format == nil {
+ if o == nil || IsNil(o.Format) {
var ret string
return ret
}
@@ -51,7 +54,7 @@ func (o *CreateVerifiableCredentialRequestBody) GetFormat() string {
// GetFormatOk returns a tuple with the Format field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *CreateVerifiableCredentialRequestBody) GetFormatOk() (*string, bool) {
- if o == nil || o.Format == nil {
+ if o == nil || IsNil(o.Format) {
return nil, false
}
return o.Format, true
@@ -59,7 +62,7 @@ func (o *CreateVerifiableCredentialRequestBody) GetFormatOk() (*string, bool) {
// HasFormat returns a boolean if a field has been set.
func (o *CreateVerifiableCredentialRequestBody) HasFormat() bool {
- if o != nil && o.Format != nil {
+ if o != nil && !IsNil(o.Format) {
return true
}
@@ -73,7 +76,7 @@ func (o *CreateVerifiableCredentialRequestBody) SetFormat(v string) {
// GetProof returns the Proof field value if set, zero value otherwise.
func (o *CreateVerifiableCredentialRequestBody) GetProof() VerifiableCredentialProof {
- if o == nil || o.Proof == nil {
+ if o == nil || IsNil(o.Proof) {
var ret VerifiableCredentialProof
return ret
}
@@ -83,7 +86,7 @@ func (o *CreateVerifiableCredentialRequestBody) GetProof() VerifiableCredentialP
// GetProofOk returns a tuple with the Proof field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *CreateVerifiableCredentialRequestBody) GetProofOk() (*VerifiableCredentialProof, bool) {
- if o == nil || o.Proof == nil {
+ if o == nil || IsNil(o.Proof) {
return nil, false
}
return o.Proof, true
@@ -91,7 +94,7 @@ func (o *CreateVerifiableCredentialRequestBody) GetProofOk() (*VerifiableCredent
// HasProof returns a boolean if a field has been set.
func (o *CreateVerifiableCredentialRequestBody) HasProof() bool {
- if o != nil && o.Proof != nil {
+ if o != nil && !IsNil(o.Proof) {
return true
}
@@ -105,7 +108,7 @@ func (o *CreateVerifiableCredentialRequestBody) SetProof(v VerifiableCredentialP
// GetTypes returns the Types field value if set, zero value otherwise.
func (o *CreateVerifiableCredentialRequestBody) GetTypes() []string {
- if o == nil || o.Types == nil {
+ if o == nil || IsNil(o.Types) {
var ret []string
return ret
}
@@ -115,7 +118,7 @@ func (o *CreateVerifiableCredentialRequestBody) GetTypes() []string {
// GetTypesOk returns a tuple with the Types field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *CreateVerifiableCredentialRequestBody) GetTypesOk() ([]string, bool) {
- if o == nil || o.Types == nil {
+ if o == nil || IsNil(o.Types) {
return nil, false
}
return o.Types, true
@@ -123,7 +126,7 @@ func (o *CreateVerifiableCredentialRequestBody) GetTypesOk() ([]string, bool) {
// HasTypes returns a boolean if a field has been set.
func (o *CreateVerifiableCredentialRequestBody) HasTypes() bool {
- if o != nil && o.Types != nil {
+ if o != nil && !IsNil(o.Types) {
return true
}
@@ -136,17 +139,25 @@ func (o *CreateVerifiableCredentialRequestBody) SetTypes(v []string) {
}
func (o CreateVerifiableCredentialRequestBody) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o CreateVerifiableCredentialRequestBody) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Format != nil {
+ if !IsNil(o.Format) {
toSerialize["format"] = o.Format
}
- if o.Proof != nil {
+ if !IsNil(o.Proof) {
toSerialize["proof"] = o.Proof
}
- if o.Types != nil {
+ if !IsNil(o.Types) {
toSerialize["types"] = o.Types
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableCreateVerifiableCredentialRequestBody struct {
diff --git a/internal/httpclient/model_credential_supported_draft00.go b/internal/httpclient/model_credential_supported_draft00.go
index f95e03ca9fe..47d1c5198e7 100644
--- a/internal/httpclient/model_credential_supported_draft00.go
+++ b/internal/httpclient/model_credential_supported_draft00.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the CredentialSupportedDraft00 type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &CredentialSupportedDraft00{}
+
// CredentialSupportedDraft00 Includes information about the supported verifiable credentials.
type CredentialSupportedDraft00 struct {
// OpenID Connect Verifiable Credentials Cryptographic Binding Methods Supported Contains a list of cryptographic binding methods supported for signing the proof.
@@ -46,7 +49,7 @@ func NewCredentialSupportedDraft00WithDefaults() *CredentialSupportedDraft00 {
// GetCryptographicBindingMethodsSupported returns the CryptographicBindingMethodsSupported field value if set, zero value otherwise.
func (o *CredentialSupportedDraft00) GetCryptographicBindingMethodsSupported() []string {
- if o == nil || o.CryptographicBindingMethodsSupported == nil {
+ if o == nil || IsNil(o.CryptographicBindingMethodsSupported) {
var ret []string
return ret
}
@@ -56,7 +59,7 @@ func (o *CredentialSupportedDraft00) GetCryptographicBindingMethodsSupported() [
// GetCryptographicBindingMethodsSupportedOk returns a tuple with the CryptographicBindingMethodsSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *CredentialSupportedDraft00) GetCryptographicBindingMethodsSupportedOk() ([]string, bool) {
- if o == nil || o.CryptographicBindingMethodsSupported == nil {
+ if o == nil || IsNil(o.CryptographicBindingMethodsSupported) {
return nil, false
}
return o.CryptographicBindingMethodsSupported, true
@@ -64,7 +67,7 @@ func (o *CredentialSupportedDraft00) GetCryptographicBindingMethodsSupportedOk()
// HasCryptographicBindingMethodsSupported returns a boolean if a field has been set.
func (o *CredentialSupportedDraft00) HasCryptographicBindingMethodsSupported() bool {
- if o != nil && o.CryptographicBindingMethodsSupported != nil {
+ if o != nil && !IsNil(o.CryptographicBindingMethodsSupported) {
return true
}
@@ -78,7 +81,7 @@ func (o *CredentialSupportedDraft00) SetCryptographicBindingMethodsSupported(v [
// GetCryptographicSuitesSupported returns the CryptographicSuitesSupported field value if set, zero value otherwise.
func (o *CredentialSupportedDraft00) GetCryptographicSuitesSupported() []string {
- if o == nil || o.CryptographicSuitesSupported == nil {
+ if o == nil || IsNil(o.CryptographicSuitesSupported) {
var ret []string
return ret
}
@@ -88,7 +91,7 @@ func (o *CredentialSupportedDraft00) GetCryptographicSuitesSupported() []string
// GetCryptographicSuitesSupportedOk returns a tuple with the CryptographicSuitesSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *CredentialSupportedDraft00) GetCryptographicSuitesSupportedOk() ([]string, bool) {
- if o == nil || o.CryptographicSuitesSupported == nil {
+ if o == nil || IsNil(o.CryptographicSuitesSupported) {
return nil, false
}
return o.CryptographicSuitesSupported, true
@@ -96,7 +99,7 @@ func (o *CredentialSupportedDraft00) GetCryptographicSuitesSupportedOk() ([]stri
// HasCryptographicSuitesSupported returns a boolean if a field has been set.
func (o *CredentialSupportedDraft00) HasCryptographicSuitesSupported() bool {
- if o != nil && o.CryptographicSuitesSupported != nil {
+ if o != nil && !IsNil(o.CryptographicSuitesSupported) {
return true
}
@@ -110,7 +113,7 @@ func (o *CredentialSupportedDraft00) SetCryptographicSuitesSupported(v []string)
// GetFormat returns the Format field value if set, zero value otherwise.
func (o *CredentialSupportedDraft00) GetFormat() string {
- if o == nil || o.Format == nil {
+ if o == nil || IsNil(o.Format) {
var ret string
return ret
}
@@ -120,7 +123,7 @@ func (o *CredentialSupportedDraft00) GetFormat() string {
// GetFormatOk returns a tuple with the Format field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *CredentialSupportedDraft00) GetFormatOk() (*string, bool) {
- if o == nil || o.Format == nil {
+ if o == nil || IsNil(o.Format) {
return nil, false
}
return o.Format, true
@@ -128,7 +131,7 @@ func (o *CredentialSupportedDraft00) GetFormatOk() (*string, bool) {
// HasFormat returns a boolean if a field has been set.
func (o *CredentialSupportedDraft00) HasFormat() bool {
- if o != nil && o.Format != nil {
+ if o != nil && !IsNil(o.Format) {
return true
}
@@ -142,7 +145,7 @@ func (o *CredentialSupportedDraft00) SetFormat(v string) {
// GetTypes returns the Types field value if set, zero value otherwise.
func (o *CredentialSupportedDraft00) GetTypes() []string {
- if o == nil || o.Types == nil {
+ if o == nil || IsNil(o.Types) {
var ret []string
return ret
}
@@ -152,7 +155,7 @@ func (o *CredentialSupportedDraft00) GetTypes() []string {
// GetTypesOk returns a tuple with the Types field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *CredentialSupportedDraft00) GetTypesOk() ([]string, bool) {
- if o == nil || o.Types == nil {
+ if o == nil || IsNil(o.Types) {
return nil, false
}
return o.Types, true
@@ -160,7 +163,7 @@ func (o *CredentialSupportedDraft00) GetTypesOk() ([]string, bool) {
// HasTypes returns a boolean if a field has been set.
func (o *CredentialSupportedDraft00) HasTypes() bool {
- if o != nil && o.Types != nil {
+ if o != nil && !IsNil(o.Types) {
return true
}
@@ -173,20 +176,28 @@ func (o *CredentialSupportedDraft00) SetTypes(v []string) {
}
func (o CredentialSupportedDraft00) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o CredentialSupportedDraft00) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.CryptographicBindingMethodsSupported != nil {
+ if !IsNil(o.CryptographicBindingMethodsSupported) {
toSerialize["cryptographic_binding_methods_supported"] = o.CryptographicBindingMethodsSupported
}
- if o.CryptographicSuitesSupported != nil {
+ if !IsNil(o.CryptographicSuitesSupported) {
toSerialize["cryptographic_suites_supported"] = o.CryptographicSuitesSupported
}
- if o.Format != nil {
+ if !IsNil(o.Format) {
toSerialize["format"] = o.Format
}
- if o.Types != nil {
+ if !IsNil(o.Types) {
toSerialize["types"] = o.Types
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableCredentialSupportedDraft00 struct {
diff --git a/internal/httpclient/model_device_authorization.go b/internal/httpclient/model_device_authorization.go
new file mode 100644
index 00000000000..975972a8532
--- /dev/null
+++ b/internal/httpclient/model_device_authorization.go
@@ -0,0 +1,311 @@
+/*
+Ory Hydra API
+
+Documentation for all of Ory Hydra's APIs.
+
+API version:
+Contact: hi@ory.sh
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package openapi
+
+import (
+ "encoding/json"
+)
+
+// checks if the DeviceAuthorization type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &DeviceAuthorization{}
+
+// DeviceAuthorization # Ory's OAuth 2.0 Device Authorization API
+type DeviceAuthorization struct {
+ // The device verification code.
+ DeviceCode *string `json:"device_code,omitempty"`
+ // The lifetime in seconds of the \"device_code\" and \"user_code\".
+ ExpiresIn *int64 `json:"expires_in,omitempty"`
+ // The minimum amount of time in seconds that the client SHOULD wait between polling requests to the token endpoint. If no value is provided, clients MUST use 5 as the default.
+ Interval *int64 `json:"interval,omitempty"`
+ // The end-user verification code.
+ UserCode *string `json:"user_code,omitempty"`
+ // The end-user verification URI on the authorization server. The URI should be short and easy to remember as end users will be asked to manually type it into their user agent.
+ VerificationUri *string `json:"verification_uri,omitempty"`
+ // A verification URI that includes the \"user_code\" (or other information with the same function as the \"user_code\"), which is designed for non-textual transmission.
+ VerificationUriComplete *string `json:"verification_uri_complete,omitempty"`
+}
+
+// NewDeviceAuthorization instantiates a new DeviceAuthorization object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceAuthorization() *DeviceAuthorization {
+ this := DeviceAuthorization{}
+ return &this
+}
+
+// NewDeviceAuthorizationWithDefaults instantiates a new DeviceAuthorization object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceAuthorizationWithDefaults() *DeviceAuthorization {
+ this := DeviceAuthorization{}
+ return &this
+}
+
+// GetDeviceCode returns the DeviceCode field value if set, zero value otherwise.
+func (o *DeviceAuthorization) GetDeviceCode() string {
+ if o == nil || IsNil(o.DeviceCode) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceCode
+}
+
+// GetDeviceCodeOk returns a tuple with the DeviceCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAuthorization) GetDeviceCodeOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceCode) {
+ return nil, false
+ }
+ return o.DeviceCode, true
+}
+
+// HasDeviceCode returns a boolean if a field has been set.
+func (o *DeviceAuthorization) HasDeviceCode() bool {
+ if o != nil && !IsNil(o.DeviceCode) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceCode gets a reference to the given string and assigns it to the DeviceCode field.
+func (o *DeviceAuthorization) SetDeviceCode(v string) {
+ o.DeviceCode = &v
+}
+
+// GetExpiresIn returns the ExpiresIn field value if set, zero value otherwise.
+func (o *DeviceAuthorization) GetExpiresIn() int64 {
+ if o == nil || IsNil(o.ExpiresIn) {
+ var ret int64
+ return ret
+ }
+ return *o.ExpiresIn
+}
+
+// GetExpiresInOk returns a tuple with the ExpiresIn field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAuthorization) GetExpiresInOk() (*int64, bool) {
+ if o == nil || IsNil(o.ExpiresIn) {
+ return nil, false
+ }
+ return o.ExpiresIn, true
+}
+
+// HasExpiresIn returns a boolean if a field has been set.
+func (o *DeviceAuthorization) HasExpiresIn() bool {
+ if o != nil && !IsNil(o.ExpiresIn) {
+ return true
+ }
+
+ return false
+}
+
+// SetExpiresIn gets a reference to the given int64 and assigns it to the ExpiresIn field.
+func (o *DeviceAuthorization) SetExpiresIn(v int64) {
+ o.ExpiresIn = &v
+}
+
+// GetInterval returns the Interval field value if set, zero value otherwise.
+func (o *DeviceAuthorization) GetInterval() int64 {
+ if o == nil || IsNil(o.Interval) {
+ var ret int64
+ return ret
+ }
+ return *o.Interval
+}
+
+// GetIntervalOk returns a tuple with the Interval field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAuthorization) GetIntervalOk() (*int64, bool) {
+ if o == nil || IsNil(o.Interval) {
+ return nil, false
+ }
+ return o.Interval, true
+}
+
+// HasInterval returns a boolean if a field has been set.
+func (o *DeviceAuthorization) HasInterval() bool {
+ if o != nil && !IsNil(o.Interval) {
+ return true
+ }
+
+ return false
+}
+
+// SetInterval gets a reference to the given int64 and assigns it to the Interval field.
+func (o *DeviceAuthorization) SetInterval(v int64) {
+ o.Interval = &v
+}
+
+// GetUserCode returns the UserCode field value if set, zero value otherwise.
+func (o *DeviceAuthorization) GetUserCode() string {
+ if o == nil || IsNil(o.UserCode) {
+ var ret string
+ return ret
+ }
+ return *o.UserCode
+}
+
+// GetUserCodeOk returns a tuple with the UserCode field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAuthorization) GetUserCodeOk() (*string, bool) {
+ if o == nil || IsNil(o.UserCode) {
+ return nil, false
+ }
+ return o.UserCode, true
+}
+
+// HasUserCode returns a boolean if a field has been set.
+func (o *DeviceAuthorization) HasUserCode() bool {
+ if o != nil && !IsNil(o.UserCode) {
+ return true
+ }
+
+ return false
+}
+
+// SetUserCode gets a reference to the given string and assigns it to the UserCode field.
+func (o *DeviceAuthorization) SetUserCode(v string) {
+ o.UserCode = &v
+}
+
+// GetVerificationUri returns the VerificationUri field value if set, zero value otherwise.
+func (o *DeviceAuthorization) GetVerificationUri() string {
+ if o == nil || IsNil(o.VerificationUri) {
+ var ret string
+ return ret
+ }
+ return *o.VerificationUri
+}
+
+// GetVerificationUriOk returns a tuple with the VerificationUri field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAuthorization) GetVerificationUriOk() (*string, bool) {
+ if o == nil || IsNil(o.VerificationUri) {
+ return nil, false
+ }
+ return o.VerificationUri, true
+}
+
+// HasVerificationUri returns a boolean if a field has been set.
+func (o *DeviceAuthorization) HasVerificationUri() bool {
+ if o != nil && !IsNil(o.VerificationUri) {
+ return true
+ }
+
+ return false
+}
+
+// SetVerificationUri gets a reference to the given string and assigns it to the VerificationUri field.
+func (o *DeviceAuthorization) SetVerificationUri(v string) {
+ o.VerificationUri = &v
+}
+
+// GetVerificationUriComplete returns the VerificationUriComplete field value if set, zero value otherwise.
+func (o *DeviceAuthorization) GetVerificationUriComplete() string {
+ if o == nil || IsNil(o.VerificationUriComplete) {
+ var ret string
+ return ret
+ }
+ return *o.VerificationUriComplete
+}
+
+// GetVerificationUriCompleteOk returns a tuple with the VerificationUriComplete field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceAuthorization) GetVerificationUriCompleteOk() (*string, bool) {
+ if o == nil || IsNil(o.VerificationUriComplete) {
+ return nil, false
+ }
+ return o.VerificationUriComplete, true
+}
+
+// HasVerificationUriComplete returns a boolean if a field has been set.
+func (o *DeviceAuthorization) HasVerificationUriComplete() bool {
+ if o != nil && !IsNil(o.VerificationUriComplete) {
+ return true
+ }
+
+ return false
+}
+
+// SetVerificationUriComplete gets a reference to the given string and assigns it to the VerificationUriComplete field.
+func (o *DeviceAuthorization) SetVerificationUriComplete(v string) {
+ o.VerificationUriComplete = &v
+}
+
+func (o DeviceAuthorization) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o DeviceAuthorization) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ if !IsNil(o.DeviceCode) {
+ toSerialize["device_code"] = o.DeviceCode
+ }
+ if !IsNil(o.ExpiresIn) {
+ toSerialize["expires_in"] = o.ExpiresIn
+ }
+ if !IsNil(o.Interval) {
+ toSerialize["interval"] = o.Interval
+ }
+ if !IsNil(o.UserCode) {
+ toSerialize["user_code"] = o.UserCode
+ }
+ if !IsNil(o.VerificationUri) {
+ toSerialize["verification_uri"] = o.VerificationUri
+ }
+ if !IsNil(o.VerificationUriComplete) {
+ toSerialize["verification_uri_complete"] = o.VerificationUriComplete
+ }
+ return toSerialize, nil
+}
+
+type NullableDeviceAuthorization struct {
+ value *DeviceAuthorization
+ isSet bool
+}
+
+func (v NullableDeviceAuthorization) Get() *DeviceAuthorization {
+ return v.value
+}
+
+func (v *NullableDeviceAuthorization) Set(val *DeviceAuthorization) {
+ v.value = val
+ v.isSet = true
+}
+
+func (v NullableDeviceAuthorization) IsSet() bool {
+ return v.isSet
+}
+
+func (v *NullableDeviceAuthorization) Unset() {
+ v.value = nil
+ v.isSet = false
+}
+
+func NewNullableDeviceAuthorization(val *DeviceAuthorization) *NullableDeviceAuthorization {
+ return &NullableDeviceAuthorization{value: val, isSet: true}
+}
+
+func (v NullableDeviceAuthorization) MarshalJSON() ([]byte, error) {
+ return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceAuthorization) UnmarshalJSON(src []byte) error {
+ v.isSet = true
+ return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_device_user_auth_request.go b/internal/httpclient/model_device_user_auth_request.go
new file mode 100644
index 00000000000..a101144b4a1
--- /dev/null
+++ b/internal/httpclient/model_device_user_auth_request.go
@@ -0,0 +1,340 @@
+/*
+Ory Hydra API
+
+Documentation for all of Ory Hydra's APIs.
+
+API version:
+Contact: hi@ory.sh
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package openapi
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "time"
+)
+
+// checks if the DeviceUserAuthRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &DeviceUserAuthRequest{}
+
+// DeviceUserAuthRequest struct for DeviceUserAuthRequest
+type DeviceUserAuthRequest struct {
+ // ID is the identifier (\"device challenge\") of the device grant request. It is used to identify the session.
+ Challenge string `json:"challenge"`
+ Client *OAuth2Client `json:"client,omitempty"`
+ HandledAt *time.Time `json:"handled_at,omitempty"`
+ // RequestURL is the original Device Authorization URL requested.
+ RequestUrl *string `json:"request_url,omitempty"`
+ RequestedAccessTokenAudience []string `json:"requested_access_token_audience,omitempty"`
+ RequestedScope []string `json:"requested_scope,omitempty"`
+}
+
+type _DeviceUserAuthRequest DeviceUserAuthRequest
+
+// NewDeviceUserAuthRequest instantiates a new DeviceUserAuthRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewDeviceUserAuthRequest(challenge string) *DeviceUserAuthRequest {
+ this := DeviceUserAuthRequest{}
+ this.Challenge = challenge
+ return &this
+}
+
+// NewDeviceUserAuthRequestWithDefaults instantiates a new DeviceUserAuthRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewDeviceUserAuthRequestWithDefaults() *DeviceUserAuthRequest {
+ this := DeviceUserAuthRequest{}
+ return &this
+}
+
+// GetChallenge returns the Challenge field value
+func (o *DeviceUserAuthRequest) GetChallenge() string {
+ if o == nil {
+ var ret string
+ return ret
+ }
+
+ return o.Challenge
+}
+
+// GetChallengeOk returns a tuple with the Challenge field value
+// and a boolean to check if the value has been set.
+func (o *DeviceUserAuthRequest) GetChallengeOk() (*string, bool) {
+ if o == nil {
+ return nil, false
+ }
+ return &o.Challenge, true
+}
+
+// SetChallenge sets field value
+func (o *DeviceUserAuthRequest) SetChallenge(v string) {
+ o.Challenge = v
+}
+
+// GetClient returns the Client field value if set, zero value otherwise.
+func (o *DeviceUserAuthRequest) GetClient() OAuth2Client {
+ if o == nil || IsNil(o.Client) {
+ var ret OAuth2Client
+ return ret
+ }
+ return *o.Client
+}
+
+// GetClientOk returns a tuple with the Client field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceUserAuthRequest) GetClientOk() (*OAuth2Client, bool) {
+ if o == nil || IsNil(o.Client) {
+ return nil, false
+ }
+ return o.Client, true
+}
+
+// HasClient returns a boolean if a field has been set.
+func (o *DeviceUserAuthRequest) HasClient() bool {
+ if o != nil && !IsNil(o.Client) {
+ return true
+ }
+
+ return false
+}
+
+// SetClient gets a reference to the given OAuth2Client and assigns it to the Client field.
+func (o *DeviceUserAuthRequest) SetClient(v OAuth2Client) {
+ o.Client = &v
+}
+
+// GetHandledAt returns the HandledAt field value if set, zero value otherwise.
+func (o *DeviceUserAuthRequest) GetHandledAt() time.Time {
+ if o == nil || IsNil(o.HandledAt) {
+ var ret time.Time
+ return ret
+ }
+ return *o.HandledAt
+}
+
+// GetHandledAtOk returns a tuple with the HandledAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceUserAuthRequest) GetHandledAtOk() (*time.Time, bool) {
+ if o == nil || IsNil(o.HandledAt) {
+ return nil, false
+ }
+ return o.HandledAt, true
+}
+
+// HasHandledAt returns a boolean if a field has been set.
+func (o *DeviceUserAuthRequest) HasHandledAt() bool {
+ if o != nil && !IsNil(o.HandledAt) {
+ return true
+ }
+
+ return false
+}
+
+// SetHandledAt gets a reference to the given time.Time and assigns it to the HandledAt field.
+func (o *DeviceUserAuthRequest) SetHandledAt(v time.Time) {
+ o.HandledAt = &v
+}
+
+// GetRequestUrl returns the RequestUrl field value if set, zero value otherwise.
+func (o *DeviceUserAuthRequest) GetRequestUrl() string {
+ if o == nil || IsNil(o.RequestUrl) {
+ var ret string
+ return ret
+ }
+ return *o.RequestUrl
+}
+
+// GetRequestUrlOk returns a tuple with the RequestUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceUserAuthRequest) GetRequestUrlOk() (*string, bool) {
+ if o == nil || IsNil(o.RequestUrl) {
+ return nil, false
+ }
+ return o.RequestUrl, true
+}
+
+// HasRequestUrl returns a boolean if a field has been set.
+func (o *DeviceUserAuthRequest) HasRequestUrl() bool {
+ if o != nil && !IsNil(o.RequestUrl) {
+ return true
+ }
+
+ return false
+}
+
+// SetRequestUrl gets a reference to the given string and assigns it to the RequestUrl field.
+func (o *DeviceUserAuthRequest) SetRequestUrl(v string) {
+ o.RequestUrl = &v
+}
+
+// GetRequestedAccessTokenAudience returns the RequestedAccessTokenAudience field value if set, zero value otherwise.
+func (o *DeviceUserAuthRequest) GetRequestedAccessTokenAudience() []string {
+ if o == nil || IsNil(o.RequestedAccessTokenAudience) {
+ var ret []string
+ return ret
+ }
+ return o.RequestedAccessTokenAudience
+}
+
+// GetRequestedAccessTokenAudienceOk returns a tuple with the RequestedAccessTokenAudience field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceUserAuthRequest) GetRequestedAccessTokenAudienceOk() ([]string, bool) {
+ if o == nil || IsNil(o.RequestedAccessTokenAudience) {
+ return nil, false
+ }
+ return o.RequestedAccessTokenAudience, true
+}
+
+// HasRequestedAccessTokenAudience returns a boolean if a field has been set.
+func (o *DeviceUserAuthRequest) HasRequestedAccessTokenAudience() bool {
+ if o != nil && !IsNil(o.RequestedAccessTokenAudience) {
+ return true
+ }
+
+ return false
+}
+
+// SetRequestedAccessTokenAudience gets a reference to the given []string and assigns it to the RequestedAccessTokenAudience field.
+func (o *DeviceUserAuthRequest) SetRequestedAccessTokenAudience(v []string) {
+ o.RequestedAccessTokenAudience = v
+}
+
+// GetRequestedScope returns the RequestedScope field value if set, zero value otherwise.
+func (o *DeviceUserAuthRequest) GetRequestedScope() []string {
+ if o == nil || IsNil(o.RequestedScope) {
+ var ret []string
+ return ret
+ }
+ return o.RequestedScope
+}
+
+// GetRequestedScopeOk returns a tuple with the RequestedScope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *DeviceUserAuthRequest) GetRequestedScopeOk() ([]string, bool) {
+ if o == nil || IsNil(o.RequestedScope) {
+ return nil, false
+ }
+ return o.RequestedScope, true
+}
+
+// HasRequestedScope returns a boolean if a field has been set.
+func (o *DeviceUserAuthRequest) HasRequestedScope() bool {
+ if o != nil && !IsNil(o.RequestedScope) {
+ return true
+ }
+
+ return false
+}
+
+// SetRequestedScope gets a reference to the given []string and assigns it to the RequestedScope field.
+func (o *DeviceUserAuthRequest) SetRequestedScope(v []string) {
+ o.RequestedScope = v
+}
+
+func (o DeviceUserAuthRequest) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o DeviceUserAuthRequest) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ toSerialize["challenge"] = o.Challenge
+ if !IsNil(o.Client) {
+ toSerialize["client"] = o.Client
+ }
+ if !IsNil(o.HandledAt) {
+ toSerialize["handled_at"] = o.HandledAt
+ }
+ if !IsNil(o.RequestUrl) {
+ toSerialize["request_url"] = o.RequestUrl
+ }
+ if !IsNil(o.RequestedAccessTokenAudience) {
+ toSerialize["requested_access_token_audience"] = o.RequestedAccessTokenAudience
+ }
+ if !IsNil(o.RequestedScope) {
+ toSerialize["requested_scope"] = o.RequestedScope
+ }
+ return toSerialize, nil
+}
+
+func (o *DeviceUserAuthRequest) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "challenge",
+ }
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varDeviceUserAuthRequest := _DeviceUserAuthRequest{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varDeviceUserAuthRequest)
+
+ if err != nil {
+ return err
+ }
+
+ *o = DeviceUserAuthRequest(varDeviceUserAuthRequest)
+
+ return err
+}
+
+type NullableDeviceUserAuthRequest struct {
+ value *DeviceUserAuthRequest
+ isSet bool
+}
+
+func (v NullableDeviceUserAuthRequest) Get() *DeviceUserAuthRequest {
+ return v.value
+}
+
+func (v *NullableDeviceUserAuthRequest) Set(val *DeviceUserAuthRequest) {
+ v.value = val
+ v.isSet = true
+}
+
+func (v NullableDeviceUserAuthRequest) IsSet() bool {
+ return v.isSet
+}
+
+func (v *NullableDeviceUserAuthRequest) Unset() {
+ v.value = nil
+ v.isSet = false
+}
+
+func NewNullableDeviceUserAuthRequest(val *DeviceUserAuthRequest) *NullableDeviceUserAuthRequest {
+ return &NullableDeviceUserAuthRequest{value: val, isSet: true}
+}
+
+func (v NullableDeviceUserAuthRequest) MarshalJSON() ([]byte, error) {
+ return json.Marshal(v.value)
+}
+
+func (v *NullableDeviceUserAuthRequest) UnmarshalJSON(src []byte) error {
+ v.isSet = true
+ return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_error_o_auth2.go b/internal/httpclient/model_error_o_auth2.go
index 47b81b55881..f8be4fca180 100644
--- a/internal/httpclient/model_error_o_auth2.go
+++ b/internal/httpclient/model_error_o_auth2.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the ErrorOAuth2 type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &ErrorOAuth2{}
+
// ErrorOAuth2 Error
type ErrorOAuth2 struct {
// Error
@@ -48,7 +51,7 @@ func NewErrorOAuth2WithDefaults() *ErrorOAuth2 {
// GetError returns the Error field value if set, zero value otherwise.
func (o *ErrorOAuth2) GetError() string {
- if o == nil || o.Error == nil {
+ if o == nil || IsNil(o.Error) {
var ret string
return ret
}
@@ -58,7 +61,7 @@ func (o *ErrorOAuth2) GetError() string {
// GetErrorOk returns a tuple with the Error field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *ErrorOAuth2) GetErrorOk() (*string, bool) {
- if o == nil || o.Error == nil {
+ if o == nil || IsNil(o.Error) {
return nil, false
}
return o.Error, true
@@ -66,7 +69,7 @@ func (o *ErrorOAuth2) GetErrorOk() (*string, bool) {
// HasError returns a boolean if a field has been set.
func (o *ErrorOAuth2) HasError() bool {
- if o != nil && o.Error != nil {
+ if o != nil && !IsNil(o.Error) {
return true
}
@@ -80,7 +83,7 @@ func (o *ErrorOAuth2) SetError(v string) {
// GetErrorDebug returns the ErrorDebug field value if set, zero value otherwise.
func (o *ErrorOAuth2) GetErrorDebug() string {
- if o == nil || o.ErrorDebug == nil {
+ if o == nil || IsNil(o.ErrorDebug) {
var ret string
return ret
}
@@ -90,7 +93,7 @@ func (o *ErrorOAuth2) GetErrorDebug() string {
// GetErrorDebugOk returns a tuple with the ErrorDebug field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *ErrorOAuth2) GetErrorDebugOk() (*string, bool) {
- if o == nil || o.ErrorDebug == nil {
+ if o == nil || IsNil(o.ErrorDebug) {
return nil, false
}
return o.ErrorDebug, true
@@ -98,7 +101,7 @@ func (o *ErrorOAuth2) GetErrorDebugOk() (*string, bool) {
// HasErrorDebug returns a boolean if a field has been set.
func (o *ErrorOAuth2) HasErrorDebug() bool {
- if o != nil && o.ErrorDebug != nil {
+ if o != nil && !IsNil(o.ErrorDebug) {
return true
}
@@ -112,7 +115,7 @@ func (o *ErrorOAuth2) SetErrorDebug(v string) {
// GetErrorDescription returns the ErrorDescription field value if set, zero value otherwise.
func (o *ErrorOAuth2) GetErrorDescription() string {
- if o == nil || o.ErrorDescription == nil {
+ if o == nil || IsNil(o.ErrorDescription) {
var ret string
return ret
}
@@ -122,7 +125,7 @@ func (o *ErrorOAuth2) GetErrorDescription() string {
// GetErrorDescriptionOk returns a tuple with the ErrorDescription field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *ErrorOAuth2) GetErrorDescriptionOk() (*string, bool) {
- if o == nil || o.ErrorDescription == nil {
+ if o == nil || IsNil(o.ErrorDescription) {
return nil, false
}
return o.ErrorDescription, true
@@ -130,7 +133,7 @@ func (o *ErrorOAuth2) GetErrorDescriptionOk() (*string, bool) {
// HasErrorDescription returns a boolean if a field has been set.
func (o *ErrorOAuth2) HasErrorDescription() bool {
- if o != nil && o.ErrorDescription != nil {
+ if o != nil && !IsNil(o.ErrorDescription) {
return true
}
@@ -144,7 +147,7 @@ func (o *ErrorOAuth2) SetErrorDescription(v string) {
// GetErrorHint returns the ErrorHint field value if set, zero value otherwise.
func (o *ErrorOAuth2) GetErrorHint() string {
- if o == nil || o.ErrorHint == nil {
+ if o == nil || IsNil(o.ErrorHint) {
var ret string
return ret
}
@@ -154,7 +157,7 @@ func (o *ErrorOAuth2) GetErrorHint() string {
// GetErrorHintOk returns a tuple with the ErrorHint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *ErrorOAuth2) GetErrorHintOk() (*string, bool) {
- if o == nil || o.ErrorHint == nil {
+ if o == nil || IsNil(o.ErrorHint) {
return nil, false
}
return o.ErrorHint, true
@@ -162,7 +165,7 @@ func (o *ErrorOAuth2) GetErrorHintOk() (*string, bool) {
// HasErrorHint returns a boolean if a field has been set.
func (o *ErrorOAuth2) HasErrorHint() bool {
- if o != nil && o.ErrorHint != nil {
+ if o != nil && !IsNil(o.ErrorHint) {
return true
}
@@ -176,7 +179,7 @@ func (o *ErrorOAuth2) SetErrorHint(v string) {
// GetStatusCode returns the StatusCode field value if set, zero value otherwise.
func (o *ErrorOAuth2) GetStatusCode() int64 {
- if o == nil || o.StatusCode == nil {
+ if o == nil || IsNil(o.StatusCode) {
var ret int64
return ret
}
@@ -186,7 +189,7 @@ func (o *ErrorOAuth2) GetStatusCode() int64 {
// GetStatusCodeOk returns a tuple with the StatusCode field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *ErrorOAuth2) GetStatusCodeOk() (*int64, bool) {
- if o == nil || o.StatusCode == nil {
+ if o == nil || IsNil(o.StatusCode) {
return nil, false
}
return o.StatusCode, true
@@ -194,7 +197,7 @@ func (o *ErrorOAuth2) GetStatusCodeOk() (*int64, bool) {
// HasStatusCode returns a boolean if a field has been set.
func (o *ErrorOAuth2) HasStatusCode() bool {
- if o != nil && o.StatusCode != nil {
+ if o != nil && !IsNil(o.StatusCode) {
return true
}
@@ -207,23 +210,31 @@ func (o *ErrorOAuth2) SetStatusCode(v int64) {
}
func (o ErrorOAuth2) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o ErrorOAuth2) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Error != nil {
+ if !IsNil(o.Error) {
toSerialize["error"] = o.Error
}
- if o.ErrorDebug != nil {
+ if !IsNil(o.ErrorDebug) {
toSerialize["error_debug"] = o.ErrorDebug
}
- if o.ErrorDescription != nil {
+ if !IsNil(o.ErrorDescription) {
toSerialize["error_description"] = o.ErrorDescription
}
- if o.ErrorHint != nil {
+ if !IsNil(o.ErrorHint) {
toSerialize["error_hint"] = o.ErrorHint
}
- if o.StatusCode != nil {
+ if !IsNil(o.StatusCode) {
toSerialize["status_code"] = o.StatusCode
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableErrorOAuth2 struct {
diff --git a/internal/httpclient/model_generic_error.go b/internal/httpclient/model_generic_error.go
index ad78dc23583..18838178f7e 100644
--- a/internal/httpclient/model_generic_error.go
+++ b/internal/httpclient/model_generic_error.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the GenericError type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &GenericError{}
+
// GenericError struct for GenericError
type GenericError struct {
// The status code
@@ -35,6 +40,8 @@ type GenericError struct {
Status *string `json:"status,omitempty"`
}
+type _GenericError GenericError
+
// NewGenericError instantiates a new GenericError object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -55,7 +62,7 @@ func NewGenericErrorWithDefaults() *GenericError {
// GetCode returns the Code field value if set, zero value otherwise.
func (o *GenericError) GetCode() int64 {
- if o == nil || o.Code == nil {
+ if o == nil || IsNil(o.Code) {
var ret int64
return ret
}
@@ -65,7 +72,7 @@ func (o *GenericError) GetCode() int64 {
// GetCodeOk returns a tuple with the Code field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *GenericError) GetCodeOk() (*int64, bool) {
- if o == nil || o.Code == nil {
+ if o == nil || IsNil(o.Code) {
return nil, false
}
return o.Code, true
@@ -73,7 +80,7 @@ func (o *GenericError) GetCodeOk() (*int64, bool) {
// HasCode returns a boolean if a field has been set.
func (o *GenericError) HasCode() bool {
- if o != nil && o.Code != nil {
+ if o != nil && !IsNil(o.Code) {
return true
}
@@ -87,7 +94,7 @@ func (o *GenericError) SetCode(v int64) {
// GetDebug returns the Debug field value if set, zero value otherwise.
func (o *GenericError) GetDebug() string {
- if o == nil || o.Debug == nil {
+ if o == nil || IsNil(o.Debug) {
var ret string
return ret
}
@@ -97,7 +104,7 @@ func (o *GenericError) GetDebug() string {
// GetDebugOk returns a tuple with the Debug field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *GenericError) GetDebugOk() (*string, bool) {
- if o == nil || o.Debug == nil {
+ if o == nil || IsNil(o.Debug) {
return nil, false
}
return o.Debug, true
@@ -105,7 +112,7 @@ func (o *GenericError) GetDebugOk() (*string, bool) {
// HasDebug returns a boolean if a field has been set.
func (o *GenericError) HasDebug() bool {
- if o != nil && o.Debug != nil {
+ if o != nil && !IsNil(o.Debug) {
return true
}
@@ -130,7 +137,7 @@ func (o *GenericError) GetDetails() interface{} {
// and a boolean to check if the value has been set.
// NOTE: If the value is an explicit nil, `nil, true` will be returned
func (o *GenericError) GetDetailsOk() (*interface{}, bool) {
- if o == nil || o.Details == nil {
+ if o == nil || IsNil(o.Details) {
return nil, false
}
return &o.Details, true
@@ -138,7 +145,7 @@ func (o *GenericError) GetDetailsOk() (*interface{}, bool) {
// HasDetails returns a boolean if a field has been set.
func (o *GenericError) HasDetails() bool {
- if o != nil && o.Details != nil {
+ if o != nil && IsNil(o.Details) {
return true
}
@@ -152,7 +159,7 @@ func (o *GenericError) SetDetails(v interface{}) {
// GetId returns the Id field value if set, zero value otherwise.
func (o *GenericError) GetId() string {
- if o == nil || o.Id == nil {
+ if o == nil || IsNil(o.Id) {
var ret string
return ret
}
@@ -162,7 +169,7 @@ func (o *GenericError) GetId() string {
// GetIdOk returns a tuple with the Id field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *GenericError) GetIdOk() (*string, bool) {
- if o == nil || o.Id == nil {
+ if o == nil || IsNil(o.Id) {
return nil, false
}
return o.Id, true
@@ -170,7 +177,7 @@ func (o *GenericError) GetIdOk() (*string, bool) {
// HasId returns a boolean if a field has been set.
func (o *GenericError) HasId() bool {
- if o != nil && o.Id != nil {
+ if o != nil && !IsNil(o.Id) {
return true
}
@@ -208,7 +215,7 @@ func (o *GenericError) SetMessage(v string) {
// GetReason returns the Reason field value if set, zero value otherwise.
func (o *GenericError) GetReason() string {
- if o == nil || o.Reason == nil {
+ if o == nil || IsNil(o.Reason) {
var ret string
return ret
}
@@ -218,7 +225,7 @@ func (o *GenericError) GetReason() string {
// GetReasonOk returns a tuple with the Reason field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *GenericError) GetReasonOk() (*string, bool) {
- if o == nil || o.Reason == nil {
+ if o == nil || IsNil(o.Reason) {
return nil, false
}
return o.Reason, true
@@ -226,7 +233,7 @@ func (o *GenericError) GetReasonOk() (*string, bool) {
// HasReason returns a boolean if a field has been set.
func (o *GenericError) HasReason() bool {
- if o != nil && o.Reason != nil {
+ if o != nil && !IsNil(o.Reason) {
return true
}
@@ -240,7 +247,7 @@ func (o *GenericError) SetReason(v string) {
// GetRequest returns the Request field value if set, zero value otherwise.
func (o *GenericError) GetRequest() string {
- if o == nil || o.Request == nil {
+ if o == nil || IsNil(o.Request) {
var ret string
return ret
}
@@ -250,7 +257,7 @@ func (o *GenericError) GetRequest() string {
// GetRequestOk returns a tuple with the Request field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *GenericError) GetRequestOk() (*string, bool) {
- if o == nil || o.Request == nil {
+ if o == nil || IsNil(o.Request) {
return nil, false
}
return o.Request, true
@@ -258,7 +265,7 @@ func (o *GenericError) GetRequestOk() (*string, bool) {
// HasRequest returns a boolean if a field has been set.
func (o *GenericError) HasRequest() bool {
- if o != nil && o.Request != nil {
+ if o != nil && !IsNil(o.Request) {
return true
}
@@ -272,7 +279,7 @@ func (o *GenericError) SetRequest(v string) {
// GetStatus returns the Status field value if set, zero value otherwise.
func (o *GenericError) GetStatus() string {
- if o == nil || o.Status == nil {
+ if o == nil || IsNil(o.Status) {
var ret string
return ret
}
@@ -282,7 +289,7 @@ func (o *GenericError) GetStatus() string {
// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *GenericError) GetStatusOk() (*string, bool) {
- if o == nil || o.Status == nil {
+ if o == nil || IsNil(o.Status) {
return nil, false
}
return o.Status, true
@@ -290,7 +297,7 @@ func (o *GenericError) GetStatusOk() (*string, bool) {
// HasStatus returns a boolean if a field has been set.
func (o *GenericError) HasStatus() bool {
- if o != nil && o.Status != nil {
+ if o != nil && !IsNil(o.Status) {
return true
}
@@ -303,32 +310,75 @@ func (o *GenericError) SetStatus(v string) {
}
func (o GenericError) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o GenericError) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Code != nil {
+ if !IsNil(o.Code) {
toSerialize["code"] = o.Code
}
- if o.Debug != nil {
+ if !IsNil(o.Debug) {
toSerialize["debug"] = o.Debug
}
if o.Details != nil {
toSerialize["details"] = o.Details
}
- if o.Id != nil {
+ if !IsNil(o.Id) {
toSerialize["id"] = o.Id
}
- if true {
- toSerialize["message"] = o.Message
- }
- if o.Reason != nil {
+ toSerialize["message"] = o.Message
+ if !IsNil(o.Reason) {
toSerialize["reason"] = o.Reason
}
- if o.Request != nil {
+ if !IsNil(o.Request) {
toSerialize["request"] = o.Request
}
- if o.Status != nil {
+ if !IsNil(o.Status) {
toSerialize["status"] = o.Status
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
+}
+
+func (o *GenericError) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "message",
+ }
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varGenericError := _GenericError{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varGenericError)
+
+ if err != nil {
+ return err
+ }
+
+ *o = GenericError(varGenericError)
+
+ return err
}
type NullableGenericError struct {
diff --git a/internal/httpclient/model_get_version_200_response.go b/internal/httpclient/model_get_version_200_response.go
index d53f4a72dcb..d4b885e3011 100644
--- a/internal/httpclient/model_get_version_200_response.go
+++ b/internal/httpclient/model_get_version_200_response.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the GetVersion200Response type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &GetVersion200Response{}
+
// GetVersion200Response struct for GetVersion200Response
type GetVersion200Response struct {
// The version of Ory Hydra.
@@ -40,7 +43,7 @@ func NewGetVersion200ResponseWithDefaults() *GetVersion200Response {
// GetVersion returns the Version field value if set, zero value otherwise.
func (o *GetVersion200Response) GetVersion() string {
- if o == nil || o.Version == nil {
+ if o == nil || IsNil(o.Version) {
var ret string
return ret
}
@@ -50,7 +53,7 @@ func (o *GetVersion200Response) GetVersion() string {
// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *GetVersion200Response) GetVersionOk() (*string, bool) {
- if o == nil || o.Version == nil {
+ if o == nil || IsNil(o.Version) {
return nil, false
}
return o.Version, true
@@ -58,7 +61,7 @@ func (o *GetVersion200Response) GetVersionOk() (*string, bool) {
// HasVersion returns a boolean if a field has been set.
func (o *GetVersion200Response) HasVersion() bool {
- if o != nil && o.Version != nil {
+ if o != nil && !IsNil(o.Version) {
return true
}
@@ -71,11 +74,19 @@ func (o *GetVersion200Response) SetVersion(v string) {
}
func (o GetVersion200Response) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o GetVersion200Response) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Version != nil {
+ if !IsNil(o.Version) {
toSerialize["version"] = o.Version
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableGetVersion200Response struct {
diff --git a/internal/httpclient/model_health_not_ready_status.go b/internal/httpclient/model_health_not_ready_status.go
index 97ac1e0b8fc..1fcf0b32667 100644
--- a/internal/httpclient/model_health_not_ready_status.go
+++ b/internal/httpclient/model_health_not_ready_status.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the HealthNotReadyStatus type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &HealthNotReadyStatus{}
+
// HealthNotReadyStatus struct for HealthNotReadyStatus
type HealthNotReadyStatus struct {
// Errors contains a list of errors that caused the not ready status.
@@ -40,7 +43,7 @@ func NewHealthNotReadyStatusWithDefaults() *HealthNotReadyStatus {
// GetErrors returns the Errors field value if set, zero value otherwise.
func (o *HealthNotReadyStatus) GetErrors() map[string]string {
- if o == nil || o.Errors == nil {
+ if o == nil || IsNil(o.Errors) {
var ret map[string]string
return ret
}
@@ -50,7 +53,7 @@ func (o *HealthNotReadyStatus) GetErrors() map[string]string {
// GetErrorsOk returns a tuple with the Errors field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *HealthNotReadyStatus) GetErrorsOk() (*map[string]string, bool) {
- if o == nil || o.Errors == nil {
+ if o == nil || IsNil(o.Errors) {
return nil, false
}
return o.Errors, true
@@ -58,7 +61,7 @@ func (o *HealthNotReadyStatus) GetErrorsOk() (*map[string]string, bool) {
// HasErrors returns a boolean if a field has been set.
func (o *HealthNotReadyStatus) HasErrors() bool {
- if o != nil && o.Errors != nil {
+ if o != nil && !IsNil(o.Errors) {
return true
}
@@ -71,11 +74,19 @@ func (o *HealthNotReadyStatus) SetErrors(v map[string]string) {
}
func (o HealthNotReadyStatus) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o HealthNotReadyStatus) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Errors != nil {
+ if !IsNil(o.Errors) {
toSerialize["errors"] = o.Errors
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableHealthNotReadyStatus struct {
diff --git a/internal/httpclient/model_health_status.go b/internal/httpclient/model_health_status.go
index 193dc526174..20d626d914a 100644
--- a/internal/httpclient/model_health_status.go
+++ b/internal/httpclient/model_health_status.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the HealthStatus type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &HealthStatus{}
+
// HealthStatus struct for HealthStatus
type HealthStatus struct {
// Status always contains \"ok\".
@@ -40,7 +43,7 @@ func NewHealthStatusWithDefaults() *HealthStatus {
// GetStatus returns the Status field value if set, zero value otherwise.
func (o *HealthStatus) GetStatus() string {
- if o == nil || o.Status == nil {
+ if o == nil || IsNil(o.Status) {
var ret string
return ret
}
@@ -50,7 +53,7 @@ func (o *HealthStatus) GetStatus() string {
// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *HealthStatus) GetStatusOk() (*string, bool) {
- if o == nil || o.Status == nil {
+ if o == nil || IsNil(o.Status) {
return nil, false
}
return o.Status, true
@@ -58,7 +61,7 @@ func (o *HealthStatus) GetStatusOk() (*string, bool) {
// HasStatus returns a boolean if a field has been set.
func (o *HealthStatus) HasStatus() bool {
- if o != nil && o.Status != nil {
+ if o != nil && !IsNil(o.Status) {
return true
}
@@ -71,11 +74,19 @@ func (o *HealthStatus) SetStatus(v string) {
}
func (o HealthStatus) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o HealthStatus) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Status != nil {
+ if !IsNil(o.Status) {
toSerialize["status"] = o.Status
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableHealthStatus struct {
diff --git a/internal/httpclient/model_introspected_o_auth2_token.go b/internal/httpclient/model_introspected_o_auth2_token.go
index a7d55aff1c0..18929106342 100644
--- a/internal/httpclient/model_introspected_o_auth2_token.go
+++ b/internal/httpclient/model_introspected_o_auth2_token.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the IntrospectedOAuth2Token type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &IntrospectedOAuth2Token{}
+
// IntrospectedOAuth2Token Introspection contains an access token's session data as specified by [IETF RFC 7662](https://tools.ietf.org/html/rfc7662)
type IntrospectedOAuth2Token struct {
// Active is a boolean indicator of whether or not the presented token is currently active. The specifics of a token's \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time).
@@ -47,6 +52,8 @@ type IntrospectedOAuth2Token struct {
Username *string `json:"username,omitempty"`
}
+type _IntrospectedOAuth2Token IntrospectedOAuth2Token
+
// NewIntrospectedOAuth2Token instantiates a new IntrospectedOAuth2Token object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -91,7 +98,7 @@ func (o *IntrospectedOAuth2Token) SetActive(v bool) {
// GetAud returns the Aud field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetAud() []string {
- if o == nil || o.Aud == nil {
+ if o == nil || IsNil(o.Aud) {
var ret []string
return ret
}
@@ -101,7 +108,7 @@ func (o *IntrospectedOAuth2Token) GetAud() []string {
// GetAudOk returns a tuple with the Aud field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetAudOk() ([]string, bool) {
- if o == nil || o.Aud == nil {
+ if o == nil || IsNil(o.Aud) {
return nil, false
}
return o.Aud, true
@@ -109,7 +116,7 @@ func (o *IntrospectedOAuth2Token) GetAudOk() ([]string, bool) {
// HasAud returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasAud() bool {
- if o != nil && o.Aud != nil {
+ if o != nil && !IsNil(o.Aud) {
return true
}
@@ -123,7 +130,7 @@ func (o *IntrospectedOAuth2Token) SetAud(v []string) {
// GetClientId returns the ClientId field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetClientId() string {
- if o == nil || o.ClientId == nil {
+ if o == nil || IsNil(o.ClientId) {
var ret string
return ret
}
@@ -133,7 +140,7 @@ func (o *IntrospectedOAuth2Token) GetClientId() string {
// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetClientIdOk() (*string, bool) {
- if o == nil || o.ClientId == nil {
+ if o == nil || IsNil(o.ClientId) {
return nil, false
}
return o.ClientId, true
@@ -141,7 +148,7 @@ func (o *IntrospectedOAuth2Token) GetClientIdOk() (*string, bool) {
// HasClientId returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasClientId() bool {
- if o != nil && o.ClientId != nil {
+ if o != nil && !IsNil(o.ClientId) {
return true
}
@@ -155,7 +162,7 @@ func (o *IntrospectedOAuth2Token) SetClientId(v string) {
// GetExp returns the Exp field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetExp() int64 {
- if o == nil || o.Exp == nil {
+ if o == nil || IsNil(o.Exp) {
var ret int64
return ret
}
@@ -165,7 +172,7 @@ func (o *IntrospectedOAuth2Token) GetExp() int64 {
// GetExpOk returns a tuple with the Exp field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetExpOk() (*int64, bool) {
- if o == nil || o.Exp == nil {
+ if o == nil || IsNil(o.Exp) {
return nil, false
}
return o.Exp, true
@@ -173,7 +180,7 @@ func (o *IntrospectedOAuth2Token) GetExpOk() (*int64, bool) {
// HasExp returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasExp() bool {
- if o != nil && o.Exp != nil {
+ if o != nil && !IsNil(o.Exp) {
return true
}
@@ -187,7 +194,7 @@ func (o *IntrospectedOAuth2Token) SetExp(v int64) {
// GetExt returns the Ext field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetExt() map[string]interface{} {
- if o == nil || o.Ext == nil {
+ if o == nil || IsNil(o.Ext) {
var ret map[string]interface{}
return ret
}
@@ -197,15 +204,15 @@ func (o *IntrospectedOAuth2Token) GetExt() map[string]interface{} {
// GetExtOk returns a tuple with the Ext field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetExtOk() (map[string]interface{}, bool) {
- if o == nil || o.Ext == nil {
- return nil, false
+ if o == nil || IsNil(o.Ext) {
+ return map[string]interface{}{}, false
}
return o.Ext, true
}
// HasExt returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasExt() bool {
- if o != nil && o.Ext != nil {
+ if o != nil && !IsNil(o.Ext) {
return true
}
@@ -219,7 +226,7 @@ func (o *IntrospectedOAuth2Token) SetExt(v map[string]interface{}) {
// GetIat returns the Iat field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetIat() int64 {
- if o == nil || o.Iat == nil {
+ if o == nil || IsNil(o.Iat) {
var ret int64
return ret
}
@@ -229,7 +236,7 @@ func (o *IntrospectedOAuth2Token) GetIat() int64 {
// GetIatOk returns a tuple with the Iat field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetIatOk() (*int64, bool) {
- if o == nil || o.Iat == nil {
+ if o == nil || IsNil(o.Iat) {
return nil, false
}
return o.Iat, true
@@ -237,7 +244,7 @@ func (o *IntrospectedOAuth2Token) GetIatOk() (*int64, bool) {
// HasIat returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasIat() bool {
- if o != nil && o.Iat != nil {
+ if o != nil && !IsNil(o.Iat) {
return true
}
@@ -251,7 +258,7 @@ func (o *IntrospectedOAuth2Token) SetIat(v int64) {
// GetIss returns the Iss field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetIss() string {
- if o == nil || o.Iss == nil {
+ if o == nil || IsNil(o.Iss) {
var ret string
return ret
}
@@ -261,7 +268,7 @@ func (o *IntrospectedOAuth2Token) GetIss() string {
// GetIssOk returns a tuple with the Iss field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetIssOk() (*string, bool) {
- if o == nil || o.Iss == nil {
+ if o == nil || IsNil(o.Iss) {
return nil, false
}
return o.Iss, true
@@ -269,7 +276,7 @@ func (o *IntrospectedOAuth2Token) GetIssOk() (*string, bool) {
// HasIss returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasIss() bool {
- if o != nil && o.Iss != nil {
+ if o != nil && !IsNil(o.Iss) {
return true
}
@@ -283,7 +290,7 @@ func (o *IntrospectedOAuth2Token) SetIss(v string) {
// GetNbf returns the Nbf field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetNbf() int64 {
- if o == nil || o.Nbf == nil {
+ if o == nil || IsNil(o.Nbf) {
var ret int64
return ret
}
@@ -293,7 +300,7 @@ func (o *IntrospectedOAuth2Token) GetNbf() int64 {
// GetNbfOk returns a tuple with the Nbf field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetNbfOk() (*int64, bool) {
- if o == nil || o.Nbf == nil {
+ if o == nil || IsNil(o.Nbf) {
return nil, false
}
return o.Nbf, true
@@ -301,7 +308,7 @@ func (o *IntrospectedOAuth2Token) GetNbfOk() (*int64, bool) {
// HasNbf returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasNbf() bool {
- if o != nil && o.Nbf != nil {
+ if o != nil && !IsNil(o.Nbf) {
return true
}
@@ -315,7 +322,7 @@ func (o *IntrospectedOAuth2Token) SetNbf(v int64) {
// GetObfuscatedSubject returns the ObfuscatedSubject field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetObfuscatedSubject() string {
- if o == nil || o.ObfuscatedSubject == nil {
+ if o == nil || IsNil(o.ObfuscatedSubject) {
var ret string
return ret
}
@@ -325,7 +332,7 @@ func (o *IntrospectedOAuth2Token) GetObfuscatedSubject() string {
// GetObfuscatedSubjectOk returns a tuple with the ObfuscatedSubject field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetObfuscatedSubjectOk() (*string, bool) {
- if o == nil || o.ObfuscatedSubject == nil {
+ if o == nil || IsNil(o.ObfuscatedSubject) {
return nil, false
}
return o.ObfuscatedSubject, true
@@ -333,7 +340,7 @@ func (o *IntrospectedOAuth2Token) GetObfuscatedSubjectOk() (*string, bool) {
// HasObfuscatedSubject returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasObfuscatedSubject() bool {
- if o != nil && o.ObfuscatedSubject != nil {
+ if o != nil && !IsNil(o.ObfuscatedSubject) {
return true
}
@@ -347,7 +354,7 @@ func (o *IntrospectedOAuth2Token) SetObfuscatedSubject(v string) {
// GetScope returns the Scope field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetScope() string {
- if o == nil || o.Scope == nil {
+ if o == nil || IsNil(o.Scope) {
var ret string
return ret
}
@@ -357,7 +364,7 @@ func (o *IntrospectedOAuth2Token) GetScope() string {
// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetScopeOk() (*string, bool) {
- if o == nil || o.Scope == nil {
+ if o == nil || IsNil(o.Scope) {
return nil, false
}
return o.Scope, true
@@ -365,7 +372,7 @@ func (o *IntrospectedOAuth2Token) GetScopeOk() (*string, bool) {
// HasScope returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasScope() bool {
- if o != nil && o.Scope != nil {
+ if o != nil && !IsNil(o.Scope) {
return true
}
@@ -379,7 +386,7 @@ func (o *IntrospectedOAuth2Token) SetScope(v string) {
// GetSub returns the Sub field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetSub() string {
- if o == nil || o.Sub == nil {
+ if o == nil || IsNil(o.Sub) {
var ret string
return ret
}
@@ -389,7 +396,7 @@ func (o *IntrospectedOAuth2Token) GetSub() string {
// GetSubOk returns a tuple with the Sub field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetSubOk() (*string, bool) {
- if o == nil || o.Sub == nil {
+ if o == nil || IsNil(o.Sub) {
return nil, false
}
return o.Sub, true
@@ -397,7 +404,7 @@ func (o *IntrospectedOAuth2Token) GetSubOk() (*string, bool) {
// HasSub returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasSub() bool {
- if o != nil && o.Sub != nil {
+ if o != nil && !IsNil(o.Sub) {
return true
}
@@ -411,7 +418,7 @@ func (o *IntrospectedOAuth2Token) SetSub(v string) {
// GetTokenType returns the TokenType field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetTokenType() string {
- if o == nil || o.TokenType == nil {
+ if o == nil || IsNil(o.TokenType) {
var ret string
return ret
}
@@ -421,7 +428,7 @@ func (o *IntrospectedOAuth2Token) GetTokenType() string {
// GetTokenTypeOk returns a tuple with the TokenType field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetTokenTypeOk() (*string, bool) {
- if o == nil || o.TokenType == nil {
+ if o == nil || IsNil(o.TokenType) {
return nil, false
}
return o.TokenType, true
@@ -429,7 +436,7 @@ func (o *IntrospectedOAuth2Token) GetTokenTypeOk() (*string, bool) {
// HasTokenType returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasTokenType() bool {
- if o != nil && o.TokenType != nil {
+ if o != nil && !IsNil(o.TokenType) {
return true
}
@@ -443,7 +450,7 @@ func (o *IntrospectedOAuth2Token) SetTokenType(v string) {
// GetTokenUse returns the TokenUse field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetTokenUse() string {
- if o == nil || o.TokenUse == nil {
+ if o == nil || IsNil(o.TokenUse) {
var ret string
return ret
}
@@ -453,7 +460,7 @@ func (o *IntrospectedOAuth2Token) GetTokenUse() string {
// GetTokenUseOk returns a tuple with the TokenUse field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetTokenUseOk() (*string, bool) {
- if o == nil || o.TokenUse == nil {
+ if o == nil || IsNil(o.TokenUse) {
return nil, false
}
return o.TokenUse, true
@@ -461,7 +468,7 @@ func (o *IntrospectedOAuth2Token) GetTokenUseOk() (*string, bool) {
// HasTokenUse returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasTokenUse() bool {
- if o != nil && o.TokenUse != nil {
+ if o != nil && !IsNil(o.TokenUse) {
return true
}
@@ -475,7 +482,7 @@ func (o *IntrospectedOAuth2Token) SetTokenUse(v string) {
// GetUsername returns the Username field value if set, zero value otherwise.
func (o *IntrospectedOAuth2Token) GetUsername() string {
- if o == nil || o.Username == nil {
+ if o == nil || IsNil(o.Username) {
var ret string
return ret
}
@@ -485,7 +492,7 @@ func (o *IntrospectedOAuth2Token) GetUsername() string {
// GetUsernameOk returns a tuple with the Username field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IntrospectedOAuth2Token) GetUsernameOk() (*string, bool) {
- if o == nil || o.Username == nil {
+ if o == nil || IsNil(o.Username) {
return nil, false
}
return o.Username, true
@@ -493,7 +500,7 @@ func (o *IntrospectedOAuth2Token) GetUsernameOk() (*string, bool) {
// HasUsername returns a boolean if a field has been set.
func (o *IntrospectedOAuth2Token) HasUsername() bool {
- if o != nil && o.Username != nil {
+ if o != nil && !IsNil(o.Username) {
return true
}
@@ -506,50 +513,93 @@ func (o *IntrospectedOAuth2Token) SetUsername(v string) {
}
func (o IntrospectedOAuth2Token) MarshalJSON() ([]byte, error) {
- toSerialize := map[string]interface{}{}
- if true {
- toSerialize["active"] = o.Active
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
}
- if o.Aud != nil {
+ return json.Marshal(toSerialize)
+}
+
+func (o IntrospectedOAuth2Token) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ toSerialize["active"] = o.Active
+ if !IsNil(o.Aud) {
toSerialize["aud"] = o.Aud
}
- if o.ClientId != nil {
+ if !IsNil(o.ClientId) {
toSerialize["client_id"] = o.ClientId
}
- if o.Exp != nil {
+ if !IsNil(o.Exp) {
toSerialize["exp"] = o.Exp
}
- if o.Ext != nil {
+ if !IsNil(o.Ext) {
toSerialize["ext"] = o.Ext
}
- if o.Iat != nil {
+ if !IsNil(o.Iat) {
toSerialize["iat"] = o.Iat
}
- if o.Iss != nil {
+ if !IsNil(o.Iss) {
toSerialize["iss"] = o.Iss
}
- if o.Nbf != nil {
+ if !IsNil(o.Nbf) {
toSerialize["nbf"] = o.Nbf
}
- if o.ObfuscatedSubject != nil {
+ if !IsNil(o.ObfuscatedSubject) {
toSerialize["obfuscated_subject"] = o.ObfuscatedSubject
}
- if o.Scope != nil {
+ if !IsNil(o.Scope) {
toSerialize["scope"] = o.Scope
}
- if o.Sub != nil {
+ if !IsNil(o.Sub) {
toSerialize["sub"] = o.Sub
}
- if o.TokenType != nil {
+ if !IsNil(o.TokenType) {
toSerialize["token_type"] = o.TokenType
}
- if o.TokenUse != nil {
+ if !IsNil(o.TokenUse) {
toSerialize["token_use"] = o.TokenUse
}
- if o.Username != nil {
+ if !IsNil(o.Username) {
toSerialize["username"] = o.Username
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
+}
+
+func (o *IntrospectedOAuth2Token) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "active",
+ }
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varIntrospectedOAuth2Token := _IntrospectedOAuth2Token{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varIntrospectedOAuth2Token)
+
+ if err != nil {
+ return err
+ }
+
+ *o = IntrospectedOAuth2Token(varIntrospectedOAuth2Token)
+
+ return err
}
type NullableIntrospectedOAuth2Token struct {
diff --git a/internal/httpclient/model_is_ready_200_response.go b/internal/httpclient/model_is_ready_200_response.go
index f7b8957c70f..8a44bacc885 100644
--- a/internal/httpclient/model_is_ready_200_response.go
+++ b/internal/httpclient/model_is_ready_200_response.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the IsReady200Response type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &IsReady200Response{}
+
// IsReady200Response struct for IsReady200Response
type IsReady200Response struct {
// Always \"ok\".
@@ -40,7 +43,7 @@ func NewIsReady200ResponseWithDefaults() *IsReady200Response {
// GetStatus returns the Status field value if set, zero value otherwise.
func (o *IsReady200Response) GetStatus() string {
- if o == nil || o.Status == nil {
+ if o == nil || IsNil(o.Status) {
var ret string
return ret
}
@@ -50,7 +53,7 @@ func (o *IsReady200Response) GetStatus() string {
// GetStatusOk returns a tuple with the Status field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IsReady200Response) GetStatusOk() (*string, bool) {
- if o == nil || o.Status == nil {
+ if o == nil || IsNil(o.Status) {
return nil, false
}
return o.Status, true
@@ -58,7 +61,7 @@ func (o *IsReady200Response) GetStatusOk() (*string, bool) {
// HasStatus returns a boolean if a field has been set.
func (o *IsReady200Response) HasStatus() bool {
- if o != nil && o.Status != nil {
+ if o != nil && !IsNil(o.Status) {
return true
}
@@ -71,11 +74,19 @@ func (o *IsReady200Response) SetStatus(v string) {
}
func (o IsReady200Response) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o IsReady200Response) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Status != nil {
+ if !IsNil(o.Status) {
toSerialize["status"] = o.Status
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableIsReady200Response struct {
diff --git a/internal/httpclient/model_is_ready_503_response.go b/internal/httpclient/model_is_ready_503_response.go
index 14788440b2b..f0696c01c6f 100644
--- a/internal/httpclient/model_is_ready_503_response.go
+++ b/internal/httpclient/model_is_ready_503_response.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the IsReady503Response type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &IsReady503Response{}
+
// IsReady503Response struct for IsReady503Response
type IsReady503Response struct {
// Errors contains a list of errors that caused the not ready status.
@@ -40,7 +43,7 @@ func NewIsReady503ResponseWithDefaults() *IsReady503Response {
// GetErrors returns the Errors field value if set, zero value otherwise.
func (o *IsReady503Response) GetErrors() map[string]string {
- if o == nil || o.Errors == nil {
+ if o == nil || IsNil(o.Errors) {
var ret map[string]string
return ret
}
@@ -50,7 +53,7 @@ func (o *IsReady503Response) GetErrors() map[string]string {
// GetErrorsOk returns a tuple with the Errors field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *IsReady503Response) GetErrorsOk() (*map[string]string, bool) {
- if o == nil || o.Errors == nil {
+ if o == nil || IsNil(o.Errors) {
return nil, false
}
return o.Errors, true
@@ -58,7 +61,7 @@ func (o *IsReady503Response) GetErrorsOk() (*map[string]string, bool) {
// HasErrors returns a boolean if a field has been set.
func (o *IsReady503Response) HasErrors() bool {
- if o != nil && o.Errors != nil {
+ if o != nil && !IsNil(o.Errors) {
return true
}
@@ -71,11 +74,19 @@ func (o *IsReady503Response) SetErrors(v map[string]string) {
}
func (o IsReady503Response) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o IsReady503Response) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Errors != nil {
+ if !IsNil(o.Errors) {
toSerialize["errors"] = o.Errors
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableIsReady503Response struct {
diff --git a/internal/httpclient/model_json_patch.go b/internal/httpclient/model_json_patch.go
index 4489698fd83..ec1b6786d0e 100644
--- a/internal/httpclient/model_json_patch.go
+++ b/internal/httpclient/model_json_patch.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the JsonPatch type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &JsonPatch{}
+
// JsonPatch A JSONPatch document as defined by RFC 6902
type JsonPatch struct {
// This field is used together with operation \"move\" and uses JSON Pointer notation. Learn more [about JSON Pointers](https://datatracker.ietf.org/doc/html/rfc6901#section-5).
@@ -27,6 +32,8 @@ type JsonPatch struct {
Value interface{} `json:"value,omitempty"`
}
+type _JsonPatch JsonPatch
+
// NewJsonPatch instantiates a new JsonPatch object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -48,7 +55,7 @@ func NewJsonPatchWithDefaults() *JsonPatch {
// GetFrom returns the From field value if set, zero value otherwise.
func (o *JsonPatch) GetFrom() string {
- if o == nil || o.From == nil {
+ if o == nil || IsNil(o.From) {
var ret string
return ret
}
@@ -58,7 +65,7 @@ func (o *JsonPatch) GetFrom() string {
// GetFromOk returns a tuple with the From field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonPatch) GetFromOk() (*string, bool) {
- if o == nil || o.From == nil {
+ if o == nil || IsNil(o.From) {
return nil, false
}
return o.From, true
@@ -66,7 +73,7 @@ func (o *JsonPatch) GetFromOk() (*string, bool) {
// HasFrom returns a boolean if a field has been set.
func (o *JsonPatch) HasFrom() bool {
- if o != nil && o.From != nil {
+ if o != nil && !IsNil(o.From) {
return true
}
@@ -139,7 +146,7 @@ func (o *JsonPatch) GetValue() interface{} {
// and a boolean to check if the value has been set.
// NOTE: If the value is an explicit nil, `nil, true` will be returned
func (o *JsonPatch) GetValueOk() (*interface{}, bool) {
- if o == nil || o.Value == nil {
+ if o == nil || IsNil(o.Value) {
return nil, false
}
return &o.Value, true
@@ -147,7 +154,7 @@ func (o *JsonPatch) GetValueOk() (*interface{}, bool) {
// HasValue returns a boolean if a field has been set.
func (o *JsonPatch) HasValue() bool {
- if o != nil && o.Value != nil {
+ if o != nil && IsNil(o.Value) {
return true
}
@@ -160,20 +167,62 @@ func (o *JsonPatch) SetValue(v interface{}) {
}
func (o JsonPatch) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o JsonPatch) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.From != nil {
+ if !IsNil(o.From) {
toSerialize["from"] = o.From
}
- if true {
- toSerialize["op"] = o.Op
- }
- if true {
- toSerialize["path"] = o.Path
- }
+ toSerialize["op"] = o.Op
+ toSerialize["path"] = o.Path
if o.Value != nil {
toSerialize["value"] = o.Value
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
+}
+
+func (o *JsonPatch) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "op",
+ "path",
+ }
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varJsonPatch := _JsonPatch{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varJsonPatch)
+
+ if err != nil {
+ return err
+ }
+
+ *o = JsonPatch(varJsonPatch)
+
+ return err
}
type NullableJsonPatch struct {
diff --git a/internal/httpclient/model_json_web_key.go b/internal/httpclient/model_json_web_key.go
index a56124b5ec1..c10a80c8fe9 100644
--- a/internal/httpclient/model_json_web_key.go
+++ b/internal/httpclient/model_json_web_key.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the JsonWebKey type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &JsonWebKey{}
+
// JsonWebKey struct for JsonWebKey
type JsonWebKey struct {
// The \"alg\" (algorithm) parameter identifies the algorithm intended for use with the key. The values used should either be registered in the IANA \"JSON Web Signature and Encryption Algorithms\" registry established by [JWA] or be a value that contains a Collision- Resistant Name.
@@ -41,6 +46,8 @@ type JsonWebKey struct {
Y *string `json:"y,omitempty"`
}
+type _JsonWebKey JsonWebKey
+
// NewJsonWebKey instantiates a new JsonWebKey object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -88,7 +95,7 @@ func (o *JsonWebKey) SetAlg(v string) {
// GetCrv returns the Crv field value if set, zero value otherwise.
func (o *JsonWebKey) GetCrv() string {
- if o == nil || o.Crv == nil {
+ if o == nil || IsNil(o.Crv) {
var ret string
return ret
}
@@ -98,7 +105,7 @@ func (o *JsonWebKey) GetCrv() string {
// GetCrvOk returns a tuple with the Crv field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetCrvOk() (*string, bool) {
- if o == nil || o.Crv == nil {
+ if o == nil || IsNil(o.Crv) {
return nil, false
}
return o.Crv, true
@@ -106,7 +113,7 @@ func (o *JsonWebKey) GetCrvOk() (*string, bool) {
// HasCrv returns a boolean if a field has been set.
func (o *JsonWebKey) HasCrv() bool {
- if o != nil && o.Crv != nil {
+ if o != nil && !IsNil(o.Crv) {
return true
}
@@ -120,7 +127,7 @@ func (o *JsonWebKey) SetCrv(v string) {
// GetD returns the D field value if set, zero value otherwise.
func (o *JsonWebKey) GetD() string {
- if o == nil || o.D == nil {
+ if o == nil || IsNil(o.D) {
var ret string
return ret
}
@@ -130,7 +137,7 @@ func (o *JsonWebKey) GetD() string {
// GetDOk returns a tuple with the D field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetDOk() (*string, bool) {
- if o == nil || o.D == nil {
+ if o == nil || IsNil(o.D) {
return nil, false
}
return o.D, true
@@ -138,7 +145,7 @@ func (o *JsonWebKey) GetDOk() (*string, bool) {
// HasD returns a boolean if a field has been set.
func (o *JsonWebKey) HasD() bool {
- if o != nil && o.D != nil {
+ if o != nil && !IsNil(o.D) {
return true
}
@@ -152,7 +159,7 @@ func (o *JsonWebKey) SetD(v string) {
// GetDp returns the Dp field value if set, zero value otherwise.
func (o *JsonWebKey) GetDp() string {
- if o == nil || o.Dp == nil {
+ if o == nil || IsNil(o.Dp) {
var ret string
return ret
}
@@ -162,7 +169,7 @@ func (o *JsonWebKey) GetDp() string {
// GetDpOk returns a tuple with the Dp field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetDpOk() (*string, bool) {
- if o == nil || o.Dp == nil {
+ if o == nil || IsNil(o.Dp) {
return nil, false
}
return o.Dp, true
@@ -170,7 +177,7 @@ func (o *JsonWebKey) GetDpOk() (*string, bool) {
// HasDp returns a boolean if a field has been set.
func (o *JsonWebKey) HasDp() bool {
- if o != nil && o.Dp != nil {
+ if o != nil && !IsNil(o.Dp) {
return true
}
@@ -184,7 +191,7 @@ func (o *JsonWebKey) SetDp(v string) {
// GetDq returns the Dq field value if set, zero value otherwise.
func (o *JsonWebKey) GetDq() string {
- if o == nil || o.Dq == nil {
+ if o == nil || IsNil(o.Dq) {
var ret string
return ret
}
@@ -194,7 +201,7 @@ func (o *JsonWebKey) GetDq() string {
// GetDqOk returns a tuple with the Dq field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetDqOk() (*string, bool) {
- if o == nil || o.Dq == nil {
+ if o == nil || IsNil(o.Dq) {
return nil, false
}
return o.Dq, true
@@ -202,7 +209,7 @@ func (o *JsonWebKey) GetDqOk() (*string, bool) {
// HasDq returns a boolean if a field has been set.
func (o *JsonWebKey) HasDq() bool {
- if o != nil && o.Dq != nil {
+ if o != nil && !IsNil(o.Dq) {
return true
}
@@ -216,7 +223,7 @@ func (o *JsonWebKey) SetDq(v string) {
// GetE returns the E field value if set, zero value otherwise.
func (o *JsonWebKey) GetE() string {
- if o == nil || o.E == nil {
+ if o == nil || IsNil(o.E) {
var ret string
return ret
}
@@ -226,7 +233,7 @@ func (o *JsonWebKey) GetE() string {
// GetEOk returns a tuple with the E field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetEOk() (*string, bool) {
- if o == nil || o.E == nil {
+ if o == nil || IsNil(o.E) {
return nil, false
}
return o.E, true
@@ -234,7 +241,7 @@ func (o *JsonWebKey) GetEOk() (*string, bool) {
// HasE returns a boolean if a field has been set.
func (o *JsonWebKey) HasE() bool {
- if o != nil && o.E != nil {
+ if o != nil && !IsNil(o.E) {
return true
}
@@ -248,7 +255,7 @@ func (o *JsonWebKey) SetE(v string) {
// GetK returns the K field value if set, zero value otherwise.
func (o *JsonWebKey) GetK() string {
- if o == nil || o.K == nil {
+ if o == nil || IsNil(o.K) {
var ret string
return ret
}
@@ -258,7 +265,7 @@ func (o *JsonWebKey) GetK() string {
// GetKOk returns a tuple with the K field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetKOk() (*string, bool) {
- if o == nil || o.K == nil {
+ if o == nil || IsNil(o.K) {
return nil, false
}
return o.K, true
@@ -266,7 +273,7 @@ func (o *JsonWebKey) GetKOk() (*string, bool) {
// HasK returns a boolean if a field has been set.
func (o *JsonWebKey) HasK() bool {
- if o != nil && o.K != nil {
+ if o != nil && !IsNil(o.K) {
return true
}
@@ -328,7 +335,7 @@ func (o *JsonWebKey) SetKty(v string) {
// GetN returns the N field value if set, zero value otherwise.
func (o *JsonWebKey) GetN() string {
- if o == nil || o.N == nil {
+ if o == nil || IsNil(o.N) {
var ret string
return ret
}
@@ -338,7 +345,7 @@ func (o *JsonWebKey) GetN() string {
// GetNOk returns a tuple with the N field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetNOk() (*string, bool) {
- if o == nil || o.N == nil {
+ if o == nil || IsNil(o.N) {
return nil, false
}
return o.N, true
@@ -346,7 +353,7 @@ func (o *JsonWebKey) GetNOk() (*string, bool) {
// HasN returns a boolean if a field has been set.
func (o *JsonWebKey) HasN() bool {
- if o != nil && o.N != nil {
+ if o != nil && !IsNil(o.N) {
return true
}
@@ -360,7 +367,7 @@ func (o *JsonWebKey) SetN(v string) {
// GetP returns the P field value if set, zero value otherwise.
func (o *JsonWebKey) GetP() string {
- if o == nil || o.P == nil {
+ if o == nil || IsNil(o.P) {
var ret string
return ret
}
@@ -370,7 +377,7 @@ func (o *JsonWebKey) GetP() string {
// GetPOk returns a tuple with the P field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetPOk() (*string, bool) {
- if o == nil || o.P == nil {
+ if o == nil || IsNil(o.P) {
return nil, false
}
return o.P, true
@@ -378,7 +385,7 @@ func (o *JsonWebKey) GetPOk() (*string, bool) {
// HasP returns a boolean if a field has been set.
func (o *JsonWebKey) HasP() bool {
- if o != nil && o.P != nil {
+ if o != nil && !IsNil(o.P) {
return true
}
@@ -392,7 +399,7 @@ func (o *JsonWebKey) SetP(v string) {
// GetQ returns the Q field value if set, zero value otherwise.
func (o *JsonWebKey) GetQ() string {
- if o == nil || o.Q == nil {
+ if o == nil || IsNil(o.Q) {
var ret string
return ret
}
@@ -402,7 +409,7 @@ func (o *JsonWebKey) GetQ() string {
// GetQOk returns a tuple with the Q field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetQOk() (*string, bool) {
- if o == nil || o.Q == nil {
+ if o == nil || IsNil(o.Q) {
return nil, false
}
return o.Q, true
@@ -410,7 +417,7 @@ func (o *JsonWebKey) GetQOk() (*string, bool) {
// HasQ returns a boolean if a field has been set.
func (o *JsonWebKey) HasQ() bool {
- if o != nil && o.Q != nil {
+ if o != nil && !IsNil(o.Q) {
return true
}
@@ -424,7 +431,7 @@ func (o *JsonWebKey) SetQ(v string) {
// GetQi returns the Qi field value if set, zero value otherwise.
func (o *JsonWebKey) GetQi() string {
- if o == nil || o.Qi == nil {
+ if o == nil || IsNil(o.Qi) {
var ret string
return ret
}
@@ -434,7 +441,7 @@ func (o *JsonWebKey) GetQi() string {
// GetQiOk returns a tuple with the Qi field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetQiOk() (*string, bool) {
- if o == nil || o.Qi == nil {
+ if o == nil || IsNil(o.Qi) {
return nil, false
}
return o.Qi, true
@@ -442,7 +449,7 @@ func (o *JsonWebKey) GetQiOk() (*string, bool) {
// HasQi returns a boolean if a field has been set.
func (o *JsonWebKey) HasQi() bool {
- if o != nil && o.Qi != nil {
+ if o != nil && !IsNil(o.Qi) {
return true
}
@@ -480,7 +487,7 @@ func (o *JsonWebKey) SetUse(v string) {
// GetX returns the X field value if set, zero value otherwise.
func (o *JsonWebKey) GetX() string {
- if o == nil || o.X == nil {
+ if o == nil || IsNil(o.X) {
var ret string
return ret
}
@@ -490,7 +497,7 @@ func (o *JsonWebKey) GetX() string {
// GetXOk returns a tuple with the X field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetXOk() (*string, bool) {
- if o == nil || o.X == nil {
+ if o == nil || IsNil(o.X) {
return nil, false
}
return o.X, true
@@ -498,7 +505,7 @@ func (o *JsonWebKey) GetXOk() (*string, bool) {
// HasX returns a boolean if a field has been set.
func (o *JsonWebKey) HasX() bool {
- if o != nil && o.X != nil {
+ if o != nil && !IsNil(o.X) {
return true
}
@@ -512,7 +519,7 @@ func (o *JsonWebKey) SetX(v string) {
// GetX5c returns the X5c field value if set, zero value otherwise.
func (o *JsonWebKey) GetX5c() []string {
- if o == nil || o.X5c == nil {
+ if o == nil || IsNil(o.X5c) {
var ret []string
return ret
}
@@ -522,7 +529,7 @@ func (o *JsonWebKey) GetX5c() []string {
// GetX5cOk returns a tuple with the X5c field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetX5cOk() ([]string, bool) {
- if o == nil || o.X5c == nil {
+ if o == nil || IsNil(o.X5c) {
return nil, false
}
return o.X5c, true
@@ -530,7 +537,7 @@ func (o *JsonWebKey) GetX5cOk() ([]string, bool) {
// HasX5c returns a boolean if a field has been set.
func (o *JsonWebKey) HasX5c() bool {
- if o != nil && o.X5c != nil {
+ if o != nil && !IsNil(o.X5c) {
return true
}
@@ -544,7 +551,7 @@ func (o *JsonWebKey) SetX5c(v []string) {
// GetY returns the Y field value if set, zero value otherwise.
func (o *JsonWebKey) GetY() string {
- if o == nil || o.Y == nil {
+ if o == nil || IsNil(o.Y) {
var ret string
return ret
}
@@ -554,7 +561,7 @@ func (o *JsonWebKey) GetY() string {
// GetYOk returns a tuple with the Y field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKey) GetYOk() (*string, bool) {
- if o == nil || o.Y == nil {
+ if o == nil || IsNil(o.Y) {
return nil, false
}
return o.Y, true
@@ -562,7 +569,7 @@ func (o *JsonWebKey) GetYOk() (*string, bool) {
// HasY returns a boolean if a field has been set.
func (o *JsonWebKey) HasY() bool {
- if o != nil && o.Y != nil {
+ if o != nil && !IsNil(o.Y) {
return true
}
@@ -575,59 +582,99 @@ func (o *JsonWebKey) SetY(v string) {
}
func (o JsonWebKey) MarshalJSON() ([]byte, error) {
- toSerialize := map[string]interface{}{}
- if true {
- toSerialize["alg"] = o.Alg
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
}
- if o.Crv != nil {
+ return json.Marshal(toSerialize)
+}
+
+func (o JsonWebKey) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ toSerialize["alg"] = o.Alg
+ if !IsNil(o.Crv) {
toSerialize["crv"] = o.Crv
}
- if o.D != nil {
+ if !IsNil(o.D) {
toSerialize["d"] = o.D
}
- if o.Dp != nil {
+ if !IsNil(o.Dp) {
toSerialize["dp"] = o.Dp
}
- if o.Dq != nil {
+ if !IsNil(o.Dq) {
toSerialize["dq"] = o.Dq
}
- if o.E != nil {
+ if !IsNil(o.E) {
toSerialize["e"] = o.E
}
- if o.K != nil {
+ if !IsNil(o.K) {
toSerialize["k"] = o.K
}
- if true {
- toSerialize["kid"] = o.Kid
- }
- if true {
- toSerialize["kty"] = o.Kty
- }
- if o.N != nil {
+ toSerialize["kid"] = o.Kid
+ toSerialize["kty"] = o.Kty
+ if !IsNil(o.N) {
toSerialize["n"] = o.N
}
- if o.P != nil {
+ if !IsNil(o.P) {
toSerialize["p"] = o.P
}
- if o.Q != nil {
+ if !IsNil(o.Q) {
toSerialize["q"] = o.Q
}
- if o.Qi != nil {
+ if !IsNil(o.Qi) {
toSerialize["qi"] = o.Qi
}
- if true {
- toSerialize["use"] = o.Use
- }
- if o.X != nil {
+ toSerialize["use"] = o.Use
+ if !IsNil(o.X) {
toSerialize["x"] = o.X
}
- if o.X5c != nil {
+ if !IsNil(o.X5c) {
toSerialize["x5c"] = o.X5c
}
- if o.Y != nil {
+ if !IsNil(o.Y) {
toSerialize["y"] = o.Y
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
+}
+
+func (o *JsonWebKey) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "alg",
+ "kid",
+ "kty",
+ "use",
+ }
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varJsonWebKey := _JsonWebKey{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varJsonWebKey)
+
+ if err != nil {
+ return err
+ }
+
+ *o = JsonWebKey(varJsonWebKey)
+
+ return err
}
type NullableJsonWebKey struct {
diff --git a/internal/httpclient/model_json_web_key_set.go b/internal/httpclient/model_json_web_key_set.go
index 6d328f6615d..28820351167 100644
--- a/internal/httpclient/model_json_web_key_set.go
+++ b/internal/httpclient/model_json_web_key_set.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the JsonWebKeySet type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &JsonWebKeySet{}
+
// JsonWebKeySet JSON Web Key Set
type JsonWebKeySet struct {
// List of JSON Web Keys The value of the \"keys\" parameter is an array of JSON Web Key (JWK) values. By default, the order of the JWK values within the array does not imply an order of preference among them, although applications of JWK Sets can choose to assign a meaning to the order for their purposes, if desired.
@@ -40,7 +43,7 @@ func NewJsonWebKeySetWithDefaults() *JsonWebKeySet {
// GetKeys returns the Keys field value if set, zero value otherwise.
func (o *JsonWebKeySet) GetKeys() []JsonWebKey {
- if o == nil || o.Keys == nil {
+ if o == nil || IsNil(o.Keys) {
var ret []JsonWebKey
return ret
}
@@ -50,7 +53,7 @@ func (o *JsonWebKeySet) GetKeys() []JsonWebKey {
// GetKeysOk returns a tuple with the Keys field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *JsonWebKeySet) GetKeysOk() ([]JsonWebKey, bool) {
- if o == nil || o.Keys == nil {
+ if o == nil || IsNil(o.Keys) {
return nil, false
}
return o.Keys, true
@@ -58,7 +61,7 @@ func (o *JsonWebKeySet) GetKeysOk() ([]JsonWebKey, bool) {
// HasKeys returns a boolean if a field has been set.
func (o *JsonWebKeySet) HasKeys() bool {
- if o != nil && o.Keys != nil {
+ if o != nil && !IsNil(o.Keys) {
return true
}
@@ -71,11 +74,19 @@ func (o *JsonWebKeySet) SetKeys(v []JsonWebKey) {
}
func (o JsonWebKeySet) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o JsonWebKeySet) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Keys != nil {
+ if !IsNil(o.Keys) {
toSerialize["keys"] = o.Keys
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableJsonWebKeySet struct {
diff --git a/internal/httpclient/model_o_auth2_client.go b/internal/httpclient/model_o_auth2_client.go
index 2d26a45fe7e..454579d0ec8 100644
--- a/internal/httpclient/model_o_auth2_client.go
+++ b/internal/httpclient/model_o_auth2_client.go
@@ -16,6 +16,9 @@ import (
"time"
)
+// checks if the OAuth2Client type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2Client{}
+
// OAuth2Client OAuth 2.0 Clients are used to perform OAuth 2.0 and OpenID Connect flows. Usually, OAuth 2.0 clients are generated for applications which want to consume your OAuth 2.0 or OpenID Connect capabilities.
type OAuth2Client struct {
// OAuth 2.0 Access Token Strategy AccessTokenStrategy is the strategy used to generate access tokens. Valid options are `jwt` and `opaque`. `jwt` is a bad idea, see https://www.ory.sh/docs/hydra/advanced#json-web-tokens Setting the stragegy here overrides the global setting in `strategies.access_token`.
@@ -47,6 +50,12 @@ type OAuth2Client struct {
Contacts []string `json:"contacts,omitempty"`
// OAuth 2.0 Client Creation Date CreatedAt returns the timestamp of the client's creation.
CreatedAt *time.Time `json:"created_at,omitempty"`
+ // Specify a time duration in milliseconds, seconds, minutes, hours.
+ DeviceAuthorizationGrantAccessTokenLifespan *string `json:"device_authorization_grant_access_token_lifespan,omitempty"`
+ // Specify a time duration in milliseconds, seconds, minutes, hours.
+ DeviceAuthorizationGrantIdTokenLifespan *string `json:"device_authorization_grant_id_token_lifespan,omitempty"`
+ // Specify a time duration in milliseconds, seconds, minutes, hours.
+ DeviceAuthorizationGrantRefreshTokenLifespan *string `json:"device_authorization_grant_refresh_token_lifespan,omitempty"`
// OpenID Connect Front-Channel Logout Session Required Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be included to identify the RP session with the OP when the frontchannel_logout_uri is used. If omitted, the default value is false.
FrontchannelLogoutSessionRequired *bool `json:"frontchannel_logout_session_required,omitempty"`
// OpenID Connect Front-Channel Logout URI RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the request and to determine which of the potentially multiple sessions is to be logged out; if either is included, both MUST be.
@@ -91,6 +100,8 @@ type OAuth2Client struct {
SectorIdentifierUri *string `json:"sector_identifier_uri,omitempty"`
// SkipConsent skips the consent screen for this client. This field can only be set from the admin API.
SkipConsent *bool `json:"skip_consent,omitempty"`
+ // SkipLogoutConsent skips the logout consent screen for this client. This field can only be set from the admin API.
+ SkipLogoutConsent *bool `json:"skip_logout_consent,omitempty"`
// OpenID Connect Subject Type The `subject_types_supported` Discovery parameter contains a list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.
SubjectType *string `json:"subject_type,omitempty"`
// OAuth 2.0 Token Endpoint Authentication Method Requested Client Authentication method for the Token Endpoint. The options are: `client_secret_basic`: (default) Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` encoded in the HTTP Authorization header. `client_secret_post`: Send `client_id` and `client_secret` as `application/x-www-form-urlencoded` in the HTTP body. `private_key_jwt`: Use JSON Web Tokens to authenticate the client. `none`: Used for public clients (native apps, mobile apps) which can not have secrets.
@@ -128,7 +139,7 @@ func NewOAuth2ClientWithDefaults() *OAuth2Client {
// GetAccessTokenStrategy returns the AccessTokenStrategy field value if set, zero value otherwise.
func (o *OAuth2Client) GetAccessTokenStrategy() string {
- if o == nil || o.AccessTokenStrategy == nil {
+ if o == nil || IsNil(o.AccessTokenStrategy) {
var ret string
return ret
}
@@ -138,7 +149,7 @@ func (o *OAuth2Client) GetAccessTokenStrategy() string {
// GetAccessTokenStrategyOk returns a tuple with the AccessTokenStrategy field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetAccessTokenStrategyOk() (*string, bool) {
- if o == nil || o.AccessTokenStrategy == nil {
+ if o == nil || IsNil(o.AccessTokenStrategy) {
return nil, false
}
return o.AccessTokenStrategy, true
@@ -146,7 +157,7 @@ func (o *OAuth2Client) GetAccessTokenStrategyOk() (*string, bool) {
// HasAccessTokenStrategy returns a boolean if a field has been set.
func (o *OAuth2Client) HasAccessTokenStrategy() bool {
- if o != nil && o.AccessTokenStrategy != nil {
+ if o != nil && !IsNil(o.AccessTokenStrategy) {
return true
}
@@ -160,7 +171,7 @@ func (o *OAuth2Client) SetAccessTokenStrategy(v string) {
// GetAllowedCorsOrigins returns the AllowedCorsOrigins field value if set, zero value otherwise.
func (o *OAuth2Client) GetAllowedCorsOrigins() []string {
- if o == nil || o.AllowedCorsOrigins == nil {
+ if o == nil || IsNil(o.AllowedCorsOrigins) {
var ret []string
return ret
}
@@ -170,7 +181,7 @@ func (o *OAuth2Client) GetAllowedCorsOrigins() []string {
// GetAllowedCorsOriginsOk returns a tuple with the AllowedCorsOrigins field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetAllowedCorsOriginsOk() ([]string, bool) {
- if o == nil || o.AllowedCorsOrigins == nil {
+ if o == nil || IsNil(o.AllowedCorsOrigins) {
return nil, false
}
return o.AllowedCorsOrigins, true
@@ -178,7 +189,7 @@ func (o *OAuth2Client) GetAllowedCorsOriginsOk() ([]string, bool) {
// HasAllowedCorsOrigins returns a boolean if a field has been set.
func (o *OAuth2Client) HasAllowedCorsOrigins() bool {
- if o != nil && o.AllowedCorsOrigins != nil {
+ if o != nil && !IsNil(o.AllowedCorsOrigins) {
return true
}
@@ -192,7 +203,7 @@ func (o *OAuth2Client) SetAllowedCorsOrigins(v []string) {
// GetAudience returns the Audience field value if set, zero value otherwise.
func (o *OAuth2Client) GetAudience() []string {
- if o == nil || o.Audience == nil {
+ if o == nil || IsNil(o.Audience) {
var ret []string
return ret
}
@@ -202,7 +213,7 @@ func (o *OAuth2Client) GetAudience() []string {
// GetAudienceOk returns a tuple with the Audience field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetAudienceOk() ([]string, bool) {
- if o == nil || o.Audience == nil {
+ if o == nil || IsNil(o.Audience) {
return nil, false
}
return o.Audience, true
@@ -210,7 +221,7 @@ func (o *OAuth2Client) GetAudienceOk() ([]string, bool) {
// HasAudience returns a boolean if a field has been set.
func (o *OAuth2Client) HasAudience() bool {
- if o != nil && o.Audience != nil {
+ if o != nil && !IsNil(o.Audience) {
return true
}
@@ -224,7 +235,7 @@ func (o *OAuth2Client) SetAudience(v []string) {
// GetAuthorizationCodeGrantAccessTokenLifespan returns the AuthorizationCodeGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetAuthorizationCodeGrantAccessTokenLifespan() string {
- if o == nil || o.AuthorizationCodeGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -234,7 +245,7 @@ func (o *OAuth2Client) GetAuthorizationCodeGrantAccessTokenLifespan() string {
// GetAuthorizationCodeGrantAccessTokenLifespanOk returns a tuple with the AuthorizationCodeGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetAuthorizationCodeGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.AuthorizationCodeGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantAccessTokenLifespan) {
return nil, false
}
return o.AuthorizationCodeGrantAccessTokenLifespan, true
@@ -242,7 +253,7 @@ func (o *OAuth2Client) GetAuthorizationCodeGrantAccessTokenLifespanOk() (*string
// HasAuthorizationCodeGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasAuthorizationCodeGrantAccessTokenLifespan() bool {
- if o != nil && o.AuthorizationCodeGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.AuthorizationCodeGrantAccessTokenLifespan) {
return true
}
@@ -256,7 +267,7 @@ func (o *OAuth2Client) SetAuthorizationCodeGrantAccessTokenLifespan(v string) {
// GetAuthorizationCodeGrantIdTokenLifespan returns the AuthorizationCodeGrantIdTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetAuthorizationCodeGrantIdTokenLifespan() string {
- if o == nil || o.AuthorizationCodeGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantIdTokenLifespan) {
var ret string
return ret
}
@@ -266,7 +277,7 @@ func (o *OAuth2Client) GetAuthorizationCodeGrantIdTokenLifespan() string {
// GetAuthorizationCodeGrantIdTokenLifespanOk returns a tuple with the AuthorizationCodeGrantIdTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetAuthorizationCodeGrantIdTokenLifespanOk() (*string, bool) {
- if o == nil || o.AuthorizationCodeGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantIdTokenLifespan) {
return nil, false
}
return o.AuthorizationCodeGrantIdTokenLifespan, true
@@ -274,7 +285,7 @@ func (o *OAuth2Client) GetAuthorizationCodeGrantIdTokenLifespanOk() (*string, bo
// HasAuthorizationCodeGrantIdTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasAuthorizationCodeGrantIdTokenLifespan() bool {
- if o != nil && o.AuthorizationCodeGrantIdTokenLifespan != nil {
+ if o != nil && !IsNil(o.AuthorizationCodeGrantIdTokenLifespan) {
return true
}
@@ -288,7 +299,7 @@ func (o *OAuth2Client) SetAuthorizationCodeGrantIdTokenLifespan(v string) {
// GetAuthorizationCodeGrantRefreshTokenLifespan returns the AuthorizationCodeGrantRefreshTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetAuthorizationCodeGrantRefreshTokenLifespan() string {
- if o == nil || o.AuthorizationCodeGrantRefreshTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantRefreshTokenLifespan) {
var ret string
return ret
}
@@ -298,7 +309,7 @@ func (o *OAuth2Client) GetAuthorizationCodeGrantRefreshTokenLifespan() string {
// GetAuthorizationCodeGrantRefreshTokenLifespanOk returns a tuple with the AuthorizationCodeGrantRefreshTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetAuthorizationCodeGrantRefreshTokenLifespanOk() (*string, bool) {
- if o == nil || o.AuthorizationCodeGrantRefreshTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantRefreshTokenLifespan) {
return nil, false
}
return o.AuthorizationCodeGrantRefreshTokenLifespan, true
@@ -306,7 +317,7 @@ func (o *OAuth2Client) GetAuthorizationCodeGrantRefreshTokenLifespanOk() (*strin
// HasAuthorizationCodeGrantRefreshTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasAuthorizationCodeGrantRefreshTokenLifespan() bool {
- if o != nil && o.AuthorizationCodeGrantRefreshTokenLifespan != nil {
+ if o != nil && !IsNil(o.AuthorizationCodeGrantRefreshTokenLifespan) {
return true
}
@@ -320,7 +331,7 @@ func (o *OAuth2Client) SetAuthorizationCodeGrantRefreshTokenLifespan(v string) {
// GetBackchannelLogoutSessionRequired returns the BackchannelLogoutSessionRequired field value if set, zero value otherwise.
func (o *OAuth2Client) GetBackchannelLogoutSessionRequired() bool {
- if o == nil || o.BackchannelLogoutSessionRequired == nil {
+ if o == nil || IsNil(o.BackchannelLogoutSessionRequired) {
var ret bool
return ret
}
@@ -330,7 +341,7 @@ func (o *OAuth2Client) GetBackchannelLogoutSessionRequired() bool {
// GetBackchannelLogoutSessionRequiredOk returns a tuple with the BackchannelLogoutSessionRequired field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetBackchannelLogoutSessionRequiredOk() (*bool, bool) {
- if o == nil || o.BackchannelLogoutSessionRequired == nil {
+ if o == nil || IsNil(o.BackchannelLogoutSessionRequired) {
return nil, false
}
return o.BackchannelLogoutSessionRequired, true
@@ -338,7 +349,7 @@ func (o *OAuth2Client) GetBackchannelLogoutSessionRequiredOk() (*bool, bool) {
// HasBackchannelLogoutSessionRequired returns a boolean if a field has been set.
func (o *OAuth2Client) HasBackchannelLogoutSessionRequired() bool {
- if o != nil && o.BackchannelLogoutSessionRequired != nil {
+ if o != nil && !IsNil(o.BackchannelLogoutSessionRequired) {
return true
}
@@ -352,7 +363,7 @@ func (o *OAuth2Client) SetBackchannelLogoutSessionRequired(v bool) {
// GetBackchannelLogoutUri returns the BackchannelLogoutUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetBackchannelLogoutUri() string {
- if o == nil || o.BackchannelLogoutUri == nil {
+ if o == nil || IsNil(o.BackchannelLogoutUri) {
var ret string
return ret
}
@@ -362,7 +373,7 @@ func (o *OAuth2Client) GetBackchannelLogoutUri() string {
// GetBackchannelLogoutUriOk returns a tuple with the BackchannelLogoutUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetBackchannelLogoutUriOk() (*string, bool) {
- if o == nil || o.BackchannelLogoutUri == nil {
+ if o == nil || IsNil(o.BackchannelLogoutUri) {
return nil, false
}
return o.BackchannelLogoutUri, true
@@ -370,7 +381,7 @@ func (o *OAuth2Client) GetBackchannelLogoutUriOk() (*string, bool) {
// HasBackchannelLogoutUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasBackchannelLogoutUri() bool {
- if o != nil && o.BackchannelLogoutUri != nil {
+ if o != nil && !IsNil(o.BackchannelLogoutUri) {
return true
}
@@ -384,7 +395,7 @@ func (o *OAuth2Client) SetBackchannelLogoutUri(v string) {
// GetClientCredentialsGrantAccessTokenLifespan returns the ClientCredentialsGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetClientCredentialsGrantAccessTokenLifespan() string {
- if o == nil || o.ClientCredentialsGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.ClientCredentialsGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -394,7 +405,7 @@ func (o *OAuth2Client) GetClientCredentialsGrantAccessTokenLifespan() string {
// GetClientCredentialsGrantAccessTokenLifespanOk returns a tuple with the ClientCredentialsGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetClientCredentialsGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.ClientCredentialsGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.ClientCredentialsGrantAccessTokenLifespan) {
return nil, false
}
return o.ClientCredentialsGrantAccessTokenLifespan, true
@@ -402,7 +413,7 @@ func (o *OAuth2Client) GetClientCredentialsGrantAccessTokenLifespanOk() (*string
// HasClientCredentialsGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasClientCredentialsGrantAccessTokenLifespan() bool {
- if o != nil && o.ClientCredentialsGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.ClientCredentialsGrantAccessTokenLifespan) {
return true
}
@@ -416,7 +427,7 @@ func (o *OAuth2Client) SetClientCredentialsGrantAccessTokenLifespan(v string) {
// GetClientId returns the ClientId field value if set, zero value otherwise.
func (o *OAuth2Client) GetClientId() string {
- if o == nil || o.ClientId == nil {
+ if o == nil || IsNil(o.ClientId) {
var ret string
return ret
}
@@ -426,7 +437,7 @@ func (o *OAuth2Client) GetClientId() string {
// GetClientIdOk returns a tuple with the ClientId field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetClientIdOk() (*string, bool) {
- if o == nil || o.ClientId == nil {
+ if o == nil || IsNil(o.ClientId) {
return nil, false
}
return o.ClientId, true
@@ -434,7 +445,7 @@ func (o *OAuth2Client) GetClientIdOk() (*string, bool) {
// HasClientId returns a boolean if a field has been set.
func (o *OAuth2Client) HasClientId() bool {
- if o != nil && o.ClientId != nil {
+ if o != nil && !IsNil(o.ClientId) {
return true
}
@@ -448,7 +459,7 @@ func (o *OAuth2Client) SetClientId(v string) {
// GetClientName returns the ClientName field value if set, zero value otherwise.
func (o *OAuth2Client) GetClientName() string {
- if o == nil || o.ClientName == nil {
+ if o == nil || IsNil(o.ClientName) {
var ret string
return ret
}
@@ -458,7 +469,7 @@ func (o *OAuth2Client) GetClientName() string {
// GetClientNameOk returns a tuple with the ClientName field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetClientNameOk() (*string, bool) {
- if o == nil || o.ClientName == nil {
+ if o == nil || IsNil(o.ClientName) {
return nil, false
}
return o.ClientName, true
@@ -466,7 +477,7 @@ func (o *OAuth2Client) GetClientNameOk() (*string, bool) {
// HasClientName returns a boolean if a field has been set.
func (o *OAuth2Client) HasClientName() bool {
- if o != nil && o.ClientName != nil {
+ if o != nil && !IsNil(o.ClientName) {
return true
}
@@ -480,7 +491,7 @@ func (o *OAuth2Client) SetClientName(v string) {
// GetClientSecret returns the ClientSecret field value if set, zero value otherwise.
func (o *OAuth2Client) GetClientSecret() string {
- if o == nil || o.ClientSecret == nil {
+ if o == nil || IsNil(o.ClientSecret) {
var ret string
return ret
}
@@ -490,7 +501,7 @@ func (o *OAuth2Client) GetClientSecret() string {
// GetClientSecretOk returns a tuple with the ClientSecret field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetClientSecretOk() (*string, bool) {
- if o == nil || o.ClientSecret == nil {
+ if o == nil || IsNil(o.ClientSecret) {
return nil, false
}
return o.ClientSecret, true
@@ -498,7 +509,7 @@ func (o *OAuth2Client) GetClientSecretOk() (*string, bool) {
// HasClientSecret returns a boolean if a field has been set.
func (o *OAuth2Client) HasClientSecret() bool {
- if o != nil && o.ClientSecret != nil {
+ if o != nil && !IsNil(o.ClientSecret) {
return true
}
@@ -512,7 +523,7 @@ func (o *OAuth2Client) SetClientSecret(v string) {
// GetClientSecretExpiresAt returns the ClientSecretExpiresAt field value if set, zero value otherwise.
func (o *OAuth2Client) GetClientSecretExpiresAt() int64 {
- if o == nil || o.ClientSecretExpiresAt == nil {
+ if o == nil || IsNil(o.ClientSecretExpiresAt) {
var ret int64
return ret
}
@@ -522,7 +533,7 @@ func (o *OAuth2Client) GetClientSecretExpiresAt() int64 {
// GetClientSecretExpiresAtOk returns a tuple with the ClientSecretExpiresAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetClientSecretExpiresAtOk() (*int64, bool) {
- if o == nil || o.ClientSecretExpiresAt == nil {
+ if o == nil || IsNil(o.ClientSecretExpiresAt) {
return nil, false
}
return o.ClientSecretExpiresAt, true
@@ -530,7 +541,7 @@ func (o *OAuth2Client) GetClientSecretExpiresAtOk() (*int64, bool) {
// HasClientSecretExpiresAt returns a boolean if a field has been set.
func (o *OAuth2Client) HasClientSecretExpiresAt() bool {
- if o != nil && o.ClientSecretExpiresAt != nil {
+ if o != nil && !IsNil(o.ClientSecretExpiresAt) {
return true
}
@@ -544,7 +555,7 @@ func (o *OAuth2Client) SetClientSecretExpiresAt(v int64) {
// GetClientUri returns the ClientUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetClientUri() string {
- if o == nil || o.ClientUri == nil {
+ if o == nil || IsNil(o.ClientUri) {
var ret string
return ret
}
@@ -554,7 +565,7 @@ func (o *OAuth2Client) GetClientUri() string {
// GetClientUriOk returns a tuple with the ClientUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetClientUriOk() (*string, bool) {
- if o == nil || o.ClientUri == nil {
+ if o == nil || IsNil(o.ClientUri) {
return nil, false
}
return o.ClientUri, true
@@ -562,7 +573,7 @@ func (o *OAuth2Client) GetClientUriOk() (*string, bool) {
// HasClientUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasClientUri() bool {
- if o != nil && o.ClientUri != nil {
+ if o != nil && !IsNil(o.ClientUri) {
return true
}
@@ -576,7 +587,7 @@ func (o *OAuth2Client) SetClientUri(v string) {
// GetContacts returns the Contacts field value if set, zero value otherwise.
func (o *OAuth2Client) GetContacts() []string {
- if o == nil || o.Contacts == nil {
+ if o == nil || IsNil(o.Contacts) {
var ret []string
return ret
}
@@ -586,7 +597,7 @@ func (o *OAuth2Client) GetContacts() []string {
// GetContactsOk returns a tuple with the Contacts field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetContactsOk() ([]string, bool) {
- if o == nil || o.Contacts == nil {
+ if o == nil || IsNil(o.Contacts) {
return nil, false
}
return o.Contacts, true
@@ -594,7 +605,7 @@ func (o *OAuth2Client) GetContactsOk() ([]string, bool) {
// HasContacts returns a boolean if a field has been set.
func (o *OAuth2Client) HasContacts() bool {
- if o != nil && o.Contacts != nil {
+ if o != nil && !IsNil(o.Contacts) {
return true
}
@@ -608,7 +619,7 @@ func (o *OAuth2Client) SetContacts(v []string) {
// GetCreatedAt returns the CreatedAt field value if set, zero value otherwise.
func (o *OAuth2Client) GetCreatedAt() time.Time {
- if o == nil || o.CreatedAt == nil {
+ if o == nil || IsNil(o.CreatedAt) {
var ret time.Time
return ret
}
@@ -618,7 +629,7 @@ func (o *OAuth2Client) GetCreatedAt() time.Time {
// GetCreatedAtOk returns a tuple with the CreatedAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetCreatedAtOk() (*time.Time, bool) {
- if o == nil || o.CreatedAt == nil {
+ if o == nil || IsNil(o.CreatedAt) {
return nil, false
}
return o.CreatedAt, true
@@ -626,7 +637,7 @@ func (o *OAuth2Client) GetCreatedAtOk() (*time.Time, bool) {
// HasCreatedAt returns a boolean if a field has been set.
func (o *OAuth2Client) HasCreatedAt() bool {
- if o != nil && o.CreatedAt != nil {
+ if o != nil && !IsNil(o.CreatedAt) {
return true
}
@@ -638,9 +649,105 @@ func (o *OAuth2Client) SetCreatedAt(v time.Time) {
o.CreatedAt = &v
}
+// GetDeviceAuthorizationGrantAccessTokenLifespan returns the DeviceAuthorizationGrantAccessTokenLifespan field value if set, zero value otherwise.
+func (o *OAuth2Client) GetDeviceAuthorizationGrantAccessTokenLifespan() string {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantAccessTokenLifespan) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceAuthorizationGrantAccessTokenLifespan
+}
+
+// GetDeviceAuthorizationGrantAccessTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantAccessTokenLifespan field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetDeviceAuthorizationGrantAccessTokenLifespanOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantAccessTokenLifespan) {
+ return nil, false
+ }
+ return o.DeviceAuthorizationGrantAccessTokenLifespan, true
+}
+
+// HasDeviceAuthorizationGrantAccessTokenLifespan returns a boolean if a field has been set.
+func (o *OAuth2Client) HasDeviceAuthorizationGrantAccessTokenLifespan() bool {
+ if o != nil && !IsNil(o.DeviceAuthorizationGrantAccessTokenLifespan) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceAuthorizationGrantAccessTokenLifespan gets a reference to the given string and assigns it to the DeviceAuthorizationGrantAccessTokenLifespan field.
+func (o *OAuth2Client) SetDeviceAuthorizationGrantAccessTokenLifespan(v string) {
+ o.DeviceAuthorizationGrantAccessTokenLifespan = &v
+}
+
+// GetDeviceAuthorizationGrantIdTokenLifespan returns the DeviceAuthorizationGrantIdTokenLifespan field value if set, zero value otherwise.
+func (o *OAuth2Client) GetDeviceAuthorizationGrantIdTokenLifespan() string {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantIdTokenLifespan) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceAuthorizationGrantIdTokenLifespan
+}
+
+// GetDeviceAuthorizationGrantIdTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantIdTokenLifespan field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetDeviceAuthorizationGrantIdTokenLifespanOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantIdTokenLifespan) {
+ return nil, false
+ }
+ return o.DeviceAuthorizationGrantIdTokenLifespan, true
+}
+
+// HasDeviceAuthorizationGrantIdTokenLifespan returns a boolean if a field has been set.
+func (o *OAuth2Client) HasDeviceAuthorizationGrantIdTokenLifespan() bool {
+ if o != nil && !IsNil(o.DeviceAuthorizationGrantIdTokenLifespan) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceAuthorizationGrantIdTokenLifespan gets a reference to the given string and assigns it to the DeviceAuthorizationGrantIdTokenLifespan field.
+func (o *OAuth2Client) SetDeviceAuthorizationGrantIdTokenLifespan(v string) {
+ o.DeviceAuthorizationGrantIdTokenLifespan = &v
+}
+
+// GetDeviceAuthorizationGrantRefreshTokenLifespan returns the DeviceAuthorizationGrantRefreshTokenLifespan field value if set, zero value otherwise.
+func (o *OAuth2Client) GetDeviceAuthorizationGrantRefreshTokenLifespan() string {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantRefreshTokenLifespan) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceAuthorizationGrantRefreshTokenLifespan
+}
+
+// GetDeviceAuthorizationGrantRefreshTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantRefreshTokenLifespan field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetDeviceAuthorizationGrantRefreshTokenLifespanOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantRefreshTokenLifespan) {
+ return nil, false
+ }
+ return o.DeviceAuthorizationGrantRefreshTokenLifespan, true
+}
+
+// HasDeviceAuthorizationGrantRefreshTokenLifespan returns a boolean if a field has been set.
+func (o *OAuth2Client) HasDeviceAuthorizationGrantRefreshTokenLifespan() bool {
+ if o != nil && !IsNil(o.DeviceAuthorizationGrantRefreshTokenLifespan) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceAuthorizationGrantRefreshTokenLifespan gets a reference to the given string and assigns it to the DeviceAuthorizationGrantRefreshTokenLifespan field.
+func (o *OAuth2Client) SetDeviceAuthorizationGrantRefreshTokenLifespan(v string) {
+ o.DeviceAuthorizationGrantRefreshTokenLifespan = &v
+}
+
// GetFrontchannelLogoutSessionRequired returns the FrontchannelLogoutSessionRequired field value if set, zero value otherwise.
func (o *OAuth2Client) GetFrontchannelLogoutSessionRequired() bool {
- if o == nil || o.FrontchannelLogoutSessionRequired == nil {
+ if o == nil || IsNil(o.FrontchannelLogoutSessionRequired) {
var ret bool
return ret
}
@@ -650,7 +757,7 @@ func (o *OAuth2Client) GetFrontchannelLogoutSessionRequired() bool {
// GetFrontchannelLogoutSessionRequiredOk returns a tuple with the FrontchannelLogoutSessionRequired field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetFrontchannelLogoutSessionRequiredOk() (*bool, bool) {
- if o == nil || o.FrontchannelLogoutSessionRequired == nil {
+ if o == nil || IsNil(o.FrontchannelLogoutSessionRequired) {
return nil, false
}
return o.FrontchannelLogoutSessionRequired, true
@@ -658,7 +765,7 @@ func (o *OAuth2Client) GetFrontchannelLogoutSessionRequiredOk() (*bool, bool) {
// HasFrontchannelLogoutSessionRequired returns a boolean if a field has been set.
func (o *OAuth2Client) HasFrontchannelLogoutSessionRequired() bool {
- if o != nil && o.FrontchannelLogoutSessionRequired != nil {
+ if o != nil && !IsNil(o.FrontchannelLogoutSessionRequired) {
return true
}
@@ -672,7 +779,7 @@ func (o *OAuth2Client) SetFrontchannelLogoutSessionRequired(v bool) {
// GetFrontchannelLogoutUri returns the FrontchannelLogoutUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetFrontchannelLogoutUri() string {
- if o == nil || o.FrontchannelLogoutUri == nil {
+ if o == nil || IsNil(o.FrontchannelLogoutUri) {
var ret string
return ret
}
@@ -682,7 +789,7 @@ func (o *OAuth2Client) GetFrontchannelLogoutUri() string {
// GetFrontchannelLogoutUriOk returns a tuple with the FrontchannelLogoutUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetFrontchannelLogoutUriOk() (*string, bool) {
- if o == nil || o.FrontchannelLogoutUri == nil {
+ if o == nil || IsNil(o.FrontchannelLogoutUri) {
return nil, false
}
return o.FrontchannelLogoutUri, true
@@ -690,7 +797,7 @@ func (o *OAuth2Client) GetFrontchannelLogoutUriOk() (*string, bool) {
// HasFrontchannelLogoutUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasFrontchannelLogoutUri() bool {
- if o != nil && o.FrontchannelLogoutUri != nil {
+ if o != nil && !IsNil(o.FrontchannelLogoutUri) {
return true
}
@@ -704,7 +811,7 @@ func (o *OAuth2Client) SetFrontchannelLogoutUri(v string) {
// GetGrantTypes returns the GrantTypes field value if set, zero value otherwise.
func (o *OAuth2Client) GetGrantTypes() []string {
- if o == nil || o.GrantTypes == nil {
+ if o == nil || IsNil(o.GrantTypes) {
var ret []string
return ret
}
@@ -714,7 +821,7 @@ func (o *OAuth2Client) GetGrantTypes() []string {
// GetGrantTypesOk returns a tuple with the GrantTypes field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetGrantTypesOk() ([]string, bool) {
- if o == nil || o.GrantTypes == nil {
+ if o == nil || IsNil(o.GrantTypes) {
return nil, false
}
return o.GrantTypes, true
@@ -722,7 +829,7 @@ func (o *OAuth2Client) GetGrantTypesOk() ([]string, bool) {
// HasGrantTypes returns a boolean if a field has been set.
func (o *OAuth2Client) HasGrantTypes() bool {
- if o != nil && o.GrantTypes != nil {
+ if o != nil && !IsNil(o.GrantTypes) {
return true
}
@@ -736,7 +843,7 @@ func (o *OAuth2Client) SetGrantTypes(v []string) {
// GetImplicitGrantAccessTokenLifespan returns the ImplicitGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetImplicitGrantAccessTokenLifespan() string {
- if o == nil || o.ImplicitGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.ImplicitGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -746,7 +853,7 @@ func (o *OAuth2Client) GetImplicitGrantAccessTokenLifespan() string {
// GetImplicitGrantAccessTokenLifespanOk returns a tuple with the ImplicitGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetImplicitGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.ImplicitGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.ImplicitGrantAccessTokenLifespan) {
return nil, false
}
return o.ImplicitGrantAccessTokenLifespan, true
@@ -754,7 +861,7 @@ func (o *OAuth2Client) GetImplicitGrantAccessTokenLifespanOk() (*string, bool) {
// HasImplicitGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasImplicitGrantAccessTokenLifespan() bool {
- if o != nil && o.ImplicitGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.ImplicitGrantAccessTokenLifespan) {
return true
}
@@ -768,7 +875,7 @@ func (o *OAuth2Client) SetImplicitGrantAccessTokenLifespan(v string) {
// GetImplicitGrantIdTokenLifespan returns the ImplicitGrantIdTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetImplicitGrantIdTokenLifespan() string {
- if o == nil || o.ImplicitGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.ImplicitGrantIdTokenLifespan) {
var ret string
return ret
}
@@ -778,7 +885,7 @@ func (o *OAuth2Client) GetImplicitGrantIdTokenLifespan() string {
// GetImplicitGrantIdTokenLifespanOk returns a tuple with the ImplicitGrantIdTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetImplicitGrantIdTokenLifespanOk() (*string, bool) {
- if o == nil || o.ImplicitGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.ImplicitGrantIdTokenLifespan) {
return nil, false
}
return o.ImplicitGrantIdTokenLifespan, true
@@ -786,7 +893,7 @@ func (o *OAuth2Client) GetImplicitGrantIdTokenLifespanOk() (*string, bool) {
// HasImplicitGrantIdTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasImplicitGrantIdTokenLifespan() bool {
- if o != nil && o.ImplicitGrantIdTokenLifespan != nil {
+ if o != nil && !IsNil(o.ImplicitGrantIdTokenLifespan) {
return true
}
@@ -811,7 +918,7 @@ func (o *OAuth2Client) GetJwks() interface{} {
// and a boolean to check if the value has been set.
// NOTE: If the value is an explicit nil, `nil, true` will be returned
func (o *OAuth2Client) GetJwksOk() (*interface{}, bool) {
- if o == nil || o.Jwks == nil {
+ if o == nil || IsNil(o.Jwks) {
return nil, false
}
return &o.Jwks, true
@@ -819,7 +926,7 @@ func (o *OAuth2Client) GetJwksOk() (*interface{}, bool) {
// HasJwks returns a boolean if a field has been set.
func (o *OAuth2Client) HasJwks() bool {
- if o != nil && o.Jwks != nil {
+ if o != nil && IsNil(o.Jwks) {
return true
}
@@ -833,7 +940,7 @@ func (o *OAuth2Client) SetJwks(v interface{}) {
// GetJwksUri returns the JwksUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetJwksUri() string {
- if o == nil || o.JwksUri == nil {
+ if o == nil || IsNil(o.JwksUri) {
var ret string
return ret
}
@@ -843,7 +950,7 @@ func (o *OAuth2Client) GetJwksUri() string {
// GetJwksUriOk returns a tuple with the JwksUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetJwksUriOk() (*string, bool) {
- if o == nil || o.JwksUri == nil {
+ if o == nil || IsNil(o.JwksUri) {
return nil, false
}
return o.JwksUri, true
@@ -851,7 +958,7 @@ func (o *OAuth2Client) GetJwksUriOk() (*string, bool) {
// HasJwksUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasJwksUri() bool {
- if o != nil && o.JwksUri != nil {
+ if o != nil && !IsNil(o.JwksUri) {
return true
}
@@ -865,7 +972,7 @@ func (o *OAuth2Client) SetJwksUri(v string) {
// GetJwtBearerGrantAccessTokenLifespan returns the JwtBearerGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetJwtBearerGrantAccessTokenLifespan() string {
- if o == nil || o.JwtBearerGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.JwtBearerGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -875,7 +982,7 @@ func (o *OAuth2Client) GetJwtBearerGrantAccessTokenLifespan() string {
// GetJwtBearerGrantAccessTokenLifespanOk returns a tuple with the JwtBearerGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetJwtBearerGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.JwtBearerGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.JwtBearerGrantAccessTokenLifespan) {
return nil, false
}
return o.JwtBearerGrantAccessTokenLifespan, true
@@ -883,7 +990,7 @@ func (o *OAuth2Client) GetJwtBearerGrantAccessTokenLifespanOk() (*string, bool)
// HasJwtBearerGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasJwtBearerGrantAccessTokenLifespan() bool {
- if o != nil && o.JwtBearerGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.JwtBearerGrantAccessTokenLifespan) {
return true
}
@@ -897,7 +1004,7 @@ func (o *OAuth2Client) SetJwtBearerGrantAccessTokenLifespan(v string) {
// GetLogoUri returns the LogoUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetLogoUri() string {
- if o == nil || o.LogoUri == nil {
+ if o == nil || IsNil(o.LogoUri) {
var ret string
return ret
}
@@ -907,7 +1014,7 @@ func (o *OAuth2Client) GetLogoUri() string {
// GetLogoUriOk returns a tuple with the LogoUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetLogoUriOk() (*string, bool) {
- if o == nil || o.LogoUri == nil {
+ if o == nil || IsNil(o.LogoUri) {
return nil, false
}
return o.LogoUri, true
@@ -915,7 +1022,7 @@ func (o *OAuth2Client) GetLogoUriOk() (*string, bool) {
// HasLogoUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasLogoUri() bool {
- if o != nil && o.LogoUri != nil {
+ if o != nil && !IsNil(o.LogoUri) {
return true
}
@@ -940,7 +1047,7 @@ func (o *OAuth2Client) GetMetadata() interface{} {
// and a boolean to check if the value has been set.
// NOTE: If the value is an explicit nil, `nil, true` will be returned
func (o *OAuth2Client) GetMetadataOk() (*interface{}, bool) {
- if o == nil || o.Metadata == nil {
+ if o == nil || IsNil(o.Metadata) {
return nil, false
}
return &o.Metadata, true
@@ -948,7 +1055,7 @@ func (o *OAuth2Client) GetMetadataOk() (*interface{}, bool) {
// HasMetadata returns a boolean if a field has been set.
func (o *OAuth2Client) HasMetadata() bool {
- if o != nil && o.Metadata != nil {
+ if o != nil && IsNil(o.Metadata) {
return true
}
@@ -962,7 +1069,7 @@ func (o *OAuth2Client) SetMetadata(v interface{}) {
// GetOwner returns the Owner field value if set, zero value otherwise.
func (o *OAuth2Client) GetOwner() string {
- if o == nil || o.Owner == nil {
+ if o == nil || IsNil(o.Owner) {
var ret string
return ret
}
@@ -972,7 +1079,7 @@ func (o *OAuth2Client) GetOwner() string {
// GetOwnerOk returns a tuple with the Owner field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetOwnerOk() (*string, bool) {
- if o == nil || o.Owner == nil {
+ if o == nil || IsNil(o.Owner) {
return nil, false
}
return o.Owner, true
@@ -980,7 +1087,7 @@ func (o *OAuth2Client) GetOwnerOk() (*string, bool) {
// HasOwner returns a boolean if a field has been set.
func (o *OAuth2Client) HasOwner() bool {
- if o != nil && o.Owner != nil {
+ if o != nil && !IsNil(o.Owner) {
return true
}
@@ -994,7 +1101,7 @@ func (o *OAuth2Client) SetOwner(v string) {
// GetPolicyUri returns the PolicyUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetPolicyUri() string {
- if o == nil || o.PolicyUri == nil {
+ if o == nil || IsNil(o.PolicyUri) {
var ret string
return ret
}
@@ -1004,7 +1111,7 @@ func (o *OAuth2Client) GetPolicyUri() string {
// GetPolicyUriOk returns a tuple with the PolicyUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetPolicyUriOk() (*string, bool) {
- if o == nil || o.PolicyUri == nil {
+ if o == nil || IsNil(o.PolicyUri) {
return nil, false
}
return o.PolicyUri, true
@@ -1012,7 +1119,7 @@ func (o *OAuth2Client) GetPolicyUriOk() (*string, bool) {
// HasPolicyUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasPolicyUri() bool {
- if o != nil && o.PolicyUri != nil {
+ if o != nil && !IsNil(o.PolicyUri) {
return true
}
@@ -1026,7 +1133,7 @@ func (o *OAuth2Client) SetPolicyUri(v string) {
// GetPostLogoutRedirectUris returns the PostLogoutRedirectUris field value if set, zero value otherwise.
func (o *OAuth2Client) GetPostLogoutRedirectUris() []string {
- if o == nil || o.PostLogoutRedirectUris == nil {
+ if o == nil || IsNil(o.PostLogoutRedirectUris) {
var ret []string
return ret
}
@@ -1036,7 +1143,7 @@ func (o *OAuth2Client) GetPostLogoutRedirectUris() []string {
// GetPostLogoutRedirectUrisOk returns a tuple with the PostLogoutRedirectUris field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetPostLogoutRedirectUrisOk() ([]string, bool) {
- if o == nil || o.PostLogoutRedirectUris == nil {
+ if o == nil || IsNil(o.PostLogoutRedirectUris) {
return nil, false
}
return o.PostLogoutRedirectUris, true
@@ -1044,7 +1151,7 @@ func (o *OAuth2Client) GetPostLogoutRedirectUrisOk() ([]string, bool) {
// HasPostLogoutRedirectUris returns a boolean if a field has been set.
func (o *OAuth2Client) HasPostLogoutRedirectUris() bool {
- if o != nil && o.PostLogoutRedirectUris != nil {
+ if o != nil && !IsNil(o.PostLogoutRedirectUris) {
return true
}
@@ -1058,7 +1165,7 @@ func (o *OAuth2Client) SetPostLogoutRedirectUris(v []string) {
// GetRedirectUris returns the RedirectUris field value if set, zero value otherwise.
func (o *OAuth2Client) GetRedirectUris() []string {
- if o == nil || o.RedirectUris == nil {
+ if o == nil || IsNil(o.RedirectUris) {
var ret []string
return ret
}
@@ -1068,7 +1175,7 @@ func (o *OAuth2Client) GetRedirectUris() []string {
// GetRedirectUrisOk returns a tuple with the RedirectUris field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetRedirectUrisOk() ([]string, bool) {
- if o == nil || o.RedirectUris == nil {
+ if o == nil || IsNil(o.RedirectUris) {
return nil, false
}
return o.RedirectUris, true
@@ -1076,7 +1183,7 @@ func (o *OAuth2Client) GetRedirectUrisOk() ([]string, bool) {
// HasRedirectUris returns a boolean if a field has been set.
func (o *OAuth2Client) HasRedirectUris() bool {
- if o != nil && o.RedirectUris != nil {
+ if o != nil && !IsNil(o.RedirectUris) {
return true
}
@@ -1090,7 +1197,7 @@ func (o *OAuth2Client) SetRedirectUris(v []string) {
// GetRefreshTokenGrantAccessTokenLifespan returns the RefreshTokenGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetRefreshTokenGrantAccessTokenLifespan() string {
- if o == nil || o.RefreshTokenGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -1100,7 +1207,7 @@ func (o *OAuth2Client) GetRefreshTokenGrantAccessTokenLifespan() string {
// GetRefreshTokenGrantAccessTokenLifespanOk returns a tuple with the RefreshTokenGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetRefreshTokenGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.RefreshTokenGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantAccessTokenLifespan) {
return nil, false
}
return o.RefreshTokenGrantAccessTokenLifespan, true
@@ -1108,7 +1215,7 @@ func (o *OAuth2Client) GetRefreshTokenGrantAccessTokenLifespanOk() (*string, boo
// HasRefreshTokenGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasRefreshTokenGrantAccessTokenLifespan() bool {
- if o != nil && o.RefreshTokenGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.RefreshTokenGrantAccessTokenLifespan) {
return true
}
@@ -1122,7 +1229,7 @@ func (o *OAuth2Client) SetRefreshTokenGrantAccessTokenLifespan(v string) {
// GetRefreshTokenGrantIdTokenLifespan returns the RefreshTokenGrantIdTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetRefreshTokenGrantIdTokenLifespan() string {
- if o == nil || o.RefreshTokenGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantIdTokenLifespan) {
var ret string
return ret
}
@@ -1132,7 +1239,7 @@ func (o *OAuth2Client) GetRefreshTokenGrantIdTokenLifespan() string {
// GetRefreshTokenGrantIdTokenLifespanOk returns a tuple with the RefreshTokenGrantIdTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetRefreshTokenGrantIdTokenLifespanOk() (*string, bool) {
- if o == nil || o.RefreshTokenGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantIdTokenLifespan) {
return nil, false
}
return o.RefreshTokenGrantIdTokenLifespan, true
@@ -1140,7 +1247,7 @@ func (o *OAuth2Client) GetRefreshTokenGrantIdTokenLifespanOk() (*string, bool) {
// HasRefreshTokenGrantIdTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasRefreshTokenGrantIdTokenLifespan() bool {
- if o != nil && o.RefreshTokenGrantIdTokenLifespan != nil {
+ if o != nil && !IsNil(o.RefreshTokenGrantIdTokenLifespan) {
return true
}
@@ -1154,7 +1261,7 @@ func (o *OAuth2Client) SetRefreshTokenGrantIdTokenLifespan(v string) {
// GetRefreshTokenGrantRefreshTokenLifespan returns the RefreshTokenGrantRefreshTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2Client) GetRefreshTokenGrantRefreshTokenLifespan() string {
- if o == nil || o.RefreshTokenGrantRefreshTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantRefreshTokenLifespan) {
var ret string
return ret
}
@@ -1164,7 +1271,7 @@ func (o *OAuth2Client) GetRefreshTokenGrantRefreshTokenLifespan() string {
// GetRefreshTokenGrantRefreshTokenLifespanOk returns a tuple with the RefreshTokenGrantRefreshTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetRefreshTokenGrantRefreshTokenLifespanOk() (*string, bool) {
- if o == nil || o.RefreshTokenGrantRefreshTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantRefreshTokenLifespan) {
return nil, false
}
return o.RefreshTokenGrantRefreshTokenLifespan, true
@@ -1172,7 +1279,7 @@ func (o *OAuth2Client) GetRefreshTokenGrantRefreshTokenLifespanOk() (*string, bo
// HasRefreshTokenGrantRefreshTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2Client) HasRefreshTokenGrantRefreshTokenLifespan() bool {
- if o != nil && o.RefreshTokenGrantRefreshTokenLifespan != nil {
+ if o != nil && !IsNil(o.RefreshTokenGrantRefreshTokenLifespan) {
return true
}
@@ -1186,7 +1293,7 @@ func (o *OAuth2Client) SetRefreshTokenGrantRefreshTokenLifespan(v string) {
// GetRegistrationAccessToken returns the RegistrationAccessToken field value if set, zero value otherwise.
func (o *OAuth2Client) GetRegistrationAccessToken() string {
- if o == nil || o.RegistrationAccessToken == nil {
+ if o == nil || IsNil(o.RegistrationAccessToken) {
var ret string
return ret
}
@@ -1196,7 +1303,7 @@ func (o *OAuth2Client) GetRegistrationAccessToken() string {
// GetRegistrationAccessTokenOk returns a tuple with the RegistrationAccessToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetRegistrationAccessTokenOk() (*string, bool) {
- if o == nil || o.RegistrationAccessToken == nil {
+ if o == nil || IsNil(o.RegistrationAccessToken) {
return nil, false
}
return o.RegistrationAccessToken, true
@@ -1204,7 +1311,7 @@ func (o *OAuth2Client) GetRegistrationAccessTokenOk() (*string, bool) {
// HasRegistrationAccessToken returns a boolean if a field has been set.
func (o *OAuth2Client) HasRegistrationAccessToken() bool {
- if o != nil && o.RegistrationAccessToken != nil {
+ if o != nil && !IsNil(o.RegistrationAccessToken) {
return true
}
@@ -1218,7 +1325,7 @@ func (o *OAuth2Client) SetRegistrationAccessToken(v string) {
// GetRegistrationClientUri returns the RegistrationClientUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetRegistrationClientUri() string {
- if o == nil || o.RegistrationClientUri == nil {
+ if o == nil || IsNil(o.RegistrationClientUri) {
var ret string
return ret
}
@@ -1228,7 +1335,7 @@ func (o *OAuth2Client) GetRegistrationClientUri() string {
// GetRegistrationClientUriOk returns a tuple with the RegistrationClientUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetRegistrationClientUriOk() (*string, bool) {
- if o == nil || o.RegistrationClientUri == nil {
+ if o == nil || IsNil(o.RegistrationClientUri) {
return nil, false
}
return o.RegistrationClientUri, true
@@ -1236,7 +1343,7 @@ func (o *OAuth2Client) GetRegistrationClientUriOk() (*string, bool) {
// HasRegistrationClientUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasRegistrationClientUri() bool {
- if o != nil && o.RegistrationClientUri != nil {
+ if o != nil && !IsNil(o.RegistrationClientUri) {
return true
}
@@ -1250,7 +1357,7 @@ func (o *OAuth2Client) SetRegistrationClientUri(v string) {
// GetRequestObjectSigningAlg returns the RequestObjectSigningAlg field value if set, zero value otherwise.
func (o *OAuth2Client) GetRequestObjectSigningAlg() string {
- if o == nil || o.RequestObjectSigningAlg == nil {
+ if o == nil || IsNil(o.RequestObjectSigningAlg) {
var ret string
return ret
}
@@ -1260,7 +1367,7 @@ func (o *OAuth2Client) GetRequestObjectSigningAlg() string {
// GetRequestObjectSigningAlgOk returns a tuple with the RequestObjectSigningAlg field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetRequestObjectSigningAlgOk() (*string, bool) {
- if o == nil || o.RequestObjectSigningAlg == nil {
+ if o == nil || IsNil(o.RequestObjectSigningAlg) {
return nil, false
}
return o.RequestObjectSigningAlg, true
@@ -1268,7 +1375,7 @@ func (o *OAuth2Client) GetRequestObjectSigningAlgOk() (*string, bool) {
// HasRequestObjectSigningAlg returns a boolean if a field has been set.
func (o *OAuth2Client) HasRequestObjectSigningAlg() bool {
- if o != nil && o.RequestObjectSigningAlg != nil {
+ if o != nil && !IsNil(o.RequestObjectSigningAlg) {
return true
}
@@ -1282,7 +1389,7 @@ func (o *OAuth2Client) SetRequestObjectSigningAlg(v string) {
// GetRequestUris returns the RequestUris field value if set, zero value otherwise.
func (o *OAuth2Client) GetRequestUris() []string {
- if o == nil || o.RequestUris == nil {
+ if o == nil || IsNil(o.RequestUris) {
var ret []string
return ret
}
@@ -1292,7 +1399,7 @@ func (o *OAuth2Client) GetRequestUris() []string {
// GetRequestUrisOk returns a tuple with the RequestUris field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetRequestUrisOk() ([]string, bool) {
- if o == nil || o.RequestUris == nil {
+ if o == nil || IsNil(o.RequestUris) {
return nil, false
}
return o.RequestUris, true
@@ -1300,7 +1407,7 @@ func (o *OAuth2Client) GetRequestUrisOk() ([]string, bool) {
// HasRequestUris returns a boolean if a field has been set.
func (o *OAuth2Client) HasRequestUris() bool {
- if o != nil && o.RequestUris != nil {
+ if o != nil && !IsNil(o.RequestUris) {
return true
}
@@ -1314,7 +1421,7 @@ func (o *OAuth2Client) SetRequestUris(v []string) {
// GetResponseTypes returns the ResponseTypes field value if set, zero value otherwise.
func (o *OAuth2Client) GetResponseTypes() []string {
- if o == nil || o.ResponseTypes == nil {
+ if o == nil || IsNil(o.ResponseTypes) {
var ret []string
return ret
}
@@ -1324,7 +1431,7 @@ func (o *OAuth2Client) GetResponseTypes() []string {
// GetResponseTypesOk returns a tuple with the ResponseTypes field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetResponseTypesOk() ([]string, bool) {
- if o == nil || o.ResponseTypes == nil {
+ if o == nil || IsNil(o.ResponseTypes) {
return nil, false
}
return o.ResponseTypes, true
@@ -1332,7 +1439,7 @@ func (o *OAuth2Client) GetResponseTypesOk() ([]string, bool) {
// HasResponseTypes returns a boolean if a field has been set.
func (o *OAuth2Client) HasResponseTypes() bool {
- if o != nil && o.ResponseTypes != nil {
+ if o != nil && !IsNil(o.ResponseTypes) {
return true
}
@@ -1346,7 +1453,7 @@ func (o *OAuth2Client) SetResponseTypes(v []string) {
// GetScope returns the Scope field value if set, zero value otherwise.
func (o *OAuth2Client) GetScope() string {
- if o == nil || o.Scope == nil {
+ if o == nil || IsNil(o.Scope) {
var ret string
return ret
}
@@ -1356,7 +1463,7 @@ func (o *OAuth2Client) GetScope() string {
// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetScopeOk() (*string, bool) {
- if o == nil || o.Scope == nil {
+ if o == nil || IsNil(o.Scope) {
return nil, false
}
return o.Scope, true
@@ -1364,7 +1471,7 @@ func (o *OAuth2Client) GetScopeOk() (*string, bool) {
// HasScope returns a boolean if a field has been set.
func (o *OAuth2Client) HasScope() bool {
- if o != nil && o.Scope != nil {
+ if o != nil && !IsNil(o.Scope) {
return true
}
@@ -1378,7 +1485,7 @@ func (o *OAuth2Client) SetScope(v string) {
// GetSectorIdentifierUri returns the SectorIdentifierUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetSectorIdentifierUri() string {
- if o == nil || o.SectorIdentifierUri == nil {
+ if o == nil || IsNil(o.SectorIdentifierUri) {
var ret string
return ret
}
@@ -1388,7 +1495,7 @@ func (o *OAuth2Client) GetSectorIdentifierUri() string {
// GetSectorIdentifierUriOk returns a tuple with the SectorIdentifierUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetSectorIdentifierUriOk() (*string, bool) {
- if o == nil || o.SectorIdentifierUri == nil {
+ if o == nil || IsNil(o.SectorIdentifierUri) {
return nil, false
}
return o.SectorIdentifierUri, true
@@ -1396,7 +1503,7 @@ func (o *OAuth2Client) GetSectorIdentifierUriOk() (*string, bool) {
// HasSectorIdentifierUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasSectorIdentifierUri() bool {
- if o != nil && o.SectorIdentifierUri != nil {
+ if o != nil && !IsNil(o.SectorIdentifierUri) {
return true
}
@@ -1410,7 +1517,7 @@ func (o *OAuth2Client) SetSectorIdentifierUri(v string) {
// GetSkipConsent returns the SkipConsent field value if set, zero value otherwise.
func (o *OAuth2Client) GetSkipConsent() bool {
- if o == nil || o.SkipConsent == nil {
+ if o == nil || IsNil(o.SkipConsent) {
var ret bool
return ret
}
@@ -1420,7 +1527,7 @@ func (o *OAuth2Client) GetSkipConsent() bool {
// GetSkipConsentOk returns a tuple with the SkipConsent field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetSkipConsentOk() (*bool, bool) {
- if o == nil || o.SkipConsent == nil {
+ if o == nil || IsNil(o.SkipConsent) {
return nil, false
}
return o.SkipConsent, true
@@ -1428,7 +1535,7 @@ func (o *OAuth2Client) GetSkipConsentOk() (*bool, bool) {
// HasSkipConsent returns a boolean if a field has been set.
func (o *OAuth2Client) HasSkipConsent() bool {
- if o != nil && o.SkipConsent != nil {
+ if o != nil && !IsNil(o.SkipConsent) {
return true
}
@@ -1440,9 +1547,41 @@ func (o *OAuth2Client) SetSkipConsent(v bool) {
o.SkipConsent = &v
}
+// GetSkipLogoutConsent returns the SkipLogoutConsent field value if set, zero value otherwise.
+func (o *OAuth2Client) GetSkipLogoutConsent() bool {
+ if o == nil || IsNil(o.SkipLogoutConsent) {
+ var ret bool
+ return ret
+ }
+ return *o.SkipLogoutConsent
+}
+
+// GetSkipLogoutConsentOk returns a tuple with the SkipLogoutConsent field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2Client) GetSkipLogoutConsentOk() (*bool, bool) {
+ if o == nil || IsNil(o.SkipLogoutConsent) {
+ return nil, false
+ }
+ return o.SkipLogoutConsent, true
+}
+
+// HasSkipLogoutConsent returns a boolean if a field has been set.
+func (o *OAuth2Client) HasSkipLogoutConsent() bool {
+ if o != nil && !IsNil(o.SkipLogoutConsent) {
+ return true
+ }
+
+ return false
+}
+
+// SetSkipLogoutConsent gets a reference to the given bool and assigns it to the SkipLogoutConsent field.
+func (o *OAuth2Client) SetSkipLogoutConsent(v bool) {
+ o.SkipLogoutConsent = &v
+}
+
// GetSubjectType returns the SubjectType field value if set, zero value otherwise.
func (o *OAuth2Client) GetSubjectType() string {
- if o == nil || o.SubjectType == nil {
+ if o == nil || IsNil(o.SubjectType) {
var ret string
return ret
}
@@ -1452,7 +1591,7 @@ func (o *OAuth2Client) GetSubjectType() string {
// GetSubjectTypeOk returns a tuple with the SubjectType field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetSubjectTypeOk() (*string, bool) {
- if o == nil || o.SubjectType == nil {
+ if o == nil || IsNil(o.SubjectType) {
return nil, false
}
return o.SubjectType, true
@@ -1460,7 +1599,7 @@ func (o *OAuth2Client) GetSubjectTypeOk() (*string, bool) {
// HasSubjectType returns a boolean if a field has been set.
func (o *OAuth2Client) HasSubjectType() bool {
- if o != nil && o.SubjectType != nil {
+ if o != nil && !IsNil(o.SubjectType) {
return true
}
@@ -1474,7 +1613,7 @@ func (o *OAuth2Client) SetSubjectType(v string) {
// GetTokenEndpointAuthMethod returns the TokenEndpointAuthMethod field value if set, zero value otherwise.
func (o *OAuth2Client) GetTokenEndpointAuthMethod() string {
- if o == nil || o.TokenEndpointAuthMethod == nil {
+ if o == nil || IsNil(o.TokenEndpointAuthMethod) {
var ret string
return ret
}
@@ -1484,7 +1623,7 @@ func (o *OAuth2Client) GetTokenEndpointAuthMethod() string {
// GetTokenEndpointAuthMethodOk returns a tuple with the TokenEndpointAuthMethod field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetTokenEndpointAuthMethodOk() (*string, bool) {
- if o == nil || o.TokenEndpointAuthMethod == nil {
+ if o == nil || IsNil(o.TokenEndpointAuthMethod) {
return nil, false
}
return o.TokenEndpointAuthMethod, true
@@ -1492,7 +1631,7 @@ func (o *OAuth2Client) GetTokenEndpointAuthMethodOk() (*string, bool) {
// HasTokenEndpointAuthMethod returns a boolean if a field has been set.
func (o *OAuth2Client) HasTokenEndpointAuthMethod() bool {
- if o != nil && o.TokenEndpointAuthMethod != nil {
+ if o != nil && !IsNil(o.TokenEndpointAuthMethod) {
return true
}
@@ -1506,7 +1645,7 @@ func (o *OAuth2Client) SetTokenEndpointAuthMethod(v string) {
// GetTokenEndpointAuthSigningAlg returns the TokenEndpointAuthSigningAlg field value if set, zero value otherwise.
func (o *OAuth2Client) GetTokenEndpointAuthSigningAlg() string {
- if o == nil || o.TokenEndpointAuthSigningAlg == nil {
+ if o == nil || IsNil(o.TokenEndpointAuthSigningAlg) {
var ret string
return ret
}
@@ -1516,7 +1655,7 @@ func (o *OAuth2Client) GetTokenEndpointAuthSigningAlg() string {
// GetTokenEndpointAuthSigningAlgOk returns a tuple with the TokenEndpointAuthSigningAlg field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetTokenEndpointAuthSigningAlgOk() (*string, bool) {
- if o == nil || o.TokenEndpointAuthSigningAlg == nil {
+ if o == nil || IsNil(o.TokenEndpointAuthSigningAlg) {
return nil, false
}
return o.TokenEndpointAuthSigningAlg, true
@@ -1524,7 +1663,7 @@ func (o *OAuth2Client) GetTokenEndpointAuthSigningAlgOk() (*string, bool) {
// HasTokenEndpointAuthSigningAlg returns a boolean if a field has been set.
func (o *OAuth2Client) HasTokenEndpointAuthSigningAlg() bool {
- if o != nil && o.TokenEndpointAuthSigningAlg != nil {
+ if o != nil && !IsNil(o.TokenEndpointAuthSigningAlg) {
return true
}
@@ -1538,7 +1677,7 @@ func (o *OAuth2Client) SetTokenEndpointAuthSigningAlg(v string) {
// GetTosUri returns the TosUri field value if set, zero value otherwise.
func (o *OAuth2Client) GetTosUri() string {
- if o == nil || o.TosUri == nil {
+ if o == nil || IsNil(o.TosUri) {
var ret string
return ret
}
@@ -1548,7 +1687,7 @@ func (o *OAuth2Client) GetTosUri() string {
// GetTosUriOk returns a tuple with the TosUri field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetTosUriOk() (*string, bool) {
- if o == nil || o.TosUri == nil {
+ if o == nil || IsNil(o.TosUri) {
return nil, false
}
return o.TosUri, true
@@ -1556,7 +1695,7 @@ func (o *OAuth2Client) GetTosUriOk() (*string, bool) {
// HasTosUri returns a boolean if a field has been set.
func (o *OAuth2Client) HasTosUri() bool {
- if o != nil && o.TosUri != nil {
+ if o != nil && !IsNil(o.TosUri) {
return true
}
@@ -1570,7 +1709,7 @@ func (o *OAuth2Client) SetTosUri(v string) {
// GetUpdatedAt returns the UpdatedAt field value if set, zero value otherwise.
func (o *OAuth2Client) GetUpdatedAt() time.Time {
- if o == nil || o.UpdatedAt == nil {
+ if o == nil || IsNil(o.UpdatedAt) {
var ret time.Time
return ret
}
@@ -1580,7 +1719,7 @@ func (o *OAuth2Client) GetUpdatedAt() time.Time {
// GetUpdatedAtOk returns a tuple with the UpdatedAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetUpdatedAtOk() (*time.Time, bool) {
- if o == nil || o.UpdatedAt == nil {
+ if o == nil || IsNil(o.UpdatedAt) {
return nil, false
}
return o.UpdatedAt, true
@@ -1588,7 +1727,7 @@ func (o *OAuth2Client) GetUpdatedAtOk() (*time.Time, bool) {
// HasUpdatedAt returns a boolean if a field has been set.
func (o *OAuth2Client) HasUpdatedAt() bool {
- if o != nil && o.UpdatedAt != nil {
+ if o != nil && !IsNil(o.UpdatedAt) {
return true
}
@@ -1602,7 +1741,7 @@ func (o *OAuth2Client) SetUpdatedAt(v time.Time) {
// GetUserinfoSignedResponseAlg returns the UserinfoSignedResponseAlg field value if set, zero value otherwise.
func (o *OAuth2Client) GetUserinfoSignedResponseAlg() string {
- if o == nil || o.UserinfoSignedResponseAlg == nil {
+ if o == nil || IsNil(o.UserinfoSignedResponseAlg) {
var ret string
return ret
}
@@ -1612,7 +1751,7 @@ func (o *OAuth2Client) GetUserinfoSignedResponseAlg() string {
// GetUserinfoSignedResponseAlgOk returns a tuple with the UserinfoSignedResponseAlg field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2Client) GetUserinfoSignedResponseAlgOk() (*string, bool) {
- if o == nil || o.UserinfoSignedResponseAlg == nil {
+ if o == nil || IsNil(o.UserinfoSignedResponseAlg) {
return nil, false
}
return o.UserinfoSignedResponseAlg, true
@@ -1620,7 +1759,7 @@ func (o *OAuth2Client) GetUserinfoSignedResponseAlgOk() (*string, bool) {
// HasUserinfoSignedResponseAlg returns a boolean if a field has been set.
func (o *OAuth2Client) HasUserinfoSignedResponseAlg() bool {
- if o != nil && o.UserinfoSignedResponseAlg != nil {
+ if o != nil && !IsNil(o.UserinfoSignedResponseAlg) {
return true
}
@@ -1633,149 +1772,169 @@ func (o *OAuth2Client) SetUserinfoSignedResponseAlg(v string) {
}
func (o OAuth2Client) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2Client) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.AccessTokenStrategy != nil {
+ if !IsNil(o.AccessTokenStrategy) {
toSerialize["access_token_strategy"] = o.AccessTokenStrategy
}
- if o.AllowedCorsOrigins != nil {
+ if !IsNil(o.AllowedCorsOrigins) {
toSerialize["allowed_cors_origins"] = o.AllowedCorsOrigins
}
- if o.Audience != nil {
+ if !IsNil(o.Audience) {
toSerialize["audience"] = o.Audience
}
- if o.AuthorizationCodeGrantAccessTokenLifespan != nil {
+ if !IsNil(o.AuthorizationCodeGrantAccessTokenLifespan) {
toSerialize["authorization_code_grant_access_token_lifespan"] = o.AuthorizationCodeGrantAccessTokenLifespan
}
- if o.AuthorizationCodeGrantIdTokenLifespan != nil {
+ if !IsNil(o.AuthorizationCodeGrantIdTokenLifespan) {
toSerialize["authorization_code_grant_id_token_lifespan"] = o.AuthorizationCodeGrantIdTokenLifespan
}
- if o.AuthorizationCodeGrantRefreshTokenLifespan != nil {
+ if !IsNil(o.AuthorizationCodeGrantRefreshTokenLifespan) {
toSerialize["authorization_code_grant_refresh_token_lifespan"] = o.AuthorizationCodeGrantRefreshTokenLifespan
}
- if o.BackchannelLogoutSessionRequired != nil {
+ if !IsNil(o.BackchannelLogoutSessionRequired) {
toSerialize["backchannel_logout_session_required"] = o.BackchannelLogoutSessionRequired
}
- if o.BackchannelLogoutUri != nil {
+ if !IsNil(o.BackchannelLogoutUri) {
toSerialize["backchannel_logout_uri"] = o.BackchannelLogoutUri
}
- if o.ClientCredentialsGrantAccessTokenLifespan != nil {
+ if !IsNil(o.ClientCredentialsGrantAccessTokenLifespan) {
toSerialize["client_credentials_grant_access_token_lifespan"] = o.ClientCredentialsGrantAccessTokenLifespan
}
- if o.ClientId != nil {
+ if !IsNil(o.ClientId) {
toSerialize["client_id"] = o.ClientId
}
- if o.ClientName != nil {
+ if !IsNil(o.ClientName) {
toSerialize["client_name"] = o.ClientName
}
- if o.ClientSecret != nil {
+ if !IsNil(o.ClientSecret) {
toSerialize["client_secret"] = o.ClientSecret
}
- if o.ClientSecretExpiresAt != nil {
+ if !IsNil(o.ClientSecretExpiresAt) {
toSerialize["client_secret_expires_at"] = o.ClientSecretExpiresAt
}
- if o.ClientUri != nil {
+ if !IsNil(o.ClientUri) {
toSerialize["client_uri"] = o.ClientUri
}
- if o.Contacts != nil {
+ if !IsNil(o.Contacts) {
toSerialize["contacts"] = o.Contacts
}
- if o.CreatedAt != nil {
+ if !IsNil(o.CreatedAt) {
toSerialize["created_at"] = o.CreatedAt
}
- if o.FrontchannelLogoutSessionRequired != nil {
+ if !IsNil(o.DeviceAuthorizationGrantAccessTokenLifespan) {
+ toSerialize["device_authorization_grant_access_token_lifespan"] = o.DeviceAuthorizationGrantAccessTokenLifespan
+ }
+ if !IsNil(o.DeviceAuthorizationGrantIdTokenLifespan) {
+ toSerialize["device_authorization_grant_id_token_lifespan"] = o.DeviceAuthorizationGrantIdTokenLifespan
+ }
+ if !IsNil(o.DeviceAuthorizationGrantRefreshTokenLifespan) {
+ toSerialize["device_authorization_grant_refresh_token_lifespan"] = o.DeviceAuthorizationGrantRefreshTokenLifespan
+ }
+ if !IsNil(o.FrontchannelLogoutSessionRequired) {
toSerialize["frontchannel_logout_session_required"] = o.FrontchannelLogoutSessionRequired
}
- if o.FrontchannelLogoutUri != nil {
+ if !IsNil(o.FrontchannelLogoutUri) {
toSerialize["frontchannel_logout_uri"] = o.FrontchannelLogoutUri
}
- if o.GrantTypes != nil {
+ if !IsNil(o.GrantTypes) {
toSerialize["grant_types"] = o.GrantTypes
}
- if o.ImplicitGrantAccessTokenLifespan != nil {
+ if !IsNil(o.ImplicitGrantAccessTokenLifespan) {
toSerialize["implicit_grant_access_token_lifespan"] = o.ImplicitGrantAccessTokenLifespan
}
- if o.ImplicitGrantIdTokenLifespan != nil {
+ if !IsNil(o.ImplicitGrantIdTokenLifespan) {
toSerialize["implicit_grant_id_token_lifespan"] = o.ImplicitGrantIdTokenLifespan
}
if o.Jwks != nil {
toSerialize["jwks"] = o.Jwks
}
- if o.JwksUri != nil {
+ if !IsNil(o.JwksUri) {
toSerialize["jwks_uri"] = o.JwksUri
}
- if o.JwtBearerGrantAccessTokenLifespan != nil {
+ if !IsNil(o.JwtBearerGrantAccessTokenLifespan) {
toSerialize["jwt_bearer_grant_access_token_lifespan"] = o.JwtBearerGrantAccessTokenLifespan
}
- if o.LogoUri != nil {
+ if !IsNil(o.LogoUri) {
toSerialize["logo_uri"] = o.LogoUri
}
if o.Metadata != nil {
toSerialize["metadata"] = o.Metadata
}
- if o.Owner != nil {
+ if !IsNil(o.Owner) {
toSerialize["owner"] = o.Owner
}
- if o.PolicyUri != nil {
+ if !IsNil(o.PolicyUri) {
toSerialize["policy_uri"] = o.PolicyUri
}
- if o.PostLogoutRedirectUris != nil {
+ if !IsNil(o.PostLogoutRedirectUris) {
toSerialize["post_logout_redirect_uris"] = o.PostLogoutRedirectUris
}
- if o.RedirectUris != nil {
+ if !IsNil(o.RedirectUris) {
toSerialize["redirect_uris"] = o.RedirectUris
}
- if o.RefreshTokenGrantAccessTokenLifespan != nil {
+ if !IsNil(o.RefreshTokenGrantAccessTokenLifespan) {
toSerialize["refresh_token_grant_access_token_lifespan"] = o.RefreshTokenGrantAccessTokenLifespan
}
- if o.RefreshTokenGrantIdTokenLifespan != nil {
+ if !IsNil(o.RefreshTokenGrantIdTokenLifespan) {
toSerialize["refresh_token_grant_id_token_lifespan"] = o.RefreshTokenGrantIdTokenLifespan
}
- if o.RefreshTokenGrantRefreshTokenLifespan != nil {
+ if !IsNil(o.RefreshTokenGrantRefreshTokenLifespan) {
toSerialize["refresh_token_grant_refresh_token_lifespan"] = o.RefreshTokenGrantRefreshTokenLifespan
}
- if o.RegistrationAccessToken != nil {
+ if !IsNil(o.RegistrationAccessToken) {
toSerialize["registration_access_token"] = o.RegistrationAccessToken
}
- if o.RegistrationClientUri != nil {
+ if !IsNil(o.RegistrationClientUri) {
toSerialize["registration_client_uri"] = o.RegistrationClientUri
}
- if o.RequestObjectSigningAlg != nil {
+ if !IsNil(o.RequestObjectSigningAlg) {
toSerialize["request_object_signing_alg"] = o.RequestObjectSigningAlg
}
- if o.RequestUris != nil {
+ if !IsNil(o.RequestUris) {
toSerialize["request_uris"] = o.RequestUris
}
- if o.ResponseTypes != nil {
+ if !IsNil(o.ResponseTypes) {
toSerialize["response_types"] = o.ResponseTypes
}
- if o.Scope != nil {
+ if !IsNil(o.Scope) {
toSerialize["scope"] = o.Scope
}
- if o.SectorIdentifierUri != nil {
+ if !IsNil(o.SectorIdentifierUri) {
toSerialize["sector_identifier_uri"] = o.SectorIdentifierUri
}
- if o.SkipConsent != nil {
+ if !IsNil(o.SkipConsent) {
toSerialize["skip_consent"] = o.SkipConsent
}
- if o.SubjectType != nil {
+ if !IsNil(o.SkipLogoutConsent) {
+ toSerialize["skip_logout_consent"] = o.SkipLogoutConsent
+ }
+ if !IsNil(o.SubjectType) {
toSerialize["subject_type"] = o.SubjectType
}
- if o.TokenEndpointAuthMethod != nil {
+ if !IsNil(o.TokenEndpointAuthMethod) {
toSerialize["token_endpoint_auth_method"] = o.TokenEndpointAuthMethod
}
- if o.TokenEndpointAuthSigningAlg != nil {
+ if !IsNil(o.TokenEndpointAuthSigningAlg) {
toSerialize["token_endpoint_auth_signing_alg"] = o.TokenEndpointAuthSigningAlg
}
- if o.TosUri != nil {
+ if !IsNil(o.TosUri) {
toSerialize["tos_uri"] = o.TosUri
}
- if o.UpdatedAt != nil {
+ if !IsNil(o.UpdatedAt) {
toSerialize["updated_at"] = o.UpdatedAt
}
- if o.UserinfoSignedResponseAlg != nil {
+ if !IsNil(o.UserinfoSignedResponseAlg) {
toSerialize["userinfo_signed_response_alg"] = o.UserinfoSignedResponseAlg
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableOAuth2Client struct {
diff --git a/internal/httpclient/model_o_auth2_client_token_lifespans.go b/internal/httpclient/model_o_auth2_client_token_lifespans.go
index 27af7508496..16e925f679c 100644
--- a/internal/httpclient/model_o_auth2_client_token_lifespans.go
+++ b/internal/httpclient/model_o_auth2_client_token_lifespans.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the OAuth2ClientTokenLifespans type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2ClientTokenLifespans{}
+
// OAuth2ClientTokenLifespans Lifespans of different token types issued for this OAuth 2.0 Client.
type OAuth2ClientTokenLifespans struct {
// Specify a time duration in milliseconds, seconds, minutes, hours.
@@ -26,6 +29,12 @@ type OAuth2ClientTokenLifespans struct {
// Specify a time duration in milliseconds, seconds, minutes, hours.
ClientCredentialsGrantAccessTokenLifespan *string `json:"client_credentials_grant_access_token_lifespan,omitempty"`
// Specify a time duration in milliseconds, seconds, minutes, hours.
+ DeviceAuthorizationGrantAccessTokenLifespan *string `json:"device_authorization_grant_access_token_lifespan,omitempty"`
+ // Specify a time duration in milliseconds, seconds, minutes, hours.
+ DeviceAuthorizationGrantIdTokenLifespan *string `json:"device_authorization_grant_id_token_lifespan,omitempty"`
+ // Specify a time duration in milliseconds, seconds, minutes, hours.
+ DeviceAuthorizationGrantRefreshTokenLifespan *string `json:"device_authorization_grant_refresh_token_lifespan,omitempty"`
+ // Specify a time duration in milliseconds, seconds, minutes, hours.
ImplicitGrantAccessTokenLifespan *string `json:"implicit_grant_access_token_lifespan,omitempty"`
// Specify a time duration in milliseconds, seconds, minutes, hours.
ImplicitGrantIdTokenLifespan *string `json:"implicit_grant_id_token_lifespan,omitempty"`
@@ -58,7 +67,7 @@ func NewOAuth2ClientTokenLifespansWithDefaults() *OAuth2ClientTokenLifespans {
// GetAuthorizationCodeGrantAccessTokenLifespan returns the AuthorizationCodeGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantAccessTokenLifespan() string {
- if o == nil || o.AuthorizationCodeGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -68,7 +77,7 @@ func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantAccessTokenLifespa
// GetAuthorizationCodeGrantAccessTokenLifespanOk returns a tuple with the AuthorizationCodeGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.AuthorizationCodeGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantAccessTokenLifespan) {
return nil, false
}
return o.AuthorizationCodeGrantAccessTokenLifespan, true
@@ -76,7 +85,7 @@ func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantAccessTokenLifespa
// HasAuthorizationCodeGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasAuthorizationCodeGrantAccessTokenLifespan() bool {
- if o != nil && o.AuthorizationCodeGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.AuthorizationCodeGrantAccessTokenLifespan) {
return true
}
@@ -90,7 +99,7 @@ func (o *OAuth2ClientTokenLifespans) SetAuthorizationCodeGrantAccessTokenLifespa
// GetAuthorizationCodeGrantIdTokenLifespan returns the AuthorizationCodeGrantIdTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantIdTokenLifespan() string {
- if o == nil || o.AuthorizationCodeGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantIdTokenLifespan) {
var ret string
return ret
}
@@ -100,7 +109,7 @@ func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantIdTokenLifespan()
// GetAuthorizationCodeGrantIdTokenLifespanOk returns a tuple with the AuthorizationCodeGrantIdTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantIdTokenLifespanOk() (*string, bool) {
- if o == nil || o.AuthorizationCodeGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantIdTokenLifespan) {
return nil, false
}
return o.AuthorizationCodeGrantIdTokenLifespan, true
@@ -108,7 +117,7 @@ func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantIdTokenLifespanOk(
// HasAuthorizationCodeGrantIdTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasAuthorizationCodeGrantIdTokenLifespan() bool {
- if o != nil && o.AuthorizationCodeGrantIdTokenLifespan != nil {
+ if o != nil && !IsNil(o.AuthorizationCodeGrantIdTokenLifespan) {
return true
}
@@ -122,7 +131,7 @@ func (o *OAuth2ClientTokenLifespans) SetAuthorizationCodeGrantIdTokenLifespan(v
// GetAuthorizationCodeGrantRefreshTokenLifespan returns the AuthorizationCodeGrantRefreshTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantRefreshTokenLifespan() string {
- if o == nil || o.AuthorizationCodeGrantRefreshTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantRefreshTokenLifespan) {
var ret string
return ret
}
@@ -132,7 +141,7 @@ func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantRefreshTokenLifesp
// GetAuthorizationCodeGrantRefreshTokenLifespanOk returns a tuple with the AuthorizationCodeGrantRefreshTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantRefreshTokenLifespanOk() (*string, bool) {
- if o == nil || o.AuthorizationCodeGrantRefreshTokenLifespan == nil {
+ if o == nil || IsNil(o.AuthorizationCodeGrantRefreshTokenLifespan) {
return nil, false
}
return o.AuthorizationCodeGrantRefreshTokenLifespan, true
@@ -140,7 +149,7 @@ func (o *OAuth2ClientTokenLifespans) GetAuthorizationCodeGrantRefreshTokenLifesp
// HasAuthorizationCodeGrantRefreshTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasAuthorizationCodeGrantRefreshTokenLifespan() bool {
- if o != nil && o.AuthorizationCodeGrantRefreshTokenLifespan != nil {
+ if o != nil && !IsNil(o.AuthorizationCodeGrantRefreshTokenLifespan) {
return true
}
@@ -154,7 +163,7 @@ func (o *OAuth2ClientTokenLifespans) SetAuthorizationCodeGrantRefreshTokenLifesp
// GetClientCredentialsGrantAccessTokenLifespan returns the ClientCredentialsGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetClientCredentialsGrantAccessTokenLifespan() string {
- if o == nil || o.ClientCredentialsGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.ClientCredentialsGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -164,7 +173,7 @@ func (o *OAuth2ClientTokenLifespans) GetClientCredentialsGrantAccessTokenLifespa
// GetClientCredentialsGrantAccessTokenLifespanOk returns a tuple with the ClientCredentialsGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetClientCredentialsGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.ClientCredentialsGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.ClientCredentialsGrantAccessTokenLifespan) {
return nil, false
}
return o.ClientCredentialsGrantAccessTokenLifespan, true
@@ -172,7 +181,7 @@ func (o *OAuth2ClientTokenLifespans) GetClientCredentialsGrantAccessTokenLifespa
// HasClientCredentialsGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasClientCredentialsGrantAccessTokenLifespan() bool {
- if o != nil && o.ClientCredentialsGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.ClientCredentialsGrantAccessTokenLifespan) {
return true
}
@@ -184,9 +193,105 @@ func (o *OAuth2ClientTokenLifespans) SetClientCredentialsGrantAccessTokenLifespa
o.ClientCredentialsGrantAccessTokenLifespan = &v
}
+// GetDeviceAuthorizationGrantAccessTokenLifespan returns the DeviceAuthorizationGrantAccessTokenLifespan field value if set, zero value otherwise.
+func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantAccessTokenLifespan() string {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantAccessTokenLifespan) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceAuthorizationGrantAccessTokenLifespan
+}
+
+// GetDeviceAuthorizationGrantAccessTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantAccessTokenLifespan field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantAccessTokenLifespanOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantAccessTokenLifespan) {
+ return nil, false
+ }
+ return o.DeviceAuthorizationGrantAccessTokenLifespan, true
+}
+
+// HasDeviceAuthorizationGrantAccessTokenLifespan returns a boolean if a field has been set.
+func (o *OAuth2ClientTokenLifespans) HasDeviceAuthorizationGrantAccessTokenLifespan() bool {
+ if o != nil && !IsNil(o.DeviceAuthorizationGrantAccessTokenLifespan) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceAuthorizationGrantAccessTokenLifespan gets a reference to the given string and assigns it to the DeviceAuthorizationGrantAccessTokenLifespan field.
+func (o *OAuth2ClientTokenLifespans) SetDeviceAuthorizationGrantAccessTokenLifespan(v string) {
+ o.DeviceAuthorizationGrantAccessTokenLifespan = &v
+}
+
+// GetDeviceAuthorizationGrantIdTokenLifespan returns the DeviceAuthorizationGrantIdTokenLifespan field value if set, zero value otherwise.
+func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantIdTokenLifespan() string {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantIdTokenLifespan) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceAuthorizationGrantIdTokenLifespan
+}
+
+// GetDeviceAuthorizationGrantIdTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantIdTokenLifespan field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantIdTokenLifespanOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantIdTokenLifespan) {
+ return nil, false
+ }
+ return o.DeviceAuthorizationGrantIdTokenLifespan, true
+}
+
+// HasDeviceAuthorizationGrantIdTokenLifespan returns a boolean if a field has been set.
+func (o *OAuth2ClientTokenLifespans) HasDeviceAuthorizationGrantIdTokenLifespan() bool {
+ if o != nil && !IsNil(o.DeviceAuthorizationGrantIdTokenLifespan) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceAuthorizationGrantIdTokenLifespan gets a reference to the given string and assigns it to the DeviceAuthorizationGrantIdTokenLifespan field.
+func (o *OAuth2ClientTokenLifespans) SetDeviceAuthorizationGrantIdTokenLifespan(v string) {
+ o.DeviceAuthorizationGrantIdTokenLifespan = &v
+}
+
+// GetDeviceAuthorizationGrantRefreshTokenLifespan returns the DeviceAuthorizationGrantRefreshTokenLifespan field value if set, zero value otherwise.
+func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantRefreshTokenLifespan() string {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantRefreshTokenLifespan) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceAuthorizationGrantRefreshTokenLifespan
+}
+
+// GetDeviceAuthorizationGrantRefreshTokenLifespanOk returns a tuple with the DeviceAuthorizationGrantRefreshTokenLifespan field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ClientTokenLifespans) GetDeviceAuthorizationGrantRefreshTokenLifespanOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceAuthorizationGrantRefreshTokenLifespan) {
+ return nil, false
+ }
+ return o.DeviceAuthorizationGrantRefreshTokenLifespan, true
+}
+
+// HasDeviceAuthorizationGrantRefreshTokenLifespan returns a boolean if a field has been set.
+func (o *OAuth2ClientTokenLifespans) HasDeviceAuthorizationGrantRefreshTokenLifespan() bool {
+ if o != nil && !IsNil(o.DeviceAuthorizationGrantRefreshTokenLifespan) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceAuthorizationGrantRefreshTokenLifespan gets a reference to the given string and assigns it to the DeviceAuthorizationGrantRefreshTokenLifespan field.
+func (o *OAuth2ClientTokenLifespans) SetDeviceAuthorizationGrantRefreshTokenLifespan(v string) {
+ o.DeviceAuthorizationGrantRefreshTokenLifespan = &v
+}
+
// GetImplicitGrantAccessTokenLifespan returns the ImplicitGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetImplicitGrantAccessTokenLifespan() string {
- if o == nil || o.ImplicitGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.ImplicitGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -196,7 +301,7 @@ func (o *OAuth2ClientTokenLifespans) GetImplicitGrantAccessTokenLifespan() strin
// GetImplicitGrantAccessTokenLifespanOk returns a tuple with the ImplicitGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetImplicitGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.ImplicitGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.ImplicitGrantAccessTokenLifespan) {
return nil, false
}
return o.ImplicitGrantAccessTokenLifespan, true
@@ -204,7 +309,7 @@ func (o *OAuth2ClientTokenLifespans) GetImplicitGrantAccessTokenLifespanOk() (*s
// HasImplicitGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasImplicitGrantAccessTokenLifespan() bool {
- if o != nil && o.ImplicitGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.ImplicitGrantAccessTokenLifespan) {
return true
}
@@ -218,7 +323,7 @@ func (o *OAuth2ClientTokenLifespans) SetImplicitGrantAccessTokenLifespan(v strin
// GetImplicitGrantIdTokenLifespan returns the ImplicitGrantIdTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetImplicitGrantIdTokenLifespan() string {
- if o == nil || o.ImplicitGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.ImplicitGrantIdTokenLifespan) {
var ret string
return ret
}
@@ -228,7 +333,7 @@ func (o *OAuth2ClientTokenLifespans) GetImplicitGrantIdTokenLifespan() string {
// GetImplicitGrantIdTokenLifespanOk returns a tuple with the ImplicitGrantIdTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetImplicitGrantIdTokenLifespanOk() (*string, bool) {
- if o == nil || o.ImplicitGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.ImplicitGrantIdTokenLifespan) {
return nil, false
}
return o.ImplicitGrantIdTokenLifespan, true
@@ -236,7 +341,7 @@ func (o *OAuth2ClientTokenLifespans) GetImplicitGrantIdTokenLifespanOk() (*strin
// HasImplicitGrantIdTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasImplicitGrantIdTokenLifespan() bool {
- if o != nil && o.ImplicitGrantIdTokenLifespan != nil {
+ if o != nil && !IsNil(o.ImplicitGrantIdTokenLifespan) {
return true
}
@@ -250,7 +355,7 @@ func (o *OAuth2ClientTokenLifespans) SetImplicitGrantIdTokenLifespan(v string) {
// GetJwtBearerGrantAccessTokenLifespan returns the JwtBearerGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetJwtBearerGrantAccessTokenLifespan() string {
- if o == nil || o.JwtBearerGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.JwtBearerGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -260,7 +365,7 @@ func (o *OAuth2ClientTokenLifespans) GetJwtBearerGrantAccessTokenLifespan() stri
// GetJwtBearerGrantAccessTokenLifespanOk returns a tuple with the JwtBearerGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetJwtBearerGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.JwtBearerGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.JwtBearerGrantAccessTokenLifespan) {
return nil, false
}
return o.JwtBearerGrantAccessTokenLifespan, true
@@ -268,7 +373,7 @@ func (o *OAuth2ClientTokenLifespans) GetJwtBearerGrantAccessTokenLifespanOk() (*
// HasJwtBearerGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasJwtBearerGrantAccessTokenLifespan() bool {
- if o != nil && o.JwtBearerGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.JwtBearerGrantAccessTokenLifespan) {
return true
}
@@ -282,7 +387,7 @@ func (o *OAuth2ClientTokenLifespans) SetJwtBearerGrantAccessTokenLifespan(v stri
// GetRefreshTokenGrantAccessTokenLifespan returns the RefreshTokenGrantAccessTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantAccessTokenLifespan() string {
- if o == nil || o.RefreshTokenGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantAccessTokenLifespan) {
var ret string
return ret
}
@@ -292,7 +397,7 @@ func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantAccessTokenLifespan() s
// GetRefreshTokenGrantAccessTokenLifespanOk returns a tuple with the RefreshTokenGrantAccessTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantAccessTokenLifespanOk() (*string, bool) {
- if o == nil || o.RefreshTokenGrantAccessTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantAccessTokenLifespan) {
return nil, false
}
return o.RefreshTokenGrantAccessTokenLifespan, true
@@ -300,7 +405,7 @@ func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantAccessTokenLifespanOk()
// HasRefreshTokenGrantAccessTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasRefreshTokenGrantAccessTokenLifespan() bool {
- if o != nil && o.RefreshTokenGrantAccessTokenLifespan != nil {
+ if o != nil && !IsNil(o.RefreshTokenGrantAccessTokenLifespan) {
return true
}
@@ -314,7 +419,7 @@ func (o *OAuth2ClientTokenLifespans) SetRefreshTokenGrantAccessTokenLifespan(v s
// GetRefreshTokenGrantIdTokenLifespan returns the RefreshTokenGrantIdTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantIdTokenLifespan() string {
- if o == nil || o.RefreshTokenGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantIdTokenLifespan) {
var ret string
return ret
}
@@ -324,7 +429,7 @@ func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantIdTokenLifespan() strin
// GetRefreshTokenGrantIdTokenLifespanOk returns a tuple with the RefreshTokenGrantIdTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantIdTokenLifespanOk() (*string, bool) {
- if o == nil || o.RefreshTokenGrantIdTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantIdTokenLifespan) {
return nil, false
}
return o.RefreshTokenGrantIdTokenLifespan, true
@@ -332,7 +437,7 @@ func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantIdTokenLifespanOk() (*s
// HasRefreshTokenGrantIdTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasRefreshTokenGrantIdTokenLifespan() bool {
- if o != nil && o.RefreshTokenGrantIdTokenLifespan != nil {
+ if o != nil && !IsNil(o.RefreshTokenGrantIdTokenLifespan) {
return true
}
@@ -346,7 +451,7 @@ func (o *OAuth2ClientTokenLifespans) SetRefreshTokenGrantIdTokenLifespan(v strin
// GetRefreshTokenGrantRefreshTokenLifespan returns the RefreshTokenGrantRefreshTokenLifespan field value if set, zero value otherwise.
func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantRefreshTokenLifespan() string {
- if o == nil || o.RefreshTokenGrantRefreshTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantRefreshTokenLifespan) {
var ret string
return ret
}
@@ -356,7 +461,7 @@ func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantRefreshTokenLifespan()
// GetRefreshTokenGrantRefreshTokenLifespanOk returns a tuple with the RefreshTokenGrantRefreshTokenLifespan field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantRefreshTokenLifespanOk() (*string, bool) {
- if o == nil || o.RefreshTokenGrantRefreshTokenLifespan == nil {
+ if o == nil || IsNil(o.RefreshTokenGrantRefreshTokenLifespan) {
return nil, false
}
return o.RefreshTokenGrantRefreshTokenLifespan, true
@@ -364,7 +469,7 @@ func (o *OAuth2ClientTokenLifespans) GetRefreshTokenGrantRefreshTokenLifespanOk(
// HasRefreshTokenGrantRefreshTokenLifespan returns a boolean if a field has been set.
func (o *OAuth2ClientTokenLifespans) HasRefreshTokenGrantRefreshTokenLifespan() bool {
- if o != nil && o.RefreshTokenGrantRefreshTokenLifespan != nil {
+ if o != nil && !IsNil(o.RefreshTokenGrantRefreshTokenLifespan) {
return true
}
@@ -377,38 +482,55 @@ func (o *OAuth2ClientTokenLifespans) SetRefreshTokenGrantRefreshTokenLifespan(v
}
func (o OAuth2ClientTokenLifespans) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2ClientTokenLifespans) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.AuthorizationCodeGrantAccessTokenLifespan != nil {
+ if !IsNil(o.AuthorizationCodeGrantAccessTokenLifespan) {
toSerialize["authorization_code_grant_access_token_lifespan"] = o.AuthorizationCodeGrantAccessTokenLifespan
}
- if o.AuthorizationCodeGrantIdTokenLifespan != nil {
+ if !IsNil(o.AuthorizationCodeGrantIdTokenLifespan) {
toSerialize["authorization_code_grant_id_token_lifespan"] = o.AuthorizationCodeGrantIdTokenLifespan
}
- if o.AuthorizationCodeGrantRefreshTokenLifespan != nil {
+ if !IsNil(o.AuthorizationCodeGrantRefreshTokenLifespan) {
toSerialize["authorization_code_grant_refresh_token_lifespan"] = o.AuthorizationCodeGrantRefreshTokenLifespan
}
- if o.ClientCredentialsGrantAccessTokenLifespan != nil {
+ if !IsNil(o.ClientCredentialsGrantAccessTokenLifespan) {
toSerialize["client_credentials_grant_access_token_lifespan"] = o.ClientCredentialsGrantAccessTokenLifespan
}
- if o.ImplicitGrantAccessTokenLifespan != nil {
+ if !IsNil(o.DeviceAuthorizationGrantAccessTokenLifespan) {
+ toSerialize["device_authorization_grant_access_token_lifespan"] = o.DeviceAuthorizationGrantAccessTokenLifespan
+ }
+ if !IsNil(o.DeviceAuthorizationGrantIdTokenLifespan) {
+ toSerialize["device_authorization_grant_id_token_lifespan"] = o.DeviceAuthorizationGrantIdTokenLifespan
+ }
+ if !IsNil(o.DeviceAuthorizationGrantRefreshTokenLifespan) {
+ toSerialize["device_authorization_grant_refresh_token_lifespan"] = o.DeviceAuthorizationGrantRefreshTokenLifespan
+ }
+ if !IsNil(o.ImplicitGrantAccessTokenLifespan) {
toSerialize["implicit_grant_access_token_lifespan"] = o.ImplicitGrantAccessTokenLifespan
}
- if o.ImplicitGrantIdTokenLifespan != nil {
+ if !IsNil(o.ImplicitGrantIdTokenLifespan) {
toSerialize["implicit_grant_id_token_lifespan"] = o.ImplicitGrantIdTokenLifespan
}
- if o.JwtBearerGrantAccessTokenLifespan != nil {
+ if !IsNil(o.JwtBearerGrantAccessTokenLifespan) {
toSerialize["jwt_bearer_grant_access_token_lifespan"] = o.JwtBearerGrantAccessTokenLifespan
}
- if o.RefreshTokenGrantAccessTokenLifespan != nil {
+ if !IsNil(o.RefreshTokenGrantAccessTokenLifespan) {
toSerialize["refresh_token_grant_access_token_lifespan"] = o.RefreshTokenGrantAccessTokenLifespan
}
- if o.RefreshTokenGrantIdTokenLifespan != nil {
+ if !IsNil(o.RefreshTokenGrantIdTokenLifespan) {
toSerialize["refresh_token_grant_id_token_lifespan"] = o.RefreshTokenGrantIdTokenLifespan
}
- if o.RefreshTokenGrantRefreshTokenLifespan != nil {
+ if !IsNil(o.RefreshTokenGrantRefreshTokenLifespan) {
toSerialize["refresh_token_grant_refresh_token_lifespan"] = o.RefreshTokenGrantRefreshTokenLifespan
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableOAuth2ClientTokenLifespans struct {
diff --git a/internal/httpclient/model_o_auth2_consent_request.go b/internal/httpclient/model_o_auth2_consent_request.go
index a61e14d016e..06fa79ba564 100644
--- a/internal/httpclient/model_o_auth2_consent_request.go
+++ b/internal/httpclient/model_o_auth2_consent_request.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the OAuth2ConsentRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2ConsentRequest{}
+
// OAuth2ConsentRequest struct for OAuth2ConsentRequest
type OAuth2ConsentRequest struct {
// ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it to express that, for example, a user authenticated using two factor authentication.
@@ -24,6 +29,8 @@ type OAuth2ConsentRequest struct {
Challenge string `json:"challenge"`
Client *OAuth2Client `json:"client,omitempty"`
Context interface{} `json:"context,omitempty"`
+ // DeviceChallenge is the device challenge this consent challenge belongs to, if this flow was initiated by a device.
+ DeviceChallengeId *string `json:"device_challenge_id,omitempty"`
// LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate a login and consent request in the login & consent app.
LoginChallenge *string `json:"login_challenge,omitempty"`
// LoginSessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag) this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false) this will be a new random value. This value is used as the \"sid\" parameter in the ID Token and in OIDC Front-/Back- channel logout. It's value can generally be used to associate consecutive login requests by a certain user.
@@ -39,6 +46,8 @@ type OAuth2ConsentRequest struct {
Subject *string `json:"subject,omitempty"`
}
+type _OAuth2ConsentRequest OAuth2ConsentRequest
+
// NewOAuth2ConsentRequest instantiates a new OAuth2ConsentRequest object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -59,7 +68,7 @@ func NewOAuth2ConsentRequestWithDefaults() *OAuth2ConsentRequest {
// GetAcr returns the Acr field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetAcr() string {
- if o == nil || o.Acr == nil {
+ if o == nil || IsNil(o.Acr) {
var ret string
return ret
}
@@ -69,7 +78,7 @@ func (o *OAuth2ConsentRequest) GetAcr() string {
// GetAcrOk returns a tuple with the Acr field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetAcrOk() (*string, bool) {
- if o == nil || o.Acr == nil {
+ if o == nil || IsNil(o.Acr) {
return nil, false
}
return o.Acr, true
@@ -77,7 +86,7 @@ func (o *OAuth2ConsentRequest) GetAcrOk() (*string, bool) {
// HasAcr returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasAcr() bool {
- if o != nil && o.Acr != nil {
+ if o != nil && !IsNil(o.Acr) {
return true
}
@@ -91,7 +100,7 @@ func (o *OAuth2ConsentRequest) SetAcr(v string) {
// GetAmr returns the Amr field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetAmr() []string {
- if o == nil || o.Amr == nil {
+ if o == nil || IsNil(o.Amr) {
var ret []string
return ret
}
@@ -101,7 +110,7 @@ func (o *OAuth2ConsentRequest) GetAmr() []string {
// GetAmrOk returns a tuple with the Amr field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetAmrOk() ([]string, bool) {
- if o == nil || o.Amr == nil {
+ if o == nil || IsNil(o.Amr) {
return nil, false
}
return o.Amr, true
@@ -109,7 +118,7 @@ func (o *OAuth2ConsentRequest) GetAmrOk() ([]string, bool) {
// HasAmr returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasAmr() bool {
- if o != nil && o.Amr != nil {
+ if o != nil && !IsNil(o.Amr) {
return true
}
@@ -147,7 +156,7 @@ func (o *OAuth2ConsentRequest) SetChallenge(v string) {
// GetClient returns the Client field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetClient() OAuth2Client {
- if o == nil || o.Client == nil {
+ if o == nil || IsNil(o.Client) {
var ret OAuth2Client
return ret
}
@@ -157,7 +166,7 @@ func (o *OAuth2ConsentRequest) GetClient() OAuth2Client {
// GetClientOk returns a tuple with the Client field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetClientOk() (*OAuth2Client, bool) {
- if o == nil || o.Client == nil {
+ if o == nil || IsNil(o.Client) {
return nil, false
}
return o.Client, true
@@ -165,7 +174,7 @@ func (o *OAuth2ConsentRequest) GetClientOk() (*OAuth2Client, bool) {
// HasClient returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasClient() bool {
- if o != nil && o.Client != nil {
+ if o != nil && !IsNil(o.Client) {
return true
}
@@ -190,7 +199,7 @@ func (o *OAuth2ConsentRequest) GetContext() interface{} {
// and a boolean to check if the value has been set.
// NOTE: If the value is an explicit nil, `nil, true` will be returned
func (o *OAuth2ConsentRequest) GetContextOk() (*interface{}, bool) {
- if o == nil || o.Context == nil {
+ if o == nil || IsNil(o.Context) {
return nil, false
}
return &o.Context, true
@@ -198,7 +207,7 @@ func (o *OAuth2ConsentRequest) GetContextOk() (*interface{}, bool) {
// HasContext returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasContext() bool {
- if o != nil && o.Context != nil {
+ if o != nil && IsNil(o.Context) {
return true
}
@@ -210,9 +219,41 @@ func (o *OAuth2ConsentRequest) SetContext(v interface{}) {
o.Context = v
}
+// GetDeviceChallengeId returns the DeviceChallengeId field value if set, zero value otherwise.
+func (o *OAuth2ConsentRequest) GetDeviceChallengeId() string {
+ if o == nil || IsNil(o.DeviceChallengeId) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceChallengeId
+}
+
+// GetDeviceChallengeIdOk returns a tuple with the DeviceChallengeId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *OAuth2ConsentRequest) GetDeviceChallengeIdOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceChallengeId) {
+ return nil, false
+ }
+ return o.DeviceChallengeId, true
+}
+
+// HasDeviceChallengeId returns a boolean if a field has been set.
+func (o *OAuth2ConsentRequest) HasDeviceChallengeId() bool {
+ if o != nil && !IsNil(o.DeviceChallengeId) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceChallengeId gets a reference to the given string and assigns it to the DeviceChallengeId field.
+func (o *OAuth2ConsentRequest) SetDeviceChallengeId(v string) {
+ o.DeviceChallengeId = &v
+}
+
// GetLoginChallenge returns the LoginChallenge field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetLoginChallenge() string {
- if o == nil || o.LoginChallenge == nil {
+ if o == nil || IsNil(o.LoginChallenge) {
var ret string
return ret
}
@@ -222,7 +263,7 @@ func (o *OAuth2ConsentRequest) GetLoginChallenge() string {
// GetLoginChallengeOk returns a tuple with the LoginChallenge field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetLoginChallengeOk() (*string, bool) {
- if o == nil || o.LoginChallenge == nil {
+ if o == nil || IsNil(o.LoginChallenge) {
return nil, false
}
return o.LoginChallenge, true
@@ -230,7 +271,7 @@ func (o *OAuth2ConsentRequest) GetLoginChallengeOk() (*string, bool) {
// HasLoginChallenge returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasLoginChallenge() bool {
- if o != nil && o.LoginChallenge != nil {
+ if o != nil && !IsNil(o.LoginChallenge) {
return true
}
@@ -244,7 +285,7 @@ func (o *OAuth2ConsentRequest) SetLoginChallenge(v string) {
// GetLoginSessionId returns the LoginSessionId field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetLoginSessionId() string {
- if o == nil || o.LoginSessionId == nil {
+ if o == nil || IsNil(o.LoginSessionId) {
var ret string
return ret
}
@@ -254,7 +295,7 @@ func (o *OAuth2ConsentRequest) GetLoginSessionId() string {
// GetLoginSessionIdOk returns a tuple with the LoginSessionId field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetLoginSessionIdOk() (*string, bool) {
- if o == nil || o.LoginSessionId == nil {
+ if o == nil || IsNil(o.LoginSessionId) {
return nil, false
}
return o.LoginSessionId, true
@@ -262,7 +303,7 @@ func (o *OAuth2ConsentRequest) GetLoginSessionIdOk() (*string, bool) {
// HasLoginSessionId returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasLoginSessionId() bool {
- if o != nil && o.LoginSessionId != nil {
+ if o != nil && !IsNil(o.LoginSessionId) {
return true
}
@@ -276,7 +317,7 @@ func (o *OAuth2ConsentRequest) SetLoginSessionId(v string) {
// GetOidcContext returns the OidcContext field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetOidcContext() OAuth2ConsentRequestOpenIDConnectContext {
- if o == nil || o.OidcContext == nil {
+ if o == nil || IsNil(o.OidcContext) {
var ret OAuth2ConsentRequestOpenIDConnectContext
return ret
}
@@ -286,7 +327,7 @@ func (o *OAuth2ConsentRequest) GetOidcContext() OAuth2ConsentRequestOpenIDConnec
// GetOidcContextOk returns a tuple with the OidcContext field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetOidcContextOk() (*OAuth2ConsentRequestOpenIDConnectContext, bool) {
- if o == nil || o.OidcContext == nil {
+ if o == nil || IsNil(o.OidcContext) {
return nil, false
}
return o.OidcContext, true
@@ -294,7 +335,7 @@ func (o *OAuth2ConsentRequest) GetOidcContextOk() (*OAuth2ConsentRequestOpenIDCo
// HasOidcContext returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasOidcContext() bool {
- if o != nil && o.OidcContext != nil {
+ if o != nil && !IsNil(o.OidcContext) {
return true
}
@@ -308,7 +349,7 @@ func (o *OAuth2ConsentRequest) SetOidcContext(v OAuth2ConsentRequestOpenIDConnec
// GetRequestUrl returns the RequestUrl field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetRequestUrl() string {
- if o == nil || o.RequestUrl == nil {
+ if o == nil || IsNil(o.RequestUrl) {
var ret string
return ret
}
@@ -318,7 +359,7 @@ func (o *OAuth2ConsentRequest) GetRequestUrl() string {
// GetRequestUrlOk returns a tuple with the RequestUrl field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetRequestUrlOk() (*string, bool) {
- if o == nil || o.RequestUrl == nil {
+ if o == nil || IsNil(o.RequestUrl) {
return nil, false
}
return o.RequestUrl, true
@@ -326,7 +367,7 @@ func (o *OAuth2ConsentRequest) GetRequestUrlOk() (*string, bool) {
// HasRequestUrl returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasRequestUrl() bool {
- if o != nil && o.RequestUrl != nil {
+ if o != nil && !IsNil(o.RequestUrl) {
return true
}
@@ -340,7 +381,7 @@ func (o *OAuth2ConsentRequest) SetRequestUrl(v string) {
// GetRequestedAccessTokenAudience returns the RequestedAccessTokenAudience field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetRequestedAccessTokenAudience() []string {
- if o == nil || o.RequestedAccessTokenAudience == nil {
+ if o == nil || IsNil(o.RequestedAccessTokenAudience) {
var ret []string
return ret
}
@@ -350,7 +391,7 @@ func (o *OAuth2ConsentRequest) GetRequestedAccessTokenAudience() []string {
// GetRequestedAccessTokenAudienceOk returns a tuple with the RequestedAccessTokenAudience field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetRequestedAccessTokenAudienceOk() ([]string, bool) {
- if o == nil || o.RequestedAccessTokenAudience == nil {
+ if o == nil || IsNil(o.RequestedAccessTokenAudience) {
return nil, false
}
return o.RequestedAccessTokenAudience, true
@@ -358,7 +399,7 @@ func (o *OAuth2ConsentRequest) GetRequestedAccessTokenAudienceOk() ([]string, bo
// HasRequestedAccessTokenAudience returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasRequestedAccessTokenAudience() bool {
- if o != nil && o.RequestedAccessTokenAudience != nil {
+ if o != nil && !IsNil(o.RequestedAccessTokenAudience) {
return true
}
@@ -372,7 +413,7 @@ func (o *OAuth2ConsentRequest) SetRequestedAccessTokenAudience(v []string) {
// GetRequestedScope returns the RequestedScope field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetRequestedScope() []string {
- if o == nil || o.RequestedScope == nil {
+ if o == nil || IsNil(o.RequestedScope) {
var ret []string
return ret
}
@@ -382,7 +423,7 @@ func (o *OAuth2ConsentRequest) GetRequestedScope() []string {
// GetRequestedScopeOk returns a tuple with the RequestedScope field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetRequestedScopeOk() ([]string, bool) {
- if o == nil || o.RequestedScope == nil {
+ if o == nil || IsNil(o.RequestedScope) {
return nil, false
}
return o.RequestedScope, true
@@ -390,7 +431,7 @@ func (o *OAuth2ConsentRequest) GetRequestedScopeOk() ([]string, bool) {
// HasRequestedScope returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasRequestedScope() bool {
- if o != nil && o.RequestedScope != nil {
+ if o != nil && !IsNil(o.RequestedScope) {
return true
}
@@ -404,7 +445,7 @@ func (o *OAuth2ConsentRequest) SetRequestedScope(v []string) {
// GetSkip returns the Skip field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetSkip() bool {
- if o == nil || o.Skip == nil {
+ if o == nil || IsNil(o.Skip) {
var ret bool
return ret
}
@@ -414,7 +455,7 @@ func (o *OAuth2ConsentRequest) GetSkip() bool {
// GetSkipOk returns a tuple with the Skip field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetSkipOk() (*bool, bool) {
- if o == nil || o.Skip == nil {
+ if o == nil || IsNil(o.Skip) {
return nil, false
}
return o.Skip, true
@@ -422,7 +463,7 @@ func (o *OAuth2ConsentRequest) GetSkipOk() (*bool, bool) {
// HasSkip returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasSkip() bool {
- if o != nil && o.Skip != nil {
+ if o != nil && !IsNil(o.Skip) {
return true
}
@@ -436,7 +477,7 @@ func (o *OAuth2ConsentRequest) SetSkip(v bool) {
// GetSubject returns the Subject field value if set, zero value otherwise.
func (o *OAuth2ConsentRequest) GetSubject() string {
- if o == nil || o.Subject == nil {
+ if o == nil || IsNil(o.Subject) {
var ret string
return ret
}
@@ -446,7 +487,7 @@ func (o *OAuth2ConsentRequest) GetSubject() string {
// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequest) GetSubjectOk() (*string, bool) {
- if o == nil || o.Subject == nil {
+ if o == nil || IsNil(o.Subject) {
return nil, false
}
return o.Subject, true
@@ -454,7 +495,7 @@ func (o *OAuth2ConsentRequest) GetSubjectOk() (*string, bool) {
// HasSubject returns a boolean if a field has been set.
func (o *OAuth2ConsentRequest) HasSubject() bool {
- if o != nil && o.Subject != nil {
+ if o != nil && !IsNil(o.Subject) {
return true
}
@@ -467,47 +508,93 @@ func (o *OAuth2ConsentRequest) SetSubject(v string) {
}
func (o OAuth2ConsentRequest) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2ConsentRequest) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Acr != nil {
+ if !IsNil(o.Acr) {
toSerialize["acr"] = o.Acr
}
- if o.Amr != nil {
+ if !IsNil(o.Amr) {
toSerialize["amr"] = o.Amr
}
- if true {
- toSerialize["challenge"] = o.Challenge
- }
- if o.Client != nil {
+ toSerialize["challenge"] = o.Challenge
+ if !IsNil(o.Client) {
toSerialize["client"] = o.Client
}
if o.Context != nil {
toSerialize["context"] = o.Context
}
- if o.LoginChallenge != nil {
+ if !IsNil(o.DeviceChallengeId) {
+ toSerialize["device_challenge_id"] = o.DeviceChallengeId
+ }
+ if !IsNil(o.LoginChallenge) {
toSerialize["login_challenge"] = o.LoginChallenge
}
- if o.LoginSessionId != nil {
+ if !IsNil(o.LoginSessionId) {
toSerialize["login_session_id"] = o.LoginSessionId
}
- if o.OidcContext != nil {
+ if !IsNil(o.OidcContext) {
toSerialize["oidc_context"] = o.OidcContext
}
- if o.RequestUrl != nil {
+ if !IsNil(o.RequestUrl) {
toSerialize["request_url"] = o.RequestUrl
}
- if o.RequestedAccessTokenAudience != nil {
+ if !IsNil(o.RequestedAccessTokenAudience) {
toSerialize["requested_access_token_audience"] = o.RequestedAccessTokenAudience
}
- if o.RequestedScope != nil {
+ if !IsNil(o.RequestedScope) {
toSerialize["requested_scope"] = o.RequestedScope
}
- if o.Skip != nil {
+ if !IsNil(o.Skip) {
toSerialize["skip"] = o.Skip
}
- if o.Subject != nil {
+ if !IsNil(o.Subject) {
toSerialize["subject"] = o.Subject
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
+}
+
+func (o *OAuth2ConsentRequest) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "challenge",
+ }
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varOAuth2ConsentRequest := _OAuth2ConsentRequest{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varOAuth2ConsentRequest)
+
+ if err != nil {
+ return err
+ }
+
+ *o = OAuth2ConsentRequest(varOAuth2ConsentRequest)
+
+ return err
}
type NullableOAuth2ConsentRequest struct {
diff --git a/internal/httpclient/model_o_auth2_consent_request_open_id_connect_context.go b/internal/httpclient/model_o_auth2_consent_request_open_id_connect_context.go
index 8bc15fafe33..962ab736c66 100644
--- a/internal/httpclient/model_o_auth2_consent_request_open_id_connect_context.go
+++ b/internal/httpclient/model_o_auth2_consent_request_open_id_connect_context.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the OAuth2ConsentRequestOpenIDConnectContext type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2ConsentRequestOpenIDConnectContext{}
+
// OAuth2ConsentRequestOpenIDConnectContext struct for OAuth2ConsentRequestOpenIDConnectContext
type OAuth2ConsentRequestOpenIDConnectContext struct {
// ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request. It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required. OpenID Connect defines it as follows: > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values that the Authorization Server is being requested to use for processing this Authentication Request, with the values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a Voluntary Claim by this parameter.
@@ -48,7 +51,7 @@ func NewOAuth2ConsentRequestOpenIDConnectContextWithDefaults() *OAuth2ConsentReq
// GetAcrValues returns the AcrValues field value if set, zero value otherwise.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetAcrValues() []string {
- if o == nil || o.AcrValues == nil {
+ if o == nil || IsNil(o.AcrValues) {
var ret []string
return ret
}
@@ -58,7 +61,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetAcrValues() []string {
// GetAcrValuesOk returns a tuple with the AcrValues field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetAcrValuesOk() ([]string, bool) {
- if o == nil || o.AcrValues == nil {
+ if o == nil || IsNil(o.AcrValues) {
return nil, false
}
return o.AcrValues, true
@@ -66,7 +69,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetAcrValuesOk() ([]string, b
// HasAcrValues returns a boolean if a field has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) HasAcrValues() bool {
- if o != nil && o.AcrValues != nil {
+ if o != nil && !IsNil(o.AcrValues) {
return true
}
@@ -80,7 +83,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) SetAcrValues(v []string) {
// GetDisplay returns the Display field value if set, zero value otherwise.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetDisplay() string {
- if o == nil || o.Display == nil {
+ if o == nil || IsNil(o.Display) {
var ret string
return ret
}
@@ -90,7 +93,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetDisplay() string {
// GetDisplayOk returns a tuple with the Display field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetDisplayOk() (*string, bool) {
- if o == nil || o.Display == nil {
+ if o == nil || IsNil(o.Display) {
return nil, false
}
return o.Display, true
@@ -98,7 +101,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetDisplayOk() (*string, bool
// HasDisplay returns a boolean if a field has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) HasDisplay() bool {
- if o != nil && o.Display != nil {
+ if o != nil && !IsNil(o.Display) {
return true
}
@@ -112,7 +115,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) SetDisplay(v string) {
// GetIdTokenHintClaims returns the IdTokenHintClaims field value if set, zero value otherwise.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetIdTokenHintClaims() map[string]interface{} {
- if o == nil || o.IdTokenHintClaims == nil {
+ if o == nil || IsNil(o.IdTokenHintClaims) {
var ret map[string]interface{}
return ret
}
@@ -122,15 +125,15 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetIdTokenHintClaims() map[st
// GetIdTokenHintClaimsOk returns a tuple with the IdTokenHintClaims field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetIdTokenHintClaimsOk() (map[string]interface{}, bool) {
- if o == nil || o.IdTokenHintClaims == nil {
- return nil, false
+ if o == nil || IsNil(o.IdTokenHintClaims) {
+ return map[string]interface{}{}, false
}
return o.IdTokenHintClaims, true
}
// HasIdTokenHintClaims returns a boolean if a field has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) HasIdTokenHintClaims() bool {
- if o != nil && o.IdTokenHintClaims != nil {
+ if o != nil && !IsNil(o.IdTokenHintClaims) {
return true
}
@@ -144,7 +147,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) SetIdTokenHintClaims(v map[st
// GetLoginHint returns the LoginHint field value if set, zero value otherwise.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetLoginHint() string {
- if o == nil || o.LoginHint == nil {
+ if o == nil || IsNil(o.LoginHint) {
var ret string
return ret
}
@@ -154,7 +157,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetLoginHint() string {
// GetLoginHintOk returns a tuple with the LoginHint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetLoginHintOk() (*string, bool) {
- if o == nil || o.LoginHint == nil {
+ if o == nil || IsNil(o.LoginHint) {
return nil, false
}
return o.LoginHint, true
@@ -162,7 +165,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetLoginHintOk() (*string, bo
// HasLoginHint returns a boolean if a field has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) HasLoginHint() bool {
- if o != nil && o.LoginHint != nil {
+ if o != nil && !IsNil(o.LoginHint) {
return true
}
@@ -176,7 +179,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) SetLoginHint(v string) {
// GetUiLocales returns the UiLocales field value if set, zero value otherwise.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetUiLocales() []string {
- if o == nil || o.UiLocales == nil {
+ if o == nil || IsNil(o.UiLocales) {
var ret []string
return ret
}
@@ -186,7 +189,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetUiLocales() []string {
// GetUiLocalesOk returns a tuple with the UiLocales field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) GetUiLocalesOk() ([]string, bool) {
- if o == nil || o.UiLocales == nil {
+ if o == nil || IsNil(o.UiLocales) {
return nil, false
}
return o.UiLocales, true
@@ -194,7 +197,7 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) GetUiLocalesOk() ([]string, b
// HasUiLocales returns a boolean if a field has been set.
func (o *OAuth2ConsentRequestOpenIDConnectContext) HasUiLocales() bool {
- if o != nil && o.UiLocales != nil {
+ if o != nil && !IsNil(o.UiLocales) {
return true
}
@@ -207,23 +210,31 @@ func (o *OAuth2ConsentRequestOpenIDConnectContext) SetUiLocales(v []string) {
}
func (o OAuth2ConsentRequestOpenIDConnectContext) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2ConsentRequestOpenIDConnectContext) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.AcrValues != nil {
+ if !IsNil(o.AcrValues) {
toSerialize["acr_values"] = o.AcrValues
}
- if o.Display != nil {
+ if !IsNil(o.Display) {
toSerialize["display"] = o.Display
}
- if o.IdTokenHintClaims != nil {
+ if !IsNil(o.IdTokenHintClaims) {
toSerialize["id_token_hint_claims"] = o.IdTokenHintClaims
}
- if o.LoginHint != nil {
+ if !IsNil(o.LoginHint) {
toSerialize["login_hint"] = o.LoginHint
}
- if o.UiLocales != nil {
+ if !IsNil(o.UiLocales) {
toSerialize["ui_locales"] = o.UiLocales
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableOAuth2ConsentRequestOpenIDConnectContext struct {
diff --git a/internal/httpclient/model_o_auth2_consent_session.go b/internal/httpclient/model_o_auth2_consent_session.go
index 10d5e797cc5..92772ab891f 100644
--- a/internal/httpclient/model_o_auth2_consent_session.go
+++ b/internal/httpclient/model_o_auth2_consent_session.go
@@ -16,9 +16,13 @@ import (
"time"
)
+// checks if the OAuth2ConsentSession type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2ConsentSession{}
+
// OAuth2ConsentSession A completed OAuth 2.0 Consent Session.
type OAuth2ConsentSession struct {
ConsentRequest *OAuth2ConsentRequest `json:"consent_request,omitempty"`
+ Context interface{} `json:"context,omitempty"`
ExpiresAt *OAuth2ConsentSessionExpiresAt `json:"expires_at,omitempty"`
GrantAccessTokenAudience []string `json:"grant_access_token_audience,omitempty"`
GrantScope []string `json:"grant_scope,omitempty"`
@@ -49,7 +53,7 @@ func NewOAuth2ConsentSessionWithDefaults() *OAuth2ConsentSession {
// GetConsentRequest returns the ConsentRequest field value if set, zero value otherwise.
func (o *OAuth2ConsentSession) GetConsentRequest() OAuth2ConsentRequest {
- if o == nil || o.ConsentRequest == nil {
+ if o == nil || IsNil(o.ConsentRequest) {
var ret OAuth2ConsentRequest
return ret
}
@@ -59,7 +63,7 @@ func (o *OAuth2ConsentSession) GetConsentRequest() OAuth2ConsentRequest {
// GetConsentRequestOk returns a tuple with the ConsentRequest field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSession) GetConsentRequestOk() (*OAuth2ConsentRequest, bool) {
- if o == nil || o.ConsentRequest == nil {
+ if o == nil || IsNil(o.ConsentRequest) {
return nil, false
}
return o.ConsentRequest, true
@@ -67,7 +71,7 @@ func (o *OAuth2ConsentSession) GetConsentRequestOk() (*OAuth2ConsentRequest, boo
// HasConsentRequest returns a boolean if a field has been set.
func (o *OAuth2ConsentSession) HasConsentRequest() bool {
- if o != nil && o.ConsentRequest != nil {
+ if o != nil && !IsNil(o.ConsentRequest) {
return true
}
@@ -79,9 +83,42 @@ func (o *OAuth2ConsentSession) SetConsentRequest(v OAuth2ConsentRequest) {
o.ConsentRequest = &v
}
+// GetContext returns the Context field value if set, zero value otherwise (both if not set or set to explicit null).
+func (o *OAuth2ConsentSession) GetContext() interface{} {
+ if o == nil {
+ var ret interface{}
+ return ret
+ }
+ return o.Context
+}
+
+// GetContextOk returns a tuple with the Context field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+// NOTE: If the value is an explicit nil, `nil, true` will be returned
+func (o *OAuth2ConsentSession) GetContextOk() (*interface{}, bool) {
+ if o == nil || IsNil(o.Context) {
+ return nil, false
+ }
+ return &o.Context, true
+}
+
+// HasContext returns a boolean if a field has been set.
+func (o *OAuth2ConsentSession) HasContext() bool {
+ if o != nil && IsNil(o.Context) {
+ return true
+ }
+
+ return false
+}
+
+// SetContext gets a reference to the given interface{} and assigns it to the Context field.
+func (o *OAuth2ConsentSession) SetContext(v interface{}) {
+ o.Context = v
+}
+
// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
func (o *OAuth2ConsentSession) GetExpiresAt() OAuth2ConsentSessionExpiresAt {
- if o == nil || o.ExpiresAt == nil {
+ if o == nil || IsNil(o.ExpiresAt) {
var ret OAuth2ConsentSessionExpiresAt
return ret
}
@@ -91,7 +128,7 @@ func (o *OAuth2ConsentSession) GetExpiresAt() OAuth2ConsentSessionExpiresAt {
// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSession) GetExpiresAtOk() (*OAuth2ConsentSessionExpiresAt, bool) {
- if o == nil || o.ExpiresAt == nil {
+ if o == nil || IsNil(o.ExpiresAt) {
return nil, false
}
return o.ExpiresAt, true
@@ -99,7 +136,7 @@ func (o *OAuth2ConsentSession) GetExpiresAtOk() (*OAuth2ConsentSessionExpiresAt,
// HasExpiresAt returns a boolean if a field has been set.
func (o *OAuth2ConsentSession) HasExpiresAt() bool {
- if o != nil && o.ExpiresAt != nil {
+ if o != nil && !IsNil(o.ExpiresAt) {
return true
}
@@ -113,7 +150,7 @@ func (o *OAuth2ConsentSession) SetExpiresAt(v OAuth2ConsentSessionExpiresAt) {
// GetGrantAccessTokenAudience returns the GrantAccessTokenAudience field value if set, zero value otherwise.
func (o *OAuth2ConsentSession) GetGrantAccessTokenAudience() []string {
- if o == nil || o.GrantAccessTokenAudience == nil {
+ if o == nil || IsNil(o.GrantAccessTokenAudience) {
var ret []string
return ret
}
@@ -123,7 +160,7 @@ func (o *OAuth2ConsentSession) GetGrantAccessTokenAudience() []string {
// GetGrantAccessTokenAudienceOk returns a tuple with the GrantAccessTokenAudience field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSession) GetGrantAccessTokenAudienceOk() ([]string, bool) {
- if o == nil || o.GrantAccessTokenAudience == nil {
+ if o == nil || IsNil(o.GrantAccessTokenAudience) {
return nil, false
}
return o.GrantAccessTokenAudience, true
@@ -131,7 +168,7 @@ func (o *OAuth2ConsentSession) GetGrantAccessTokenAudienceOk() ([]string, bool)
// HasGrantAccessTokenAudience returns a boolean if a field has been set.
func (o *OAuth2ConsentSession) HasGrantAccessTokenAudience() bool {
- if o != nil && o.GrantAccessTokenAudience != nil {
+ if o != nil && !IsNil(o.GrantAccessTokenAudience) {
return true
}
@@ -145,7 +182,7 @@ func (o *OAuth2ConsentSession) SetGrantAccessTokenAudience(v []string) {
// GetGrantScope returns the GrantScope field value if set, zero value otherwise.
func (o *OAuth2ConsentSession) GetGrantScope() []string {
- if o == nil || o.GrantScope == nil {
+ if o == nil || IsNil(o.GrantScope) {
var ret []string
return ret
}
@@ -155,7 +192,7 @@ func (o *OAuth2ConsentSession) GetGrantScope() []string {
// GetGrantScopeOk returns a tuple with the GrantScope field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSession) GetGrantScopeOk() ([]string, bool) {
- if o == nil || o.GrantScope == nil {
+ if o == nil || IsNil(o.GrantScope) {
return nil, false
}
return o.GrantScope, true
@@ -163,7 +200,7 @@ func (o *OAuth2ConsentSession) GetGrantScopeOk() ([]string, bool) {
// HasGrantScope returns a boolean if a field has been set.
func (o *OAuth2ConsentSession) HasGrantScope() bool {
- if o != nil && o.GrantScope != nil {
+ if o != nil && !IsNil(o.GrantScope) {
return true
}
@@ -177,7 +214,7 @@ func (o *OAuth2ConsentSession) SetGrantScope(v []string) {
// GetHandledAt returns the HandledAt field value if set, zero value otherwise.
func (o *OAuth2ConsentSession) GetHandledAt() time.Time {
- if o == nil || o.HandledAt == nil {
+ if o == nil || IsNil(o.HandledAt) {
var ret time.Time
return ret
}
@@ -187,7 +224,7 @@ func (o *OAuth2ConsentSession) GetHandledAt() time.Time {
// GetHandledAtOk returns a tuple with the HandledAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSession) GetHandledAtOk() (*time.Time, bool) {
- if o == nil || o.HandledAt == nil {
+ if o == nil || IsNil(o.HandledAt) {
return nil, false
}
return o.HandledAt, true
@@ -195,7 +232,7 @@ func (o *OAuth2ConsentSession) GetHandledAtOk() (*time.Time, bool) {
// HasHandledAt returns a boolean if a field has been set.
func (o *OAuth2ConsentSession) HasHandledAt() bool {
- if o != nil && o.HandledAt != nil {
+ if o != nil && !IsNil(o.HandledAt) {
return true
}
@@ -209,7 +246,7 @@ func (o *OAuth2ConsentSession) SetHandledAt(v time.Time) {
// GetRemember returns the Remember field value if set, zero value otherwise.
func (o *OAuth2ConsentSession) GetRemember() bool {
- if o == nil || o.Remember == nil {
+ if o == nil || IsNil(o.Remember) {
var ret bool
return ret
}
@@ -219,7 +256,7 @@ func (o *OAuth2ConsentSession) GetRemember() bool {
// GetRememberOk returns a tuple with the Remember field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSession) GetRememberOk() (*bool, bool) {
- if o == nil || o.Remember == nil {
+ if o == nil || IsNil(o.Remember) {
return nil, false
}
return o.Remember, true
@@ -227,7 +264,7 @@ func (o *OAuth2ConsentSession) GetRememberOk() (*bool, bool) {
// HasRemember returns a boolean if a field has been set.
func (o *OAuth2ConsentSession) HasRemember() bool {
- if o != nil && o.Remember != nil {
+ if o != nil && !IsNil(o.Remember) {
return true
}
@@ -241,7 +278,7 @@ func (o *OAuth2ConsentSession) SetRemember(v bool) {
// GetRememberFor returns the RememberFor field value if set, zero value otherwise.
func (o *OAuth2ConsentSession) GetRememberFor() int64 {
- if o == nil || o.RememberFor == nil {
+ if o == nil || IsNil(o.RememberFor) {
var ret int64
return ret
}
@@ -251,7 +288,7 @@ func (o *OAuth2ConsentSession) GetRememberFor() int64 {
// GetRememberForOk returns a tuple with the RememberFor field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSession) GetRememberForOk() (*int64, bool) {
- if o == nil || o.RememberFor == nil {
+ if o == nil || IsNil(o.RememberFor) {
return nil, false
}
return o.RememberFor, true
@@ -259,7 +296,7 @@ func (o *OAuth2ConsentSession) GetRememberForOk() (*int64, bool) {
// HasRememberFor returns a boolean if a field has been set.
func (o *OAuth2ConsentSession) HasRememberFor() bool {
- if o != nil && o.RememberFor != nil {
+ if o != nil && !IsNil(o.RememberFor) {
return true
}
@@ -273,7 +310,7 @@ func (o *OAuth2ConsentSession) SetRememberFor(v int64) {
// GetSession returns the Session field value if set, zero value otherwise.
func (o *OAuth2ConsentSession) GetSession() AcceptOAuth2ConsentRequestSession {
- if o == nil || o.Session == nil {
+ if o == nil || IsNil(o.Session) {
var ret AcceptOAuth2ConsentRequestSession
return ret
}
@@ -283,7 +320,7 @@ func (o *OAuth2ConsentSession) GetSession() AcceptOAuth2ConsentRequestSession {
// GetSessionOk returns a tuple with the Session field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSession) GetSessionOk() (*AcceptOAuth2ConsentRequestSession, bool) {
- if o == nil || o.Session == nil {
+ if o == nil || IsNil(o.Session) {
return nil, false
}
return o.Session, true
@@ -291,7 +328,7 @@ func (o *OAuth2ConsentSession) GetSessionOk() (*AcceptOAuth2ConsentRequestSessio
// HasSession returns a boolean if a field has been set.
func (o *OAuth2ConsentSession) HasSession() bool {
- if o != nil && o.Session != nil {
+ if o != nil && !IsNil(o.Session) {
return true
}
@@ -304,32 +341,43 @@ func (o *OAuth2ConsentSession) SetSession(v AcceptOAuth2ConsentRequestSession) {
}
func (o OAuth2ConsentSession) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2ConsentSession) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.ConsentRequest != nil {
+ if !IsNil(o.ConsentRequest) {
toSerialize["consent_request"] = o.ConsentRequest
}
- if o.ExpiresAt != nil {
+ if o.Context != nil {
+ toSerialize["context"] = o.Context
+ }
+ if !IsNil(o.ExpiresAt) {
toSerialize["expires_at"] = o.ExpiresAt
}
- if o.GrantAccessTokenAudience != nil {
+ if !IsNil(o.GrantAccessTokenAudience) {
toSerialize["grant_access_token_audience"] = o.GrantAccessTokenAudience
}
- if o.GrantScope != nil {
+ if !IsNil(o.GrantScope) {
toSerialize["grant_scope"] = o.GrantScope
}
- if o.HandledAt != nil {
+ if !IsNil(o.HandledAt) {
toSerialize["handled_at"] = o.HandledAt
}
- if o.Remember != nil {
+ if !IsNil(o.Remember) {
toSerialize["remember"] = o.Remember
}
- if o.RememberFor != nil {
+ if !IsNil(o.RememberFor) {
toSerialize["remember_for"] = o.RememberFor
}
- if o.Session != nil {
+ if !IsNil(o.Session) {
toSerialize["session"] = o.Session
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableOAuth2ConsentSession struct {
diff --git a/internal/httpclient/model_o_auth2_consent_session_expires_at.go b/internal/httpclient/model_o_auth2_consent_session_expires_at.go
index a0a752b99bb..20be47a9a88 100644
--- a/internal/httpclient/model_o_auth2_consent_session_expires_at.go
+++ b/internal/httpclient/model_o_auth2_consent_session_expires_at.go
@@ -16,6 +16,9 @@ import (
"time"
)
+// checks if the OAuth2ConsentSessionExpiresAt type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2ConsentSessionExpiresAt{}
+
// OAuth2ConsentSessionExpiresAt struct for OAuth2ConsentSessionExpiresAt
type OAuth2ConsentSessionExpiresAt struct {
AccessToken *time.Time `json:"access_token,omitempty"`
@@ -44,7 +47,7 @@ func NewOAuth2ConsentSessionExpiresAtWithDefaults() *OAuth2ConsentSessionExpires
// GetAccessToken returns the AccessToken field value if set, zero value otherwise.
func (o *OAuth2ConsentSessionExpiresAt) GetAccessToken() time.Time {
- if o == nil || o.AccessToken == nil {
+ if o == nil || IsNil(o.AccessToken) {
var ret time.Time
return ret
}
@@ -54,7 +57,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetAccessToken() time.Time {
// GetAccessTokenOk returns a tuple with the AccessToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSessionExpiresAt) GetAccessTokenOk() (*time.Time, bool) {
- if o == nil || o.AccessToken == nil {
+ if o == nil || IsNil(o.AccessToken) {
return nil, false
}
return o.AccessToken, true
@@ -62,7 +65,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetAccessTokenOk() (*time.Time, bool) {
// HasAccessToken returns a boolean if a field has been set.
func (o *OAuth2ConsentSessionExpiresAt) HasAccessToken() bool {
- if o != nil && o.AccessToken != nil {
+ if o != nil && !IsNil(o.AccessToken) {
return true
}
@@ -76,7 +79,7 @@ func (o *OAuth2ConsentSessionExpiresAt) SetAccessToken(v time.Time) {
// GetAuthorizeCode returns the AuthorizeCode field value if set, zero value otherwise.
func (o *OAuth2ConsentSessionExpiresAt) GetAuthorizeCode() time.Time {
- if o == nil || o.AuthorizeCode == nil {
+ if o == nil || IsNil(o.AuthorizeCode) {
var ret time.Time
return ret
}
@@ -86,7 +89,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetAuthorizeCode() time.Time {
// GetAuthorizeCodeOk returns a tuple with the AuthorizeCode field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSessionExpiresAt) GetAuthorizeCodeOk() (*time.Time, bool) {
- if o == nil || o.AuthorizeCode == nil {
+ if o == nil || IsNil(o.AuthorizeCode) {
return nil, false
}
return o.AuthorizeCode, true
@@ -94,7 +97,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetAuthorizeCodeOk() (*time.Time, bool)
// HasAuthorizeCode returns a boolean if a field has been set.
func (o *OAuth2ConsentSessionExpiresAt) HasAuthorizeCode() bool {
- if o != nil && o.AuthorizeCode != nil {
+ if o != nil && !IsNil(o.AuthorizeCode) {
return true
}
@@ -108,7 +111,7 @@ func (o *OAuth2ConsentSessionExpiresAt) SetAuthorizeCode(v time.Time) {
// GetIdToken returns the IdToken field value if set, zero value otherwise.
func (o *OAuth2ConsentSessionExpiresAt) GetIdToken() time.Time {
- if o == nil || o.IdToken == nil {
+ if o == nil || IsNil(o.IdToken) {
var ret time.Time
return ret
}
@@ -118,7 +121,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetIdToken() time.Time {
// GetIdTokenOk returns a tuple with the IdToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSessionExpiresAt) GetIdTokenOk() (*time.Time, bool) {
- if o == nil || o.IdToken == nil {
+ if o == nil || IsNil(o.IdToken) {
return nil, false
}
return o.IdToken, true
@@ -126,7 +129,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetIdTokenOk() (*time.Time, bool) {
// HasIdToken returns a boolean if a field has been set.
func (o *OAuth2ConsentSessionExpiresAt) HasIdToken() bool {
- if o != nil && o.IdToken != nil {
+ if o != nil && !IsNil(o.IdToken) {
return true
}
@@ -140,7 +143,7 @@ func (o *OAuth2ConsentSessionExpiresAt) SetIdToken(v time.Time) {
// GetParContext returns the ParContext field value if set, zero value otherwise.
func (o *OAuth2ConsentSessionExpiresAt) GetParContext() time.Time {
- if o == nil || o.ParContext == nil {
+ if o == nil || IsNil(o.ParContext) {
var ret time.Time
return ret
}
@@ -150,7 +153,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetParContext() time.Time {
// GetParContextOk returns a tuple with the ParContext field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSessionExpiresAt) GetParContextOk() (*time.Time, bool) {
- if o == nil || o.ParContext == nil {
+ if o == nil || IsNil(o.ParContext) {
return nil, false
}
return o.ParContext, true
@@ -158,7 +161,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetParContextOk() (*time.Time, bool) {
// HasParContext returns a boolean if a field has been set.
func (o *OAuth2ConsentSessionExpiresAt) HasParContext() bool {
- if o != nil && o.ParContext != nil {
+ if o != nil && !IsNil(o.ParContext) {
return true
}
@@ -172,7 +175,7 @@ func (o *OAuth2ConsentSessionExpiresAt) SetParContext(v time.Time) {
// GetRefreshToken returns the RefreshToken field value if set, zero value otherwise.
func (o *OAuth2ConsentSessionExpiresAt) GetRefreshToken() time.Time {
- if o == nil || o.RefreshToken == nil {
+ if o == nil || IsNil(o.RefreshToken) {
var ret time.Time
return ret
}
@@ -182,7 +185,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetRefreshToken() time.Time {
// GetRefreshTokenOk returns a tuple with the RefreshToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2ConsentSessionExpiresAt) GetRefreshTokenOk() (*time.Time, bool) {
- if o == nil || o.RefreshToken == nil {
+ if o == nil || IsNil(o.RefreshToken) {
return nil, false
}
return o.RefreshToken, true
@@ -190,7 +193,7 @@ func (o *OAuth2ConsentSessionExpiresAt) GetRefreshTokenOk() (*time.Time, bool) {
// HasRefreshToken returns a boolean if a field has been set.
func (o *OAuth2ConsentSessionExpiresAt) HasRefreshToken() bool {
- if o != nil && o.RefreshToken != nil {
+ if o != nil && !IsNil(o.RefreshToken) {
return true
}
@@ -203,23 +206,31 @@ func (o *OAuth2ConsentSessionExpiresAt) SetRefreshToken(v time.Time) {
}
func (o OAuth2ConsentSessionExpiresAt) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2ConsentSessionExpiresAt) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.AccessToken != nil {
+ if !IsNil(o.AccessToken) {
toSerialize["access_token"] = o.AccessToken
}
- if o.AuthorizeCode != nil {
+ if !IsNil(o.AuthorizeCode) {
toSerialize["authorize_code"] = o.AuthorizeCode
}
- if o.IdToken != nil {
+ if !IsNil(o.IdToken) {
toSerialize["id_token"] = o.IdToken
}
- if o.ParContext != nil {
+ if !IsNil(o.ParContext) {
toSerialize["par_context"] = o.ParContext
}
- if o.RefreshToken != nil {
+ if !IsNil(o.RefreshToken) {
toSerialize["refresh_token"] = o.RefreshToken
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableOAuth2ConsentSessionExpiresAt struct {
diff --git a/internal/httpclient/model_o_auth2_login_request.go b/internal/httpclient/model_o_auth2_login_request.go
index 1dc9e475d29..2ddac3113c8 100644
--- a/internal/httpclient/model_o_auth2_login_request.go
+++ b/internal/httpclient/model_o_auth2_login_request.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the OAuth2LoginRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2LoginRequest{}
+
// OAuth2LoginRequest struct for OAuth2LoginRequest
type OAuth2LoginRequest struct {
// ID is the identifier (\"login challenge\") of the login request. It is used to identify the session.
@@ -33,6 +38,8 @@ type OAuth2LoginRequest struct {
Subject string `json:"subject"`
}
+type _OAuth2LoginRequest OAuth2LoginRequest
+
// NewOAuth2LoginRequest instantiates a new OAuth2LoginRequest object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -105,7 +112,7 @@ func (o *OAuth2LoginRequest) SetClient(v OAuth2Client) {
// GetOidcContext returns the OidcContext field value if set, zero value otherwise.
func (o *OAuth2LoginRequest) GetOidcContext() OAuth2ConsentRequestOpenIDConnectContext {
- if o == nil || o.OidcContext == nil {
+ if o == nil || IsNil(o.OidcContext) {
var ret OAuth2ConsentRequestOpenIDConnectContext
return ret
}
@@ -115,7 +122,7 @@ func (o *OAuth2LoginRequest) GetOidcContext() OAuth2ConsentRequestOpenIDConnectC
// GetOidcContextOk returns a tuple with the OidcContext field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LoginRequest) GetOidcContextOk() (*OAuth2ConsentRequestOpenIDConnectContext, bool) {
- if o == nil || o.OidcContext == nil {
+ if o == nil || IsNil(o.OidcContext) {
return nil, false
}
return o.OidcContext, true
@@ -123,7 +130,7 @@ func (o *OAuth2LoginRequest) GetOidcContextOk() (*OAuth2ConsentRequestOpenIDConn
// HasOidcContext returns a boolean if a field has been set.
func (o *OAuth2LoginRequest) HasOidcContext() bool {
- if o != nil && o.OidcContext != nil {
+ if o != nil && !IsNil(o.OidcContext) {
return true
}
@@ -161,7 +168,7 @@ func (o *OAuth2LoginRequest) SetRequestUrl(v string) {
// GetRequestedAccessTokenAudience returns the RequestedAccessTokenAudience field value if set, zero value otherwise.
func (o *OAuth2LoginRequest) GetRequestedAccessTokenAudience() []string {
- if o == nil || o.RequestedAccessTokenAudience == nil {
+ if o == nil || IsNil(o.RequestedAccessTokenAudience) {
var ret []string
return ret
}
@@ -171,7 +178,7 @@ func (o *OAuth2LoginRequest) GetRequestedAccessTokenAudience() []string {
// GetRequestedAccessTokenAudienceOk returns a tuple with the RequestedAccessTokenAudience field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LoginRequest) GetRequestedAccessTokenAudienceOk() ([]string, bool) {
- if o == nil || o.RequestedAccessTokenAudience == nil {
+ if o == nil || IsNil(o.RequestedAccessTokenAudience) {
return nil, false
}
return o.RequestedAccessTokenAudience, true
@@ -179,7 +186,7 @@ func (o *OAuth2LoginRequest) GetRequestedAccessTokenAudienceOk() ([]string, bool
// HasRequestedAccessTokenAudience returns a boolean if a field has been set.
func (o *OAuth2LoginRequest) HasRequestedAccessTokenAudience() bool {
- if o != nil && o.RequestedAccessTokenAudience != nil {
+ if o != nil && !IsNil(o.RequestedAccessTokenAudience) {
return true
}
@@ -193,7 +200,7 @@ func (o *OAuth2LoginRequest) SetRequestedAccessTokenAudience(v []string) {
// GetRequestedScope returns the RequestedScope field value if set, zero value otherwise.
func (o *OAuth2LoginRequest) GetRequestedScope() []string {
- if o == nil || o.RequestedScope == nil {
+ if o == nil || IsNil(o.RequestedScope) {
var ret []string
return ret
}
@@ -203,7 +210,7 @@ func (o *OAuth2LoginRequest) GetRequestedScope() []string {
// GetRequestedScopeOk returns a tuple with the RequestedScope field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LoginRequest) GetRequestedScopeOk() ([]string, bool) {
- if o == nil || o.RequestedScope == nil {
+ if o == nil || IsNil(o.RequestedScope) {
return nil, false
}
return o.RequestedScope, true
@@ -211,7 +218,7 @@ func (o *OAuth2LoginRequest) GetRequestedScopeOk() ([]string, bool) {
// HasRequestedScope returns a boolean if a field has been set.
func (o *OAuth2LoginRequest) HasRequestedScope() bool {
- if o != nil && o.RequestedScope != nil {
+ if o != nil && !IsNil(o.RequestedScope) {
return true
}
@@ -225,7 +232,7 @@ func (o *OAuth2LoginRequest) SetRequestedScope(v []string) {
// GetSessionId returns the SessionId field value if set, zero value otherwise.
func (o *OAuth2LoginRequest) GetSessionId() string {
- if o == nil || o.SessionId == nil {
+ if o == nil || IsNil(o.SessionId) {
var ret string
return ret
}
@@ -235,7 +242,7 @@ func (o *OAuth2LoginRequest) GetSessionId() string {
// GetSessionIdOk returns a tuple with the SessionId field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LoginRequest) GetSessionIdOk() (*string, bool) {
- if o == nil || o.SessionId == nil {
+ if o == nil || IsNil(o.SessionId) {
return nil, false
}
return o.SessionId, true
@@ -243,7 +250,7 @@ func (o *OAuth2LoginRequest) GetSessionIdOk() (*string, bool) {
// HasSessionId returns a boolean if a field has been set.
func (o *OAuth2LoginRequest) HasSessionId() bool {
- if o != nil && o.SessionId != nil {
+ if o != nil && !IsNil(o.SessionId) {
return true
}
@@ -304,35 +311,74 @@ func (o *OAuth2LoginRequest) SetSubject(v string) {
}
func (o OAuth2LoginRequest) MarshalJSON() ([]byte, error) {
- toSerialize := map[string]interface{}{}
- if true {
- toSerialize["challenge"] = o.Challenge
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
}
- if true {
- toSerialize["client"] = o.Client
- }
- if o.OidcContext != nil {
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2LoginRequest) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ toSerialize["challenge"] = o.Challenge
+ toSerialize["client"] = o.Client
+ if !IsNil(o.OidcContext) {
toSerialize["oidc_context"] = o.OidcContext
}
- if true {
- toSerialize["request_url"] = o.RequestUrl
- }
- if o.RequestedAccessTokenAudience != nil {
+ toSerialize["request_url"] = o.RequestUrl
+ if !IsNil(o.RequestedAccessTokenAudience) {
toSerialize["requested_access_token_audience"] = o.RequestedAccessTokenAudience
}
- if o.RequestedScope != nil {
+ if !IsNil(o.RequestedScope) {
toSerialize["requested_scope"] = o.RequestedScope
}
- if o.SessionId != nil {
+ if !IsNil(o.SessionId) {
toSerialize["session_id"] = o.SessionId
}
- if true {
- toSerialize["skip"] = o.Skip
+ toSerialize["skip"] = o.Skip
+ toSerialize["subject"] = o.Subject
+ return toSerialize, nil
+}
+
+func (o *OAuth2LoginRequest) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "challenge",
+ "client",
+ "request_url",
+ "skip",
+ "subject",
}
- if true {
- toSerialize["subject"] = o.Subject
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
}
- return json.Marshal(toSerialize)
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varOAuth2LoginRequest := _OAuth2LoginRequest{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varOAuth2LoginRequest)
+
+ if err != nil {
+ return err
+ }
+
+ *o = OAuth2LoginRequest(varOAuth2LoginRequest)
+
+ return err
}
type NullableOAuth2LoginRequest struct {
diff --git a/internal/httpclient/model_o_auth2_logout_request.go b/internal/httpclient/model_o_auth2_logout_request.go
index 4a2ef7c0bc7..517ed65cf56 100644
--- a/internal/httpclient/model_o_auth2_logout_request.go
+++ b/internal/httpclient/model_o_auth2_logout_request.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the OAuth2LogoutRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2LogoutRequest{}
+
// OAuth2LogoutRequest struct for OAuth2LogoutRequest
type OAuth2LogoutRequest struct {
// Challenge is the identifier (\"logout challenge\") of the logout authentication request. It is used to identify the session.
@@ -49,7 +52,7 @@ func NewOAuth2LogoutRequestWithDefaults() *OAuth2LogoutRequest {
// GetChallenge returns the Challenge field value if set, zero value otherwise.
func (o *OAuth2LogoutRequest) GetChallenge() string {
- if o == nil || o.Challenge == nil {
+ if o == nil || IsNil(o.Challenge) {
var ret string
return ret
}
@@ -59,7 +62,7 @@ func (o *OAuth2LogoutRequest) GetChallenge() string {
// GetChallengeOk returns a tuple with the Challenge field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LogoutRequest) GetChallengeOk() (*string, bool) {
- if o == nil || o.Challenge == nil {
+ if o == nil || IsNil(o.Challenge) {
return nil, false
}
return o.Challenge, true
@@ -67,7 +70,7 @@ func (o *OAuth2LogoutRequest) GetChallengeOk() (*string, bool) {
// HasChallenge returns a boolean if a field has been set.
func (o *OAuth2LogoutRequest) HasChallenge() bool {
- if o != nil && o.Challenge != nil {
+ if o != nil && !IsNil(o.Challenge) {
return true
}
@@ -81,7 +84,7 @@ func (o *OAuth2LogoutRequest) SetChallenge(v string) {
// GetClient returns the Client field value if set, zero value otherwise.
func (o *OAuth2LogoutRequest) GetClient() OAuth2Client {
- if o == nil || o.Client == nil {
+ if o == nil || IsNil(o.Client) {
var ret OAuth2Client
return ret
}
@@ -91,7 +94,7 @@ func (o *OAuth2LogoutRequest) GetClient() OAuth2Client {
// GetClientOk returns a tuple with the Client field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LogoutRequest) GetClientOk() (*OAuth2Client, bool) {
- if o == nil || o.Client == nil {
+ if o == nil || IsNil(o.Client) {
return nil, false
}
return o.Client, true
@@ -99,7 +102,7 @@ func (o *OAuth2LogoutRequest) GetClientOk() (*OAuth2Client, bool) {
// HasClient returns a boolean if a field has been set.
func (o *OAuth2LogoutRequest) HasClient() bool {
- if o != nil && o.Client != nil {
+ if o != nil && !IsNil(o.Client) {
return true
}
@@ -113,7 +116,7 @@ func (o *OAuth2LogoutRequest) SetClient(v OAuth2Client) {
// GetRequestUrl returns the RequestUrl field value if set, zero value otherwise.
func (o *OAuth2LogoutRequest) GetRequestUrl() string {
- if o == nil || o.RequestUrl == nil {
+ if o == nil || IsNil(o.RequestUrl) {
var ret string
return ret
}
@@ -123,7 +126,7 @@ func (o *OAuth2LogoutRequest) GetRequestUrl() string {
// GetRequestUrlOk returns a tuple with the RequestUrl field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LogoutRequest) GetRequestUrlOk() (*string, bool) {
- if o == nil || o.RequestUrl == nil {
+ if o == nil || IsNil(o.RequestUrl) {
return nil, false
}
return o.RequestUrl, true
@@ -131,7 +134,7 @@ func (o *OAuth2LogoutRequest) GetRequestUrlOk() (*string, bool) {
// HasRequestUrl returns a boolean if a field has been set.
func (o *OAuth2LogoutRequest) HasRequestUrl() bool {
- if o != nil && o.RequestUrl != nil {
+ if o != nil && !IsNil(o.RequestUrl) {
return true
}
@@ -145,7 +148,7 @@ func (o *OAuth2LogoutRequest) SetRequestUrl(v string) {
// GetRpInitiated returns the RpInitiated field value if set, zero value otherwise.
func (o *OAuth2LogoutRequest) GetRpInitiated() bool {
- if o == nil || o.RpInitiated == nil {
+ if o == nil || IsNil(o.RpInitiated) {
var ret bool
return ret
}
@@ -155,7 +158,7 @@ func (o *OAuth2LogoutRequest) GetRpInitiated() bool {
// GetRpInitiatedOk returns a tuple with the RpInitiated field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LogoutRequest) GetRpInitiatedOk() (*bool, bool) {
- if o == nil || o.RpInitiated == nil {
+ if o == nil || IsNil(o.RpInitiated) {
return nil, false
}
return o.RpInitiated, true
@@ -163,7 +166,7 @@ func (o *OAuth2LogoutRequest) GetRpInitiatedOk() (*bool, bool) {
// HasRpInitiated returns a boolean if a field has been set.
func (o *OAuth2LogoutRequest) HasRpInitiated() bool {
- if o != nil && o.RpInitiated != nil {
+ if o != nil && !IsNil(o.RpInitiated) {
return true
}
@@ -177,7 +180,7 @@ func (o *OAuth2LogoutRequest) SetRpInitiated(v bool) {
// GetSid returns the Sid field value if set, zero value otherwise.
func (o *OAuth2LogoutRequest) GetSid() string {
- if o == nil || o.Sid == nil {
+ if o == nil || IsNil(o.Sid) {
var ret string
return ret
}
@@ -187,7 +190,7 @@ func (o *OAuth2LogoutRequest) GetSid() string {
// GetSidOk returns a tuple with the Sid field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LogoutRequest) GetSidOk() (*string, bool) {
- if o == nil || o.Sid == nil {
+ if o == nil || IsNil(o.Sid) {
return nil, false
}
return o.Sid, true
@@ -195,7 +198,7 @@ func (o *OAuth2LogoutRequest) GetSidOk() (*string, bool) {
// HasSid returns a boolean if a field has been set.
func (o *OAuth2LogoutRequest) HasSid() bool {
- if o != nil && o.Sid != nil {
+ if o != nil && !IsNil(o.Sid) {
return true
}
@@ -209,7 +212,7 @@ func (o *OAuth2LogoutRequest) SetSid(v string) {
// GetSubject returns the Subject field value if set, zero value otherwise.
func (o *OAuth2LogoutRequest) GetSubject() string {
- if o == nil || o.Subject == nil {
+ if o == nil || IsNil(o.Subject) {
var ret string
return ret
}
@@ -219,7 +222,7 @@ func (o *OAuth2LogoutRequest) GetSubject() string {
// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2LogoutRequest) GetSubjectOk() (*string, bool) {
- if o == nil || o.Subject == nil {
+ if o == nil || IsNil(o.Subject) {
return nil, false
}
return o.Subject, true
@@ -227,7 +230,7 @@ func (o *OAuth2LogoutRequest) GetSubjectOk() (*string, bool) {
// HasSubject returns a boolean if a field has been set.
func (o *OAuth2LogoutRequest) HasSubject() bool {
- if o != nil && o.Subject != nil {
+ if o != nil && !IsNil(o.Subject) {
return true
}
@@ -240,26 +243,34 @@ func (o *OAuth2LogoutRequest) SetSubject(v string) {
}
func (o OAuth2LogoutRequest) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2LogoutRequest) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Challenge != nil {
+ if !IsNil(o.Challenge) {
toSerialize["challenge"] = o.Challenge
}
- if o.Client != nil {
+ if !IsNil(o.Client) {
toSerialize["client"] = o.Client
}
- if o.RequestUrl != nil {
+ if !IsNil(o.RequestUrl) {
toSerialize["request_url"] = o.RequestUrl
}
- if o.RpInitiated != nil {
+ if !IsNil(o.RpInitiated) {
toSerialize["rp_initiated"] = o.RpInitiated
}
- if o.Sid != nil {
+ if !IsNil(o.Sid) {
toSerialize["sid"] = o.Sid
}
- if o.Subject != nil {
+ if !IsNil(o.Subject) {
toSerialize["subject"] = o.Subject
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableOAuth2LogoutRequest struct {
diff --git a/internal/httpclient/model_o_auth2_redirect_to.go b/internal/httpclient/model_o_auth2_redirect_to.go
index 5abf9d4f250..e2ff2035357 100644
--- a/internal/httpclient/model_o_auth2_redirect_to.go
+++ b/internal/httpclient/model_o_auth2_redirect_to.go
@@ -12,15 +12,22 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the OAuth2RedirectTo type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2RedirectTo{}
+
// OAuth2RedirectTo Contains a redirect URL used to complete a login, consent, or logout request.
type OAuth2RedirectTo struct {
// RedirectURL is the URL which you should redirect the user's browser to once the authentication process is completed.
RedirectTo string `json:"redirect_to"`
}
+type _OAuth2RedirectTo OAuth2RedirectTo
+
// NewOAuth2RedirectTo instantiates a new OAuth2RedirectTo object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -64,13 +71,56 @@ func (o *OAuth2RedirectTo) SetRedirectTo(v string) {
}
func (o OAuth2RedirectTo) MarshalJSON() ([]byte, error) {
- toSerialize := map[string]interface{}{}
- if true {
- toSerialize["redirect_to"] = o.RedirectTo
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
}
return json.Marshal(toSerialize)
}
+func (o OAuth2RedirectTo) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ toSerialize["redirect_to"] = o.RedirectTo
+ return toSerialize, nil
+}
+
+func (o *OAuth2RedirectTo) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "redirect_to",
+ }
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varOAuth2RedirectTo := _OAuth2RedirectTo{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varOAuth2RedirectTo)
+
+ if err != nil {
+ return err
+ }
+
+ *o = OAuth2RedirectTo(varOAuth2RedirectTo)
+
+ return err
+}
+
type NullableOAuth2RedirectTo struct {
value *OAuth2RedirectTo
isSet bool
diff --git a/internal/httpclient/model_o_auth2_token_exchange.go b/internal/httpclient/model_o_auth2_token_exchange.go
index ec15969bc6f..f2997682d5d 100644
--- a/internal/httpclient/model_o_auth2_token_exchange.go
+++ b/internal/httpclient/model_o_auth2_token_exchange.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the OAuth2TokenExchange type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OAuth2TokenExchange{}
+
// OAuth2TokenExchange OAuth2 Token Exchange Result
type OAuth2TokenExchange struct {
// The access token issued by the authorization server.
@@ -50,7 +53,7 @@ func NewOAuth2TokenExchangeWithDefaults() *OAuth2TokenExchange {
// GetAccessToken returns the AccessToken field value if set, zero value otherwise.
func (o *OAuth2TokenExchange) GetAccessToken() string {
- if o == nil || o.AccessToken == nil {
+ if o == nil || IsNil(o.AccessToken) {
var ret string
return ret
}
@@ -60,7 +63,7 @@ func (o *OAuth2TokenExchange) GetAccessToken() string {
// GetAccessTokenOk returns a tuple with the AccessToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2TokenExchange) GetAccessTokenOk() (*string, bool) {
- if o == nil || o.AccessToken == nil {
+ if o == nil || IsNil(o.AccessToken) {
return nil, false
}
return o.AccessToken, true
@@ -68,7 +71,7 @@ func (o *OAuth2TokenExchange) GetAccessTokenOk() (*string, bool) {
// HasAccessToken returns a boolean if a field has been set.
func (o *OAuth2TokenExchange) HasAccessToken() bool {
- if o != nil && o.AccessToken != nil {
+ if o != nil && !IsNil(o.AccessToken) {
return true
}
@@ -82,7 +85,7 @@ func (o *OAuth2TokenExchange) SetAccessToken(v string) {
// GetExpiresIn returns the ExpiresIn field value if set, zero value otherwise.
func (o *OAuth2TokenExchange) GetExpiresIn() int64 {
- if o == nil || o.ExpiresIn == nil {
+ if o == nil || IsNil(o.ExpiresIn) {
var ret int64
return ret
}
@@ -92,7 +95,7 @@ func (o *OAuth2TokenExchange) GetExpiresIn() int64 {
// GetExpiresInOk returns a tuple with the ExpiresIn field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2TokenExchange) GetExpiresInOk() (*int64, bool) {
- if o == nil || o.ExpiresIn == nil {
+ if o == nil || IsNil(o.ExpiresIn) {
return nil, false
}
return o.ExpiresIn, true
@@ -100,7 +103,7 @@ func (o *OAuth2TokenExchange) GetExpiresInOk() (*int64, bool) {
// HasExpiresIn returns a boolean if a field has been set.
func (o *OAuth2TokenExchange) HasExpiresIn() bool {
- if o != nil && o.ExpiresIn != nil {
+ if o != nil && !IsNil(o.ExpiresIn) {
return true
}
@@ -114,7 +117,7 @@ func (o *OAuth2TokenExchange) SetExpiresIn(v int64) {
// GetIdToken returns the IdToken field value if set, zero value otherwise.
func (o *OAuth2TokenExchange) GetIdToken() string {
- if o == nil || o.IdToken == nil {
+ if o == nil || IsNil(o.IdToken) {
var ret string
return ret
}
@@ -124,7 +127,7 @@ func (o *OAuth2TokenExchange) GetIdToken() string {
// GetIdTokenOk returns a tuple with the IdToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2TokenExchange) GetIdTokenOk() (*string, bool) {
- if o == nil || o.IdToken == nil {
+ if o == nil || IsNil(o.IdToken) {
return nil, false
}
return o.IdToken, true
@@ -132,7 +135,7 @@ func (o *OAuth2TokenExchange) GetIdTokenOk() (*string, bool) {
// HasIdToken returns a boolean if a field has been set.
func (o *OAuth2TokenExchange) HasIdToken() bool {
- if o != nil && o.IdToken != nil {
+ if o != nil && !IsNil(o.IdToken) {
return true
}
@@ -146,7 +149,7 @@ func (o *OAuth2TokenExchange) SetIdToken(v string) {
// GetRefreshToken returns the RefreshToken field value if set, zero value otherwise.
func (o *OAuth2TokenExchange) GetRefreshToken() string {
- if o == nil || o.RefreshToken == nil {
+ if o == nil || IsNil(o.RefreshToken) {
var ret string
return ret
}
@@ -156,7 +159,7 @@ func (o *OAuth2TokenExchange) GetRefreshToken() string {
// GetRefreshTokenOk returns a tuple with the RefreshToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2TokenExchange) GetRefreshTokenOk() (*string, bool) {
- if o == nil || o.RefreshToken == nil {
+ if o == nil || IsNil(o.RefreshToken) {
return nil, false
}
return o.RefreshToken, true
@@ -164,7 +167,7 @@ func (o *OAuth2TokenExchange) GetRefreshTokenOk() (*string, bool) {
// HasRefreshToken returns a boolean if a field has been set.
func (o *OAuth2TokenExchange) HasRefreshToken() bool {
- if o != nil && o.RefreshToken != nil {
+ if o != nil && !IsNil(o.RefreshToken) {
return true
}
@@ -178,7 +181,7 @@ func (o *OAuth2TokenExchange) SetRefreshToken(v string) {
// GetScope returns the Scope field value if set, zero value otherwise.
func (o *OAuth2TokenExchange) GetScope() string {
- if o == nil || o.Scope == nil {
+ if o == nil || IsNil(o.Scope) {
var ret string
return ret
}
@@ -188,7 +191,7 @@ func (o *OAuth2TokenExchange) GetScope() string {
// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2TokenExchange) GetScopeOk() (*string, bool) {
- if o == nil || o.Scope == nil {
+ if o == nil || IsNil(o.Scope) {
return nil, false
}
return o.Scope, true
@@ -196,7 +199,7 @@ func (o *OAuth2TokenExchange) GetScopeOk() (*string, bool) {
// HasScope returns a boolean if a field has been set.
func (o *OAuth2TokenExchange) HasScope() bool {
- if o != nil && o.Scope != nil {
+ if o != nil && !IsNil(o.Scope) {
return true
}
@@ -210,7 +213,7 @@ func (o *OAuth2TokenExchange) SetScope(v string) {
// GetTokenType returns the TokenType field value if set, zero value otherwise.
func (o *OAuth2TokenExchange) GetTokenType() string {
- if o == nil || o.TokenType == nil {
+ if o == nil || IsNil(o.TokenType) {
var ret string
return ret
}
@@ -220,7 +223,7 @@ func (o *OAuth2TokenExchange) GetTokenType() string {
// GetTokenTypeOk returns a tuple with the TokenType field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OAuth2TokenExchange) GetTokenTypeOk() (*string, bool) {
- if o == nil || o.TokenType == nil {
+ if o == nil || IsNil(o.TokenType) {
return nil, false
}
return o.TokenType, true
@@ -228,7 +231,7 @@ func (o *OAuth2TokenExchange) GetTokenTypeOk() (*string, bool) {
// HasTokenType returns a boolean if a field has been set.
func (o *OAuth2TokenExchange) HasTokenType() bool {
- if o != nil && o.TokenType != nil {
+ if o != nil && !IsNil(o.TokenType) {
return true
}
@@ -241,26 +244,34 @@ func (o *OAuth2TokenExchange) SetTokenType(v string) {
}
func (o OAuth2TokenExchange) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OAuth2TokenExchange) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.AccessToken != nil {
+ if !IsNil(o.AccessToken) {
toSerialize["access_token"] = o.AccessToken
}
- if o.ExpiresIn != nil {
+ if !IsNil(o.ExpiresIn) {
toSerialize["expires_in"] = o.ExpiresIn
}
- if o.IdToken != nil {
+ if !IsNil(o.IdToken) {
toSerialize["id_token"] = o.IdToken
}
- if o.RefreshToken != nil {
+ if !IsNil(o.RefreshToken) {
toSerialize["refresh_token"] = o.RefreshToken
}
- if o.Scope != nil {
+ if !IsNil(o.Scope) {
toSerialize["scope"] = o.Scope
}
- if o.TokenType != nil {
+ if !IsNil(o.TokenType) {
toSerialize["token_type"] = o.TokenType
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableOAuth2TokenExchange struct {
diff --git a/internal/httpclient/model_oidc_configuration.go b/internal/httpclient/model_oidc_configuration.go
index 08a0e7cd90a..465fa997f3f 100644
--- a/internal/httpclient/model_oidc_configuration.go
+++ b/internal/httpclient/model_oidc_configuration.go
@@ -12,9 +12,14 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
)
+// checks if the OidcConfiguration type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OidcConfiguration{}
+
// OidcConfiguration Includes links to several endpoints (for example `/oauth2/token`) and exposes information on supported signature algorithms among others.
type OidcConfiguration struct {
// OAuth 2.0 Authorization Endpoint URL
@@ -33,6 +38,8 @@ type OidcConfiguration struct {
CredentialsEndpointDraft00 *string `json:"credentials_endpoint_draft_00,omitempty"`
// OpenID Connect Verifiable Credentials Supported JSON array containing a list of the Verifiable Credentials supported by this authorization server.
CredentialsSupportedDraft00 []CredentialSupportedDraft00 `json:"credentials_supported_draft_00,omitempty"`
+ // OAuth 2.0 Device Authorization Endpoint URL
+ DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint"`
// OpenID Connect End-Session Endpoint URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
EndSessionEndpoint *string `json:"end_session_endpoint,omitempty"`
// OpenID Connect Front-Channel Logout Session Required Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also included in ID Tokens issued by the OP.
@@ -81,13 +88,16 @@ type OidcConfiguration struct {
UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported,omitempty"`
}
+type _OidcConfiguration OidcConfiguration
+
// NewOidcConfiguration instantiates a new OidcConfiguration object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
// will change when the set of required properties is changed
-func NewOidcConfiguration(authorizationEndpoint string, idTokenSignedResponseAlg []string, idTokenSigningAlgValuesSupported []string, issuer string, jwksUri string, responseTypesSupported []string, subjectTypesSupported []string, tokenEndpoint string, userinfoSignedResponseAlg []string) *OidcConfiguration {
+func NewOidcConfiguration(authorizationEndpoint string, deviceAuthorizationEndpoint string, idTokenSignedResponseAlg []string, idTokenSigningAlgValuesSupported []string, issuer string, jwksUri string, responseTypesSupported []string, subjectTypesSupported []string, tokenEndpoint string, userinfoSignedResponseAlg []string) *OidcConfiguration {
this := OidcConfiguration{}
this.AuthorizationEndpoint = authorizationEndpoint
+ this.DeviceAuthorizationEndpoint = deviceAuthorizationEndpoint
this.IdTokenSignedResponseAlg = idTokenSignedResponseAlg
this.IdTokenSigningAlgValuesSupported = idTokenSigningAlgValuesSupported
this.Issuer = issuer
@@ -133,7 +143,7 @@ func (o *OidcConfiguration) SetAuthorizationEndpoint(v string) {
// GetBackchannelLogoutSessionSupported returns the BackchannelLogoutSessionSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetBackchannelLogoutSessionSupported() bool {
- if o == nil || o.BackchannelLogoutSessionSupported == nil {
+ if o == nil || IsNil(o.BackchannelLogoutSessionSupported) {
var ret bool
return ret
}
@@ -143,7 +153,7 @@ func (o *OidcConfiguration) GetBackchannelLogoutSessionSupported() bool {
// GetBackchannelLogoutSessionSupportedOk returns a tuple with the BackchannelLogoutSessionSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetBackchannelLogoutSessionSupportedOk() (*bool, bool) {
- if o == nil || o.BackchannelLogoutSessionSupported == nil {
+ if o == nil || IsNil(o.BackchannelLogoutSessionSupported) {
return nil, false
}
return o.BackchannelLogoutSessionSupported, true
@@ -151,7 +161,7 @@ func (o *OidcConfiguration) GetBackchannelLogoutSessionSupportedOk() (*bool, boo
// HasBackchannelLogoutSessionSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasBackchannelLogoutSessionSupported() bool {
- if o != nil && o.BackchannelLogoutSessionSupported != nil {
+ if o != nil && !IsNil(o.BackchannelLogoutSessionSupported) {
return true
}
@@ -165,7 +175,7 @@ func (o *OidcConfiguration) SetBackchannelLogoutSessionSupported(v bool) {
// GetBackchannelLogoutSupported returns the BackchannelLogoutSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetBackchannelLogoutSupported() bool {
- if o == nil || o.BackchannelLogoutSupported == nil {
+ if o == nil || IsNil(o.BackchannelLogoutSupported) {
var ret bool
return ret
}
@@ -175,7 +185,7 @@ func (o *OidcConfiguration) GetBackchannelLogoutSupported() bool {
// GetBackchannelLogoutSupportedOk returns a tuple with the BackchannelLogoutSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetBackchannelLogoutSupportedOk() (*bool, bool) {
- if o == nil || o.BackchannelLogoutSupported == nil {
+ if o == nil || IsNil(o.BackchannelLogoutSupported) {
return nil, false
}
return o.BackchannelLogoutSupported, true
@@ -183,7 +193,7 @@ func (o *OidcConfiguration) GetBackchannelLogoutSupportedOk() (*bool, bool) {
// HasBackchannelLogoutSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasBackchannelLogoutSupported() bool {
- if o != nil && o.BackchannelLogoutSupported != nil {
+ if o != nil && !IsNil(o.BackchannelLogoutSupported) {
return true
}
@@ -197,7 +207,7 @@ func (o *OidcConfiguration) SetBackchannelLogoutSupported(v bool) {
// GetClaimsParameterSupported returns the ClaimsParameterSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetClaimsParameterSupported() bool {
- if o == nil || o.ClaimsParameterSupported == nil {
+ if o == nil || IsNil(o.ClaimsParameterSupported) {
var ret bool
return ret
}
@@ -207,7 +217,7 @@ func (o *OidcConfiguration) GetClaimsParameterSupported() bool {
// GetClaimsParameterSupportedOk returns a tuple with the ClaimsParameterSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetClaimsParameterSupportedOk() (*bool, bool) {
- if o == nil || o.ClaimsParameterSupported == nil {
+ if o == nil || IsNil(o.ClaimsParameterSupported) {
return nil, false
}
return o.ClaimsParameterSupported, true
@@ -215,7 +225,7 @@ func (o *OidcConfiguration) GetClaimsParameterSupportedOk() (*bool, bool) {
// HasClaimsParameterSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasClaimsParameterSupported() bool {
- if o != nil && o.ClaimsParameterSupported != nil {
+ if o != nil && !IsNil(o.ClaimsParameterSupported) {
return true
}
@@ -229,7 +239,7 @@ func (o *OidcConfiguration) SetClaimsParameterSupported(v bool) {
// GetClaimsSupported returns the ClaimsSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetClaimsSupported() []string {
- if o == nil || o.ClaimsSupported == nil {
+ if o == nil || IsNil(o.ClaimsSupported) {
var ret []string
return ret
}
@@ -239,7 +249,7 @@ func (o *OidcConfiguration) GetClaimsSupported() []string {
// GetClaimsSupportedOk returns a tuple with the ClaimsSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetClaimsSupportedOk() ([]string, bool) {
- if o == nil || o.ClaimsSupported == nil {
+ if o == nil || IsNil(o.ClaimsSupported) {
return nil, false
}
return o.ClaimsSupported, true
@@ -247,7 +257,7 @@ func (o *OidcConfiguration) GetClaimsSupportedOk() ([]string, bool) {
// HasClaimsSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasClaimsSupported() bool {
- if o != nil && o.ClaimsSupported != nil {
+ if o != nil && !IsNil(o.ClaimsSupported) {
return true
}
@@ -261,7 +271,7 @@ func (o *OidcConfiguration) SetClaimsSupported(v []string) {
// GetCodeChallengeMethodsSupported returns the CodeChallengeMethodsSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetCodeChallengeMethodsSupported() []string {
- if o == nil || o.CodeChallengeMethodsSupported == nil {
+ if o == nil || IsNil(o.CodeChallengeMethodsSupported) {
var ret []string
return ret
}
@@ -271,7 +281,7 @@ func (o *OidcConfiguration) GetCodeChallengeMethodsSupported() []string {
// GetCodeChallengeMethodsSupportedOk returns a tuple with the CodeChallengeMethodsSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetCodeChallengeMethodsSupportedOk() ([]string, bool) {
- if o == nil || o.CodeChallengeMethodsSupported == nil {
+ if o == nil || IsNil(o.CodeChallengeMethodsSupported) {
return nil, false
}
return o.CodeChallengeMethodsSupported, true
@@ -279,7 +289,7 @@ func (o *OidcConfiguration) GetCodeChallengeMethodsSupportedOk() ([]string, bool
// HasCodeChallengeMethodsSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasCodeChallengeMethodsSupported() bool {
- if o != nil && o.CodeChallengeMethodsSupported != nil {
+ if o != nil && !IsNil(o.CodeChallengeMethodsSupported) {
return true
}
@@ -293,7 +303,7 @@ func (o *OidcConfiguration) SetCodeChallengeMethodsSupported(v []string) {
// GetCredentialsEndpointDraft00 returns the CredentialsEndpointDraft00 field value if set, zero value otherwise.
func (o *OidcConfiguration) GetCredentialsEndpointDraft00() string {
- if o == nil || o.CredentialsEndpointDraft00 == nil {
+ if o == nil || IsNil(o.CredentialsEndpointDraft00) {
var ret string
return ret
}
@@ -303,7 +313,7 @@ func (o *OidcConfiguration) GetCredentialsEndpointDraft00() string {
// GetCredentialsEndpointDraft00Ok returns a tuple with the CredentialsEndpointDraft00 field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetCredentialsEndpointDraft00Ok() (*string, bool) {
- if o == nil || o.CredentialsEndpointDraft00 == nil {
+ if o == nil || IsNil(o.CredentialsEndpointDraft00) {
return nil, false
}
return o.CredentialsEndpointDraft00, true
@@ -311,7 +321,7 @@ func (o *OidcConfiguration) GetCredentialsEndpointDraft00Ok() (*string, bool) {
// HasCredentialsEndpointDraft00 returns a boolean if a field has been set.
func (o *OidcConfiguration) HasCredentialsEndpointDraft00() bool {
- if o != nil && o.CredentialsEndpointDraft00 != nil {
+ if o != nil && !IsNil(o.CredentialsEndpointDraft00) {
return true
}
@@ -325,7 +335,7 @@ func (o *OidcConfiguration) SetCredentialsEndpointDraft00(v string) {
// GetCredentialsSupportedDraft00 returns the CredentialsSupportedDraft00 field value if set, zero value otherwise.
func (o *OidcConfiguration) GetCredentialsSupportedDraft00() []CredentialSupportedDraft00 {
- if o == nil || o.CredentialsSupportedDraft00 == nil {
+ if o == nil || IsNil(o.CredentialsSupportedDraft00) {
var ret []CredentialSupportedDraft00
return ret
}
@@ -335,7 +345,7 @@ func (o *OidcConfiguration) GetCredentialsSupportedDraft00() []CredentialSupport
// GetCredentialsSupportedDraft00Ok returns a tuple with the CredentialsSupportedDraft00 field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetCredentialsSupportedDraft00Ok() ([]CredentialSupportedDraft00, bool) {
- if o == nil || o.CredentialsSupportedDraft00 == nil {
+ if o == nil || IsNil(o.CredentialsSupportedDraft00) {
return nil, false
}
return o.CredentialsSupportedDraft00, true
@@ -343,7 +353,7 @@ func (o *OidcConfiguration) GetCredentialsSupportedDraft00Ok() ([]CredentialSupp
// HasCredentialsSupportedDraft00 returns a boolean if a field has been set.
func (o *OidcConfiguration) HasCredentialsSupportedDraft00() bool {
- if o != nil && o.CredentialsSupportedDraft00 != nil {
+ if o != nil && !IsNil(o.CredentialsSupportedDraft00) {
return true
}
@@ -355,9 +365,33 @@ func (o *OidcConfiguration) SetCredentialsSupportedDraft00(v []CredentialSupport
o.CredentialsSupportedDraft00 = v
}
+// GetDeviceAuthorizationEndpoint returns the DeviceAuthorizationEndpoint field value
+func (o *OidcConfiguration) GetDeviceAuthorizationEndpoint() string {
+ if o == nil {
+ var ret string
+ return ret
+ }
+
+ return o.DeviceAuthorizationEndpoint
+}
+
+// GetDeviceAuthorizationEndpointOk returns a tuple with the DeviceAuthorizationEndpoint field value
+// and a boolean to check if the value has been set.
+func (o *OidcConfiguration) GetDeviceAuthorizationEndpointOk() (*string, bool) {
+ if o == nil {
+ return nil, false
+ }
+ return &o.DeviceAuthorizationEndpoint, true
+}
+
+// SetDeviceAuthorizationEndpoint sets field value
+func (o *OidcConfiguration) SetDeviceAuthorizationEndpoint(v string) {
+ o.DeviceAuthorizationEndpoint = v
+}
+
// GetEndSessionEndpoint returns the EndSessionEndpoint field value if set, zero value otherwise.
func (o *OidcConfiguration) GetEndSessionEndpoint() string {
- if o == nil || o.EndSessionEndpoint == nil {
+ if o == nil || IsNil(o.EndSessionEndpoint) {
var ret string
return ret
}
@@ -367,7 +401,7 @@ func (o *OidcConfiguration) GetEndSessionEndpoint() string {
// GetEndSessionEndpointOk returns a tuple with the EndSessionEndpoint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetEndSessionEndpointOk() (*string, bool) {
- if o == nil || o.EndSessionEndpoint == nil {
+ if o == nil || IsNil(o.EndSessionEndpoint) {
return nil, false
}
return o.EndSessionEndpoint, true
@@ -375,7 +409,7 @@ func (o *OidcConfiguration) GetEndSessionEndpointOk() (*string, bool) {
// HasEndSessionEndpoint returns a boolean if a field has been set.
func (o *OidcConfiguration) HasEndSessionEndpoint() bool {
- if o != nil && o.EndSessionEndpoint != nil {
+ if o != nil && !IsNil(o.EndSessionEndpoint) {
return true
}
@@ -389,7 +423,7 @@ func (o *OidcConfiguration) SetEndSessionEndpoint(v string) {
// GetFrontchannelLogoutSessionSupported returns the FrontchannelLogoutSessionSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetFrontchannelLogoutSessionSupported() bool {
- if o == nil || o.FrontchannelLogoutSessionSupported == nil {
+ if o == nil || IsNil(o.FrontchannelLogoutSessionSupported) {
var ret bool
return ret
}
@@ -399,7 +433,7 @@ func (o *OidcConfiguration) GetFrontchannelLogoutSessionSupported() bool {
// GetFrontchannelLogoutSessionSupportedOk returns a tuple with the FrontchannelLogoutSessionSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetFrontchannelLogoutSessionSupportedOk() (*bool, bool) {
- if o == nil || o.FrontchannelLogoutSessionSupported == nil {
+ if o == nil || IsNil(o.FrontchannelLogoutSessionSupported) {
return nil, false
}
return o.FrontchannelLogoutSessionSupported, true
@@ -407,7 +441,7 @@ func (o *OidcConfiguration) GetFrontchannelLogoutSessionSupportedOk() (*bool, bo
// HasFrontchannelLogoutSessionSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasFrontchannelLogoutSessionSupported() bool {
- if o != nil && o.FrontchannelLogoutSessionSupported != nil {
+ if o != nil && !IsNil(o.FrontchannelLogoutSessionSupported) {
return true
}
@@ -421,7 +455,7 @@ func (o *OidcConfiguration) SetFrontchannelLogoutSessionSupported(v bool) {
// GetFrontchannelLogoutSupported returns the FrontchannelLogoutSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetFrontchannelLogoutSupported() bool {
- if o == nil || o.FrontchannelLogoutSupported == nil {
+ if o == nil || IsNil(o.FrontchannelLogoutSupported) {
var ret bool
return ret
}
@@ -431,7 +465,7 @@ func (o *OidcConfiguration) GetFrontchannelLogoutSupported() bool {
// GetFrontchannelLogoutSupportedOk returns a tuple with the FrontchannelLogoutSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetFrontchannelLogoutSupportedOk() (*bool, bool) {
- if o == nil || o.FrontchannelLogoutSupported == nil {
+ if o == nil || IsNil(o.FrontchannelLogoutSupported) {
return nil, false
}
return o.FrontchannelLogoutSupported, true
@@ -439,7 +473,7 @@ func (o *OidcConfiguration) GetFrontchannelLogoutSupportedOk() (*bool, bool) {
// HasFrontchannelLogoutSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasFrontchannelLogoutSupported() bool {
- if o != nil && o.FrontchannelLogoutSupported != nil {
+ if o != nil && !IsNil(o.FrontchannelLogoutSupported) {
return true
}
@@ -453,7 +487,7 @@ func (o *OidcConfiguration) SetFrontchannelLogoutSupported(v bool) {
// GetGrantTypesSupported returns the GrantTypesSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetGrantTypesSupported() []string {
- if o == nil || o.GrantTypesSupported == nil {
+ if o == nil || IsNil(o.GrantTypesSupported) {
var ret []string
return ret
}
@@ -463,7 +497,7 @@ func (o *OidcConfiguration) GetGrantTypesSupported() []string {
// GetGrantTypesSupportedOk returns a tuple with the GrantTypesSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetGrantTypesSupportedOk() ([]string, bool) {
- if o == nil || o.GrantTypesSupported == nil {
+ if o == nil || IsNil(o.GrantTypesSupported) {
return nil, false
}
return o.GrantTypesSupported, true
@@ -471,7 +505,7 @@ func (o *OidcConfiguration) GetGrantTypesSupportedOk() ([]string, bool) {
// HasGrantTypesSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasGrantTypesSupported() bool {
- if o != nil && o.GrantTypesSupported != nil {
+ if o != nil && !IsNil(o.GrantTypesSupported) {
return true
}
@@ -581,7 +615,7 @@ func (o *OidcConfiguration) SetJwksUri(v string) {
// GetRegistrationEndpoint returns the RegistrationEndpoint field value if set, zero value otherwise.
func (o *OidcConfiguration) GetRegistrationEndpoint() string {
- if o == nil || o.RegistrationEndpoint == nil {
+ if o == nil || IsNil(o.RegistrationEndpoint) {
var ret string
return ret
}
@@ -591,7 +625,7 @@ func (o *OidcConfiguration) GetRegistrationEndpoint() string {
// GetRegistrationEndpointOk returns a tuple with the RegistrationEndpoint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetRegistrationEndpointOk() (*string, bool) {
- if o == nil || o.RegistrationEndpoint == nil {
+ if o == nil || IsNil(o.RegistrationEndpoint) {
return nil, false
}
return o.RegistrationEndpoint, true
@@ -599,7 +633,7 @@ func (o *OidcConfiguration) GetRegistrationEndpointOk() (*string, bool) {
// HasRegistrationEndpoint returns a boolean if a field has been set.
func (o *OidcConfiguration) HasRegistrationEndpoint() bool {
- if o != nil && o.RegistrationEndpoint != nil {
+ if o != nil && !IsNil(o.RegistrationEndpoint) {
return true
}
@@ -613,7 +647,7 @@ func (o *OidcConfiguration) SetRegistrationEndpoint(v string) {
// GetRequestObjectSigningAlgValuesSupported returns the RequestObjectSigningAlgValuesSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetRequestObjectSigningAlgValuesSupported() []string {
- if o == nil || o.RequestObjectSigningAlgValuesSupported == nil {
+ if o == nil || IsNil(o.RequestObjectSigningAlgValuesSupported) {
var ret []string
return ret
}
@@ -623,7 +657,7 @@ func (o *OidcConfiguration) GetRequestObjectSigningAlgValuesSupported() []string
// GetRequestObjectSigningAlgValuesSupportedOk returns a tuple with the RequestObjectSigningAlgValuesSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetRequestObjectSigningAlgValuesSupportedOk() ([]string, bool) {
- if o == nil || o.RequestObjectSigningAlgValuesSupported == nil {
+ if o == nil || IsNil(o.RequestObjectSigningAlgValuesSupported) {
return nil, false
}
return o.RequestObjectSigningAlgValuesSupported, true
@@ -631,7 +665,7 @@ func (o *OidcConfiguration) GetRequestObjectSigningAlgValuesSupportedOk() ([]str
// HasRequestObjectSigningAlgValuesSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasRequestObjectSigningAlgValuesSupported() bool {
- if o != nil && o.RequestObjectSigningAlgValuesSupported != nil {
+ if o != nil && !IsNil(o.RequestObjectSigningAlgValuesSupported) {
return true
}
@@ -645,7 +679,7 @@ func (o *OidcConfiguration) SetRequestObjectSigningAlgValuesSupported(v []string
// GetRequestParameterSupported returns the RequestParameterSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetRequestParameterSupported() bool {
- if o == nil || o.RequestParameterSupported == nil {
+ if o == nil || IsNil(o.RequestParameterSupported) {
var ret bool
return ret
}
@@ -655,7 +689,7 @@ func (o *OidcConfiguration) GetRequestParameterSupported() bool {
// GetRequestParameterSupportedOk returns a tuple with the RequestParameterSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetRequestParameterSupportedOk() (*bool, bool) {
- if o == nil || o.RequestParameterSupported == nil {
+ if o == nil || IsNil(o.RequestParameterSupported) {
return nil, false
}
return o.RequestParameterSupported, true
@@ -663,7 +697,7 @@ func (o *OidcConfiguration) GetRequestParameterSupportedOk() (*bool, bool) {
// HasRequestParameterSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasRequestParameterSupported() bool {
- if o != nil && o.RequestParameterSupported != nil {
+ if o != nil && !IsNil(o.RequestParameterSupported) {
return true
}
@@ -677,7 +711,7 @@ func (o *OidcConfiguration) SetRequestParameterSupported(v bool) {
// GetRequestUriParameterSupported returns the RequestUriParameterSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetRequestUriParameterSupported() bool {
- if o == nil || o.RequestUriParameterSupported == nil {
+ if o == nil || IsNil(o.RequestUriParameterSupported) {
var ret bool
return ret
}
@@ -687,7 +721,7 @@ func (o *OidcConfiguration) GetRequestUriParameterSupported() bool {
// GetRequestUriParameterSupportedOk returns a tuple with the RequestUriParameterSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetRequestUriParameterSupportedOk() (*bool, bool) {
- if o == nil || o.RequestUriParameterSupported == nil {
+ if o == nil || IsNil(o.RequestUriParameterSupported) {
return nil, false
}
return o.RequestUriParameterSupported, true
@@ -695,7 +729,7 @@ func (o *OidcConfiguration) GetRequestUriParameterSupportedOk() (*bool, bool) {
// HasRequestUriParameterSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasRequestUriParameterSupported() bool {
- if o != nil && o.RequestUriParameterSupported != nil {
+ if o != nil && !IsNil(o.RequestUriParameterSupported) {
return true
}
@@ -709,7 +743,7 @@ func (o *OidcConfiguration) SetRequestUriParameterSupported(v bool) {
// GetRequireRequestUriRegistration returns the RequireRequestUriRegistration field value if set, zero value otherwise.
func (o *OidcConfiguration) GetRequireRequestUriRegistration() bool {
- if o == nil || o.RequireRequestUriRegistration == nil {
+ if o == nil || IsNil(o.RequireRequestUriRegistration) {
var ret bool
return ret
}
@@ -719,7 +753,7 @@ func (o *OidcConfiguration) GetRequireRequestUriRegistration() bool {
// GetRequireRequestUriRegistrationOk returns a tuple with the RequireRequestUriRegistration field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetRequireRequestUriRegistrationOk() (*bool, bool) {
- if o == nil || o.RequireRequestUriRegistration == nil {
+ if o == nil || IsNil(o.RequireRequestUriRegistration) {
return nil, false
}
return o.RequireRequestUriRegistration, true
@@ -727,7 +761,7 @@ func (o *OidcConfiguration) GetRequireRequestUriRegistrationOk() (*bool, bool) {
// HasRequireRequestUriRegistration returns a boolean if a field has been set.
func (o *OidcConfiguration) HasRequireRequestUriRegistration() bool {
- if o != nil && o.RequireRequestUriRegistration != nil {
+ if o != nil && !IsNil(o.RequireRequestUriRegistration) {
return true
}
@@ -741,7 +775,7 @@ func (o *OidcConfiguration) SetRequireRequestUriRegistration(v bool) {
// GetResponseModesSupported returns the ResponseModesSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetResponseModesSupported() []string {
- if o == nil || o.ResponseModesSupported == nil {
+ if o == nil || IsNil(o.ResponseModesSupported) {
var ret []string
return ret
}
@@ -751,7 +785,7 @@ func (o *OidcConfiguration) GetResponseModesSupported() []string {
// GetResponseModesSupportedOk returns a tuple with the ResponseModesSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetResponseModesSupportedOk() ([]string, bool) {
- if o == nil || o.ResponseModesSupported == nil {
+ if o == nil || IsNil(o.ResponseModesSupported) {
return nil, false
}
return o.ResponseModesSupported, true
@@ -759,7 +793,7 @@ func (o *OidcConfiguration) GetResponseModesSupportedOk() ([]string, bool) {
// HasResponseModesSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasResponseModesSupported() bool {
- if o != nil && o.ResponseModesSupported != nil {
+ if o != nil && !IsNil(o.ResponseModesSupported) {
return true
}
@@ -797,7 +831,7 @@ func (o *OidcConfiguration) SetResponseTypesSupported(v []string) {
// GetRevocationEndpoint returns the RevocationEndpoint field value if set, zero value otherwise.
func (o *OidcConfiguration) GetRevocationEndpoint() string {
- if o == nil || o.RevocationEndpoint == nil {
+ if o == nil || IsNil(o.RevocationEndpoint) {
var ret string
return ret
}
@@ -807,7 +841,7 @@ func (o *OidcConfiguration) GetRevocationEndpoint() string {
// GetRevocationEndpointOk returns a tuple with the RevocationEndpoint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetRevocationEndpointOk() (*string, bool) {
- if o == nil || o.RevocationEndpoint == nil {
+ if o == nil || IsNil(o.RevocationEndpoint) {
return nil, false
}
return o.RevocationEndpoint, true
@@ -815,7 +849,7 @@ func (o *OidcConfiguration) GetRevocationEndpointOk() (*string, bool) {
// HasRevocationEndpoint returns a boolean if a field has been set.
func (o *OidcConfiguration) HasRevocationEndpoint() bool {
- if o != nil && o.RevocationEndpoint != nil {
+ if o != nil && !IsNil(o.RevocationEndpoint) {
return true
}
@@ -829,7 +863,7 @@ func (o *OidcConfiguration) SetRevocationEndpoint(v string) {
// GetScopesSupported returns the ScopesSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetScopesSupported() []string {
- if o == nil || o.ScopesSupported == nil {
+ if o == nil || IsNil(o.ScopesSupported) {
var ret []string
return ret
}
@@ -839,7 +873,7 @@ func (o *OidcConfiguration) GetScopesSupported() []string {
// GetScopesSupportedOk returns a tuple with the ScopesSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetScopesSupportedOk() ([]string, bool) {
- if o == nil || o.ScopesSupported == nil {
+ if o == nil || IsNil(o.ScopesSupported) {
return nil, false
}
return o.ScopesSupported, true
@@ -847,7 +881,7 @@ func (o *OidcConfiguration) GetScopesSupportedOk() ([]string, bool) {
// HasScopesSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasScopesSupported() bool {
- if o != nil && o.ScopesSupported != nil {
+ if o != nil && !IsNil(o.ScopesSupported) {
return true
}
@@ -909,7 +943,7 @@ func (o *OidcConfiguration) SetTokenEndpoint(v string) {
// GetTokenEndpointAuthMethodsSupported returns the TokenEndpointAuthMethodsSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetTokenEndpointAuthMethodsSupported() []string {
- if o == nil || o.TokenEndpointAuthMethodsSupported == nil {
+ if o == nil || IsNil(o.TokenEndpointAuthMethodsSupported) {
var ret []string
return ret
}
@@ -919,7 +953,7 @@ func (o *OidcConfiguration) GetTokenEndpointAuthMethodsSupported() []string {
// GetTokenEndpointAuthMethodsSupportedOk returns a tuple with the TokenEndpointAuthMethodsSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetTokenEndpointAuthMethodsSupportedOk() ([]string, bool) {
- if o == nil || o.TokenEndpointAuthMethodsSupported == nil {
+ if o == nil || IsNil(o.TokenEndpointAuthMethodsSupported) {
return nil, false
}
return o.TokenEndpointAuthMethodsSupported, true
@@ -927,7 +961,7 @@ func (o *OidcConfiguration) GetTokenEndpointAuthMethodsSupportedOk() ([]string,
// HasTokenEndpointAuthMethodsSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasTokenEndpointAuthMethodsSupported() bool {
- if o != nil && o.TokenEndpointAuthMethodsSupported != nil {
+ if o != nil && !IsNil(o.TokenEndpointAuthMethodsSupported) {
return true
}
@@ -941,7 +975,7 @@ func (o *OidcConfiguration) SetTokenEndpointAuthMethodsSupported(v []string) {
// GetUserinfoEndpoint returns the UserinfoEndpoint field value if set, zero value otherwise.
func (o *OidcConfiguration) GetUserinfoEndpoint() string {
- if o == nil || o.UserinfoEndpoint == nil {
+ if o == nil || IsNil(o.UserinfoEndpoint) {
var ret string
return ret
}
@@ -951,7 +985,7 @@ func (o *OidcConfiguration) GetUserinfoEndpoint() string {
// GetUserinfoEndpointOk returns a tuple with the UserinfoEndpoint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetUserinfoEndpointOk() (*string, bool) {
- if o == nil || o.UserinfoEndpoint == nil {
+ if o == nil || IsNil(o.UserinfoEndpoint) {
return nil, false
}
return o.UserinfoEndpoint, true
@@ -959,7 +993,7 @@ func (o *OidcConfiguration) GetUserinfoEndpointOk() (*string, bool) {
// HasUserinfoEndpoint returns a boolean if a field has been set.
func (o *OidcConfiguration) HasUserinfoEndpoint() bool {
- if o != nil && o.UserinfoEndpoint != nil {
+ if o != nil && !IsNil(o.UserinfoEndpoint) {
return true
}
@@ -997,7 +1031,7 @@ func (o *OidcConfiguration) SetUserinfoSignedResponseAlg(v []string) {
// GetUserinfoSigningAlgValuesSupported returns the UserinfoSigningAlgValuesSupported field value if set, zero value otherwise.
func (o *OidcConfiguration) GetUserinfoSigningAlgValuesSupported() []string {
- if o == nil || o.UserinfoSigningAlgValuesSupported == nil {
+ if o == nil || IsNil(o.UserinfoSigningAlgValuesSupported) {
var ret []string
return ret
}
@@ -1007,7 +1041,7 @@ func (o *OidcConfiguration) GetUserinfoSigningAlgValuesSupported() []string {
// GetUserinfoSigningAlgValuesSupportedOk returns a tuple with the UserinfoSigningAlgValuesSupported field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcConfiguration) GetUserinfoSigningAlgValuesSupportedOk() ([]string, bool) {
- if o == nil || o.UserinfoSigningAlgValuesSupported == nil {
+ if o == nil || IsNil(o.UserinfoSigningAlgValuesSupported) {
return nil, false
}
return o.UserinfoSigningAlgValuesSupported, true
@@ -1015,7 +1049,7 @@ func (o *OidcConfiguration) GetUserinfoSigningAlgValuesSupportedOk() ([]string,
// HasUserinfoSigningAlgValuesSupported returns a boolean if a field has been set.
func (o *OidcConfiguration) HasUserinfoSigningAlgValuesSupported() bool {
- if o != nil && o.UserinfoSigningAlgValuesSupported != nil {
+ if o != nil && !IsNil(o.UserinfoSigningAlgValuesSupported) {
return true
}
@@ -1028,101 +1062,138 @@ func (o *OidcConfiguration) SetUserinfoSigningAlgValuesSupported(v []string) {
}
func (o OidcConfiguration) MarshalJSON() ([]byte, error) {
- toSerialize := map[string]interface{}{}
- if true {
- toSerialize["authorization_endpoint"] = o.AuthorizationEndpoint
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
}
- if o.BackchannelLogoutSessionSupported != nil {
+ return json.Marshal(toSerialize)
+}
+
+func (o OidcConfiguration) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ toSerialize["authorization_endpoint"] = o.AuthorizationEndpoint
+ if !IsNil(o.BackchannelLogoutSessionSupported) {
toSerialize["backchannel_logout_session_supported"] = o.BackchannelLogoutSessionSupported
}
- if o.BackchannelLogoutSupported != nil {
+ if !IsNil(o.BackchannelLogoutSupported) {
toSerialize["backchannel_logout_supported"] = o.BackchannelLogoutSupported
}
- if o.ClaimsParameterSupported != nil {
+ if !IsNil(o.ClaimsParameterSupported) {
toSerialize["claims_parameter_supported"] = o.ClaimsParameterSupported
}
- if o.ClaimsSupported != nil {
+ if !IsNil(o.ClaimsSupported) {
toSerialize["claims_supported"] = o.ClaimsSupported
}
- if o.CodeChallengeMethodsSupported != nil {
+ if !IsNil(o.CodeChallengeMethodsSupported) {
toSerialize["code_challenge_methods_supported"] = o.CodeChallengeMethodsSupported
}
- if o.CredentialsEndpointDraft00 != nil {
+ if !IsNil(o.CredentialsEndpointDraft00) {
toSerialize["credentials_endpoint_draft_00"] = o.CredentialsEndpointDraft00
}
- if o.CredentialsSupportedDraft00 != nil {
+ if !IsNil(o.CredentialsSupportedDraft00) {
toSerialize["credentials_supported_draft_00"] = o.CredentialsSupportedDraft00
}
- if o.EndSessionEndpoint != nil {
+ toSerialize["device_authorization_endpoint"] = o.DeviceAuthorizationEndpoint
+ if !IsNil(o.EndSessionEndpoint) {
toSerialize["end_session_endpoint"] = o.EndSessionEndpoint
}
- if o.FrontchannelLogoutSessionSupported != nil {
+ if !IsNil(o.FrontchannelLogoutSessionSupported) {
toSerialize["frontchannel_logout_session_supported"] = o.FrontchannelLogoutSessionSupported
}
- if o.FrontchannelLogoutSupported != nil {
+ if !IsNil(o.FrontchannelLogoutSupported) {
toSerialize["frontchannel_logout_supported"] = o.FrontchannelLogoutSupported
}
- if o.GrantTypesSupported != nil {
+ if !IsNil(o.GrantTypesSupported) {
toSerialize["grant_types_supported"] = o.GrantTypesSupported
}
- if true {
- toSerialize["id_token_signed_response_alg"] = o.IdTokenSignedResponseAlg
- }
- if true {
- toSerialize["id_token_signing_alg_values_supported"] = o.IdTokenSigningAlgValuesSupported
- }
- if true {
- toSerialize["issuer"] = o.Issuer
- }
- if true {
- toSerialize["jwks_uri"] = o.JwksUri
- }
- if o.RegistrationEndpoint != nil {
+ toSerialize["id_token_signed_response_alg"] = o.IdTokenSignedResponseAlg
+ toSerialize["id_token_signing_alg_values_supported"] = o.IdTokenSigningAlgValuesSupported
+ toSerialize["issuer"] = o.Issuer
+ toSerialize["jwks_uri"] = o.JwksUri
+ if !IsNil(o.RegistrationEndpoint) {
toSerialize["registration_endpoint"] = o.RegistrationEndpoint
}
- if o.RequestObjectSigningAlgValuesSupported != nil {
+ if !IsNil(o.RequestObjectSigningAlgValuesSupported) {
toSerialize["request_object_signing_alg_values_supported"] = o.RequestObjectSigningAlgValuesSupported
}
- if o.RequestParameterSupported != nil {
+ if !IsNil(o.RequestParameterSupported) {
toSerialize["request_parameter_supported"] = o.RequestParameterSupported
}
- if o.RequestUriParameterSupported != nil {
+ if !IsNil(o.RequestUriParameterSupported) {
toSerialize["request_uri_parameter_supported"] = o.RequestUriParameterSupported
}
- if o.RequireRequestUriRegistration != nil {
+ if !IsNil(o.RequireRequestUriRegistration) {
toSerialize["require_request_uri_registration"] = o.RequireRequestUriRegistration
}
- if o.ResponseModesSupported != nil {
+ if !IsNil(o.ResponseModesSupported) {
toSerialize["response_modes_supported"] = o.ResponseModesSupported
}
- if true {
- toSerialize["response_types_supported"] = o.ResponseTypesSupported
- }
- if o.RevocationEndpoint != nil {
+ toSerialize["response_types_supported"] = o.ResponseTypesSupported
+ if !IsNil(o.RevocationEndpoint) {
toSerialize["revocation_endpoint"] = o.RevocationEndpoint
}
- if o.ScopesSupported != nil {
+ if !IsNil(o.ScopesSupported) {
toSerialize["scopes_supported"] = o.ScopesSupported
}
- if true {
- toSerialize["subject_types_supported"] = o.SubjectTypesSupported
- }
- if true {
- toSerialize["token_endpoint"] = o.TokenEndpoint
- }
- if o.TokenEndpointAuthMethodsSupported != nil {
+ toSerialize["subject_types_supported"] = o.SubjectTypesSupported
+ toSerialize["token_endpoint"] = o.TokenEndpoint
+ if !IsNil(o.TokenEndpointAuthMethodsSupported) {
toSerialize["token_endpoint_auth_methods_supported"] = o.TokenEndpointAuthMethodsSupported
}
- if o.UserinfoEndpoint != nil {
+ if !IsNil(o.UserinfoEndpoint) {
toSerialize["userinfo_endpoint"] = o.UserinfoEndpoint
}
- if true {
- toSerialize["userinfo_signed_response_alg"] = o.UserinfoSignedResponseAlg
- }
- if o.UserinfoSigningAlgValuesSupported != nil {
+ toSerialize["userinfo_signed_response_alg"] = o.UserinfoSignedResponseAlg
+ if !IsNil(o.UserinfoSigningAlgValuesSupported) {
toSerialize["userinfo_signing_alg_values_supported"] = o.UserinfoSigningAlgValuesSupported
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
+}
+
+func (o *OidcConfiguration) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "authorization_endpoint",
+ "device_authorization_endpoint",
+ "id_token_signed_response_alg",
+ "id_token_signing_alg_values_supported",
+ "issuer",
+ "jwks_uri",
+ "response_types_supported",
+ "subject_types_supported",
+ "token_endpoint",
+ "userinfo_signed_response_alg",
+ }
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
+ }
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
+ }
+
+ varOidcConfiguration := _OidcConfiguration{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varOidcConfiguration)
+
+ if err != nil {
+ return err
+ }
+
+ *o = OidcConfiguration(varOidcConfiguration)
+
+ return err
}
type NullableOidcConfiguration struct {
diff --git a/internal/httpclient/model_oidc_user_info.go b/internal/httpclient/model_oidc_user_info.go
index f1b942a7b6e..d6a08aedfe8 100644
--- a/internal/httpclient/model_oidc_user_info.go
+++ b/internal/httpclient/model_oidc_user_info.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the OidcUserInfo type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &OidcUserInfo{}
+
// OidcUserInfo OpenID Connect Userinfo
type OidcUserInfo struct {
// End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.
@@ -76,7 +79,7 @@ func NewOidcUserInfoWithDefaults() *OidcUserInfo {
// GetBirthdate returns the Birthdate field value if set, zero value otherwise.
func (o *OidcUserInfo) GetBirthdate() string {
- if o == nil || o.Birthdate == nil {
+ if o == nil || IsNil(o.Birthdate) {
var ret string
return ret
}
@@ -86,7 +89,7 @@ func (o *OidcUserInfo) GetBirthdate() string {
// GetBirthdateOk returns a tuple with the Birthdate field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetBirthdateOk() (*string, bool) {
- if o == nil || o.Birthdate == nil {
+ if o == nil || IsNil(o.Birthdate) {
return nil, false
}
return o.Birthdate, true
@@ -94,7 +97,7 @@ func (o *OidcUserInfo) GetBirthdateOk() (*string, bool) {
// HasBirthdate returns a boolean if a field has been set.
func (o *OidcUserInfo) HasBirthdate() bool {
- if o != nil && o.Birthdate != nil {
+ if o != nil && !IsNil(o.Birthdate) {
return true
}
@@ -108,7 +111,7 @@ func (o *OidcUserInfo) SetBirthdate(v string) {
// GetEmail returns the Email field value if set, zero value otherwise.
func (o *OidcUserInfo) GetEmail() string {
- if o == nil || o.Email == nil {
+ if o == nil || IsNil(o.Email) {
var ret string
return ret
}
@@ -118,7 +121,7 @@ func (o *OidcUserInfo) GetEmail() string {
// GetEmailOk returns a tuple with the Email field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetEmailOk() (*string, bool) {
- if o == nil || o.Email == nil {
+ if o == nil || IsNil(o.Email) {
return nil, false
}
return o.Email, true
@@ -126,7 +129,7 @@ func (o *OidcUserInfo) GetEmailOk() (*string, bool) {
// HasEmail returns a boolean if a field has been set.
func (o *OidcUserInfo) HasEmail() bool {
- if o != nil && o.Email != nil {
+ if o != nil && !IsNil(o.Email) {
return true
}
@@ -140,7 +143,7 @@ func (o *OidcUserInfo) SetEmail(v string) {
// GetEmailVerified returns the EmailVerified field value if set, zero value otherwise.
func (o *OidcUserInfo) GetEmailVerified() bool {
- if o == nil || o.EmailVerified == nil {
+ if o == nil || IsNil(o.EmailVerified) {
var ret bool
return ret
}
@@ -150,7 +153,7 @@ func (o *OidcUserInfo) GetEmailVerified() bool {
// GetEmailVerifiedOk returns a tuple with the EmailVerified field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetEmailVerifiedOk() (*bool, bool) {
- if o == nil || o.EmailVerified == nil {
+ if o == nil || IsNil(o.EmailVerified) {
return nil, false
}
return o.EmailVerified, true
@@ -158,7 +161,7 @@ func (o *OidcUserInfo) GetEmailVerifiedOk() (*bool, bool) {
// HasEmailVerified returns a boolean if a field has been set.
func (o *OidcUserInfo) HasEmailVerified() bool {
- if o != nil && o.EmailVerified != nil {
+ if o != nil && !IsNil(o.EmailVerified) {
return true
}
@@ -172,7 +175,7 @@ func (o *OidcUserInfo) SetEmailVerified(v bool) {
// GetFamilyName returns the FamilyName field value if set, zero value otherwise.
func (o *OidcUserInfo) GetFamilyName() string {
- if o == nil || o.FamilyName == nil {
+ if o == nil || IsNil(o.FamilyName) {
var ret string
return ret
}
@@ -182,7 +185,7 @@ func (o *OidcUserInfo) GetFamilyName() string {
// GetFamilyNameOk returns a tuple with the FamilyName field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetFamilyNameOk() (*string, bool) {
- if o == nil || o.FamilyName == nil {
+ if o == nil || IsNil(o.FamilyName) {
return nil, false
}
return o.FamilyName, true
@@ -190,7 +193,7 @@ func (o *OidcUserInfo) GetFamilyNameOk() (*string, bool) {
// HasFamilyName returns a boolean if a field has been set.
func (o *OidcUserInfo) HasFamilyName() bool {
- if o != nil && o.FamilyName != nil {
+ if o != nil && !IsNil(o.FamilyName) {
return true
}
@@ -204,7 +207,7 @@ func (o *OidcUserInfo) SetFamilyName(v string) {
// GetGender returns the Gender field value if set, zero value otherwise.
func (o *OidcUserInfo) GetGender() string {
- if o == nil || o.Gender == nil {
+ if o == nil || IsNil(o.Gender) {
var ret string
return ret
}
@@ -214,7 +217,7 @@ func (o *OidcUserInfo) GetGender() string {
// GetGenderOk returns a tuple with the Gender field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetGenderOk() (*string, bool) {
- if o == nil || o.Gender == nil {
+ if o == nil || IsNil(o.Gender) {
return nil, false
}
return o.Gender, true
@@ -222,7 +225,7 @@ func (o *OidcUserInfo) GetGenderOk() (*string, bool) {
// HasGender returns a boolean if a field has been set.
func (o *OidcUserInfo) HasGender() bool {
- if o != nil && o.Gender != nil {
+ if o != nil && !IsNil(o.Gender) {
return true
}
@@ -236,7 +239,7 @@ func (o *OidcUserInfo) SetGender(v string) {
// GetGivenName returns the GivenName field value if set, zero value otherwise.
func (o *OidcUserInfo) GetGivenName() string {
- if o == nil || o.GivenName == nil {
+ if o == nil || IsNil(o.GivenName) {
var ret string
return ret
}
@@ -246,7 +249,7 @@ func (o *OidcUserInfo) GetGivenName() string {
// GetGivenNameOk returns a tuple with the GivenName field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetGivenNameOk() (*string, bool) {
- if o == nil || o.GivenName == nil {
+ if o == nil || IsNil(o.GivenName) {
return nil, false
}
return o.GivenName, true
@@ -254,7 +257,7 @@ func (o *OidcUserInfo) GetGivenNameOk() (*string, bool) {
// HasGivenName returns a boolean if a field has been set.
func (o *OidcUserInfo) HasGivenName() bool {
- if o != nil && o.GivenName != nil {
+ if o != nil && !IsNil(o.GivenName) {
return true
}
@@ -268,7 +271,7 @@ func (o *OidcUserInfo) SetGivenName(v string) {
// GetLocale returns the Locale field value if set, zero value otherwise.
func (o *OidcUserInfo) GetLocale() string {
- if o == nil || o.Locale == nil {
+ if o == nil || IsNil(o.Locale) {
var ret string
return ret
}
@@ -278,7 +281,7 @@ func (o *OidcUserInfo) GetLocale() string {
// GetLocaleOk returns a tuple with the Locale field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetLocaleOk() (*string, bool) {
- if o == nil || o.Locale == nil {
+ if o == nil || IsNil(o.Locale) {
return nil, false
}
return o.Locale, true
@@ -286,7 +289,7 @@ func (o *OidcUserInfo) GetLocaleOk() (*string, bool) {
// HasLocale returns a boolean if a field has been set.
func (o *OidcUserInfo) HasLocale() bool {
- if o != nil && o.Locale != nil {
+ if o != nil && !IsNil(o.Locale) {
return true
}
@@ -300,7 +303,7 @@ func (o *OidcUserInfo) SetLocale(v string) {
// GetMiddleName returns the MiddleName field value if set, zero value otherwise.
func (o *OidcUserInfo) GetMiddleName() string {
- if o == nil || o.MiddleName == nil {
+ if o == nil || IsNil(o.MiddleName) {
var ret string
return ret
}
@@ -310,7 +313,7 @@ func (o *OidcUserInfo) GetMiddleName() string {
// GetMiddleNameOk returns a tuple with the MiddleName field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetMiddleNameOk() (*string, bool) {
- if o == nil || o.MiddleName == nil {
+ if o == nil || IsNil(o.MiddleName) {
return nil, false
}
return o.MiddleName, true
@@ -318,7 +321,7 @@ func (o *OidcUserInfo) GetMiddleNameOk() (*string, bool) {
// HasMiddleName returns a boolean if a field has been set.
func (o *OidcUserInfo) HasMiddleName() bool {
- if o != nil && o.MiddleName != nil {
+ if o != nil && !IsNil(o.MiddleName) {
return true
}
@@ -332,7 +335,7 @@ func (o *OidcUserInfo) SetMiddleName(v string) {
// GetName returns the Name field value if set, zero value otherwise.
func (o *OidcUserInfo) GetName() string {
- if o == nil || o.Name == nil {
+ if o == nil || IsNil(o.Name) {
var ret string
return ret
}
@@ -342,7 +345,7 @@ func (o *OidcUserInfo) GetName() string {
// GetNameOk returns a tuple with the Name field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetNameOk() (*string, bool) {
- if o == nil || o.Name == nil {
+ if o == nil || IsNil(o.Name) {
return nil, false
}
return o.Name, true
@@ -350,7 +353,7 @@ func (o *OidcUserInfo) GetNameOk() (*string, bool) {
// HasName returns a boolean if a field has been set.
func (o *OidcUserInfo) HasName() bool {
- if o != nil && o.Name != nil {
+ if o != nil && !IsNil(o.Name) {
return true
}
@@ -364,7 +367,7 @@ func (o *OidcUserInfo) SetName(v string) {
// GetNickname returns the Nickname field value if set, zero value otherwise.
func (o *OidcUserInfo) GetNickname() string {
- if o == nil || o.Nickname == nil {
+ if o == nil || IsNil(o.Nickname) {
var ret string
return ret
}
@@ -374,7 +377,7 @@ func (o *OidcUserInfo) GetNickname() string {
// GetNicknameOk returns a tuple with the Nickname field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetNicknameOk() (*string, bool) {
- if o == nil || o.Nickname == nil {
+ if o == nil || IsNil(o.Nickname) {
return nil, false
}
return o.Nickname, true
@@ -382,7 +385,7 @@ func (o *OidcUserInfo) GetNicknameOk() (*string, bool) {
// HasNickname returns a boolean if a field has been set.
func (o *OidcUserInfo) HasNickname() bool {
- if o != nil && o.Nickname != nil {
+ if o != nil && !IsNil(o.Nickname) {
return true
}
@@ -396,7 +399,7 @@ func (o *OidcUserInfo) SetNickname(v string) {
// GetPhoneNumber returns the PhoneNumber field value if set, zero value otherwise.
func (o *OidcUserInfo) GetPhoneNumber() string {
- if o == nil || o.PhoneNumber == nil {
+ if o == nil || IsNil(o.PhoneNumber) {
var ret string
return ret
}
@@ -406,7 +409,7 @@ func (o *OidcUserInfo) GetPhoneNumber() string {
// GetPhoneNumberOk returns a tuple with the PhoneNumber field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetPhoneNumberOk() (*string, bool) {
- if o == nil || o.PhoneNumber == nil {
+ if o == nil || IsNil(o.PhoneNumber) {
return nil, false
}
return o.PhoneNumber, true
@@ -414,7 +417,7 @@ func (o *OidcUserInfo) GetPhoneNumberOk() (*string, bool) {
// HasPhoneNumber returns a boolean if a field has been set.
func (o *OidcUserInfo) HasPhoneNumber() bool {
- if o != nil && o.PhoneNumber != nil {
+ if o != nil && !IsNil(o.PhoneNumber) {
return true
}
@@ -428,7 +431,7 @@ func (o *OidcUserInfo) SetPhoneNumber(v string) {
// GetPhoneNumberVerified returns the PhoneNumberVerified field value if set, zero value otherwise.
func (o *OidcUserInfo) GetPhoneNumberVerified() bool {
- if o == nil || o.PhoneNumberVerified == nil {
+ if o == nil || IsNil(o.PhoneNumberVerified) {
var ret bool
return ret
}
@@ -438,7 +441,7 @@ func (o *OidcUserInfo) GetPhoneNumberVerified() bool {
// GetPhoneNumberVerifiedOk returns a tuple with the PhoneNumberVerified field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetPhoneNumberVerifiedOk() (*bool, bool) {
- if o == nil || o.PhoneNumberVerified == nil {
+ if o == nil || IsNil(o.PhoneNumberVerified) {
return nil, false
}
return o.PhoneNumberVerified, true
@@ -446,7 +449,7 @@ func (o *OidcUserInfo) GetPhoneNumberVerifiedOk() (*bool, bool) {
// HasPhoneNumberVerified returns a boolean if a field has been set.
func (o *OidcUserInfo) HasPhoneNumberVerified() bool {
- if o != nil && o.PhoneNumberVerified != nil {
+ if o != nil && !IsNil(o.PhoneNumberVerified) {
return true
}
@@ -460,7 +463,7 @@ func (o *OidcUserInfo) SetPhoneNumberVerified(v bool) {
// GetPicture returns the Picture field value if set, zero value otherwise.
func (o *OidcUserInfo) GetPicture() string {
- if o == nil || o.Picture == nil {
+ if o == nil || IsNil(o.Picture) {
var ret string
return ret
}
@@ -470,7 +473,7 @@ func (o *OidcUserInfo) GetPicture() string {
// GetPictureOk returns a tuple with the Picture field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetPictureOk() (*string, bool) {
- if o == nil || o.Picture == nil {
+ if o == nil || IsNil(o.Picture) {
return nil, false
}
return o.Picture, true
@@ -478,7 +481,7 @@ func (o *OidcUserInfo) GetPictureOk() (*string, bool) {
// HasPicture returns a boolean if a field has been set.
func (o *OidcUserInfo) HasPicture() bool {
- if o != nil && o.Picture != nil {
+ if o != nil && !IsNil(o.Picture) {
return true
}
@@ -492,7 +495,7 @@ func (o *OidcUserInfo) SetPicture(v string) {
// GetPreferredUsername returns the PreferredUsername field value if set, zero value otherwise.
func (o *OidcUserInfo) GetPreferredUsername() string {
- if o == nil || o.PreferredUsername == nil {
+ if o == nil || IsNil(o.PreferredUsername) {
var ret string
return ret
}
@@ -502,7 +505,7 @@ func (o *OidcUserInfo) GetPreferredUsername() string {
// GetPreferredUsernameOk returns a tuple with the PreferredUsername field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetPreferredUsernameOk() (*string, bool) {
- if o == nil || o.PreferredUsername == nil {
+ if o == nil || IsNil(o.PreferredUsername) {
return nil, false
}
return o.PreferredUsername, true
@@ -510,7 +513,7 @@ func (o *OidcUserInfo) GetPreferredUsernameOk() (*string, bool) {
// HasPreferredUsername returns a boolean if a field has been set.
func (o *OidcUserInfo) HasPreferredUsername() bool {
- if o != nil && o.PreferredUsername != nil {
+ if o != nil && !IsNil(o.PreferredUsername) {
return true
}
@@ -524,7 +527,7 @@ func (o *OidcUserInfo) SetPreferredUsername(v string) {
// GetProfile returns the Profile field value if set, zero value otherwise.
func (o *OidcUserInfo) GetProfile() string {
- if o == nil || o.Profile == nil {
+ if o == nil || IsNil(o.Profile) {
var ret string
return ret
}
@@ -534,7 +537,7 @@ func (o *OidcUserInfo) GetProfile() string {
// GetProfileOk returns a tuple with the Profile field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetProfileOk() (*string, bool) {
- if o == nil || o.Profile == nil {
+ if o == nil || IsNil(o.Profile) {
return nil, false
}
return o.Profile, true
@@ -542,7 +545,7 @@ func (o *OidcUserInfo) GetProfileOk() (*string, bool) {
// HasProfile returns a boolean if a field has been set.
func (o *OidcUserInfo) HasProfile() bool {
- if o != nil && o.Profile != nil {
+ if o != nil && !IsNil(o.Profile) {
return true
}
@@ -556,7 +559,7 @@ func (o *OidcUserInfo) SetProfile(v string) {
// GetSub returns the Sub field value if set, zero value otherwise.
func (o *OidcUserInfo) GetSub() string {
- if o == nil || o.Sub == nil {
+ if o == nil || IsNil(o.Sub) {
var ret string
return ret
}
@@ -566,7 +569,7 @@ func (o *OidcUserInfo) GetSub() string {
// GetSubOk returns a tuple with the Sub field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetSubOk() (*string, bool) {
- if o == nil || o.Sub == nil {
+ if o == nil || IsNil(o.Sub) {
return nil, false
}
return o.Sub, true
@@ -574,7 +577,7 @@ func (o *OidcUserInfo) GetSubOk() (*string, bool) {
// HasSub returns a boolean if a field has been set.
func (o *OidcUserInfo) HasSub() bool {
- if o != nil && o.Sub != nil {
+ if o != nil && !IsNil(o.Sub) {
return true
}
@@ -588,7 +591,7 @@ func (o *OidcUserInfo) SetSub(v string) {
// GetUpdatedAt returns the UpdatedAt field value if set, zero value otherwise.
func (o *OidcUserInfo) GetUpdatedAt() int64 {
- if o == nil || o.UpdatedAt == nil {
+ if o == nil || IsNil(o.UpdatedAt) {
var ret int64
return ret
}
@@ -598,7 +601,7 @@ func (o *OidcUserInfo) GetUpdatedAt() int64 {
// GetUpdatedAtOk returns a tuple with the UpdatedAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetUpdatedAtOk() (*int64, bool) {
- if o == nil || o.UpdatedAt == nil {
+ if o == nil || IsNil(o.UpdatedAt) {
return nil, false
}
return o.UpdatedAt, true
@@ -606,7 +609,7 @@ func (o *OidcUserInfo) GetUpdatedAtOk() (*int64, bool) {
// HasUpdatedAt returns a boolean if a field has been set.
func (o *OidcUserInfo) HasUpdatedAt() bool {
- if o != nil && o.UpdatedAt != nil {
+ if o != nil && !IsNil(o.UpdatedAt) {
return true
}
@@ -620,7 +623,7 @@ func (o *OidcUserInfo) SetUpdatedAt(v int64) {
// GetWebsite returns the Website field value if set, zero value otherwise.
func (o *OidcUserInfo) GetWebsite() string {
- if o == nil || o.Website == nil {
+ if o == nil || IsNil(o.Website) {
var ret string
return ret
}
@@ -630,7 +633,7 @@ func (o *OidcUserInfo) GetWebsite() string {
// GetWebsiteOk returns a tuple with the Website field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetWebsiteOk() (*string, bool) {
- if o == nil || o.Website == nil {
+ if o == nil || IsNil(o.Website) {
return nil, false
}
return o.Website, true
@@ -638,7 +641,7 @@ func (o *OidcUserInfo) GetWebsiteOk() (*string, bool) {
// HasWebsite returns a boolean if a field has been set.
func (o *OidcUserInfo) HasWebsite() bool {
- if o != nil && o.Website != nil {
+ if o != nil && !IsNil(o.Website) {
return true
}
@@ -652,7 +655,7 @@ func (o *OidcUserInfo) SetWebsite(v string) {
// GetZoneinfo returns the Zoneinfo field value if set, zero value otherwise.
func (o *OidcUserInfo) GetZoneinfo() string {
- if o == nil || o.Zoneinfo == nil {
+ if o == nil || IsNil(o.Zoneinfo) {
var ret string
return ret
}
@@ -662,7 +665,7 @@ func (o *OidcUserInfo) GetZoneinfo() string {
// GetZoneinfoOk returns a tuple with the Zoneinfo field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *OidcUserInfo) GetZoneinfoOk() (*string, bool) {
- if o == nil || o.Zoneinfo == nil {
+ if o == nil || IsNil(o.Zoneinfo) {
return nil, false
}
return o.Zoneinfo, true
@@ -670,7 +673,7 @@ func (o *OidcUserInfo) GetZoneinfoOk() (*string, bool) {
// HasZoneinfo returns a boolean if a field has been set.
func (o *OidcUserInfo) HasZoneinfo() bool {
- if o != nil && o.Zoneinfo != nil {
+ if o != nil && !IsNil(o.Zoneinfo) {
return true
}
@@ -683,65 +686,73 @@ func (o *OidcUserInfo) SetZoneinfo(v string) {
}
func (o OidcUserInfo) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o OidcUserInfo) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Birthdate != nil {
+ if !IsNil(o.Birthdate) {
toSerialize["birthdate"] = o.Birthdate
}
- if o.Email != nil {
+ if !IsNil(o.Email) {
toSerialize["email"] = o.Email
}
- if o.EmailVerified != nil {
+ if !IsNil(o.EmailVerified) {
toSerialize["email_verified"] = o.EmailVerified
}
- if o.FamilyName != nil {
+ if !IsNil(o.FamilyName) {
toSerialize["family_name"] = o.FamilyName
}
- if o.Gender != nil {
+ if !IsNil(o.Gender) {
toSerialize["gender"] = o.Gender
}
- if o.GivenName != nil {
+ if !IsNil(o.GivenName) {
toSerialize["given_name"] = o.GivenName
}
- if o.Locale != nil {
+ if !IsNil(o.Locale) {
toSerialize["locale"] = o.Locale
}
- if o.MiddleName != nil {
+ if !IsNil(o.MiddleName) {
toSerialize["middle_name"] = o.MiddleName
}
- if o.Name != nil {
+ if !IsNil(o.Name) {
toSerialize["name"] = o.Name
}
- if o.Nickname != nil {
+ if !IsNil(o.Nickname) {
toSerialize["nickname"] = o.Nickname
}
- if o.PhoneNumber != nil {
+ if !IsNil(o.PhoneNumber) {
toSerialize["phone_number"] = o.PhoneNumber
}
- if o.PhoneNumberVerified != nil {
+ if !IsNil(o.PhoneNumberVerified) {
toSerialize["phone_number_verified"] = o.PhoneNumberVerified
}
- if o.Picture != nil {
+ if !IsNil(o.Picture) {
toSerialize["picture"] = o.Picture
}
- if o.PreferredUsername != nil {
+ if !IsNil(o.PreferredUsername) {
toSerialize["preferred_username"] = o.PreferredUsername
}
- if o.Profile != nil {
+ if !IsNil(o.Profile) {
toSerialize["profile"] = o.Profile
}
- if o.Sub != nil {
+ if !IsNil(o.Sub) {
toSerialize["sub"] = o.Sub
}
- if o.UpdatedAt != nil {
+ if !IsNil(o.UpdatedAt) {
toSerialize["updated_at"] = o.UpdatedAt
}
- if o.Website != nil {
+ if !IsNil(o.Website) {
toSerialize["website"] = o.Website
}
- if o.Zoneinfo != nil {
+ if !IsNil(o.Zoneinfo) {
toSerialize["zoneinfo"] = o.Zoneinfo
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableOidcUserInfo struct {
diff --git a/internal/httpclient/model_pagination.go b/internal/httpclient/model_pagination.go
index 66402865828..3c8fb123987 100644
--- a/internal/httpclient/model_pagination.go
+++ b/internal/httpclient/model_pagination.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the Pagination type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &Pagination{}
+
// Pagination struct for Pagination
type Pagination struct {
// Items per page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
@@ -50,7 +53,7 @@ func NewPaginationWithDefaults() *Pagination {
// GetPageSize returns the PageSize field value if set, zero value otherwise.
func (o *Pagination) GetPageSize() int64 {
- if o == nil || o.PageSize == nil {
+ if o == nil || IsNil(o.PageSize) {
var ret int64
return ret
}
@@ -60,7 +63,7 @@ func (o *Pagination) GetPageSize() int64 {
// GetPageSizeOk returns a tuple with the PageSize field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *Pagination) GetPageSizeOk() (*int64, bool) {
- if o == nil || o.PageSize == nil {
+ if o == nil || IsNil(o.PageSize) {
return nil, false
}
return o.PageSize, true
@@ -68,7 +71,7 @@ func (o *Pagination) GetPageSizeOk() (*int64, bool) {
// HasPageSize returns a boolean if a field has been set.
func (o *Pagination) HasPageSize() bool {
- if o != nil && o.PageSize != nil {
+ if o != nil && !IsNil(o.PageSize) {
return true
}
@@ -82,7 +85,7 @@ func (o *Pagination) SetPageSize(v int64) {
// GetPageToken returns the PageToken field value if set, zero value otherwise.
func (o *Pagination) GetPageToken() string {
- if o == nil || o.PageToken == nil {
+ if o == nil || IsNil(o.PageToken) {
var ret string
return ret
}
@@ -92,7 +95,7 @@ func (o *Pagination) GetPageToken() string {
// GetPageTokenOk returns a tuple with the PageToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *Pagination) GetPageTokenOk() (*string, bool) {
- if o == nil || o.PageToken == nil {
+ if o == nil || IsNil(o.PageToken) {
return nil, false
}
return o.PageToken, true
@@ -100,7 +103,7 @@ func (o *Pagination) GetPageTokenOk() (*string, bool) {
// HasPageToken returns a boolean if a field has been set.
func (o *Pagination) HasPageToken() bool {
- if o != nil && o.PageToken != nil {
+ if o != nil && !IsNil(o.PageToken) {
return true
}
@@ -113,14 +116,22 @@ func (o *Pagination) SetPageToken(v string) {
}
func (o Pagination) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o Pagination) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.PageSize != nil {
+ if !IsNil(o.PageSize) {
toSerialize["page_size"] = o.PageSize
}
- if o.PageToken != nil {
+ if !IsNil(o.PageToken) {
toSerialize["page_token"] = o.PageToken
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullablePagination struct {
diff --git a/internal/httpclient/model_pagination_headers.go b/internal/httpclient/model_pagination_headers.go
index 803a8119b4e..acb56f21978 100644
--- a/internal/httpclient/model_pagination_headers.go
+++ b/internal/httpclient/model_pagination_headers.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the PaginationHeaders type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &PaginationHeaders{}
+
// PaginationHeaders struct for PaginationHeaders
type PaginationHeaders struct {
// The link header contains pagination links. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). in: header
@@ -42,7 +45,7 @@ func NewPaginationHeadersWithDefaults() *PaginationHeaders {
// GetLink returns the Link field value if set, zero value otherwise.
func (o *PaginationHeaders) GetLink() string {
- if o == nil || o.Link == nil {
+ if o == nil || IsNil(o.Link) {
var ret string
return ret
}
@@ -52,7 +55,7 @@ func (o *PaginationHeaders) GetLink() string {
// GetLinkOk returns a tuple with the Link field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *PaginationHeaders) GetLinkOk() (*string, bool) {
- if o == nil || o.Link == nil {
+ if o == nil || IsNil(o.Link) {
return nil, false
}
return o.Link, true
@@ -60,7 +63,7 @@ func (o *PaginationHeaders) GetLinkOk() (*string, bool) {
// HasLink returns a boolean if a field has been set.
func (o *PaginationHeaders) HasLink() bool {
- if o != nil && o.Link != nil {
+ if o != nil && !IsNil(o.Link) {
return true
}
@@ -74,7 +77,7 @@ func (o *PaginationHeaders) SetLink(v string) {
// GetXTotalCount returns the XTotalCount field value if set, zero value otherwise.
func (o *PaginationHeaders) GetXTotalCount() string {
- if o == nil || o.XTotalCount == nil {
+ if o == nil || IsNil(o.XTotalCount) {
var ret string
return ret
}
@@ -84,7 +87,7 @@ func (o *PaginationHeaders) GetXTotalCount() string {
// GetXTotalCountOk returns a tuple with the XTotalCount field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *PaginationHeaders) GetXTotalCountOk() (*string, bool) {
- if o == nil || o.XTotalCount == nil {
+ if o == nil || IsNil(o.XTotalCount) {
return nil, false
}
return o.XTotalCount, true
@@ -92,7 +95,7 @@ func (o *PaginationHeaders) GetXTotalCountOk() (*string, bool) {
// HasXTotalCount returns a boolean if a field has been set.
func (o *PaginationHeaders) HasXTotalCount() bool {
- if o != nil && o.XTotalCount != nil {
+ if o != nil && !IsNil(o.XTotalCount) {
return true
}
@@ -105,14 +108,22 @@ func (o *PaginationHeaders) SetXTotalCount(v string) {
}
func (o PaginationHeaders) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o PaginationHeaders) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Link != nil {
+ if !IsNil(o.Link) {
toSerialize["link"] = o.Link
}
- if o.XTotalCount != nil {
+ if !IsNil(o.XTotalCount) {
toSerialize["x-total-count"] = o.XTotalCount
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullablePaginationHeaders struct {
diff --git a/internal/httpclient/model_reject_o_auth2_request.go b/internal/httpclient/model_reject_o_auth2_request.go
index 4b6817491a5..8d0a178a3fb 100644
--- a/internal/httpclient/model_reject_o_auth2_request.go
+++ b/internal/httpclient/model_reject_o_auth2_request.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the RejectOAuth2Request type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &RejectOAuth2Request{}
+
// RejectOAuth2Request struct for RejectOAuth2Request
type RejectOAuth2Request struct {
// The error should follow the OAuth2 error format (e.g. `invalid_request`, `login_required`). Defaults to `request_denied`.
@@ -48,7 +51,7 @@ func NewRejectOAuth2RequestWithDefaults() *RejectOAuth2Request {
// GetError returns the Error field value if set, zero value otherwise.
func (o *RejectOAuth2Request) GetError() string {
- if o == nil || o.Error == nil {
+ if o == nil || IsNil(o.Error) {
var ret string
return ret
}
@@ -58,7 +61,7 @@ func (o *RejectOAuth2Request) GetError() string {
// GetErrorOk returns a tuple with the Error field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RejectOAuth2Request) GetErrorOk() (*string, bool) {
- if o == nil || o.Error == nil {
+ if o == nil || IsNil(o.Error) {
return nil, false
}
return o.Error, true
@@ -66,7 +69,7 @@ func (o *RejectOAuth2Request) GetErrorOk() (*string, bool) {
// HasError returns a boolean if a field has been set.
func (o *RejectOAuth2Request) HasError() bool {
- if o != nil && o.Error != nil {
+ if o != nil && !IsNil(o.Error) {
return true
}
@@ -80,7 +83,7 @@ func (o *RejectOAuth2Request) SetError(v string) {
// GetErrorDebug returns the ErrorDebug field value if set, zero value otherwise.
func (o *RejectOAuth2Request) GetErrorDebug() string {
- if o == nil || o.ErrorDebug == nil {
+ if o == nil || IsNil(o.ErrorDebug) {
var ret string
return ret
}
@@ -90,7 +93,7 @@ func (o *RejectOAuth2Request) GetErrorDebug() string {
// GetErrorDebugOk returns a tuple with the ErrorDebug field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RejectOAuth2Request) GetErrorDebugOk() (*string, bool) {
- if o == nil || o.ErrorDebug == nil {
+ if o == nil || IsNil(o.ErrorDebug) {
return nil, false
}
return o.ErrorDebug, true
@@ -98,7 +101,7 @@ func (o *RejectOAuth2Request) GetErrorDebugOk() (*string, bool) {
// HasErrorDebug returns a boolean if a field has been set.
func (o *RejectOAuth2Request) HasErrorDebug() bool {
- if o != nil && o.ErrorDebug != nil {
+ if o != nil && !IsNil(o.ErrorDebug) {
return true
}
@@ -112,7 +115,7 @@ func (o *RejectOAuth2Request) SetErrorDebug(v string) {
// GetErrorDescription returns the ErrorDescription field value if set, zero value otherwise.
func (o *RejectOAuth2Request) GetErrorDescription() string {
- if o == nil || o.ErrorDescription == nil {
+ if o == nil || IsNil(o.ErrorDescription) {
var ret string
return ret
}
@@ -122,7 +125,7 @@ func (o *RejectOAuth2Request) GetErrorDescription() string {
// GetErrorDescriptionOk returns a tuple with the ErrorDescription field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RejectOAuth2Request) GetErrorDescriptionOk() (*string, bool) {
- if o == nil || o.ErrorDescription == nil {
+ if o == nil || IsNil(o.ErrorDescription) {
return nil, false
}
return o.ErrorDescription, true
@@ -130,7 +133,7 @@ func (o *RejectOAuth2Request) GetErrorDescriptionOk() (*string, bool) {
// HasErrorDescription returns a boolean if a field has been set.
func (o *RejectOAuth2Request) HasErrorDescription() bool {
- if o != nil && o.ErrorDescription != nil {
+ if o != nil && !IsNil(o.ErrorDescription) {
return true
}
@@ -144,7 +147,7 @@ func (o *RejectOAuth2Request) SetErrorDescription(v string) {
// GetErrorHint returns the ErrorHint field value if set, zero value otherwise.
func (o *RejectOAuth2Request) GetErrorHint() string {
- if o == nil || o.ErrorHint == nil {
+ if o == nil || IsNil(o.ErrorHint) {
var ret string
return ret
}
@@ -154,7 +157,7 @@ func (o *RejectOAuth2Request) GetErrorHint() string {
// GetErrorHintOk returns a tuple with the ErrorHint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RejectOAuth2Request) GetErrorHintOk() (*string, bool) {
- if o == nil || o.ErrorHint == nil {
+ if o == nil || IsNil(o.ErrorHint) {
return nil, false
}
return o.ErrorHint, true
@@ -162,7 +165,7 @@ func (o *RejectOAuth2Request) GetErrorHintOk() (*string, bool) {
// HasErrorHint returns a boolean if a field has been set.
func (o *RejectOAuth2Request) HasErrorHint() bool {
- if o != nil && o.ErrorHint != nil {
+ if o != nil && !IsNil(o.ErrorHint) {
return true
}
@@ -176,7 +179,7 @@ func (o *RejectOAuth2Request) SetErrorHint(v string) {
// GetStatusCode returns the StatusCode field value if set, zero value otherwise.
func (o *RejectOAuth2Request) GetStatusCode() int64 {
- if o == nil || o.StatusCode == nil {
+ if o == nil || IsNil(o.StatusCode) {
var ret int64
return ret
}
@@ -186,7 +189,7 @@ func (o *RejectOAuth2Request) GetStatusCode() int64 {
// GetStatusCodeOk returns a tuple with the StatusCode field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RejectOAuth2Request) GetStatusCodeOk() (*int64, bool) {
- if o == nil || o.StatusCode == nil {
+ if o == nil || IsNil(o.StatusCode) {
return nil, false
}
return o.StatusCode, true
@@ -194,7 +197,7 @@ func (o *RejectOAuth2Request) GetStatusCodeOk() (*int64, bool) {
// HasStatusCode returns a boolean if a field has been set.
func (o *RejectOAuth2Request) HasStatusCode() bool {
- if o != nil && o.StatusCode != nil {
+ if o != nil && !IsNil(o.StatusCode) {
return true
}
@@ -207,23 +210,31 @@ func (o *RejectOAuth2Request) SetStatusCode(v int64) {
}
func (o RejectOAuth2Request) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o RejectOAuth2Request) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Error != nil {
+ if !IsNil(o.Error) {
toSerialize["error"] = o.Error
}
- if o.ErrorDebug != nil {
+ if !IsNil(o.ErrorDebug) {
toSerialize["error_debug"] = o.ErrorDebug
}
- if o.ErrorDescription != nil {
+ if !IsNil(o.ErrorDescription) {
toSerialize["error_description"] = o.ErrorDescription
}
- if o.ErrorHint != nil {
+ if !IsNil(o.ErrorHint) {
toSerialize["error_hint"] = o.ErrorHint
}
- if o.StatusCode != nil {
+ if !IsNil(o.StatusCode) {
toSerialize["status_code"] = o.StatusCode
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableRejectOAuth2Request struct {
diff --git a/internal/httpclient/model_rfc6749_error_json.go b/internal/httpclient/model_rfc6749_error_json.go
index cf9ffb36916..d33a2b91e08 100644
--- a/internal/httpclient/model_rfc6749_error_json.go
+++ b/internal/httpclient/model_rfc6749_error_json.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the RFC6749ErrorJson type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &RFC6749ErrorJson{}
+
// RFC6749ErrorJson struct for RFC6749ErrorJson
type RFC6749ErrorJson struct {
Error *string `json:"error,omitempty"`
@@ -43,7 +46,7 @@ func NewRFC6749ErrorJsonWithDefaults() *RFC6749ErrorJson {
// GetError returns the Error field value if set, zero value otherwise.
func (o *RFC6749ErrorJson) GetError() string {
- if o == nil || o.Error == nil {
+ if o == nil || IsNil(o.Error) {
var ret string
return ret
}
@@ -53,7 +56,7 @@ func (o *RFC6749ErrorJson) GetError() string {
// GetErrorOk returns a tuple with the Error field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RFC6749ErrorJson) GetErrorOk() (*string, bool) {
- if o == nil || o.Error == nil {
+ if o == nil || IsNil(o.Error) {
return nil, false
}
return o.Error, true
@@ -61,7 +64,7 @@ func (o *RFC6749ErrorJson) GetErrorOk() (*string, bool) {
// HasError returns a boolean if a field has been set.
func (o *RFC6749ErrorJson) HasError() bool {
- if o != nil && o.Error != nil {
+ if o != nil && !IsNil(o.Error) {
return true
}
@@ -75,7 +78,7 @@ func (o *RFC6749ErrorJson) SetError(v string) {
// GetErrorDebug returns the ErrorDebug field value if set, zero value otherwise.
func (o *RFC6749ErrorJson) GetErrorDebug() string {
- if o == nil || o.ErrorDebug == nil {
+ if o == nil || IsNil(o.ErrorDebug) {
var ret string
return ret
}
@@ -85,7 +88,7 @@ func (o *RFC6749ErrorJson) GetErrorDebug() string {
// GetErrorDebugOk returns a tuple with the ErrorDebug field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RFC6749ErrorJson) GetErrorDebugOk() (*string, bool) {
- if o == nil || o.ErrorDebug == nil {
+ if o == nil || IsNil(o.ErrorDebug) {
return nil, false
}
return o.ErrorDebug, true
@@ -93,7 +96,7 @@ func (o *RFC6749ErrorJson) GetErrorDebugOk() (*string, bool) {
// HasErrorDebug returns a boolean if a field has been set.
func (o *RFC6749ErrorJson) HasErrorDebug() bool {
- if o != nil && o.ErrorDebug != nil {
+ if o != nil && !IsNil(o.ErrorDebug) {
return true
}
@@ -107,7 +110,7 @@ func (o *RFC6749ErrorJson) SetErrorDebug(v string) {
// GetErrorDescription returns the ErrorDescription field value if set, zero value otherwise.
func (o *RFC6749ErrorJson) GetErrorDescription() string {
- if o == nil || o.ErrorDescription == nil {
+ if o == nil || IsNil(o.ErrorDescription) {
var ret string
return ret
}
@@ -117,7 +120,7 @@ func (o *RFC6749ErrorJson) GetErrorDescription() string {
// GetErrorDescriptionOk returns a tuple with the ErrorDescription field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RFC6749ErrorJson) GetErrorDescriptionOk() (*string, bool) {
- if o == nil || o.ErrorDescription == nil {
+ if o == nil || IsNil(o.ErrorDescription) {
return nil, false
}
return o.ErrorDescription, true
@@ -125,7 +128,7 @@ func (o *RFC6749ErrorJson) GetErrorDescriptionOk() (*string, bool) {
// HasErrorDescription returns a boolean if a field has been set.
func (o *RFC6749ErrorJson) HasErrorDescription() bool {
- if o != nil && o.ErrorDescription != nil {
+ if o != nil && !IsNil(o.ErrorDescription) {
return true
}
@@ -139,7 +142,7 @@ func (o *RFC6749ErrorJson) SetErrorDescription(v string) {
// GetErrorHint returns the ErrorHint field value if set, zero value otherwise.
func (o *RFC6749ErrorJson) GetErrorHint() string {
- if o == nil || o.ErrorHint == nil {
+ if o == nil || IsNil(o.ErrorHint) {
var ret string
return ret
}
@@ -149,7 +152,7 @@ func (o *RFC6749ErrorJson) GetErrorHint() string {
// GetErrorHintOk returns a tuple with the ErrorHint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RFC6749ErrorJson) GetErrorHintOk() (*string, bool) {
- if o == nil || o.ErrorHint == nil {
+ if o == nil || IsNil(o.ErrorHint) {
return nil, false
}
return o.ErrorHint, true
@@ -157,7 +160,7 @@ func (o *RFC6749ErrorJson) GetErrorHintOk() (*string, bool) {
// HasErrorHint returns a boolean if a field has been set.
func (o *RFC6749ErrorJson) HasErrorHint() bool {
- if o != nil && o.ErrorHint != nil {
+ if o != nil && !IsNil(o.ErrorHint) {
return true
}
@@ -171,7 +174,7 @@ func (o *RFC6749ErrorJson) SetErrorHint(v string) {
// GetStatusCode returns the StatusCode field value if set, zero value otherwise.
func (o *RFC6749ErrorJson) GetStatusCode() int64 {
- if o == nil || o.StatusCode == nil {
+ if o == nil || IsNil(o.StatusCode) {
var ret int64
return ret
}
@@ -181,7 +184,7 @@ func (o *RFC6749ErrorJson) GetStatusCode() int64 {
// GetStatusCodeOk returns a tuple with the StatusCode field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *RFC6749ErrorJson) GetStatusCodeOk() (*int64, bool) {
- if o == nil || o.StatusCode == nil {
+ if o == nil || IsNil(o.StatusCode) {
return nil, false
}
return o.StatusCode, true
@@ -189,7 +192,7 @@ func (o *RFC6749ErrorJson) GetStatusCodeOk() (*int64, bool) {
// HasStatusCode returns a boolean if a field has been set.
func (o *RFC6749ErrorJson) HasStatusCode() bool {
- if o != nil && o.StatusCode != nil {
+ if o != nil && !IsNil(o.StatusCode) {
return true
}
@@ -202,23 +205,31 @@ func (o *RFC6749ErrorJson) SetStatusCode(v int64) {
}
func (o RFC6749ErrorJson) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o RFC6749ErrorJson) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Error != nil {
+ if !IsNil(o.Error) {
toSerialize["error"] = o.Error
}
- if o.ErrorDebug != nil {
+ if !IsNil(o.ErrorDebug) {
toSerialize["error_debug"] = o.ErrorDebug
}
- if o.ErrorDescription != nil {
+ if !IsNil(o.ErrorDescription) {
toSerialize["error_description"] = o.ErrorDescription
}
- if o.ErrorHint != nil {
+ if !IsNil(o.ErrorHint) {
toSerialize["error_hint"] = o.ErrorHint
}
- if o.StatusCode != nil {
+ if !IsNil(o.StatusCode) {
toSerialize["status_code"] = o.StatusCode
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableRFC6749ErrorJson struct {
diff --git a/internal/httpclient/model_token_pagination.go b/internal/httpclient/model_token_pagination.go
index 7d96f47f2be..d9457ccd9e8 100644
--- a/internal/httpclient/model_token_pagination.go
+++ b/internal/httpclient/model_token_pagination.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the TokenPagination type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &TokenPagination{}
+
// TokenPagination struct for TokenPagination
type TokenPagination struct {
// Items per page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
@@ -50,7 +53,7 @@ func NewTokenPaginationWithDefaults() *TokenPagination {
// GetPageSize returns the PageSize field value if set, zero value otherwise.
func (o *TokenPagination) GetPageSize() int64 {
- if o == nil || o.PageSize == nil {
+ if o == nil || IsNil(o.PageSize) {
var ret int64
return ret
}
@@ -60,7 +63,7 @@ func (o *TokenPagination) GetPageSize() int64 {
// GetPageSizeOk returns a tuple with the PageSize field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TokenPagination) GetPageSizeOk() (*int64, bool) {
- if o == nil || o.PageSize == nil {
+ if o == nil || IsNil(o.PageSize) {
return nil, false
}
return o.PageSize, true
@@ -68,7 +71,7 @@ func (o *TokenPagination) GetPageSizeOk() (*int64, bool) {
// HasPageSize returns a boolean if a field has been set.
func (o *TokenPagination) HasPageSize() bool {
- if o != nil && o.PageSize != nil {
+ if o != nil && !IsNil(o.PageSize) {
return true
}
@@ -82,7 +85,7 @@ func (o *TokenPagination) SetPageSize(v int64) {
// GetPageToken returns the PageToken field value if set, zero value otherwise.
func (o *TokenPagination) GetPageToken() string {
- if o == nil || o.PageToken == nil {
+ if o == nil || IsNil(o.PageToken) {
var ret string
return ret
}
@@ -92,7 +95,7 @@ func (o *TokenPagination) GetPageToken() string {
// GetPageTokenOk returns a tuple with the PageToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TokenPagination) GetPageTokenOk() (*string, bool) {
- if o == nil || o.PageToken == nil {
+ if o == nil || IsNil(o.PageToken) {
return nil, false
}
return o.PageToken, true
@@ -100,7 +103,7 @@ func (o *TokenPagination) GetPageTokenOk() (*string, bool) {
// HasPageToken returns a boolean if a field has been set.
func (o *TokenPagination) HasPageToken() bool {
- if o != nil && o.PageToken != nil {
+ if o != nil && !IsNil(o.PageToken) {
return true
}
@@ -113,14 +116,22 @@ func (o *TokenPagination) SetPageToken(v string) {
}
func (o TokenPagination) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o TokenPagination) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.PageSize != nil {
+ if !IsNil(o.PageSize) {
toSerialize["page_size"] = o.PageSize
}
- if o.PageToken != nil {
+ if !IsNil(o.PageToken) {
toSerialize["page_token"] = o.PageToken
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableTokenPagination struct {
diff --git a/internal/httpclient/model_token_pagination_headers.go b/internal/httpclient/model_token_pagination_headers.go
index 7c4c657c968..537d5e59bdd 100644
--- a/internal/httpclient/model_token_pagination_headers.go
+++ b/internal/httpclient/model_token_pagination_headers.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the TokenPaginationHeaders type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &TokenPaginationHeaders{}
+
// TokenPaginationHeaders struct for TokenPaginationHeaders
type TokenPaginationHeaders struct {
// The link header contains pagination links. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination). in: header
@@ -42,7 +45,7 @@ func NewTokenPaginationHeadersWithDefaults() *TokenPaginationHeaders {
// GetLink returns the Link field value if set, zero value otherwise.
func (o *TokenPaginationHeaders) GetLink() string {
- if o == nil || o.Link == nil {
+ if o == nil || IsNil(o.Link) {
var ret string
return ret
}
@@ -52,7 +55,7 @@ func (o *TokenPaginationHeaders) GetLink() string {
// GetLinkOk returns a tuple with the Link field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TokenPaginationHeaders) GetLinkOk() (*string, bool) {
- if o == nil || o.Link == nil {
+ if o == nil || IsNil(o.Link) {
return nil, false
}
return o.Link, true
@@ -60,7 +63,7 @@ func (o *TokenPaginationHeaders) GetLinkOk() (*string, bool) {
// HasLink returns a boolean if a field has been set.
func (o *TokenPaginationHeaders) HasLink() bool {
- if o != nil && o.Link != nil {
+ if o != nil && !IsNil(o.Link) {
return true
}
@@ -74,7 +77,7 @@ func (o *TokenPaginationHeaders) SetLink(v string) {
// GetXTotalCount returns the XTotalCount field value if set, zero value otherwise.
func (o *TokenPaginationHeaders) GetXTotalCount() string {
- if o == nil || o.XTotalCount == nil {
+ if o == nil || IsNil(o.XTotalCount) {
var ret string
return ret
}
@@ -84,7 +87,7 @@ func (o *TokenPaginationHeaders) GetXTotalCount() string {
// GetXTotalCountOk returns a tuple with the XTotalCount field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TokenPaginationHeaders) GetXTotalCountOk() (*string, bool) {
- if o == nil || o.XTotalCount == nil {
+ if o == nil || IsNil(o.XTotalCount) {
return nil, false
}
return o.XTotalCount, true
@@ -92,7 +95,7 @@ func (o *TokenPaginationHeaders) GetXTotalCountOk() (*string, bool) {
// HasXTotalCount returns a boolean if a field has been set.
func (o *TokenPaginationHeaders) HasXTotalCount() bool {
- if o != nil && o.XTotalCount != nil {
+ if o != nil && !IsNil(o.XTotalCount) {
return true
}
@@ -105,14 +108,22 @@ func (o *TokenPaginationHeaders) SetXTotalCount(v string) {
}
func (o TokenPaginationHeaders) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o TokenPaginationHeaders) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Link != nil {
+ if !IsNil(o.Link) {
toSerialize["link"] = o.Link
}
- if o.XTotalCount != nil {
+ if !IsNil(o.XTotalCount) {
toSerialize["x-total-count"] = o.XTotalCount
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableTokenPaginationHeaders struct {
diff --git a/internal/httpclient/model_token_pagination_request_parameters.go b/internal/httpclient/model_token_pagination_request_parameters.go
index 40ef780d684..e18c491d8fe 100644
--- a/internal/httpclient/model_token_pagination_request_parameters.go
+++ b/internal/httpclient/model_token_pagination_request_parameters.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the TokenPaginationRequestParameters type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &TokenPaginationRequestParameters{}
+
// TokenPaginationRequestParameters The `Link` HTTP header contains multiple links (`first`, `next`, `last`, `previous`) formatted as: `; rel=\"{page}\"` For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
type TokenPaginationRequestParameters struct {
// Items per Page This is the number of items per page to return. For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
@@ -50,7 +53,7 @@ func NewTokenPaginationRequestParametersWithDefaults() *TokenPaginationRequestPa
// GetPageSize returns the PageSize field value if set, zero value otherwise.
func (o *TokenPaginationRequestParameters) GetPageSize() int64 {
- if o == nil || o.PageSize == nil {
+ if o == nil || IsNil(o.PageSize) {
var ret int64
return ret
}
@@ -60,7 +63,7 @@ func (o *TokenPaginationRequestParameters) GetPageSize() int64 {
// GetPageSizeOk returns a tuple with the PageSize field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TokenPaginationRequestParameters) GetPageSizeOk() (*int64, bool) {
- if o == nil || o.PageSize == nil {
+ if o == nil || IsNil(o.PageSize) {
return nil, false
}
return o.PageSize, true
@@ -68,7 +71,7 @@ func (o *TokenPaginationRequestParameters) GetPageSizeOk() (*int64, bool) {
// HasPageSize returns a boolean if a field has been set.
func (o *TokenPaginationRequestParameters) HasPageSize() bool {
- if o != nil && o.PageSize != nil {
+ if o != nil && !IsNil(o.PageSize) {
return true
}
@@ -82,7 +85,7 @@ func (o *TokenPaginationRequestParameters) SetPageSize(v int64) {
// GetPageToken returns the PageToken field value if set, zero value otherwise.
func (o *TokenPaginationRequestParameters) GetPageToken() string {
- if o == nil || o.PageToken == nil {
+ if o == nil || IsNil(o.PageToken) {
var ret string
return ret
}
@@ -92,7 +95,7 @@ func (o *TokenPaginationRequestParameters) GetPageToken() string {
// GetPageTokenOk returns a tuple with the PageToken field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TokenPaginationRequestParameters) GetPageTokenOk() (*string, bool) {
- if o == nil || o.PageToken == nil {
+ if o == nil || IsNil(o.PageToken) {
return nil, false
}
return o.PageToken, true
@@ -100,7 +103,7 @@ func (o *TokenPaginationRequestParameters) GetPageTokenOk() (*string, bool) {
// HasPageToken returns a boolean if a field has been set.
func (o *TokenPaginationRequestParameters) HasPageToken() bool {
- if o != nil && o.PageToken != nil {
+ if o != nil && !IsNil(o.PageToken) {
return true
}
@@ -113,14 +116,22 @@ func (o *TokenPaginationRequestParameters) SetPageToken(v string) {
}
func (o TokenPaginationRequestParameters) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o TokenPaginationRequestParameters) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.PageSize != nil {
+ if !IsNil(o.PageSize) {
toSerialize["page_size"] = o.PageSize
}
- if o.PageToken != nil {
+ if !IsNil(o.PageToken) {
toSerialize["page_token"] = o.PageToken
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableTokenPaginationRequestParameters struct {
diff --git a/internal/httpclient/model_token_pagination_response_headers.go b/internal/httpclient/model_token_pagination_response_headers.go
index 26722925de6..bddbcd203ea 100644
--- a/internal/httpclient/model_token_pagination_response_headers.go
+++ b/internal/httpclient/model_token_pagination_response_headers.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the TokenPaginationResponseHeaders type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &TokenPaginationResponseHeaders{}
+
// TokenPaginationResponseHeaders The `Link` HTTP header contains multiple links (`first`, `next`, `last`, `previous`) formatted as: `; rel=\"{page}\"` For details on pagination please head over to the [pagination documentation](https://www.ory.sh/docs/ecosystem/api-design#pagination).
type TokenPaginationResponseHeaders struct {
// The Link HTTP Header The `Link` header contains a comma-delimited list of links to the following pages: first: The first page of results. next: The next page of results. prev: The previous page of results. last: The last page of results. Pages are omitted if they do not exist. For example, if there is no next page, the `next` link is omitted. Examples: ; rel=\"first\",; rel=\"next\",; rel=\"prev\",; rel=\"last\"
@@ -42,7 +45,7 @@ func NewTokenPaginationResponseHeadersWithDefaults() *TokenPaginationResponseHea
// GetLink returns the Link field value if set, zero value otherwise.
func (o *TokenPaginationResponseHeaders) GetLink() string {
- if o == nil || o.Link == nil {
+ if o == nil || IsNil(o.Link) {
var ret string
return ret
}
@@ -52,7 +55,7 @@ func (o *TokenPaginationResponseHeaders) GetLink() string {
// GetLinkOk returns a tuple with the Link field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TokenPaginationResponseHeaders) GetLinkOk() (*string, bool) {
- if o == nil || o.Link == nil {
+ if o == nil || IsNil(o.Link) {
return nil, false
}
return o.Link, true
@@ -60,7 +63,7 @@ func (o *TokenPaginationResponseHeaders) GetLinkOk() (*string, bool) {
// HasLink returns a boolean if a field has been set.
func (o *TokenPaginationResponseHeaders) HasLink() bool {
- if o != nil && o.Link != nil {
+ if o != nil && !IsNil(o.Link) {
return true
}
@@ -74,7 +77,7 @@ func (o *TokenPaginationResponseHeaders) SetLink(v string) {
// GetXTotalCount returns the XTotalCount field value if set, zero value otherwise.
func (o *TokenPaginationResponseHeaders) GetXTotalCount() int64 {
- if o == nil || o.XTotalCount == nil {
+ if o == nil || IsNil(o.XTotalCount) {
var ret int64
return ret
}
@@ -84,7 +87,7 @@ func (o *TokenPaginationResponseHeaders) GetXTotalCount() int64 {
// GetXTotalCountOk returns a tuple with the XTotalCount field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TokenPaginationResponseHeaders) GetXTotalCountOk() (*int64, bool) {
- if o == nil || o.XTotalCount == nil {
+ if o == nil || IsNil(o.XTotalCount) {
return nil, false
}
return o.XTotalCount, true
@@ -92,7 +95,7 @@ func (o *TokenPaginationResponseHeaders) GetXTotalCountOk() (*int64, bool) {
// HasXTotalCount returns a boolean if a field has been set.
func (o *TokenPaginationResponseHeaders) HasXTotalCount() bool {
- if o != nil && o.XTotalCount != nil {
+ if o != nil && !IsNil(o.XTotalCount) {
return true
}
@@ -105,14 +108,22 @@ func (o *TokenPaginationResponseHeaders) SetXTotalCount(v int64) {
}
func (o TokenPaginationResponseHeaders) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o TokenPaginationResponseHeaders) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Link != nil {
+ if !IsNil(o.Link) {
toSerialize["link"] = o.Link
}
- if o.XTotalCount != nil {
+ if !IsNil(o.XTotalCount) {
toSerialize["x-total-count"] = o.XTotalCount
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableTokenPaginationResponseHeaders struct {
diff --git a/internal/httpclient/model_trust_o_auth2_jwt_grant_issuer.go b/internal/httpclient/model_trust_o_auth2_jwt_grant_issuer.go
index 15f8d9575f4..5803dcffbfb 100644
--- a/internal/httpclient/model_trust_o_auth2_jwt_grant_issuer.go
+++ b/internal/httpclient/model_trust_o_auth2_jwt_grant_issuer.go
@@ -12,10 +12,15 @@ Contact: hi@ory.sh
package openapi
import (
+ "bytes"
"encoding/json"
+ "fmt"
"time"
)
+// checks if the TrustOAuth2JwtGrantIssuer type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &TrustOAuth2JwtGrantIssuer{}
+
// TrustOAuth2JwtGrantIssuer Trust OAuth2 JWT Bearer Grant Type Issuer Request Body
type TrustOAuth2JwtGrantIssuer struct {
// The \"allow_any_subject\" indicates that the issuer is allowed to have any principal as the subject of the JWT.
@@ -31,6 +36,8 @@ type TrustOAuth2JwtGrantIssuer struct {
Subject *string `json:"subject,omitempty"`
}
+type _TrustOAuth2JwtGrantIssuer TrustOAuth2JwtGrantIssuer
+
// NewTrustOAuth2JwtGrantIssuer instantiates a new TrustOAuth2JwtGrantIssuer object
// This constructor will assign default values to properties that have it defined,
// and makes sure properties required by API are set, but the set of arguments
@@ -54,7 +61,7 @@ func NewTrustOAuth2JwtGrantIssuerWithDefaults() *TrustOAuth2JwtGrantIssuer {
// GetAllowAnySubject returns the AllowAnySubject field value if set, zero value otherwise.
func (o *TrustOAuth2JwtGrantIssuer) GetAllowAnySubject() bool {
- if o == nil || o.AllowAnySubject == nil {
+ if o == nil || IsNil(o.AllowAnySubject) {
var ret bool
return ret
}
@@ -64,7 +71,7 @@ func (o *TrustOAuth2JwtGrantIssuer) GetAllowAnySubject() bool {
// GetAllowAnySubjectOk returns a tuple with the AllowAnySubject field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustOAuth2JwtGrantIssuer) GetAllowAnySubjectOk() (*bool, bool) {
- if o == nil || o.AllowAnySubject == nil {
+ if o == nil || IsNil(o.AllowAnySubject) {
return nil, false
}
return o.AllowAnySubject, true
@@ -72,7 +79,7 @@ func (o *TrustOAuth2JwtGrantIssuer) GetAllowAnySubjectOk() (*bool, bool) {
// HasAllowAnySubject returns a boolean if a field has been set.
func (o *TrustOAuth2JwtGrantIssuer) HasAllowAnySubject() bool {
- if o != nil && o.AllowAnySubject != nil {
+ if o != nil && !IsNil(o.AllowAnySubject) {
return true
}
@@ -182,7 +189,7 @@ func (o *TrustOAuth2JwtGrantIssuer) SetScope(v []string) {
// GetSubject returns the Subject field value if set, zero value otherwise.
func (o *TrustOAuth2JwtGrantIssuer) GetSubject() string {
- if o == nil || o.Subject == nil {
+ if o == nil || IsNil(o.Subject) {
var ret string
return ret
}
@@ -192,7 +199,7 @@ func (o *TrustOAuth2JwtGrantIssuer) GetSubject() string {
// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustOAuth2JwtGrantIssuer) GetSubjectOk() (*string, bool) {
- if o == nil || o.Subject == nil {
+ if o == nil || IsNil(o.Subject) {
return nil, false
}
return o.Subject, true
@@ -200,7 +207,7 @@ func (o *TrustOAuth2JwtGrantIssuer) GetSubjectOk() (*string, bool) {
// HasSubject returns a boolean if a field has been set.
func (o *TrustOAuth2JwtGrantIssuer) HasSubject() bool {
- if o != nil && o.Subject != nil {
+ if o != nil && !IsNil(o.Subject) {
return true
}
@@ -213,26 +220,66 @@ func (o *TrustOAuth2JwtGrantIssuer) SetSubject(v string) {
}
func (o TrustOAuth2JwtGrantIssuer) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o TrustOAuth2JwtGrantIssuer) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.AllowAnySubject != nil {
+ if !IsNil(o.AllowAnySubject) {
toSerialize["allow_any_subject"] = o.AllowAnySubject
}
- if true {
- toSerialize["expires_at"] = o.ExpiresAt
+ toSerialize["expires_at"] = o.ExpiresAt
+ toSerialize["issuer"] = o.Issuer
+ toSerialize["jwk"] = o.Jwk
+ toSerialize["scope"] = o.Scope
+ if !IsNil(o.Subject) {
+ toSerialize["subject"] = o.Subject
}
- if true {
- toSerialize["issuer"] = o.Issuer
+ return toSerialize, nil
+}
+
+func (o *TrustOAuth2JwtGrantIssuer) UnmarshalJSON(data []byte) (err error) {
+ // This validates that all required properties are included in the JSON object
+ // by unmarshalling the object into a generic map with string keys and checking
+ // that every required field exists as a key in the generic map.
+ requiredProperties := []string{
+ "expires_at",
+ "issuer",
+ "jwk",
+ "scope",
}
- if true {
- toSerialize["jwk"] = o.Jwk
+
+ allProperties := make(map[string]interface{})
+
+ err = json.Unmarshal(data, &allProperties)
+
+ if err != nil {
+ return err
}
- if true {
- toSerialize["scope"] = o.Scope
+
+ for _, requiredProperty := range requiredProperties {
+ if _, exists := allProperties[requiredProperty]; !exists {
+ return fmt.Errorf("no value given for required property %v", requiredProperty)
+ }
}
- if o.Subject != nil {
- toSerialize["subject"] = o.Subject
+
+ varTrustOAuth2JwtGrantIssuer := _TrustOAuth2JwtGrantIssuer{}
+
+ decoder := json.NewDecoder(bytes.NewReader(data))
+ decoder.DisallowUnknownFields()
+ err = decoder.Decode(&varTrustOAuth2JwtGrantIssuer)
+
+ if err != nil {
+ return err
}
- return json.Marshal(toSerialize)
+
+ *o = TrustOAuth2JwtGrantIssuer(varTrustOAuth2JwtGrantIssuer)
+
+ return err
}
type NullableTrustOAuth2JwtGrantIssuer struct {
diff --git a/internal/httpclient/model_trusted_o_auth2_jwt_grant_issuer.go b/internal/httpclient/model_trusted_o_auth2_jwt_grant_issuer.go
index 80fba647b44..7b0c1fcbca9 100644
--- a/internal/httpclient/model_trusted_o_auth2_jwt_grant_issuer.go
+++ b/internal/httpclient/model_trusted_o_auth2_jwt_grant_issuer.go
@@ -16,6 +16,9 @@ import (
"time"
)
+// checks if the TrustedOAuth2JwtGrantIssuer type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &TrustedOAuth2JwtGrantIssuer{}
+
// TrustedOAuth2JwtGrantIssuer OAuth2 JWT Bearer Grant Type Issuer Trust Relationship
type TrustedOAuth2JwtGrantIssuer struct {
// The \"allow_any_subject\" indicates that the issuer is allowed to have any principal as the subject of the JWT.
@@ -53,7 +56,7 @@ func NewTrustedOAuth2JwtGrantIssuerWithDefaults() *TrustedOAuth2JwtGrantIssuer {
// GetAllowAnySubject returns the AllowAnySubject field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantIssuer) GetAllowAnySubject() bool {
- if o == nil || o.AllowAnySubject == nil {
+ if o == nil || IsNil(o.AllowAnySubject) {
var ret bool
return ret
}
@@ -63,7 +66,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetAllowAnySubject() bool {
// GetAllowAnySubjectOk returns a tuple with the AllowAnySubject field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantIssuer) GetAllowAnySubjectOk() (*bool, bool) {
- if o == nil || o.AllowAnySubject == nil {
+ if o == nil || IsNil(o.AllowAnySubject) {
return nil, false
}
return o.AllowAnySubject, true
@@ -71,7 +74,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetAllowAnySubjectOk() (*bool, bool) {
// HasAllowAnySubject returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantIssuer) HasAllowAnySubject() bool {
- if o != nil && o.AllowAnySubject != nil {
+ if o != nil && !IsNil(o.AllowAnySubject) {
return true
}
@@ -85,7 +88,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) SetAllowAnySubject(v bool) {
// GetCreatedAt returns the CreatedAt field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantIssuer) GetCreatedAt() time.Time {
- if o == nil || o.CreatedAt == nil {
+ if o == nil || IsNil(o.CreatedAt) {
var ret time.Time
return ret
}
@@ -95,7 +98,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetCreatedAt() time.Time {
// GetCreatedAtOk returns a tuple with the CreatedAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantIssuer) GetCreatedAtOk() (*time.Time, bool) {
- if o == nil || o.CreatedAt == nil {
+ if o == nil || IsNil(o.CreatedAt) {
return nil, false
}
return o.CreatedAt, true
@@ -103,7 +106,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetCreatedAtOk() (*time.Time, bool) {
// HasCreatedAt returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantIssuer) HasCreatedAt() bool {
- if o != nil && o.CreatedAt != nil {
+ if o != nil && !IsNil(o.CreatedAt) {
return true
}
@@ -117,7 +120,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) SetCreatedAt(v time.Time) {
// GetExpiresAt returns the ExpiresAt field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantIssuer) GetExpiresAt() time.Time {
- if o == nil || o.ExpiresAt == nil {
+ if o == nil || IsNil(o.ExpiresAt) {
var ret time.Time
return ret
}
@@ -127,7 +130,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetExpiresAt() time.Time {
// GetExpiresAtOk returns a tuple with the ExpiresAt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantIssuer) GetExpiresAtOk() (*time.Time, bool) {
- if o == nil || o.ExpiresAt == nil {
+ if o == nil || IsNil(o.ExpiresAt) {
return nil, false
}
return o.ExpiresAt, true
@@ -135,7 +138,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetExpiresAtOk() (*time.Time, bool) {
// HasExpiresAt returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantIssuer) HasExpiresAt() bool {
- if o != nil && o.ExpiresAt != nil {
+ if o != nil && !IsNil(o.ExpiresAt) {
return true
}
@@ -149,7 +152,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) SetExpiresAt(v time.Time) {
// GetId returns the Id field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantIssuer) GetId() string {
- if o == nil || o.Id == nil {
+ if o == nil || IsNil(o.Id) {
var ret string
return ret
}
@@ -159,7 +162,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetId() string {
// GetIdOk returns a tuple with the Id field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantIssuer) GetIdOk() (*string, bool) {
- if o == nil || o.Id == nil {
+ if o == nil || IsNil(o.Id) {
return nil, false
}
return o.Id, true
@@ -167,7 +170,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetIdOk() (*string, bool) {
// HasId returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantIssuer) HasId() bool {
- if o != nil && o.Id != nil {
+ if o != nil && !IsNil(o.Id) {
return true
}
@@ -181,7 +184,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) SetId(v string) {
// GetIssuer returns the Issuer field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantIssuer) GetIssuer() string {
- if o == nil || o.Issuer == nil {
+ if o == nil || IsNil(o.Issuer) {
var ret string
return ret
}
@@ -191,7 +194,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetIssuer() string {
// GetIssuerOk returns a tuple with the Issuer field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantIssuer) GetIssuerOk() (*string, bool) {
- if o == nil || o.Issuer == nil {
+ if o == nil || IsNil(o.Issuer) {
return nil, false
}
return o.Issuer, true
@@ -199,7 +202,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetIssuerOk() (*string, bool) {
// HasIssuer returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantIssuer) HasIssuer() bool {
- if o != nil && o.Issuer != nil {
+ if o != nil && !IsNil(o.Issuer) {
return true
}
@@ -213,7 +216,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) SetIssuer(v string) {
// GetPublicKey returns the PublicKey field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantIssuer) GetPublicKey() TrustedOAuth2JwtGrantJsonWebKey {
- if o == nil || o.PublicKey == nil {
+ if o == nil || IsNil(o.PublicKey) {
var ret TrustedOAuth2JwtGrantJsonWebKey
return ret
}
@@ -223,7 +226,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetPublicKey() TrustedOAuth2JwtGrantJsonWe
// GetPublicKeyOk returns a tuple with the PublicKey field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantIssuer) GetPublicKeyOk() (*TrustedOAuth2JwtGrantJsonWebKey, bool) {
- if o == nil || o.PublicKey == nil {
+ if o == nil || IsNil(o.PublicKey) {
return nil, false
}
return o.PublicKey, true
@@ -231,7 +234,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetPublicKeyOk() (*TrustedOAuth2JwtGrantJs
// HasPublicKey returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantIssuer) HasPublicKey() bool {
- if o != nil && o.PublicKey != nil {
+ if o != nil && !IsNil(o.PublicKey) {
return true
}
@@ -245,7 +248,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) SetPublicKey(v TrustedOAuth2JwtGrantJsonWe
// GetScope returns the Scope field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantIssuer) GetScope() []string {
- if o == nil || o.Scope == nil {
+ if o == nil || IsNil(o.Scope) {
var ret []string
return ret
}
@@ -255,7 +258,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetScope() []string {
// GetScopeOk returns a tuple with the Scope field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantIssuer) GetScopeOk() ([]string, bool) {
- if o == nil || o.Scope == nil {
+ if o == nil || IsNil(o.Scope) {
return nil, false
}
return o.Scope, true
@@ -263,7 +266,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetScopeOk() ([]string, bool) {
// HasScope returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantIssuer) HasScope() bool {
- if o != nil && o.Scope != nil {
+ if o != nil && !IsNil(o.Scope) {
return true
}
@@ -277,7 +280,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) SetScope(v []string) {
// GetSubject returns the Subject field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantIssuer) GetSubject() string {
- if o == nil || o.Subject == nil {
+ if o == nil || IsNil(o.Subject) {
var ret string
return ret
}
@@ -287,7 +290,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetSubject() string {
// GetSubjectOk returns a tuple with the Subject field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantIssuer) GetSubjectOk() (*string, bool) {
- if o == nil || o.Subject == nil {
+ if o == nil || IsNil(o.Subject) {
return nil, false
}
return o.Subject, true
@@ -295,7 +298,7 @@ func (o *TrustedOAuth2JwtGrantIssuer) GetSubjectOk() (*string, bool) {
// HasSubject returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantIssuer) HasSubject() bool {
- if o != nil && o.Subject != nil {
+ if o != nil && !IsNil(o.Subject) {
return true
}
@@ -308,32 +311,40 @@ func (o *TrustedOAuth2JwtGrantIssuer) SetSubject(v string) {
}
func (o TrustedOAuth2JwtGrantIssuer) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o TrustedOAuth2JwtGrantIssuer) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.AllowAnySubject != nil {
+ if !IsNil(o.AllowAnySubject) {
toSerialize["allow_any_subject"] = o.AllowAnySubject
}
- if o.CreatedAt != nil {
+ if !IsNil(o.CreatedAt) {
toSerialize["created_at"] = o.CreatedAt
}
- if o.ExpiresAt != nil {
+ if !IsNil(o.ExpiresAt) {
toSerialize["expires_at"] = o.ExpiresAt
}
- if o.Id != nil {
+ if !IsNil(o.Id) {
toSerialize["id"] = o.Id
}
- if o.Issuer != nil {
+ if !IsNil(o.Issuer) {
toSerialize["issuer"] = o.Issuer
}
- if o.PublicKey != nil {
+ if !IsNil(o.PublicKey) {
toSerialize["public_key"] = o.PublicKey
}
- if o.Scope != nil {
+ if !IsNil(o.Scope) {
toSerialize["scope"] = o.Scope
}
- if o.Subject != nil {
+ if !IsNil(o.Subject) {
toSerialize["subject"] = o.Subject
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableTrustedOAuth2JwtGrantIssuer struct {
diff --git a/internal/httpclient/model_trusted_o_auth2_jwt_grant_json_web_key.go b/internal/httpclient/model_trusted_o_auth2_jwt_grant_json_web_key.go
index 7b358805c77..2752cb5eeea 100644
--- a/internal/httpclient/model_trusted_o_auth2_jwt_grant_json_web_key.go
+++ b/internal/httpclient/model_trusted_o_auth2_jwt_grant_json_web_key.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the TrustedOAuth2JwtGrantJsonWebKey type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &TrustedOAuth2JwtGrantJsonWebKey{}
+
// TrustedOAuth2JwtGrantJsonWebKey OAuth2 JWT Bearer Grant Type Issuer Trusted JSON Web Key
type TrustedOAuth2JwtGrantJsonWebKey struct {
// The \"key_id\" is key unique identifier (same as kid header in jws/jwt).
@@ -42,7 +45,7 @@ func NewTrustedOAuth2JwtGrantJsonWebKeyWithDefaults() *TrustedOAuth2JwtGrantJson
// GetKid returns the Kid field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantJsonWebKey) GetKid() string {
- if o == nil || o.Kid == nil {
+ if o == nil || IsNil(o.Kid) {
var ret string
return ret
}
@@ -52,7 +55,7 @@ func (o *TrustedOAuth2JwtGrantJsonWebKey) GetKid() string {
// GetKidOk returns a tuple with the Kid field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantJsonWebKey) GetKidOk() (*string, bool) {
- if o == nil || o.Kid == nil {
+ if o == nil || IsNil(o.Kid) {
return nil, false
}
return o.Kid, true
@@ -60,7 +63,7 @@ func (o *TrustedOAuth2JwtGrantJsonWebKey) GetKidOk() (*string, bool) {
// HasKid returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantJsonWebKey) HasKid() bool {
- if o != nil && o.Kid != nil {
+ if o != nil && !IsNil(o.Kid) {
return true
}
@@ -74,7 +77,7 @@ func (o *TrustedOAuth2JwtGrantJsonWebKey) SetKid(v string) {
// GetSet returns the Set field value if set, zero value otherwise.
func (o *TrustedOAuth2JwtGrantJsonWebKey) GetSet() string {
- if o == nil || o.Set == nil {
+ if o == nil || IsNil(o.Set) {
var ret string
return ret
}
@@ -84,7 +87,7 @@ func (o *TrustedOAuth2JwtGrantJsonWebKey) GetSet() string {
// GetSetOk returns a tuple with the Set field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *TrustedOAuth2JwtGrantJsonWebKey) GetSetOk() (*string, bool) {
- if o == nil || o.Set == nil {
+ if o == nil || IsNil(o.Set) {
return nil, false
}
return o.Set, true
@@ -92,7 +95,7 @@ func (o *TrustedOAuth2JwtGrantJsonWebKey) GetSetOk() (*string, bool) {
// HasSet returns a boolean if a field has been set.
func (o *TrustedOAuth2JwtGrantJsonWebKey) HasSet() bool {
- if o != nil && o.Set != nil {
+ if o != nil && !IsNil(o.Set) {
return true
}
@@ -105,14 +108,22 @@ func (o *TrustedOAuth2JwtGrantJsonWebKey) SetSet(v string) {
}
func (o TrustedOAuth2JwtGrantJsonWebKey) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o TrustedOAuth2JwtGrantJsonWebKey) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Kid != nil {
+ if !IsNil(o.Kid) {
toSerialize["kid"] = o.Kid
}
- if o.Set != nil {
+ if !IsNil(o.Set) {
toSerialize["set"] = o.Set
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableTrustedOAuth2JwtGrantJsonWebKey struct {
diff --git a/internal/httpclient/model_verifiable_credential_priming_response.go b/internal/httpclient/model_verifiable_credential_priming_response.go
index 0744fd0704d..f0bdf3309b7 100644
--- a/internal/httpclient/model_verifiable_credential_priming_response.go
+++ b/internal/httpclient/model_verifiable_credential_priming_response.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the VerifiableCredentialPrimingResponse type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &VerifiableCredentialPrimingResponse{}
+
// VerifiableCredentialPrimingResponse struct for VerifiableCredentialPrimingResponse
type VerifiableCredentialPrimingResponse struct {
CNonce *string `json:"c_nonce,omitempty"`
@@ -46,7 +49,7 @@ func NewVerifiableCredentialPrimingResponseWithDefaults() *VerifiableCredentialP
// GetCNonce returns the CNonce field value if set, zero value otherwise.
func (o *VerifiableCredentialPrimingResponse) GetCNonce() string {
- if o == nil || o.CNonce == nil {
+ if o == nil || IsNil(o.CNonce) {
var ret string
return ret
}
@@ -56,7 +59,7 @@ func (o *VerifiableCredentialPrimingResponse) GetCNonce() string {
// GetCNonceOk returns a tuple with the CNonce field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialPrimingResponse) GetCNonceOk() (*string, bool) {
- if o == nil || o.CNonce == nil {
+ if o == nil || IsNil(o.CNonce) {
return nil, false
}
return o.CNonce, true
@@ -64,7 +67,7 @@ func (o *VerifiableCredentialPrimingResponse) GetCNonceOk() (*string, bool) {
// HasCNonce returns a boolean if a field has been set.
func (o *VerifiableCredentialPrimingResponse) HasCNonce() bool {
- if o != nil && o.CNonce != nil {
+ if o != nil && !IsNil(o.CNonce) {
return true
}
@@ -78,7 +81,7 @@ func (o *VerifiableCredentialPrimingResponse) SetCNonce(v string) {
// GetCNonceExpiresIn returns the CNonceExpiresIn field value if set, zero value otherwise.
func (o *VerifiableCredentialPrimingResponse) GetCNonceExpiresIn() int64 {
- if o == nil || o.CNonceExpiresIn == nil {
+ if o == nil || IsNil(o.CNonceExpiresIn) {
var ret int64
return ret
}
@@ -88,7 +91,7 @@ func (o *VerifiableCredentialPrimingResponse) GetCNonceExpiresIn() int64 {
// GetCNonceExpiresInOk returns a tuple with the CNonceExpiresIn field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialPrimingResponse) GetCNonceExpiresInOk() (*int64, bool) {
- if o == nil || o.CNonceExpiresIn == nil {
+ if o == nil || IsNil(o.CNonceExpiresIn) {
return nil, false
}
return o.CNonceExpiresIn, true
@@ -96,7 +99,7 @@ func (o *VerifiableCredentialPrimingResponse) GetCNonceExpiresInOk() (*int64, bo
// HasCNonceExpiresIn returns a boolean if a field has been set.
func (o *VerifiableCredentialPrimingResponse) HasCNonceExpiresIn() bool {
- if o != nil && o.CNonceExpiresIn != nil {
+ if o != nil && !IsNil(o.CNonceExpiresIn) {
return true
}
@@ -110,7 +113,7 @@ func (o *VerifiableCredentialPrimingResponse) SetCNonceExpiresIn(v int64) {
// GetError returns the Error field value if set, zero value otherwise.
func (o *VerifiableCredentialPrimingResponse) GetError() string {
- if o == nil || o.Error == nil {
+ if o == nil || IsNil(o.Error) {
var ret string
return ret
}
@@ -120,7 +123,7 @@ func (o *VerifiableCredentialPrimingResponse) GetError() string {
// GetErrorOk returns a tuple with the Error field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialPrimingResponse) GetErrorOk() (*string, bool) {
- if o == nil || o.Error == nil {
+ if o == nil || IsNil(o.Error) {
return nil, false
}
return o.Error, true
@@ -128,7 +131,7 @@ func (o *VerifiableCredentialPrimingResponse) GetErrorOk() (*string, bool) {
// HasError returns a boolean if a field has been set.
func (o *VerifiableCredentialPrimingResponse) HasError() bool {
- if o != nil && o.Error != nil {
+ if o != nil && !IsNil(o.Error) {
return true
}
@@ -142,7 +145,7 @@ func (o *VerifiableCredentialPrimingResponse) SetError(v string) {
// GetErrorDebug returns the ErrorDebug field value if set, zero value otherwise.
func (o *VerifiableCredentialPrimingResponse) GetErrorDebug() string {
- if o == nil || o.ErrorDebug == nil {
+ if o == nil || IsNil(o.ErrorDebug) {
var ret string
return ret
}
@@ -152,7 +155,7 @@ func (o *VerifiableCredentialPrimingResponse) GetErrorDebug() string {
// GetErrorDebugOk returns a tuple with the ErrorDebug field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialPrimingResponse) GetErrorDebugOk() (*string, bool) {
- if o == nil || o.ErrorDebug == nil {
+ if o == nil || IsNil(o.ErrorDebug) {
return nil, false
}
return o.ErrorDebug, true
@@ -160,7 +163,7 @@ func (o *VerifiableCredentialPrimingResponse) GetErrorDebugOk() (*string, bool)
// HasErrorDebug returns a boolean if a field has been set.
func (o *VerifiableCredentialPrimingResponse) HasErrorDebug() bool {
- if o != nil && o.ErrorDebug != nil {
+ if o != nil && !IsNil(o.ErrorDebug) {
return true
}
@@ -174,7 +177,7 @@ func (o *VerifiableCredentialPrimingResponse) SetErrorDebug(v string) {
// GetErrorDescription returns the ErrorDescription field value if set, zero value otherwise.
func (o *VerifiableCredentialPrimingResponse) GetErrorDescription() string {
- if o == nil || o.ErrorDescription == nil {
+ if o == nil || IsNil(o.ErrorDescription) {
var ret string
return ret
}
@@ -184,7 +187,7 @@ func (o *VerifiableCredentialPrimingResponse) GetErrorDescription() string {
// GetErrorDescriptionOk returns a tuple with the ErrorDescription field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialPrimingResponse) GetErrorDescriptionOk() (*string, bool) {
- if o == nil || o.ErrorDescription == nil {
+ if o == nil || IsNil(o.ErrorDescription) {
return nil, false
}
return o.ErrorDescription, true
@@ -192,7 +195,7 @@ func (o *VerifiableCredentialPrimingResponse) GetErrorDescriptionOk() (*string,
// HasErrorDescription returns a boolean if a field has been set.
func (o *VerifiableCredentialPrimingResponse) HasErrorDescription() bool {
- if o != nil && o.ErrorDescription != nil {
+ if o != nil && !IsNil(o.ErrorDescription) {
return true
}
@@ -206,7 +209,7 @@ func (o *VerifiableCredentialPrimingResponse) SetErrorDescription(v string) {
// GetErrorHint returns the ErrorHint field value if set, zero value otherwise.
func (o *VerifiableCredentialPrimingResponse) GetErrorHint() string {
- if o == nil || o.ErrorHint == nil {
+ if o == nil || IsNil(o.ErrorHint) {
var ret string
return ret
}
@@ -216,7 +219,7 @@ func (o *VerifiableCredentialPrimingResponse) GetErrorHint() string {
// GetErrorHintOk returns a tuple with the ErrorHint field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialPrimingResponse) GetErrorHintOk() (*string, bool) {
- if o == nil || o.ErrorHint == nil {
+ if o == nil || IsNil(o.ErrorHint) {
return nil, false
}
return o.ErrorHint, true
@@ -224,7 +227,7 @@ func (o *VerifiableCredentialPrimingResponse) GetErrorHintOk() (*string, bool) {
// HasErrorHint returns a boolean if a field has been set.
func (o *VerifiableCredentialPrimingResponse) HasErrorHint() bool {
- if o != nil && o.ErrorHint != nil {
+ if o != nil && !IsNil(o.ErrorHint) {
return true
}
@@ -238,7 +241,7 @@ func (o *VerifiableCredentialPrimingResponse) SetErrorHint(v string) {
// GetFormat returns the Format field value if set, zero value otherwise.
func (o *VerifiableCredentialPrimingResponse) GetFormat() string {
- if o == nil || o.Format == nil {
+ if o == nil || IsNil(o.Format) {
var ret string
return ret
}
@@ -248,7 +251,7 @@ func (o *VerifiableCredentialPrimingResponse) GetFormat() string {
// GetFormatOk returns a tuple with the Format field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialPrimingResponse) GetFormatOk() (*string, bool) {
- if o == nil || o.Format == nil {
+ if o == nil || IsNil(o.Format) {
return nil, false
}
return o.Format, true
@@ -256,7 +259,7 @@ func (o *VerifiableCredentialPrimingResponse) GetFormatOk() (*string, bool) {
// HasFormat returns a boolean if a field has been set.
func (o *VerifiableCredentialPrimingResponse) HasFormat() bool {
- if o != nil && o.Format != nil {
+ if o != nil && !IsNil(o.Format) {
return true
}
@@ -270,7 +273,7 @@ func (o *VerifiableCredentialPrimingResponse) SetFormat(v string) {
// GetStatusCode returns the StatusCode field value if set, zero value otherwise.
func (o *VerifiableCredentialPrimingResponse) GetStatusCode() int64 {
- if o == nil || o.StatusCode == nil {
+ if o == nil || IsNil(o.StatusCode) {
var ret int64
return ret
}
@@ -280,7 +283,7 @@ func (o *VerifiableCredentialPrimingResponse) GetStatusCode() int64 {
// GetStatusCodeOk returns a tuple with the StatusCode field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialPrimingResponse) GetStatusCodeOk() (*int64, bool) {
- if o == nil || o.StatusCode == nil {
+ if o == nil || IsNil(o.StatusCode) {
return nil, false
}
return o.StatusCode, true
@@ -288,7 +291,7 @@ func (o *VerifiableCredentialPrimingResponse) GetStatusCodeOk() (*int64, bool) {
// HasStatusCode returns a boolean if a field has been set.
func (o *VerifiableCredentialPrimingResponse) HasStatusCode() bool {
- if o != nil && o.StatusCode != nil {
+ if o != nil && !IsNil(o.StatusCode) {
return true
}
@@ -301,32 +304,40 @@ func (o *VerifiableCredentialPrimingResponse) SetStatusCode(v int64) {
}
func (o VerifiableCredentialPrimingResponse) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o VerifiableCredentialPrimingResponse) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.CNonce != nil {
+ if !IsNil(o.CNonce) {
toSerialize["c_nonce"] = o.CNonce
}
- if o.CNonceExpiresIn != nil {
+ if !IsNil(o.CNonceExpiresIn) {
toSerialize["c_nonce_expires_in"] = o.CNonceExpiresIn
}
- if o.Error != nil {
+ if !IsNil(o.Error) {
toSerialize["error"] = o.Error
}
- if o.ErrorDebug != nil {
+ if !IsNil(o.ErrorDebug) {
toSerialize["error_debug"] = o.ErrorDebug
}
- if o.ErrorDescription != nil {
+ if !IsNil(o.ErrorDescription) {
toSerialize["error_description"] = o.ErrorDescription
}
- if o.ErrorHint != nil {
+ if !IsNil(o.ErrorHint) {
toSerialize["error_hint"] = o.ErrorHint
}
- if o.Format != nil {
+ if !IsNil(o.Format) {
toSerialize["format"] = o.Format
}
- if o.StatusCode != nil {
+ if !IsNil(o.StatusCode) {
toSerialize["status_code"] = o.StatusCode
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableVerifiableCredentialPrimingResponse struct {
diff --git a/internal/httpclient/model_verifiable_credential_proof.go b/internal/httpclient/model_verifiable_credential_proof.go
index 0e9bdf78a52..28eedafdb9e 100644
--- a/internal/httpclient/model_verifiable_credential_proof.go
+++ b/internal/httpclient/model_verifiable_credential_proof.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the VerifiableCredentialProof type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &VerifiableCredentialProof{}
+
// VerifiableCredentialProof struct for VerifiableCredentialProof
type VerifiableCredentialProof struct {
Jwt *string `json:"jwt,omitempty"`
@@ -40,7 +43,7 @@ func NewVerifiableCredentialProofWithDefaults() *VerifiableCredentialProof {
// GetJwt returns the Jwt field value if set, zero value otherwise.
func (o *VerifiableCredentialProof) GetJwt() string {
- if o == nil || o.Jwt == nil {
+ if o == nil || IsNil(o.Jwt) {
var ret string
return ret
}
@@ -50,7 +53,7 @@ func (o *VerifiableCredentialProof) GetJwt() string {
// GetJwtOk returns a tuple with the Jwt field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialProof) GetJwtOk() (*string, bool) {
- if o == nil || o.Jwt == nil {
+ if o == nil || IsNil(o.Jwt) {
return nil, false
}
return o.Jwt, true
@@ -58,7 +61,7 @@ func (o *VerifiableCredentialProof) GetJwtOk() (*string, bool) {
// HasJwt returns a boolean if a field has been set.
func (o *VerifiableCredentialProof) HasJwt() bool {
- if o != nil && o.Jwt != nil {
+ if o != nil && !IsNil(o.Jwt) {
return true
}
@@ -72,7 +75,7 @@ func (o *VerifiableCredentialProof) SetJwt(v string) {
// GetProofType returns the ProofType field value if set, zero value otherwise.
func (o *VerifiableCredentialProof) GetProofType() string {
- if o == nil || o.ProofType == nil {
+ if o == nil || IsNil(o.ProofType) {
var ret string
return ret
}
@@ -82,7 +85,7 @@ func (o *VerifiableCredentialProof) GetProofType() string {
// GetProofTypeOk returns a tuple with the ProofType field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialProof) GetProofTypeOk() (*string, bool) {
- if o == nil || o.ProofType == nil {
+ if o == nil || IsNil(o.ProofType) {
return nil, false
}
return o.ProofType, true
@@ -90,7 +93,7 @@ func (o *VerifiableCredentialProof) GetProofTypeOk() (*string, bool) {
// HasProofType returns a boolean if a field has been set.
func (o *VerifiableCredentialProof) HasProofType() bool {
- if o != nil && o.ProofType != nil {
+ if o != nil && !IsNil(o.ProofType) {
return true
}
@@ -103,14 +106,22 @@ func (o *VerifiableCredentialProof) SetProofType(v string) {
}
func (o VerifiableCredentialProof) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o VerifiableCredentialProof) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Jwt != nil {
+ if !IsNil(o.Jwt) {
toSerialize["jwt"] = o.Jwt
}
- if o.ProofType != nil {
+ if !IsNil(o.ProofType) {
toSerialize["proof_type"] = o.ProofType
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableVerifiableCredentialProof struct {
diff --git a/internal/httpclient/model_verifiable_credential_response.go b/internal/httpclient/model_verifiable_credential_response.go
index a1296ee5bc6..4c24842e668 100644
--- a/internal/httpclient/model_verifiable_credential_response.go
+++ b/internal/httpclient/model_verifiable_credential_response.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the VerifiableCredentialResponse type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &VerifiableCredentialResponse{}
+
// VerifiableCredentialResponse struct for VerifiableCredentialResponse
type VerifiableCredentialResponse struct {
CredentialDraft00 *string `json:"credential_draft_00,omitempty"`
@@ -40,7 +43,7 @@ func NewVerifiableCredentialResponseWithDefaults() *VerifiableCredentialResponse
// GetCredentialDraft00 returns the CredentialDraft00 field value if set, zero value otherwise.
func (o *VerifiableCredentialResponse) GetCredentialDraft00() string {
- if o == nil || o.CredentialDraft00 == nil {
+ if o == nil || IsNil(o.CredentialDraft00) {
var ret string
return ret
}
@@ -50,7 +53,7 @@ func (o *VerifiableCredentialResponse) GetCredentialDraft00() string {
// GetCredentialDraft00Ok returns a tuple with the CredentialDraft00 field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialResponse) GetCredentialDraft00Ok() (*string, bool) {
- if o == nil || o.CredentialDraft00 == nil {
+ if o == nil || IsNil(o.CredentialDraft00) {
return nil, false
}
return o.CredentialDraft00, true
@@ -58,7 +61,7 @@ func (o *VerifiableCredentialResponse) GetCredentialDraft00Ok() (*string, bool)
// HasCredentialDraft00 returns a boolean if a field has been set.
func (o *VerifiableCredentialResponse) HasCredentialDraft00() bool {
- if o != nil && o.CredentialDraft00 != nil {
+ if o != nil && !IsNil(o.CredentialDraft00) {
return true
}
@@ -72,7 +75,7 @@ func (o *VerifiableCredentialResponse) SetCredentialDraft00(v string) {
// GetFormat returns the Format field value if set, zero value otherwise.
func (o *VerifiableCredentialResponse) GetFormat() string {
- if o == nil || o.Format == nil {
+ if o == nil || IsNil(o.Format) {
var ret string
return ret
}
@@ -82,7 +85,7 @@ func (o *VerifiableCredentialResponse) GetFormat() string {
// GetFormatOk returns a tuple with the Format field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *VerifiableCredentialResponse) GetFormatOk() (*string, bool) {
- if o == nil || o.Format == nil {
+ if o == nil || IsNil(o.Format) {
return nil, false
}
return o.Format, true
@@ -90,7 +93,7 @@ func (o *VerifiableCredentialResponse) GetFormatOk() (*string, bool) {
// HasFormat returns a boolean if a field has been set.
func (o *VerifiableCredentialResponse) HasFormat() bool {
- if o != nil && o.Format != nil {
+ if o != nil && !IsNil(o.Format) {
return true
}
@@ -103,14 +106,22 @@ func (o *VerifiableCredentialResponse) SetFormat(v string) {
}
func (o VerifiableCredentialResponse) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o VerifiableCredentialResponse) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.CredentialDraft00 != nil {
+ if !IsNil(o.CredentialDraft00) {
toSerialize["credential_draft_00"] = o.CredentialDraft00
}
- if o.Format != nil {
+ if !IsNil(o.Format) {
toSerialize["format"] = o.Format
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableVerifiableCredentialResponse struct {
diff --git a/internal/httpclient/model_verify_user_code_request.go b/internal/httpclient/model_verify_user_code_request.go
new file mode 100644
index 00000000000..692694e9040
--- /dev/null
+++ b/internal/httpclient/model_verify_user_code_request.go
@@ -0,0 +1,344 @@
+/*
+Ory Hydra API
+
+Documentation for all of Ory Hydra's APIs.
+
+API version:
+Contact: hi@ory.sh
+*/
+
+// Code generated by OpenAPI Generator (https://openapi-generator.tech); DO NOT EDIT.
+
+package openapi
+
+import (
+ "encoding/json"
+ "time"
+)
+
+// checks if the VerifyUserCodeRequest type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &VerifyUserCodeRequest{}
+
+// VerifyUserCodeRequest struct for VerifyUserCodeRequest
+type VerifyUserCodeRequest struct {
+ // ID is the identifier (\"device challenge\") of the device request. It is used to identify the session.
+ Challenge *string `json:"challenge,omitempty"`
+ Client *OAuth2Client `json:"client,omitempty"`
+ DeviceCodeRequestId *string `json:"device_code_request_id,omitempty"`
+ HandledAt *time.Time `json:"handled_at,omitempty"`
+ // RequestURL is the original Device Authorization URL requested.
+ RequestUrl *string `json:"request_url,omitempty"`
+ RequestedAccessTokenAudience []string `json:"requested_access_token_audience,omitempty"`
+ RequestedScope []string `json:"requested_scope,omitempty"`
+}
+
+// NewVerifyUserCodeRequest instantiates a new VerifyUserCodeRequest object
+// This constructor will assign default values to properties that have it defined,
+// and makes sure properties required by API are set, but the set of arguments
+// will change when the set of required properties is changed
+func NewVerifyUserCodeRequest() *VerifyUserCodeRequest {
+ this := VerifyUserCodeRequest{}
+ return &this
+}
+
+// NewVerifyUserCodeRequestWithDefaults instantiates a new VerifyUserCodeRequest object
+// This constructor will only assign default values to properties that have it defined,
+// but it doesn't guarantee that properties required by API are set
+func NewVerifyUserCodeRequestWithDefaults() *VerifyUserCodeRequest {
+ this := VerifyUserCodeRequest{}
+ return &this
+}
+
+// GetChallenge returns the Challenge field value if set, zero value otherwise.
+func (o *VerifyUserCodeRequest) GetChallenge() string {
+ if o == nil || IsNil(o.Challenge) {
+ var ret string
+ return ret
+ }
+ return *o.Challenge
+}
+
+// GetChallengeOk returns a tuple with the Challenge field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserCodeRequest) GetChallengeOk() (*string, bool) {
+ if o == nil || IsNil(o.Challenge) {
+ return nil, false
+ }
+ return o.Challenge, true
+}
+
+// HasChallenge returns a boolean if a field has been set.
+func (o *VerifyUserCodeRequest) HasChallenge() bool {
+ if o != nil && !IsNil(o.Challenge) {
+ return true
+ }
+
+ return false
+}
+
+// SetChallenge gets a reference to the given string and assigns it to the Challenge field.
+func (o *VerifyUserCodeRequest) SetChallenge(v string) {
+ o.Challenge = &v
+}
+
+// GetClient returns the Client field value if set, zero value otherwise.
+func (o *VerifyUserCodeRequest) GetClient() OAuth2Client {
+ if o == nil || IsNil(o.Client) {
+ var ret OAuth2Client
+ return ret
+ }
+ return *o.Client
+}
+
+// GetClientOk returns a tuple with the Client field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserCodeRequest) GetClientOk() (*OAuth2Client, bool) {
+ if o == nil || IsNil(o.Client) {
+ return nil, false
+ }
+ return o.Client, true
+}
+
+// HasClient returns a boolean if a field has been set.
+func (o *VerifyUserCodeRequest) HasClient() bool {
+ if o != nil && !IsNil(o.Client) {
+ return true
+ }
+
+ return false
+}
+
+// SetClient gets a reference to the given OAuth2Client and assigns it to the Client field.
+func (o *VerifyUserCodeRequest) SetClient(v OAuth2Client) {
+ o.Client = &v
+}
+
+// GetDeviceCodeRequestId returns the DeviceCodeRequestId field value if set, zero value otherwise.
+func (o *VerifyUserCodeRequest) GetDeviceCodeRequestId() string {
+ if o == nil || IsNil(o.DeviceCodeRequestId) {
+ var ret string
+ return ret
+ }
+ return *o.DeviceCodeRequestId
+}
+
+// GetDeviceCodeRequestIdOk returns a tuple with the DeviceCodeRequestId field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserCodeRequest) GetDeviceCodeRequestIdOk() (*string, bool) {
+ if o == nil || IsNil(o.DeviceCodeRequestId) {
+ return nil, false
+ }
+ return o.DeviceCodeRequestId, true
+}
+
+// HasDeviceCodeRequestId returns a boolean if a field has been set.
+func (o *VerifyUserCodeRequest) HasDeviceCodeRequestId() bool {
+ if o != nil && !IsNil(o.DeviceCodeRequestId) {
+ return true
+ }
+
+ return false
+}
+
+// SetDeviceCodeRequestId gets a reference to the given string and assigns it to the DeviceCodeRequestId field.
+func (o *VerifyUserCodeRequest) SetDeviceCodeRequestId(v string) {
+ o.DeviceCodeRequestId = &v
+}
+
+// GetHandledAt returns the HandledAt field value if set, zero value otherwise.
+func (o *VerifyUserCodeRequest) GetHandledAt() time.Time {
+ if o == nil || IsNil(o.HandledAt) {
+ var ret time.Time
+ return ret
+ }
+ return *o.HandledAt
+}
+
+// GetHandledAtOk returns a tuple with the HandledAt field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserCodeRequest) GetHandledAtOk() (*time.Time, bool) {
+ if o == nil || IsNil(o.HandledAt) {
+ return nil, false
+ }
+ return o.HandledAt, true
+}
+
+// HasHandledAt returns a boolean if a field has been set.
+func (o *VerifyUserCodeRequest) HasHandledAt() bool {
+ if o != nil && !IsNil(o.HandledAt) {
+ return true
+ }
+
+ return false
+}
+
+// SetHandledAt gets a reference to the given time.Time and assigns it to the HandledAt field.
+func (o *VerifyUserCodeRequest) SetHandledAt(v time.Time) {
+ o.HandledAt = &v
+}
+
+// GetRequestUrl returns the RequestUrl field value if set, zero value otherwise.
+func (o *VerifyUserCodeRequest) GetRequestUrl() string {
+ if o == nil || IsNil(o.RequestUrl) {
+ var ret string
+ return ret
+ }
+ return *o.RequestUrl
+}
+
+// GetRequestUrlOk returns a tuple with the RequestUrl field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserCodeRequest) GetRequestUrlOk() (*string, bool) {
+ if o == nil || IsNil(o.RequestUrl) {
+ return nil, false
+ }
+ return o.RequestUrl, true
+}
+
+// HasRequestUrl returns a boolean if a field has been set.
+func (o *VerifyUserCodeRequest) HasRequestUrl() bool {
+ if o != nil && !IsNil(o.RequestUrl) {
+ return true
+ }
+
+ return false
+}
+
+// SetRequestUrl gets a reference to the given string and assigns it to the RequestUrl field.
+func (o *VerifyUserCodeRequest) SetRequestUrl(v string) {
+ o.RequestUrl = &v
+}
+
+// GetRequestedAccessTokenAudience returns the RequestedAccessTokenAudience field value if set, zero value otherwise.
+func (o *VerifyUserCodeRequest) GetRequestedAccessTokenAudience() []string {
+ if o == nil || IsNil(o.RequestedAccessTokenAudience) {
+ var ret []string
+ return ret
+ }
+ return o.RequestedAccessTokenAudience
+}
+
+// GetRequestedAccessTokenAudienceOk returns a tuple with the RequestedAccessTokenAudience field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserCodeRequest) GetRequestedAccessTokenAudienceOk() ([]string, bool) {
+ if o == nil || IsNil(o.RequestedAccessTokenAudience) {
+ return nil, false
+ }
+ return o.RequestedAccessTokenAudience, true
+}
+
+// HasRequestedAccessTokenAudience returns a boolean if a field has been set.
+func (o *VerifyUserCodeRequest) HasRequestedAccessTokenAudience() bool {
+ if o != nil && !IsNil(o.RequestedAccessTokenAudience) {
+ return true
+ }
+
+ return false
+}
+
+// SetRequestedAccessTokenAudience gets a reference to the given []string and assigns it to the RequestedAccessTokenAudience field.
+func (o *VerifyUserCodeRequest) SetRequestedAccessTokenAudience(v []string) {
+ o.RequestedAccessTokenAudience = v
+}
+
+// GetRequestedScope returns the RequestedScope field value if set, zero value otherwise.
+func (o *VerifyUserCodeRequest) GetRequestedScope() []string {
+ if o == nil || IsNil(o.RequestedScope) {
+ var ret []string
+ return ret
+ }
+ return o.RequestedScope
+}
+
+// GetRequestedScopeOk returns a tuple with the RequestedScope field value if set, nil otherwise
+// and a boolean to check if the value has been set.
+func (o *VerifyUserCodeRequest) GetRequestedScopeOk() ([]string, bool) {
+ if o == nil || IsNil(o.RequestedScope) {
+ return nil, false
+ }
+ return o.RequestedScope, true
+}
+
+// HasRequestedScope returns a boolean if a field has been set.
+func (o *VerifyUserCodeRequest) HasRequestedScope() bool {
+ if o != nil && !IsNil(o.RequestedScope) {
+ return true
+ }
+
+ return false
+}
+
+// SetRequestedScope gets a reference to the given []string and assigns it to the RequestedScope field.
+func (o *VerifyUserCodeRequest) SetRequestedScope(v []string) {
+ o.RequestedScope = v
+}
+
+func (o VerifyUserCodeRequest) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o VerifyUserCodeRequest) ToMap() (map[string]interface{}, error) {
+ toSerialize := map[string]interface{}{}
+ if !IsNil(o.Challenge) {
+ toSerialize["challenge"] = o.Challenge
+ }
+ if !IsNil(o.Client) {
+ toSerialize["client"] = o.Client
+ }
+ if !IsNil(o.DeviceCodeRequestId) {
+ toSerialize["device_code_request_id"] = o.DeviceCodeRequestId
+ }
+ if !IsNil(o.HandledAt) {
+ toSerialize["handled_at"] = o.HandledAt
+ }
+ if !IsNil(o.RequestUrl) {
+ toSerialize["request_url"] = o.RequestUrl
+ }
+ if !IsNil(o.RequestedAccessTokenAudience) {
+ toSerialize["requested_access_token_audience"] = o.RequestedAccessTokenAudience
+ }
+ if !IsNil(o.RequestedScope) {
+ toSerialize["requested_scope"] = o.RequestedScope
+ }
+ return toSerialize, nil
+}
+
+type NullableVerifyUserCodeRequest struct {
+ value *VerifyUserCodeRequest
+ isSet bool
+}
+
+func (v NullableVerifyUserCodeRequest) Get() *VerifyUserCodeRequest {
+ return v.value
+}
+
+func (v *NullableVerifyUserCodeRequest) Set(val *VerifyUserCodeRequest) {
+ v.value = val
+ v.isSet = true
+}
+
+func (v NullableVerifyUserCodeRequest) IsSet() bool {
+ return v.isSet
+}
+
+func (v *NullableVerifyUserCodeRequest) Unset() {
+ v.value = nil
+ v.isSet = false
+}
+
+func NewNullableVerifyUserCodeRequest(val *VerifyUserCodeRequest) *NullableVerifyUserCodeRequest {
+ return &NullableVerifyUserCodeRequest{value: val, isSet: true}
+}
+
+func (v NullableVerifyUserCodeRequest) MarshalJSON() ([]byte, error) {
+ return json.Marshal(v.value)
+}
+
+func (v *NullableVerifyUserCodeRequest) UnmarshalJSON(src []byte) error {
+ v.isSet = true
+ return json.Unmarshal(src, &v.value)
+}
diff --git a/internal/httpclient/model_version.go b/internal/httpclient/model_version.go
index 4e307b565e1..852862bcf07 100644
--- a/internal/httpclient/model_version.go
+++ b/internal/httpclient/model_version.go
@@ -15,6 +15,9 @@ import (
"encoding/json"
)
+// checks if the Version type satisfies the MappedNullable interface at compile time
+var _ MappedNullable = &Version{}
+
// Version struct for Version
type Version struct {
// Version is the service's version.
@@ -40,7 +43,7 @@ func NewVersionWithDefaults() *Version {
// GetVersion returns the Version field value if set, zero value otherwise.
func (o *Version) GetVersion() string {
- if o == nil || o.Version == nil {
+ if o == nil || IsNil(o.Version) {
var ret string
return ret
}
@@ -50,7 +53,7 @@ func (o *Version) GetVersion() string {
// GetVersionOk returns a tuple with the Version field value if set, nil otherwise
// and a boolean to check if the value has been set.
func (o *Version) GetVersionOk() (*string, bool) {
- if o == nil || o.Version == nil {
+ if o == nil || IsNil(o.Version) {
return nil, false
}
return o.Version, true
@@ -58,7 +61,7 @@ func (o *Version) GetVersionOk() (*string, bool) {
// HasVersion returns a boolean if a field has been set.
func (o *Version) HasVersion() bool {
- if o != nil && o.Version != nil {
+ if o != nil && !IsNil(o.Version) {
return true
}
@@ -71,11 +74,19 @@ func (o *Version) SetVersion(v string) {
}
func (o Version) MarshalJSON() ([]byte, error) {
+ toSerialize, err := o.ToMap()
+ if err != nil {
+ return []byte{}, err
+ }
+ return json.Marshal(toSerialize)
+}
+
+func (o Version) ToMap() (map[string]interface{}, error) {
toSerialize := map[string]interface{}{}
- if o.Version != nil {
+ if !IsNil(o.Version) {
toSerialize["version"] = o.Version
}
- return json.Marshal(toSerialize)
+ return toSerialize, nil
}
type NullableVersion struct {
diff --git a/internal/httpclient/utils.go b/internal/httpclient/utils.go
index 79275ec55ec..e56504bad62 100644
--- a/internal/httpclient/utils.go
+++ b/internal/httpclient/utils.go
@@ -13,6 +13,7 @@ package openapi
import (
"encoding/json"
+ "reflect"
"time"
)
@@ -327,3 +328,21 @@ func (v *NullableTime) UnmarshalJSON(src []byte) error {
v.isSet = true
return json.Unmarshal(src, &v.value)
}
+
+// IsNil checks if an input is nil
+func IsNil(i interface{}) bool {
+ if i == nil {
+ return true
+ }
+ switch reflect.TypeOf(i).Kind() {
+ case reflect.Chan, reflect.Func, reflect.Map, reflect.Ptr, reflect.UnsafePointer, reflect.Interface, reflect.Slice:
+ return reflect.ValueOf(i).IsNil()
+ case reflect.Array:
+ return reflect.ValueOf(i).IsZero()
+ }
+ return false
+}
+
+type MappedNullable interface {
+ ToMap() (map[string]interface{}, error)
+}
diff --git a/internal/kratos/fake_kratos.go b/internal/kratos/fake_kratos.go
index bffad0696f0..2303320c305 100644
--- a/internal/kratos/fake_kratos.go
+++ b/internal/kratos/fake_kratos.go
@@ -7,6 +7,7 @@ import (
"context"
"github.com/ory/fosite"
+ client "github.com/ory/kratos-client-go"
)
type (
@@ -17,9 +18,10 @@ type (
)
const (
- FakeSessionID = "fake-kratos-session-id"
- FakeUsername = "fake-kratos-username"
- FakePassword = "fake-kratos-password" // nolint: gosec
+ FakeSessionID = "fake-kratos-session-id"
+ FakeUsername = "fake-kratos-username"
+ FakePassword = "fake-kratos-password" // nolint: gosec
+ FakeIdentityID = "fake-kratos-identity-id"
)
var _ Client = new(FakeKratos)
@@ -35,11 +37,11 @@ func (f *FakeKratos) DisableSession(_ context.Context, identityProviderSessionID
return nil
}
-func (f *FakeKratos) Authenticate(_ context.Context, username, password string) error {
+func (f *FakeKratos) Authenticate(_ context.Context, username, password string) (*client.Session, error) {
if username == FakeUsername && password == FakePassword {
- return nil
+ return &client.Session{Identity: &client.Identity{Id: FakeIdentityID}}, nil
}
- return fosite.ErrNotFound
+ return nil, fosite.ErrNotFound
}
func (f *FakeKratos) Reset() {
diff --git a/internal/kratos/kratos.go b/internal/kratos/kratos.go
index 898fc54b480..04e8fbfcdfb 100644
--- a/internal/kratos/kratos.go
+++ b/internal/kratos/kratos.go
@@ -31,7 +31,7 @@ type (
}
Client interface {
DisableSession(ctx context.Context, identityProviderSessionID string) error
- Authenticate(ctx context.Context, name, secret string) error
+ Authenticate(ctx context.Context, name, secret string) (*client.Session, error)
}
Default struct {
dependencies
@@ -42,7 +42,7 @@ func New(d dependencies) Client {
return &Default{dependencies: d}
}
-func (k *Default) Authenticate(ctx context.Context, name, secret string) (err error) {
+func (k *Default) Authenticate(ctx context.Context, name, secret string) (session *client.Session, err error) {
ctx, span := k.Tracer(ctx).Tracer().Start(ctx, "kratos.Authenticate")
otelx.End(span, &err)
@@ -52,17 +52,17 @@ func (k *Default) Authenticate(ctx context.Context, name, secret string) (err er
span.SetAttributes(attribute.Bool("skipped", true))
span.SetAttributes(attribute.String("reason", "kratos public url not set"))
- return errors.New("kratos public url not set")
+ return nil, errors.New("kratos public url not set")
}
kratos := k.newKratosClient(ctx, publicURL)
- flow, _, err := kratos.FrontendApi.CreateNativeLoginFlow(ctx).Execute()
+ flow, _, err := kratos.FrontendAPI.CreateNativeLoginFlow(ctx).Execute()
if err != nil {
- return err
+ return nil, err
}
- _, _, err = kratos.FrontendApi.UpdateLoginFlow(ctx).Flow(flow.Id).UpdateLoginFlowBody(client.UpdateLoginFlowBody{
+ res, _, err := kratos.FrontendAPI.UpdateLoginFlow(ctx).Flow(flow.Id).UpdateLoginFlowBody(client.UpdateLoginFlowBody{
UpdateLoginFlowWithPasswordMethod: &client.UpdateLoginFlowWithPasswordMethod{
Method: "password",
Identifier: name,
@@ -70,10 +70,10 @@ func (k *Default) Authenticate(ctx context.Context, name, secret string) (err er
},
}).Execute()
if err != nil {
- return fosite.ErrNotFound.WithWrap(err)
+ return nil, fosite.ErrNotFound.WithWrap(err)
}
- return nil
+ return &res.Session, nil
}
func (k *Default) DisableSession(ctx context.Context, identityProviderSessionID string) (err error) {
@@ -101,7 +101,7 @@ func (k *Default) DisableSession(ctx context.Context, identityProviderSessionID
configuration.HTTPClient.Transport = httpx.WrapTransportWithHeader(configuration.HTTPClient.Transport, header)
}
kratos := client.NewAPIClient(configuration)
- _, err = kratos.IdentityApi.DisableSession(ctx, identityProviderSessionID).Execute()
+ _, err = kratos.IdentityAPI.DisableSession(ctx, identityProviderSessionID).Execute()
return err
}
diff --git a/internal/mock/config_cookie.go b/internal/mock/config_cookie.go
index 5fab6d1d7dc..d146e10cd6e 100644
--- a/internal/mock/config_cookie.go
+++ b/internal/mock/config_cookie.go
@@ -1,8 +1,8 @@
-// Copyright © 2022 Ory Corp
+// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0
// Code generated by MockGen. DO NOT EDIT.
-// Source: github.com/ory/hydra/x (interfaces: CookieConfigProvider)
+// Source: github.com/ory/hydra/v2/x (interfaces: CookieConfigProvider)
// Package mock is a generated GoMock package.
package mock
diff --git a/internal/testhelpers/janitor_test_helper.go b/internal/testhelpers/janitor_test_helper.go
index f70d7c27495..a13e21d8087 100644
--- a/internal/testhelpers/janitor_test_helper.go
+++ b/internal/testhelpers/janitor_test_helper.go
@@ -193,7 +193,7 @@ func (j *JanitorConsentTestHelper) LoginRejectionSetup(ctx context.Context, reg
// Create login requests
for _, r := range j.flushLoginRequests {
require.NoError(t, cl.CreateClient(ctx, r.Client))
- f, err := cm.CreateLoginRequest(ctx, r)
+ f, err := cm.CreateLoginRequest(ctx, nil, r)
require.NoError(t, err)
f.RequestedAt = time.Now() // we won't handle expired flows
@@ -247,7 +247,7 @@ func (j *JanitorConsentTestHelper) LimitSetup(ctx context.Context, reg interface
// Create login requests
for _, r := range j.flushLoginRequests {
require.NoError(t, cl.CreateClient(ctx, r.Client))
- f, err = cm.CreateLoginRequest(ctx, r)
+ f, err = cm.CreateLoginRequest(ctx, nil, r)
require.NoError(t, err)
// Reject each request
@@ -291,7 +291,7 @@ func (j *JanitorConsentTestHelper) ConsentRejectionSetup(ctx context.Context, re
// Create login requests
for i, loginRequest := range j.flushLoginRequests {
require.NoError(t, cl.CreateClient(ctx, loginRequest.Client))
- f, err = cm.CreateLoginRequest(ctx, loginRequest)
+ f, err = cm.CreateLoginRequest(ctx, nil, loginRequest)
require.NoError(t, err)
// Create consent requests
@@ -346,7 +346,7 @@ func (j *JanitorConsentTestHelper) LoginTimeoutSetup(ctx context.Context, reg in
// Create login requests
for i, loginRequest := range j.flushLoginRequests {
require.NoError(t, cl.CreateClient(ctx, loginRequest.Client))
- f, err = cm.CreateLoginRequest(ctx, loginRequest)
+ f, err = cm.CreateLoginRequest(ctx, nil, loginRequest)
require.NoError(t, err)
if i == 0 {
@@ -387,7 +387,7 @@ func (j *JanitorConsentTestHelper) ConsentTimeoutSetup(ctx context.Context, reg
// Let's reset and accept all login requests to test the consent requests
for i, loginRequest := range j.flushLoginRequests {
require.NoError(t, cl.CreateClient(ctx, loginRequest.Client))
- f, err := cm.CreateLoginRequest(ctx, loginRequest)
+ f, err := cm.CreateLoginRequest(ctx, nil, loginRequest)
require.NoError(t, err)
f.RequestedAt = time.Now() // we won't handle expired flows
challenge := x.Must(f.ToLoginChallenge(ctx, reg))
@@ -439,7 +439,7 @@ func (j *JanitorConsentTestHelper) LoginConsentNotAfterSetup(ctx context.Context
)
for _, r := range j.flushLoginRequests {
require.NoError(t, cl.CreateClient(ctx, r.Client))
- f, err = cm.CreateLoginRequest(ctx, r)
+ f, err = cm.CreateLoginRequest(ctx, nil, r)
require.NoError(t, err)
}
@@ -471,7 +471,7 @@ func (j *JanitorConsentTestHelper) LoginConsentNotAfterValidate(
t.Logf("login flush check:\nNotAfter: %s\nLoginRequest: %s\nis expired: %v\n%+v\n",
notAfter.String(), consentRequestLifespan.String(), isExpired, r)
- f = x.Must(reg.ConsentManager().CreateLoginRequest(ctx, r))
+ f = x.Must(reg.ConsentManager().CreateLoginRequest(ctx, nil, r))
loginChallenge := x.Must(f.ToLoginChallenge(ctx, reg))
_, err = reg.ConsentManager().GetLoginRequest(ctx, loginChallenge)
diff --git a/internal/testhelpers/lifespans.go b/internal/testhelpers/lifespans.go
index 86477c90b09..e2ba8a218c4 100644
--- a/internal/testhelpers/lifespans.go
+++ b/internal/testhelpers/lifespans.go
@@ -11,16 +11,19 @@ import (
)
var TestLifespans = client.Lifespans{
- AuthorizationCodeGrantAccessTokenLifespan: x.NullDuration{Duration: 31 * time.Hour, Valid: true},
- AuthorizationCodeGrantIDTokenLifespan: x.NullDuration{Duration: 32 * time.Hour, Valid: true},
- AuthorizationCodeGrantRefreshTokenLifespan: x.NullDuration{Duration: 33 * time.Hour, Valid: true},
- ClientCredentialsGrantAccessTokenLifespan: x.NullDuration{Duration: 34 * time.Hour, Valid: true},
- ImplicitGrantAccessTokenLifespan: x.NullDuration{Duration: 35 * time.Hour, Valid: true},
- ImplicitGrantIDTokenLifespan: x.NullDuration{Duration: 36 * time.Hour, Valid: true},
- JwtBearerGrantAccessTokenLifespan: x.NullDuration{Duration: 37 * time.Hour, Valid: true},
- PasswordGrantAccessTokenLifespan: x.NullDuration{Duration: 38 * time.Hour, Valid: true},
- PasswordGrantRefreshTokenLifespan: x.NullDuration{Duration: 39 * time.Hour, Valid: true},
- RefreshTokenGrantIDTokenLifespan: x.NullDuration{Duration: 40 * time.Hour, Valid: true},
- RefreshTokenGrantAccessTokenLifespan: x.NullDuration{Duration: 41 * time.Hour, Valid: true},
- RefreshTokenGrantRefreshTokenLifespan: x.NullDuration{Duration: 42 * time.Hour, Valid: true},
+ AuthorizationCodeGrantAccessTokenLifespan: x.NullDuration{Duration: 31 * time.Hour, Valid: true},
+ AuthorizationCodeGrantIDTokenLifespan: x.NullDuration{Duration: 32 * time.Hour, Valid: true},
+ AuthorizationCodeGrantRefreshTokenLifespan: x.NullDuration{Duration: 33 * time.Hour, Valid: true},
+ ClientCredentialsGrantAccessTokenLifespan: x.NullDuration{Duration: 34 * time.Hour, Valid: true},
+ ImplicitGrantAccessTokenLifespan: x.NullDuration{Duration: 35 * time.Hour, Valid: true},
+ ImplicitGrantIDTokenLifespan: x.NullDuration{Duration: 36 * time.Hour, Valid: true},
+ JwtBearerGrantAccessTokenLifespan: x.NullDuration{Duration: 37 * time.Hour, Valid: true},
+ PasswordGrantAccessTokenLifespan: x.NullDuration{Duration: 38 * time.Hour, Valid: true},
+ PasswordGrantRefreshTokenLifespan: x.NullDuration{Duration: 39 * time.Hour, Valid: true},
+ RefreshTokenGrantIDTokenLifespan: x.NullDuration{Duration: 40 * time.Hour, Valid: true},
+ RefreshTokenGrantAccessTokenLifespan: x.NullDuration{Duration: 41 * time.Hour, Valid: true},
+ RefreshTokenGrantRefreshTokenLifespan: x.NullDuration{Duration: 42 * time.Hour, Valid: true},
+ DeviceAuthorizationGrantIDTokenLifespan: x.NullDuration{Duration: 45 * time.Hour, Valid: true},
+ DeviceAuthorizationGrantAccessTokenLifespan: x.NullDuration{Duration: 46 * time.Hour, Valid: true},
+ DeviceAuthorizationGrantRefreshTokenLifespan: x.NullDuration{Duration: 47 * time.Hour, Valid: true},
}
diff --git a/internal/testhelpers/oauth2.go b/internal/testhelpers/oauth2.go
index 41f0ddaec8e..1ec0b266f76 100644
--- a/internal/testhelpers/oauth2.go
+++ b/internal/testhelpers/oauth2.go
@@ -169,6 +169,17 @@ func NewLoginConsentUI(t testing.TB, c *config.DefaultProvider, login, consent h
c.MustSet(context.Background(), config.KeyConsentURL, ct.URL)
}
+func NewDeviceLoginConsentUI(t testing.TB, c *config.DefaultProvider, device, login, consent http.HandlerFunc) {
+ if device == nil {
+ device = HTTPServerNotImplementedHandler
+ }
+ dt := httptest.NewServer(device)
+ t.Cleanup(dt.Close)
+ c.MustSet(context.Background(), config.KeyDeviceVerificationURL, dt.URL)
+
+ NewLoginConsentUI(t, c, login, consent)
+}
+
func NewCallbackURL(t testing.TB, prefix string, h http.HandlerFunc) string {
if h == nil {
h = HTTPServerNotImplementedHandler
diff --git a/jwk/handler.go b/jwk/handler.go
index 06340e2e0bd..7d48445321e 100644
--- a/jwk/handler.go
+++ b/jwk/handler.go
@@ -80,6 +80,9 @@ func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin, public *httprouterx.
// if enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like
// [node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.
//
+// Adding custom keys requires first creating a keyset via the createJsonWebKeySet operation,
+// and then configuring the webfinger.jwks.broadcast_keys configuration value to include the keyset name.
+//
// Consumes:
// - application/json
//
diff --git a/jwk/manager.go b/jwk/manager.go
index 74ad8fd98da..a8f3c6aacb1 100644
--- a/jwk/manager.go
+++ b/jwk/manager.go
@@ -5,9 +5,16 @@ package jwk
import (
"context"
+ "encoding/json"
"net/http"
"time"
+ "github.com/pkg/errors"
+
+ "github.com/ory/hydra/v2/aead"
+ "github.com/ory/hydra/v2/x"
+ "github.com/ory/x/errorsx"
+
jose "github.com/go-jose/go-jose/v3"
"github.com/gofrs/uuid"
@@ -64,8 +71,38 @@ type (
CreatedAt time.Time `db:"created_at"`
Key string `db:"keydata"`
}
+
+ SQLDataRows []SQLData
)
func (d SQLData) TableName() string {
return "hydra_jwk"
}
+
+func (d SQLDataRows) ToJWK(ctx context.Context, r interface {
+ KeyCipher() *aead.AESGCM
+}) (keys *jose.JSONWebKeySet, err error) {
+ if len(d) == 0 {
+ return nil, errors.Wrap(x.ErrNotFound, "")
+ }
+
+ keys = &jose.JSONWebKeySet{Keys: []jose.JSONWebKey{}}
+ for _, d := range d {
+ key, err := r.KeyCipher().Decrypt(ctx, d.Key, nil)
+ if err != nil {
+ return nil, errorsx.WithStack(err)
+ }
+
+ var c jose.JSONWebKey
+ if err := json.Unmarshal(key, &c); err != nil {
+ return nil, errorsx.WithStack(err)
+ }
+ keys.Keys = append(keys.Keys, c)
+ }
+
+ if len(keys.Keys) == 0 {
+ return nil, errorsx.WithStack(x.ErrNotFound)
+ }
+
+ return keys, nil
+}
diff --git a/jwk/manager_strategy.go b/jwk/manager_strategy.go
index 013e5f99c6e..2519ba3d151 100644
--- a/jwk/manager_strategy.go
+++ b/jwk/manager_strategy.go
@@ -9,6 +9,8 @@ import (
"github.com/go-jose/go-jose/v3"
"github.com/pkg/errors"
"go.opentelemetry.io/otel"
+ "go.opentelemetry.io/otel/attribute"
+ "go.opentelemetry.io/otel/trace"
"github.com/ory/hydra/v2/x"
"github.com/ory/x/otelx"
@@ -28,72 +30,52 @@ func NewManagerStrategy(hardwareKeyManager Manager, softwareKeyManager Manager)
}
}
-func (m ManagerStrategy) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg, use string) (*jose.JSONWebKeySet, error) {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- "kid": kid,
- "alg": alg,
- "use": use,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg, use string) (_ *jose.JSONWebKeySet, err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", kid),
+ attribute.String("alg", alg),
+ attribute.String("use", use)))
+ defer otelx.End(span, &err)
return m.hardwareKeyManager.GenerateAndPersistKeySet(ctx, set, kid, alg, use)
}
-func (m ManagerStrategy) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.AddKey", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
return m.softwareKeyManager.AddKey(ctx, set, key)
}
-func (m ManagerStrategy) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.AddKeySet", trace.WithAttributes(attribute.String("set", set)))
+ otelx.End(span, &err)
return m.softwareKeyManager.AddKeySet(ctx, set, keys)
}
-func (m ManagerStrategy) UpdateKey(ctx context.Context, set string, key *jose.JSONWebKey) error {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) UpdateKey(ctx context.Context, set string, key *jose.JSONWebKey) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.UpdateKey", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
return m.softwareKeyManager.UpdateKey(ctx, set, key)
}
-func (m ManagerStrategy) UpdateKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) UpdateKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.UpdateKeySet", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
return m.softwareKeyManager.UpdateKeySet(ctx, set, keys)
}
-func (m ManagerStrategy) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error) {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- "kid": kid,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) GetKey(ctx context.Context, set, kid string) (_ *jose.JSONWebKeySet, err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GetKey",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", kid)))
+ defer otelx.End(span, &err)
keySet, err := m.hardwareKeyManager.GetKey(ctx, set, kid)
if err != nil && !errors.Is(err, x.ErrNotFound) {
@@ -105,13 +87,9 @@ func (m ManagerStrategy) GetKey(ctx context.Context, set, kid string) (*jose.JSO
}
}
-func (m ManagerStrategy) GetKeySet(ctx context.Context, set string) (*jose.JSONWebKeySet, error) {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) GetKeySet(ctx context.Context, set string) (_ *jose.JSONWebKeySet, err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GetKeySet", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
keySet, err := m.hardwareKeyManager.GetKeySet(ctx, set)
if err != nil && !errors.Is(err, x.ErrNotFound) {
@@ -123,16 +101,14 @@ func (m ManagerStrategy) GetKeySet(ctx context.Context, set string) (*jose.JSONW
}
}
-func (m ManagerStrategy) DeleteKey(ctx context.Context, set, kid string) error {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- "kid": kid,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) DeleteKey(ctx context.Context, set, kid string) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.DeleteKey",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", kid)))
+ defer otelx.End(span, &err)
- err := m.hardwareKeyManager.DeleteKey(ctx, set, kid)
+ err = m.hardwareKeyManager.DeleteKey(ctx, set, kid)
if err != nil && !errors.Is(err, x.ErrNotFound) {
return err
} else if errors.Is(err, x.ErrNotFound) {
@@ -142,15 +118,11 @@ func (m ManagerStrategy) DeleteKey(ctx context.Context, set, kid string) error {
}
}
-func (m ManagerStrategy) DeleteKeySet(ctx context.Context, set string) error {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.GenerateAndPersistKeySet")
- defer span.End()
- attrs := map[string]string{
- "set": set,
- }
- span.SetAttributes(otelx.StringAttrs(attrs)...)
+func (m ManagerStrategy) DeleteKeySet(ctx context.Context, set string) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "jwk.DeleteKeySet", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
- err := m.hardwareKeyManager.DeleteKeySet(ctx, set)
+ err = m.hardwareKeyManager.DeleteKeySet(ctx, set)
if err != nil && !errors.Is(err, x.ErrNotFound) {
return err
} else if errors.Is(err, x.ErrNotFound) {
diff --git a/jwk/registry_mock_test.go b/jwk/registry_mock_test.go
index c305fd18167..f9624dc2b75 100644
--- a/jwk/registry_mock_test.go
+++ b/jwk/registry_mock_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2022 Ory Corp
+// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0
// Code generated by MockGen. DO NOT EDIT.
@@ -13,7 +13,7 @@ import (
gomock "github.com/golang/mock/gomock"
herodot "github.com/ory/herodot"
- "github.com/ory/hydra/v2/aead"
+ aead "github.com/ory/hydra/v2/aead"
config "github.com/ory/hydra/v2/driver/config"
jwk "github.com/ory/hydra/v2/jwk"
logrusx "github.com/ory/x/logrusx"
diff --git a/jwk/sdk_test.go b/jwk/sdk_test.go
index 46d1cc81448..f7f7d6a21e8 100644
--- a/jwk/sdk_test.go
+++ b/jwk/sdk_test.go
@@ -9,18 +9,15 @@ import (
"net/http/httptest"
"testing"
- "github.com/ory/hydra/v2/driver/config"
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
hydra "github.com/ory/hydra-client-go/v2"
-
+ "github.com/ory/hydra/v2/driver/config"
"github.com/ory/hydra/v2/internal"
+ . "github.com/ory/hydra/v2/jwk"
"github.com/ory/hydra/v2/x"
"github.com/ory/x/contextx"
-
- "github.com/stretchr/testify/assert"
- "github.com/stretchr/testify/require"
-
- . "github.com/ory/hydra/v2/jwk"
)
func TestJWKSDK(t *testing.T) {
@@ -45,7 +42,7 @@ func TestJWKSDK(t *testing.T) {
t.Parallel()
t.Run("CreateJwkSetKey", func(t *testing.T) {
// Create a key called set-foo
- resultKeys, _, err := sdk.JwkApi.CreateJsonWebKeySet(context.Background(), "set-foo").CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
+ resultKeys, _, err := sdk.JwkAPI.CreateJsonWebKeySet(context.Background(), "set-foo").CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
Alg: "RS256",
Kid: "key-bar",
Use: "sig",
@@ -59,7 +56,7 @@ func TestJWKSDK(t *testing.T) {
var resultKeys *hydra.JsonWebKeySet
t.Run("GetJwkSetKey after create", func(t *testing.T) {
- result, _, err := sdk.JwkApi.GetJsonWebKey(ctx, "set-foo", expectedKid).Execute()
+ result, _, err := sdk.JwkAPI.GetJsonWebKey(ctx, "set-foo", expectedKid).Execute()
require.NoError(t, err)
require.Len(t, result.Keys, 1)
require.Equal(t, expectedKid, result.Keys[0].Kid)
@@ -75,19 +72,19 @@ func TestJWKSDK(t *testing.T) {
require.Len(t, resultKeys.Keys, 1)
resultKeys.Keys[0].Alg = "ES256"
- resultKey, _, err := sdk.JwkApi.SetJsonWebKey(ctx, "set-foo", expectedKid).JsonWebKey(resultKeys.Keys[0]).Execute()
+ resultKey, _, err := sdk.JwkAPI.SetJsonWebKey(ctx, "set-foo", expectedKid).JsonWebKey(resultKeys.Keys[0]).Execute()
require.NoError(t, err)
assert.Equal(t, expectedKid, resultKey.Kid)
assert.Equal(t, "ES256", resultKey.Alg)
})
t.Run("DeleteJwkSetKey after delete", func(t *testing.T) {
- _, err := sdk.JwkApi.DeleteJsonWebKey(ctx, "set-foo", expectedKid).Execute()
+ _, err := sdk.JwkAPI.DeleteJsonWebKey(ctx, "set-foo", expectedKid).Execute()
require.NoError(t, err)
})
t.Run("GetJwkSetKey after delete", func(t *testing.T) {
- _, res, err := sdk.JwkApi.GetJsonWebKey(ctx, "set-foo", expectedKid).Execute()
+ _, res, err := sdk.JwkAPI.GetJsonWebKey(ctx, "set-foo", expectedKid).Execute()
require.Error(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
})
@@ -97,9 +94,10 @@ func TestJWKSDK(t *testing.T) {
t.Run("JWK Set", func(t *testing.T) {
t.Parallel()
t.Run("CreateJwkSetKey", func(t *testing.T) {
- resultKeys, _, err := sdk.JwkApi.CreateJsonWebKeySet(ctx, "set-foo2").CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
+ resultKeys, _, err := sdk.JwkAPI.CreateJsonWebKeySet(ctx, "set-foo2").CreateJsonWebKeySet(hydra.CreateJsonWebKeySet{
Alg: "RS256",
Kid: "key-bar",
+ Use: "sig",
}).Execute()
require.NoError(t, err)
require.Len(t, resultKeys.Keys, 1)
@@ -107,7 +105,7 @@ func TestJWKSDK(t *testing.T) {
assert.Equal(t, "RS256", resultKeys.Keys[0].Alg)
})
- resultKeys, _, err := sdk.JwkApi.GetJsonWebKeySet(ctx, "set-foo2").Execute()
+ resultKeys, _, err := sdk.JwkAPI.GetJsonWebKeySet(ctx, "set-foo2").Execute()
t.Run("GetJwkSet after create", func(t *testing.T) {
require.NoError(t, err)
if conf.HSMEnabled() {
@@ -128,7 +126,7 @@ func TestJWKSDK(t *testing.T) {
require.Len(t, resultKeys.Keys, 1)
resultKeys.Keys[0].Alg = "ES256"
- result, _, err := sdk.JwkApi.SetJsonWebKeySet(ctx, "set-foo2").JsonWebKeySet(*resultKeys).Execute()
+ result, _, err := sdk.JwkAPI.SetJsonWebKeySet(ctx, "set-foo2").JsonWebKeySet(*resultKeys).Execute()
require.NoError(t, err)
require.Len(t, result.Keys, 1)
assert.Equal(t, expectedKid, result.Keys[0].Kid)
@@ -136,18 +134,18 @@ func TestJWKSDK(t *testing.T) {
})
t.Run("DeleteJwkSet", func(t *testing.T) {
- _, err := sdk.JwkApi.DeleteJsonWebKeySet(ctx, "set-foo2").Execute()
+ _, err := sdk.JwkAPI.DeleteJsonWebKeySet(ctx, "set-foo2").Execute()
require.NoError(t, err)
})
t.Run("GetJwkSet after delete", func(t *testing.T) {
- _, res, err := sdk.JwkApi.GetJsonWebKeySet(ctx, "set-foo2").Execute()
+ _, res, err := sdk.JwkAPI.GetJsonWebKeySet(ctx, "set-foo2").Execute()
require.Error(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
})
t.Run("GetJwkSetKey after delete", func(t *testing.T) {
- _, res, err := sdk.JwkApi.GetJsonWebKey(ctx, "set-foo2", expectedKid).Execute()
+ _, res, err := sdk.JwkAPI.GetJsonWebKey(ctx, "set-foo2", expectedKid).Execute()
require.Error(t, err)
assert.Equal(t, http.StatusNotFound, res.StatusCode)
})
diff --git a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json
index 1133cbe7f21..3748c3744f1 100644
--- a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json
+++ b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json
@@ -44,6 +44,10 @@
"grant_types": [
"refresh_token"
],
- "payload": {}
+ "payload": {
+ "grant_type": [
+ "refresh_token"
+ ]
+ }
}
}
diff --git a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json
index 1133cbe7f21..3748c3744f1 100644
--- a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json
+++ b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json
@@ -44,6 +44,10 @@
"grant_types": [
"refresh_token"
],
- "payload": {}
+ "payload": {
+ "grant_type": [
+ "refresh_token"
+ ]
+ }
}
}
diff --git a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json
index 1133cbe7f21..3748c3744f1 100644
--- a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json
+++ b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=jwt-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json
@@ -44,6 +44,10 @@
"grant_types": [
"refresh_token"
],
- "payload": {}
+ "payload": {
+ "grant_type": [
+ "refresh_token"
+ ]
+ }
}
}
diff --git a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json
index 1133cbe7f21..3748c3744f1 100644
--- a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json
+++ b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=0-description=should_pass_request_if_strategy_passes-should_call_refresh_token_hook_if_configured-hook=new.json
@@ -44,6 +44,10 @@
"grant_types": [
"refresh_token"
],
- "payload": {}
+ "payload": {
+ "grant_type": [
+ "refresh_token"
+ ]
+ }
}
}
diff --git a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json
index 1133cbe7f21..3748c3744f1 100644
--- a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json
+++ b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=2-description=should_pass_because_prompt=none_and_max_age_is_less_than_auth_time-should_call_refresh_token_hook_if_configured-hook=new.json
@@ -44,6 +44,10 @@
"grant_types": [
"refresh_token"
],
- "payload": {}
+ "payload": {
+ "grant_type": [
+ "refresh_token"
+ ]
+ }
}
}
diff --git a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json
index 1133cbe7f21..3748c3744f1 100644
--- a/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json
+++ b/oauth2/.snapshots/TestAuthCodeWithMockStrategy-strategy=opaque-case=5-description=should_pass_with_prompt=login_when_authentication_time_is_recent-should_call_refresh_token_hook_if_configured-hook=new.json
@@ -44,6 +44,10 @@
"grant_types": [
"refresh_token"
],
- "payload": {}
+ "payload": {
+ "grant_type": [
+ "refresh_token"
+ ]
+ }
}
}
diff --git a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json
index 215fa018214..177300163a0 100644
--- a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json
+++ b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=false.json
@@ -35,6 +35,7 @@
]
}
],
+ "device_authorization_endpoint": "http://hydra.localhost/oauth2/device/auth",
"end_session_endpoint": "http://hydra.localhost/oauth2/sessions/logout",
"frontchannel_logout_session_supported": true,
"frontchannel_logout_supported": true,
@@ -42,7 +43,8 @@
"authorization_code",
"implicit",
"client_credentials",
- "refresh_token"
+ "refresh_token",
+ "urn:ietf:params:oauth:grant-type:device_code"
],
"id_token_signed_response_alg": [
"RS256"
@@ -63,7 +65,8 @@
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
- "fragment"
+ "fragment",
+ "form_post"
],
"response_types_supported": [
"code",
diff --git a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=true.json b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=true.json
index 215fa018214..177300163a0 100644
--- a/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=true.json
+++ b/oauth2/.snapshots/TestHandlerWellKnown-hsm_enabled=true.json
@@ -35,6 +35,7 @@
]
}
],
+ "device_authorization_endpoint": "http://hydra.localhost/oauth2/device/auth",
"end_session_endpoint": "http://hydra.localhost/oauth2/sessions/logout",
"frontchannel_logout_session_supported": true,
"frontchannel_logout_supported": true,
@@ -42,7 +43,8 @@
"authorization_code",
"implicit",
"client_credentials",
- "refresh_token"
+ "refresh_token",
+ "urn:ietf:params:oauth:grant-type:device_code"
],
"id_token_signed_response_alg": [
"RS256"
@@ -63,7 +65,8 @@
"require_request_uri_registration": true,
"response_modes_supported": [
"query",
- "fragment"
+ "fragment",
+ "form_post"
],
"response_types_supported": [
"code",
diff --git a/oauth2/.snapshots/TestUnmarshalSession-v1.11.8.json b/oauth2/.snapshots/TestUnmarshalSession-v1.11.8.json
index d57fb916727..03e8881ee72 100644
--- a/oauth2/.snapshots/TestUnmarshalSession-v1.11.8.json
+++ b/oauth2/.snapshots/TestUnmarshalSession-v1.11.8.json
@@ -17,7 +17,8 @@
"amr": [],
"c_hash": "",
"ext": {
- "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d"
+ "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d",
+ "timestamp": 1723546027
}
},
"headers": {
diff --git a/oauth2/.snapshots/TestUnmarshalSession-v1.11.9.json b/oauth2/.snapshots/TestUnmarshalSession-v1.11.9.json
index d57fb916727..03e8881ee72 100644
--- a/oauth2/.snapshots/TestUnmarshalSession-v1.11.9.json
+++ b/oauth2/.snapshots/TestUnmarshalSession-v1.11.9.json
@@ -17,7 +17,8 @@
"amr": [],
"c_hash": "",
"ext": {
- "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d"
+ "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d",
+ "timestamp": 1723546027
}
},
"headers": {
diff --git a/oauth2/fixtures/v1.11.8-session.json b/oauth2/fixtures/v1.11.8-session.json
index a7070d03c32..4608026d74e 100644
--- a/oauth2/fixtures/v1.11.8-session.json
+++ b/oauth2/fixtures/v1.11.8-session.json
@@ -15,7 +15,8 @@
"AuthenticationMethodsReferences": [],
"CodeHash": "",
"Extra": {
- "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d"
+ "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d",
+ "timestamp": 1723546027
}
},
"Headers": {
diff --git a/oauth2/fixtures/v1.11.9-session.json b/oauth2/fixtures/v1.11.9-session.json
index 2ded034a556..9636d07b8d6 100644
--- a/oauth2/fixtures/v1.11.9-session.json
+++ b/oauth2/fixtures/v1.11.9-session.json
@@ -15,7 +15,8 @@
"amr": [],
"c_hash": "",
"ext": {
- "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d"
+ "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d",
+ "timestamp": 1723546027
}
},
"headers": {
diff --git a/oauth2/flowctx/cookies.go b/oauth2/flowctx/cookies.go
deleted file mode 100644
index 42609d50019..00000000000
--- a/oauth2/flowctx/cookies.go
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright © 2023 Ory Corp
-// SPDX-License-Identifier: Apache-2.0
-
-package flowctx
-
-import "github.com/ory/hydra/v2/client"
-
-type (
- CookieSuffixer interface {
- CookieSuffix() string
- }
-
- StaticSuffix string
- clientID string
-)
-
-func (s StaticSuffix) CookieSuffix() string { return string(s) }
-func (s clientID) GetID() string { return string(s) }
-
-const (
- loginSessionCookie = "ory_hydra_loginsession"
-)
-
-func LoginSessionCookie(suffix CookieSuffixer) string {
- return loginSessionCookie + "_" + suffix.CookieSuffix()
-}
-
-func SuffixForClient(c client.IDer) StaticSuffix {
- return StaticSuffix(client.CookieSuffix(c))
-}
-
-func SuffixFromStatic(id string) StaticSuffix {
- return SuffixForClient(clientID(id))
-}
diff --git a/oauth2/flowctx/encoding.go b/oauth2/flowctx/encoding.go
index 67d9d51d2a6..8c659ad724e 100644
--- a/oauth2/flowctx/encoding.go
+++ b/oauth2/flowctx/encoding.go
@@ -8,13 +8,10 @@ import (
"compress/gzip"
"context"
"encoding/json"
- "net/http"
"github.com/pkg/errors"
- "github.com/ory/fosite"
"github.com/ory/hydra/v2/aead"
- "github.com/ory/hydra/v2/driver/config"
)
type (
@@ -28,6 +25,8 @@ type (
const (
loginChallenge purpose = iota
loginVerifier
+ deviceChallenge
+ deviceVerifier
consentChallenge
consentVerifier
)
@@ -37,6 +36,8 @@ func withPurpose(purpose purpose) CodecOption { return func(ad *data) { ad.Purpo
var (
AsLoginChallenge = withPurpose(loginChallenge)
AsLoginVerifier = withPurpose(loginVerifier)
+ AsDeviceChallenge = withPurpose(deviceChallenge)
+ AsDeviceVerifier = withPurpose(deviceVerifier)
AsConsentChallenge = withPurpose(consentChallenge)
AsConsentVerifier = withPurpose(consentVerifier)
)
@@ -84,50 +85,21 @@ func Encode(ctx context.Context, cipher aead.Cipher, val any, opts ...CodecOptio
// Steps:
// 1. Encode to JSON
// 2. GZIP
- // 3. Encrypt with AEAD (AES-GCM) + Base64 URL-encode
+ // 3. Encrypt with AEAD (XChaCha20-Poly1305) + Base64 URL-encode
var b bytes.Buffer
- gz := gzip.NewWriter(&b)
+ gz, err := gzip.NewWriterLevel(&b, gzip.BestCompression)
+ if err != nil {
+ return "", err
+ }
if err = json.NewEncoder(gz).Encode(val); err != nil {
return "", err
}
+
if err = gz.Close(); err != nil {
return "", err
}
return cipher.Encrypt(ctx, b.Bytes(), additionalDataFromOpts(opts...))
}
-
-// SetCookie encrypts the given value and sets it in a cookie.
-func SetCookie(ctx context.Context, w http.ResponseWriter, reg interface {
- FlowCipher() *aead.XChaCha20Poly1305
- config.Provider
-}, cookieName string, value any, opts ...CodecOption) error {
- cipher := reg.FlowCipher()
- cookie, err := Encode(ctx, cipher, value, opts...)
- if err != nil {
- return err
- }
-
- http.SetCookie(w, &http.Cookie{
- Name: cookieName,
- Value: cookie,
- HttpOnly: true,
- Domain: reg.Config().CookieDomain(ctx),
- Secure: reg.Config().CookieSecure(ctx),
- SameSite: reg.Config().CookieSameSiteMode(ctx),
- })
-
- return nil
-}
-
-// FromCookie looks up the value stored in the cookie and decodes it.
-func FromCookie[T any](ctx context.Context, r *http.Request, cipher aead.Cipher, cookieName string, opts ...CodecOption) (*T, error) {
- cookie, err := r.Cookie(cookieName)
- if err != nil {
- return nil, errors.WithStack(fosite.ErrInvalidClient.WithHint("No cookie found for this request. Please initiate a new flow and retry."))
- }
-
- return Decode[T](ctx, cipher, cookie.Value, opts...)
-}
diff --git a/oauth2/flowctx/encoding_test.go b/oauth2/flowctx/encoding_test.go
new file mode 100644
index 00000000000..4d2ee89e62a
--- /dev/null
+++ b/oauth2/flowctx/encoding_test.go
@@ -0,0 +1,134 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package flowctx_test
+
+import (
+ "context"
+ "encoding/json"
+ "testing"
+ "time"
+
+ "github.com/gofrs/uuid"
+ "github.com/stretchr/testify/require"
+
+ "github.com/ory/hydra/v2/aead"
+ "github.com/ory/hydra/v2/client"
+ "github.com/ory/hydra/v2/flow"
+ "github.com/ory/hydra/v2/oauth2/flowctx"
+ "github.com/ory/x/pointerx"
+ "github.com/ory/x/sqlxx"
+)
+
+func TestEncoding(t *testing.T) {
+ f := flow.Flow{
+ ID: uuid.Must(uuid.NewV4()).String(),
+ NID: uuid.Must(uuid.NewV4()),
+ RequestedScope: []string{"scope1", "scope2"},
+ RequestedAudience: []string{"https://api.example.org/v1", "https://api.example.org/v2"},
+ LoginSkip: false,
+ Subject: "some-subject@some-idp-somewhere.com",
+ OpenIDConnectContext: &flow.OAuth2ConsentRequestOpenIDConnectContext{
+ ACRValues: []string{"acr1", "acr2"},
+ UILocales: []string{"en-US", "en-GB"},
+ Display: "page",
+ IDTokenHintClaims: map[string]interface{}{"claim1": "value1", "claim2": "value2"},
+ LoginHint: "some-login-hint",
+ },
+ Client: &client.Client{
+ ID: uuid.Must(uuid.NewV4()).String(),
+ NID: uuid.Must(uuid.NewV4()),
+ Name: "some-client-name",
+ Secret: "some-supersafe-secret",
+ RedirectURIs: []string{
+ "https://redirect1.example.org/callback",
+ "https://redirect2.example.org/callback",
+ },
+ GrantTypes: []string{"authorization_code", "refresh_token"},
+ ResponseTypes: []string{"code"},
+ Scope: "scope1 scope2",
+ Audience: sqlxx.StringSliceJSONFormat{"https://api.example.org/v1 https://api.example.org/v2"},
+ Owner: "some-owner",
+ TermsOfServiceURI: "https://tos.example.org",
+ PolicyURI: "https://policy.example.org",
+ ClientURI: "https://client.example.org",
+ LogoURI: "https://logo.example.org",
+ Contacts: []string{"contact1", "contact2"},
+ SubjectType: "public",
+ JSONWebKeysURI: "https://jwks.example.org",
+ JSONWebKeys: nil, // TODO?
+ TokenEndpointAuthMethod: "client_secret_basic",
+ CreatedAt: time.Now(),
+ UpdatedAt: time.Now(),
+ AllowedCORSOrigins: []string{"https://cors1.example.org", "https://cors2.example.org"},
+ Metadata: sqlxx.JSONRawMessage(`{"client-metadata-key1": "val1"}`),
+ AccessTokenStrategy: "jwt",
+ SkipConsent: true,
+ },
+ RequestURL: "https://auth.hydra.local/oauth2/auth?client_id=some-client-id&response_type=code&scope=scope1+scope2&redirect_uri=https%3A%2F%2Fredirect1.example.org%2Fcallback&state=some-state&nonce=some-nonce",
+ SessionID: sqlxx.NullString("some-session-id"),
+ LoginCSRF: uuid.Must(uuid.NewV4()).String(),
+ LoginInitializedAt: sqlxx.NullTime(time.Now()),
+ RequestedAt: time.Now(),
+ State: 1,
+ LoginRemember: true,
+ LoginRememberFor: 3600,
+ Context: sqlxx.JSONRawMessage(`{"context-key1": "val1"}`),
+ GrantedScope: []string{"scope1", "scope2"},
+ GrantedAudience: []string{"https://api.example.org/v1", "https://api.example.org/v2"},
+ ConsentRemember: true,
+ ConsentRememberFor: pointerx.Int(3600),
+ ConsentHandledAt: sqlxx.NullTime(time.Now()),
+ SessionIDToken: sqlxx.MapStringInterface{
+ "session-id-token-key1": "val1",
+ "session-id-token-key2": "val2",
+ uuid.Must(uuid.NewV4()).String(): "val3",
+ uuid.Must(uuid.NewV4()).String(): "val4",
+ uuid.Must(uuid.NewV4()).String(): "val5",
+ },
+ SessionAccessToken: sqlxx.MapStringInterface{
+ "session-access-token-key1": "val1",
+ "session-access-token-key2": "val2",
+ uuid.Must(uuid.NewV4()).String(): "val3",
+ uuid.Must(uuid.NewV4()).String(): "val4",
+ uuid.Must(uuid.NewV4()).String(): "val5",
+ },
+ }
+
+ ctx := context.Background()
+
+ t.Run("with client", func(t *testing.T) {
+ j, err := json.Marshal(f)
+ require.NoError(t, err)
+ t.Logf("Length (JSON): %d", len(j))
+ cp := new(cipherProvider)
+ consentVerifier, err := flowctx.Encode(ctx, cp.FlowCipher(), f, flowctx.AsConsentVerifier)
+ require.NoError(t, err)
+ t.Logf("Length (JSON+GZIP+AEAD): %d", len(consentVerifier))
+ })
+ t.Run("without client", func(t *testing.T) {
+ f := f
+ f.Client = nil
+ j, err := json.Marshal(f)
+ require.NoError(t, err)
+ t.Logf("Length (JSON): %d", len(j))
+ cp := new(cipherProvider)
+ consentVerifier, err := f.ToConsentVerifier(ctx, cp)
+ require.NoError(t, err)
+ t.Logf("Length (JSON+GZIP+AEAD): %d", len(consentVerifier))
+ })
+}
+
+type cipherProvider struct{}
+
+func (c *cipherProvider) FlowCipher() *aead.XChaCha20Poly1305 {
+ return aead.NewXChaCha20Poly1305(c)
+}
+
+func (c *cipherProvider) GetGlobalSecret(context.Context) ([]byte, error) {
+ return []byte("supersecret123456789123456789012"), nil
+}
+
+func (c *cipherProvider) GetRotatedGlobalSecrets(ctx context.Context) ([][]byte, error) {
+ return nil, nil
+}
diff --git a/oauth2/fosite_store_helpers.go b/oauth2/fosite_store_helpers.go
index 55507f09d5e..8f740110a76 100644
--- a/oauth2/fosite_store_helpers.go
+++ b/oauth2/fosite_store_helpers.go
@@ -8,9 +8,12 @@ import (
"crypto/sha256"
"fmt"
"net/url"
+ "slices"
"testing"
"time"
+ "github.com/ory/x/assertx"
+
"github.com/ory/hydra/v2/flow"
"github.com/ory/hydra/v2/jwk"
@@ -22,6 +25,7 @@ import (
"github.com/ory/hydra/v2/oauth2/trust"
+ "github.com/ory/hydra/v2/driver/config"
"github.com/ory/hydra/v2/x"
"github.com/ory/fosite/storage"
@@ -76,16 +80,40 @@ type AssertionJWTReader interface {
SetClientAssertionJWTRaw(context.Context, *BlacklistedJTI) error
}
+var defaultIgnoreKeys = []string{
+ "id",
+ "session",
+ "requested_scope",
+ "granted_scope",
+ "form",
+ "created_at",
+ "updated_at",
+ "client.created_at",
+ "client.updated_at",
+ "requestedAt",
+ "client.client_secret",
+}
+
var defaultRequest = fosite.Request{
- ID: "blank",
- RequestedAt: time.Now().UTC().Round(time.Second),
- Client: &client.Client{ID: "foobar"},
+ ID: "blank",
+ RequestedAt: time.Now().UTC().Round(time.Second),
+ Client: &client.Client{
+ ID: "foobar",
+ Contacts: []string{},
+ RedirectURIs: []string{},
+ Audience: []string{},
+ AllowedCORSOrigins: []string{},
+ ResponseTypes: []string{},
+ GrantTypes: []string{},
+ JSONWebKeys: &x.JoseJSONWebKeySet{},
+ Metadata: sqlxx.JSONRawMessage("{}"),
+ },
RequestedScope: fosite.Arguments{"fa", "ba"},
GrantedScope: fosite.Arguments{"fa", "ba"},
RequestedAudience: fosite.Arguments{"ad1", "ad2"},
GrantedAudience: fosite.Arguments{"ad1", "ad2"},
Form: url.Values{"foo": []string{"bar", "baz"}},
- Session: &Session{DefaultSession: &openid.DefaultSession{Subject: "bar"}},
+ Session: NewSession("bar"),
}
var lifespan = time.Hour
@@ -119,7 +147,7 @@ var flushRequests = []*fosite.Request{
},
}
-func mockRequestForeignKey(t *testing.T, id string, x InternalRegistry, createClient bool) {
+func mockRequestForeignKey(t *testing.T, id string, x InternalRegistry) {
cl := &client.Client{ID: "foobar"}
cr := &flow.OAuth2ConsentRequest{
Client: cl,
@@ -133,12 +161,12 @@ func mockRequestForeignKey(t *testing.T, id string, x InternalRegistry, createCl
}
ctx := context.Background()
- if createClient {
+ if _, err := x.ClientManager().GetClient(ctx, cl.ID); errors.Is(err, sqlcon.ErrNoRows) {
require.NoError(t, x.ClientManager().CreateClient(ctx, cl))
}
f, err := x.ConsentManager().CreateLoginRequest(
- ctx, &flow.LoginRequest{
+ ctx, nil, &flow.LoginRequest{
Client: cl,
OpenIDConnectContext: new(flow.OAuth2ConsentRequestOpenIDConnectContext),
ID: id,
@@ -184,6 +212,7 @@ func TestHelperRunner(t *testing.T, store InternalRegistry, k string) {
}
t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteAuthorizeCodes/db=%s", k), testHelperCreateGetDeleteAuthorizeCodes(store))
+ t.Run(fmt.Sprintf("case=testHelperExpiryFields/db=%s", k), testHelperExpiryFields(store))
t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteAccessTokenSession/db=%s", k), testHelperCreateGetDeleteAccessTokenSession(store))
t.Run(fmt.Sprintf("case=testHelperNilAccessToken/db=%s", k), testHelperNilAccessToken(store))
t.Run(fmt.Sprintf("case=testHelperCreateGetDeleteOpenIDConnectSession/db=%s", k), testHelperCreateGetDeleteOpenIDConnectSession(store))
@@ -197,32 +226,34 @@ func TestHelperRunner(t *testing.T, store InternalRegistry, k string) {
t.Run(fmt.Sprintf("case=testHelperDeleteAccessTokens/db=%s", k), testHelperDeleteAccessTokens(store))
t.Run(fmt.Sprintf("case=testHelperRevokeAccessToken/db=%s", k), testHelperRevokeAccessToken(store))
t.Run(fmt.Sprintf("case=testFositeJWTBearerGrantStorage/db=%s", k), testFositeJWTBearerGrantStorage(store))
+ t.Run(fmt.Sprintf("case=testHelperRevokeRefreshTokenMaybeGracePeriod/db=%s", k), testHelperRevokeRefreshTokenMaybeGracePeriod(store))
}
func testHelperRequestIDMultiples(m InternalRegistry, _ string) func(t *testing.T) {
return func(t *testing.T) {
- requestId := uuid.New()
- mockRequestForeignKey(t, requestId, m, true)
+ ctx := context.Background()
+ requestID := uuid.New()
+ mockRequestForeignKey(t, requestID, m)
cl := &client.Client{ID: "foobar"}
fositeRequest := &fosite.Request{
- ID: requestId,
+ ID: requestID,
Client: cl,
RequestedAt: time.Now().UTC().Round(time.Second),
- Session: &Session{},
+ Session: NewSession("bar"),
}
for i := 0; i < 4; i++ {
signature := uuid.New()
- err := m.OAuth2Storage().CreateRefreshTokenSession(context.TODO(), signature, fositeRequest)
+ err := m.OAuth2Storage().CreateRefreshTokenSession(ctx, signature, fositeRequest)
assert.NoError(t, err)
- err = m.OAuth2Storage().CreateAccessTokenSession(context.TODO(), signature, fositeRequest)
+ err = m.OAuth2Storage().CreateAccessTokenSession(ctx, signature, fositeRequest)
assert.NoError(t, err)
- err = m.OAuth2Storage().CreateOpenIDConnectSession(context.TODO(), signature, fositeRequest)
+ err = m.OAuth2Storage().CreateOpenIDConnectSession(ctx, signature, fositeRequest)
assert.NoError(t, err)
- err = m.OAuth2Storage().CreatePKCERequestSession(context.TODO(), signature, fositeRequest)
+ err = m.OAuth2Storage().CreatePKCERequestSession(ctx, signature, fositeRequest)
assert.NoError(t, err)
- err = m.OAuth2Storage().CreateAuthorizeCodeSession(context.TODO(), signature, fositeRequest)
+ err = m.OAuth2Storage().CreateAuthorizeCodeSession(ctx, signature, fositeRequest)
assert.NoError(t, err)
}
}
@@ -233,20 +264,20 @@ func testHelperCreateGetDeleteOpenIDConnectSession(x InternalRegistry) func(t *t
m := x.OAuth2Storage()
ctx := context.Background()
- _, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{})
+ _, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{Session: NewSession("bar")})
assert.NotNil(t, err)
err = m.CreateOpenIDConnectSession(ctx, "4321", &defaultRequest)
require.NoError(t, err)
- res, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{Session: &Session{}})
+ res, err := m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{Session: NewSession("bar")})
require.NoError(t, err)
AssertObjectKeysEqual(t, &defaultRequest, res, "RequestedScope", "GrantedScope", "Form", "Session")
err = m.DeleteOpenIDConnectSession(ctx, "4321")
require.NoError(t, err)
- _, err = m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{})
+ _, err = m.GetOpenIDConnectSession(ctx, "4321", &fosite.Request{Session: NewSession("bar")})
assert.NotNil(t, err)
}
}
@@ -256,20 +287,20 @@ func testHelperCreateGetDeleteRefreshTokenSession(x InternalRegistry) func(t *te
m := x.OAuth2Storage()
ctx := context.Background()
- _, err := m.GetRefreshTokenSession(ctx, "4321", &Session{})
+ _, err := m.GetRefreshTokenSession(ctx, "4321", NewSession("bar"))
assert.NotNil(t, err)
err = m.CreateRefreshTokenSession(ctx, "4321", &defaultRequest)
require.NoError(t, err)
- res, err := m.GetRefreshTokenSession(ctx, "4321", &Session{})
+ res, err := m.GetRefreshTokenSession(ctx, "4321", NewSession("bar"))
require.NoError(t, err)
AssertObjectKeysEqual(t, &defaultRequest, res, "RequestedScope", "GrantedScope", "Form", "Session")
err = m.DeleteRefreshTokenSession(ctx, "4321")
require.NoError(t, err)
- _, err = m.GetRefreshTokenSession(ctx, "4321", &Session{})
+ _, err = m.GetRefreshTokenSession(ctx, "4321", NewSession("bar"))
assert.NotNil(t, err)
}
}
@@ -279,30 +310,32 @@ func testHelperRevokeRefreshToken(x InternalRegistry) func(t *testing.T) {
m := x.OAuth2Storage()
ctx := context.Background()
- _, err := m.GetRefreshTokenSession(ctx, "1111", &Session{})
+ _, err := m.GetRefreshTokenSession(ctx, "1111", NewSession("bar"))
assert.Error(t, err)
reqIdOne := uuid.New()
reqIdTwo := uuid.New()
- mockRequestForeignKey(t, reqIdOne, x, false)
- mockRequestForeignKey(t, reqIdTwo, x, false)
+ mockRequestForeignKey(t, reqIdOne, x)
+ mockRequestForeignKey(t, reqIdTwo, x)
err = m.CreateRefreshTokenSession(ctx, "1111", &fosite.Request{
ID: reqIdOne,
Client: &client.Client{ID: "foobar"},
RequestedAt: time.Now().UTC().Round(time.Second),
- Session: &Session{}})
+ Session: NewSession("user"),
+ })
require.NoError(t, err)
err = m.CreateRefreshTokenSession(ctx, "1122", &fosite.Request{
ID: reqIdTwo,
Client: &client.Client{ID: "foobar"},
RequestedAt: time.Now().UTC().Round(time.Second),
- Session: &Session{}})
+ Session: NewSession("user"),
+ })
require.NoError(t, err)
- _, err = m.GetRefreshTokenSession(ctx, "1111", &Session{})
+ _, err = m.GetRefreshTokenSession(ctx, "1111", NewSession("bar"))
require.NoError(t, err)
err = m.RevokeRefreshToken(ctx, reqIdOne)
@@ -311,11 +344,11 @@ func testHelperRevokeRefreshToken(x InternalRegistry) func(t *testing.T) {
err = m.RevokeRefreshToken(ctx, reqIdTwo)
require.NoError(t, err)
- req, err := m.GetRefreshTokenSession(ctx, "1111", &Session{})
+ req, err := m.GetRefreshTokenSession(ctx, "1111", NewSession("bar"))
assert.NotNil(t, req)
assert.EqualError(t, err, fosite.ErrInactiveToken.Error())
- req, err = m.GetRefreshTokenSession(ctx, "1122", &Session{})
+ req, err = m.GetRefreshTokenSession(ctx, "1122", NewSession("bar"))
assert.NotNil(t, req)
assert.EqualError(t, err, fosite.ErrInactiveToken.Error())
@@ -326,36 +359,126 @@ func testHelperCreateGetDeleteAuthorizeCodes(x InternalRegistry) func(t *testing
return func(t *testing.T) {
m := x.OAuth2Storage()
- mockRequestForeignKey(t, "blank", x, false)
+ mockRequestForeignKey(t, "blank", x)
ctx := context.Background()
- res, err := m.GetAuthorizeCodeSession(ctx, "4321", &Session{})
+ res, err := m.GetAuthorizeCodeSession(ctx, "4321", NewSession("bar"))
assert.Error(t, err)
assert.Nil(t, res)
err = m.CreateAuthorizeCodeSession(ctx, "4321", &defaultRequest)
require.NoError(t, err)
- res, err = m.GetAuthorizeCodeSession(ctx, "4321", &Session{})
+ res, err = m.GetAuthorizeCodeSession(ctx, "4321", NewSession("bar"))
require.NoError(t, err)
AssertObjectKeysEqual(t, &defaultRequest, res, "RequestedScope", "GrantedScope", "Form", "Session")
err = m.InvalidateAuthorizeCodeSession(ctx, "4321")
require.NoError(t, err)
- res, err = m.GetAuthorizeCodeSession(ctx, "4321", &Session{})
+ res, err = m.GetAuthorizeCodeSession(ctx, "4321", NewSession("bar"))
require.Error(t, err)
assert.EqualError(t, err, fosite.ErrInvalidatedAuthorizeCode.Error())
assert.NotNil(t, res)
}
}
+type testHelperExpiryFieldsResult struct {
+ ExpiresAt time.Time `db:"expires_at"`
+ name string
+}
+
+func (r testHelperExpiryFieldsResult) TableName() string {
+ return "hydra_oauth2_" + r.name
+}
+
+func testHelperExpiryFields(reg InternalRegistry) func(t *testing.T) {
+ return func(t *testing.T) {
+ m := reg.OAuth2Storage()
+ t.Parallel()
+
+ mockRequestForeignKey(t, "blank", reg)
+
+ ctx := context.Background()
+
+ s := NewSession("bar")
+ s.SetExpiresAt(fosite.AccessToken, time.Now().Add(time.Hour).Round(time.Minute))
+ s.SetExpiresAt(fosite.RefreshToken, time.Now().Add(time.Hour*2).Round(time.Minute))
+ s.SetExpiresAt(fosite.AuthorizeCode, time.Now().Add(time.Hour*3).Round(time.Minute))
+ request := fosite.Request{
+ ID: uuid.New(),
+ RequestedAt: time.Now().UTC().Round(time.Second),
+ Client: &client.Client{
+ ID: "foobar",
+ Metadata: sqlxx.JSONRawMessage("{}"),
+ },
+ RequestedScope: fosite.Arguments{"fa", "ba"},
+ GrantedScope: fosite.Arguments{"fa", "ba"},
+ RequestedAudience: fosite.Arguments{"ad1", "ad2"},
+ GrantedAudience: fosite.Arguments{"ad1", "ad2"},
+ Form: url.Values{"foo": []string{"bar", "baz"}},
+ Session: s,
+ }
+
+ t.Run("case=CreateAccessTokenSession", func(t *testing.T) {
+ id := uuid.New()
+ err := m.CreateAccessTokenSession(ctx, id, &request)
+ require.NoError(t, err)
+
+ r := testHelperExpiryFieldsResult{name: "access"}
+ require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", x.SignatureHash(id)).First(&r))
+
+ assert.EqualValues(t, s.GetExpiresAt(fosite.AccessToken).UTC(), r.ExpiresAt.UTC())
+ })
+
+ t.Run("case=CreateRefreshTokenSession", func(t *testing.T) {
+ id := uuid.New()
+ err := m.CreateRefreshTokenSession(ctx, id, &request)
+ require.NoError(t, err)
+
+ r := testHelperExpiryFieldsResult{name: "refresh"}
+ require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", id).First(&r))
+ assert.EqualValues(t, s.GetExpiresAt(fosite.RefreshToken).UTC(), r.ExpiresAt.UTC())
+ })
+
+ t.Run("case=CreateAuthorizeCodeSession", func(t *testing.T) {
+ id := uuid.New()
+ err := m.CreateAuthorizeCodeSession(ctx, id, &request)
+ require.NoError(t, err)
+
+ r := testHelperExpiryFieldsResult{name: "code"}
+ require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", id).First(&r))
+ assert.EqualValues(t, s.GetExpiresAt(fosite.AuthorizeCode).UTC(), r.ExpiresAt.UTC())
+ })
+
+ t.Run("case=CreatePKCERequestSession", func(t *testing.T) {
+ id := uuid.New()
+ err := m.CreatePKCERequestSession(ctx, id, &request)
+ require.NoError(t, err)
+
+ r := testHelperExpiryFieldsResult{name: "pkce"}
+ require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", id).First(&r))
+ assert.EqualValues(t, s.GetExpiresAt(fosite.AuthorizeCode).UTC(), r.ExpiresAt.UTC())
+ })
+
+ t.Run("case=CreateOpenIDConnectSession", func(t *testing.T) {
+ id := uuid.New()
+ err := m.CreateOpenIDConnectSession(ctx, id, &request)
+ require.NoError(t, err)
+
+ r := testHelperExpiryFieldsResult{name: "oidc"}
+ require.NoError(t, reg.Persister().Connection(ctx).Select("expires_at").Where("signature = ?", id).First(&r))
+ assert.EqualValues(t, s.GetExpiresAt(fosite.AuthorizeCode).UTC(), r.ExpiresAt.UTC())
+ })
+ }
+}
+
func testHelperNilAccessToken(x InternalRegistry) func(t *testing.T) {
return func(t *testing.T) {
m := x.OAuth2Storage()
c := &client.Client{ID: "nil-request-client-id-123"}
require.NoError(t, x.ClientManager().CreateClient(context.Background(), c))
- err := m.CreateAccessTokenSession(context.TODO(), "nil-request-id", &fosite.Request{
+ err := m.CreateAccessTokenSession(context.Background(), "nil-request-id", &fosite.Request{
ID: "",
RequestedAt: time.Now().UTC().Round(time.Second),
Client: c,
@@ -364,7 +487,7 @@ func testHelperNilAccessToken(x InternalRegistry) func(t *testing.T) {
RequestedAudience: fosite.Arguments{"ad1", "ad2"},
GrantedAudience: fosite.Arguments{"ad1", "ad2"},
Form: url.Values{"foo": []string{"bar", "baz"}},
- Session: &Session{DefaultSession: &openid.DefaultSession{Subject: "bar"}},
+ Session: NewSession("bar"),
})
require.NoError(t, err)
}
@@ -375,20 +498,20 @@ func testHelperCreateGetDeleteAccessTokenSession(x InternalRegistry) func(t *tes
m := x.OAuth2Storage()
ctx := context.Background()
- _, err := m.GetAccessTokenSession(ctx, "4321", &Session{})
+ _, err := m.GetAccessTokenSession(ctx, "4321", NewSession("bar"))
assert.Error(t, err)
err = m.CreateAccessTokenSession(ctx, "4321", &defaultRequest)
require.NoError(t, err)
- res, err := m.GetAccessTokenSession(ctx, "4321", &Session{})
+ res, err := m.GetAccessTokenSession(ctx, "4321", NewSession("bar"))
require.NoError(t, err)
AssertObjectKeysEqual(t, &defaultRequest, res, "RequestedScope", "GrantedScope", "Form", "Session")
err = m.DeleteAccessTokenSession(ctx, "4321")
require.NoError(t, err)
- _, err = m.GetAccessTokenSession(ctx, "4321", &Session{})
+ _, err = m.GetAccessTokenSession(ctx, "4321", NewSession("bar"))
assert.Error(t, err)
}
}
@@ -401,13 +524,13 @@ func testHelperDeleteAccessTokens(x InternalRegistry) func(t *testing.T) {
err := m.CreateAccessTokenSession(ctx, "4321", &defaultRequest)
require.NoError(t, err)
- _, err = m.GetAccessTokenSession(ctx, "4321", &Session{})
+ _, err = m.GetAccessTokenSession(ctx, "4321", NewSession("bar"))
require.NoError(t, err)
err = m.DeleteAccessTokens(ctx, defaultRequest.Client.GetID())
require.NoError(t, err)
- req, err := m.GetAccessTokenSession(ctx, "4321", &Session{})
+ req, err := m.GetAccessTokenSession(ctx, "4321", NewSession("bar"))
assert.Nil(t, req)
assert.EqualError(t, err, fosite.ErrNotFound.Error())
}
@@ -421,37 +544,94 @@ func testHelperRevokeAccessToken(x InternalRegistry) func(t *testing.T) {
err := m.CreateAccessTokenSession(ctx, "4321", &defaultRequest)
require.NoError(t, err)
- _, err = m.GetAccessTokenSession(ctx, "4321", &Session{})
+ _, err = m.GetAccessTokenSession(ctx, "4321", NewSession("bar"))
require.NoError(t, err)
err = m.RevokeAccessToken(ctx, defaultRequest.GetID())
require.NoError(t, err)
- req, err := m.GetAccessTokenSession(ctx, "4321", &Session{})
+ req, err := m.GetAccessTokenSession(ctx, "4321", NewSession("bar"))
assert.Nil(t, req)
assert.EqualError(t, err, fosite.ErrNotFound.Error())
}
}
+func testHelperRevokeRefreshTokenMaybeGracePeriod(x InternalRegistry) func(t *testing.T) {
+ return func(t *testing.T) {
+ ctx := context.Background()
+
+ t.Run("Revokes refresh token when grace period not configured", func(t *testing.T) {
+ // SETUP
+ m := x.OAuth2Storage()
+
+ refreshTokenSession := fmt.Sprintf("refresh_token_%d", time.Now().Unix())
+ err := m.CreateRefreshTokenSession(ctx, refreshTokenSession, &defaultRequest)
+ require.NoError(t, err, "precondition failed: could not create refresh token session")
+
+ // ACT
+ err = m.RevokeRefreshTokenMaybeGracePeriod(ctx, defaultRequest.GetID(), refreshTokenSession)
+ require.NoError(t, err)
+
+ tmpSession := new(fosite.Session)
+ _, err = m.GetRefreshTokenSession(ctx, refreshTokenSession, *tmpSession)
+
+ // ASSERT
+ // a revoked refresh token returns an error when getting the token again
+ assert.ErrorIs(t, err, fosite.ErrInactiveToken)
+ })
+
+ t.Run("refresh token enters grace period when configured,", func(t *testing.T) {
+ // SETUP
+ x.Config().MustSet(ctx, config.KeyRefreshTokenRotationGracePeriod, "1m")
+
+ // always reset back to the default
+ t.Cleanup(func() {
+ x.Config().MustSet(ctx, config.KeyRefreshTokenRotationGracePeriod, "0m")
+ })
+
+ m := x.OAuth2Storage()
+
+ refreshTokenSession := fmt.Sprintf("refresh_token_%d_with_grace_period", time.Now().Unix())
+ err := m.CreateRefreshTokenSession(ctx, refreshTokenSession, &defaultRequest)
+ require.NoError(t, err, "precondition failed: could not create refresh token session")
+
+ // ACT
+ require.NoError(t, m.RevokeRefreshTokenMaybeGracePeriod(ctx, defaultRequest.GetID(), refreshTokenSession))
+ require.NoError(t, m.RevokeRefreshTokenMaybeGracePeriod(ctx, defaultRequest.GetID(), refreshTokenSession))
+ require.NoError(t, m.RevokeRefreshTokenMaybeGracePeriod(ctx, defaultRequest.GetID(), refreshTokenSession))
+
+ req, err := m.GetRefreshTokenSession(ctx, refreshTokenSession, nil)
+
+ // ASSERT
+ // when grace period is configured the refresh token can be obtained within
+ // the grace period without error
+ assert.NoError(t, err)
+
+ assert.Equal(t, defaultRequest.GetID(), req.GetID())
+ })
+ }
+
+}
+
func testHelperCreateGetDeletePKCERequestSession(x InternalRegistry) func(t *testing.T) {
return func(t *testing.T) {
m := x.OAuth2Storage()
ctx := context.Background()
- _, err := m.GetPKCERequestSession(ctx, "4321", &Session{})
+ _, err := m.GetPKCERequestSession(ctx, "4321", NewSession("bar"))
assert.NotNil(t, err)
err = m.CreatePKCERequestSession(ctx, "4321", &defaultRequest)
require.NoError(t, err)
- res, err := m.GetPKCERequestSession(ctx, "4321", &Session{})
+ res, err := m.GetPKCERequestSession(ctx, "4321", NewSession("bar"))
require.NoError(t, err)
AssertObjectKeysEqual(t, &defaultRequest, res, "RequestedScope", "GrantedScope", "Form", "Session")
err = m.DeletePKCERequestSession(ctx, "4321")
require.NoError(t, err)
- _, err = m.GetPKCERequestSession(ctx, "4321", &Session{})
+ _, err = m.GetPKCERequestSession(ctx, "4321", NewSession("bar"))
assert.NotNil(t, err)
}
}
@@ -463,7 +643,7 @@ func testHelperFlushTokens(x InternalRegistry, lifespan time.Duration) func(t *t
return func(t *testing.T) {
ctx := context.Background()
for _, r := range flushRequests {
- mockRequestForeignKey(t, r.ID, x, false)
+ mockRequestForeignKey(t, r.ID, x)
require.NoError(t, m.CreateAccessTokenSession(ctx, r.ID, r))
_, err := m.GetAccessTokenSession(ctx, r.ID, ds)
require.NoError(t, err)
@@ -510,7 +690,7 @@ func testHelperFlushTokensWithLimitAndBatchSize(x InternalRegistry, limit int, b
for i := 0; i < totalCount; i++ {
r := createTestRequest(fmt.Sprintf("%s-%d", id, i+1))
r.RequestedAt = time.Now().Add(-2 * time.Hour)
- mockRequestForeignKey(t, r.ID, x, false)
+ mockRequestForeignKey(t, r.ID, x)
require.NoError(t, m.CreateAccessTokenSession(ctx, r.ID, r))
_, err := m.GetAccessTokenSession(ctx, r.ID, ds)
require.NoError(t, err)
@@ -611,7 +791,7 @@ func testFositeSqlStoreTransactionCommitOpenIdConnectSession(m InternalRegistry)
res, err := m.OAuth2Storage().GetOpenIDConnectSession(context.Background(), signature, testRequest)
// session should have been created successfully because Commit did not return an error
require.NoError(t, err)
- AssertObjectKeysEqual(t, &defaultRequest, res, "RequestedScope", "GrantedScope", "Form", "Session")
+ assertx.EqualAsJSONExcept(t, &defaultRequest, res, defaultIgnoreKeys)
// test delete within a transaction
ctx, err = txnStore.BeginTX(context.Background())
@@ -760,6 +940,7 @@ func testFositeStoreClientAssertionJWTValid(m InternalRegistry) func(*testing.T)
func testFositeJWTBearerGrantStorage(x InternalRegistry) func(t *testing.T) {
return func(t *testing.T) {
+ ctx := context.Background()
grantManager := x.GrantManager()
keyManager := x.KeyManager()
grantStorage := x.OAuth2Storage().(rfc7523.RFC7523KeyStorage)
@@ -782,28 +963,28 @@ func testFositeJWTBearerGrantStorage(x InternalRegistry) func(t *testing.T) {
ExpiresAt: time.Now().UTC().Round(time.Second).AddDate(1, 0, 0),
}
- storedKeySet, err := grantStorage.GetPublicKeys(context.TODO(), issuer, subject)
+ storedKeySet, err := grantStorage.GetPublicKeys(ctx, issuer, subject)
require.NoError(t, err)
require.Len(t, storedKeySet.Keys, 0)
- err = grantManager.CreateGrant(context.TODO(), grant, publicKey)
+ err = grantManager.CreateGrant(ctx, grant, publicKey)
require.NoError(t, err)
- storedKeySet, err = grantStorage.GetPublicKeys(context.TODO(), issuer, subject)
+ storedKeySet, err = grantStorage.GetPublicKeys(ctx, issuer, subject)
require.NoError(t, err)
assert.Len(t, storedKeySet.Keys, 1)
- storedKey, err := grantStorage.GetPublicKey(context.TODO(), issuer, subject, publicKey.KeyID)
+ storedKey, err := grantStorage.GetPublicKey(ctx, issuer, subject, publicKey.KeyID)
require.NoError(t, err)
assert.Equal(t, publicKey.KeyID, storedKey.KeyID)
assert.Equal(t, publicKey.Use, storedKey.Use)
assert.Equal(t, publicKey.Key, storedKey.Key)
- storedScopes, err := grantStorage.GetPublicKeyScopes(context.TODO(), issuer, subject, publicKey.KeyID)
+ storedScopes, err := grantStorage.GetPublicKeyScopes(ctx, issuer, subject, publicKey.KeyID)
require.NoError(t, err)
assert.Equal(t, grant.Scope, storedScopes)
- storedKeySet, err = keyManager.GetKey(context.TODO(), issuer, publicKey.KeyID)
+ storedKeySet, err = keyManager.GetKey(ctx, issuer, publicKey.KeyID)
require.NoError(t, err)
assert.Equal(t, publicKey.KeyID, storedKeySet.Keys[0].KeyID)
assert.Equal(t, publicKey.Use, storedKeySet.Keys[0].Use)
@@ -811,44 +992,65 @@ func testFositeJWTBearerGrantStorage(x InternalRegistry) func(t *testing.T) {
})
t.Run("case=only associated key returns", func(t *testing.T) {
- keySet, err := jwk.GenerateJWK(context.Background(), jose.RS256, "some-key", "sig")
- require.NoError(t, err)
-
- err = keyManager.AddKeySet(context.TODO(), "some-set", keySet)
+ keySetToNotReturn, err := jwk.GenerateJWK(context.Background(), jose.ES256, "some-key", "sig")
require.NoError(t, err)
+ require.NoError(t, keyManager.AddKeySet(context.Background(), "some-set", keySetToNotReturn), "adding a random key should not fail")
- keySet, err = jwk.GenerateJWK(context.Background(), jose.RS256, "maria-key", "sig")
- require.NoError(t, err)
-
- publicKey := keySet.Keys[0].Public()
issuer := "maria"
subject := "maria@example.com"
- grant := trust.Grant{
+
+ keySet1ToReturn, err := jwk.GenerateJWK(context.Background(), jose.ES256, "maria-key-1", "sig")
+ require.NoError(t, err)
+ require.NoError(t, grantManager.CreateGrant(context.Background(), trust.Grant{
ID: uuid.New(),
Issuer: issuer,
Subject: subject,
AllowAnySubject: false,
Scope: []string{"openid"},
- PublicKey: trust.PublicKey{Set: issuer, KeyID: publicKey.KeyID},
+ PublicKey: trust.PublicKey{Set: issuer, KeyID: keySet1ToReturn.Keys[0].Public().KeyID},
CreatedAt: time.Now().UTC().Round(time.Second),
ExpiresAt: time.Now().UTC().Round(time.Second).AddDate(1, 0, 0),
- }
+ }, keySet1ToReturn.Keys[0].Public()))
- err = grantManager.CreateGrant(context.TODO(), grant, publicKey)
+ keySet2ToReturn, err := jwk.GenerateJWK(context.Background(), jose.ES256, "maria-key-2", "sig")
require.NoError(t, err)
+ require.NoError(t, grantManager.CreateGrant(ctx, trust.Grant{
+ ID: uuid.New(),
+ Issuer: issuer,
+ Subject: subject,
+ AllowAnySubject: false,
+ Scope: []string{"openid"},
+ PublicKey: trust.PublicKey{Set: issuer, KeyID: keySet2ToReturn.Keys[0].Public().KeyID},
+ CreatedAt: time.Now().UTC().Round(time.Second),
+ ExpiresAt: time.Now().UTC().Round(time.Second).AddDate(1, 0, 0),
+ }, keySet2ToReturn.Keys[0].Public()))
- storedKeySet, err := grantStorage.GetPublicKeys(context.TODO(), issuer, subject)
+ storedKeySet, err := grantStorage.GetPublicKeys(context.Background(), issuer, subject)
require.NoError(t, err)
- assert.Len(t, storedKeySet.Keys, 1)
- assert.Equal(t, publicKey.KeyID, storedKeySet.Keys[0].KeyID)
- assert.Equal(t, publicKey.Use, storedKeySet.Keys[0].Use)
- assert.Equal(t, publicKey.Key, storedKeySet.Keys[0].Key)
-
- storedKeySet, err = grantStorage.GetPublicKeys(context.TODO(), issuer, "non-existing-subject")
+ require.Len(t, storedKeySet.Keys, 2)
+
+ // Cannot rely on sort order because the created_at timestamps may alias.
+ idx1 := slices.IndexFunc(storedKeySet.Keys, func(k jose.JSONWebKey) bool {
+ return k.KeyID == keySet1ToReturn.Keys[0].Public().KeyID
+ })
+ require.GreaterOrEqual(t, idx1, 0)
+ idx2 := slices.IndexFunc(storedKeySet.Keys, func(k jose.JSONWebKey) bool {
+ return k.KeyID == keySet2ToReturn.Keys[0].Public().KeyID
+ })
+ require.GreaterOrEqual(t, idx2, 0)
+
+ assert.Equal(t, keySet1ToReturn.Keys[0].Public().KeyID, storedKeySet.Keys[idx1].KeyID)
+ assert.Equal(t, keySet1ToReturn.Keys[0].Public().Use, storedKeySet.Keys[idx1].Use)
+ assert.Equal(t, keySet1ToReturn.Keys[0].Public().Key, storedKeySet.Keys[idx1].Key)
+ assert.Equal(t, keySet2ToReturn.Keys[0].Public().KeyID, storedKeySet.Keys[idx2].KeyID)
+ assert.Equal(t, keySet2ToReturn.Keys[0].Public().Use, storedKeySet.Keys[idx2].Use)
+ assert.Equal(t, keySet2ToReturn.Keys[0].Public().Key, storedKeySet.Keys[idx2].Key)
+
+ storedKeySet, err = grantStorage.GetPublicKeys(context.Background(), issuer, "non-existing-subject")
require.NoError(t, err)
assert.Len(t, storedKeySet.Keys, 0)
- _, err = grantStorage.GetPublicKeyScopes(context.TODO(), issuer, "non-existing-subject", publicKey.KeyID)
+ _, err = grantStorage.GetPublicKeyScopes(context.Background(), issuer, "non-existing-subject", keySet2ToReturn.Keys[0].Public().KeyID)
require.Error(t, err)
})
@@ -870,22 +1072,22 @@ func testFositeJWTBearerGrantStorage(x InternalRegistry) func(t *testing.T) {
ExpiresAt: time.Now().UTC().Round(time.Second).AddDate(1, 0, 0),
}
- err = grantManager.CreateGrant(context.TODO(), grant, publicKey)
+ err = grantManager.CreateGrant(ctx, grant, publicKey)
require.NoError(t, err)
- _, err = grantStorage.GetPublicKey(context.TODO(), issuer, subject, grant.PublicKey.KeyID)
+ _, err = grantStorage.GetPublicKey(ctx, issuer, subject, grant.PublicKey.KeyID)
require.NoError(t, err)
- _, err = keyManager.GetKey(context.TODO(), issuer, publicKey.KeyID)
+ _, err = keyManager.GetKey(ctx, issuer, publicKey.KeyID)
require.NoError(t, err)
- err = grantManager.DeleteGrant(context.TODO(), grant.ID)
+ err = grantManager.DeleteGrant(ctx, grant.ID)
require.NoError(t, err)
- _, err = grantStorage.GetPublicKey(context.TODO(), issuer, subject, publicKey.KeyID)
+ _, err = grantStorage.GetPublicKey(ctx, issuer, subject, publicKey.KeyID)
assert.Error(t, err)
- _, err = keyManager.GetKey(context.TODO(), issuer, publicKey.KeyID)
+ _, err = keyManager.GetKey(ctx, issuer, publicKey.KeyID)
assert.Error(t, err)
})
@@ -907,22 +1109,22 @@ func testFositeJWTBearerGrantStorage(x InternalRegistry) func(t *testing.T) {
ExpiresAt: time.Now().UTC().Round(time.Second).AddDate(1, 0, 0),
}
- err = grantManager.CreateGrant(context.TODO(), grant, publicKey)
+ err = grantManager.CreateGrant(ctx, grant, publicKey)
require.NoError(t, err)
- _, err = grantStorage.GetPublicKey(context.TODO(), issuer, subject, publicKey.KeyID)
+ _, err = grantStorage.GetPublicKey(ctx, issuer, subject, publicKey.KeyID)
require.NoError(t, err)
- _, err = keyManager.GetKey(context.TODO(), issuer, publicKey.KeyID)
+ _, err = keyManager.GetKey(ctx, issuer, publicKey.KeyID)
require.NoError(t, err)
- err = keyManager.DeleteKey(context.TODO(), issuer, publicKey.KeyID)
+ err = keyManager.DeleteKey(ctx, issuer, publicKey.KeyID)
require.NoError(t, err)
- _, err = keyManager.GetKey(context.TODO(), issuer, publicKey.KeyID)
+ _, err = keyManager.GetKey(ctx, issuer, publicKey.KeyID)
assert.Error(t, err)
- _, err = grantManager.GetConcreteGrant(context.TODO(), grant.ID)
+ _, err = grantManager.GetConcreteGrant(ctx, grant.ID)
assert.Error(t, err)
})
@@ -944,25 +1146,25 @@ func testFositeJWTBearerGrantStorage(x InternalRegistry) func(t *testing.T) {
ExpiresAt: time.Now().UTC().Round(time.Second).AddDate(1, 0, 0),
}
- err = grantManager.CreateGrant(context.TODO(), grant, publicKey)
+ err = grantManager.CreateGrant(ctx, grant, publicKey)
require.NoError(t, err)
// All three get methods should only return the public key when using the valid subject
- _, err = grantStorage.GetPublicKey(context.TODO(), issuer, "any-subject-1", publicKey.KeyID)
+ _, err = grantStorage.GetPublicKey(ctx, issuer, "any-subject-1", publicKey.KeyID)
require.Error(t, err)
- _, err = grantStorage.GetPublicKey(context.TODO(), issuer, subject, publicKey.KeyID)
+ _, err = grantStorage.GetPublicKey(ctx, issuer, subject, publicKey.KeyID)
require.NoError(t, err)
- _, err = grantStorage.GetPublicKeyScopes(context.TODO(), issuer, "any-subject-2", publicKey.KeyID)
+ _, err = grantStorage.GetPublicKeyScopes(ctx, issuer, "any-subject-2", publicKey.KeyID)
require.Error(t, err)
- _, err = grantStorage.GetPublicKeyScopes(context.TODO(), issuer, subject, publicKey.KeyID)
+ _, err = grantStorage.GetPublicKeyScopes(ctx, issuer, subject, publicKey.KeyID)
require.NoError(t, err)
- jwks, err := grantStorage.GetPublicKeys(context.TODO(), issuer, "any-subject-3")
+ jwks, err := grantStorage.GetPublicKeys(ctx, issuer, "any-subject-3")
require.NoError(t, err)
require.NotNil(t, jwks)
require.Empty(t, jwks.Keys)
- jwks, err = grantStorage.GetPublicKeys(context.TODO(), issuer, subject)
+ jwks, err = grantStorage.GetPublicKeys(ctx, issuer, subject)
require.NoError(t, err)
require.NotNil(t, jwks)
require.NotEmpty(t, jwks.Keys)
@@ -985,17 +1187,17 @@ func testFositeJWTBearerGrantStorage(x InternalRegistry) func(t *testing.T) {
ExpiresAt: time.Now().UTC().Round(time.Second).AddDate(1, 0, 0),
}
- err = grantManager.CreateGrant(context.TODO(), grant, publicKey)
+ err = grantManager.CreateGrant(ctx, grant, publicKey)
require.NoError(t, err)
// All three get methods should always return the public key
- _, err = grantStorage.GetPublicKey(context.TODO(), issuer, "any-subject-1", publicKey.KeyID)
+ _, err = grantStorage.GetPublicKey(ctx, issuer, "any-subject-1", publicKey.KeyID)
require.NoError(t, err)
- _, err = grantStorage.GetPublicKeyScopes(context.TODO(), issuer, "any-subject-2", publicKey.KeyID)
+ _, err = grantStorage.GetPublicKeyScopes(ctx, issuer, "any-subject-2", publicKey.KeyID)
require.NoError(t, err)
- jwks, err := grantStorage.GetPublicKeys(context.TODO(), issuer, "any-subject-3")
+ jwks, err := grantStorage.GetPublicKeys(ctx, issuer, "any-subject-3")
require.NoError(t, err)
require.NotNil(t, jwks)
require.NotEmpty(t, jwks.Keys)
@@ -1018,10 +1220,10 @@ func testFositeJWTBearerGrantStorage(x InternalRegistry) func(t *testing.T) {
ExpiresAt: time.Now().UTC().Round(time.Second).AddDate(-1, 0, 0),
}
- err = grantManager.CreateGrant(context.TODO(), grant, publicKey)
+ err = grantManager.CreateGrant(ctx, grant, publicKey)
require.NoError(t, err)
- keys, err := grantStorage.GetPublicKeys(context.TODO(), issuer, "any-subject-3")
+ keys, err := grantStorage.GetPublicKeys(ctx, issuer, "any-subject-3")
require.NoError(t, err)
assert.Len(t, keys.Keys, 0)
})
@@ -1046,10 +1248,11 @@ func doTestCommit(m InternalRegistry, t *testing.T,
require.NoError(t, err)
// Require a new context, since the old one contains the transaction.
- res, err := getFn(context.Background(), signature, &Session{})
+ res, err := getFn(context.Background(), signature, NewSession("bar"))
// token should have been created successfully because Commit did not return an error
require.NoError(t, err)
- AssertObjectKeysEqual(t, &defaultRequest, res, "RequestedScope", "GrantedScope", "Form", "Session")
+ assertx.EqualAsJSONExcept(t, &defaultRequest, res, defaultIgnoreKeys)
+ // AssertObjectKeysEqual(t, &defaultRequest, res, "RequestedScope", "GrantedScope", "Form", "Session")
// testrevoke within a transaction
ctx, err = txnStore.BeginTX(context.Background())
@@ -1060,7 +1263,7 @@ func doTestCommit(m InternalRegistry, t *testing.T,
require.NoError(t, err)
// Require a new context, since the old one contains the transaction.
- _, err = getFn(context.Background(), signature, &Session{})
+ _, err = getFn(context.Background(), signature, NewSession("bar"))
// Since commit worked for revoke, we should get an error here.
require.Error(t, err)
}
@@ -1084,7 +1287,7 @@ func doTestRollback(m InternalRegistry, t *testing.T,
// Require a new context, since the old one contains the transaction.
ctx = context.Background()
- _, err = getFn(ctx, signature, &Session{})
+ _, err = getFn(ctx, signature, NewSession("bar"))
// Since we rolled back above, the token should not exist and getting it should result in an error
require.Error(t, err)
@@ -1092,7 +1295,7 @@ func doTestRollback(m InternalRegistry, t *testing.T,
signature2 := uuid.New()
err = createFn(ctx, signature2, createTestRequest(signature2))
require.NoError(t, err)
- _, err = getFn(ctx, signature2, &Session{})
+ _, err = getFn(ctx, signature2, NewSession("bar"))
require.NoError(t, err)
ctx, err = txnStore.BeginTX(context.Background())
@@ -1102,7 +1305,7 @@ func doTestRollback(m InternalRegistry, t *testing.T,
err = txnStore.Rollback(ctx)
require.NoError(t, err)
- _, err = getFn(context.Background(), signature2, &Session{})
+ _, err = getFn(context.Background(), signature2, NewSession("bar"))
require.NoError(t, err)
}
diff --git a/oauth2/handler.go b/oauth2/handler.go
index 5662be5cc8e..62a1beb2b21 100644
--- a/oauth2/handler.go
+++ b/oauth2/handler.go
@@ -4,19 +4,23 @@
package oauth2
import (
+ "context"
"encoding/base64"
"encoding/json"
"fmt"
"html/template"
"net/http"
+ "net/url"
"reflect"
"strings"
"time"
+ "github.com/gobuffalo/pop/v6"
"github.com/tidwall/gjson"
"github.com/pborman/uuid"
+ "github.com/ory/hydra/v2/flow"
"github.com/ory/hydra/v2/x/events"
"github.com/ory/x/httprouterx"
"github.com/ory/x/josex"
@@ -44,6 +48,7 @@ const (
DefaultLoginPath = "/oauth2/fallbacks/login"
DefaultConsentPath = "/oauth2/fallbacks/consent"
DefaultPostLogoutPath = "/oauth2/fallbacks/logout/callback"
+ DefaultPostDevicePath = "/oauth2/fallbacks/device/done"
DefaultLogoutPath = "/oauth2/fallbacks/logout"
DefaultErrorPath = "/oauth2/fallbacks/error"
TokenPath = "/oauth2/token" // #nosec G101
@@ -59,6 +64,10 @@ const (
IntrospectPath = "/oauth2/introspect"
RevocationPath = "/oauth2/revoke"
DeleteTokensPath = "/oauth2/tokens" // #nosec G101
+
+ // Device authorization endpoint
+ DeviceAuthPath = "/oauth2/device/auth"
+ DeviceVerificationPath = "/oauth2/device/verify"
)
type Handler struct {
@@ -91,6 +100,12 @@ func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin, public *httprouterx.
http.StatusOK,
config.KeyLogoutRedirectURL,
))
+ public.GET(DefaultPostDevicePath, h.fallbackHandler(
+ "You successfully authenticated on your device!",
+ "The Default Post Device URL is not set which is why you are seeing this fallback page. Your device login request however succeeded.",
+ http.StatusOK,
+ config.KeyDeviceDoneURL,
+ ))
public.GET(DefaultErrorPath, h.DefaultErrorHandler)
public.Handler("OPTIONS", RevocationPath, corsMiddleware(http.HandlerFunc(h.handleOptions)))
@@ -104,6 +119,9 @@ func (h *Handler) SetRoutes(admin *httprouterx.RouterAdmin, public *httprouterx.
public.Handler("OPTIONS", VerifiableCredentialsPath, corsMiddleware(http.HandlerFunc(h.handleOptions)))
public.Handler("POST", VerifiableCredentialsPath, corsMiddleware(http.HandlerFunc(h.createVerifiableCredential)))
+ public.Handler("POST", DeviceAuthPath, http.HandlerFunc(h.oAuth2DeviceFlow))
+ public.GET(DeviceVerificationPath, h.performOAuth2DeviceVerificationFlow)
+
admin.POST(IntrospectPath, h.introspectOAuth2Token)
admin.DELETE(DeleteTokensPath, h.deleteOAuth2Token)
}
@@ -244,6 +262,12 @@ type oidcConfiguration struct {
// example: https://playground.ory.sh/ory-hydra/public/oauth2/auth
AuthURL string `json:"authorization_endpoint"`
+ // OAuth 2.0 Device Authorization Endpoint URL
+ //
+ // required: true
+ // example: https://playground.ory.sh/ory-hydra/public/oauth2/device/oauth
+ DeviceAuthorizationURL string `json:"device_authorization_endpoint"`
+
// OpenID Connect Dynamic Client Registration Endpoint URL
//
// example: https://playground.ory.sh/ory-hydra/admin/client
@@ -481,6 +505,7 @@ func (h *Handler) discoverOidcConfiguration(w http.ResponseWriter, r *http.Reque
h.r.Writer().Write(w, r, &oidcConfiguration{
Issuer: h.c.IssuerURL(ctx).String(),
AuthURL: h.c.OAuth2AuthURL(ctx).String(),
+ DeviceAuthorizationURL: h.c.OAuth2DeviceAuthorisationURL(ctx).String(),
TokenURL: h.c.OAuth2TokenURL(ctx).String(),
JWKsURI: h.c.JWKSURL(ctx).String(),
RevocationEndpoint: urlx.AppendPaths(h.c.IssuerURL(ctx), RevocationPath).String(),
@@ -494,8 +519,8 @@ func (h *Handler) discoverOidcConfiguration(w http.ResponseWriter, r *http.Reque
IDTokenSigningAlgValuesSupported: []string{key.Algorithm},
IDTokenSignedResponseAlg: []string{key.Algorithm},
UserinfoSignedResponseAlg: []string{key.Algorithm},
- GrantTypesSupported: []string{"authorization_code", "implicit", "client_credentials", "refresh_token"},
- ResponseModesSupported: []string{"query", "fragment"},
+ GrantTypesSupported: []string{"authorization_code", "implicit", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:device_code"},
+ ResponseModesSupported: []string{"query", "fragment", "form_post"},
UserinfoSigningAlgValuesSupported: []string{"none", key.Algorithm},
RequestParameterSupported: true,
RequestURIParameterSupported: true,
@@ -663,7 +688,7 @@ func (h *Handler) getOidcUserInfo(w http.ResponseWriter, r *http.Request) {
interim["jti"] = uuid.New()
interim["iat"] = time.Now().Unix()
- keyID, err := h.r.OpenIDJWTStrategy().GetPublicKeyID(r.Context())
+ keyID, err := h.r.OpenIDJWTStrategy().GetPublicKeyID(ctx)
if err != nil {
h.r.Writer().WriteError(w, r, err)
return
@@ -687,6 +712,182 @@ func (h *Handler) getOidcUserInfo(w http.ResponseWriter, r *http.Request) {
}
}
+// swagger:route GET /oauth2/device/verify oAuth2 performOAuth2DeviceVerificationFlow
+//
+// # OAuth 2.0 Device Verification Endpoint
+//
+// This is the device user verification endpoint. The user is redirected here when trying to login using the device flow.
+//
+// Consumes:
+// - application/x-www-form-urlencoded
+//
+// Schemes: http, https
+//
+// Responses:
+// 302: emptyResponse
+// default: errorOAuth2
+func (h *Handler) performOAuth2DeviceVerificationFlow(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+ ctx := r.Context()
+
+ // When this endpoint is called with a valid consent_verifier (meaning that the login flow completed successfully)
+ // there are 3 writes happening to the database:
+ // - The flow is created
+ // - The device auth session is updated (user_code is marked as accepted)
+ // - The OpenID session is created
+ // If there were multiple flows created for the same user_code then we may end up with multiple flow objects
+ // persisted to the database, while only one of them was actually used to validate the user_code
+ // (see https://github.com/ory/hydra/pull/3851#discussion_r1843678761)
+ // TODO: We should wrap these queries in a transaction
+ consentSession, f, err := h.r.ConsentStrategy().HandleOAuth2DeviceAuthorizationRequest(ctx, w, r)
+ if errors.Is(err, consent.ErrAbortOAuth2Request) {
+ x.LogAudit(r, nil, h.r.AuditLogger())
+ return
+ }
+
+ if e := &(fosite.RFC6749Error{}); errors.As(err, &e) {
+ x.LogAudit(r, err, h.r.AuditLogger())
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+
+ if err != nil {
+ x.LogError(r, err, h.r.Logger())
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+
+ req, sig, err := h.r.OAuth2Storage().GetDeviceCodeSessionByRequestID(ctx, f.DeviceCodeRequestID.String(), &Session{})
+ if err != nil {
+ x.LogError(r, err, h.r.Logger())
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+ req.SetUserCodeState(fosite.UserCodeAccepted)
+ session, err := h.updateSessionWithRequest(ctx, consentSession, f, r, req, req.GetSession().(*Session))
+ if err != nil {
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+ req.SetSession(session)
+ // Update the device code session with
+ // - the claims for which the user gave consent
+ // - the granted scopes
+ // - the granted audiences
+ // - the user_code_state set to accepted
+ // This marks it as ready to be used for the token exchange endpoint.
+ err = h.r.OAuth2Storage().UpdateDeviceCodeSessionBySignature(ctx, sig, req)
+ if err != nil {
+ x.LogError(r, err, h.r.Logger())
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+
+ // Update the OpenID Connect session if "openid" scope is granted
+ if req.GetGrantedScopes().Has("openid") {
+ err = h.r.OAuth2Storage().CreateOpenIDConnectSession(ctx, sig, req.Sanitize([]string{"grant_type",
+ "max_age",
+ "prompt",
+ "acr_values",
+ "id_token_hint",
+ "nonce",
+ }))
+ if err != nil {
+ x.LogError(r, err, h.r.Logger())
+ h.r.Writer().WriteError(w, r, err)
+ return
+ }
+ }
+
+ redirectURL := urlx.SetQuery(h.c.DeviceDoneURL(ctx), url.Values{"client_id": {f.Client.GetID()}}).String()
+ http.Redirect(w, r, redirectURL, http.StatusFound)
+}
+
+// OAuth2 Device Flow
+//
+// # Ory's OAuth 2.0 Device Authorization API
+//
+// swagger:model deviceAuthorization
+//
+//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
+type deviceAuthorization struct {
+ // The device verification code.
+ //
+ // example: ory_dc_smldfksmdfkl.mslkmlkmlk
+ DeviceCode string `json:"device_code"`
+
+ // The end-user verification code.
+ //
+ // example: AAAAAA
+ UserCode string `json:"user_code"`
+
+ // The end-user verification URI on the authorization
+ // server. The URI should be short and easy to remember as end users
+ // will be asked to manually type it into their user agent.
+ //
+ // example: https://auth.ory.sh/tv
+ VerificationUri string `json:"verification_uri"`
+
+ // A verification URI that includes the "user_code" (or
+ // other information with the same function as the "user_code"),
+ // which is designed for non-textual transmission.
+ //
+ // example: https://auth.ory.sh/tv?user_code=AAAAAA
+ VerificationUriComplete string `json:"verification_uri_complete"`
+
+ // The lifetime in seconds of the "device_code" and "user_code".
+ //
+ // example: 16830
+ ExpiresIn int `json:"expires_in"`
+
+ // The minimum amount of time in seconds that the client
+ // SHOULD wait between polling requests to the token endpoint. If no
+ // value is provided, clients MUST use 5 as the default.
+ //
+ // example: 5
+ Interval int `json:"interval"`
+}
+
+// swagger:route POST /oauth2/device/auth oAuth2 oAuth2DeviceFlow
+//
+// # The OAuth 2.0 Device Authorize Endpoint
+//
+// This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.
+// OAuth2 is a very popular protocol and a library for your programming language will exists.
+//
+// To learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc8628
+//
+// Consumes:
+// - application/x-www-form-urlencoded
+//
+// Schemes: http, https
+//
+// Responses:
+// 200: deviceAuthorization
+// default: errorOAuth2
+func (h *Handler) oAuth2DeviceFlow(w http.ResponseWriter, r *http.Request) {
+ var ctx = r.Context()
+
+ request, err := h.r.OAuth2Provider().NewDeviceRequest(ctx, r)
+ if err != nil {
+ h.r.OAuth2Provider().WriteAccessError(ctx, w, request, err)
+ return
+ }
+
+ var session = &Session{
+ DefaultSession: &openid.DefaultSession{
+ Headers: &jwt.Headers{},
+ },
+ }
+
+ resp, err := h.r.OAuth2Provider().NewDeviceResponse(ctx, request, session)
+ if err != nil {
+ h.r.OAuth2Provider().WriteAccessError(ctx, w, request, err)
+ return
+ }
+
+ h.r.OAuth2Provider().WriteDeviceResponse(ctx, w, request, resp)
+}
+
// Revoke OAuth 2.0 Access or Refresh Token Request
//
// swagger:parameters revokeOAuth2Token
@@ -725,7 +926,7 @@ type revokeOAuth2Token struct {
// default: errorOAuth2
func (h *Handler) revokeOAuth2Token(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
- events.Trace(r.Context(), events.AccessTokenRevoked)
+ events.Trace(ctx, events.AccessTokenRevoked)
err := h.r.OAuth2Provider().NewRevocationRequest(ctx, r)
if err != nil {
@@ -929,7 +1130,8 @@ type oAuth2TokenExchange struct {
// Use open source libraries to perform OAuth 2.0 and OpenID Connect
// available for any programming language. You can find a list of libraries here https://oauth.net/code/
//
-// The Ory SDK is not yet able to this endpoint properly.
+// This endpoint should not be used via the Ory SDK and is only included for technical reasons.
+// Instead, use one of the libraries linked above.
//
// Consumes:
// - application/x-www-form-urlencoded
@@ -959,12 +1161,13 @@ func (h *Handler) oauth2TokenExchange(w http.ResponseWriter, r *http.Request) {
}
if accessRequest.GetGrantTypes().ExactOne(string(fosite.GrantTypeClientCredentials)) ||
- accessRequest.GetGrantTypes().ExactOne(string(fosite.GrantTypeJWTBearer)) {
+ accessRequest.GetGrantTypes().ExactOne(string(fosite.GrantTypeJWTBearer)) ||
+ accessRequest.GetGrantTypes().ExactOne(string(fosite.GrantTypePassword)) {
var accessTokenKeyID string
if h.c.AccessTokenStrategy(ctx, client.AccessTokenStrategySource(accessRequest.GetClient())) == "jwt" {
accessTokenKeyID, err = h.r.AccessTokenJWTStrategy().GetPublicKeyID(ctx)
if err != nil {
- x.LogError(r, err, h.r.Logger())
+ h.logOrAudit(err, r)
h.r.OAuth2Provider().WriteAccessError(ctx, w, accessRequest, err)
events.Trace(ctx, events.TokenExchangeError, events.WithRequest(accessRequest))
return
@@ -972,18 +1175,30 @@ func (h *Handler) oauth2TokenExchange(w http.ResponseWriter, r *http.Request) {
}
// only for client_credentials, otherwise Authentication is included in session
- if accessRequest.GetGrantTypes().ExactOne("client_credentials") {
+ if accessRequest.GetGrantTypes().ExactOne(string(fosite.GrantTypeClientCredentials)) {
session.Subject = accessRequest.GetClient().GetID()
}
+ // only for password grant, otherwise Authentication is included in session
+ if accessRequest.GetGrantTypes().ExactOne(string(fosite.GrantTypePassword)) {
+ if sess, ok := accessRequest.GetSession().(fosite.ExtraClaimsSession); ok {
+ sess.GetExtraClaims()["username"] = accessRequest.GetRequestForm().Get("username")
+ session.DefaultSession.Username = accessRequest.GetRequestForm().Get("username")
+ }
+
+ // Also add audience claims
+ for _, aud := range accessRequest.GetClient().GetAudience() {
+ accessRequest.GrantAudience(aud)
+ }
+ }
session.ClientID = accessRequest.GetClient().GetID()
session.KID = accessTokenKeyID
- session.DefaultSession.Claims.Issuer = h.c.IssuerURL(r.Context()).String()
+ session.DefaultSession.Claims.Issuer = h.c.IssuerURL(ctx).String()
session.DefaultSession.Claims.IssuedAt = time.Now().UTC()
scopes := accessRequest.GetRequestedScopes()
// Added for compatibility with MITREid
- if h.c.GrantAllClientCredentialsScopesPerDefault(r.Context()) && len(scopes) == 0 {
+ if h.c.GrantAllClientCredentialsScopesPerDefault(ctx) && len(scopes) == 0 {
for _, scope := range accessRequest.GetClient().GetScopes() {
accessRequest.GrantScope(scope)
}
@@ -1003,7 +1218,7 @@ func (h *Handler) oauth2TokenExchange(w http.ResponseWriter, r *http.Request) {
}
for _, hook := range h.r.AccessRequestHooks() {
- if err := hook(ctx, accessRequest); err != nil {
+ if err = hook(ctx, accessRequest); err != nil {
h.logOrAudit(err, r)
h.r.OAuth2Provider().WriteAccessError(ctx, w, accessRequest, err)
events.Trace(ctx, events.TokenExchangeError, events.WithRequest(accessRequest))
@@ -1011,8 +1226,12 @@ func (h *Handler) oauth2TokenExchange(w http.ResponseWriter, r *http.Request) {
}
}
- accessResponse, err := h.r.OAuth2Provider().NewAccessResponse(ctx, accessRequest)
- if err != nil {
+ var accessResponse fosite.AccessResponder
+ if err := h.r.Persister().Transaction(ctx, func(ctx context.Context, _ *pop.Connection) error {
+ var err error
+ accessResponse, err = h.r.OAuth2Provider().NewAccessResponse(ctx, accessRequest)
+ return err
+ }); err != nil {
h.logOrAudit(err, r)
h.r.OAuth2Provider().WriteAccessError(ctx, w, accessRequest, err)
events.Trace(ctx, events.TokenExchangeError, events.WithRequest(accessRequest))
@@ -1029,16 +1248,18 @@ func (h *Handler) oauth2TokenExchange(w http.ResponseWriter, r *http.Request) {
// Use open source libraries to perform OAuth 2.0 and OpenID Connect
// available for any programming language. You can find a list of libraries at https://oauth.net/code/
//
-// The Ory SDK is not yet able to this endpoint properly.
+// This endpoint should not be used via the Ory SDK and is only included for technical reasons.
+// Instead, use one of the libraries linked above.
//
-// Consumes:
-// - application/x-www-form-urlencoded
+// Consumes:
+// - application/x-www-form-urlencoded
//
-// Schemes: http, https
+// Schemes: http, https
//
-// Responses:
-// 302: emptyResponse
-// default: errorOAuth2
+// Responses:
+//
+// 302: emptyResponse
+// default: errorOAuth2
func (h *Handler) oAuth2Authorize(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
ctx := r.Context()
@@ -1049,7 +1270,7 @@ func (h *Handler) oAuth2Authorize(w http.ResponseWriter, r *http.Request, _ http
return
}
- session, flow, err := h.r.ConsentStrategy().HandleOAuth2AuthorizationRequest(ctx, w, r, authorizeRequest)
+ acceptConsentSession, flow, err := h.r.ConsentStrategy().HandleOAuth2AuthorizationRequest(ctx, w, r, authorizeRequest)
if errors.Is(err, consent.ErrAbortOAuth2Request) {
x.LogAudit(r, nil, h.r.AuditLogger())
// do nothing
@@ -1064,82 +1285,17 @@ func (h *Handler) oAuth2Authorize(w http.ResponseWriter, r *http.Request, _ http
return
}
- for _, scope := range session.GrantedScope {
- authorizeRequest.GrantScope(scope)
- }
-
- for _, audience := range session.GrantedAudience {
- authorizeRequest.GrantAudience(audience)
- }
-
- openIDKeyID, err := h.r.OpenIDJWTStrategy().GetPublicKeyID(ctx)
+ authorizeRequest.SetID(acceptConsentSession.ID)
+ session, err := h.updateSessionWithRequest(ctx, acceptConsentSession, flow, r, authorizeRequest, nil)
if err != nil {
- x.LogError(r, err, h.r.Logger())
h.writeAuthorizeError(w, r, authorizeRequest, err)
return
}
-
- var accessTokenKeyID string
- if h.c.AccessTokenStrategy(r.Context(), client.AccessTokenStrategySource(authorizeRequest.GetClient())) == "jwt" {
- accessTokenKeyID, err = h.r.AccessTokenJWTStrategy().GetPublicKeyID(ctx)
- if err != nil {
- x.LogError(r, err, h.r.Logger())
- h.writeAuthorizeError(w, r, authorizeRequest, err)
- return
- }
- }
-
- obfuscatedSubject, err := h.r.ConsentStrategy().ObfuscateSubjectIdentifier(ctx, authorizeRequest.GetClient(), session.ConsentRequest.Subject, session.ConsentRequest.ForceSubjectIdentifier)
- if e := &(fosite.RFC6749Error{}); errors.As(err, &e) {
- x.LogAudit(r, err, h.r.AuditLogger())
- h.writeAuthorizeError(w, r, authorizeRequest, err)
- return
- } else if err != nil {
- x.LogError(r, err, h.r.Logger())
- h.writeAuthorizeError(w, r, authorizeRequest, err)
- return
- }
-
- authorizeRequest.SetID(session.ID)
- claims := &jwt.IDTokenClaims{
- Subject: obfuscatedSubject,
- Issuer: h.c.IssuerURL(ctx).String(),
- AuthTime: time.Time(session.AuthenticatedAt),
- RequestedAt: session.RequestedAt,
- Extra: session.Session.IDToken,
- AuthenticationContextClassReference: session.ConsentRequest.ACR,
- AuthenticationMethodsReferences: session.ConsentRequest.AMR,
-
- // These are required for work around https://github.com/ory/fosite/issues/530
- Nonce: authorizeRequest.GetRequestForm().Get("nonce"),
- Audience: []string{authorizeRequest.GetClient().GetID()},
- IssuedAt: time.Now().Truncate(time.Second).UTC(),
-
- // This is set by the fosite strategy
- // ExpiresAt: time.Now().Add(h.IDTokenLifespan).UTC(),
- }
- claims.Add("sid", session.ConsentRequest.LoginSessionID)
-
- // done
- response, err := h.r.OAuth2Provider().NewAuthorizeResponse(ctx, authorizeRequest, &Session{
- DefaultSession: &openid.DefaultSession{
- Claims: claims,
- Headers: &jwt.Headers{Extra: map[string]interface{}{
- // required for lookup on jwk endpoint
- "kid": openIDKeyID,
- }},
- Subject: session.ConsentRequest.Subject,
- },
- Extra: session.Session.AccessToken,
- KID: accessTokenKeyID,
- ClientID: authorizeRequest.GetClient().GetID(),
- ConsentChallenge: session.ID,
- ExcludeNotBeforeClaim: h.c.ExcludeNotBeforeClaim(ctx),
- AllowedTopLevelClaims: h.c.AllowedTopLevelClaims(ctx),
- MirrorTopLevelClaims: h.c.MirrorTopLevelClaims(ctx),
- Flow: flow,
- })
- if err != nil {
+ var response fosite.AuthorizeResponder
+ if err := h.r.Persister().Transaction(ctx, func(ctx context.Context, _ *pop.Connection) (err error) {
+ response, err = h.r.OAuth2Provider().NewAuthorizeResponse(ctx, authorizeRequest, session)
+ return err
+ }); err != nil {
x.LogError(r, err, h.r.Logger())
h.writeAuthorizeError(w, r, authorizeRequest, err)
return
@@ -1209,6 +1365,92 @@ func (h *Handler) writeAuthorizeError(w http.ResponseWriter, r *http.Request, ar
h.r.OAuth2Provider().WriteAuthorizeError(r.Context(), w, ar, err)
}
+// updateSessionWithRequest takes a session and a fosite.request as input and returns a new session.
+// If any errors occur, they are logged.
+func (h *Handler) updateSessionWithRequest(
+ ctx context.Context,
+ consent *flow.AcceptOAuth2ConsentRequest,
+ flow *flow.Flow,
+ r *http.Request,
+ request fosite.Requester,
+ session *Session,
+) (*Session, error) {
+ for _, scope := range consent.GrantedScope {
+ request.GrantScope(scope)
+ }
+
+ for _, audience := range consent.GrantedAudience {
+ request.GrantAudience(audience)
+ }
+
+ openIDKeyID, err := h.r.OpenIDJWTStrategy().GetPublicKeyID(ctx)
+ if err != nil {
+ x.LogError(r, err, h.r.Logger())
+ return nil, err
+ }
+
+ var accessTokenKeyID string
+ if h.c.AccessTokenStrategy(ctx, client.AccessTokenStrategySource(request.GetClient())) == "jwt" {
+ accessTokenKeyID, err = h.r.AccessTokenJWTStrategy().GetPublicKeyID(ctx)
+ if err != nil {
+ x.LogError(r, err, h.r.Logger())
+ return nil, err
+ }
+ }
+
+ obfuscatedSubject, err := h.r.ConsentStrategy().ObfuscateSubjectIdentifier(ctx, request.GetClient(), consent.ConsentRequest.Subject, consent.ConsentRequest.ForceSubjectIdentifier)
+ if e := &(fosite.RFC6749Error{}); errors.As(err, &e) {
+ x.LogAudit(r, err, h.r.AuditLogger())
+ return nil, err
+ } else if err != nil {
+ x.LogError(r, err, h.r.Logger())
+ return nil, err
+ }
+
+ claims := &jwt.IDTokenClaims{
+ Subject: obfuscatedSubject,
+ Issuer: h.c.IssuerURL(ctx).String(),
+ AuthTime: time.Time(consent.AuthenticatedAt),
+ RequestedAt: consent.RequestedAt,
+ Extra: consent.Session.IDToken,
+ AuthenticationContextClassReference: consent.ConsentRequest.ACR,
+ AuthenticationMethodsReferences: consent.ConsentRequest.AMR,
+
+ // These are required for work around https://github.com/ory/fosite/issues/530
+ Nonce: request.GetRequestForm().Get("nonce"),
+ Audience: []string{request.GetClient().GetID()},
+ IssuedAt: time.Now().Truncate(time.Second).UTC(),
+
+ // This is set by the fosite strategy
+ // ExpiresAt: time.Now().Add(h.IDTokenLifespan).UTC(),
+ }
+ claims.Add("sid", consent.ConsentRequest.LoginSessionID)
+
+ if session == nil {
+ session = &Session{}
+ }
+
+ if session.DefaultSession == nil {
+ session.DefaultSession = &openid.DefaultSession{}
+ }
+ session.DefaultSession.Claims = claims
+ session.DefaultSession.Headers = &jwt.Headers{Extra: map[string]interface{}{
+ // required for lookup on jwk endpoint
+ "kid": openIDKeyID,
+ }}
+ session.DefaultSession.Subject = consent.ConsentRequest.Subject
+ session.Extra = consent.Session.AccessToken
+ session.KID = accessTokenKeyID
+ session.ClientID = request.GetClient().GetID()
+ session.ConsentChallenge = consent.ID
+ session.ExcludeNotBeforeClaim = h.c.ExcludeNotBeforeClaim(ctx)
+ session.AllowedTopLevelClaims = h.c.AllowedTopLevelClaims(ctx)
+ session.MirrorTopLevelClaims = h.c.MirrorTopLevelClaims(ctx)
+ session.Flow = flow
+
+ return session, nil
+}
+
func (h *Handler) logOrAudit(err error, r *http.Request) {
if errors.Is(err, fosite.ErrServerError) || errors.Is(err, fosite.ErrTemporarilyUnavailable) || errors.Is(err, fosite.ErrMisconfiguration) {
x.LogError(r, err, h.r.Logger())
diff --git a/oauth2/handler_test.go b/oauth2/handler_test.go
index 95249eb8632..f2d159af614 100644
--- a/oauth2/handler_test.go
+++ b/oauth2/handler_test.go
@@ -77,7 +77,7 @@ func TestHandlerDeleteHandler(t *testing.T) {
c.GetConfig().Servers = hydra.ServerConfigurations{{URL: ts.URL}}
_, err := c.
- OAuth2Api.DeleteOAuth2Token(context.Background()).
+ OAuth2API.DeleteOAuth2Token(context.Background()).
ClientId("foobar").Execute()
require.NoError(t, err)
diff --git a/oauth2/helper_test.go b/oauth2/helper_test.go
index 74c25bdcfb0..3a40592bfdd 100644
--- a/oauth2/helper_test.go
+++ b/oauth2/helper_test.go
@@ -12,7 +12,7 @@ import (
)
func Tokens(c fosite.Configurator, length int) (res [][]string) {
- s := &oauth2.HMACSHAStrategy{Enigma: &hmac.HMACStrategy{Config: c}, Config: c}
+ s := oauth2.NewHMACSHAStrategy(&hmac.HMACStrategy{Config: c}, c)
for i := 0; i < length; i++ {
tok, sig, _ := s.Enigma.Generate(context.Background())
diff --git a/oauth2/introspector_test.go b/oauth2/introspector_test.go
index 6511a77e33e..16b279f036f 100644
--- a/oauth2/introspector_test.go
+++ b/oauth2/introspector_test.go
@@ -83,8 +83,8 @@ func TestIntrospectorSDK(t *testing.T) {
// token: tokens[0][1],
// expectInactive: true,
// expectCode: http.StatusUnauthorized,
- // prepare: func(*testing.T) *hydra.OAuth2Api.{
- // client := hydra.Ne.OAuth2Api.ithBasePath(server.URL)
+ // prepare: func(*testing.T) *hydra.OAuth2API.{
+ // client := hydra.Ne.OAuth2API.ithBasePath(server.URL)
// client.config.Username = "foo"
// client.config.Password = "foo"
// return client
@@ -148,7 +148,7 @@ func TestIntrospectorSDK(t *testing.T) {
client.GetConfig().Servers = hydra.ServerConfigurations{{URL: server.URL}}
}
- ctx, _, err := client.OAuth2Api.IntrospectOAuth2Token(context.Background()).
+ ctx, _, err := client.OAuth2API.IntrospectOAuth2Token(context.Background()).
Token(c.token).Scope(strings.Join(c.scopes, " ")).Execute()
require.NoError(t, err)
diff --git a/oauth2/oauth2_auth_code_bench_test.go b/oauth2/oauth2_auth_code_bench_test.go
index 254b9cce8f9..568ff00287c 100644
--- a/oauth2/oauth2_auth_code_bench_test.go
+++ b/oauth2/oauth2_auth_code_bench_test.go
@@ -146,7 +146,7 @@ func BenchmarkAuthCode(b *testing.B) {
acceptLoginHandler := func(b *testing.B, c *hc.Client, checkRequestPayload func(request *hydra.OAuth2LoginRequest) *hydra.AcceptOAuth2LoginRequest) http.HandlerFunc {
return otelhttp.NewHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
- rr, _, err := adminClient.OAuth2Api.GetOAuth2LoginRequest(ctx).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
+ rr, _, err := adminClient.OAuth2API.GetOAuth2LoginRequest(ctx).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
require.NoError(b, err)
assert.EqualValues(b, c.GetID(), pointerx.Deref(rr.Client.ClientId))
@@ -171,7 +171,7 @@ func BenchmarkAuthCode(b *testing.B) {
}
}
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2LoginRequest(ctx).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2LoginRequest(ctx).
LoginChallenge(r.URL.Query().Get("login_challenge")).
AcceptOAuth2LoginRequest(acceptBody).
Execute()
@@ -184,7 +184,7 @@ func BenchmarkAuthCode(b *testing.B) {
acceptConsentHandler := func(b *testing.B, c *hc.Client, checkRequestPayload func(*hydra.OAuth2ConsentRequest)) http.HandlerFunc {
return otelhttp.NewHandler(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
ctx := r.Context()
- rr, _, err := adminClient.OAuth2Api.GetOAuth2ConsentRequest(ctx).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
+ rr, _, err := adminClient.OAuth2API.GetOAuth2ConsentRequest(ctx).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
require.NoError(b, err)
assert.EqualValues(b, c.GetID(), pointerx.Deref(rr.Client.ClientId))
@@ -201,7 +201,7 @@ func BenchmarkAuthCode(b *testing.B) {
}
assert.Equal(b, map[string]interface{}{"context": "bar"}, rr.Context)
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2ConsentRequest(ctx).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2ConsentRequest(ctx).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
AcceptOAuth2ConsentRequest(hydra.AcceptOAuth2ConsentRequest{
GrantScope: []string{"hydra", "offline", "openid"}, Remember: pointerx.Ptr(true), RememberFor: pointerx.Ptr[int64](0),
diff --git a/oauth2/oauth2_auth_code_test.go b/oauth2/oauth2_auth_code_test.go
index 69e9d42e427..43d42e2a190 100644
--- a/oauth2/oauth2_auth_code_test.go
+++ b/oauth2/oauth2_auth_code_test.go
@@ -104,7 +104,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
acceptLoginHandler := func(t *testing.T, c *client.Client, subject string, checkRequestPayload func(request *hydra.OAuth2LoginRequest) *hydra.AcceptOAuth2LoginRequest) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- rr, _, err := adminClient.OAuth2Api.GetOAuth2LoginRequest(context.Background()).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
+ rr, _, err := adminClient.OAuth2API.GetOAuth2LoginRequest(context.Background()).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
require.NoError(t, err)
assert.EqualValues(t, c.GetID(), pointerx.Deref(rr.Client.ClientId))
@@ -129,7 +129,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
}
}
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2LoginRequest(context.Background()).
LoginChallenge(r.URL.Query().Get("login_challenge")).
AcceptOAuth2LoginRequest(acceptBody).
Execute()
@@ -141,7 +141,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
acceptConsentHandler := func(t *testing.T, c *client.Client, subject string, checkRequestPayload func(*hydra.OAuth2ConsentRequest)) http.HandlerFunc {
return func(w http.ResponseWriter, r *http.Request) {
- rr, _, err := adminClient.OAuth2Api.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
+ rr, _, err := adminClient.OAuth2API.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
require.NoError(t, err)
assert.EqualValues(t, c.GetID(), pointerx.Deref(rr.Client.ClientId))
@@ -158,14 +158,14 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
}
assert.Equal(t, map[string]interface{}{"context": "bar"}, rr.Context)
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2ConsentRequest(context.Background()).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
AcceptOAuth2ConsentRequest(hydra.AcceptOAuth2ConsentRequest{
GrantScope: []string{"hydra", "offline", "openid"}, Remember: pointerx.Ptr(true), RememberFor: pointerx.Ptr[int64](0),
GrantAccessTokenAudience: rr.RequestedAccessTokenAudience,
Session: &hydra.AcceptOAuth2ConsentRequestSession{
AccessToken: map[string]interface{}{"foo": "bar"},
- IdToken: map[string]interface{}{"bar": "baz"},
+ IdToken: map[string]interface{}{"bar": "baz", "email": "foo@bar.com"},
},
}).
Execute()
@@ -176,8 +176,9 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
}
assertRefreshToken := func(t *testing.T, token *oauth2.Token, c *oauth2.Config, expectedExp time.Time) {
- actualExp, err := strconv.ParseInt(testhelpers.IntrospectToken(t, c, token.RefreshToken, adminTS).Get("exp").String(), 10, 64)
- require.NoError(t, err)
+ introspect := testhelpers.IntrospectToken(t, c, token.RefreshToken, adminTS)
+ actualExp, err := strconv.ParseInt(introspect.Get("exp").String(), 10, 64)
+ require.NoError(t, err, "%s", introspect)
requirex.EqualTime(t, expectedExp, time.Unix(actualExp, 0), time.Second)
}
@@ -206,6 +207,8 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
assert.EqualValues(t, expectedSubject, claims.Get("sub").String(), "%s", claims)
assert.EqualValues(t, expectedNonce, claims.Get("nonce").String(), "%s", claims)
assert.EqualValues(t, `baz`, claims.Get("bar").String(), "%s", claims)
+ assert.EqualValues(t, `foo@bar.com`, claims.Get("email").String(), "%s", claims)
+ assert.NotEmpty(t, claims.Get("sid").String(), "%s", claims)
return claims
}
@@ -330,9 +333,189 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
})
})
+ t.Run("case=graceful token rotation", func(t *testing.T) {
+ run := func(t *testing.T, strategy string) {
+ reg.Config().MustSet(ctx, config.KeyRefreshTokenRotationGracePeriod, "5s")
+ t.Cleanup(func() {
+ reg.Config().MustSet(ctx, config.KeyRefreshTokenRotationGracePeriod, nil)
+ })
+
+ c, conf := newOAuth2Client(t, reg, testhelpers.NewCallbackURL(t, "callback", testhelpers.HTTPServerNotImplementedHandler))
+ testhelpers.NewLoginConsentUI(t, reg.Config(),
+ acceptLoginHandler(t, c, subject, nil),
+ acceptConsentHandler(t, c, subject, nil),
+ )
+
+ issueTokens := func(t *testing.T) *oauth2.Token {
+ code, _ := getAuthorizeCode(t, conf, nil, oauth2.SetAuthURLParam("nonce", nonce))
+ require.NotEmpty(t, code)
+ token, err := conf.Exchange(context.Background(), code)
+ iat := time.Now()
+ require.NoError(t, err)
+
+ introspectAccessToken(t, conf, token, subject)
+ assertJWTAccessToken(t, strategy, conf, token, subject, iat.Add(reg.Config().GetAccessTokenLifespan(ctx)), `["hydra","offline","openid"]`)
+ assertIDToken(t, token, conf, subject, nonce, iat.Add(reg.Config().GetIDTokenLifespan(ctx)))
+ assertRefreshToken(t, token, conf, iat.Add(reg.Config().GetRefreshTokenLifespan(ctx)))
+ return token
+ }
+
+ refreshTokens := func(t *testing.T, token *oauth2.Token) *oauth2.Token {
+ require.NotEmpty(t, token.RefreshToken)
+ token.Expiry = token.Expiry.Add(-time.Hour * 24)
+ iat := time.Now()
+ refreshedToken, err := conf.TokenSource(context.Background(), token).Token()
+ require.NoError(t, err)
+
+ require.NotEqual(t, token.AccessToken, refreshedToken.AccessToken)
+ require.NotEqual(t, token.RefreshToken, refreshedToken.RefreshToken)
+ require.NotEqual(t, token.Extra("id_token"), refreshedToken.Extra("id_token"))
+
+ introspectAccessToken(t, conf, refreshedToken, subject)
+ assertJWTAccessToken(t, strategy, conf, refreshedToken, subject, iat.Add(reg.Config().GetAccessTokenLifespan(ctx)), `["hydra","offline","openid"]`)
+ assertIDToken(t, refreshedToken, conf, subject, nonce, iat.Add(reg.Config().GetIDTokenLifespan(ctx)))
+ assertRefreshToken(t, refreshedToken, conf, iat.Add(reg.Config().GetRefreshTokenLifespan(ctx)))
+ return refreshedToken
+ }
+
+ t.Run("followup=successfully perform refresh token flow", func(t *testing.T) {
+ start := time.Now()
+
+ token := issueTokens(t)
+ var first, second *oauth2.Token
+ t.Run("followup=first refresh", func(t *testing.T) {
+ first = refreshTokens(t, token)
+ })
+
+ t.Run("followup=second refresh", func(t *testing.T) {
+ second = refreshTokens(t, token)
+ })
+
+ // Sleep until the grace period is over
+ time.Sleep(time.Until(start.Add(5*time.Second + time.Millisecond*10)))
+ t.Run("followup=refresh failure invalidates all tokens", func(t *testing.T) {
+ _, err := conf.TokenSource(context.Background(), token).Token()
+ assert.Error(t, err)
+
+ i := testhelpers.IntrospectToken(t, conf, first.AccessToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, second.AccessToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, first.RefreshToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, second.RefreshToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+ })
+ })
+
+ t.Run("followup=successfully perform refresh token flow", func(t *testing.T) {
+ start := time.Now()
+
+ token := issueTokens(t)
+ var first, second *oauth2.Token
+ t.Run("followup=first refresh", func(t *testing.T) {
+ first = refreshTokens(t, token)
+ })
+
+ t.Run("followup=second refresh", func(t *testing.T) {
+ second = refreshTokens(t, token)
+ })
+
+ // Sleep until the grace period is over
+ time.Sleep(time.Until(start.Add(5*time.Second + time.Millisecond*10)))
+ t.Run("followup=revoking consent revokes all tokens", func(t *testing.T) {
+ err := reg.ConsentManager().RevokeSubjectConsentSession(context.Background(), subject)
+ require.NoError(t, err)
+
+ _, err = conf.TokenSource(context.Background(), token).Token()
+ assert.Error(t, err)
+
+ i := testhelpers.IntrospectToken(t, conf, first.AccessToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, second.AccessToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, first.RefreshToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, second.RefreshToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+ })
+ })
+
+ t.Run("followup=graceful refresh tokens are all refreshed", func(t *testing.T) {
+ start := time.Now()
+ token := issueTokens(t)
+ var a1Refresh, b1Refresh, a2RefreshA, a2RefreshB, b2RefreshA, b2RefreshB *oauth2.Token
+ t.Run("followup=first refresh", func(t *testing.T) {
+ a1Refresh = refreshTokens(t, token)
+ })
+
+ t.Run("followup=second refresh", func(t *testing.T) {
+ b1Refresh = refreshTokens(t, token)
+ })
+
+ t.Run("followup=first refresh from first refresh", func(t *testing.T) {
+ a2RefreshA = refreshTokens(t, a1Refresh)
+ })
+
+ t.Run("followup=second refresh from first refresh", func(t *testing.T) {
+ a2RefreshB = refreshTokens(t, a1Refresh)
+ })
+
+ t.Run("followup=first refresh from second refresh", func(t *testing.T) {
+ b2RefreshA = refreshTokens(t, b1Refresh)
+ })
+
+ t.Run("followup=second refresh from second refresh", func(t *testing.T) {
+ b2RefreshB = refreshTokens(t, b1Refresh)
+ })
+
+ // Sleep until the grace period is over
+ time.Sleep(time.Until(start.Add(5*time.Second + time.Millisecond*10)))
+ t.Run("followup=refresh failure invalidates all tokens", func(t *testing.T) {
+ _, err := conf.TokenSource(context.Background(), token).Token()
+ assert.Error(t, err)
+
+ for k, token := range []*oauth2.Token{
+ a1Refresh, b1Refresh, a2RefreshA, a2RefreshB, b2RefreshA, b2RefreshB,
+ } {
+ t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
+ i := testhelpers.IntrospectToken(t, conf, token.AccessToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, token.AccessToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, token.RefreshToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+
+ i = testhelpers.IntrospectToken(t, conf, token.RefreshToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+ })
+ }
+ })
+ })
+ }
+
+ t.Run("strategy=jwt", func(t *testing.T) {
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "jwt")
+ run(t, "jwt")
+ })
+
+ t.Run("strategy=opaque", func(t *testing.T) {
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
+ run(t, "opaque")
+ })
+ })
+
t.Run("case=perform authorize code flow with verifable credentials", func(t *testing.T) {
// Make sure we test against all crypto suites that we advertise.
- cfg, _, err := publicClient.OidcApi.DiscoverOidcConfiguration(ctx).Execute()
+ cfg, _, err := publicClient.OidcAPI.DiscoverOidcConfiguration(ctx).Execute()
require.NoError(t, err)
supportedCryptoSuites := cfg.CredentialsSupportedDraft00[0].CryptographicSuitesSupported
@@ -351,7 +534,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
Amr: []string{"pwd"},
Context: map[string]interface{}{"context": "bar"},
}
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2LoginRequest(context.Background()).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2LoginRequest(context.Background()).
LoginChallenge(r.URL.Query().Get("login_challenge")).
AcceptOAuth2LoginRequest(acceptBody).
Execute()
@@ -360,11 +543,11 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
http.Redirect(w, r, v.RedirectTo, http.StatusFound)
},
func(w http.ResponseWriter, r *http.Request) {
- rr, _, err := adminClient.OAuth2Api.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
+ rr, _, err := adminClient.OAuth2API.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
require.NoError(t, err)
assert.Equal(t, map[string]interface{}{"context": "bar"}, rr.Context)
- v, _, err := adminClient.OAuth2Api.AcceptOAuth2ConsentRequest(context.Background()).
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2ConsentRequest(context.Background()).
ConsentChallenge(r.URL.Query().Get("consent_challenge")).
AcceptOAuth2ConsentRequest(hydra.AcceptOAuth2ConsentRequest{
GrantScope: []string{"openid", "userinfo_credential_draft_00"},
@@ -614,7 +797,7 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
t.Run("case=checks if request fails when subject is empty", func(t *testing.T) {
testhelpers.NewLoginConsentUI(t, reg.Config(), func(w http.ResponseWriter, r *http.Request) {
- _, res, err := adminClient.OAuth2Api.AcceptOAuth2LoginRequest(ctx).
+ _, res, err := adminClient.OAuth2API.AcceptOAuth2LoginRequest(ctx).
LoginChallenge(r.URL.Query().Get("login_challenge")).
AcceptOAuth2LoginRequest(hydra.AcceptOAuth2LoginRequest{Subject: "", Remember: pointerx.Ptr(true)}).Execute()
require.Error(t, err) // expects 400
@@ -981,10 +1164,10 @@ func TestAuthCodeWithDefaultStrategy(t *testing.T) {
var hookReq hydraoauth2.TokenHookRequest
require.NoError(t, json.NewDecoder(r.Body).Decode(&hookReq))
require.NotEmpty(t, hookReq.Session)
- require.Equal(t, hookReq.Session.Extra, map[string]interface{}{"foo": "bar"})
+ require.Equal(t, map[string]interface{}{"foo": "bar"}, hookReq.Session.Extra)
require.NotEmpty(t, hookReq.Request)
- require.ElementsMatch(t, hookReq.Request.GrantedAudience, []string{})
- require.Equal(t, hookReq.Request.Payload, map[string][]string{})
+ require.ElementsMatch(t, []string{}, hookReq.Request.GrantedAudience)
+ require.Equal(t, map[string][]string{"grant_type": {"authorization_code"}}, hookReq.Request.Payload)
claims := map[string]interface{}{
"hooked": true,
@@ -1345,7 +1528,7 @@ func TestAuthCodeWithMockStrategy(t *testing.T) {
TokenURL: ts.URL + "/oauth2/token",
},
RedirectURL: ts.URL + "/callback",
- Scopes: []string{"hydra.*", "offline", "openid"},
+ Scopes: []string{"offline", "openid", "hydra.*"},
}
var code string
@@ -1667,7 +1850,7 @@ func TestAuthCodeWithMockStrategy(t *testing.T) {
require.Equal(t, hookReq.Request.ClientID, oauthConfig.ClientID)
require.ElementsMatch(t, hookReq.Request.GrantedScopes, expectedGrantedScopes)
require.ElementsMatch(t, hookReq.Request.GrantedAudience, []string{})
- require.Equal(t, hookReq.Request.Payload, map[string][]string{})
+ require.Equal(t, hookReq.Request.Payload, map[string][]string{"grant_type": {"refresh_token"}})
snapshotx.SnapshotT(t, hookReq, snapshotx.ExceptPaths(exceptKeys...))
}
@@ -1937,6 +2120,7 @@ func newOAuth2Client(
return c, &oauth2.Config{
ClientID: c.GetID(),
ClientSecret: secret,
+ RedirectURL: callbackURL,
Endpoint: oauth2.Endpoint{
AuthURL: reg.Config().OAuth2AuthURL(ctx).String(),
TokenURL: reg.Config().OAuth2TokenURL(ctx).String(),
diff --git a/oauth2/oauth2_client_credentials_test.go b/oauth2/oauth2_client_credentials_test.go
index 40696ac1238..9d5067dafb1 100644
--- a/oauth2/oauth2_client_credentials_test.go
+++ b/oauth2/oauth2_client_credentials_test.go
@@ -268,7 +268,10 @@ func TestClientCredentials(t *testing.T) {
require.NotEmpty(t, hookReq.Request)
require.ElementsMatch(t, hookReq.Request.GrantedScopes, expectedGrantedScopes)
require.ElementsMatch(t, hookReq.Request.GrantedAudience, expectedGrantedAudience)
- require.Equal(t, hookReq.Request.Payload, map[string][]string{})
+ require.Equal(t, hookReq.Request.Payload, map[string][]string{
+ "grant_type": {"client_credentials"},
+ "scope": {"foobar"},
+ })
claims := map[string]interface{}{
"hooked": true,
diff --git a/oauth2/oauth2_device_code_test.go b/oauth2/oauth2_device_code_test.go
new file mode 100644
index 00000000000..ed55678c8ac
--- /dev/null
+++ b/oauth2/oauth2_device_code_test.go
@@ -0,0 +1,696 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package oauth2_test
+
+import (
+ "context"
+ "net/http"
+ "strconv"
+ "strings"
+ "testing"
+ "time"
+
+ "github.com/pborman/uuid"
+
+ "github.com/ory/fosite/token/jwt"
+
+ "github.com/stretchr/testify/assert"
+ "github.com/stretchr/testify/require"
+ "github.com/tidwall/gjson"
+ "golang.org/x/oauth2"
+
+ "github.com/ory/fosite"
+ "github.com/ory/fosite/handler/openid"
+ hydra "github.com/ory/hydra-client-go/v2"
+ "github.com/ory/hydra/v2/client"
+ "github.com/ory/hydra/v2/driver/config"
+ "github.com/ory/hydra/v2/internal"
+ "github.com/ory/hydra/v2/internal/testhelpers"
+ hydraoauth2 "github.com/ory/hydra/v2/oauth2"
+ "github.com/ory/hydra/v2/x"
+ "github.com/ory/x/contextx"
+ "github.com/ory/x/pointerx"
+ "github.com/ory/x/requirex"
+)
+
+func TestDeviceAuthRequest(t *testing.T) {
+ ctx := context.Background()
+ reg := internal.NewMockedRegistry(t, &contextx.Default{})
+ testhelpers.NewOAuth2Server(ctx, t, reg)
+
+ secret := uuid.New()
+ c := &client.Client{
+ ID: "device-client",
+ Secret: secret,
+ GrantTypes: []string{"urn:ietf:params:oauth:grant-type:device_code"},
+ Scope: "hydra offline openid",
+ Audience: []string{"https://api.ory.sh/"},
+ TokenEndpointAuthMethod: "client_secret_post",
+ }
+ require.NoError(t, reg.ClientManager().CreateClient(ctx, c))
+
+ oauthClient := &oauth2.Config{
+ ClientID: c.GetID(),
+ ClientSecret: secret,
+ Endpoint: oauth2.Endpoint{
+ DeviceAuthURL: reg.Config().OAuth2DeviceAuthorisationURL(ctx).String(),
+ TokenURL: reg.Config().OAuth2TokenURL(ctx).String(),
+ AuthStyle: oauth2.AuthStyleInParams,
+ },
+ Scopes: strings.Split(c.Scope, " "),
+ }
+
+ testCases := []struct {
+ description string
+ setUp func()
+ check func(t *testing.T, resp *oauth2.DeviceAuthResponse, err error)
+ cleanUp func()
+ }{
+ {
+ description: "should pass",
+ check: func(t *testing.T, resp *oauth2.DeviceAuthResponse, _ error) {
+ assert.NotEmpty(t, resp.DeviceCode)
+ assert.NotEmpty(t, resp.UserCode)
+ assert.NotEmpty(t, resp.Interval)
+ assert.NotEmpty(t, resp.VerificationURI)
+ assert.NotEmpty(t, resp.VerificationURIComplete)
+ },
+ },
+ }
+
+ for _, testCase := range testCases {
+ t.Run("case="+testCase.description, func(t *testing.T) {
+ if testCase.setUp != nil {
+ testCase.setUp()
+ }
+
+ resp, err := oauthClient.DeviceAuth(context.Background(), []oauth2.AuthCodeOption{oauth2.SetAuthURLParam("client_secret", secret)}...)
+
+ if testCase.check != nil {
+ testCase.check(t, resp, err)
+ }
+
+ if testCase.cleanUp != nil {
+ testCase.cleanUp()
+ }
+ })
+ }
+}
+
+func TestDeviceTokenRequest(t *testing.T) {
+ ctx := context.Background()
+ reg := internal.NewMockedRegistry(t, &contextx.Default{})
+ testhelpers.NewOAuth2Server(ctx, t, reg)
+
+ secret := uuid.New()
+ c := &client.Client{
+ ID: "device-client",
+ Secret: secret,
+ GrantTypes: []string{
+ string(fosite.GrantTypeDeviceCode),
+ string(fosite.GrantTypeRefreshToken),
+ },
+ Scope: "hydra offline openid",
+ Audience: []string{"https://api.ory.sh/"},
+ }
+ require.NoError(t, reg.ClientManager().CreateClient(ctx, c))
+
+ oauthClient := &oauth2.Config{
+ ClientID: c.GetID(),
+ ClientSecret: secret,
+ Endpoint: oauth2.Endpoint{
+ DeviceAuthURL: reg.Config().OAuth2DeviceAuthorisationURL(ctx).String(),
+ TokenURL: reg.Config().OAuth2TokenURL(ctx).String(),
+ AuthStyle: oauth2.AuthStyleInHeader,
+ },
+ Scopes: strings.Split(c.Scope, " "),
+ }
+
+ testCases := []struct {
+ description string
+ setUp func(signature, userCodeSignature string)
+ check func(t *testing.T, token *oauth2.Token, err error)
+ cleanUp func()
+ }{
+ {
+ description: "should pass with refresh token",
+ setUp: func(signature, userCodeSignature string) {
+ authreq := &fosite.DeviceRequest{
+ UserCodeState: fosite.UserCodeAccepted,
+ Request: fosite.Request{
+ Client: &fosite.DefaultClient{
+ ID: c.GetID(),
+ GrantTypes: []string{string(fosite.GrantTypeDeviceCode)},
+ },
+ RequestedScope: []string{"hydra", "offline"},
+ GrantedScope: []string{"hydra", "offline"},
+ Session: &hydraoauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Claims: &jwt.IDTokenClaims{
+ Subject: "hydra",
+ },
+ ExpiresAt: map[fosite.TokenType]time.Time{
+ fosite.DeviceCode: time.Now().Add(time.Hour).UTC(),
+ },
+ },
+ },
+ RequestedAt: time.Now(),
+ },
+ }
+
+ require.NoError(t, reg.OAuth2Storage().CreateDeviceAuthSession(context.TODO(), signature, userCodeSignature, authreq))
+ },
+ check: func(t *testing.T, token *oauth2.Token, err error) {
+ assert.NotEmpty(t, token.AccessToken)
+ assert.NotEmpty(t, token.RefreshToken)
+ },
+ },
+ {
+ description: "should pass with ID token",
+ setUp: func(signature, userCodeSignature string) {
+ authreq := &fosite.DeviceRequest{
+ UserCodeState: fosite.UserCodeAccepted,
+ Request: fosite.Request{
+ Client: &fosite.DefaultClient{
+ ID: c.GetID(),
+ GrantTypes: []string{string(fosite.GrantTypeDeviceCode)},
+ },
+ RequestedScope: []string{"hydra", "offline", "openid"},
+ GrantedScope: []string{"hydra", "offline", "openid"},
+ Session: &hydraoauth2.Session{
+ DefaultSession: &openid.DefaultSession{
+ Claims: &jwt.IDTokenClaims{
+ Subject: "hydra",
+ },
+ ExpiresAt: map[fosite.TokenType]time.Time{
+ fosite.DeviceCode: time.Now().Add(time.Hour).UTC(),
+ },
+ },
+ },
+ RequestedAt: time.Now(),
+ },
+ }
+
+ require.NoError(t, reg.OAuth2Storage().CreateDeviceAuthSession(context.TODO(), signature, userCodeSignature, authreq))
+ require.NoError(t, reg.OAuth2Storage().CreateOpenIDConnectSession(context.TODO(), signature, authreq))
+ },
+ check: func(t *testing.T, token *oauth2.Token, err error) {
+ assert.NotEmpty(t, token.AccessToken)
+ assert.NotEmpty(t, token.RefreshToken)
+ assert.NotEmpty(t, token.Extra("id_token"))
+ },
+ },
+ }
+
+ for _, testCase := range testCases {
+ t.Run("case="+testCase.description, func(t *testing.T) {
+ code, signature, err := reg.RFC8628HMACStrategy().GenerateDeviceCode(context.TODO())
+ _, userCodeSignature, err := reg.RFC8628HMACStrategy().GenerateUserCode(context.TODO())
+ require.NoError(t, err)
+
+ if testCase.setUp != nil {
+ testCase.setUp(signature, userCodeSignature)
+ }
+
+ var token *oauth2.Token
+ token, err = oauthClient.DeviceAccessToken(context.Background(), &oauth2.DeviceAuthResponse{DeviceCode: code})
+
+ if testCase.check != nil {
+ testCase.check(t, token, err)
+ }
+
+ if testCase.cleanUp != nil {
+ testCase.cleanUp()
+ }
+ })
+ }
+}
+
+func TestDeviceCodeWithDefaultStrategy(t *testing.T) {
+ ctx := context.Background()
+ reg := internal.NewMockedRegistry(t, &contextx.Default{})
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
+ reg.Config().MustSet(ctx, config.KeyRefreshTokenHook, "")
+ publicTS, adminTS := testhelpers.NewOAuth2Server(ctx, t, reg)
+
+ publicClient := hydra.NewAPIClient(hydra.NewConfiguration())
+ publicClient.GetConfig().Servers = hydra.ServerConfigurations{{URL: publicTS.URL}}
+ adminClient := hydra.NewAPIClient(hydra.NewConfiguration())
+ adminClient.GetConfig().Servers = hydra.ServerConfigurations{{URL: adminTS.URL}}
+
+ getDeviceCode := func(t *testing.T, conf *oauth2.Config, c *http.Client, params ...oauth2.AuthCodeOption) (*oauth2.DeviceAuthResponse, error) {
+ if c == nil {
+ c = testhelpers.NewEmptyJarClient(t)
+ }
+
+ return conf.DeviceAuth(ctx, params...)
+ }
+
+ acceptUserCode := func(t *testing.T, conf *oauth2.Config, c *http.Client, devResp *oauth2.DeviceAuthResponse) *http.Response {
+ if c == nil {
+ c = testhelpers.NewEmptyJarClient(t)
+ }
+
+ resp, err := c.Get(devResp.VerificationURIComplete)
+ require.NoError(t, err)
+ require.Contains(t, reg.Config().DeviceDoneURL(ctx).String(), resp.Request.URL.Path, "did not end up in post device URL")
+ require.Equal(t, resp.Request.URL.Query().Get("client_id"), conf.ClientID)
+
+ return resp
+ }
+
+ acceptDeviceHandler := func(t *testing.T, c *client.Client) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ userCode := r.URL.Query().Get("user_code")
+ payload := hydra.AcceptDeviceUserCodeRequest{
+ UserCode: &userCode,
+ }
+
+ v, _, err := adminClient.OAuth2API.AcceptUserCodeRequest(context.Background()).
+ DeviceChallenge(r.URL.Query().Get("device_challenge")).
+ AcceptDeviceUserCodeRequest(payload).
+ Execute()
+ require.NoError(t, err)
+ require.NotEmpty(t, v.RedirectTo)
+ http.Redirect(w, r, v.RedirectTo, http.StatusFound)
+ }
+ }
+
+ acceptLoginHandler := func(t *testing.T, c *client.Client, subject string, checkRequestPayload func(request *hydra.OAuth2LoginRequest) *hydra.AcceptOAuth2LoginRequest) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ rr, _, err := adminClient.OAuth2API.GetOAuth2LoginRequest(context.Background()).LoginChallenge(r.URL.Query().Get("login_challenge")).Execute()
+ require.NoError(t, err)
+
+ assert.EqualValues(t, c.GetID(), pointerx.Deref(rr.Client.ClientId))
+ assert.Empty(t, pointerx.Deref(rr.Client.ClientSecret))
+ assert.EqualValues(t, c.GrantTypes, rr.Client.GrantTypes)
+ assert.EqualValues(t, c.LogoURI, pointerx.Deref(rr.Client.LogoUri))
+ assert.EqualValues(t, r.URL.Query().Get("login_challenge"), rr.Challenge)
+ assert.EqualValues(t, []string{"hydra", "offline", "openid"}, rr.RequestedScope)
+ assert.Contains(t, rr.RequestUrl, hydraoauth2.DeviceVerificationPath)
+
+ acceptBody := hydra.AcceptOAuth2LoginRequest{
+ Subject: subject,
+ Remember: pointerx.Ptr(!rr.Skip),
+ Acr: pointerx.Ptr("1"),
+ Amr: []string{"pwd"},
+ Context: map[string]interface{}{"context": "bar"},
+ }
+ if checkRequestPayload != nil {
+ if b := checkRequestPayload(rr); b != nil {
+ acceptBody = *b
+ }
+ }
+
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2LoginRequest(context.Background()).
+ LoginChallenge(r.URL.Query().Get("login_challenge")).
+ AcceptOAuth2LoginRequest(acceptBody).
+ Execute()
+ require.NoError(t, err)
+ require.NotEmpty(t, v.RedirectTo)
+ http.Redirect(w, r, v.RedirectTo, http.StatusFound)
+ }
+ }
+
+ acceptConsentHandler := func(t *testing.T, c *client.Client, subject string, checkRequestPayload func(*hydra.OAuth2ConsentRequest)) http.HandlerFunc {
+ return func(w http.ResponseWriter, r *http.Request) {
+ rr, _, err := adminClient.OAuth2API.GetOAuth2ConsentRequest(context.Background()).ConsentChallenge(r.URL.Query().Get("consent_challenge")).Execute()
+ require.NoError(t, err)
+
+ assert.EqualValues(t, c.GetID(), pointerx.Deref(rr.Client.ClientId))
+ assert.Empty(t, pointerx.Deref(rr.Client.ClientSecret))
+ assert.EqualValues(t, c.GrantTypes, rr.Client.GrantTypes)
+ assert.EqualValues(t, c.LogoURI, pointerx.Deref(rr.Client.LogoUri))
+ assert.EqualValues(t, subject, pointerx.Deref(rr.Subject))
+ assert.EqualValues(t, []string{"hydra", "offline", "openid"}, rr.RequestedScope)
+ assert.EqualValues(t, r.URL.Query().Get("consent_challenge"), rr.Challenge)
+ assert.Contains(t, *rr.RequestUrl, hydraoauth2.DeviceVerificationPath)
+ if checkRequestPayload != nil {
+ checkRequestPayload(rr)
+ }
+
+ assert.Equal(t, map[string]interface{}{"context": "bar"}, rr.Context)
+ v, _, err := adminClient.OAuth2API.AcceptOAuth2ConsentRequest(context.Background()).
+ ConsentChallenge(r.URL.Query().Get("consent_challenge")).
+ AcceptOAuth2ConsentRequest(hydra.AcceptOAuth2ConsentRequest{
+ GrantScope: []string{"hydra", "offline", "openid"}, Remember: pointerx.Ptr(true), RememberFor: pointerx.Ptr[int64](0),
+ GrantAccessTokenAudience: rr.RequestedAccessTokenAudience,
+ Session: &hydra.AcceptOAuth2ConsentRequestSession{
+ AccessToken: map[string]interface{}{"foo": "bar"},
+ IdToken: map[string]interface{}{"bar": "baz"},
+ },
+ }).
+ Execute()
+ require.NoError(t, err)
+ require.NotEmpty(t, v.RedirectTo)
+ http.Redirect(w, r, v.RedirectTo, http.StatusFound)
+ }
+ }
+
+ assertRefreshToken := func(t *testing.T, token *oauth2.Token, c *oauth2.Config, expectedExp time.Time) {
+ actualExp, err := strconv.ParseInt(testhelpers.IntrospectToken(t, c, token.RefreshToken, adminTS).Get("exp").String(), 10, 64)
+ require.NoError(t, err)
+ requirex.EqualTime(t, expectedExp, time.Unix(actualExp, 0), time.Second)
+ }
+
+ assertIDToken := func(t *testing.T, token *oauth2.Token, c *oauth2.Config, expectedSubject, expectedNonce string, expectedExp time.Time) gjson.Result {
+ idt, ok := token.Extra("id_token").(string)
+ require.True(t, ok)
+ assert.NotEmpty(t, idt)
+
+ body, err := x.DecodeSegment(strings.Split(idt, ".")[1])
+ require.NoError(t, err)
+
+ claims := gjson.ParseBytes(body)
+ assert.True(t, time.Now().After(time.Unix(claims.Get("iat").Int(), 0)), "%s", claims)
+ assert.True(t, time.Now().After(time.Unix(claims.Get("nbf").Int(), 0)), "%s", claims)
+ assert.True(t, time.Now().Before(time.Unix(claims.Get("exp").Int(), 0)), "%s", claims)
+ requirex.EqualTime(t, expectedExp, time.Unix(claims.Get("exp").Int(), 0), 2*time.Second)
+ assert.NotEmpty(t, claims.Get("jti").String(), "%s", claims)
+ assert.EqualValues(t, reg.Config().IssuerURL(ctx).String(), claims.Get("iss").String(), "%s", claims)
+ assert.NotEmpty(t, claims.Get("sid").String(), "%s", claims)
+ assert.Equal(t, "1", claims.Get("acr").String(), "%s", claims)
+ require.Len(t, claims.Get("amr").Array(), 1, "%s", claims)
+ assert.EqualValues(t, "pwd", claims.Get("amr").Array()[0].String(), "%s", claims)
+
+ require.Len(t, claims.Get("aud").Array(), 1, "%s", claims)
+ assert.EqualValues(t, c.ClientID, claims.Get("aud").Array()[0].String(), "%s", claims)
+ assert.EqualValues(t, expectedSubject, claims.Get("sub").String(), "%s", claims)
+ assert.EqualValues(t, `baz`, claims.Get("bar").String(), "%s", claims)
+
+ return claims
+ }
+
+ introspectAccessToken := func(t *testing.T, conf *oauth2.Config, token *oauth2.Token, expectedSubject string) gjson.Result {
+ require.NotEmpty(t, token.AccessToken)
+ i := testhelpers.IntrospectToken(t, conf, token.AccessToken, adminTS)
+ assert.True(t, i.Get("active").Bool(), "%s", i)
+ assert.EqualValues(t, conf.ClientID, i.Get("client_id").String(), "%s", i)
+ assert.EqualValues(t, expectedSubject, i.Get("sub").String(), "%s", i)
+ assert.EqualValues(t, `bar`, i.Get("ext.foo").String(), "%s", i)
+ return i
+ }
+
+ assertJWTAccessToken := func(t *testing.T, strat string, conf *oauth2.Config, token *oauth2.Token, expectedSubject string, expectedExp time.Time, scopes string) gjson.Result {
+ require.NotEmpty(t, token.AccessToken)
+ parts := strings.Split(token.AccessToken, ".")
+ if strat != "jwt" {
+ require.Len(t, parts, 2)
+ return gjson.Parse("null")
+ }
+ require.Len(t, parts, 3)
+
+ body, err := x.DecodeSegment(parts[1])
+ require.NoError(t, err)
+
+ i := gjson.ParseBytes(body)
+ assert.NotEmpty(t, i.Get("jti").String())
+ assert.EqualValues(t, conf.ClientID, i.Get("client_id").String(), "%s", i)
+ assert.EqualValues(t, expectedSubject, i.Get("sub").String(), "%s", i)
+ assert.EqualValues(t, reg.Config().IssuerURL(ctx).String(), i.Get("iss").String(), "%s", i)
+ assert.True(t, time.Now().After(time.Unix(i.Get("iat").Int(), 0)), "%s", i)
+ assert.True(t, time.Now().After(time.Unix(i.Get("nbf").Int(), 0)), "%s", i)
+ assert.True(t, time.Now().Before(time.Unix(i.Get("exp").Int(), 0)), "%s", i)
+ requirex.EqualTime(t, expectedExp, time.Unix(i.Get("exp").Int(), 0), time.Second)
+ assert.EqualValues(t, `bar`, i.Get("ext.foo").String(), "%s", i)
+ assert.EqualValues(t, scopes, i.Get("scp").Raw, "%s", i)
+ return i
+ }
+
+ waitForRefreshTokenExpiry := func() {
+ time.Sleep(reg.Config().GetRefreshTokenLifespan(ctx) + time.Second)
+ }
+
+ t.Run("case=checks if request fails when audience does not match", func(t *testing.T) {
+ testhelpers.NewLoginConsentUI(t, reg.Config(), testhelpers.HTTPServerNoExpectedCallHandler(t), testhelpers.HTTPServerNoExpectedCallHandler(t))
+ _, conf := newDeviceClient(t, reg)
+ resp, err := getDeviceCode(t, conf, nil, oauth2.SetAuthURLParam("audience", "https://not-ory-api/"))
+ require.Error(t, err)
+ devErr := err.(*oauth2.RetrieveError)
+ require.Nil(t, resp)
+ require.Equal(t, devErr.Response.StatusCode, http.StatusBadRequest)
+ })
+
+ subject := "aeneas-rekkas"
+ nonce := uuid.New()
+ t.Run("case=perform device flow with ID token and refresh tokens", func(t *testing.T) {
+ run := func(t *testing.T, strategy string) {
+ c, conf := newDeviceClient(t, reg)
+ testhelpers.NewDeviceLoginConsentUI(t, reg.Config(),
+ acceptDeviceHandler(t, c),
+ acceptLoginHandler(t, c, subject, nil),
+ acceptConsentHandler(t, c, subject, nil),
+ )
+
+ resp, err := getDeviceCode(t, conf, nil)
+ require.NoError(t, err)
+ require.NotEmpty(t, resp.DeviceCode)
+ require.NotEmpty(t, resp.UserCode)
+ loginFlowResp := acceptUserCode(t, conf, nil, resp)
+ require.NotNil(t, loginFlowResp)
+ token, err := conf.DeviceAccessToken(context.Background(), resp)
+ iat := time.Now()
+ require.NoError(t, err)
+
+ assert.Empty(t, token.Extra("c_nonce_draft_00"), "should not be set if not requested")
+ assert.Empty(t, token.Extra("c_nonce_expires_in_draft_00"), "should not be set if not requested")
+ introspectAccessToken(t, conf, token, subject)
+ assertJWTAccessToken(t, strategy, conf, token, subject, iat.Add(reg.Config().GetAccessTokenLifespan(ctx)), `["hydra","offline","openid"]`)
+ assertIDToken(t, token, conf, subject, nonce, iat.Add(reg.Config().GetIDTokenLifespan(ctx)))
+ assertRefreshToken(t, token, conf, iat.Add(reg.Config().GetRefreshTokenLifespan(ctx)))
+
+ t.Run("followup=successfully perform refresh token flow", func(t *testing.T) {
+ require.NotEmpty(t, token.RefreshToken)
+ token.Expiry = token.Expiry.Add(-time.Hour * 24)
+ iat = time.Now()
+ refreshedToken, err := conf.TokenSource(context.Background(), token).Token()
+ require.NoError(t, err)
+
+ require.NotEqual(t, token.AccessToken, refreshedToken.AccessToken)
+ require.NotEqual(t, token.RefreshToken, refreshedToken.RefreshToken)
+ require.NotEqual(t, token.Extra("id_token"), refreshedToken.Extra("id_token"))
+ introspectAccessToken(t, conf, refreshedToken, subject)
+
+ t.Run("followup=refreshed tokens contain valid tokens", func(t *testing.T) {
+ assertJWTAccessToken(t, strategy, conf, refreshedToken, subject, iat.Add(reg.Config().GetAccessTokenLifespan(ctx)), `["hydra","offline","openid"]`)
+ assertIDToken(t, refreshedToken, conf, subject, nonce, iat.Add(reg.Config().GetIDTokenLifespan(ctx)))
+ assertRefreshToken(t, refreshedToken, conf, iat.Add(reg.Config().GetRefreshTokenLifespan(ctx)))
+ })
+
+ t.Run("followup=original access token is no longer valid", func(t *testing.T) {
+ i := testhelpers.IntrospectToken(t, conf, token.AccessToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+ })
+
+ t.Run("followup=original refresh token is no longer valid", func(t *testing.T) {
+ _, err := conf.TokenSource(context.Background(), token).Token()
+ assert.Error(t, err)
+ })
+
+ t.Run("followup=but fail subsequent refresh because expiry was reached", func(t *testing.T) {
+ waitForRefreshTokenExpiry()
+
+ // Force golang to refresh token
+ refreshedToken.Expiry = refreshedToken.Expiry.Add(-time.Hour * 24)
+ _, err := conf.TokenSource(context.Background(), refreshedToken).Token()
+ require.Error(t, err)
+ })
+ })
+ }
+
+ t.Run("strategy=jwt", func(t *testing.T) {
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "jwt")
+ run(t, "jwt")
+ })
+
+ t.Run("strategy=opaque", func(t *testing.T) {
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
+ run(t, "opaque")
+ })
+ })
+ t.Run("case=perform flow with audience", func(t *testing.T) {
+ expectAud := "https://api.ory.sh/"
+ c, conf := newDeviceClient(t, reg)
+ testhelpers.NewDeviceLoginConsentUI(
+ t,
+ reg.Config(),
+ acceptDeviceHandler(t, c),
+ acceptLoginHandler(t, c, subject, func(r *hydra.OAuth2LoginRequest) *hydra.AcceptOAuth2LoginRequest {
+ assert.False(t, r.Skip)
+ assert.EqualValues(t, []string{expectAud}, r.RequestedAccessTokenAudience)
+ return nil
+ }),
+ acceptConsentHandler(t, c, subject, func(r *hydra.OAuth2ConsentRequest) {
+ assert.False(t, *r.Skip)
+ assert.EqualValues(t, []string{expectAud}, r.RequestedAccessTokenAudience)
+ }),
+ )
+
+ resp, err := getDeviceCode(t, conf, nil, oauth2.SetAuthURLParam("audience", "https://api.ory.sh/"))
+ require.NoError(t, err)
+ require.NotEmpty(t, resp.DeviceCode)
+ require.NotEmpty(t, resp.UserCode)
+ loginFlowResp := acceptUserCode(t, conf, nil, resp)
+ require.NotNil(t, loginFlowResp)
+
+ token, err := conf.DeviceAccessToken(context.Background(), resp)
+ require.NoError(t, err)
+
+ claims := introspectAccessToken(t, conf, token, subject)
+ aud := claims.Get("aud").Array()
+ require.Len(t, aud, 1)
+ assert.EqualValues(t, aud[0].String(), expectAud)
+
+ assertIDToken(t, token, conf, subject, nonce, time.Now().Add(reg.Config().GetIDTokenLifespan(ctx)))
+ })
+
+ t.Run("case=respects client token lifespan configuration", func(t *testing.T) {
+ run := func(t *testing.T, strategy string, c *client.Client, conf *oauth2.Config, expectedLifespans client.Lifespans) {
+ testhelpers.NewDeviceLoginConsentUI(
+ t,
+ reg.Config(),
+ acceptDeviceHandler(t, c),
+ acceptLoginHandler(t, c, subject, nil),
+ acceptConsentHandler(t, c, subject, nil),
+ )
+
+ resp, err := getDeviceCode(t, conf, nil)
+ require.NoError(t, err)
+ require.NotEmpty(t, resp.DeviceCode)
+ require.NotEmpty(t, resp.UserCode)
+ loginFlowResp := acceptUserCode(t, conf, nil, resp)
+ require.NotNil(t, loginFlowResp)
+
+ token, err := conf.DeviceAccessToken(context.Background(), resp)
+ iat := time.Now()
+ require.NoError(t, err)
+
+ body := introspectAccessToken(t, conf, token, subject)
+ requirex.EqualTime(t, iat.Add(expectedLifespans.DeviceAuthorizationGrantAccessTokenLifespan.Duration), time.Unix(body.Get("exp").Int(), 0), time.Second)
+
+ assertJWTAccessToken(t, strategy, conf, token, subject, iat.Add(expectedLifespans.DeviceAuthorizationGrantAccessTokenLifespan.Duration), `["hydra","offline","openid"]`)
+ assertIDToken(t, token, conf, subject, nonce, iat.Add(expectedLifespans.DeviceAuthorizationGrantIDTokenLifespan.Duration))
+ assertRefreshToken(t, token, conf, iat.Add(expectedLifespans.DeviceAuthorizationGrantRefreshTokenLifespan.Duration))
+
+ t.Run("followup=successfully perform refresh token flow", func(t *testing.T) {
+ require.NotEmpty(t, token.RefreshToken)
+ token.Expiry = token.Expiry.Add(-time.Hour * 24)
+ refreshedToken, err := conf.TokenSource(context.Background(), token).Token()
+ iat = time.Now()
+ require.NoError(t, err)
+ assertRefreshToken(t, refreshedToken, conf, iat.Add(expectedLifespans.RefreshTokenGrantRefreshTokenLifespan.Duration))
+ assertJWTAccessToken(t, strategy, conf, refreshedToken, subject, iat.Add(expectedLifespans.RefreshTokenGrantAccessTokenLifespan.Duration), `["hydra","offline","openid"]`)
+ assertIDToken(t, refreshedToken, conf, subject, nonce, iat.Add(expectedLifespans.RefreshTokenGrantIDTokenLifespan.Duration))
+
+ require.NotEqual(t, token.AccessToken, refreshedToken.AccessToken)
+ require.NotEqual(t, token.RefreshToken, refreshedToken.RefreshToken)
+ require.NotEqual(t, token.Extra("id_token"), refreshedToken.Extra("id_token"))
+
+ body := introspectAccessToken(t, conf, refreshedToken, subject)
+ requirex.EqualTime(t, iat.Add(expectedLifespans.RefreshTokenGrantAccessTokenLifespan.Duration), time.Unix(body.Get("exp").Int(), 0), time.Second)
+
+ t.Run("followup=original access token is no longer valid", func(t *testing.T) {
+ i := testhelpers.IntrospectToken(t, conf, token.AccessToken, adminTS)
+ assert.False(t, i.Get("active").Bool(), "%s", i)
+ })
+
+ t.Run("followup=original refresh token is no longer valid", func(t *testing.T) {
+ _, err := conf.TokenSource(context.Background(), token).Token()
+ assert.Error(t, err)
+ })
+ })
+ }
+
+ t.Run("case=custom-lifespans-active-jwt", func(t *testing.T) {
+ c, conf := newDeviceClient(t, reg)
+ ls := testhelpers.TestLifespans
+ ls.DeviceAuthorizationGrantAccessTokenLifespan = x.NullDuration{Valid: true, Duration: 6 * time.Second}
+ testhelpers.UpdateClientTokenLifespans(
+ t,
+ &oauth2.Config{ClientID: c.GetID(), ClientSecret: conf.ClientSecret},
+ c.GetID(),
+ ls, adminTS,
+ )
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "jwt")
+ run(t, "jwt", c, conf, ls)
+ })
+
+ t.Run("case=custom-lifespans-active-opaque", func(t *testing.T) {
+ c, conf := newDeviceClient(t, reg)
+ ls := testhelpers.TestLifespans
+ ls.DeviceAuthorizationGrantAccessTokenLifespan = x.NullDuration{Valid: true, Duration: 6 * time.Second}
+ testhelpers.UpdateClientTokenLifespans(
+ t,
+ &oauth2.Config{ClientID: c.GetID(), ClientSecret: conf.ClientSecret},
+ c.GetID(),
+ ls, adminTS,
+ )
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
+ run(t, "opaque", c, conf, ls)
+ })
+
+ t.Run("case=custom-lifespans-unset", func(t *testing.T) {
+ c, conf := newDeviceClient(t, reg)
+ testhelpers.UpdateClientTokenLifespans(t, &oauth2.Config{ClientID: c.GetID(), ClientSecret: conf.ClientSecret}, c.GetID(), testhelpers.TestLifespans, adminTS)
+ testhelpers.UpdateClientTokenLifespans(t, &oauth2.Config{ClientID: c.GetID(), ClientSecret: conf.ClientSecret}, c.GetID(), client.Lifespans{}, adminTS)
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "opaque")
+
+ //goland:noinspection GoDeprecation
+ expectedLifespans := client.Lifespans{
+ AuthorizationCodeGrantAccessTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetAccessTokenLifespan(ctx)},
+ AuthorizationCodeGrantIDTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetIDTokenLifespan(ctx)},
+ AuthorizationCodeGrantRefreshTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetRefreshTokenLifespan(ctx)},
+ ClientCredentialsGrantAccessTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetAccessTokenLifespan(ctx)},
+ ImplicitGrantAccessTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetAccessTokenLifespan(ctx)},
+ ImplicitGrantIDTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetIDTokenLifespan(ctx)},
+ JwtBearerGrantAccessTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetAccessTokenLifespan(ctx)},
+ PasswordGrantAccessTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetAccessTokenLifespan(ctx)},
+ PasswordGrantRefreshTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetRefreshTokenLifespan(ctx)},
+ RefreshTokenGrantIDTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetIDTokenLifespan(ctx)},
+ RefreshTokenGrantAccessTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetAccessTokenLifespan(ctx)},
+ RefreshTokenGrantRefreshTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetRefreshTokenLifespan(ctx)},
+ DeviceAuthorizationGrantIDTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetIDTokenLifespan(ctx)},
+ DeviceAuthorizationGrantAccessTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetAccessTokenLifespan(ctx)},
+ DeviceAuthorizationGrantRefreshTokenLifespan: x.NullDuration{Valid: true, Duration: reg.Config().GetRefreshTokenLifespan(ctx)},
+ }
+ run(t, "opaque", c, conf, expectedLifespans)
+ })
+ })
+}
+
+func newDeviceClient(
+ t *testing.T,
+ reg interface {
+ config.Provider
+ client.Registry
+ },
+ opts ...func(*client.Client),
+) (*client.Client, *oauth2.Config) {
+ ctx := context.Background()
+ c := &client.Client{
+ GrantTypes: []string{
+ "refresh_token",
+ "urn:ietf:params:oauth:grant-type:device_code",
+ },
+ Scope: "hydra offline openid",
+ Audience: []string{"https://api.ory.sh/"},
+ TokenEndpointAuthMethod: "none",
+ }
+
+ // apply options
+ for _, o := range opts {
+ o(c)
+ }
+
+ require.NoError(t, reg.ClientManager().CreateClient(ctx, c))
+ return c, &oauth2.Config{
+ ClientID: c.GetID(),
+ Endpoint: oauth2.Endpoint{
+ DeviceAuthURL: reg.Config().OAuth2DeviceAuthorisationURL(ctx).String(),
+ TokenURL: reg.Config().OAuth2TokenURL(ctx).String(),
+ AuthStyle: oauth2.AuthStyleInHeader,
+ },
+ Scopes: strings.Split(c.Scope, " "),
+ }
+}
diff --git a/oauth2/oauth2_helper_test.go b/oauth2/oauth2_helper_test.go
index 52a30e5975e..769679ec17e 100644
--- a/oauth2/oauth2_helper_test.go
+++ b/oauth2/oauth2_helper_test.go
@@ -46,6 +46,27 @@ func (c *consentMock) HandleOAuth2AuthorizationRequest(ctx context.Context, w ht
}, nil, nil
}
+func (c *consentMock) HandleOAuth2DeviceAuthorizationRequest(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.AcceptOAuth2ConsentRequest, *flow.Flow, error) {
+ if c.deny {
+ return nil, nil, fosite.ErrRequestForbidden
+ }
+
+ return &flow.AcceptOAuth2ConsentRequest{
+ ConsentRequest: &flow.OAuth2ConsentRequest{
+ Subject: "foo",
+ ACR: "1",
+ DeviceChallenge: "12345",
+ },
+ AuthenticatedAt: sqlxx.NullTime(c.authTime),
+ GrantedScope: []string{"offline", "openid", "hydra.*"},
+ Session: &flow.AcceptOAuth2ConsentRequestSession{
+ AccessToken: map[string]interface{}{},
+ IDToken: map[string]interface{}{},
+ },
+ RequestedAt: c.requestTime,
+ }, nil, nil
+}
+
func (c *consentMock) HandleOpenIDConnectLogout(ctx context.Context, w http.ResponseWriter, r *http.Request) (*flow.LogoutResult, error) {
panic("not implemented")
}
diff --git a/oauth2/oauth2_jwt_bearer_test.go b/oauth2/oauth2_jwt_bearer_test.go
index 3931b72ac2b..e9e7ddf9120 100644
--- a/oauth2/oauth2_jwt_bearer_test.go
+++ b/oauth2/oauth2_jwt_bearer_test.go
@@ -326,7 +326,11 @@ func TestJWTBearer(t *testing.T) {
expectedGrantedScopes := []string{client.Scope}
expectedGrantedAudience := []string{audience}
- expectedPayload := map[string][]string(map[string][]string{"assertion": {token}})
+ expectedPayload := map[string][]string{
+ "assertion": {token},
+ "grant_type": {"urn:ietf:params:oauth:grant-type:jwt-bearer"},
+ "scope": {"offline_access"},
+ }
var hookReq hydraoauth2.TokenHookRequest
require.NoError(t, json.NewDecoder(r.Body).Decode(&hookReq))
@@ -335,7 +339,7 @@ func TestJWTBearer(t *testing.T) {
require.NotEmpty(t, hookReq.Request)
require.ElementsMatch(t, hookReq.Request.GrantedScopes, expectedGrantedScopes)
require.ElementsMatch(t, hookReq.Request.GrantedAudience, expectedGrantedAudience)
- require.Equal(t, hookReq.Request.Payload, expectedPayload)
+ require.Equal(t, expectedPayload, hookReq.Request.Payload)
claims := map[string]interface{}{
"hooked": true,
@@ -401,7 +405,12 @@ func TestJWTBearer(t *testing.T) {
expectedGrantedScopes := []string{client.Scope}
expectedGrantedAudience := []string{audience}
- expectedPayload := map[string][]string(map[string][]string{"assertion": {token}})
+ expectedPayload := map[string][]string{
+ "assertion": {token},
+ "client_id": {client.GetID()},
+ "grant_type": {"urn:ietf:params:oauth:grant-type:jwt-bearer"},
+ "scope": {"offline_access"},
+ }
var hookReq hydraoauth2.TokenHookRequest
require.NoError(t, json.NewDecoder(r.Body).Decode(&hookReq))
diff --git a/oauth2/oauth2_provider_mock_test.go b/oauth2/oauth2_provider_mock_test.go
index 83d584eb12f..7dd35e6a157 100644
--- a/oauth2/oauth2_provider_mock_test.go
+++ b/oauth2/oauth2_provider_mock_test.go
@@ -1,4 +1,4 @@
-// Copyright © 2022 Ory Corp
+// Copyright © 2024 Ory Corp
// SPDX-License-Identifier: Apache-2.0
// Code generated by MockGen. DO NOT EDIT.
@@ -121,6 +121,36 @@ func (mr *MockOAuth2ProviderMockRecorder) NewAuthorizeResponse(arg0, arg1, arg2
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewAuthorizeResponse", reflect.TypeOf((*MockOAuth2Provider)(nil).NewAuthorizeResponse), arg0, arg1, arg2)
}
+// NewDeviceRequest mocks base method.
+func (m *MockOAuth2Provider) NewDeviceRequest(arg0 context.Context, arg1 *http.Request) (fosite.DeviceRequester, error) {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "NewDeviceRequest", arg0, arg1)
+ ret0, _ := ret[0].(fosite.DeviceRequester)
+ ret1, _ := ret[1].(error)
+ return ret0, ret1
+}
+
+// NewDeviceRequest indicates an expected call of NewDeviceRequest.
+func (mr *MockOAuth2ProviderMockRecorder) NewDeviceRequest(arg0, arg1 interface{}) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewDeviceRequest", reflect.TypeOf((*MockOAuth2Provider)(nil).NewDeviceRequest), arg0, arg1)
+}
+
+// NewDeviceResponse mocks base method.
+func (m *MockOAuth2Provider) NewDeviceResponse(arg0 context.Context, arg1 fosite.DeviceRequester, arg2 fosite.Session) (fosite.DeviceResponder, error) {
+ m.ctrl.T.Helper()
+ ret := m.ctrl.Call(m, "NewDeviceResponse", arg0, arg1, arg2)
+ ret0, _ := ret[0].(fosite.DeviceResponder)
+ ret1, _ := ret[1].(error)
+ return ret0, ret1
+}
+
+// NewDeviceResponse indicates an expected call of NewDeviceResponse.
+func (mr *MockOAuth2ProviderMockRecorder) NewDeviceResponse(arg0, arg1, arg2 interface{}) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "NewDeviceResponse", reflect.TypeOf((*MockOAuth2Provider)(nil).NewDeviceResponse), arg0, arg1, arg2)
+}
+
// NewIntrospectionRequest mocks base method.
func (m *MockOAuth2Provider) NewIntrospectionRequest(arg0 context.Context, arg1 *http.Request, arg2 fosite.Session) (fosite.IntrospectionResponder, error) {
m.ctrl.T.Helper()
@@ -181,7 +211,7 @@ func (mr *MockOAuth2ProviderMockRecorder) NewRevocationRequest(arg0, arg1 interf
}
// WriteAccessError mocks base method.
-func (m *MockOAuth2Provider) WriteAccessError(arg0 context.Context, arg1 http.ResponseWriter, arg2 fosite.AccessRequester, arg3 error) {
+func (m *MockOAuth2Provider) WriteAccessError(arg0 context.Context, arg1 http.ResponseWriter, arg2 fosite.Requester, arg3 error) {
m.ctrl.T.Helper()
m.ctrl.Call(m, "WriteAccessError", arg0, arg1, arg2, arg3)
}
@@ -228,6 +258,18 @@ func (mr *MockOAuth2ProviderMockRecorder) WriteAuthorizeResponse(arg0, arg1, arg
return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WriteAuthorizeResponse", reflect.TypeOf((*MockOAuth2Provider)(nil).WriteAuthorizeResponse), arg0, arg1, arg2, arg3)
}
+// WriteDeviceResponse mocks base method.
+func (m *MockOAuth2Provider) WriteDeviceResponse(arg0 context.Context, arg1 http.ResponseWriter, arg2 fosite.DeviceRequester, arg3 fosite.DeviceResponder) {
+ m.ctrl.T.Helper()
+ m.ctrl.Call(m, "WriteDeviceResponse", arg0, arg1, arg2, arg3)
+}
+
+// WriteDeviceResponse indicates an expected call of WriteDeviceResponse.
+func (mr *MockOAuth2ProviderMockRecorder) WriteDeviceResponse(arg0, arg1, arg2, arg3 interface{}) *gomock.Call {
+ mr.mock.ctrl.T.Helper()
+ return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "WriteDeviceResponse", reflect.TypeOf((*MockOAuth2Provider)(nil).WriteDeviceResponse), arg0, arg1, arg2, arg3)
+}
+
// WriteIntrospectionError mocks base method.
func (m *MockOAuth2Provider) WriteIntrospectionError(arg0 context.Context, arg1 http.ResponseWriter, arg2 error) {
m.ctrl.T.Helper()
diff --git a/oauth2/oauth2_rop_test.go b/oauth2/oauth2_rop_test.go
index 73946a25539..4adb4904452 100644
--- a/oauth2/oauth2_rop_test.go
+++ b/oauth2/oauth2_rop_test.go
@@ -5,7 +5,11 @@ package oauth2_test
import (
"context"
+ "encoding/json"
+ "net/http"
+ "net/http/httptest"
"testing"
+ "time"
"github.com/google/uuid"
"github.com/stretchr/testify/assert"
@@ -13,12 +17,18 @@ import (
"golang.org/x/oauth2"
"github.com/ory/fosite/compose"
+ "github.com/ory/fosite/token/jwt"
hydra "github.com/ory/hydra/v2/client"
+ "github.com/ory/hydra/v2/driver/config"
+ "github.com/ory/hydra/v2/flow"
"github.com/ory/hydra/v2/fositex"
"github.com/ory/hydra/v2/internal"
"github.com/ory/hydra/v2/internal/kratos"
"github.com/ory/hydra/v2/internal/testhelpers"
+ hydraoauth2 "github.com/ory/hydra/v2/oauth2"
+ "github.com/ory/hydra/v2/x"
"github.com/ory/x/contextx"
+ "github.com/ory/x/sqlxx"
)
func TestResourceOwnerPasswordGrant(t *testing.T) {
@@ -27,12 +37,19 @@ func TestResourceOwnerPasswordGrant(t *testing.T) {
reg := internal.NewMockedRegistry(t, &contextx.Default{})
reg.WithKratos(fakeKratos)
reg.WithExtraFositeFactories([]fositex.Factory{compose.OAuth2ResourceOwnerPasswordCredentialsFactory})
- _, adminTS := testhelpers.NewOAuth2Server(ctx, t, reg)
+ publicTS, adminTS := testhelpers.NewOAuth2Server(ctx, t, reg)
secret := uuid.New().String()
+ audience := sqlxx.StringSliceJSONFormat{"https://aud.example.com"}
client := &hydra.Client{
Secret: secret,
- GrantTypes: []string{"password"},
+ GrantTypes: []string{"password", "refresh_token"},
+ Scope: "offline",
+ Audience: audience,
+ Lifespans: hydra.Lifespans{
+ PasswordGrantAccessTokenLifespan: x.NullDuration{Duration: 1 * time.Hour, Valid: true},
+ PasswordGrantRefreshTokenLifespan: x.NullDuration{Duration: 1 * time.Hour, Valid: true},
+ },
}
require.NoError(t, reg.ClientManager().CreateClient(ctx, client))
@@ -44,15 +61,94 @@ func TestResourceOwnerPasswordGrant(t *testing.T) {
TokenURL: reg.Config().OAuth2TokenURL(ctx).String(),
AuthStyle: oauth2.AuthStyleInHeader,
},
+ Scopes: []string{"offline"},
}
+ hs := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+ assert.Equal(t, r.Header.Get("Content-Type"), "application/json; charset=UTF-8")
+ assert.Equal(t, r.Header.Get("Authorization"), "Bearer secret value")
+
+ var hookReq hydraoauth2.TokenHookRequest
+ require.NoError(t, json.NewDecoder(r.Body).Decode(&hookReq))
+ assert.NotEmpty(t, hookReq.Session)
+ assert.NotEmpty(t, hookReq.Request)
+
+ claims := hookReq.Session.Extra
+ claims["hooked"] = true
+ if hookReq.Request.GrantTypes[0] == "refresh_token" {
+ claims["refreshed"] = true
+ }
+
+ hookResp := hydraoauth2.TokenHookResponse{
+ Session: flow.AcceptOAuth2ConsentRequestSession{
+ AccessToken: claims,
+ IDToken: claims,
+ },
+ }
+
+ w.WriteHeader(http.StatusOK)
+ require.NoError(t, json.NewEncoder(w).Encode(&hookResp))
+ }))
+ defer hs.Close()
+
+ reg.Config().MustSet(ctx, config.KeyTokenHook, &config.HookConfig{
+ URL: hs.URL,
+ Auth: &config.Auth{
+ Type: "api_key",
+ Config: config.AuthConfig{
+ In: "header",
+ Name: "Authorization",
+ Value: "Bearer secret value",
+ },
+ },
+ })
+ reg.Config().MustSet(ctx, config.KeyAccessTokenStrategy, "jwt")
+
t.Run("case=get ROP grant token with valid username and password", func(t *testing.T) {
token, err := oauth2Config.PasswordCredentialsToken(ctx, kratos.FakeUsername, kratos.FakePassword)
require.NoError(t, err)
require.NotEmpty(t, token.AccessToken)
- i := testhelpers.IntrospectToken(t, oauth2Config, token.AccessToken, adminTS)
- assert.True(t, i.Get("active").Bool(), "%s", i)
- assert.EqualValues(t, oauth2Config.ClientID, i.Get("client_id").String(), "%s", i)
+
+ // Access token should have hook and identity_id claims
+ jwtAT, err := jwt.Parse(token.AccessToken, func(token *jwt.Token) (interface{}, error) {
+ return reg.AccessTokenJWTStrategy().GetPublicKey(ctx)
+ })
+ require.NoError(t, err)
+ assert.Equal(t, kratos.FakeUsername, jwtAT.Claims["ext"].(map[string]any)["username"])
+ assert.Equal(t, kratos.FakeIdentityID, jwtAT.Claims["sub"])
+ assert.Equal(t, publicTS.URL, jwtAT.Claims["iss"])
+ assert.True(t, jwtAT.Claims["ext"].(map[string]any)["hooked"].(bool))
+ assert.ElementsMatch(t, audience, jwtAT.Claims["aud"])
+
+ t.Run("case=introspect token", func(t *testing.T) {
+ // Introspected token should have hook and identity_id claims
+ i := testhelpers.IntrospectToken(t, oauth2Config, token.AccessToken, adminTS)
+ assert.True(t, i.Get("active").Bool(), "%s", i)
+ assert.Equal(t, kratos.FakeUsername, i.Get("ext.username").String(), "%s", i)
+ assert.Equal(t, kratos.FakeIdentityID, i.Get("sub").String(), "%s", i)
+ assert.True(t, i.Get("ext.hooked").Bool(), "%s", i)
+ assert.EqualValues(t, oauth2Config.ClientID, i.Get("client_id").String(), "%s", i)
+ })
+
+ t.Run("case=refresh token", func(t *testing.T) {
+ // Refreshed access token should have hook and identity_id claims
+ require.NotEmpty(t, token.RefreshToken)
+ token.Expiry = token.Expiry.Add(-time.Hour * 24)
+ refreshedToken, err := oauth2Config.TokenSource(context.Background(), token).Token()
+ require.NoError(t, err)
+
+ require.NotEqual(t, token.AccessToken, refreshedToken.AccessToken)
+ require.NotEqual(t, token.RefreshToken, refreshedToken.RefreshToken)
+
+ jwtAT, err := jwt.Parse(refreshedToken.AccessToken, func(token *jwt.Token) (interface{}, error) {
+ return reg.AccessTokenJWTStrategy().GetPublicKey(ctx)
+ })
+ require.NoError(t, err)
+ assert.Equal(t, kratos.FakeIdentityID, jwtAT.Claims["sub"])
+ assert.Equal(t, kratos.FakeUsername, jwtAT.Claims["ext"].(map[string]any)["username"])
+ assert.True(t, jwtAT.Claims["ext"].(map[string]any)["hooked"].(bool))
+ assert.True(t, jwtAT.Claims["ext"].(map[string]any)["refreshed"].(bool))
+ })
})
t.Run("case=access denied for invalid password", func(t *testing.T) {
diff --git a/oauth2/registry.go b/oauth2/registry.go
index 52f9f7bb9bf..ffb7b642541 100644
--- a/oauth2/registry.go
+++ b/oauth2/registry.go
@@ -6,11 +6,13 @@ package oauth2
import (
"github.com/ory/fosite"
"github.com/ory/fosite/handler/openid"
+ "github.com/ory/fosite/handler/rfc8628"
"github.com/ory/hydra/v2/aead"
"github.com/ory/hydra/v2/client"
"github.com/ory/hydra/v2/consent"
"github.com/ory/hydra/v2/jwk"
"github.com/ory/hydra/v2/oauth2/trust"
+ "github.com/ory/hydra/v2/persistence"
"github.com/ory/hydra/v2/x"
)
@@ -21,6 +23,7 @@ type InternalRegistry interface {
x.RegistryWriter
x.RegistryLogger
consent.Registry
+ persistence.Provider
Registry
FlowCipher() *aead.XChaCha20Poly1305
}
@@ -33,4 +36,5 @@ type Registry interface {
OpenIDConnectRequestValidator() *openid.OpenIDConnectRequestValidator
AccessRequestHooks() []AccessRequestHook
OAuth2ProviderConfig() fosite.Configurator
+ RFC8628HMACStrategy() rfc8628.RFC8628CodeStrategy
}
diff --git a/oauth2/revocator_test.go b/oauth2/revocator_test.go
index 71b85e63ea2..4ad0be8cac7 100644
--- a/oauth2/revocator_test.go
+++ b/oauth2/revocator_test.go
@@ -125,7 +125,7 @@ func TestRevoke(t *testing.T) {
},
} {
t.Run(fmt.Sprintf("case=%d", k), func(t *testing.T) {
- _, err := client.OAuth2Api.RevokeOAuth2Token(
+ _, err := client.OAuth2API.RevokeOAuth2Token(
context.WithValue(
context.Background(),
hydra.ContextBasicAuth,
diff --git a/oauth2/session.go b/oauth2/session.go
index 7908246029f..0630cb09142 100644
--- a/oauth2/session.go
+++ b/oauth2/session.go
@@ -4,22 +4,21 @@
package oauth2
import (
+ "bytes"
"context"
- "encoding/json"
"time"
+ jjson "github.com/go-jose/go-jose/v3/json"
+ "github.com/mohae/deepcopy"
"github.com/pkg/errors"
"github.com/tidwall/gjson"
"github.com/tidwall/sjson"
- "github.com/mohae/deepcopy"
-
"github.com/ory/fosite"
"github.com/ory/fosite/handler/openid"
"github.com/ory/fosite/token/jwt"
"github.com/ory/hydra/v2/driver/config"
"github.com/ory/hydra/v2/flow"
-
"github.com/ory/x/logrusx"
"github.com/ory/x/stringslice"
)
@@ -60,25 +59,25 @@ func NewSessionWithCustomClaims(ctx context.Context, p *config.DefaultProvider,
}
func (s *Session) GetJWTClaims() jwt.JWTClaimsContainer {
- //a slice of claims that are reserved and should not be overridden
- var reservedClaims = []string{"iss", "sub", "aud", "exp", "nbf", "iat", "jti", "client_id", "scp", "ext"}
+ // a slice of claims that are reserved and should not be overridden
+ reservedClaims := []string{"iss", "sub", "aud", "exp", "nbf", "iat", "jti", "client_id", "scp", "ext"}
- //remove any reserved claims from the custom claims
+ // remove any reserved claims from the custom claims
allowedClaimsFromConfigWithoutReserved := stringslice.Filter(s.AllowedTopLevelClaims, func(s string) bool {
return stringslice.Has(reservedClaims, s)
})
- //our new extra map which will be added to the jwt
- var topLevelExtraWithMirrorExt = map[string]interface{}{}
+ // our new extra map which will be added to the jwt
+ topLevelExtraWithMirrorExt := map[string]interface{}{}
- //setting every allowed claim top level in jwt with respective value
+ // setting every allowed claim top level in jwt with respective value
for _, allowedClaim := range allowedClaimsFromConfigWithoutReserved {
if cl, ok := s.Extra[allowedClaim]; ok {
topLevelExtraWithMirrorExt[allowedClaim] = cl
}
}
- //for every other claim that was already reserved and for mirroring, add original extra under "ext"
+ // for every other claim that was already reserved and for mirroring, add original extra under "ext"
if s.MirrorTopLevelClaims {
topLevelExtraWithMirrorExt["ext"] = s.Extra
}
@@ -86,7 +85,7 @@ func (s *Session) GetJWTClaims() jwt.JWTClaimsContainer {
claims := &jwt.JWTClaims{
Subject: s.Subject,
Issuer: s.DefaultSession.Claims.Issuer,
- //set our custom extra map as claims.Extra
+ // set our custom extra map as claims.Extra
Extra: topLevelExtraWithMirrorExt,
ExpiresAt: s.GetExpiresAt(fosite.AccessToken),
IssuedAt: time.Now(),
@@ -185,10 +184,27 @@ func (s *Session) UnmarshalJSON(original []byte) (err error) {
}
}
+ // https://github.com/go-jose/go-jose/issues/144
+ dec := jjson.NewDecoder(bytes.NewReader(transformed))
+ dec.SetNumberType(jjson.UnmarshalIntOrFloat)
type t Session
- if err := json.Unmarshal(transformed, (*t)(s)); err != nil {
+ if err := dec.Decode((*t)(s)); err != nil {
return errors.WithStack(err)
}
return nil
}
+
+// GetExtraClaims implements ExtraClaimsSession for Session.
+// The returned value can be modified in-place.
+func (s *Session) GetExtraClaims() map[string]interface{} {
+ if s == nil {
+ return nil
+ }
+
+ if s.Extra == nil {
+ s.Extra = make(map[string]interface{})
+ }
+
+ return s.Extra
+}
diff --git a/oauth2/session_test.go b/oauth2/session_test.go
index 146f018db7b..461d753581a 100644
--- a/oauth2/session_test.go
+++ b/oauth2/session_test.go
@@ -49,7 +49,8 @@ func TestUnmarshalSession(t *testing.T) {
AuthenticationMethodsReferences: []string{},
CodeHash: "",
Extra: map[string]interface{}{
- "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d",
+ "sid": "177e1f44-a1e9-415c-bfa3-8b62280b182d",
+ "timestamp": 1723546027,
},
},
Headers: &jwt.Headers{Extra: map[string]interface{}{
@@ -85,7 +86,7 @@ func TestUnmarshalSession(t *testing.T) {
snapshotx.SnapshotTExcept(t, &actual, nil)
})
- t.Run("v1.11.9", func(t *testing.T) {
+ t.Run("v1.11.9" /* and later versions */, func(t *testing.T) {
var actual Session
require.NoError(t, json.Unmarshal(v1119Session, &actual))
assertx.EqualAsJSON(t, expect, &actual)
diff --git a/oauth2/trust/handler_test.go b/oauth2/trust/handler_test.go
index ea2460fe7c9..daacc8ed282 100644
--- a/oauth2/trust/handler_test.go
+++ b/oauth2/trust/handler_test.go
@@ -100,7 +100,7 @@ func (s *HandlerTestSuite) TestGrantCanBeCreatedAndFetched() {
model := createRequestParams
ctx := context.Background()
- createResult, _, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(ctx).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ createResult, _, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(ctx).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().NoError(err, "no errors expected on grant creation")
s.NotEmpty(createResult.Id, " grant id expected to be non-empty")
s.Equal(model.Issuer, *createResult.Issuer, "issuer must match")
@@ -110,7 +110,7 @@ func (s *HandlerTestSuite) TestGrantCanBeCreatedAndFetched() {
s.Equal(model.Jwk.Kid, *createResult.PublicKey.Kid, "public key id must match")
s.Equal(model.ExpiresAt.Round(time.Second).UTC().String(), createResult.ExpiresAt.Round(time.Second).UTC().String(), "expiration date must match")
- getResult, _, err := s.hydraClient.OAuth2Api.GetTrustedOAuth2JwtGrantIssuer(ctx, *createResult.Id).Execute()
+ getResult, _, err := s.hydraClient.OAuth2API.GetTrustedOAuth2JwtGrantIssuer(ctx, *createResult.Id).Execute()
s.Require().NoError(err, "no errors expected on grant fetching")
s.Equal(*createResult.Id, *getResult.Id, " grant id must match")
s.Equal(model.Issuer, *getResult.Issuer, "issuer must match")
@@ -131,15 +131,15 @@ func (s *HandlerTestSuite) TestGrantCanNotBeCreatedWithSameIssuerSubjectKey() {
)
ctx := context.Background()
- _, _, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(ctx).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(ctx).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().NoError(err, "no errors expected on grant creation")
- _, _, err = s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(ctx).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err = s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(ctx).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().Error(err, "expected error, because grant with same issuer+subject+kid exists")
kid := uuid.New().String()
createRequestParams.Jwk.Kid = kid
- _, _, err = s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(ctx).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err = s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(ctx).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.NoError(err, "no errors expected on grant creation, because kid is now different")
}
@@ -152,7 +152,7 @@ func (s *HandlerTestSuite) TestGrantCanNotBeCreatedWithSubjectAndAnySubject() {
time.Now().Add(time.Hour),
)
- _, _, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().Error(err, "expected error, because a grant with a subject and allow_any_subject cannot be created")
}
@@ -167,7 +167,7 @@ func (s *HandlerTestSuite) TestGrantCanNotBeCreatedWithUnknownJWK() {
Scope: []string{"openid", "offline", "profile"},
}
- _, res, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, res, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Assert().Equal(http.StatusBadRequest, res.StatusCode)
body, _ := io.ReadAll(res.Body)
s.Contains(gjson.GetBytes(body, "error_description").String(), "unknown json web key type")
@@ -183,7 +183,7 @@ func (s *HandlerTestSuite) TestGrantCanNotBeCreatedWithMissingFields() {
time.Now().Add(time.Hour),
)
- _, _, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().Error(err, "expected error, because grant missing issuer")
createRequestParams = s.newCreateJwtBearerGrantParams(
@@ -194,7 +194,7 @@ func (s *HandlerTestSuite) TestGrantCanNotBeCreatedWithMissingFields() {
time.Now().Add(time.Hour),
)
- _, _, err = s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err = s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().Error(err, "expected error, because grant missing subject")
createRequestParams = s.newCreateJwtBearerGrantParams(
@@ -205,7 +205,7 @@ func (s *HandlerTestSuite) TestGrantCanNotBeCreatedWithMissingFields() {
time.Time{},
)
- _, _, err = s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err = s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Error(err, "expected error, because grant missing expiration date")
}
@@ -218,10 +218,10 @@ func (s *HandlerTestSuite) TestGrantPublicCanBeFetched() {
time.Now().Add(time.Hour),
)
- _, _, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().NoError(err, "no error expected on grant creation")
- getResult, _, err := s.hydraClient.JwkApi.GetJsonWebKey(context.Background(), createRequestParams.Issuer, createRequestParams.Jwk.Kid).Execute()
+ getResult, _, err := s.hydraClient.JwkAPI.GetJsonWebKey(context.Background(), createRequestParams.Issuer, createRequestParams.Jwk.Kid).Execute()
s.Require().NoError(err, "no error expected on fetching public key")
s.Equal(createRequestParams.Jwk.Kid, getResult.Keys[0].Kid)
@@ -236,7 +236,7 @@ func (s *HandlerTestSuite) TestGrantWithAnySubjectCanBeCreated() {
time.Now().Add(time.Hour),
)
- grant, _, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ grant, _, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().NoError(err, "no error expected on grant creation")
assert.Empty(s.T(), grant.Subject)
@@ -259,17 +259,17 @@ func (s *HandlerTestSuite) TestGrantListCanBeFetched() {
time.Now().Add(time.Hour),
)
- _, _, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ _, _, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().NoError(err, "no errors expected on grant creation")
- _, _, err = s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams2).Execute()
+ _, _, err = s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams2).Execute()
s.Require().NoError(err, "no errors expected on grant creation")
- getResult, _, err := s.hydraClient.OAuth2Api.ListTrustedOAuth2JwtGrantIssuers(context.Background()).Execute()
+ getResult, _, err := s.hydraClient.OAuth2API.ListTrustedOAuth2JwtGrantIssuers(context.Background()).Execute()
s.Require().NoError(err, "no errors expected on grant list fetching")
s.Len(getResult, 2, "expected to get list of 2 grants")
- getResult, _, err = s.hydraClient.OAuth2Api.ListTrustedOAuth2JwtGrantIssuers(context.Background()).Issuer(createRequestParams2.Issuer).Execute()
+ getResult, _, err = s.hydraClient.OAuth2API.ListTrustedOAuth2JwtGrantIssuers(context.Background()).Issuer(createRequestParams2.Issuer).Execute()
s.Require().NoError(err, "no errors expected on grant list fetching")
s.Len(getResult, 1, "expected to get list of 1 grant, when filtering by issuer")
@@ -285,13 +285,13 @@ func (s *HandlerTestSuite) TestGrantCanBeDeleted() {
time.Now().Add(time.Hour),
)
- createResult, _, err := s.hydraClient.OAuth2Api.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
+ createResult, _, err := s.hydraClient.OAuth2API.TrustOAuth2JwtGrantIssuer(context.Background()).TrustOAuth2JwtGrantIssuer(createRequestParams).Execute()
s.Require().NoError(err, "no errors expected on grant creation")
- _, err = s.hydraClient.OAuth2Api.DeleteTrustedOAuth2JwtGrantIssuer(context.Background(), *createResult.Id).Execute()
+ _, err = s.hydraClient.OAuth2API.DeleteTrustedOAuth2JwtGrantIssuer(context.Background(), *createResult.Id).Execute()
s.Require().NoError(err, "no errors expected on grant deletion")
- _, err = s.hydraClient.OAuth2Api.DeleteTrustedOAuth2JwtGrantIssuer(context.Background(), *createResult.Id).Execute()
+ _, err = s.hydraClient.OAuth2API.DeleteTrustedOAuth2JwtGrantIssuer(context.Background(), *createResult.Id).Execute()
s.Error(err, "expected error, because grant has been already deleted")
}
diff --git a/openapitools.json b/openapitools.json
index 54d00804a3d..64f2cbb5416 100644
--- a/openapitools.json
+++ b/openapitools.json
@@ -2,6 +2,6 @@
"$schema": "node_modules/@openapitools/openapi-generator-cli/config.schema.json",
"spaces": 2,
"generator-cli": {
- "version": "6.0.1"
+ "version": "7.2.0"
}
}
diff --git a/package-lock.json b/package-lock.json
index 374d7799f89..c63a282ff4d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -8,7 +8,7 @@
"name": "@oryd/hydra",
"version": "0.0.0",
"dependencies": {
- "@openapitools/openapi-generator-cli": "^2.6.0",
+ "@openapitools/openapi-generator-cli": "^2.13.5",
"conventional-changelog-cli": "~2.2.2",
"doctoc": "^2.2.1"
},
@@ -288,27 +288,29 @@
}
},
"node_modules/@openapitools/openapi-generator-cli": {
- "version": "2.6.0",
- "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.6.0.tgz",
- "integrity": "sha512-M/aOpR7G+Y1nMf+ofuar8pGszajgfhs1aSPSijkcr2tHTxKAI3sA3YYcOGbszxaNRKFyvOcDq+KP9pcJvKoCHg==",
+ "version": "2.13.5",
+ "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.13.5.tgz",
+ "integrity": "sha512-9VgeKOTiiatKSwZDKKB3C86cW8tN9eDcFohotD4eisdK38UQswk/4Ysoq9KChRCbymjoMp6AIDHPtK1DQ2fTgw==",
"hasInstallScript": true,
"dependencies": {
- "@nestjs/axios": "0.0.8",
- "@nestjs/common": "9.3.11",
- "@nestjs/core": "9.3.11",
+ "@nestjs/axios": "3.0.2",
+ "@nestjs/common": "10.3.0",
+ "@nestjs/core": "10.3.0",
"@nuxtjs/opencollective": "0.3.2",
+ "axios": "1.7.4",
"chalk": "4.1.2",
"commander": "8.3.0",
"compare-versions": "4.1.4",
"concurrently": "6.5.1",
"console.table": "0.10.0",
"fs-extra": "10.1.0",
- "glob": "7.1.6",
- "inquirer": "8.2.5",
+ "glob": "7.2.3",
+ "https-proxy-agent": "7.0.4",
+ "inquirer": "8.2.6",
"lodash": "4.17.21",
"reflect-metadata": "0.1.13",
- "rxjs": "7.8.0",
- "tslib": "2.0.3"
+ "rxjs": "7.8.1",
+ "tslib": "2.6.2"
},
"bin": {
"openapi-generator-cli": "main.js"
@@ -322,42 +324,35 @@
}
},
"node_modules/@openapitools/openapi-generator-cli/node_modules/@nestjs/axios": {
- "version": "0.0.8",
- "resolved": "https://registry.npmjs.org/@nestjs/axios/-/axios-0.0.8.tgz",
- "integrity": "sha512-oJyfR9/h9tVk776il0829xyj3b2e81yTu6HjPraxynwNtMNGqZBHHmAQL24yMB3tVbBM0RvG3eUXH8+pRCGwlg==",
- "dependencies": {
- "axios": "0.27.2"
- },
+ "version": "3.0.2",
+ "resolved": "https://registry.npmjs.org/@nestjs/axios/-/axios-3.0.2.tgz",
+ "integrity": "sha512-Z6GuOUdNQjP7FX+OuV2Ybyamse+/e0BFdTWBX5JxpBDKA+YkdLynDgG6HTF04zy6e9zPa19UX0WA2VDoehwhXQ==",
"peerDependencies": {
- "@nestjs/common": "^7.0.0 || ^8.0.0",
- "reflect-metadata": "^0.1.12",
+ "@nestjs/common": "^7.0.0 || ^8.0.0 || ^9.0.0 || ^10.0.0",
+ "axios": "^1.3.1",
"rxjs": "^6.0.0 || ^7.0.0"
}
},
"node_modules/@openapitools/openapi-generator-cli/node_modules/@nestjs/common": {
- "version": "9.3.11",
- "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-9.3.11.tgz",
- "integrity": "sha512-IFZ2G/5UKWC2Uo7tJ4SxGed2+aiA+sJyWeWsGTogKVDhq90oxVBToh+uCDeI31HNUpqYGoWmkletfty42zUd8A==",
+ "version": "10.3.0",
+ "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-10.3.0.tgz",
+ "integrity": "sha512-DGv34UHsZBxCM3H5QGE2XE/+oLJzz5+714JQjBhjD9VccFlQs3LRxo/epso4l7nJIiNlZkPyIUC8WzfU/5RTsQ==",
"dependencies": {
"iterare": "1.2.1",
- "tslib": "2.5.0",
- "uid": "2.0.1"
+ "tslib": "2.6.2",
+ "uid": "2.0.2"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/nest"
},
"peerDependencies": {
- "cache-manager": "<=5",
"class-transformer": "*",
"class-validator": "*",
"reflect-metadata": "^0.1.12",
"rxjs": "^7.1.0"
},
"peerDependenciesMeta": {
- "cache-manager": {
- "optional": true
- },
"class-transformer": {
"optional": true
},
@@ -366,33 +361,28 @@
}
}
},
- "node_modules/@openapitools/openapi-generator-cli/node_modules/@nestjs/common/node_modules/tslib": {
- "version": "2.5.0",
- "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
- "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
- },
"node_modules/@openapitools/openapi-generator-cli/node_modules/@nestjs/core": {
- "version": "9.3.11",
- "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-9.3.11.tgz",
- "integrity": "sha512-CI27a2JFd5rvvbgkalWqsiwQNhcP4EAG5BUK8usjp29wVp1kx30ghfBT8FLqIgmkRVo65A0IcEnWsxeXMntkxQ==",
+ "version": "10.3.0",
+ "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-10.3.0.tgz",
+ "integrity": "sha512-N06P5ncknW/Pm8bj964WvLIZn2gNhHliCBoAO1LeBvNImYkecqKcrmLbY49Fa1rmMfEM3MuBHeDys3edeuYAOA==",
"hasInstallScript": true,
"dependencies": {
"@nuxtjs/opencollective": "0.3.2",
"fast-safe-stringify": "2.1.1",
"iterare": "1.2.1",
"path-to-regexp": "3.2.0",
- "tslib": "2.5.0",
- "uid": "2.0.1"
+ "tslib": "2.6.2",
+ "uid": "2.0.2"
},
"funding": {
"type": "opencollective",
"url": "https://opencollective.com/nest"
},
"peerDependencies": {
- "@nestjs/common": "^9.0.0",
- "@nestjs/microservices": "^9.0.0",
- "@nestjs/platform-express": "^9.0.0",
- "@nestjs/websockets": "^9.0.0",
+ "@nestjs/common": "^10.0.0",
+ "@nestjs/microservices": "^10.0.0",
+ "@nestjs/platform-express": "^10.0.0",
+ "@nestjs/websockets": "^10.0.0",
"reflect-metadata": "^0.1.12",
"rxjs": "^7.1.0"
},
@@ -408,11 +398,6 @@
}
}
},
- "node_modules/@openapitools/openapi-generator-cli/node_modules/@nestjs/core/node_modules/tslib": {
- "version": "2.5.0",
- "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
- "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
- },
"node_modules/@openapitools/openapi-generator-cli/node_modules/ansi-escapes": {
"version": "4.3.2",
"resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-4.3.2.tgz",
@@ -536,9 +521,9 @@
}
},
"node_modules/@openapitools/openapi-generator-cli/node_modules/inquirer": {
- "version": "8.2.5",
- "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.5.tgz",
- "integrity": "sha512-QAgPDQMEgrDssk1XiwwHoOGYF9BAbUcc1+j+FhEvaOt8/cKRqyLn0U5qA6F74fGhTMGxf92pOvPBeh29jQJDTQ==",
+ "version": "8.2.6",
+ "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.6.tgz",
+ "integrity": "sha512-M1WuAmb7pn9zdFRtQYk26ZBoY043Sse0wVDdk4Bppr+JOXyQYybdtvK+l9wUibhtjdjvtoiNy8tk+EgsYIUqKg==",
"dependencies": {
"ansi-escapes": "^4.2.1",
"chalk": "^4.1.1",
@@ -554,7 +539,7 @@
"string-width": "^4.1.0",
"strip-ansi": "^6.0.0",
"through": "^2.3.6",
- "wrap-ansi": "^7.0.0"
+ "wrap-ansi": "^6.0.1"
},
"engines": {
"node": ">=12.0.0"
@@ -566,18 +551,13 @@
"integrity": "sha512-nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA=="
},
"node_modules/@openapitools/openapi-generator-cli/node_modules/rxjs": {
- "version": "7.8.0",
- "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.0.tgz",
- "integrity": "sha512-F2+gxDshqmIub1KdvZkaEfGDwLNpPvk9Fs6LD/MyQxNgMds/WH9OdDDXOmxUZpME+iSK3rQCctkL0DYyytUqMg==",
+ "version": "7.8.1",
+ "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz",
+ "integrity": "sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==",
"dependencies": {
"tslib": "^2.1.0"
}
},
- "node_modules/@openapitools/openapi-generator-cli/node_modules/rxjs/node_modules/tslib": {
- "version": "2.5.0",
- "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
- "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
- },
"node_modules/@openapitools/openapi-generator-cli/node_modules/strip-ansi": {
"version": "6.0.1",
"resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
@@ -601,9 +581,22 @@
}
},
"node_modules/@openapitools/openapi-generator-cli/node_modules/tslib": {
- "version": "2.0.3",
- "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.0.3.tgz",
- "integrity": "sha512-uZtkfKblCEQtZKBF6EBXVZeQNl82yqtDQdv+eck8u7tdPxjLu2/lp5/uPW+um2tpuxINHWy3GhiccY7QgEaVHQ=="
+ "version": "2.6.2",
+ "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
+ "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q=="
+ },
+ "node_modules/@openapitools/openapi-generator-cli/node_modules/wrap-ansi": {
+ "version": "6.2.0",
+ "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+ "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+ "dependencies": {
+ "ansi-styles": "^4.0.0",
+ "string-width": "^4.1.0",
+ "strip-ansi": "^6.0.0"
+ },
+ "engines": {
+ "node": ">=8"
+ }
},
"node_modules/@sideway/address": {
"version": "4.1.4",
@@ -759,6 +752,33 @@
"resolved": "https://registry.npmjs.org/add-stream/-/add-stream-1.0.0.tgz",
"integrity": "sha512-qQLMr+8o0WC4FZGQTcJiKBVC59JylcPSrTtk6usvmIDFUOCKegapy1VHQwRbFMOFyb/inzUVqHs+eMYKDM1YeQ=="
},
+ "node_modules/agent-base": {
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz",
+ "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==",
+ "dependencies": {
+ "debug": "^4.3.4"
+ },
+ "engines": {
+ "node": ">= 14"
+ }
+ },
+ "node_modules/agent-base/node_modules/debug": {
+ "version": "4.3.6",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
+ "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
+ "dependencies": {
+ "ms": "2.1.2"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
"node_modules/aggregate-error": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz",
@@ -985,12 +1005,13 @@
"dev": true
},
"node_modules/axios": {
- "version": "0.27.2",
- "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz",
- "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==",
+ "version": "1.7.4",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz",
+ "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==",
"dependencies": {
- "follow-redirects": "^1.14.9",
- "form-data": "^4.0.0"
+ "follow-redirects": "^1.15.6",
+ "form-data": "^4.0.0",
+ "proxy-from-env": "^1.1.0"
}
},
"node_modules/axios/node_modules/form-data": {
@@ -1006,6 +1027,11 @@
"node": ">= 6"
}
},
+ "node_modules/axios/node_modules/proxy-from-env": {
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+ "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg=="
+ },
"node_modules/babel-code-frame": {
"version": "6.26.0",
"resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.26.0.tgz",
@@ -1116,12 +1142,12 @@
}
},
"node_modules/braces": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
- "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+ "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"dependencies": {
- "fill-range": "^7.0.1"
+ "fill-range": "^7.1.1"
},
"engines": {
"node": ">=8"
@@ -1346,9 +1372,9 @@
}
},
"node_modules/cli-spinners": {
- "version": "2.8.0",
- "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.8.0.tgz",
- "integrity": "sha512-/eG5sJcvEIwxcdYM86k5tPwn0MUzkX5YY3eImTGpJOZgVe4SdTMY14vQpcxgBzJ0wXwAYrS8E+c3uHeK4JNyzQ==",
+ "version": "2.9.2",
+ "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz",
+ "integrity": "sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg==",
"engines": {
"node": ">=6"
},
@@ -3174,9 +3200,9 @@
}
},
"node_modules/fill-range": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
- "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+ "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"dependencies": {
"to-regex-range": "^5.0.1"
@@ -3218,9 +3244,9 @@
}
},
"node_modules/follow-redirects": {
- "version": "1.15.2",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
- "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+ "version": "1.15.6",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+ "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
"funding": [
{
"type": "individual",
@@ -3503,14 +3529,14 @@
"integrity": "sha512-JV/yugV2uzW5iMRSiZAyDtQd+nxtUnjeLt0acNdw98kKLrvuRVyB80tsREOE7yvGVgalhZ6RNXCmEHkUKBKxew=="
},
"node_modules/glob": {
- "version": "7.1.6",
- "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
- "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+ "version": "7.2.3",
+ "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+ "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
"dependencies": {
"fs.realpath": "^1.0.0",
"inflight": "^1.0.4",
"inherits": "2",
- "minimatch": "^3.0.4",
+ "minimatch": "^3.1.1",
"once": "^1.3.0",
"path-is-absolute": "^1.0.0"
},
@@ -3696,6 +3722,34 @@
"entities": "^3.0.1"
}
},
+ "node_modules/https-proxy-agent": {
+ "version": "7.0.4",
+ "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.4.tgz",
+ "integrity": "sha512-wlwpilI7YdjSkWaQ/7omYBMTliDcmCN8OLihO6I9B86g06lMyAoqgoDpV0XqoaPOKj+0DIdAvnsWfyAAhmimcg==",
+ "dependencies": {
+ "agent-base": "^7.0.2",
+ "debug": "4"
+ },
+ "engines": {
+ "node": ">= 14"
+ }
+ },
+ "node_modules/https-proxy-agent/node_modules/debug": {
+ "version": "4.3.6",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
+ "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
+ "dependencies": {
+ "ms": "2.1.2"
+ },
+ "engines": {
+ "node": ">=6.0"
+ },
+ "peerDependenciesMeta": {
+ "supports-color": {
+ "optional": true
+ }
+ }
+ },
"node_modules/human-signals": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz",
@@ -4188,9 +4242,9 @@
}
},
"node_modules/joi": {
- "version": "17.9.2",
- "resolved": "https://registry.npmjs.org/joi/-/joi-17.9.2.tgz",
- "integrity": "sha512-Itk/r+V4Dx0V3c7RLFdRh12IOjySm2/WGPMubBT92cQvRfYZhPM2W0hZlctjj72iES8jsRCwp7S/cRmWBnJ4nw==",
+ "version": "17.11.0",
+ "resolved": "https://registry.npmjs.org/joi/-/joi-17.11.0.tgz",
+ "integrity": "sha512-NgB+lZLNoqISVy1rZocE9PZI36bL/77ie924Ri43yEvi9GUUMPeyVIr8KdFTMUlby1p0PBYMk9spIxEUQYqrJQ==",
"dev": true,
"dependencies": {
"@hapi/hoek": "^9.0.0",
@@ -5444,9 +5498,9 @@
"dev": true
},
"node_modules/node-fetch": {
- "version": "2.6.9",
- "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz",
- "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==",
+ "version": "2.7.0",
+ "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
+ "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
"dependencies": {
"whatwg-url": "^5.0.0"
},
@@ -7138,9 +7192,9 @@
}
},
"node_modules/uid": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.1.tgz",
- "integrity": "sha512-PF+1AnZgycpAIEmNtjxGBVmKbZAQguaa4pBUq6KNaGEcpzZ2klCNZLM34tsjp76maN00TttiiUf6zkIBpJQm2A==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.2.tgz",
+ "integrity": "sha512-u3xV3X7uzvi5b1MncmZo3i2Aw222Zk1keqLA1YkHldREkAhAqi65wuPfe7lHx8H/Wzy+8CE7S7uS3jekIM5s8g==",
"dependencies": {
"@lukeed/csprng": "^1.0.0"
},
@@ -7323,16 +7377,16 @@
}
},
"node_modules/wait-on": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/wait-on/-/wait-on-7.0.1.tgz",
- "integrity": "sha512-9AnJE9qTjRQOlTZIldAaf/da2eW0eSRSgcqq85mXQja/DW3MriHxkpODDSUEg+Gri/rKEcXUZHe+cevvYItaog==",
+ "version": "7.2.0",
+ "resolved": "https://registry.npmjs.org/wait-on/-/wait-on-7.2.0.tgz",
+ "integrity": "sha512-wCQcHkRazgjG5XoAq9jbTMLpNIjoSlZslrJ2+N9MxDsGEv1HnFoVjOCexL0ESva7Y9cu350j+DWADdk54s4AFQ==",
"dev": true,
"dependencies": {
- "axios": "^0.27.2",
- "joi": "^17.7.0",
+ "axios": "^1.6.1",
+ "joi": "^17.11.0",
"lodash": "^4.17.21",
- "minimist": "^1.2.7",
- "rxjs": "^7.8.0"
+ "minimist": "^1.2.8",
+ "rxjs": "^7.8.1"
},
"bin": {
"wait-on": "bin/wait-on"
@@ -7749,71 +7803,57 @@
}
},
"@openapitools/openapi-generator-cli": {
- "version": "2.6.0",
- "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.6.0.tgz",
- "integrity": "sha512-M/aOpR7G+Y1nMf+ofuar8pGszajgfhs1aSPSijkcr2tHTxKAI3sA3YYcOGbszxaNRKFyvOcDq+KP9pcJvKoCHg==",
+ "version": "2.13.5",
+ "resolved": "https://registry.npmjs.org/@openapitools/openapi-generator-cli/-/openapi-generator-cli-2.13.5.tgz",
+ "integrity": "sha512-9VgeKOTiiatKSwZDKKB3C86cW8tN9eDcFohotD4eisdK38UQswk/4Ysoq9KChRCbymjoMp6AIDHPtK1DQ2fTgw==",
"requires": {
- "@nestjs/axios": "0.0.8",
- "@nestjs/common": "9.3.11",
- "@nestjs/core": "9.3.11",
+ "@nestjs/axios": "3.0.2",
+ "@nestjs/common": "10.3.0",
+ "@nestjs/core": "10.3.0",
"@nuxtjs/opencollective": "0.3.2",
+ "axios": "1.7.4",
"chalk": "4.1.2",
"commander": "8.3.0",
"compare-versions": "4.1.4",
"concurrently": "6.5.1",
"console.table": "0.10.0",
"fs-extra": "10.1.0",
- "glob": "7.1.6",
- "inquirer": "8.2.5",
+ "glob": "7.2.3",
+ "https-proxy-agent": "7.0.4",
+ "inquirer": "8.2.6",
"lodash": "4.17.21",
"reflect-metadata": "0.1.13",
- "rxjs": "7.8.0",
- "tslib": "2.0.3"
+ "rxjs": "7.8.1",
+ "tslib": "2.6.2"
},
"dependencies": {
"@nestjs/axios": {
- "version": "0.0.8",
- "resolved": "https://registry.npmjs.org/@nestjs/axios/-/axios-0.0.8.tgz",
- "integrity": "sha512-oJyfR9/h9tVk776il0829xyj3b2e81yTu6HjPraxynwNtMNGqZBHHmAQL24yMB3tVbBM0RvG3eUXH8+pRCGwlg==",
- "requires": {
- "axios": "0.27.2"
- }
+ "version": "3.0.2",
+ "resolved": "https://registry.npmjs.org/@nestjs/axios/-/axios-3.0.2.tgz",
+ "integrity": "sha512-Z6GuOUdNQjP7FX+OuV2Ybyamse+/e0BFdTWBX5JxpBDKA+YkdLynDgG6HTF04zy6e9zPa19UX0WA2VDoehwhXQ==",
+ "requires": {}
},
"@nestjs/common": {
- "version": "9.3.11",
- "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-9.3.11.tgz",
- "integrity": "sha512-IFZ2G/5UKWC2Uo7tJ4SxGed2+aiA+sJyWeWsGTogKVDhq90oxVBToh+uCDeI31HNUpqYGoWmkletfty42zUd8A==",
+ "version": "10.3.0",
+ "resolved": "https://registry.npmjs.org/@nestjs/common/-/common-10.3.0.tgz",
+ "integrity": "sha512-DGv34UHsZBxCM3H5QGE2XE/+oLJzz5+714JQjBhjD9VccFlQs3LRxo/epso4l7nJIiNlZkPyIUC8WzfU/5RTsQ==",
"requires": {
"iterare": "1.2.1",
- "tslib": "2.5.0",
- "uid": "2.0.1"
- },
- "dependencies": {
- "tslib": {
- "version": "2.5.0",
- "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
- "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
- }
+ "tslib": "2.6.2",
+ "uid": "2.0.2"
}
},
"@nestjs/core": {
- "version": "9.3.11",
- "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-9.3.11.tgz",
- "integrity": "sha512-CI27a2JFd5rvvbgkalWqsiwQNhcP4EAG5BUK8usjp29wVp1kx30ghfBT8FLqIgmkRVo65A0IcEnWsxeXMntkxQ==",
+ "version": "10.3.0",
+ "resolved": "https://registry.npmjs.org/@nestjs/core/-/core-10.3.0.tgz",
+ "integrity": "sha512-N06P5ncknW/Pm8bj964WvLIZn2gNhHliCBoAO1LeBvNImYkecqKcrmLbY49Fa1rmMfEM3MuBHeDys3edeuYAOA==",
"requires": {
"@nuxtjs/opencollective": "0.3.2",
"fast-safe-stringify": "2.1.1",
"iterare": "1.2.1",
"path-to-regexp": "3.2.0",
- "tslib": "2.5.0",
- "uid": "2.0.1"
- },
- "dependencies": {
- "tslib": {
- "version": "2.5.0",
- "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
- "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
- }
+ "tslib": "2.6.2",
+ "uid": "2.0.2"
}
},
"ansi-escapes": {
@@ -7900,9 +7940,9 @@
"integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ=="
},
"inquirer": {
- "version": "8.2.5",
- "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.5.tgz",
- "integrity": "sha512-QAgPDQMEgrDssk1XiwwHoOGYF9BAbUcc1+j+FhEvaOt8/cKRqyLn0U5qA6F74fGhTMGxf92pOvPBeh29jQJDTQ==",
+ "version": "8.2.6",
+ "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-8.2.6.tgz",
+ "integrity": "sha512-M1WuAmb7pn9zdFRtQYk26ZBoY043Sse0wVDdk4Bppr+JOXyQYybdtvK+l9wUibhtjdjvtoiNy8tk+EgsYIUqKg==",
"requires": {
"ansi-escapes": "^4.2.1",
"chalk": "^4.1.1",
@@ -7918,7 +7958,7 @@
"string-width": "^4.1.0",
"strip-ansi": "^6.0.0",
"through": "^2.3.6",
- "wrap-ansi": "^7.0.0"
+ "wrap-ansi": "^6.0.1"
}
},
"mute-stream": {
@@ -7927,18 +7967,11 @@
"integrity": "sha512-nnbWWOkoWyUsTjKrhgD0dcz22mdkSnpYqbEjIm2nhwhuxlSkpywJmBo8h0ZqJdkp73mb90SssHkN4rsRaBAfAA=="
},
"rxjs": {
- "version": "7.8.0",
- "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.0.tgz",
- "integrity": "sha512-F2+gxDshqmIub1KdvZkaEfGDwLNpPvk9Fs6LD/MyQxNgMds/WH9OdDDXOmxUZpME+iSK3rQCctkL0DYyytUqMg==",
+ "version": "7.8.1",
+ "resolved": "https://registry.npmjs.org/rxjs/-/rxjs-7.8.1.tgz",
+ "integrity": "sha512-AA3TVj+0A2iuIoQkWEK/tqFjBq2j+6PO6Y0zJcvzLAFhEFIO3HL0vls9hWLncZbAAbK0mar7oZ4V079I/qPMxg==",
"requires": {
"tslib": "^2.1.0"
- },
- "dependencies": {
- "tslib": {
- "version": "2.5.0",
- "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.5.0.tgz",
- "integrity": "sha512-336iVw3rtn2BUK7ORdIAHTyxHGRIHVReokCR3XjbckJMK7ms8FysBfhLR8IXnAgy7T0PTPNBWKiH514FOW/WSg=="
- }
}
},
"strip-ansi": {
@@ -7958,9 +7991,19 @@
}
},
"tslib": {
- "version": "2.0.3",
- "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.0.3.tgz",
- "integrity": "sha512-uZtkfKblCEQtZKBF6EBXVZeQNl82yqtDQdv+eck8u7tdPxjLu2/lp5/uPW+um2tpuxINHWy3GhiccY7QgEaVHQ=="
+ "version": "2.6.2",
+ "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.6.2.tgz",
+ "integrity": "sha512-AEYxH93jGFPn/a2iVAwW87VuUIkR1FVUKB77NwMF7nBTDkDrrT/Hpt/IrCJ0QXhW27jTBDcf5ZY7w6RiqTMw2Q=="
+ },
+ "wrap-ansi": {
+ "version": "6.2.0",
+ "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+ "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+ "requires": {
+ "ansi-styles": "^4.0.0",
+ "string-width": "^4.1.0",
+ "strip-ansi": "^6.0.0"
+ }
}
}
},
@@ -8106,6 +8149,24 @@
"resolved": "https://registry.npmjs.org/add-stream/-/add-stream-1.0.0.tgz",
"integrity": "sha512-qQLMr+8o0WC4FZGQTcJiKBVC59JylcPSrTtk6usvmIDFUOCKegapy1VHQwRbFMOFyb/inzUVqHs+eMYKDM1YeQ=="
},
+ "agent-base": {
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-7.1.1.tgz",
+ "integrity": "sha512-H0TSyFNDMomMNJQBn8wFV5YC/2eJ+VXECwOadZJT554xP6cODZHPX3H9QMQECxvrgiSOP1pHjy1sMWQVYJOUOA==",
+ "requires": {
+ "debug": "^4.3.4"
+ },
+ "dependencies": {
+ "debug": {
+ "version": "4.3.6",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
+ "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
+ "requires": {
+ "ms": "2.1.2"
+ }
+ }
+ }
+ },
"aggregate-error": {
"version": "3.1.0",
"resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.1.0.tgz",
@@ -8277,12 +8338,13 @@
"dev": true
},
"axios": {
- "version": "0.27.2",
- "resolved": "https://registry.npmjs.org/axios/-/axios-0.27.2.tgz",
- "integrity": "sha512-t+yRIyySRTp/wua5xEr+z1q60QmLq8ABsS5O9Me1AsE5dfKqgnCFzwiCZZ/cGNd1lq4/7akDWMxdhVlucjmnOQ==",
+ "version": "1.7.4",
+ "resolved": "https://registry.npmjs.org/axios/-/axios-1.7.4.tgz",
+ "integrity": "sha512-DukmaFRnY6AzAALSH4J2M3k6PkaC+MfaAGdEERRWcC9q3/TWQwLpHR8ZRLKTdQ3aBDL64EdluRDjJqKw+BPZEw==",
"requires": {
- "follow-redirects": "^1.14.9",
- "form-data": "^4.0.0"
+ "follow-redirects": "^1.15.6",
+ "form-data": "^4.0.0",
+ "proxy-from-env": "^1.1.0"
},
"dependencies": {
"form-data": {
@@ -8294,6 +8356,11 @@
"combined-stream": "^1.0.8",
"mime-types": "^2.1.12"
}
+ },
+ "proxy-from-env": {
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/proxy-from-env/-/proxy-from-env-1.1.0.tgz",
+ "integrity": "sha512-D+zkORCbA9f1tdWRK0RaCR3GPv50cMxcrz4X8k5LTSUD1Dkw47mKJEZQNunItRTkWwgtaUSo1RVFRIG9ZXiFYg=="
}
}
},
@@ -8385,12 +8452,12 @@
}
},
"braces": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
- "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+ "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"requires": {
- "fill-range": "^7.0.1"
+ "fill-range": "^7.1.1"
}
},
"buffer": {
@@ -8545,9 +8612,9 @@
}
},
"cli-spinners": {
- "version": "2.8.0",
- "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.8.0.tgz",
- "integrity": "sha512-/eG5sJcvEIwxcdYM86k5tPwn0MUzkX5YY3eImTGpJOZgVe4SdTMY14vQpcxgBzJ0wXwAYrS8E+c3uHeK4JNyzQ=="
+ "version": "2.9.2",
+ "resolved": "https://registry.npmjs.org/cli-spinners/-/cli-spinners-2.9.2.tgz",
+ "integrity": "sha512-ywqV+5MmyL4E7ybXgKys4DugZbX0FC6LnwrhjuykIjnK9k8OQacQ7axGKnjDXWNhns0xot3bZI5h55H8yo9cJg=="
},
"cli-table3": {
"version": "0.6.2",
@@ -9966,9 +10033,9 @@
}
},
"fill-range": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
- "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+ "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"requires": {
"to-regex-range": "^5.0.1"
@@ -10001,9 +10068,9 @@
}
},
"follow-redirects": {
- "version": "1.15.2",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
- "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
+ "version": "1.15.6",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+ "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA=="
},
"forever-agent": {
"version": "0.6.1",
@@ -10221,14 +10288,14 @@
}
},
"glob": {
- "version": "7.1.6",
- "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
- "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+ "version": "7.2.3",
+ "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.3.tgz",
+ "integrity": "sha512-nFR0zLpU2YCaRxwoCJvL6UvCH2JFyFVIvwTLsIf21AuHlMskA1hhTdk+LlYJtOlYt9v6dvszD2BGRqBL+iQK9Q==",
"requires": {
"fs.realpath": "^1.0.0",
"inflight": "^1.0.4",
"inherits": "2",
- "minimatch": "^3.0.4",
+ "minimatch": "^3.1.1",
"once": "^1.3.0",
"path-is-absolute": "^1.0.0"
}
@@ -10353,6 +10420,25 @@
"entities": "^3.0.1"
}
},
+ "https-proxy-agent": {
+ "version": "7.0.4",
+ "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-7.0.4.tgz",
+ "integrity": "sha512-wlwpilI7YdjSkWaQ/7omYBMTliDcmCN8OLihO6I9B86g06lMyAoqgoDpV0XqoaPOKj+0DIdAvnsWfyAAhmimcg==",
+ "requires": {
+ "agent-base": "^7.0.2",
+ "debug": "4"
+ },
+ "dependencies": {
+ "debug": {
+ "version": "4.3.6",
+ "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.6.tgz",
+ "integrity": "sha512-O/09Bd4Z1fBrU4VzkhFqVgpPzaGbw6Sm9FEkBT1A/YBXQFGuuSxa1dN2nxgxS34JmKXqYx8CZAwEVoJFImUXIg==",
+ "requires": {
+ "ms": "2.1.2"
+ }
+ }
+ }
+ },
"human-signals": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/human-signals/-/human-signals-1.1.1.tgz",
@@ -10692,9 +10778,9 @@
"integrity": "sha512-RKYVTCjAnRthyJes037NX/IiqeidgN1xc3j1RjFfECFp28A1GVwK9nA+i0rJPaHqSZwygLzRnFlzUuHFoWWy+Q=="
},
"joi": {
- "version": "17.9.2",
- "resolved": "https://registry.npmjs.org/joi/-/joi-17.9.2.tgz",
- "integrity": "sha512-Itk/r+V4Dx0V3c7RLFdRh12IOjySm2/WGPMubBT92cQvRfYZhPM2W0hZlctjj72iES8jsRCwp7S/cRmWBnJ4nw==",
+ "version": "17.11.0",
+ "resolved": "https://registry.npmjs.org/joi/-/joi-17.11.0.tgz",
+ "integrity": "sha512-NgB+lZLNoqISVy1rZocE9PZI36bL/77ie924Ri43yEvi9GUUMPeyVIr8KdFTMUlby1p0PBYMk9spIxEUQYqrJQ==",
"dev": true,
"requires": {
"@hapi/hoek": "^9.0.0",
@@ -11629,9 +11715,9 @@
"dev": true
},
"node-fetch": {
- "version": "2.6.9",
- "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.6.9.tgz",
- "integrity": "sha512-DJm/CJkZkRjKKj4Zi4BsKVZh3ValV5IR5s7LVZnW+6YMh0W1BfNA8XSs6DLMGYlId5F3KnA70uu2qepcR08Qqg==",
+ "version": "2.7.0",
+ "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
+ "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
"requires": {
"whatwg-url": "^5.0.0"
}
@@ -12920,9 +13006,9 @@
"optional": true
},
"uid": {
- "version": "2.0.1",
- "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.1.tgz",
- "integrity": "sha512-PF+1AnZgycpAIEmNtjxGBVmKbZAQguaa4pBUq6KNaGEcpzZ2klCNZLM34tsjp76maN00TttiiUf6zkIBpJQm2A==",
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/uid/-/uid-2.0.2.tgz",
+ "integrity": "sha512-u3xV3X7uzvi5b1MncmZo3i2Aw222Zk1keqLA1YkHldREkAhAqi65wuPfe7lHx8H/Wzy+8CE7S7uS3jekIM5s8g==",
"requires": {
"@lukeed/csprng": "^1.0.0"
}
@@ -13066,16 +13152,16 @@
}
},
"wait-on": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/wait-on/-/wait-on-7.0.1.tgz",
- "integrity": "sha512-9AnJE9qTjRQOlTZIldAaf/da2eW0eSRSgcqq85mXQja/DW3MriHxkpODDSUEg+Gri/rKEcXUZHe+cevvYItaog==",
+ "version": "7.2.0",
+ "resolved": "https://registry.npmjs.org/wait-on/-/wait-on-7.2.0.tgz",
+ "integrity": "sha512-wCQcHkRazgjG5XoAq9jbTMLpNIjoSlZslrJ2+N9MxDsGEv1HnFoVjOCexL0ESva7Y9cu350j+DWADdk54s4AFQ==",
"dev": true,
"requires": {
- "axios": "^0.27.2",
- "joi": "^17.7.0",
+ "axios": "^1.6.1",
+ "joi": "^17.11.0",
"lodash": "^4.17.21",
- "minimist": "^1.2.7",
- "rxjs": "^7.8.0"
+ "minimist": "^1.2.8",
+ "rxjs": "^7.8.1"
},
"dependencies": {
"rxjs": {
diff --git a/package.json b/package.json
index 271ff39d7dd..b57785fd06b 100644
--- a/package.json
+++ b/package.json
@@ -11,7 +11,7 @@
},
"prettier": "ory-prettier-styles",
"dependencies": {
- "@openapitools/openapi-generator-cli": "^2.6.0",
+ "@openapitools/openapi-generator-cli": "^2.13.5",
"conventional-changelog-cli": "~2.2.2",
"doctoc": "^2.2.1"
},
diff --git a/persistence/definitions.go b/persistence/definitions.go
index 27a8b0fa037..5cd9c9a3f15 100644
--- a/persistence/definitions.go
+++ b/persistence/definitions.go
@@ -33,6 +33,7 @@ type (
MigrateUp(context.Context) error
PrepareMigration(context.Context) error
Connection(context.Context) *pop.Connection
+ Transaction(context.Context, func(ctx context.Context, c *pop.Connection) error) error
Ping() error
Networker
}
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0001.json b/persistence/sql/migratest/fixtures/hydra_client/client-0001.json
index 0f7229417b1..92a6eb6b00f 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0001.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0001.json
@@ -36,6 +36,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -97,6 +109,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "",
"TermsOfServiceURI": "http://tos/0001",
"TokenEndpointAuthMethod": "none",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0002.json b/persistence/sql/migratest/fixtures/hydra_client/client-0002.json
index bd2d7bda658..1cb9ff6e769 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0002.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0002.json
@@ -36,6 +36,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -97,6 +109,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "",
"TermsOfServiceURI": "http://tos/0002",
"TokenEndpointAuthMethod": "none",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0003.json b/persistence/sql/migratest/fixtures/hydra_client/client-0003.json
index ea3f0d95301..b2d8a612220 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0003.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0003.json
@@ -36,6 +36,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -97,6 +109,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "",
"TermsOfServiceURI": "http://tos/0003",
"TokenEndpointAuthMethod": "none",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0004.json b/persistence/sql/migratest/fixtures/hydra_client/client-0004.json
index 82fd03429ab..10e001ac97e 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0004.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0004.json
@@ -36,6 +36,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -99,6 +111,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0004",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "",
"TermsOfServiceURI": "http://tos/0004",
"TokenEndpointAuthMethod": "none",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0005.json b/persistence/sql/migratest/fixtures/hydra_client/client-0005.json
index c89be3f4bb6..c51c01b13e7 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0005.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0005.json
@@ -36,6 +36,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -99,6 +111,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0005",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "",
"TermsOfServiceURI": "http://tos/0005",
"TokenEndpointAuthMethod": "token_auth-0005",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0006.json b/persistence/sql/migratest/fixtures/hydra_client/client-0006.json
index a07a5da9e37..f87065ee097 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0006.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0006.json
@@ -36,6 +36,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -99,6 +111,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0006",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0006",
"TermsOfServiceURI": "http://tos/0006",
"TokenEndpointAuthMethod": "token_auth-0006",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0007.json b/persistence/sql/migratest/fixtures/hydra_client/client-0007.json
index 7b5d580f877..6bf27b0d29b 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0007.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0007.json
@@ -36,6 +36,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -99,6 +111,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0007",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0007",
"TermsOfServiceURI": "http://tos/0007",
"TokenEndpointAuthMethod": "token_auth-0007",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0008.json b/persistence/sql/migratest/fixtures/hydra_client/client-0008.json
index 2544f493e6c..51cbcaf1c58 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0008.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0008.json
@@ -38,6 +38,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -101,6 +113,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0008",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0008",
"TermsOfServiceURI": "http://tos/0008",
"TokenEndpointAuthMethod": "token_auth-0008",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0009.json b/persistence/sql/migratest/fixtures/hydra_client/client-0009.json
index 0cd3e722bab..ffe308afe0a 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0009.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0009.json
@@ -38,6 +38,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -101,6 +113,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0009",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0009",
"TermsOfServiceURI": "http://tos/0009",
"TokenEndpointAuthMethod": "token_auth-0009",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0010.json b/persistence/sql/migratest/fixtures/hydra_client/client-0010.json
index 6d853edd8fe..573049c6c96 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0010.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0010.json
@@ -38,6 +38,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -101,6 +113,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0010",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0010",
"TermsOfServiceURI": "http://tos/0010",
"TokenEndpointAuthMethod": "token_auth-0010",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0011.json b/persistence/sql/migratest/fixtures/hydra_client/client-0011.json
index f87f5d936e8..a49000472ae 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0011.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0011.json
@@ -40,6 +40,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -103,6 +115,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0011",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0011",
"TermsOfServiceURI": "http://tos/0011",
"TokenEndpointAuthMethod": "token_auth-0011",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0012.json b/persistence/sql/migratest/fixtures/hydra_client/client-0012.json
index 31596741085..1877d4b298f 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0012.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0012.json
@@ -40,6 +40,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -103,6 +115,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0012",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0012",
"TermsOfServiceURI": "http://tos/0012",
"TokenEndpointAuthMethod": "token_auth-0012",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0013.json b/persistence/sql/migratest/fixtures/hydra_client/client-0013.json
index 6e8db49ad17..fb67f9202b9 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0013.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0013.json
@@ -40,6 +40,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -105,6 +117,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0013",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0013",
"TermsOfServiceURI": "http://tos/0013",
"TokenEndpointAuthMethod": "token_auth-0013",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0014.json b/persistence/sql/migratest/fixtures/hydra_client/client-0014.json
index 6bc35306d1f..1bc2ef1ea63 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0014.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0014.json
@@ -40,6 +40,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -107,6 +119,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0014",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0014",
"TermsOfServiceURI": "http://tos/0014",
"TokenEndpointAuthMethod": "token_auth-0014",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-0015.json b/persistence/sql/migratest/fixtures/hydra_client/client-0015.json
index 68e599cb13c..42b12e6b492 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-0015.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-0015.json
@@ -40,6 +40,18 @@
"Duration": 154000000000,
"Valid": true
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 155000000000,
"Valid": true
@@ -107,6 +119,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/0015",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-0015",
"TermsOfServiceURI": "http://tos/0015",
"TokenEndpointAuthMethod": "token_auth-0015",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-20.json b/persistence/sql/migratest/fixtures/hydra_client/client-20.json
index 46f83b5b308..fbc35aedfc4 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-20.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-20.json
@@ -40,6 +40,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -107,6 +119,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/20",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-20",
"TermsOfServiceURI": "http://tos/20",
"TokenEndpointAuthMethod": "token_auth-20",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-2005.json b/persistence/sql/migratest/fixtures/hydra_client/client-2005.json
index cc18982abf5..40470238a5b 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-2005.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-2005.json
@@ -40,6 +40,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -107,6 +119,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/2005",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-2005",
"TermsOfServiceURI": "http://tos/2005",
"TokenEndpointAuthMethod": "token_auth-2005",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-21.json b/persistence/sql/migratest/fixtures/hydra_client/client-21.json
index c867fe47587..7b3e67c7770 100644
--- a/persistence/sql/migratest/fixtures/hydra_client/client-21.json
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-21.json
@@ -44,6 +44,18 @@
"Duration": 0,
"Valid": false
},
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
"ImplicitGrantAccessTokenLifespan": {
"Duration": 0,
"Valid": false
@@ -115,6 +127,10 @@
"SecretExpiresAt": 0,
"SectorIdentifierURI": "http://sector_id/21",
"SkipConsent": false,
+ "SkipLogoutConsent": {
+ "Bool": false,
+ "Valid": false
+ },
"SubjectType": "subject-21",
"TermsOfServiceURI": "http://tos/21",
"TokenEndpointAuthMethod": "token_auth-21",
diff --git a/persistence/sql/migratest/fixtures/hydra_client/client-22.json b/persistence/sql/migratest/fixtures/hydra_client/client-22.json
new file mode 100644
index 00000000000..49c9fb5ea91
--- /dev/null
+++ b/persistence/sql/migratest/fixtures/hydra_client/client-22.json
@@ -0,0 +1,140 @@
+{
+ "AccessTokenStrategy": "",
+ "AllowedCORSOrigins": [
+ "http://cors/22_1",
+ "http://cors/22_2"
+ ],
+ "Audience": [
+ "autdience-22_1",
+ "autdience-22_2"
+ ],
+ "BackChannelLogoutSessionRequired": true,
+ "BackChannelLogoutURI": "http://back_logout/22",
+ "ClientURI": "http://client/22",
+ "Contacts": [
+ "contact-22_1",
+ "contact-22_2"
+ ],
+ "CreatedAt": "0001-01-01T00:00:00Z",
+ "FrontChannelLogoutSessionRequired": true,
+ "FrontChannelLogoutURI": "http://front_logout/22",
+ "GrantTypes": [
+ "grant-22_1",
+ "grant-22_2"
+ ],
+ "ID": "client-22",
+ "JSONWebKeys": {
+ "JSONWebKeySet": null
+ },
+ "JSONWebKeysURI": "http://jwks/22",
+ "Lifespans": {
+ "AuthorizationCodeGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "AuthorizationCodeGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "AuthorizationCodeGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "ClientCredentialsGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "DeviceAuthorizationGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "ImplicitGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "ImplicitGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "JwtBearerGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "PasswordGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "PasswordGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "RefreshTokenGrantAccessTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "RefreshTokenGrantIDTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ },
+ "RefreshTokenGrantRefreshTokenLifespan": {
+ "Duration": 0,
+ "Valid": false
+ }
+ },
+ "LogoURI": "http://logo/22",
+ "Metadata": {
+ "migration": "22"
+ },
+ "NID": "00000000-0000-0000-0000-000000000000",
+ "Name": "Client 22",
+ "Owner": "owner-22",
+ "PK": {
+ "String": "",
+ "Valid": false
+ },
+ "PKDeprecated": 0,
+ "PolicyURI": "http://policy/22",
+ "PostLogoutRedirectURIs": [
+ "http://post_redirect/22_1",
+ "http://post_redirect/22_2"
+ ],
+ "RedirectURIs": [
+ "http://redirect/22_1",
+ "http://redirect/22_2"
+ ],
+ "RegistrationAccessToken": "",
+ "RegistrationAccessTokenSignature": "",
+ "RegistrationClientURI": "",
+ "RequestObjectSigningAlgorithm": "r_alg-22",
+ "RequestURIs": [
+ "http://request/22_1",
+ "http://request/22_2"
+ ],
+ "ResponseTypes": [
+ "response-22_1",
+ "response-22_2"
+ ],
+ "Scope": "scope-22",
+ "Secret": "secret-22",
+ "SecretExpiresAt": 0,
+ "SectorIdentifierURI": "http://sector_id/22",
+ "SkipConsent": true,
+ "SkipLogoutConsent": {
+ "Bool": true,
+ "Valid": true
+ },
+ "SubjectType": "subject-22",
+ "TermsOfServiceURI": "http://tos/22",
+ "TokenEndpointAuthMethod": "token_auth-22",
+ "TokenEndpointAuthSigningAlgorithm": "",
+ "UpdatedAt": "0001-01-01T00:00:00Z",
+ "UserinfoSignedResponseAlg": "u_alg-22"
+}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0001.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0001.json
index c790dc021e7..1431c94066c 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0001.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0001.json
@@ -1,34 +1,26 @@
{
- "ID": "challenge-0001",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0001",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0001_1"
],
- "RequestedAudience": [],
- "LoginSkip": true,
- "Subject": "subject-0001",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0001",
+ "oc": {
"display": "display-0001"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0001",
- "SessionID": "",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0001",
- "LoginCSRF": "csrf-0001",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 1,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0001",
- "AMR": [],
- "ForceSubjectIdentifier": "",
- "Context": {},
- "LoginWasUsed": true,
- "LoginError": {
+ "r": "http://request/0001",
+ "lv": "verifier-0001",
+ "lc": "csrf-0001",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 1,
+ "a": "acr-0001",
+ "ct": {},
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -36,20 +28,22 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0001",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0001",
- "ConsentCSRF": "csrf-0001",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0001",
+ "cs": true,
+ "cv": "verifier-0001",
+ "cr": "csrf-0001",
+ "gs": [
"granted_scope-0001_1"
],
- "GrantedAudience": [],
- "ConsentRemember": true,
- "ConsentRememberFor": 1,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 1,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -57,10 +51,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0001": "0001"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0001": "0001"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0002.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0002.json
index 1917ef94c5f..e454e282434 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0002.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0002.json
@@ -1,34 +1,27 @@
{
- "ID": "challenge-0002",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0002",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0002_1"
],
- "RequestedAudience": [],
- "LoginSkip": true,
- "Subject": "subject-0002",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0002",
+ "oc": {
"display": "display-0002"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0002",
- "SessionID": "",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0002",
- "LoginCSRF": "csrf-0002",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 2,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0002",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0002",
- "Context": {},
- "LoginWasUsed": true,
- "LoginError": {
+ "r": "http://request/0002",
+ "lv": "verifier-0002",
+ "lc": "csrf-0002",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 2,
+ "a": "acr-0002",
+ "fs": "force_subject_id-0002",
+ "ct": {},
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -36,20 +29,22 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0002",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0002",
- "ConsentCSRF": "csrf-0002",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0002",
+ "cs": true,
+ "cv": "verifier-0002",
+ "cr": "csrf-0002",
+ "gs": [
"granted_scope-0002_1"
],
- "GrantedAudience": [],
- "ConsentRemember": true,
- "ConsentRememberFor": 2,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 2,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -57,10 +52,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0002": "0002"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0002": "0002"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0003.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0003.json
index 39ca512a15a..aa4d250f5c2 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0003.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0003.json
@@ -1,34 +1,28 @@
{
- "ID": "challenge-0003",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0003",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0003_1"
],
- "RequestedAudience": [],
- "LoginSkip": true,
- "Subject": "subject-0003",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0003",
+ "oc": {
"display": "display-0003"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0003",
- "SessionID": "auth_session-0003",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0003",
- "LoginCSRF": "csrf-0003",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 3,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0003",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0003",
- "Context": {},
- "LoginWasUsed": true,
- "LoginError": {
+ "r": "http://request/0003",
+ "si": "auth_session-0003",
+ "lv": "verifier-0003",
+ "lc": "csrf-0003",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 3,
+ "a": "acr-0003",
+ "fs": "force_subject_id-0003",
+ "ct": {},
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -36,20 +30,22 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0003",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0003",
- "ConsentCSRF": "csrf-0003",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0003",
+ "cs": true,
+ "cv": "verifier-0003",
+ "cr": "csrf-0003",
+ "gs": [
"granted_scope-0003_1"
],
- "GrantedAudience": [],
- "ConsentRemember": true,
- "ConsentRememberFor": 3,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 3,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -57,10 +53,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0003": "0003"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0003": "0003"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0004.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0004.json
index b3dc1b958e0..c95e9dd963c 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0004.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0004.json
@@ -1,36 +1,31 @@
{
- "ID": "challenge-0004",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0004",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0004_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0004_1"
],
- "LoginSkip": true,
- "Subject": "subject-0004",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0004",
+ "oc": {
"display": "display-0004"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0004",
- "SessionID": "auth_session-0004",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0004",
- "LoginCSRF": "csrf-0004",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 4,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0004",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0004",
- "Context": {},
- "LoginWasUsed": true,
- "LoginError": {
+ "r": "http://request/0004",
+ "si": "auth_session-0004",
+ "lv": "verifier-0004",
+ "lc": "csrf-0004",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 4,
+ "a": "acr-0004",
+ "fs": "force_subject_id-0004",
+ "ct": {},
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -38,22 +33,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0004",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0004",
- "ConsentCSRF": "csrf-0004",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0004",
+ "cs": true,
+ "cv": "verifier-0004",
+ "cr": "csrf-0004",
+ "gs": [
"granted_scope-0004_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0004_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 4,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 4,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -61,10 +59,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0004": "0004"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0004": "0004"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0005.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0005.json
index 2a642cae89b..14fa4483bdd 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0005.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0005.json
@@ -1,36 +1,31 @@
{
- "ID": "challenge-0005",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0005",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0005_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0005_1"
],
- "LoginSkip": true,
- "Subject": "subject-0005",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0005",
+ "oc": {
"display": "display-0005"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0005",
- "SessionID": "auth_session-0005",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0005",
- "LoginCSRF": "csrf-0005",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 5,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0005",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0005",
- "Context": {},
- "LoginWasUsed": true,
- "LoginError": {
+ "r": "http://request/0005",
+ "si": "auth_session-0005",
+ "lv": "verifier-0005",
+ "lc": "csrf-0005",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 5,
+ "a": "acr-0005",
+ "fs": "force_subject_id-0005",
+ "ct": {},
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -38,22 +33,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0005",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0005",
- "ConsentCSRF": "csrf-0005",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0005",
+ "cs": true,
+ "cv": "verifier-0005",
+ "cr": "csrf-0005",
+ "gs": [
"granted_scope-0005_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0005_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 5,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 5,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -61,10 +59,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0005": "0005"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0005": "0005"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0006.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0006.json
index 89bfd52e6e3..12157ef0300 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0006.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0006.json
@@ -1,36 +1,31 @@
{
- "ID": "challenge-0006",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0006",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0006_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0006_1"
],
- "LoginSkip": true,
- "Subject": "subject-0006",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0006",
+ "oc": {
"display": "display-0006"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0006",
- "SessionID": "auth_session-0006",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0006",
- "LoginCSRF": "csrf-0006",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 6,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0006",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0006",
- "Context": {},
- "LoginWasUsed": true,
- "LoginError": {
+ "r": "http://request/0006",
+ "si": "auth_session-0006",
+ "lv": "verifier-0006",
+ "lc": "csrf-0006",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 6,
+ "a": "acr-0006",
+ "fs": "force_subject_id-0006",
+ "ct": {},
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -38,22 +33,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0006",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0006",
- "ConsentCSRF": "csrf-0006",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0006",
+ "cs": true,
+ "cv": "verifier-0006",
+ "cr": "csrf-0006",
+ "gs": [
"granted_scope-0006_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0006_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 6,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 6,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -61,10 +59,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0006": "0006"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0006": "0006"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0007.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0007.json
index 2c84d09ad47..9efbdcc49b3 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0007.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0007.json
@@ -1,36 +1,31 @@
{
- "ID": "challenge-0007",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0007",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0007_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0007_1"
],
- "LoginSkip": true,
- "Subject": "subject-0007",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0007",
+ "oc": {
"display": "display-0007"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0007",
- "SessionID": "auth_session-0007",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0007",
- "LoginCSRF": "csrf-0007",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 7,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0007",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0007",
- "Context": {},
- "LoginWasUsed": true,
- "LoginError": {
+ "r": "http://request/0007",
+ "si": "auth_session-0007",
+ "lv": "verifier-0007",
+ "lc": "csrf-0007",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 7,
+ "a": "acr-0007",
+ "fs": "force_subject_id-0007",
+ "ct": {},
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -38,22 +33,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0007",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0007",
- "ConsentCSRF": "csrf-0007",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0007",
+ "cs": true,
+ "cv": "verifier-0007",
+ "cr": "csrf-0007",
+ "gs": [
"granted_scope-0007_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0007_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 7,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 7,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -61,10 +59,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0007": "0007"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0007": "0007"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0008.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0008.json
index d2e7d2f2fdd..b240dce7127 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0008.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0008.json
@@ -1,38 +1,33 @@
{
- "ID": "challenge-0008",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0008",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0008_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0008_1"
],
- "LoginSkip": true,
- "Subject": "subject-0008",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0008",
+ "oc": {
"display": "display-0008"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0008",
- "SessionID": "auth_session-0008",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0008",
- "LoginCSRF": "csrf-0008",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 8,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0008",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0008",
- "Context": {
+ "r": "http://request/0008",
+ "si": "auth_session-0008",
+ "lv": "verifier-0008",
+ "lc": "csrf-0008",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 8,
+ "a": "acr-0008",
+ "fs": "force_subject_id-0008",
+ "ct": {
"context": "0008"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -40,22 +35,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0008",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0008",
- "ConsentCSRF": "csrf-0008",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0008",
+ "cs": true,
+ "cv": "verifier-0008",
+ "cr": "csrf-0008",
+ "gs": [
"granted_scope-0008_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0008_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 8,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 8,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -63,10 +61,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0008": "0008"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0008": "0008"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0009.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0009.json
index 6d3e70d5e37..1887b28b1f1 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0009.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0009.json
@@ -1,38 +1,33 @@
{
- "ID": "challenge-0009",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0009",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0009_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0009_1"
],
- "LoginSkip": true,
- "Subject": "subject-0009",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0009",
+ "oc": {
"display": "display-0009"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0009",
- "SessionID": "auth_session-0009",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0009",
- "LoginCSRF": "csrf-0009",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 9,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0009",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0009",
- "Context": {
+ "r": "http://request/0009",
+ "si": "auth_session-0009",
+ "lv": "verifier-0009",
+ "lc": "csrf-0009",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 9,
+ "a": "acr-0009",
+ "fs": "force_subject_id-0009",
+ "ct": {
"context": "0009"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -40,22 +35,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0009",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0009",
- "ConsentCSRF": "csrf-0009",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0009",
+ "cs": true,
+ "cv": "verifier-0009",
+ "cr": "csrf-0009",
+ "gs": [
"granted_scope-0009_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0009_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 9,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 9,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -63,10 +61,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0009": "0009"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0009": "0009"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0010.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0010.json
index 6b8f3cf7a10..06922c8709f 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0010.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0010.json
@@ -1,38 +1,33 @@
{
- "ID": "challenge-0010",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0010",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0010_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0010_1"
],
- "LoginSkip": true,
- "Subject": "subject-0010",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0010",
+ "oc": {
"display": "display-0010"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0010",
- "SessionID": "auth_session-0010",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0010",
- "LoginCSRF": "csrf-0010",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 10,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0010",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0010",
- "Context": {
+ "r": "http://request/0010",
+ "si": "auth_session-0010",
+ "lv": "verifier-0010",
+ "lc": "csrf-0010",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 10,
+ "a": "acr-0010",
+ "fs": "force_subject_id-0010",
+ "ct": {
"context": "0010"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -40,22 +35,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0010",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0010",
- "ConsentCSRF": "csrf-0010",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0010",
+ "cs": true,
+ "cv": "verifier-0010",
+ "cr": "csrf-0010",
+ "gs": [
"granted_scope-0010_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0010_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 10,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 10,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -63,10 +61,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0010": "0010"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0010": "0010"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0011.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0011.json
index 5b11c1941d1..8298eea26c1 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0011.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0011.json
@@ -1,38 +1,33 @@
{
- "ID": "challenge-0011",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0011",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0011_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0011_1"
],
- "LoginSkip": true,
- "Subject": "subject-0011",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0011",
+ "oc": {
"display": "display-0011"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0011",
- "SessionID": "auth_session-0011",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0011",
- "LoginCSRF": "csrf-0011",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 11,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0011",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0011",
- "Context": {
+ "r": "http://request/0011",
+ "si": "auth_session-0011",
+ "lv": "verifier-0011",
+ "lc": "csrf-0011",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 11,
+ "a": "acr-0011",
+ "fs": "force_subject_id-0011",
+ "ct": {
"context": "0011"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -40,22 +35,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0011",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0011",
- "ConsentCSRF": "csrf-0011",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0011",
+ "cs": true,
+ "cv": "verifier-0011",
+ "cr": "csrf-0011",
+ "gs": [
"granted_scope-0011_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0011_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 11,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 11,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -63,10 +61,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0011": "0011"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0011": "0011"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0012.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0012.json
index b648871cda5..689bf6cec8f 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0012.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0012.json
@@ -1,38 +1,33 @@
{
- "ID": "challenge-0012",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0012",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0012_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0012_1"
],
- "LoginSkip": true,
- "Subject": "subject-0012",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0012",
+ "oc": {
"display": "display-0012"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0012",
- "SessionID": "auth_session-0012",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0012",
- "LoginCSRF": "csrf-0012",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 12,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0012",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0012",
- "Context": {
+ "r": "http://request/0012",
+ "si": "auth_session-0012",
+ "lv": "verifier-0012",
+ "lc": "csrf-0012",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 12,
+ "a": "acr-0012",
+ "fs": "force_subject_id-0012",
+ "ct": {
"context": "0012"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -40,22 +35,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0012",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0012",
- "ConsentCSRF": "csrf-0012",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0012",
+ "cs": true,
+ "cv": "verifier-0012",
+ "cr": "csrf-0012",
+ "gs": [
"granted_scope-0012_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0012_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 12,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 12,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -63,10 +61,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0012": "0012"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0012": "0012"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0013.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0013.json
index 1f28bb67647..5c7db729136 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0013.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0013.json
@@ -1,38 +1,33 @@
{
- "ID": "challenge-0013",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0013",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0013_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0013_1"
],
- "LoginSkip": true,
- "Subject": "subject-0013",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0013",
+ "oc": {
"display": "display-0013"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0013",
- "SessionID": "auth_session-0013",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0013",
- "LoginCSRF": "csrf-0013",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 13,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0013",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0013",
- "Context": {
+ "r": "http://request/0013",
+ "si": "auth_session-0013",
+ "lv": "verifier-0013",
+ "lc": "csrf-0013",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 13,
+ "a": "acr-0013",
+ "fs": "force_subject_id-0013",
+ "ct": {
"context": "0013"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -40,22 +35,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0013",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0013",
- "ConsentCSRF": "csrf-0013",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0013",
+ "cs": true,
+ "cv": "verifier-0013",
+ "cr": "csrf-0013",
+ "gs": [
"granted_scope-0013_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0013_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 13,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 13,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -63,10 +61,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0013": "0013"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0013": "0013"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0014.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0014.json
index 3e2dd7bb444..596894f09d9 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0014.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0014.json
@@ -1,38 +1,33 @@
{
- "ID": "challenge-0014",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0014",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0014_1"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0014_1"
],
- "LoginSkip": true,
- "Subject": "subject-0014",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0014",
+ "oc": {
"display": "display-0014"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0014",
- "SessionID": "auth_session-0014",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0014",
- "LoginCSRF": "csrf-0014",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 14,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0014",
- "AMR": [],
- "ForceSubjectIdentifier": "force_subject_id-0014",
- "Context": {
+ "r": "http://request/0014",
+ "si": "auth_session-0014",
+ "lv": "verifier-0014",
+ "lc": "csrf-0014",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 14,
+ "a": "acr-0014",
+ "fs": "force_subject_id-0014",
+ "ct": {
"context": "0014"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -40,22 +35,25 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0014",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0014",
- "ConsentCSRF": "csrf-0014",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0014",
+ "cs": true,
+ "cv": "verifier-0014",
+ "cr": "csrf-0014",
+ "gs": [
"granted_scope-0014_1"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0014_1"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 14,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 14,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -63,10 +61,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0014": "0014"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0014": "0014"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0015.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0015.json
index 5723154839a..be20015e244 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0015.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0015.json
@@ -1,43 +1,39 @@
{
- "ID": "challenge-0015",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0015",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0015_1",
"requested_scope-0015_2"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0015_1",
"requested_audience-0015_2"
],
- "LoginSkip": true,
- "Subject": "subject-0015",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0015",
+ "oc": {
"display": "display-0015"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0015",
- "SessionID": "auth_session-0015",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0015",
- "LoginCSRF": "csrf-0015",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 15,
- "LoginExtendSessionLifespan": false,
- "ACR": "acr-0015",
- "AMR": [
+ "r": "http://request/0015",
+ "si": "auth_session-0015",
+ "lv": "verifier-0015",
+ "lc": "csrf-0015",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 15,
+ "a": "acr-0015",
+ "am": [
"amr-0015-1",
"amr-0015-2"
],
- "ForceSubjectIdentifier": "force_subject_id-0015",
- "Context": {
+ "fs": "force_subject_id-0015",
+ "ct": {
"context": "0015"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -45,24 +41,27 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0015",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0015",
- "ConsentCSRF": "csrf-0015",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0015",
+ "cs": true,
+ "cv": "verifier-0015",
+ "cr": "csrf-0015",
+ "gs": [
"granted_scope-0015_1",
"granted_scope-0015_2"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0015_1",
"granted_audience-0015_2"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 15,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 15,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -70,10 +69,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0015": "0015"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0015": "0015"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0016.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0016.json
index e653059fe46..5e8d25b2c76 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0016.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0016.json
@@ -1,43 +1,40 @@
{
- "ID": "challenge-0016",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0016",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0016_1",
"requested_scope-0016_2"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0016_1",
"requested_audience-0016_2"
],
- "LoginSkip": true,
- "Subject": "subject-0016",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0016",
+ "oc": {
"display": "display-0016"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0016",
- "SessionID": "auth_session-0016",
- "IdentityProviderSessionID": "",
- "LoginVerifier": "verifier-0016",
- "LoginCSRF": "csrf-0016",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 15,
- "LoginExtendSessionLifespan": true,
- "ACR": "acr-0016",
- "AMR": [
+ "r": "http://request/0016",
+ "si": "auth_session-0016",
+ "lv": "verifier-0016",
+ "lc": "csrf-0016",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 15,
+ "ll": true,
+ "a": "acr-0016",
+ "am": [
"amr-0016-1",
"amr-0016-2"
],
- "ForceSubjectIdentifier": "force_subject_id-0016",
- "Context": {
+ "fs": "force_subject_id-0016",
+ "ct": {
"context": "0016"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -45,24 +42,27 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0016",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0016",
- "ConsentCSRF": "csrf-0016",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0016",
+ "cs": true,
+ "cv": "verifier-0016",
+ "cr": "csrf-0016",
+ "gs": [
"granted_scope-0016_1",
"granted_scope-0016_2"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0016_1",
"granted_audience-0016_2"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 15,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 15,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -70,10 +70,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0016": "0016"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0016": "0016"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0017.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0017.json
index fd65dab7164..1e26b6038b3 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0017.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0017.json
@@ -1,43 +1,41 @@
{
- "ID": "challenge-0017",
- "NID": "00000000-0000-0000-0000-000000000000",
- "RequestedScope": [
+ "i": "challenge-0017",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
"requested_scope-0016_1",
"requested_scope-0016_2"
],
- "RequestedAudience": [
+ "ra": [
"requested_audience-0016_1",
"requested_audience-0016_2"
],
- "LoginSkip": true,
- "Subject": "subject-0017",
- "OpenIDConnectContext": {
+ "ls": true,
+ "s": "subject-0017",
+ "oc": {
"display": "display-0017"
},
- "Client": null,
- "ClientID": "",
- "RequestURL": "http://request/0017",
- "SessionID": "auth_session-0017",
- "IdentityProviderSessionID": "identity_provider_session_id-0017",
- "LoginVerifier": "verifier-0017",
- "LoginCSRF": "csrf-0017",
- "LoginInitializedAt": null,
- "RequestedAt": "0001-01-01T00:00:00Z",
- "State": 128,
- "LoginRemember": true,
- "LoginRememberFor": 15,
- "LoginExtendSessionLifespan": true,
- "ACR": "acr-0017",
- "AMR": [
+ "r": "http://request/0017",
+ "si": "auth_session-0017",
+ "is": "identity_provider_session_id-0017",
+ "lv": "verifier-0017",
+ "lc": "csrf-0017",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 15,
+ "ll": true,
+ "a": "acr-0017",
+ "am": [
"amr-0017-1",
"amr-0017-2"
],
- "ForceSubjectIdentifier": "force_subject_id-0017",
- "Context": {
+ "fs": "force_subject_id-0017",
+ "ct": {
"context": "0017"
},
- "LoginWasUsed": true,
- "LoginError": {
+ "lu": true,
+ "le": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -45,24 +43,27 @@
"error_debug": "",
"valid": false
},
- "LoginAuthenticatedAt": null,
- "ConsentChallengeID": "challenge-0017",
- "ConsentSkip": true,
- "ConsentVerifier": "verifier-0017",
- "ConsentCSRF": "csrf-0017",
- "GrantedScope": [
+ "la": null,
+ "da": null,
+ "du": null,
+ "dh": null,
+ "cc": "challenge-0017",
+ "cs": true,
+ "cv": "verifier-0017",
+ "cr": "csrf-0017",
+ "gs": [
"granted_scope-0016_1",
"granted_scope-0016_2"
],
- "GrantedAudience": [
+ "ga": [
"granted_audience-0016_1",
"granted_audience-0016_2"
],
- "ConsentRemember": true,
- "ConsentRememberFor": 15,
- "ConsentHandledAt": null,
- "ConsentWasHandled": true,
- "ConsentError": {
+ "ce": true,
+ "cf": 15,
+ "ch": null,
+ "cw": true,
+ "cx": {
"error": "",
"error_description": "",
"error_hint": "",
@@ -70,10 +71,10 @@
"error_debug": "",
"valid": false
},
- "SessionIDToken": {
+ "st": {
"session_id_token-0017": "0017"
},
- "SessionAccessToken": {
+ "sa": {
"session_access_token-0017": "0017"
}
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0018.json b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0018.json
new file mode 100644
index 00000000000..b21344dfcbf
--- /dev/null
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_flow/challenge-0018.json
@@ -0,0 +1,79 @@
+{
+ "i": "challenge-0018",
+ "n": "00000000-0000-0000-0000-000000000000",
+ "rs": [
+ "requested_scope-0018_1",
+ "requested_scope-0018_2"
+ ],
+ "ra": [
+ "requested_audience-0018_1",
+ "requested_audience-0018_2"
+ ],
+ "ls": false,
+ "s": "subject-0018",
+ "oc": {},
+ "r": "http://request/0018",
+ "si": "auth_session-0018",
+ "lv": "verifier-0018",
+ "lc": "csrf-0018",
+ "li": null,
+ "ia": "0001-01-01T00:00:00Z",
+ "q": 128,
+ "lr": true,
+ "lf": 15,
+ "ll": true,
+ "a": "acr-0018",
+ "am": [],
+ "fs": "force_subject_id-0018",
+ "ct": {
+ "context": "0018"
+ },
+ "lu": true,
+ "le": {
+ "error": "",
+ "error_description": "",
+ "error_hint": "",
+ "status_code": 0,
+ "error_debug": "",
+ "valid": false
+ },
+ "la": null,
+ "di": "challenge-0018",
+ "dr": "request-0018",
+ "dv": "verifier-0018",
+ "dc": "csrf-0018",
+ "da": "0001-01-01T00:00:00Z",
+ "du": true,
+ "dh": "0001-01-01T00:00:00Z",
+ "de": null,
+ "cc": "challenge-0018",
+ "cs": true,
+ "cv": "verifier-0018",
+ "cr": "csrf-0018",
+ "gs": [
+ "granted_scope-0018_1",
+ "granted_scope-0018_2"
+ ],
+ "ga": [
+ "granted_audience-0018_1",
+ "granted_audience-0018_2"
+ ],
+ "ce": true,
+ "cf": 15,
+ "ch": null,
+ "cw": true,
+ "cx": {
+ "error": "",
+ "error_description": "",
+ "error_hint": "",
+ "status_code": 0,
+ "error_debug": "",
+ "valid": false
+ },
+ "st": {
+ "session_id_token-0018": "0018"
+ },
+ "sa": {
+ "session_access_token-0018": "0018"
+ }
+}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0009.json b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0009.json
index 669ab25c23d..7681dc70e21 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0009.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0009.json
@@ -4,5 +4,7 @@
"sid": "session_id-0009",
"request_url": "http://request/0009",
"rp_initiated": true,
+ "expires_at": null,
+ "requested_at": null,
"client": null
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0010.json b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0010.json
index 783139fc5a7..d1cb5f6aa61 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0010.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0010.json
@@ -4,5 +4,7 @@
"sid": "session_id-0010",
"request_url": "http://request/0010",
"rp_initiated": true,
+ "expires_at": null,
+ "requested_at": null,
"client": null
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0011.json b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0011.json
index 2650d028e15..3c81d38cb47 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0011.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0011.json
@@ -4,5 +4,7 @@
"sid": "session_id-0011",
"request_url": "http://request/0011",
"rp_initiated": true,
+ "expires_at": null,
+ "requested_at": null,
"client": null
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0012.json b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0012.json
index 8454181a885..67c839b88a0 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0012.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0012.json
@@ -4,5 +4,7 @@
"sid": "session_id-0012",
"request_url": "http://request/0012",
"rp_initiated": true,
+ "expires_at": null,
+ "requested_at": null,
"client": null
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0013.json b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0013.json
index fdb8f04be53..f8b84db4b56 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0013.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0013.json
@@ -4,5 +4,7 @@
"sid": "session_id-0013",
"request_url": "http://request/0013",
"rp_initiated": true,
+ "expires_at": null,
+ "requested_at": null,
"client": null
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0014.json b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0014.json
index 1f6e5ef98e9..c5194805b6a 100644
--- a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0014.json
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-0014.json
@@ -4,5 +4,7 @@
"sid": "session_id-0014",
"request_url": "http://request/0014",
"rp_initiated": true,
+ "expires_at": null,
+ "requested_at": null,
"client": null
}
diff --git a/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-20240916105610000001.json b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-20240916105610000001.json
new file mode 100644
index 00000000000..8b1841c9be6
--- /dev/null
+++ b/persistence/sql/migratest/fixtures/hydra_oauth2_logout_request/challenge-20240916105610000001.json
@@ -0,0 +1,10 @@
+{
+ "challenge": "challenge-20240916105610000001",
+ "subject": "subject-0014",
+ "sid": "session_id-0014",
+ "request_url": "http://request/0014",
+ "rp_initiated": true,
+ "expires_at": "2022-02-15T22:20:20Z",
+ "requested_at": "2022-02-15T22:20:20Z",
+ "client": null
+}
diff --git a/persistence/sql/migratest/migration_test.go b/persistence/sql/migratest/migration_test.go
index 08ee5fde08b..8564cfab969 100644
--- a/persistence/sql/migratest/migration_test.go
+++ b/persistence/sql/migratest/migration_test.go
@@ -102,7 +102,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_client", func(t *testing.T) {
cs := []client.Client{}
require.NoError(t, c.All(&cs))
- require.Equal(t, 18, len(cs))
+ require.Equal(t, 19, len(cs))
for _, c := range cs {
require.False(t, c.CreatedAt.IsZero())
require.False(t, c.UpdatedAt.IsZero())
@@ -144,7 +144,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_authentication_session", func(t *testing.T) {
ss := []flow.LoginSession{}
- c.All(&ss)
+ require.NoError(t, c.All(&ss))
require.Equal(t, 17, len(ss))
for _, s := range ss {
@@ -157,7 +157,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_obfuscated_authentication_session", func(t *testing.T) {
ss := []consent.ForcedObfuscatedLoginSession{}
- c.All(&ss)
+ require.NoError(t, c.All(&ss))
require.Equal(t, 13, len(ss))
for _, s := range ss {
@@ -169,8 +169,8 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_logout_request", func(t *testing.T) {
lrs := []flow.LogoutRequest{}
- c.All(&lrs)
- require.Equal(t, 6, len(lrs))
+ require.NoError(t, c.All(&lrs))
+ require.Equal(t, 7, len(lrs))
for _, s := range lrs {
testhelpersuuid.AssertUUID(t, s.NID)
@@ -182,7 +182,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_jti_blacklist", func(t *testing.T) {
bjtis := []oauth2.BlacklistedJTI{}
- c.All(&bjtis)
+ require.NoError(t, c.All(&bjtis))
require.Equal(t, 1, len(bjtis))
for _, bjti := range bjtis {
testhelpersuuid.AssertUUID(t, bjti.NID)
@@ -194,7 +194,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_access", func(t *testing.T) {
as := []sql.OAuth2RequestSQL{}
- c.RawQuery("SELECT * FROM hydra_oauth2_access").All(&as)
+ require.NoError(t, c.RawQuery("SELECT * FROM hydra_oauth2_access").All(&as))
require.Equal(t, 13, len(as))
for _, a := range as {
@@ -210,7 +210,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_refresh", func(t *testing.T) {
rs := []sql.OAuth2RequestSQL{}
- c.RawQuery("SELECT * FROM hydra_oauth2_refresh").All(&rs)
+ require.NoError(t, c.RawQuery(`SELECT signature, nid, request_id, challenge_id, requested_at, client_id, scope, granted_scope, requested_audience, granted_audience, form_data, subject, active, session_data, expires_at FROM hydra_oauth2_refresh`).All(&rs))
require.Equal(t, 13, len(rs))
for _, r := range rs {
@@ -226,7 +226,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_code", func(t *testing.T) {
cs := []sql.OAuth2RequestSQL{}
- c.RawQuery("SELECT * FROM hydra_oauth2_code").All(&cs)
+ require.NoError(t, c.RawQuery("SELECT * FROM hydra_oauth2_code").All(&cs))
require.Equal(t, 13, len(cs))
for _, c := range cs {
@@ -242,7 +242,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_oidc", func(t *testing.T) {
os := []sql.OAuth2RequestSQL{}
- c.RawQuery("SELECT * FROM hydra_oauth2_oidc").All(&os)
+ require.NoError(t, c.RawQuery("SELECT * FROM hydra_oauth2_oidc").All(&os))
require.Equal(t, 13, len(os))
for _, o := range os {
@@ -258,7 +258,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=hydra_oauth2_pkce", func(t *testing.T) {
ps := []sql.OAuth2RequestSQL{}
- c.RawQuery("SELECT * FROM hydra_oauth2_pkce").All(&ps)
+ require.NoError(t, c.RawQuery("SELECT * FROM hydra_oauth2_pkce").All(&ps))
require.Equal(t, 11, len(ps))
for _, p := range ps {
@@ -274,7 +274,7 @@ func TestMigrations(t *testing.T) {
t.Run("case=networks", func(t *testing.T) {
ns := []networkx.Network{}
- c.RawQuery("SELECT * FROM networks").All(&ns)
+ require.NoError(t, c.RawQuery("SELECT * FROM networks").All(&ns))
require.Equal(t, 1, len(ns))
for _, n := range ns {
testhelpersuuid.AssertUUID(t, n.ID)
diff --git a/persistence/sql/migratest/testdata/20230313112801000001_testdata.sql b/persistence/sql/migratest/testdata/20230313112801_testdata.sql
similarity index 100%
rename from persistence/sql/migratest/testdata/20230313112801000001_testdata.sql
rename to persistence/sql/migratest/testdata/20230313112801_testdata.sql
diff --git a/persistence/sql/migratest/testdata/20230809122501000001_testdata.sql b/persistence/sql/migratest/testdata/20230809122501_testdata.sql
similarity index 100%
rename from persistence/sql/migratest/testdata/20230809122501000001_testdata.sql
rename to persistence/sql/migratest/testdata/20230809122501_testdata.sql
diff --git a/persistence/sql/migratest/testdata/20240129174410_testdata.sql b/persistence/sql/migratest/testdata/20240129174410_testdata.sql
new file mode 100644
index 00000000000..b71277553ac
--- /dev/null
+++ b/persistence/sql/migratest/testdata/20240129174410_testdata.sql
@@ -0,0 +1,46 @@
+INSERT INTO hydra_client (id,
+ nid,
+ client_name,
+ client_secret,
+ redirect_uris,
+ grant_types,
+ response_types,
+ scope,
+ owner,
+ policy_uri,
+ tos_uri,
+ client_uri,
+ logo_uri,
+ contacts,
+ client_secret_expires_at,
+ sector_identifier_uri,
+ jwks,
+ jwks_uri,
+ request_uris,
+ token_endpoint_auth_method,
+ request_object_signing_alg,
+ userinfo_signed_response_alg,
+ subject_type,
+ allowed_cors_origins,
+ pk_deprecated,
+ audience,
+ created_at,
+ updated_at,
+ frontchannel_logout_uri,
+ frontchannel_logout_session_required,
+ post_logout_redirect_uris,
+ backchannel_logout_uri,
+ backchannel_logout_session_required,
+ metadata,
+ token_endpoint_auth_signing_alg,
+ pk,
+ registration_access_token_signature,
+ skip_consent,
+ skip_logout_consent)
+VALUES ('client-22',
+ (SELECT id FROM networks LIMIT 1), 'Client 22', 'secret-22', '["http://redirect/22_1","http://redirect/22_2"]', '["grant-22_1","grant-22_2"]',
+ '["response-22_1","response-22_2"]', 'scope-22', 'owner-22', 'http://policy/22', 'http://tos/22', 'http://client/22', 'http://logo/22',
+ '["contact-22_1","contact-22_2"]', 0, 'http://sector_id/22', '', 'http://jwks/22', '["http://request/22_1","http://request/22_2"]',
+ 'token_auth-22', 'r_alg-22', 'u_alg-22', 'subject-22', '["http://cors/22_1","http://cors/22_2"]', 0, '["autdience-22_1","autdience-22_2"]',
+ '2022-02-15 22:20:23.004598', '2022-02-15 22:20:23.004598', 'http://front_logout/22', true, '["http://post_redirect/22_1","http://post_redirect/22_2"]',
+ 'http://back_logout/22', true, '{"migration": "22"}', '', '2ca3b77b-ee29-4b63-aa07-6384e6c650fb', '', TRUE, TRUE );
diff --git a/persistence/sql/migratest/testdata/20240916105610_testdata.sql b/persistence/sql/migratest/testdata/20240916105610_testdata.sql
new file mode 100644
index 00000000000..160017814f7
--- /dev/null
+++ b/persistence/sql/migratest/testdata/20240916105610_testdata.sql
@@ -0,0 +1,4 @@
+INSERT INTO hydra_oauth2_logout_request (challenge, verifier, subject, sid, client_id, nid, request_url, redir_url,
+ was_used, accepted, rejected, rp_initiated, expires_at, requested_at)
+VALUES ('challenge-20240916105610000001', 'verifier-20240916105610000001', 'subject-0014', 'session_id-0014', 'client-0014',
+ (SELECT id FROM networks LIMIT 1), 'http://request/0014', 'http://post_logout/0014', true, true, false, true, '2022-02-15 22:20:20', '2022-02-15 22:20:20');
diff --git a/persistence/sql/migrations/20230908104443000000_change_client_pk.cockroach.up.sql b/persistence/sql/migrations/20230908104443000000_change_client_pk.cockroach.up.sql
index 10d68872706..5dedcc76bb3 100644
--- a/persistence/sql/migrations/20230908104443000000_change_client_pk.cockroach.up.sql
+++ b/persistence/sql/migrations/20230908104443000000_change_client_pk.cockroach.up.sql
@@ -1 +1 @@
-ALTER TABLE hydra_client ALTER PRIMARY KEY USING COLUMNS (id, nid) USING HASH;
+ALTER TABLE hydra_client ALTER PRIMARY KEY USING COLUMNS (id, nid);
diff --git a/persistence/sql/migrations/20240129174410000001_client_add_logout_skip_consent_column.down.sql b/persistence/sql/migrations/20240129174410000001_client_add_logout_skip_consent_column.down.sql
new file mode 100644
index 00000000000..98258eecc43
--- /dev/null
+++ b/persistence/sql/migrations/20240129174410000001_client_add_logout_skip_consent_column.down.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_client DROP COLUMN skip_logout_consent;
diff --git a/persistence/sql/migrations/20240129174410000001_client_add_logout_skip_consent_column.up.sql b/persistence/sql/migrations/20240129174410000001_client_add_logout_skip_consent_column.up.sql
new file mode 100644
index 00000000000..96a8e3ec0c2
--- /dev/null
+++ b/persistence/sql/migrations/20240129174410000001_client_add_logout_skip_consent_column.up.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_client ADD COLUMN skip_logout_consent BOOLEAN NULL;
diff --git a/persistence/sql/migrations/20240403121110000001_add_expire_columns.down.sql b/persistence/sql/migrations/20240403121110000001_add_expire_columns.down.sql
new file mode 100644
index 00000000000..539996e4efc
--- /dev/null
+++ b/persistence/sql/migrations/20240403121110000001_add_expire_columns.down.sql
@@ -0,0 +1,5 @@
+ALTER TABLE hydra_oauth2_oidc DROP COLUMN expires_at;
+ALTER TABLE hydra_oauth2_access DROP COLUMN expires_at;
+ALTER TABLE hydra_oauth2_refresh DROP COLUMN expires_at;
+ALTER TABLE hydra_oauth2_code DROP COLUMN expires_at;
+ALTER TABLE hydra_oauth2_pkce DROP COLUMN expires_at;
diff --git a/persistence/sql/migrations/20240403121110000001_add_expire_columns.up.sql b/persistence/sql/migrations/20240403121110000001_add_expire_columns.up.sql
new file mode 100644
index 00000000000..e3814953e96
--- /dev/null
+++ b/persistence/sql/migrations/20240403121110000001_add_expire_columns.up.sql
@@ -0,0 +1,11 @@
+ALTER TABLE hydra_oauth2_oidc ADD COLUMN expires_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_access ADD COLUMN expires_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_refresh ADD COLUMN expires_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_code ADD COLUMN expires_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_pkce ADD COLUMN expires_at TIMESTAMP NULL;
+
+CREATE INDEX hydra_oauth2_oidc_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX hydra_oauth2_access_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX hydra_oauth2_refresh_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX hydra_oauth2_code_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX hydra_oauth2_pkce_expires_at_idx ON hydra_oauth2_oidc (expires_at);
diff --git a/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.down.sql b/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.down.sql
new file mode 100644
index 00000000000..89adb722a78
--- /dev/null
+++ b/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.down.sql
@@ -0,0 +1,9 @@
+CREATE INDEX IF NOT EXISTS hydra_oauth2_access_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_refresh_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_code_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_pkce_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+
+DROP INDEX hydra_oauth2_access_expires_at_v2_idx;
+DROP INDEX hydra_oauth2_refresh_expires_at_v2_idx;
+DROP INDEX hydra_oauth2_code_expires_at_v2_idx;
+DROP INDEX hydra_oauth2_pkce_expires_at_v2_idx;
diff --git a/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.mysql.down.sql b/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.mysql.down.sql
new file mode 100644
index 00000000000..d76d2b4f10b
--- /dev/null
+++ b/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.mysql.down.sql
@@ -0,0 +1,9 @@
+CREATE INDEX IF NOT EXISTS hydra_oauth2_access_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_refresh_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_code_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_pkce_expires_at_idx ON hydra_oauth2_oidc (expires_at);
+
+DROP INDEX hydra_oauth2_access_expires_at_v2_idx ON hydra_oauth2_access;
+DROP INDEX hydra_oauth2_refresh_expires_at_v2_idx ON hydra_oauth2_refresh;
+DROP INDEX hydra_oauth2_code_expires_at_v2_idx ON hydra_oauth2_code;
+DROP INDEX hydra_oauth2_pkce_expires_at_v2_idx ON hydra_oauth2_pkce;
diff --git a/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.mysql.up.sql b/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.mysql.up.sql
new file mode 100644
index 00000000000..71c9b49bf81
--- /dev/null
+++ b/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.mysql.up.sql
@@ -0,0 +1,9 @@
+CREATE INDEX hydra_oauth2_access_expires_at_v2_idx ON hydra_oauth2_access (expires_at);
+CREATE INDEX hydra_oauth2_refresh_expires_at_v2_idx ON hydra_oauth2_refresh (expires_at);
+CREATE INDEX hydra_oauth2_code_expires_at_v2_idx ON hydra_oauth2_code (expires_at);
+CREATE INDEX hydra_oauth2_pkce_expires_at_v2_idx ON hydra_oauth2_pkce (expires_at);
+
+DROP INDEX hydra_oauth2_access_expires_at_idx ON hydra_oauth2_oidc;
+DROP INDEX hydra_oauth2_refresh_expires_at_idx ON hydra_oauth2_oidc;
+DROP INDEX hydra_oauth2_code_expires_at_idx ON hydra_oauth2_oidc;
+DROP INDEX hydra_oauth2_pkce_expires_at_idx ON hydra_oauth2_oidc;
diff --git a/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.up.sql b/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.up.sql
new file mode 100644
index 00000000000..8928b89454c
--- /dev/null
+++ b/persistence/sql/migrations/20240612222110000001_add_oauth2_expires_at_indices.up.sql
@@ -0,0 +1,9 @@
+CREATE INDEX IF NOT EXISTS hydra_oauth2_access_expires_at_v2_idx ON hydra_oauth2_access (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_refresh_expires_at_v2_idx ON hydra_oauth2_refresh (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_code_expires_at_v2_idx ON hydra_oauth2_code (expires_at);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_pkce_expires_at_v2_idx ON hydra_oauth2_pkce (expires_at);
+
+DROP INDEX hydra_oauth2_access_expires_at_idx;
+DROP INDEX hydra_oauth2_refresh_expires_at_idx;
+DROP INDEX hydra_oauth2_code_expires_at_idx;
+DROP INDEX hydra_oauth2_pkce_expires_at_idx;
diff --git a/persistence/sql/migrations/20240916105610000001_add_logout_request_timestamps.down.sql b/persistence/sql/migrations/20240916105610000001_add_logout_request_timestamps.down.sql
new file mode 100644
index 00000000000..a435c6af599
--- /dev/null
+++ b/persistence/sql/migrations/20240916105610000001_add_logout_request_timestamps.down.sql
@@ -0,0 +1,2 @@
+ALTER TABLE hydra_oauth2_logout_request DROP expires_at;
+ALTER TABLE hydra_oauth2_logout_request DROP requested_at;
diff --git a/persistence/sql/migrations/20240916105610000001_add_logout_request_timestamps.up.sql b/persistence/sql/migrations/20240916105610000001_add_logout_request_timestamps.up.sql
new file mode 100644
index 00000000000..8bcd8c3e789
--- /dev/null
+++ b/persistence/sql/migrations/20240916105610000001_add_logout_request_timestamps.up.sql
@@ -0,0 +1,2 @@
+ALTER TABLE hydra_oauth2_logout_request ADD expires_at timestamp NULL;
+ALTER TABLE hydra_oauth2_logout_request ADD requested_at timestamp NULL;
diff --git a/persistence/sql/migrations/20241012144910000001_unused_indices.down.sql b/persistence/sql/migrations/20241012144910000001_unused_indices.down.sql
new file mode 100644
index 00000000000..ea765c5859b
--- /dev/null
+++ b/persistence/sql/migrations/20241012144910000001_unused_indices.down.sql
@@ -0,0 +1,14 @@
+-- CREATE INDEX IF NOT EXISTS hydra_oauth2_access_client_id_subject_idx ON hydra_oauth2_access (client_id ASC, subject ASC, nid ASC);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_access_expires_at_v2_idx ON hydra_oauth2_access (expires_at ASC);
+
+CREATE INDEX IF NOT EXISTS hydra_oauth2_refresh_client_id_subject_idx ON hydra_oauth2_refresh (client_id ASC, subject ASC);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_refresh_expires_at_v2_idx ON hydra_oauth2_refresh (expires_at ASC);
+
+CREATE INDEX IF NOT EXISTS hydra_oauth2_pkce_request_id_idx ON hydra_oauth2_pkce (request_id ASC, nid ASC);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_pkce_expires_at_v2_idx ON hydra_oauth2_pkce (expires_at ASC);
+
+CREATE INDEX IF NOT EXISTS hydra_oauth2_oidc_request_id_idx ON hydra_oauth2_oidc (request_id ASC, nid ASC);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_oidc_expires_at_idx ON hydra_oauth2_oidc (expires_at ASC);
+
+CREATE INDEX IF NOT EXISTS hydra_oauth2_pkce_request_id_idx ON hydra_oauth2_code (request_id ASC, nid ASC);
+CREATE INDEX IF NOT EXISTS hydra_oauth2_pkce_expires_at_v2_idx ON hydra_oauth2_code (expires_at ASC);
diff --git a/persistence/sql/migrations/20241012144910000001_unused_indices.mysql.up.sql b/persistence/sql/migrations/20241012144910000001_unused_indices.mysql.up.sql
new file mode 100644
index 00000000000..83ae09f7edf
--- /dev/null
+++ b/persistence/sql/migrations/20241012144910000001_unused_indices.mysql.up.sql
@@ -0,0 +1,14 @@
+-- DROP INDEX hydra_oauth2_access_client_id_subject_idx ON hydra_oauth2_access;
+DROP INDEX hydra_oauth2_access_expires_at_v2_idx ON hydra_oauth2_access; -- janitor still uses requested_at index
+
+DROP INDEX hydra_oauth2_refresh_client_id_subject_idx ON hydra_oauth2_refresh;
+DROP INDEX hydra_oauth2_refresh_expires_at_v2_idx ON hydra_oauth2_refresh; -- janitor still uses requested_at index
+
+DROP INDEX hydra_oauth2_pkce_request_id_idx ON hydra_oauth2_pkce;
+DROP INDEX hydra_oauth2_pkce_expires_at_v2_idx ON hydra_oauth2_pkce; -- janitor still uses requested_at index
+
+DROP INDEX hydra_oauth2_oidc_request_id_idx ON hydra_oauth2_oidc;
+DROP INDEX hydra_oauth2_oidc_expires_at_idx ON hydra_oauth2_oidc; -- janitor still uses requested_at index
+
+DROP INDEX hydra_oauth2_code_request_id_idx ON hydra_oauth2_code;
+DROP INDEX hydra_oauth2_code_expires_at_v2_idx ON hydra_oauth2_code; -- janitor still uses requested_at index
diff --git a/persistence/sql/migrations/20241012144910000001_unused_indices.up.sql b/persistence/sql/migrations/20241012144910000001_unused_indices.up.sql
new file mode 100644
index 00000000000..ac2ba6ebf8b
--- /dev/null
+++ b/persistence/sql/migrations/20241012144910000001_unused_indices.up.sql
@@ -0,0 +1,14 @@
+DROP INDEX IF EXISTS hydra_oauth2_access_client_id_subject_idx;
+DROP INDEX IF EXISTS hydra_oauth2_access_expires_at_v2_idx; -- janitor still uses requested_at index
+
+DROP INDEX IF EXISTS hydra_oauth2_refresh_client_id_subject_idx;
+DROP INDEX IF EXISTS hydra_oauth2_refresh_expires_at_v2_idx; -- janitor still uses requested_at index
+
+DROP INDEX IF EXISTS hydra_oauth2_pkce_request_id_idx;
+DROP INDEX IF EXISTS hydra_oauth2_pkce_expires_at_v2_idx; -- janitor still uses requested_at index
+
+DROP INDEX IF EXISTS hydra_oauth2_oidc_request_id_idx;
+DROP INDEX IF EXISTS hydra_oauth2_oidc_expires_at_idx; -- janitor still uses requested_at index
+
+DROP INDEX IF EXISTS hydra_oauth2_code_request_id_idx;
+DROP INDEX IF EXISTS hydra_oauth2_code_expires_at_v2_idx; -- janitor still uses requested_at index
diff --git a/persistence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.down.sql b/persistence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.down.sql
new file mode 100644
index 00000000000..a30a127e902
--- /dev/null
+++ b/persistence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.down.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_refresh DROP COLUMN first_used_at;
diff --git a/persistence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.up.sql b/persistence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.up.sql
new file mode 100644
index 00000000000..8ae823047f7
--- /dev/null
+++ b/persistence/sql/migrations/20241014121000000000_add_refresh_token_in_grace_period_flag.up.sql
@@ -0,0 +1 @@
+ALTER TABLE hydra_oauth2_refresh ADD first_used_at TIMESTAMP DEFAULT NULL;
diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.cockroach.up.sql b/persistence/sql/migrations/20241609000001000000_device_flow.cockroach.up.sql
new file mode 100644
index 00000000000..5f2d1b3a53c
--- /dev/null
+++ b/persistence/sql/migrations/20241609000001000000_device_flow.cockroach.up.sql
@@ -0,0 +1,46 @@
+-- Migration generated by the command below; DO NOT EDIT.
+-- hydra:generate hydra migrate gen
+CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes
+(
+ device_code_signature VARCHAR(255) NOT NULL,
+ user_code_signature VARCHAR(255) NOT NULL,
+ request_id VARCHAR(40) NOT NULL,
+ requested_at TIMESTAMP NOT NULL DEFAULT NOW(),
+ client_id VARCHAR(255) NOT NULL,
+ scope TEXT NOT NULL,
+ granted_scope TEXT NOT NULL,
+ form_data TEXT NOT NULL,
+ session_data TEXT NOT NULL,
+ subject VARCHAR(255) NOT NULL DEFAULT '',
+ device_code_active BOOL NOT NULL DEFAULT true,
+ user_code_state SMALLINT NOT NULL DEFAULT 0,
+ requested_audience TEXT NULL DEFAULT '',
+ granted_audience TEXT NULL DEFAULT '',
+ challenge_id VARCHAR(40) NULL,
+ expires_at TIMESTAMP NULL,
+ nid UUID NULL,
+
+ FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE,
+ FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE,
+ PRIMARY KEY (device_code_signature, nid)
+);
+
+CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id);
+CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid);
+
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_verifier VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_csrf VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_user_code_accepted_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_was_used BOOL NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_handled_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_error TEXT NULL;
+
+CREATE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
+
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_id_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_access_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL;
diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.down.sql b/persistence/sql/migrations/20241609000001000000_device_flow.down.sql
new file mode 100644
index 00000000000..74f893a46cd
--- /dev/null
+++ b/persistence/sql/migrations/20241609000001000000_device_flow.down.sql
@@ -0,0 +1,21 @@
+-- Migration generated by the command below; DO NOT EDIT.
+-- hydra:generate hydra migrate gen
+ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_challenge_id_fk;
+ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_client_id_fk;
+ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_nid_fk_idx;
+
+DROP TABLE IF EXISTS hydra_oauth2_device_auth_codes;
+
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_challenge_id;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_code_request_id;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_verifier;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_csrf;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_user_code_accepted_at;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_was_used;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_handled_at;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_error;
+
+
+ALTER TABLE hydra_client DROP COLUMN device_authorization_grant_id_token_lifespan;
+ALTER TABLE hydra_client DROP COLUMN device_authorization_grant_access_token_lifespan;
+ALTER TABLE hydra_client DROP COLUMN device_authorization_grant_refresh_token_lifespan;
\ No newline at end of file
diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.mysql.up.sql b/persistence/sql/migrations/20241609000001000000_device_flow.mysql.up.sql
new file mode 100644
index 00000000000..1343058ff3a
--- /dev/null
+++ b/persistence/sql/migrations/20241609000001000000_device_flow.mysql.up.sql
@@ -0,0 +1,46 @@
+-- Migration generated by the command below; DO NOT EDIT.
+-- hydra:generate hydra migrate gen
+CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes
+(
+ device_code_signature VARCHAR(255) NOT NULL,
+ user_code_signature VARCHAR(255) NOT NULL,
+ request_id VARCHAR(40) NOT NULL DEFAULT '',
+ requested_at TIMESTAMP NOT NULL DEFAULT NOW(),
+ client_id VARCHAR(255) NOT NULL,
+ scope TEXT NOT NULL,
+ granted_scope TEXT NOT NULL,
+ form_data TEXT NOT NULL,
+ session_data TEXT NOT NULL,
+ subject VARCHAR(255) NOT NULL DEFAULT '',
+ device_code_active BOOL NOT NULL DEFAULT true,
+ user_code_state SMALLINT NOT NULL DEFAULT 0,
+ requested_audience TEXT NOT NULL,
+ granted_audience TEXT NOT NULL,
+ challenge_id VARCHAR(40) NULL,
+ expires_at TIMESTAMP NULL,
+ nid CHAR(36) NOT NULL,
+
+ FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE,
+ FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE,
+ PRIMARY KEY (device_code_signature, nid)
+);
+
+CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id);
+CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid);
+
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_verifier VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_csrf VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_user_code_accepted_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_was_used BOOL NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_handled_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_error TEXT NULL;
+
+CREATE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
+
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_id_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_access_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL;
diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.postgres.up.sql b/persistence/sql/migrations/20241609000001000000_device_flow.postgres.up.sql
new file mode 100644
index 00000000000..8e3a76794f1
--- /dev/null
+++ b/persistence/sql/migrations/20241609000001000000_device_flow.postgres.up.sql
@@ -0,0 +1,46 @@
+-- Migration generated by the command below; DO NOT EDIT.
+-- hydra:generate hydra migrate gen
+CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes
+(
+ device_code_signature VARCHAR(255) NOT NULL,
+ user_code_signature VARCHAR(255) NOT NULL,
+ request_id VARCHAR(40) NOT NULL,
+ requested_at TIMESTAMP NOT NULL DEFAULT NOW(),
+ client_id VARCHAR(255) NOT NULL,
+ scope TEXT NOT NULL,
+ granted_scope TEXT NOT NULL,
+ form_data TEXT NOT NULL,
+ session_data TEXT NOT NULL,
+ subject VARCHAR(255) NOT NULL DEFAULT '',
+ device_code_active BOOL NOT NULL DEFAULT true,
+ user_code_state SMALLINT NOT NULL DEFAULT 0,
+ requested_audience TEXT NULL DEFAULT '',
+ granted_audience TEXT NULL DEFAULT '',
+ challenge_id VARCHAR(40) NULL,
+ expires_at TIMESTAMP NULL,
+ nid UUID NULL,
+
+ FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE,
+ FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE,
+ PRIMARY KEY (device_code_signature, nid)
+);
+
+CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id);
+CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid);
+
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_verifier VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_csrf VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_user_code_accepted_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_was_used BOOLEAN NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_handled_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_error TEXT NULL;
+
+CREATE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
+
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_id_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_access_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL;
diff --git a/persistence/sql/migrations/20241609000001000000_device_flow.up.sql b/persistence/sql/migrations/20241609000001000000_device_flow.up.sql
new file mode 100644
index 00000000000..47b8f54061e
--- /dev/null
+++ b/persistence/sql/migrations/20241609000001000000_device_flow.up.sql
@@ -0,0 +1,42 @@
+-- Migration generated by the command below; DO NOT EDIT.
+-- hydra:generate hydra migrate gen
+CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes
+(
+ device_code_signature VARCHAR(255) NOT NULL PRIMARY KEY,
+ user_code_signature VARCHAR(255) NOT NULL,
+ request_id VARCHAR(40) NOT NULL,
+ requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ client_id VARCHAR(255) NOT NULL,
+ scope TEXT NOT NULL,
+ granted_scope TEXT NOT NULL,
+ form_data TEXT NOT NULL,
+ session_data TEXT NOT NULL,
+ subject VARCHAR(255) NOT NULL DEFAULT '',
+ device_code_active BOOL NOT NULL DEFAULT true,
+ user_code_state SMALLINT NOT NULL DEFAULT 0,
+ requested_audience TEXT NULL DEFAULT '',
+ granted_audience TEXT NULL DEFAULT '',
+ challenge_id VARCHAR(40) NULL,
+ expires_at TIMESTAMP NULL,
+ nid UUID NULL
+);
+
+CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id);
+CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid);
+
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_verifier VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_csrf VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_user_code_accepted_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_was_used BOOLEAN NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_handled_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_error TEXT NULL;
+
+CREATE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
+
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_id_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_access_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL;
diff --git a/persistence/sql/persister.go b/persistence/sql/persister.go
index ae4f7ce1825..98161c55cf6 100644
--- a/persistence/sql/persister.go
+++ b/persistence/sql/persister.go
@@ -33,10 +33,14 @@ var _ persistence.Persister = new(Persister)
var _ storage.Transactional = new(Persister)
var (
- ErrTransactionOpen = errors.New("There is already a transaction in this context.")
- ErrNoTransactionOpen = errors.New("There is no transaction in this context.")
+ ErrTransactionOpen = errors.New("There is already a Transaction in this context.")
+ ErrNoTransactionOpen = errors.New("There is no Transaction in this context.")
)
+type skipCommitContextKey int
+
+const skipCommitKey skipCommitContextKey = 0
+
type (
Persister struct {
conn *pop.Connection
@@ -56,6 +60,7 @@ type (
contextx.Provider
x.RegistryLogger
x.TracingProvider
+ config.Provider
}
)
@@ -65,7 +70,7 @@ func (p *Persister) BeginTX(ctx context.Context) (_ context.Context, err error)
fallback := &pop.Connection{TX: &pop.Tx{}}
if popx.GetConnection(ctx, fallback).TX != fallback.TX {
- return ctx, errorsx.WithStack(ErrTransactionOpen)
+ return context.WithValue(ctx, skipCommitKey, true), nil // no-op
}
tx, err := p.conn.Store.TransactionContextOptions(ctx, &sql.TxOptions{
@@ -85,6 +90,10 @@ func (p *Persister) Commit(ctx context.Context) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.Commit")
defer otelx.End(span, &err)
+ if skip, ok := ctx.Value(skipCommitKey).(bool); ok && skip {
+ return nil // we skipped BeginTX, so we also skip Commit
+ }
+
fallback := &pop.Connection{TX: &pop.Tx{}}
tx := popx.GetConnection(ctx, fallback)
if tx.TX == fallback.TX || tx.TX == nil {
@@ -98,6 +107,10 @@ func (p *Persister) Rollback(ctx context.Context) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.Rollback")
defer otelx.End(span, &err)
+ if skip, ok := ctx.Value(skipCommitKey).(bool); ok && skip {
+ return nil // we skipped BeginTX, so we also skip Rollback
+ }
+
fallback := &pop.Connection{TX: &pop.Tx{}}
tx := popx.GetConnection(ctx, fallback)
if tx.TX == fallback.TX || tx.TX == nil {
@@ -184,6 +197,6 @@ func (p *Persister) mustSetNetwork(nid uuid.UUID, v interface{}) interface{} {
return v
}
-func (p *Persister) transaction(ctx context.Context, f func(ctx context.Context, c *pop.Connection) error) error {
+func (p *Persister) Transaction(ctx context.Context, f func(ctx context.Context, c *pop.Connection) error) error {
return popx.Transaction(ctx, p.conn, f)
}
diff --git a/persistence/sql/persister_authenticate.go b/persistence/sql/persister_authenticate.go
index 4fdc7eff0ae..013ccc30051 100644
--- a/persistence/sql/persister_authenticate.go
+++ b/persistence/sql/persister_authenticate.go
@@ -3,8 +3,14 @@
package sql
-import "context"
+import (
+ "context"
+)
-func (p *Persister) Authenticate(ctx context.Context, name, secret string) error {
- return p.r.Kratos().Authenticate(ctx, name, secret)
+func (p *Persister) Authenticate(ctx context.Context, name, secret string) (subject string, err error) {
+ session, err := p.r.Kratos().Authenticate(ctx, name, secret)
+ if err != nil {
+ return "", err
+ }
+ return session.Identity.Id, nil
}
diff --git a/persistence/sql/persister_client.go b/persistence/sql/persister_client.go
index 422d651bf4e..c85893c1df8 100644
--- a/persistence/sql/persister_client.go
+++ b/persistence/sql/persister_client.go
@@ -38,7 +38,7 @@ func (p *Persister) UpdateClient(ctx context.Context, cl *client.Client) (err er
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateClient")
defer otelx.End(span, &err)
- return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+ return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
o, err := p.GetConcreteClient(ctx, cl.GetID())
if err != nil {
return err
diff --git a/persistence/sql/persister_consent.go b/persistence/sql/persister_consent.go
index 5eb98af0d6c..57713f91060 100644
--- a/persistence/sql/persister_consent.go
+++ b/persistence/sql/persister_consent.go
@@ -12,37 +12,36 @@ import (
"github.com/gobuffalo/pop/v6"
"github.com/gofrs/uuid"
-
- "github.com/ory/hydra/v2/oauth2/flowctx"
- "github.com/ory/x/otelx"
- "github.com/ory/x/sqlxx"
-
- "github.com/ory/x/errorsx"
-
"github.com/pkg/errors"
+ "go.opentelemetry.io/otel/attribute"
+ "go.opentelemetry.io/otel/trace"
"github.com/ory/fosite"
"github.com/ory/hydra/v2/client"
"github.com/ory/hydra/v2/consent"
"github.com/ory/hydra/v2/flow"
+ "github.com/ory/hydra/v2/oauth2/flowctx"
"github.com/ory/hydra/v2/x"
+ "github.com/ory/x/errorsx"
+ "github.com/ory/x/otelx"
"github.com/ory/x/sqlcon"
+ "github.com/ory/x/sqlxx"
)
var _ consent.Manager = &Persister{}
-func (p *Persister) RevokeSubjectConsentSession(ctx context.Context, user string) error {
+func (p *Persister) RevokeSubjectConsentSession(ctx context.Context, user string) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSubjectConsentSession")
- defer span.End()
+ defer otelx.End(span, &err)
- return p.transaction(ctx, p.revokeConsentSession("consent_challenge_id IS NOT NULL AND subject = ?", user))
+ return p.Transaction(ctx, p.revokeConsentSession("consent_challenge_id IS NOT NULL AND subject = ?", user))
}
-func (p *Persister) RevokeSubjectClientConsentSession(ctx context.Context, user, client string) error {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSubjectClientConsentSession")
- defer span.End()
+func (p *Persister) RevokeSubjectClientConsentSession(ctx context.Context, user, client string) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSubjectClientConsentSession", trace.WithAttributes(attribute.String("client", client)))
+ defer otelx.End(span, &err)
- return p.transaction(ctx, p.revokeConsentSession("consent_challenge_id IS NOT NULL AND subject = ? AND client_id = ?", user, client))
+ return p.Transaction(ctx, p.revokeConsentSession("consent_challenge_id IS NOT NULL AND subject = ? AND client_id = ?", user, client))
}
func (p *Persister) revokeConsentSession(whereStmt string, whereArgs ...interface{}) func(context.Context, *pop.Connection) error {
@@ -51,54 +50,58 @@ func (p *Persister) revokeConsentSession(whereStmt string, whereArgs ...interfac
if err := p.QueryWithNetwork(ctx).
Where(whereStmt, whereArgs...).
Select("consent_challenge_id").
- All(&fs); err != nil {
- if errors.Is(err, sql.ErrNoRows) {
- return errorsx.WithStack(x.ErrNotFound)
- }
-
+ All(&fs); errors.Is(err, sql.ErrNoRows) {
+ return errorsx.WithStack(x.ErrNotFound)
+ } else if err != nil {
return sqlcon.HandleError(err)
}
- var count int
+ ids := make([]interface{}, 0, len(fs))
+ nid := p.NetworkID(ctx)
for _, f := range fs {
- if err := p.RevokeAccessToken(ctx, f.ConsentChallengeID.String()); errors.Is(err, fosite.ErrNotFound) {
- // do nothing
- } else if err != nil {
- return err
- }
-
- if err := p.RevokeRefreshToken(ctx, f.ConsentChallengeID.String()); errors.Is(err, fosite.ErrNotFound) {
- // do nothing
- } else if err != nil {
- return err
- }
-
- localCount, err := c.RawQuery("DELETE FROM hydra_oauth2_flow WHERE consent_challenge_id = ? AND nid = ?", f.ConsentChallengeID, p.NetworkID(ctx)).ExecWithCount()
- if err != nil {
- if errors.Is(err, sql.ErrNoRows) {
- return errorsx.WithStack(x.ErrNotFound)
- }
- return sqlcon.HandleError(err)
- }
-
- // If there are no sessions to revoke we should return an error to indicate to the caller
- // that the request failed.
- count += localCount
+ ids = append(ids, f.ConsentChallengeID.String())
+ }
+
+ if len(ids) == 0 {
+ return nil
+ }
+
+ if err := p.QueryWithNetwork(ctx).
+ Where("nid = ?", nid).
+ Where("request_id IN (?)", ids...).
+ Delete(&OAuth2RequestSQL{Table: sqlTableAccess}); errors.Is(err, fosite.ErrNotFound) {
+ // do nothing
+ } else if err != nil {
+ return err
}
- if count == 0 {
+ if err := p.QueryWithNetwork(ctx).
+ Where("nid = ?", nid).
+ Where("request_id IN (?)", ids...).
+ Delete(&OAuth2RequestSQL{Table: sqlTableRefresh}); errors.Is(err, fosite.ErrNotFound) {
+ // do nothing
+ } else if err != nil {
+ return err
+ }
+
+ if err := p.QueryWithNetwork(ctx).
+ Where("nid = ?", nid).
+ Where("consent_challenge_id IN (?)", ids...).
+ Delete(new(flow.Flow)); errors.Is(err, sql.ErrNoRows) {
return errorsx.WithStack(x.ErrNotFound)
+ } else if err != nil {
+ return sqlcon.HandleError(err)
}
return nil
}
}
-func (p *Persister) RevokeSubjectLoginSession(ctx context.Context, subject string) error {
+func (p *Persister) RevokeSubjectLoginSession(ctx context.Context, subject string) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeSubjectLoginSession")
- defer span.End()
+ defer otelx.End(span, &err)
- err := p.QueryWithNetwork(ctx).Where("subject = ?", subject).Delete(&flow.LoginSession{})
+ err = p.QueryWithNetwork(ctx).Where("subject = ?", subject).Delete(&flow.LoginSession{})
if err != nil {
return sqlcon.HandleError(err)
}
@@ -113,11 +116,11 @@ func (p *Persister) RevokeSubjectLoginSession(ctx context.Context, subject strin
return nil
}
-func (p *Persister) CreateForcedObfuscatedLoginSession(ctx context.Context, session *consent.ForcedObfuscatedLoginSession) error {
+func (p *Persister) CreateForcedObfuscatedLoginSession(ctx context.Context, session *consent.ForcedObfuscatedLoginSession) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateForcedObfuscatedLoginSession")
- defer span.End()
+ defer otelx.End(span, &err)
- return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+ return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
nid := p.NetworkID(ctx)
if err := c.RawQuery(
"DELETE FROM hydra_oauth2_obfuscated_authentication_session WHERE nid = ? AND client_id = ? AND subject = ?",
@@ -138,9 +141,9 @@ func (p *Persister) CreateForcedObfuscatedLoginSession(ctx context.Context, sess
})
}
-func (p *Persister) GetForcedObfuscatedLoginSession(ctx context.Context, client, obfuscated string) (*consent.ForcedObfuscatedLoginSession, error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetForcedObfuscatedLoginSession")
- defer span.End()
+func (p *Persister) GetForcedObfuscatedLoginSession(ctx context.Context, client, obfuscated string) (_ *consent.ForcedObfuscatedLoginSession, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetForcedObfuscatedLoginSession", trace.WithAttributes(attribute.String("client", client)))
+ defer otelx.End(span, &err)
var s consent.ForcedObfuscatedLoginSession
@@ -161,9 +164,9 @@ func (p *Persister) GetForcedObfuscatedLoginSession(ctx context.Context, client,
// CreateConsentRequest configures fields that are introduced or changed in the
// consent request. It doesn't touch fields that would be copied from the login
// request.
-func (p *Persister) CreateConsentRequest(ctx context.Context, f *flow.Flow, req *flow.OAuth2ConsentRequest) error {
+func (p *Persister) CreateConsentRequest(ctx context.Context, f *flow.Flow, req *flow.OAuth2ConsentRequest) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateConsentRequest")
- defer span.End()
+ defer otelx.End(span, &err)
if f == nil {
return errorsx.WithStack(x.ErrNotFound.WithDebug("Flow is nil"))
@@ -180,9 +183,9 @@ func (p *Persister) CreateConsentRequest(ctx context.Context, f *flow.Flow, req
return nil
}
-func (p *Persister) GetFlowByConsentChallenge(ctx context.Context, challenge string) (*flow.Flow, error) {
+func (p *Persister) GetFlowByConsentChallenge(ctx context.Context, challenge string) (_ *flow.Flow, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetFlowByConsentChallenge")
- defer span.End()
+ defer otelx.End(span, &err)
// challenge contains the flow.
f, err := flowctx.Decode[flow.Flow](ctx, p.r.FlowCipher(), challenge, flowctx.AsConsentChallenge)
@@ -199,9 +202,9 @@ func (p *Persister) GetFlowByConsentChallenge(ctx context.Context, challenge str
return f, nil
}
-func (p *Persister) GetConsentRequest(ctx context.Context, challenge string) (*flow.OAuth2ConsentRequest, error) {
+func (p *Persister) GetConsentRequest(ctx context.Context, challenge string) (_ *flow.OAuth2ConsentRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetConsentRequest")
- defer span.End()
+ defer otelx.End(span, &err)
f, err := p.GetFlowByConsentChallenge(ctx, challenge)
if err != nil {
@@ -217,24 +220,118 @@ func (p *Persister) GetConsentRequest(ctx context.Context, challenge string) (*f
return f.GetConsentRequest(), nil
}
-func (p *Persister) CreateLoginRequest(ctx context.Context, req *flow.LoginRequest) (*flow.Flow, error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateLoginRequest")
+// CreateDeviceUserAuthRequest creates a new flow from a DeviceUserAuthRequest.
+func (p *Persister) CreateDeviceUserAuthRequest(ctx context.Context, req *flow.DeviceUserAuthRequest) (*flow.Flow, error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateDeviceUserAuthRequest")
defer span.End()
- f := flow.NewFlow(req)
nid := p.NetworkID(ctx)
if nid == uuid.Nil {
return nil, errorsx.WithStack(x.ErrNotFound)
}
+ f := flow.NewDeviceFlow(req)
f.NID = nid
return f, nil
}
-func (p *Persister) GetFlow(ctx context.Context, loginChallenge string) (*flow.Flow, error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetFlow")
+// GetDeviceUserAuthRequest decodes a challenge into a new DeviceUserAuthRequest.
+func (p *Persister) GetDeviceUserAuthRequest(ctx context.Context, challenge string) (*flow.DeviceUserAuthRequest, error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetDeviceUserAuthRequest")
+ defer span.End()
+
+ f, err := flowctx.Decode[flow.Flow](ctx, p.r.FlowCipher(), challenge, flowctx.AsDeviceChallenge)
+ if err != nil {
+ return nil, errorsx.WithStack(x.ErrNotFound.WithWrap(err))
+ }
+ if f.NID != p.NetworkID(ctx) {
+ return nil, errorsx.WithStack(x.ErrNotFound)
+ }
+ if f.RequestedAt.Add(p.config.ConsentRequestMaxAge(ctx)).Before(time.Now()) {
+ return nil, errorsx.WithStack(fosite.ErrRequestUnauthorized.WithHint("The device request has expired, please try again."))
+ }
+ dr := f.GetDeviceUserAuthRequest()
+
+ return dr, nil
+}
+
+// HandleDeviceUserAuthRequest uses a HandledDeviceUserAuthRequest to update the flow and returns a DeviceUserAuthRequest.
+func (p *Persister) HandleDeviceUserAuthRequest(ctx context.Context, f *flow.Flow, challenge string, r *flow.HandledDeviceUserAuthRequest) (*flow.DeviceUserAuthRequest, error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.HandleDeviceUserAuthRequest")
+ defer span.End()
+
+ if f == nil {
+ return nil, errorsx.WithStack(fosite.ErrInvalidRequest.WithDebug("Flow was nil"))
+ }
+ if f.NID != p.NetworkID(ctx) {
+ return nil, errorsx.WithStack(x.ErrNotFound)
+ }
+ err := f.HandleDeviceUserAuthRequest(r)
+ if err != nil {
+ return nil, err
+ }
+
+ return p.GetDeviceUserAuthRequest(ctx, challenge)
+}
+
+// VerifyAndInvalidateDeviceUserAuthRequest verifies a verifier and invalidates the flow.
+func (p *Persister) VerifyAndInvalidateDeviceUserAuthRequest(ctx context.Context, verifier string) (*flow.HandledDeviceUserAuthRequest, error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.VerifyAndInvalidateDeviceUserAuthRequest")
defer span.End()
+ f, err := flowctx.Decode[flow.Flow](ctx, p.r.FlowCipher(), verifier, flowctx.AsDeviceVerifier)
+ if err != nil {
+ return nil, errorsx.WithStack(fosite.ErrAccessDenied.WithHint("The device verifier has already been used, has not been granted, or is invalid."))
+ }
+ if f.NID != p.NetworkID(ctx) {
+ return nil, errorsx.WithStack(sqlcon.ErrNoRows)
+ }
+
+ if err = f.InvalidateDeviceRequest(); err != nil {
+ return nil, errorsx.WithStack(fosite.ErrInvalidRequest.WithDebug(err.Error()))
+ }
+
+ return f.GetHandledDeviceUserAuthRequest(), nil
+}
+
+func (p *Persister) CreateLoginRequest(ctx context.Context, f *flow.Flow, req *flow.LoginRequest) (_ *flow.Flow, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateLoginRequest")
+ defer otelx.End(span, &err)
+
+ if f == nil {
+ f = flow.NewFlow(req)
+ } else {
+ f.ID = req.ID
+ f.RequestedScope = req.RequestedScope
+ f.RequestedAudience = req.RequestedAudience
+ f.LoginSkip = req.Skip
+ f.Subject = req.Subject
+ f.OpenIDConnectContext = req.OpenIDConnectContext
+ f.Client = req.Client
+ f.ClientID = req.ClientID
+ f.RequestURL = req.RequestURL
+ f.SessionID = req.SessionID
+ f.LoginWasUsed = req.WasHandled
+ f.ForceSubjectIdentifier = req.ForceSubjectIdentifier
+ f.LoginVerifier = req.Verifier
+ f.LoginCSRF = req.CSRF
+ f.LoginAuthenticatedAt = req.AuthenticatedAt
+ f.RequestedAt = req.RequestedAt
+ f.State = flow.FlowStateLoginInitialized
+ }
+ nid := p.NetworkID(ctx)
+ if nid == uuid.Nil {
+ return nil, errorsx.WithStack(x.ErrNotFound)
+ }
+ f.NID = nid
+
+ return f, nil
+}
+
+func (p *Persister) GetFlow(ctx context.Context, loginChallenge string) (_ *flow.Flow, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetFlow")
+ defer otelx.End(span, &err)
+
var f flow.Flow
if err := p.QueryWithNetwork(ctx).Where("login_challenge = ?", loginChallenge).First(&f); err != nil {
if errors.Is(err, sql.ErrNoRows) {
@@ -245,9 +342,9 @@ func (p *Persister) GetFlow(ctx context.Context, loginChallenge string) (*flow.F
return &f, nil
}
-func (p *Persister) GetLoginRequest(ctx context.Context, loginChallenge string) (*flow.LoginRequest, error) {
+func (p *Persister) GetLoginRequest(ctx context.Context, loginChallenge string) (_ *flow.LoginRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetLoginRequest")
- defer span.End()
+ defer otelx.End(span, &err)
f, err := flowctx.Decode[flow.Flow](ctx, p.r.FlowCipher(), loginChallenge, flowctx.AsLoginChallenge)
if err != nil {
@@ -267,9 +364,9 @@ func (p *Persister) GetLoginRequest(ctx context.Context, loginChallenge string)
return lr, nil
}
-func (p *Persister) HandleConsentRequest(ctx context.Context, f *flow.Flow, r *flow.AcceptOAuth2ConsentRequest) (*flow.OAuth2ConsentRequest, error) {
+func (p *Persister) HandleConsentRequest(ctx context.Context, f *flow.Flow, r *flow.AcceptOAuth2ConsentRequest) (_ *flow.OAuth2ConsentRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.HandleConsentRequest")
- defer span.End()
+ defer otelx.End(span, &err)
if f == nil {
return nil, errorsx.WithStack(fosite.ErrInvalidRequest.WithDebug("Flow was nil"))
@@ -287,9 +384,9 @@ func (p *Persister) HandleConsentRequest(ctx context.Context, f *flow.Flow, r *f
return f.GetConsentRequest(), nil
}
-func (p *Persister) VerifyAndInvalidateConsentRequest(ctx context.Context, verifier string) (*flow.AcceptOAuth2ConsentRequest, error) {
+func (p *Persister) VerifyAndInvalidateConsentRequest(ctx context.Context, verifier string) (_ *flow.AcceptOAuth2ConsentRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.VerifyAndInvalidateConsentRequest")
- defer span.End()
+ defer otelx.End(span, &err)
f, err := flowctx.Decode[flow.Flow](ctx, p.r.FlowCipher(), verifier, flowctx.AsConsentVerifier)
if err != nil {
@@ -316,7 +413,7 @@ func (p *Persister) VerifyAndInvalidateConsentRequest(ctx context.Context, verif
func (p *Persister) HandleLoginRequest(ctx context.Context, f *flow.Flow, challenge string, r *flow.HandledLoginRequest) (lr *flow.LoginRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.HandleLoginRequest")
- defer span.End()
+ defer otelx.End(span, &err)
if f == nil {
return nil, errorsx.WithStack(fosite.ErrInvalidRequest.WithDebug("Flow was nil"))
@@ -333,9 +430,9 @@ func (p *Persister) HandleLoginRequest(ctx context.Context, f *flow.Flow, challe
return p.GetLoginRequest(ctx, challenge)
}
-func (p *Persister) VerifyAndInvalidateLoginRequest(ctx context.Context, verifier string) (*flow.HandledLoginRequest, error) {
+func (p *Persister) VerifyAndInvalidateLoginRequest(ctx context.Context, verifier string) (_ *flow.HandledLoginRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.VerifyAndInvalidateLoginRequest")
- defer span.End()
+ defer otelx.End(span, &err)
f, err := flowctx.Decode[flow.Flow](ctx, p.r.FlowCipher(), verifier, flowctx.AsLoginVerifier)
if err != nil {
@@ -353,9 +450,9 @@ func (p *Persister) VerifyAndInvalidateLoginRequest(ctx context.Context, verifie
return &d, nil
}
-func (p *Persister) GetRememberedLoginSession(ctx context.Context, loginSessionFromCookie *flow.LoginSession, id string) (*flow.LoginSession, error) {
+func (p *Persister) GetRememberedLoginSession(ctx context.Context, loginSessionFromCookie *flow.LoginSession, id string) (_ *flow.LoginSession, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetRememberedLoginSession")
- defer span.End()
+ defer otelx.End(span, &err)
if s := loginSessionFromCookie; s != nil && s.NID == p.NetworkID(ctx) && s.ID == id && s.Remember {
return s, nil
@@ -373,9 +470,9 @@ func (p *Persister) GetRememberedLoginSession(ctx context.Context, loginSessionF
}
// ConfirmLoginSession creates or updates the login session. The NID will be set to the network ID of the context.
-func (p *Persister) ConfirmLoginSession(ctx context.Context, loginSession *flow.LoginSession) error {
+func (p *Persister) ConfirmLoginSession(ctx context.Context, loginSession *flow.LoginSession) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ConfirmLoginSession")
- defer span.End()
+ defer otelx.End(span, &err)
loginSession.NID = p.NetworkID(ctx)
loginSession.AuthenticatedAt = sqlxx.NullTime(time.Time(loginSession.AuthenticatedAt).Truncate(time.Second))
@@ -385,8 +482,7 @@ func (p *Persister) ConfirmLoginSession(ctx context.Context, loginSession *flow.
return p.mySQLConfirmLoginSession(ctx, loginSession)
}
- err := p.Connection(ctx).Transaction(func(tx *pop.Connection) error {
- res, err := tx.TX.NamedExec(`
+ res, err := p.Connection(ctx).Store.NamedExecContext(ctx, `
INSERT INTO hydra_oauth2_authentication_session (id, nid, authenticated_at, subject, remember, identity_provider_session_id)
VALUES (:id, :nid, :authenticated_at, :subject, :remember, :identity_provider_session_id)
ON CONFLICT(id) DO
@@ -397,28 +493,22 @@ UPDATE SET
identity_provider_session_id = :identity_provider_session_id
WHERE hydra_oauth2_authentication_session.id = :id AND hydra_oauth2_authentication_session.nid = :nid
`, loginSession)
- if err != nil {
- return sqlcon.HandleError(err)
- }
- n, err := res.RowsAffected()
- if err != nil {
- return sqlcon.HandleError(err)
- }
- if n == 0 {
- return errorsx.WithStack(x.ErrNotFound)
- }
- return nil
- })
if err != nil {
- return errors.WithStack(err)
+ return sqlcon.HandleError(err)
+ }
+ n, err := res.RowsAffected()
+ if err != nil {
+ return sqlcon.HandleError(err)
+ }
+ if n == 0 {
+ return errorsx.WithStack(x.ErrNotFound)
}
-
return nil
}
-func (p *Persister) CreateLoginSession(ctx context.Context, session *flow.LoginSession) error {
+func (p *Persister) CreateLoginSession(ctx context.Context, session *flow.LoginSession) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateLoginSession")
- defer span.End()
+ defer otelx.End(span, &err)
nid := p.NetworkID(ctx)
if nid == uuid.Nil {
@@ -486,7 +576,7 @@ WHERE id = ? AND nid = ?`,
func (p *Persister) FindGrantedAndRememberedConsentRequests(ctx context.Context, client, subject string) (rs []flow.AcceptOAuth2ConsentRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindGrantedAndRememberedConsentRequests")
- defer span.End()
+ defer otelx.End(span, &err)
var f flow.Flow
if err = p.Connection(ctx).
@@ -513,9 +603,10 @@ nid = ?`, flow.FlowStateConsentUsed, flow.FlowStateConsentUnused,
return p.filterExpiredConsentRequests(ctx, []flow.AcceptOAuth2ConsentRequest{*f.GetHandledConsentRequest()})
}
-func (p *Persister) FindSubjectsGrantedConsentRequests(ctx context.Context, subject string, limit, offset int) ([]flow.AcceptOAuth2ConsentRequest, error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindSubjectsGrantedConsentRequests")
- defer span.End()
+func (p *Persister) FindSubjectsGrantedConsentRequests(ctx context.Context, subject string, limit, offset int) (_ []flow.AcceptOAuth2ConsentRequest, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindSubjectsGrantedConsentRequests",
+ trace.WithAttributes(attribute.Int("limit", limit), attribute.Int("offset", offset)))
+ defer otelx.End(span, &err)
var fs []flow.Flow
c := p.Connection(ctx)
@@ -547,9 +638,10 @@ nid = ?`, flow.FlowStateConsentUsed, flow.FlowStateConsentUnused,
return p.filterExpiredConsentRequests(ctx, rs)
}
-func (p *Persister) FindSubjectsSessionGrantedConsentRequests(ctx context.Context, subject, sid string, limit, offset int) ([]flow.AcceptOAuth2ConsentRequest, error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindSubjectsSessionGrantedConsentRequests")
- defer span.End()
+func (p *Persister) FindSubjectsSessionGrantedConsentRequests(ctx context.Context, subject, sid string, limit, offset int) (_ []flow.AcceptOAuth2ConsentRequest, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FindSubjectsSessionGrantedConsentRequests",
+ trace.WithAttributes(attribute.String("sid", sid), attribute.Int("limit", limit), attribute.Int("offset", offset)))
+ defer otelx.End(span, &err)
var fs []flow.Flow
c := p.Connection(ctx)
@@ -582,11 +674,14 @@ nid = ?`, flow.FlowStateConsentUsed, flow.FlowStateConsentUnused,
return p.filterExpiredConsentRequests(ctx, rs)
}
-func (p *Persister) CountSubjectsGrantedConsentRequests(ctx context.Context, subject string) (int, error) {
+func (p *Persister) CountSubjectsGrantedConsentRequests(ctx context.Context, subject string) (n int, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CountSubjectsGrantedConsentRequests")
- defer span.End()
+ defer otelx.End(span, &err)
+ defer func() {
+ span.SetAttributes(attribute.Int("count", n))
+ }()
- n, err := p.Connection(ctx).
+ n, err = p.Connection(ctx).
Where(
strings.TrimSpace(fmt.Sprintf(`
(state = %d OR state = %d) AND
@@ -600,9 +695,9 @@ nid = ?`, flow.FlowStateConsentUsed, flow.FlowStateConsentUnused,
return n, sqlcon.HandleError(err)
}
-func (p *Persister) filterExpiredConsentRequests(ctx context.Context, requests []flow.AcceptOAuth2ConsentRequest) ([]flow.AcceptOAuth2ConsentRequest, error) {
+func (p *Persister) filterExpiredConsentRequests(ctx context.Context, requests []flow.AcceptOAuth2ConsentRequest) (_ []flow.AcceptOAuth2ConsentRequest, err error) {
_, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.filterExpiredConsentRequests")
- defer span.End()
+ defer otelx.End(span, &err)
var result []flow.AcceptOAuth2ConsentRequest
for _, v := range requests {
@@ -617,24 +712,25 @@ func (p *Persister) filterExpiredConsentRequests(ctx context.Context, requests [
return result, nil
}
-func (p *Persister) ListUserAuthenticatedClientsWithFrontChannelLogout(ctx context.Context, subject, sid string) ([]client.Client, error) {
+func (p *Persister) ListUserAuthenticatedClientsWithFrontChannelLogout(ctx context.Context, subject, sid string) (_ []client.Client, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListUserAuthenticatedClientsWithFrontChannelLogout")
- defer span.End()
+ defer otelx.End(span, &err)
return p.listUserAuthenticatedClients(ctx, subject, sid, "front")
}
-func (p *Persister) ListUserAuthenticatedClientsWithBackChannelLogout(ctx context.Context, subject, sid string) ([]client.Client, error) {
+func (p *Persister) ListUserAuthenticatedClientsWithBackChannelLogout(ctx context.Context, subject, sid string) (_ []client.Client, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.ListUserAuthenticatedClientsWithBackChannelLogout")
- defer span.End()
+ defer otelx.End(span, &err)
+
return p.listUserAuthenticatedClients(ctx, subject, sid, "back")
}
-func (p *Persister) listUserAuthenticatedClients(ctx context.Context, subject, sid, channel string) ([]client.Client, error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.listUserAuthenticatedClients")
- defer span.End()
+func (p *Persister) listUserAuthenticatedClients(ctx context.Context, subject, sid, channel string) (cs []client.Client, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.listUserAuthenticatedClients",
+ trace.WithAttributes(attribute.String("sid", sid)))
+ defer otelx.End(span, &err)
- var cs []client.Client
if err := p.Connection(ctx).RawQuery(
/* #nosec G201 - channel can either be "front" or "back" */
fmt.Sprintf(`
@@ -642,7 +738,7 @@ SELECT DISTINCT c.* FROM hydra_client as c
JOIN hydra_oauth2_flow as f ON (c.id = f.client_id AND c.nid = f.nid)
WHERE
f.subject=? AND
- c.%schannel_logout_uri!='' AND
+ c.%schannel_logout_uri != '' AND
c.%schannel_logout_uri IS NOT NULL AND
f.login_session_id = ? AND
f.nid = ? AND
@@ -661,16 +757,16 @@ WHERE
return cs, nil
}
-func (p *Persister) CreateLogoutRequest(ctx context.Context, request *flow.LogoutRequest) error {
+func (p *Persister) CreateLogoutRequest(ctx context.Context, request *flow.LogoutRequest) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateLogoutRequest")
- defer span.End()
+ defer otelx.End(span, &err)
return errorsx.WithStack(p.CreateWithNetwork(ctx, request))
}
-func (p *Persister) AcceptLogoutRequest(ctx context.Context, challenge string) (*flow.LogoutRequest, error) {
+func (p *Persister) AcceptLogoutRequest(ctx context.Context, challenge string) (_ *flow.LogoutRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.AcceptLogoutRequest")
- defer span.End()
+ defer otelx.End(span, &err)
if err := p.Connection(ctx).RawQuery("UPDATE hydra_oauth2_logout_request SET accepted=true, rejected=false WHERE challenge=? AND nid = ?", challenge, p.NetworkID(ctx)).Exec(); err != nil {
return nil, sqlcon.HandleError(err)
@@ -679,9 +775,9 @@ func (p *Persister) AcceptLogoutRequest(ctx context.Context, challenge string) (
return p.GetLogoutRequest(ctx, challenge)
}
-func (p *Persister) RejectLogoutRequest(ctx context.Context, challenge string) error {
+func (p *Persister) RejectLogoutRequest(ctx context.Context, challenge string) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RejectLogoutRequest")
- defer span.End()
+ defer otelx.End(span, &err)
count, err := p.Connection(ctx).
RawQuery("UPDATE hydra_oauth2_logout_request SET rejected=true, accepted=false WHERE challenge=? AND nid = ?", challenge, p.NetworkID(ctx)).
@@ -693,17 +789,17 @@ func (p *Persister) RejectLogoutRequest(ctx context.Context, challenge string) e
}
}
-func (p *Persister) GetLogoutRequest(ctx context.Context, challenge string) (*flow.LogoutRequest, error) {
+func (p *Persister) GetLogoutRequest(ctx context.Context, challenge string) (_ *flow.LogoutRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetLogoutRequest")
- defer span.End()
+ defer otelx.End(span, &err)
var lr flow.LogoutRequest
return &lr, sqlcon.HandleError(p.QueryWithNetwork(ctx).Where("challenge = ? AND rejected = FALSE", challenge).First(&lr))
}
-func (p *Persister) VerifyAndInvalidateLogoutRequest(ctx context.Context, verifier string) (*flow.LogoutRequest, error) {
+func (p *Persister) VerifyAndInvalidateLogoutRequest(ctx context.Context, verifier string) (_ *flow.LogoutRequest, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.VerifyAndInvalidateLogoutRequest")
- defer span.End()
+ defer otelx.End(span, &err)
var lr flow.LogoutRequest
if count, err := p.Connection(ctx).RawQuery(`
@@ -721,17 +817,24 @@ WHERE nid = ?
return nil, sqlcon.HandleError(err)
}
- err := sqlcon.HandleError(p.QueryWithNetwork(ctx).Where("verifier = ?", verifier).First(&lr))
+ err = sqlcon.HandleError(p.QueryWithNetwork(ctx).Where("verifier = ?", verifier).First(&lr))
if err != nil {
return nil, err
}
+ if expiry := time.Time(lr.ExpiresAt);
+ // If the expiry is unset, we are in a legacy use case (allow logout).
+ // TODO: Remove this in the future.
+ !expiry.IsZero() && expiry.Before(time.Now().UTC()) {
+ return nil, errorsx.WithStack(flow.ErrorLogoutFlowExpired)
+ }
+
return &lr, nil
}
-func (p *Persister) FlushInactiveLoginConsentRequests(ctx context.Context, notAfter time.Time, limit int, batchSize int) error {
+func (p *Persister) FlushInactiveLoginConsentRequests(ctx context.Context, notAfter time.Time, limit int, batchSize int) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.FlushInactiveLoginConsentRequests")
- defer span.End()
+ defer otelx.End(span, &err)
/* #nosec G201 table is static */
var f flow.Flow
diff --git a/persistence/sql/persister_device.go b/persistence/sql/persister_device.go
new file mode 100644
index 00000000000..c77c7cff430
--- /dev/null
+++ b/persistence/sql/persister_device.go
@@ -0,0 +1,305 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package sql
+
+import (
+ "context"
+ "database/sql"
+ "encoding/json"
+ "fmt"
+ "net/url"
+ "strings"
+ "time"
+
+ "github.com/gofrs/uuid"
+ "github.com/pkg/errors"
+ "github.com/tidwall/gjson"
+
+ "github.com/ory/fosite"
+ "github.com/ory/hydra/v2/oauth2"
+ "github.com/ory/x/errorsx"
+ "github.com/ory/x/otelx"
+ "github.com/ory/x/sqlcon"
+ "github.com/ory/x/sqlxx"
+ "github.com/ory/x/stringsx"
+)
+
+const (
+ sqlTableDeviceAuthCodes tableName = "hydra_oauth2_device_auth_codes"
+)
+
+type DeviceRequestSQL struct {
+ ID string `db:"device_code_signature"`
+ UserCodeID string `db:"user_code_signature"`
+ NID uuid.UUID `db:"nid"`
+ Request string `db:"request_id"`
+ ConsentChallenge sql.NullString `db:"challenge_id"`
+ RequestedAt time.Time `db:"requested_at"`
+ Client string `db:"client_id"`
+ Scopes string `db:"scope"`
+ GrantedScope string `db:"granted_scope"`
+ RequestedAudience string `db:"requested_audience"`
+ GrantedAudience string `db:"granted_audience"`
+ Form string `db:"form_data"`
+ Subject string `db:"subject"`
+ DeviceCodeActive bool `db:"device_code_active"`
+ UserCodeState fosite.UserCodeState `db:"user_code_state"`
+ Session []byte `db:"session_data"`
+ // InternalExpiresAt denormalizes the expiry from the session to additionally store it as a row.
+ InternalExpiresAt sqlxx.NullTime `db:"expires_at" json:"-"`
+}
+
+func (r DeviceRequestSQL) TableName() string {
+ return string(sqlTableDeviceAuthCodes)
+}
+
+func (r *DeviceRequestSQL) toRequest(ctx context.Context, session fosite.Session, p *Persister) (_ *fosite.DeviceRequest, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeviceRequestSQL.toRequest")
+ defer otelx.End(span, &err)
+
+ sess := r.Session
+ if !gjson.ValidBytes(sess) {
+ var err error
+ sess, err = p.r.KeyCipher().Decrypt(ctx, string(sess), nil)
+ if err != nil {
+ return nil, errorsx.WithStack(err)
+ }
+ }
+
+ if session != nil {
+ if err := json.Unmarshal(sess, session); err != nil {
+ return nil, errorsx.WithStack(err)
+ }
+ } else {
+ p.l.Debugf("Got an empty session in toRequest")
+ }
+
+ c, err := p.GetClient(ctx, r.Client)
+ if err != nil {
+ return nil, err
+ }
+
+ val, err := url.ParseQuery(r.Form)
+ if err != nil {
+ return nil, errorsx.WithStack(err)
+ }
+
+ return &fosite.DeviceRequest{
+ UserCodeState: fosite.UserCodeState(r.UserCodeState),
+ Request: fosite.Request{
+ ID: r.Request,
+ RequestedAt: r.RequestedAt,
+ // ExpiresAt does not need to be populated as we get the expiry time from the session.
+ Client: c,
+ RequestedScope: stringsx.Splitx(r.Scopes, "|"),
+ GrantedScope: stringsx.Splitx(r.GrantedScope, "|"),
+ RequestedAudience: stringsx.Splitx(r.RequestedAudience, "|"),
+ GrantedAudience: stringsx.Splitx(r.GrantedAudience, "|"),
+ Form: val,
+ Session: session,
+ },
+ }, nil
+}
+
+func (p *Persister) sqlDeviceSchemaFromRequest(ctx context.Context, deviceCodeSignature, userCodeSignature string, r fosite.DeviceRequester, expiresAt time.Time) (*DeviceRequestSQL, error) {
+ subject := ""
+ if r.GetSession() == nil {
+ p.l.Debugf("Got an empty session in sqlSchemaFromRequest")
+ } else {
+ subject = r.GetSession().GetSubject()
+ }
+
+ session, err := json.Marshal(r.GetSession())
+ if err != nil {
+ return nil, errorsx.WithStack(err)
+ }
+
+ if p.config.EncryptSessionData(ctx) {
+ ciphertext, err := p.r.KeyCipher().Encrypt(ctx, session, nil)
+ if err != nil {
+ return nil, errorsx.WithStack(err)
+ }
+ session = []byte(ciphertext)
+ }
+
+ var challenge sql.NullString
+ rr, ok := r.GetSession().(*oauth2.Session)
+ if !ok && r.GetSession() != nil {
+ return nil, errors.Errorf("Expected request to be of type *Session, but got: %T", r.GetSession())
+ } else if ok {
+ if len(rr.ConsentChallenge) > 0 {
+ challenge = sql.NullString{Valid: true, String: rr.ConsentChallenge}
+ }
+ }
+
+ return &DeviceRequestSQL{
+ Request: r.GetID(),
+ ConsentChallenge: challenge,
+ ID: deviceCodeSignature,
+ UserCodeID: userCodeSignature,
+ RequestedAt: r.GetRequestedAt(),
+ InternalExpiresAt: sqlxx.NullTime(expiresAt),
+ Client: r.GetClient().GetID(),
+ Scopes: strings.Join(r.GetRequestedScopes(), "|"),
+ GrantedScope: strings.Join(r.GetGrantedScopes(), "|"),
+ GrantedAudience: strings.Join(r.GetGrantedAudience(), "|"),
+ RequestedAudience: strings.Join(r.GetRequestedAudience(), "|"),
+ Form: r.GetRequestForm().Encode(),
+ Session: session,
+ Subject: subject,
+ DeviceCodeActive: true,
+ UserCodeState: r.GetUserCodeState(),
+ }, nil
+}
+
+func (p *Persister) createDeviceAuthSession(ctx context.Context, deviceCodeSignature, userCodeSignature string, requester fosite.DeviceRequester, table tableName, expiresAt time.Time) error {
+ req, err := p.sqlDeviceSchemaFromRequest(ctx, deviceCodeSignature, userCodeSignature, requester, expiresAt)
+ if err != nil {
+ return err
+ }
+
+ if err = sqlcon.HandleError(p.CreateWithNetwork(ctx, req)); errors.Is(err, sqlcon.ErrConcurrentUpdate) {
+ return errors.Wrap(fosite.ErrSerializationFailure, err.Error())
+ } else if err != nil {
+ return err
+ }
+ return nil
+}
+
+func (p *Persister) findDeviceAuthSessionByDeviceCodeSignature(ctx context.Context, signature string, session fosite.Session) (fosite.DeviceRequester, error) {
+ r := DeviceRequestSQL{}
+ err := p.QueryWithNetwork(ctx).Where("device_code_signature = ?", signature).First(&r)
+ if errors.Is(err, sql.ErrNoRows) {
+ return nil, errorsx.WithStack(fosite.ErrNotFound)
+ }
+ if err != nil {
+ return nil, sqlcon.HandleError(err)
+ }
+ if !r.DeviceCodeActive {
+ fr, err := r.toRequest(ctx, session, p)
+ if err != nil {
+ return nil, err
+ }
+ return fr, errorsx.WithStack(fosite.ErrInactiveToken)
+ }
+
+ return r.toRequest(ctx, session, p)
+}
+
+func (p *Persister) findDeviceAuthSessionByUserCodeSignature(ctx context.Context, signature string, session fosite.Session) (fosite.DeviceRequester, error) {
+ r := DeviceRequestSQL{}
+ err := p.QueryWithNetwork(ctx).Where("user_code_signature = ?", signature).First(&r)
+ if errors.Is(err, sql.ErrNoRows) {
+ return nil, errorsx.WithStack(fosite.ErrNotFound)
+ }
+ if err != nil {
+ return nil, sqlcon.HandleError(err)
+ }
+
+ fr, err := r.toRequest(ctx, session, p)
+ if err != nil {
+ return nil, err
+ }
+ if r.UserCodeState != fosite.UserCodeUnused {
+ return fr, errorsx.WithStack(fosite.ErrInactiveToken)
+ }
+
+ return fr, err
+}
+
+func (p *Persister) findDeviceAuthSessionByRequestID(ctx context.Context, requestID string, session fosite.Session) (fosite.DeviceRequester, string, error) {
+ r := DeviceRequestSQL{}
+ err := p.QueryWithNetwork(ctx).Where("request_id = ?", requestID).First(&r)
+ if errors.Is(err, sql.ErrNoRows) {
+ return nil, "", errorsx.WithStack(fosite.ErrNotFound)
+ }
+ if err != nil {
+ return nil, "", sqlcon.HandleError(err)
+ }
+ if !r.DeviceCodeActive {
+ fr, err := r.toRequest(ctx, session, p)
+ if err != nil {
+ return nil, "", err
+ }
+ return fr, r.ID, errorsx.WithStack(fosite.ErrInactiveToken)
+ }
+
+ fr, err := r.toRequest(ctx, session, p)
+ if err != nil {
+ return nil, "", err
+ }
+ return fr, r.ID, nil
+}
+
+// CreateDeviceCodeSession creates a new device code session and stores it in the database
+func (p *Persister) CreateDeviceAuthSession(ctx context.Context, deviceCodeSignature, userCodeSignature string, requester fosite.DeviceRequester) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateDeviceCodeSession")
+ defer otelx.End(span, &err)
+ return p.createDeviceAuthSession(ctx, deviceCodeSignature, userCodeSignature, requester, sqlTableDeviceAuthCodes, requester.GetSession().GetExpiresAt(fosite.DeviceCode).UTC())
+}
+
+// UpdateDeviceCodeSessionBySignature updates a device code session by the device_code signature
+func (p *Persister) UpdateDeviceCodeSessionBySignature(ctx context.Context, signature string, requester fosite.DeviceRequester) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateDeviceCodeSessionBySignature")
+ defer otelx.End(span, &err)
+
+ req, err := p.sqlDeviceSchemaFromRequest(ctx, signature, "", requester, requester.GetSession().GetExpiresAt(fosite.DeviceCode).UTC())
+ if err != nil {
+ return err
+ }
+
+ stmt := fmt.Sprintf(
+ "UPDATE %s SET granted_scope=?, granted_audience=?, session_data=?, user_code_state=? WHERE device_code_signature=? AND nid = ?",
+ sqlTableDeviceAuthCodes,
+ )
+
+ /* #nosec G201 table is static */
+ err = p.Connection(ctx).RawQuery(stmt, req.GrantedScope, req.GrantedAudience, req.Session, req.UserCodeState, signature, p.NetworkID(ctx)).Exec()
+ if err != nil {
+ return sqlcon.HandleError(err)
+ }
+
+ return nil
+}
+
+// GetDeviceCodeSession returns a device code session from the database
+func (p *Persister) GetDeviceCodeSession(ctx context.Context, signature string, session fosite.Session) (_ fosite.DeviceRequester, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetDeviceCodeSession")
+ defer otelx.End(span, &err)
+ return p.findDeviceAuthSessionByDeviceCodeSignature(ctx, signature, session)
+}
+
+// GetDeviceCodeSessionByRequestID returns a device code session from the database
+func (p *Persister) GetDeviceCodeSessionByRequestID(ctx context.Context, requestID string, session fosite.Session) (_ fosite.DeviceRequester, deviceCodeSignature string, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetDeviceCodeSessionByRequestID")
+ defer otelx.End(span, &err)
+ return p.findDeviceAuthSessionByRequestID(ctx, requestID, session)
+}
+
+// InvalidateDeviceCodeSession invalidates a device code session
+func (p *Persister) InvalidateDeviceCodeSession(ctx context.Context, signature string) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.InvalidateDeviceCodeSession")
+ defer otelx.End(span, &err)
+
+ /* #nosec G201 table is static */
+ return sqlcon.HandleError(
+ p.Connection(ctx).
+ RawQuery(
+ fmt.Sprintf("UPDATE %s SET device_code_active=false WHERE device_code_signature=? AND nid = ?", sqlTableDeviceAuthCodes),
+ signature,
+ p.NetworkID(ctx),
+ ).
+ Exec(),
+ )
+}
+
+// GetUserCodeSession returns a user code session from the database
+func (p *Persister) GetUserCodeSession(ctx context.Context, signature string, session fosite.Session) (_ fosite.DeviceRequester, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetUserCodeSession")
+ defer otelx.End(span, &err)
+ if session == nil {
+ session = oauth2.NewSession("")
+ }
+ return p.findDeviceAuthSessionByUserCodeSignature(ctx, signature, session)
+}
diff --git a/persistence/sql/persister_grant_jwk.go b/persistence/sql/persister_grant_jwk.go
index 115fa58fa0f..acbf0e38766 100644
--- a/persistence/sql/persister_grant_jwk.go
+++ b/persistence/sql/persister_grant_jwk.go
@@ -8,6 +8,8 @@ import (
"strings"
"time"
+ "github.com/ory/hydra/v2/jwk"
+
"github.com/pkg/errors"
"github.com/go-jose/go-jose/v3"
@@ -26,7 +28,7 @@ func (p *Persister) CreateGrant(ctx context.Context, g trust.Grant, publicKey jo
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateGrant")
defer otelx.End(span, &err)
- return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+ return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
// add key, if it doesn't exist
if _, err := p.GetKey(ctx, g.PublicKey.Set, g.PublicKey.KeyID); err != nil {
if !errors.Is(err, sqlcon.ErrNoRows) {
@@ -59,7 +61,7 @@ func (p *Persister) DeleteGrant(ctx context.Context, id string) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteGrant")
defer otelx.End(span, &err)
- return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+ return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
grant, err := p.GetConcreteGrant(ctx, id)
if err != nil {
return sqlcon.HandleError(err)
@@ -140,7 +142,7 @@ func (p *Persister) GetPublicKeys(ctx context.Context, issuer string, subject st
grantsData := make([]trust.SQLData, 0)
query := p.QueryWithNetwork(ctx).
- Select("key_set", "key_id").
+ Select("key_id").
Where(expiresAt).
Where("issuer = ?", issuer).
Where("(subject = ? OR allow_any_subject IS TRUE)", subject).
@@ -155,21 +157,38 @@ func (p *Persister) GetPublicKeys(ctx context.Context, issuer string, subject st
return &jose.JSONWebKeySet{}, nil
}
- // because keys must be grouped by issuer, we can retrieve set name from first grant
- keySet, err := p.GetKeySet(ctx, grantsData[0].KeySet)
- if err != nil {
- return nil, err
+ keyIDs := make([]interface{}, len(grantsData))
+ for k, d := range grantsData {
+ keyIDs[k] = d.KeyID
}
- // find keys, that belong to grants
- filteredKeySet := &jose.JSONWebKeySet{}
- for _, data := range grantsData {
- if keys := keySet.Key(data.KeyID); len(keys) > 0 {
- filteredKeySet.Keys = append(filteredKeySet.Keys, keys...)
- }
+ var js jwk.SQLDataRows
+ if err := p.QueryWithNetwork(ctx).
+ // key_set and issuer are set to the same value on creation:
+ //
+ // grant := Grant{
+ // ID: uuid.New().String(),
+ // Issuer: grantRequest.Issuer,
+ // Subject: grantRequest.Subject,
+ // AllowAnySubject: grantRequest.AllowAnySubject,
+ // Scope: grantRequest.Scope,
+ // PublicKey: PublicKey{
+ // Set: grantRequest.Issuer, // group all keys by issuer, so set=issuer
+ // KeyID: grantRequest.PublicKeyJWK.KeyID,
+ // },
+ // CreatedAt: time.Now().UTC().Round(time.Second),
+ // ExpiresAt: grantRequest.ExpiresAt.UTC().Round(time.Second),
+ // }
+ //
+ // Therefore it is fine if we only look for the issuer here instead of the key set id.
+ Where("sid = ?", issuer).
+ Where("kid IN (?)", keyIDs).
+ Order("created_at DESC").
+ All(&js); err != nil {
+ return nil, sqlcon.HandleError(err)
}
- return filteredKeySet, nil
+ return js.ToJWK(ctx, p.r)
}
func (p *Persister) GetPublicKeyScopes(ctx context.Context, issuer string, subject string, keyId string) (_ []string, err error) {
diff --git a/persistence/sql/persister_jwk.go b/persistence/sql/persister_jwk.go
index 1efdff13394..27a6e184a2b 100644
--- a/persistence/sql/persister_jwk.go
+++ b/persistence/sql/persister_jwk.go
@@ -9,21 +9,27 @@ import (
"github.com/go-jose/go-jose/v3"
"github.com/gobuffalo/pop/v6"
+ "go.opentelemetry.io/otel/attribute"
+ "go.opentelemetry.io/otel/trace"
"github.com/ory/x/errorsx"
+ "github.com/ory/x/otelx"
"github.com/pkg/errors"
"github.com/ory/hydra/v2/jwk"
- "github.com/ory/hydra/v2/x"
"github.com/ory/x/sqlcon"
)
var _ jwk.Manager = &Persister{}
-func (p *Persister) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg, use string) (*jose.JSONWebKeySet, error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GenerateAndPersistKey")
- defer span.End()
+func (p *Persister) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg, use string) (_ *jose.JSONWebKeySet, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GenerateAndPersistKeySet",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", kid),
+ attribute.String("alg", alg)))
+ defer otelx.End(span, &err)
keys, err := jwk.GenerateJWK(ctx, jose.SignatureAlgorithm(alg), kid, use)
if err != nil {
@@ -38,9 +44,13 @@ func (p *Persister) GenerateAndPersistKeySet(ctx context.Context, set, kid, alg,
return keys, nil
}
-func (p *Persister) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) error {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.AddKey")
- defer span.End()
+func (p *Persister) AddKey(ctx context.Context, set string, key *jose.JSONWebKey) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.AddKey",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", key.KeyID)))
+
+ defer otelx.End(span, &err)
out, err := json.Marshal(key)
if err != nil {
@@ -60,11 +70,11 @@ func (p *Persister) AddKey(ctx context.Context, set string, key *jose.JSONWebKey
}))
}
-func (p *Persister) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) error {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.AddKey")
- defer span.End()
+func (p *Persister) AddKeySet(ctx context.Context, set string, keys *jose.JSONWebKeySet) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.AddKeySet", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
- return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+ return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
for _, key := range keys.Keys {
out, err := json.Marshal(key)
if err != nil {
@@ -90,11 +100,14 @@ func (p *Persister) AddKeySet(ctx context.Context, set string, keys *jose.JSONWe
}
// UpdateKey updates or creates the key.
-func (p *Persister) UpdateKey(ctx context.Context, set string, key *jose.JSONWebKey) error {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateKey")
- defer span.End()
-
- return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+func (p *Persister) UpdateKey(ctx context.Context, set string, key *jose.JSONWebKey) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateKey",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", key.KeyID)))
+ defer otelx.End(span, &err)
+
+ return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
if err := p.DeleteKey(ctx, set, key.KeyID); err != nil {
return err
}
@@ -106,11 +119,11 @@ func (p *Persister) UpdateKey(ctx context.Context, set string, key *jose.JSONWeb
}
// UpdateKeySet updates or creates the key set.
-func (p *Persister) UpdateKeySet(ctx context.Context, set string, keySet *jose.JSONWebKeySet) error {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateKeySet")
- defer span.End()
+func (p *Persister) UpdateKeySet(ctx context.Context, set string, keySet *jose.JSONWebKeySet) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.UpdateKeySet", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
- return p.transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
+ return p.Transaction(ctx, func(ctx context.Context, c *pop.Connection) error {
if err := p.DeleteKeySet(ctx, set); err != nil {
return err
}
@@ -121,9 +134,12 @@ func (p *Persister) UpdateKeySet(ctx context.Context, set string, keySet *jose.J
})
}
-func (p *Persister) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebKeySet, error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetKey")
- defer span.End()
+func (p *Persister) GetKey(ctx context.Context, set, kid string) (_ *jose.JSONWebKeySet, err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetKey",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", kid)))
+ defer otelx.End(span, &err)
var j jwk.SQLData
if err := p.QueryWithNetwork(ctx).
@@ -149,10 +165,10 @@ func (p *Persister) GetKey(ctx context.Context, set, kid string) (*jose.JSONWebK
}
func (p *Persister) GetKeySet(ctx context.Context, set string) (keys *jose.JSONWebKeySet, err error) {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetKeySet")
- defer span.End()
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetKeySet", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
- var js []jwk.SQLData
+ var js jwk.SQLDataRows
if err := p.QueryWithNetwork(ctx).
Where("sid = ?", set).
Order("created_at DESC").
@@ -160,43 +176,24 @@ func (p *Persister) GetKeySet(ctx context.Context, set string) (keys *jose.JSONW
return nil, sqlcon.HandleError(err)
}
- if len(js) == 0 {
- return nil, errors.Wrap(x.ErrNotFound, "")
- }
-
- keys = &jose.JSONWebKeySet{Keys: []jose.JSONWebKey{}}
- for _, d := range js {
- key, err := p.r.KeyCipher().Decrypt(ctx, d.Key, nil)
- if err != nil {
- return nil, errorsx.WithStack(err)
- }
-
- var c jose.JSONWebKey
- if err := json.Unmarshal(key, &c); err != nil {
- return nil, errorsx.WithStack(err)
- }
- keys.Keys = append(keys.Keys, c)
- }
-
- if len(keys.Keys) == 0 {
- return nil, errorsx.WithStack(x.ErrNotFound)
- }
-
- return keys, nil
+ return js.ToJWK(ctx, p.r)
}
-func (p *Persister) DeleteKey(ctx context.Context, set, kid string) error {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteKey")
- defer span.End()
+func (p *Persister) DeleteKey(ctx context.Context, set, kid string) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteKey",
+ trace.WithAttributes(
+ attribute.String("set", set),
+ attribute.String("kid", kid)))
+ defer otelx.End(span, &err)
- err := p.QueryWithNetwork(ctx).Where("sid=? AND kid=?", set, kid).Delete(&jwk.SQLData{})
+ err = p.QueryWithNetwork(ctx).Where("sid=? AND kid=?", set, kid).Delete(&jwk.SQLData{})
return sqlcon.HandleError(err)
}
-func (p *Persister) DeleteKeySet(ctx context.Context, set string) error {
- ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteKeySet")
- defer span.End()
+func (p *Persister) DeleteKeySet(ctx context.Context, set string) (err error) {
+ ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.DeleteKeySet", trace.WithAttributes(attribute.String("set", set)))
+ defer otelx.End(span, &err)
- err := p.QueryWithNetwork(ctx).Where("sid=?", set).Delete(&jwk.SQLData{})
+ err = p.QueryWithNetwork(ctx).Where("sid=?", set).Delete(&jwk.SQLData{})
return sqlcon.HandleError(err)
}
diff --git a/persistence/sql/persister_nid_test.go b/persistence/sql/persister_nid_test.go
index 2ca0f672be2..322b6e6b360 100644
--- a/persistence/sql/persister_nid_test.go
+++ b/persistence/sql/persister_nid_test.go
@@ -10,6 +10,8 @@ import (
"testing"
"time"
+ "github.com/ory/fosite/handler/openid"
+
"github.com/stretchr/testify/assert"
"github.com/ory/hydra/v2/persistence"
@@ -323,9 +325,10 @@ func (s *PersisterTestSuite) TestCreateAccessTokenSession() {
fr := fosite.NewRequest()
fr.Client = &fosite.DefaultClient{ID: c1.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr))
actual := persistencesql.OAuth2RequestSQL{Table: "access"}
- require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
require.Equal(t, s.t1NID, actual.NID)
})
}
@@ -342,6 +345,7 @@ func (s *PersisterTestSuite) TestCreateAuthorizeCodeSession() {
sig := uuid.Must(uuid.NewV4()).String()
fr := fosite.NewRequest()
fr.Client = &fosite.DefaultClient{ID: c1.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAuthorizeCodeSession(s.t1, sig, fr))
actual := persistencesql.OAuth2RequestSQL{Table: "code"}
require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, sig))
@@ -432,7 +436,7 @@ func (s *PersisterTestSuite) TestCreateLoginRequest() {
lr := flow.LoginRequest{ID: "lr-id", ClientID: client.ID, RequestedAt: time.Now()}
require.NoError(t, r.Persister().CreateClient(s.t1, client))
- f, err := r.ConsentManager().CreateLoginRequest(s.t1, &lr)
+ f, err := r.ConsentManager().CreateLoginRequest(s.t1, nil, &lr)
require.NoError(t, err)
require.Equal(t, s.t1NID, f.NID)
})
@@ -481,6 +485,7 @@ func (s *PersisterTestSuite) TestCreateOpenIDConnectSession() {
request := fosite.NewRequest()
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
authorizeCode := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateOpenIDConnectSession(s.t1, authorizeCode, request))
@@ -501,6 +506,7 @@ func (s *PersisterTestSuite) TestCreatePKCERequestSession() {
request := fosite.NewRequest()
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
authorizeCode := uuid.Must(uuid.NewV4()).String()
@@ -522,6 +528,7 @@ func (s *PersisterTestSuite) TestCreateRefreshTokenSession() {
request := fosite.NewRequest()
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
authorizeCode := uuid.Must(uuid.NewV4()).String()
actual := persistencesql.OAuth2RequestSQL{Table: "refresh"}
@@ -560,15 +567,16 @@ func (s *PersisterTestSuite) DeleteAccessTokenSession() {
sig := uuid.Must(uuid.NewV4()).String()
fr := fosite.NewRequest()
fr.Client = &fosite.DefaultClient{ID: client.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr))
require.NoError(t, r.Persister().DeleteAccessTokenSession(s.t2, sig))
actual := persistencesql.OAuth2RequestSQL{Table: "access"}
- require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
require.Equal(t, s.t1NID, actual.NID)
require.NoError(t, r.Persister().DeleteAccessTokenSession(s.t1, sig))
- require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
})
}
}
@@ -582,15 +590,16 @@ func (s *PersisterTestSuite) TestDeleteAccessTokens() {
sig := uuid.Must(uuid.NewV4()).String()
fr := fosite.NewRequest()
fr.Client = &fosite.DefaultClient{ID: client.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr))
require.NoError(t, r.Persister().DeleteAccessTokens(s.t2, client.ID))
actual := persistencesql.OAuth2RequestSQL{Table: "access"}
- require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
require.Equal(t, s.t1NID, actual.NID)
require.NoError(t, r.Persister().DeleteAccessTokens(s.t1, client.ID))
- require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
})
}
}
@@ -667,6 +676,7 @@ func (s *PersisterTestSuite) TestDeleteOpenIDConnectSession() {
request := fosite.NewRequest()
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
authorizeCode := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateOpenIDConnectSession(s.t1, authorizeCode, request))
@@ -690,9 +700,10 @@ func (s *PersisterTestSuite) TestDeletePKCERequestSession() {
request := fosite.NewRequest()
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
authorizeCode := uuid.Must(uuid.NewV4()).String()
- r.Persister().CreatePKCERequestSession(s.t1, authorizeCode, request)
+ require.NoError(t, r.Persister().CreatePKCERequestSession(s.t1, authorizeCode, request))
actual := persistencesql.OAuth2RequestSQL{Table: "pkce"}
@@ -713,6 +724,7 @@ func (s *PersisterTestSuite) TestDeleteRefreshTokenSession() {
request := fosite.NewRequest()
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
signature := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateRefreshTokenSession(s.t1, signature, request))
@@ -833,14 +845,15 @@ func (s *PersisterTestSuite) TestFlushInactiveAccessTokens() {
fr := fosite.NewRequest()
fr.RequestedAt = time.Now().UTC().Add(-24 * time.Hour)
fr.Client = &fosite.DefaultClient{ID: client.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr))
actual := persistencesql.OAuth2RequestSQL{Table: "access"}
require.NoError(t, r.Persister().FlushInactiveAccessTokens(s.t2, time.Now().Add(time.Hour), 100, 100))
- require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
require.NoError(t, r.Persister().FlushInactiveAccessTokens(s.t1, time.Now().Add(time.Hour), 100, 100))
- require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
})
}
}
@@ -916,6 +929,7 @@ func (s *PersisterTestSuite) TestFlushInactiveRefreshTokens() {
request := fosite.NewRequest()
request.RequestedAt = time.Now().Add(-240 * 365 * time.Hour)
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
signature := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateClient(s.t1, client))
@@ -940,6 +954,7 @@ func (s *PersisterTestSuite) TestGetAccessTokenSession() {
sig := uuid.Must(uuid.NewV4()).String()
fr := fosite.NewRequest()
fr.Client = &fosite.DefaultClient{ID: client.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr))
actual, err := r.Persister().GetAccessTokenSession(s.t2, sig, &fosite.DefaultSession{})
@@ -961,6 +976,7 @@ func (s *PersisterTestSuite) TestGetAuthorizeCodeSession() {
sig := uuid.Must(uuid.NewV4()).String()
fr := fosite.NewRequest()
fr.Client = &fosite.DefaultClient{ID: client.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAuthorizeCodeSession(s.t1, sig, fr))
actual, err := r.Persister().GetAuthorizeCodeSession(s.t2, sig, &fosite.DefaultSession{})
@@ -1201,7 +1217,7 @@ func (s *PersisterTestSuite) TestGetLoginRequest() {
lr := flow.LoginRequest{ID: "lr-id", ClientID: client.ID, RequestedAt: time.Now()}
require.NoError(t, r.Persister().CreateClient(s.t1, client))
- f, err := r.ConsentManager().CreateLoginRequest(s.t1, &lr)
+ f, err := r.ConsentManager().CreateLoginRequest(s.t1, nil, &lr)
require.NoError(t, err)
require.Equal(t, s.t1NID, f.NID)
@@ -1250,6 +1266,7 @@ func (s *PersisterTestSuite) TestGetOpenIDConnectSession() {
request := fosite.NewRequest()
request.SetID("request-id")
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
authorizeCode := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateClient(s.t1, client))
require.NoError(t, r.Persister().CreateOpenIDConnectSession(s.t1, authorizeCode, request))
@@ -1273,6 +1290,7 @@ func (s *PersisterTestSuite) TestGetPKCERequestSession() {
request := fosite.NewRequest()
request.SetID("request-id")
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
sig := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateClient(s.t1, client))
require.NoError(t, r.Persister().CreatePKCERequestSession(s.t1, sig, request))
@@ -1341,13 +1359,15 @@ func (s *PersisterTestSuite) TestGetPublicKeys() {
t := s.T()
for k, r := range s.registries {
t.Run(k, func(t *testing.T) {
- ks := newKeySet("ks-id", "use")
+ const issuer = "ks-id"
+ ks := newKeySet(issuer, "use")
grant := trust.Grant{
ID: uuid.Must(uuid.NewV4()).String(),
ExpiresAt: time.Now().Add(time.Hour),
- PublicKey: trust.PublicKey{Set: "ks-id", KeyID: ks.Keys[0].KeyID},
+ Issuer: issuer,
+ PublicKey: trust.PublicKey{Set: issuer, KeyID: ks.Keys[0].KeyID},
}
- require.NoError(t, r.Persister().AddKeySet(s.t1, "ks-id", ks))
+ require.NoError(t, r.Persister().AddKeySet(s.t1, issuer, ks))
require.NoError(t, r.Persister().CreateGrant(s.t1, grant, ks.Keys[0]))
actual, err := r.Persister().GetPublicKeys(s.t2, grant.Issuer, grant.Subject)
@@ -1369,6 +1389,7 @@ func (s *PersisterTestSuite) TestGetRefreshTokenSession() {
request := fosite.NewRequest()
request.SetID("request-id")
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
sig := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateClient(s.t1, client))
require.NoError(t, r.Persister().CreateRefreshTokenSession(s.t1, sig, request))
@@ -1456,6 +1477,7 @@ func (s *PersisterTestSuite) TestInvalidateAuthorizeCodeSession() {
sig := uuid.Must(uuid.NewV4()).String()
fr := fosite.NewRequest()
fr.Client = &fosite.DefaultClient{ID: cl.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAuthorizeCodeSession(s.t1, sig, fr))
require.NoError(t, r.Persister().InvalidateAuthorizeCodeSession(s.t2, sig))
@@ -1729,15 +1751,16 @@ func (s *PersisterTestSuite) TestRevokeAccessToken() {
sig := uuid.Must(uuid.NewV4()).String()
fr := fosite.NewRequest()
fr.Client = &fosite.DefaultClient{ID: client.ID}
+ fr.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
require.NoError(t, r.Persister().CreateAccessTokenSession(s.t1, sig, fr))
require.NoError(t, r.Persister().RevokeAccessToken(s.t2, fr.ID))
actual := persistencesql.OAuth2RequestSQL{Table: "access"}
- require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
require.Equal(t, s.t1NID, actual.NID)
require.NoError(t, r.Persister().RevokeAccessToken(s.t1, fr.ID))
- require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, persistencesql.SignatureHash(sig)))
+ require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, x.SignatureHash(sig)))
})
}
}
@@ -1751,6 +1774,7 @@ func (s *PersisterTestSuite) TestRevokeRefreshToken() {
request := fosite.NewRequest()
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
signature := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateRefreshTokenSession(s.t1, signature, request))
@@ -1776,6 +1800,7 @@ func (s *PersisterTestSuite) TestRevokeRefreshTokenMaybeGracePeriod() {
request := fosite.NewRequest()
request.Client = &fosite.DefaultClient{ID: "client-id"}
+ request.Session = &oauth2.Session{DefaultSession: &openid.DefaultSession{Subject: "sub"}}
signature := uuid.Must(uuid.NewV4()).String()
require.NoError(t, r.Persister().CreateRefreshTokenSession(s.t1, signature, request))
@@ -1811,7 +1836,7 @@ func (s *PersisterTestSuite) TestRevokeSubjectClientConsentSession() {
actual := flow.Flow{}
- require.Error(t, r.Persister().RevokeSubjectClientConsentSession(s.t2, "sub", client.ID))
+ require.NoError(t, r.Persister().RevokeSubjectClientConsentSession(s.t2, "sub", client.ID), "should not error if nothing was found")
require.NoError(t, r.Persister().Connection(context.Background()).Find(&actual, f.ID))
require.NoError(t, r.Persister().RevokeSubjectClientConsentSession(s.t1, "sub", client.ID))
require.Error(t, r.Persister().Connection(context.Background()).Find(&actual, f.ID))
@@ -2046,27 +2071,54 @@ func (s *PersisterTestSuite) TestVerifyAndInvalidateLogoutRequest() {
t := s.T()
for k, r := range s.registries {
t.Run(k, func(t *testing.T) {
- lr := newLogoutRequest()
- lr.Verifier = uuid.Must(uuid.NewV4()).String()
- lr.Accepted = true
- lr.Rejected = false
- require.NoError(t, r.ConsentManager().CreateLogoutRequest(s.t1, lr))
+ run := func(t *testing.T, lr *flow.LogoutRequest) {
+ lr.Verifier = uuid.Must(uuid.NewV4()).String()
+ lr.Accepted = true
+ lr.Rejected = false
+ require.NoError(t, r.ConsentManager().CreateLogoutRequest(s.t1, lr))
- expected, err := r.ConsentManager().GetLogoutRequest(s.t1, lr.ID)
- require.NoError(t, err)
+ expected, err := r.ConsentManager().GetLogoutRequest(s.t1, lr.ID)
+ require.NoError(t, err)
- lrInvalidated, err := r.ConsentManager().VerifyAndInvalidateLogoutRequest(s.t2, lr.Verifier)
- require.Error(t, err)
- require.Nil(t, lrInvalidated)
- actual := &flow.LogoutRequest{}
- require.NoError(t, r.Persister().Connection(context.Background()).Find(actual, lr.ID))
- require.Equal(t, expected, actual)
+ lrInvalidated, err := r.ConsentManager().VerifyAndInvalidateLogoutRequest(s.t2, lr.Verifier)
+ require.Error(t, err)
+ require.Nil(t, lrInvalidated)
+ actual := &flow.LogoutRequest{}
+ require.NoError(t, r.Persister().Connection(context.Background()).Find(actual, lr.ID))
+ require.Equal(t, expected, actual)
- lrInvalidated, err = r.ConsentManager().VerifyAndInvalidateLogoutRequest(s.t1, lr.Verifier)
- require.NoError(t, err)
- require.NoError(t, r.Persister().Connection(context.Background()).Find(actual, lr.ID))
- require.Equal(t, lrInvalidated, actual)
- require.Equal(t, true, actual.WasHandled)
+ lrInvalidated, err = r.ConsentManager().VerifyAndInvalidateLogoutRequest(s.t1, lr.Verifier)
+ require.NoError(t, err)
+ require.NoError(t, r.Persister().Connection(context.Background()).Find(actual, lr.ID))
+ require.Equal(t, lrInvalidated, actual)
+ require.Equal(t, true, actual.WasHandled)
+ }
+
+ t.Run("case=legacy logout request without expiry", func(t *testing.T) {
+ lr := newLogoutRequest()
+ run(t, lr)
+ })
+
+ t.Run("case=logout request with expiry", func(t *testing.T) {
+ lr := newLogoutRequest()
+ lr.ExpiresAt = sqlxx.NullTime(time.Now().Add(time.Hour))
+ run(t, lr)
+ })
+
+ t.Run("case=logout request that expired returns error", func(t *testing.T) {
+ lr := newLogoutRequest()
+ lr.ExpiresAt = sqlxx.NullTime(time.Now().UTC().Add(-time.Hour))
+ lr.Verifier = uuid.Must(uuid.NewV4()).String()
+ lr.Accepted = true
+ lr.Rejected = false
+ require.NoError(t, r.ConsentManager().CreateLogoutRequest(s.t1, lr))
+
+ _, err := r.ConsentManager().VerifyAndInvalidateLogoutRequest(s.t2, lr.Verifier)
+ require.ErrorIs(t, err, x.ErrNotFound)
+
+ _, err = r.ConsentManager().VerifyAndInvalidateLogoutRequest(s.t1, lr.Verifier)
+ require.ErrorIs(t, err, flow.ErrorLogoutFlowExpired)
+ })
})
}
}
diff --git a/persistence/sql/persister_oauth2.go b/persistence/sql/persister_oauth2.go
index c49c9c7f823..083e67ac5da 100644
--- a/persistence/sql/persister_oauth2.go
+++ b/persistence/sql/persister_oauth2.go
@@ -6,7 +6,6 @@ package sql
import (
"context"
"crypto/sha256"
- "crypto/sha512"
"database/sql"
"encoding/hex"
"encoding/json"
@@ -15,6 +14,10 @@ import (
"strings"
"time"
+ "github.com/ory/hydra/v2/x"
+
+ "github.com/ory/x/sqlxx"
+
"go.opentelemetry.io/otel/trace"
"github.com/gofrs/uuid"
@@ -52,6 +55,12 @@ type (
Active bool `db:"active"`
Session []byte `db:"session_data"`
Table tableName `db:"-"`
+ // InternalExpiresAt denormalizes the expiry from the session to additionally store it as a row.
+ InternalExpiresAt sqlxx.NullTime `db:"expires_at" json:"-"`
+ }
+ OAuth2RefreshTable struct {
+ OAuth2RequestSQL
+ FirstUsedAt sql.NullTime `db:"first_used_at"`
}
)
@@ -67,7 +76,11 @@ func (r OAuth2RequestSQL) TableName() string {
return "hydra_oauth2_" + string(r.Table)
}
-func (p *Persister) sqlSchemaFromRequest(ctx context.Context, signature string, r fosite.Requester, table tableName) (*OAuth2RequestSQL, error) {
+func (r OAuth2RefreshTable) TableName() string {
+ return "hydra_oauth2_refresh"
+}
+
+func (p *Persister) sqlSchemaFromRequest(ctx context.Context, signature string, r fosite.Requester, table tableName, expiresAt time.Time) (*OAuth2RequestSQL, error) {
subject := ""
if r.GetSession() == nil {
p.l.Debugf("Got an empty session in sqlSchemaFromRequest")
@@ -103,6 +116,7 @@ func (p *Persister) sqlSchemaFromRequest(ctx context.Context, signature string,
ConsentChallenge: challenge,
ID: signature,
RequestedAt: r.GetRequestedAt(),
+ InternalExpiresAt: sqlxx.NullTime(expiresAt),
Client: r.GetClient().GetID(),
Scopes: strings.Join(r.GetRequestedScopes(), "|"),
GrantedScope: strings.Join(r.GetGrantedScopes(), "|"),
@@ -116,6 +130,24 @@ func (p *Persister) sqlSchemaFromRequest(ctx context.Context, signature string,
}, nil
}
+func (p *Persister) marshalSession(ctx context.Context, session fosite.Session) ([]byte, error) {
+ sessionBytes, err := json.Marshal(session)
+ if err != nil {
+ return nil, err
+ }
+
+ if !p.config.EncryptSessionData(ctx) {
+ return sessionBytes, nil
+ }
+
+ ciphertext, err := p.r.KeyCipher().Encrypt(ctx, sessionBytes, nil)
+ if err != nil {
+ return nil, err
+ }
+
+ return []byte(ciphertext), nil
+}
+
func (r *OAuth2RequestSQL) toRequest(ctx context.Context, session fosite.Session, p *Persister) (_ *fosite.Request, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.toRequest")
defer otelx.End(span, &err)
@@ -148,8 +180,9 @@ func (r *OAuth2RequestSQL) toRequest(ctx context.Context, session fosite.Session
}
return &fosite.Request{
- ID: r.Request,
- RequestedAt: r.RequestedAt,
+ ID: r.Request,
+ RequestedAt: r.RequestedAt,
+ // ExpiresAt does not need to be populated as we get the expiry time from the session.
Client: c,
RequestedScope: stringsx.Splitx(r.Scopes, "|"),
GrantedScope: stringsx.Splitx(r.GrantedScope, "|"),
@@ -214,8 +247,8 @@ func (p *Persister) SetClientAssertionJWTRaw(ctx context.Context, jti *oauth2.Bl
return sqlcon.HandleError(p.CreateWithNetwork(ctx, jti))
}
-func (p *Persister) createSession(ctx context.Context, signature string, requester fosite.Requester, table tableName) error {
- req, err := p.sqlSchemaFromRequest(ctx, signature, requester, table)
+func (p *Persister) createSession(ctx context.Context, signature string, requester fosite.Requester, table tableName, expiresAt time.Time) error {
+ req, err := p.sqlSchemaFromRequest(ctx, signature, requester, table, expiresAt)
if err != nil {
return err
}
@@ -305,7 +338,7 @@ func (p *Persister) deactivateSessionByRequestID(ctx context.Context, id string,
func (p *Persister) CreateAuthorizeCodeSession(ctx context.Context, signature string, requester fosite.Requester) error {
return otelx.WithSpan(ctx, "persistence.sql.CreateAuthorizeCodeSession", func(ctx context.Context) error {
- return p.createSession(ctx, signature, requester, sqlTableCode)
+ return p.createSession(ctx, signature, requester, sqlTableCode, requester.GetSession().GetExpiresAt(fosite.AuthorizeCode).UTC())
})
}
@@ -332,12 +365,6 @@ func (p *Persister) InvalidateAuthorizeCodeSession(ctx context.Context, signatur
)
}
-// SignatureHash hashes the signature to prevent errors where the signature is
-// longer than 128 characters (and thus doesn't fit into the pk).
-func SignatureHash(signature string) string {
- return fmt.Sprintf("%x", sha512.Sum384([]byte(signature)))
-}
-
func (p *Persister) CreateAccessTokenSession(ctx context.Context, signature string, requester fosite.Requester) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateAccessTokenSession")
defer otelx.End(span, &err)
@@ -346,7 +373,7 @@ func (p *Persister) CreateAccessTokenSession(ctx context.Context, signature stri
append(toEventOptions(requester), events.WithGrantType(requester.GetRequestForm().Get("grant_type")))...,
)
- return p.createSession(ctx, SignatureHash(signature), requester, sqlTableAccess)
+ return p.createSession(ctx, x.SignatureHash(signature), requester, sqlTableAccess, requester.GetSession().GetExpiresAt(fosite.AccessToken).UTC())
}
func (p *Persister) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) {
@@ -354,7 +381,7 @@ func (p *Persister) GetAccessTokenSession(ctx context.Context, signature string,
defer otelx.End(span, &err)
r := OAuth2RequestSQL{Table: sqlTableAccess}
- err = p.QueryWithNetwork(ctx).Where("signature = ?", SignatureHash(signature)).First(&r)
+ err = p.QueryWithNetwork(ctx).Where("signature = ?", x.SignatureHash(signature)).First(&r)
if errors.Is(err, sql.ErrNoRows) {
// Backwards compatibility: we previously did not always hash the
// signature before inserting. In case there are still very old (but
@@ -384,7 +411,7 @@ func (p *Persister) DeleteAccessTokenSession(ctx context.Context, signature stri
err = sqlcon.HandleError(
p.QueryWithNetwork(ctx).
- Where("signature = ?", SignatureHash(signature)).
+ Where("signature = ?", x.SignatureHash(signature)).
Delete(&OAuth2RequestSQL{Table: sqlTableAccess}))
if errors.Is(err, sqlcon.ErrNoRows) {
// Backwards compatibility: we previously did not always hash the
@@ -422,13 +449,40 @@ func (p *Persister) CreateRefreshTokenSession(ctx context.Context, signature str
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateRefreshTokenSession")
defer otelx.End(span, &err)
events.Trace(ctx, events.RefreshTokenIssued, toEventOptions(requester)...)
- return p.createSession(ctx, signature, requester, sqlTableRefresh)
+ return p.createSession(ctx, signature, requester, sqlTableRefresh, requester.GetSession().GetExpiresAt(fosite.RefreshToken).UTC())
}
func (p *Persister) GetRefreshTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.GetRefreshTokenSession")
defer otelx.End(span, &err)
- return p.findSessionBySignature(ctx, signature, session, sqlTableRefresh)
+
+ r := OAuth2RefreshTable{OAuth2RequestSQL: OAuth2RequestSQL{Table: sqlTableRefresh}}
+ err = p.QueryWithNetwork(ctx).Where("signature = ?", signature).First(&r)
+ if errors.Is(err, sql.ErrNoRows) {
+ return nil, errorsx.WithStack(fosite.ErrNotFound)
+ } else if err != nil {
+ return nil, sqlcon.HandleError(err)
+ }
+
+ fositeRequest, err := r.toRequest(ctx, session, p)
+ if err != nil {
+ return nil, err
+ }
+
+ if r.Active {
+ return fositeRequest, nil
+ }
+
+ if gracePeriod := p.r.Config().RefreshTokenRotationGracePeriod(ctx); gracePeriod > 0 && r.FirstUsedAt.Valid {
+ if r.FirstUsedAt.Time.Add(gracePeriod).Before(time.Now()) {
+ return fositeRequest, errors.WithStack(fosite.ErrInactiveToken)
+ }
+
+ r.Active = true // We set active to true because we are in the grace period.
+ return r.toRequest(ctx, session, p) // And re-generate the request
+ }
+
+ return fositeRequest, errors.WithStack(fosite.ErrInactiveToken)
}
func (p *Persister) DeleteRefreshTokenSession(ctx context.Context, signature string) (err error) {
@@ -441,7 +495,8 @@ func (p *Persister) CreateOpenIDConnectSession(ctx context.Context, signature st
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreateOpenIDConnectSession")
defer otelx.End(span, &err)
events.Trace(ctx, events.IdentityTokenIssued, toEventOptions(requester)...)
- return p.createSession(ctx, signature, requester, sqlTableOpenID)
+ // The expiry of an OIDC session is equal to the expiry of the authorization code. If the code is invalid, so is this OIDC request.
+ return p.createSession(ctx, signature, requester, sqlTableOpenID, requester.GetSession().GetExpiresAt(fosite.AuthorizeCode).UTC())
}
func (p *Persister) GetOpenIDConnectSession(ctx context.Context, signature string, requester fosite.Requester) (_ fosite.Requester, err error) {
@@ -465,7 +520,8 @@ func (p *Persister) GetPKCERequestSession(ctx context.Context, signature string,
func (p *Persister) CreatePKCERequestSession(ctx context.Context, signature string, requester fosite.Requester) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.CreatePKCERequestSession")
defer otelx.End(span, &err)
- return p.createSession(ctx, signature, requester, sqlTablePKCE)
+ // The expiry of a PKCE session is equal to the expiry of the authorization code. If the code is invalid, so is this PKCE request.
+ return p.createSession(ctx, signature, requester, sqlTablePKCE, requester.GetSession().GetExpiresAt(fosite.AuthorizeCode).UTC())
}
func (p *Persister) DeletePKCERequestSession(ctx context.Context, signature string) (err error) {
@@ -483,7 +539,17 @@ func (p *Persister) RevokeRefreshToken(ctx context.Context, id string) (err erro
func (p *Persister) RevokeRefreshTokenMaybeGracePeriod(ctx context.Context, id string, _ string) (err error) {
ctx, span := p.r.Tracer(ctx).Tracer().Start(ctx, "persistence.sql.RevokeRefreshTokenMaybeGracePeriod")
defer otelx.End(span, &err)
- return p.deactivateSessionByRequestID(ctx, id, sqlTableRefresh)
+
+ /* #nosec G201 table is static */
+ return sqlcon.HandleError(
+ p.Connection(ctx).
+ RawQuery(
+ fmt.Sprintf("UPDATE %s SET active=false, first_used_at = CURRENT_TIMESTAMP WHERE request_id=? AND nid = ? AND active", OAuth2RequestSQL{Table: sqlTableRefresh}.TableName()),
+ id,
+ p.NetworkID(ctx),
+ ).
+ Exec(),
+ )
}
func (p *Persister) RevokeAccessToken(ctx context.Context, id string) (err error) {
diff --git a/persistence/sql/persister_test.go b/persistence/sql/persister_test.go
index ff75517813d..a4818a3e69d 100644
--- a/persistence/sql/persister_test.go
+++ b/persistence/sql/persister_test.go
@@ -8,6 +8,8 @@ import (
"testing"
"time"
+ "github.com/ory/hydra/v2/consent/test"
+
"github.com/go-jose/go-jose/v3"
"github.com/gobuffalo/pop/v6"
@@ -17,7 +19,6 @@ import (
"github.com/stretchr/testify/require"
"github.com/ory/hydra/v2/client"
- "github.com/ory/hydra/v2/consent"
"github.com/ory/hydra/v2/internal/testhelpers"
"github.com/ory/hydra/v2/oauth2/trust"
"github.com/ory/x/contextx"
@@ -52,8 +53,8 @@ func testRegistry(t *testing.T, ctx context.Context, k string, t1 driver.Registr
parallel = false
}
- t.Run("package=consent/manager="+k, consent.ManagerTests(t1, t1.ConsentManager(), t1.ClientManager(), t1.OAuth2Storage(), "t1", parallel))
- t.Run("package=consent/manager="+k, consent.ManagerTests(t2, t2.ConsentManager(), t2.ClientManager(), t2.OAuth2Storage(), "t2", parallel))
+ t.Run("package=consent/manager="+k, test.ManagerTests(t1, t1.ConsentManager(), t1.ClientManager(), t1.OAuth2Storage(), "t1", parallel))
+ t.Run("package=consent/manager="+k, test.ManagerTests(t2, t2.ConsentManager(), t2.ClientManager(), t2.OAuth2Storage(), "t2", parallel))
t.Run("parallel-boundary", func(t *testing.T) {
t.Run("package=consent/janitor="+k, testhelpers.JanitorTests(t1, "t1", parallel))
@@ -186,7 +187,7 @@ func TestManagers(t *testing.T) {
)
}
t.Run("package=consent/manager="+k+"/case=nid",
- consent.TestHelperNID(t1, t1.ConsentManager(), t2.ConsentManager()),
+ test.TestHelperNID(t1, t1.ConsentManager(), t2.ConsentManager()),
)
}
}
diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.cockroach.up.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.cockroach.up.sql
new file mode 100644
index 00000000000..23d3c7721e6
--- /dev/null
+++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.cockroach.up.sql
@@ -0,0 +1,44 @@
+CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes
+(
+ device_code_signature VARCHAR(255) NOT NULL,
+ user_code_signature VARCHAR(255) NOT NULL,
+ request_id VARCHAR(40) NOT NULL,
+ requested_at TIMESTAMP NOT NULL DEFAULT NOW(),
+ client_id VARCHAR(255) NOT NULL,
+ scope TEXT NOT NULL,
+ granted_scope TEXT NOT NULL,
+ form_data TEXT NOT NULL,
+ session_data TEXT NOT NULL,
+ subject VARCHAR(255) NOT NULL DEFAULT '',
+ device_code_active BOOL NOT NULL DEFAULT true,
+ user_code_state SMALLINT NOT NULL DEFAULT 0,
+ requested_audience TEXT NULL DEFAULT '',
+ granted_audience TEXT NULL DEFAULT '',
+ challenge_id VARCHAR(40) NULL,
+ expires_at TIMESTAMP NULL,
+ nid UUID NULL,
+
+ FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE,
+ FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE,
+ PRIMARY KEY (device_code_signature, nid)
+);
+
+CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id);
+CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid);
+
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_verifier VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_csrf VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_user_code_accepted_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_was_used BOOL NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_handled_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_error TEXT NULL;
+
+CREATE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
+
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_id_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_access_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL;
diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.down.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.down.sql
new file mode 100644
index 00000000000..d40f5b1ced4
--- /dev/null
+++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.down.sql
@@ -0,0 +1,19 @@
+ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_challenge_id_fk;
+ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_client_id_fk;
+ALTER TABLE hydra_oauth2_device_auth_codes DROP FOREIGN KEY IF EXISTS hydra_oauth2_device_auth_codes_nid_fk_idx;
+
+DROP TABLE IF EXISTS hydra_oauth2_device_auth_codes;
+
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_challenge_id;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_code_request_id;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_verifier;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_csrf;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_user_code_accepted_at;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_was_used;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_handled_at;
+ALTER TABLE hydra_oauth2_flow DROP COLUMN IF EXISTS device_error;
+
+
+ALTER TABLE hydra_client DROP COLUMN device_authorization_grant_id_token_lifespan;
+ALTER TABLE hydra_client DROP COLUMN device_authorization_grant_access_token_lifespan;
+ALTER TABLE hydra_client DROP COLUMN device_authorization_grant_refresh_token_lifespan;
\ No newline at end of file
diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.mysql.up.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.mysql.up.sql
new file mode 100644
index 00000000000..14a095a2408
--- /dev/null
+++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.mysql.up.sql
@@ -0,0 +1,44 @@
+CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes
+(
+ device_code_signature VARCHAR(255) NOT NULL,
+ user_code_signature VARCHAR(255) NOT NULL,
+ request_id VARCHAR(40) NOT NULL DEFAULT '',
+ requested_at TIMESTAMP NOT NULL DEFAULT NOW(),
+ client_id VARCHAR(255) NOT NULL,
+ scope TEXT NOT NULL,
+ granted_scope TEXT NOT NULL,
+ form_data TEXT NOT NULL,
+ session_data TEXT NOT NULL,
+ subject VARCHAR(255) NOT NULL DEFAULT '',
+ device_code_active BOOL NOT NULL DEFAULT true,
+ user_code_state SMALLINT NOT NULL DEFAULT 0,
+ requested_audience TEXT NOT NULL,
+ granted_audience TEXT NOT NULL,
+ challenge_id VARCHAR(40) NULL,
+ expires_at TIMESTAMP NULL,
+ nid CHAR(36) NOT NULL,
+
+ FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE,
+ FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE,
+ PRIMARY KEY (device_code_signature, nid)
+);
+
+CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id);
+CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid);
+
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_verifier VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_csrf VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_user_code_accepted_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_was_used BOOL NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_handled_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_error TEXT NULL;
+
+CREATE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
+
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_id_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_access_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL;
diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.postgres.up.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.postgres.up.sql
new file mode 100644
index 00000000000..10280acd181
--- /dev/null
+++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.postgres.up.sql
@@ -0,0 +1,44 @@
+CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes
+(
+ device_code_signature VARCHAR(255) NOT NULL,
+ user_code_signature VARCHAR(255) NOT NULL,
+ request_id VARCHAR(40) NOT NULL,
+ requested_at TIMESTAMP NOT NULL DEFAULT NOW(),
+ client_id VARCHAR(255) NOT NULL,
+ scope TEXT NOT NULL,
+ granted_scope TEXT NOT NULL,
+ form_data TEXT NOT NULL,
+ session_data TEXT NOT NULL,
+ subject VARCHAR(255) NOT NULL DEFAULT '',
+ device_code_active BOOL NOT NULL DEFAULT true,
+ user_code_state SMALLINT NOT NULL DEFAULT 0,
+ requested_audience TEXT NULL DEFAULT '',
+ granted_audience TEXT NULL DEFAULT '',
+ challenge_id VARCHAR(40) NULL,
+ expires_at TIMESTAMP NULL,
+ nid UUID NULL,
+
+ FOREIGN KEY (client_id, nid) REFERENCES hydra_client(id, nid) ON DELETE CASCADE,
+ FOREIGN KEY (nid) REFERENCES networks(id) ON UPDATE RESTRICT ON DELETE CASCADE,
+ PRIMARY KEY (device_code_signature, nid)
+);
+
+CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id);
+CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid);
+
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_verifier VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_csrf VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_user_code_accepted_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_was_used BOOLEAN NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_handled_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_error TEXT NULL;
+
+CREATE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
+
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_id_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_access_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL;
diff --git a/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.up.sql b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.up.sql
new file mode 100644
index 00000000000..9327ef347ff
--- /dev/null
+++ b/persistence/sql/src/YYYYMMDD000001_device_flow/20241609000001000000_device_flow.up.sql
@@ -0,0 +1,40 @@
+CREATE TABLE IF NOT EXISTS hydra_oauth2_device_auth_codes
+(
+ device_code_signature VARCHAR(255) NOT NULL PRIMARY KEY,
+ user_code_signature VARCHAR(255) NOT NULL,
+ request_id VARCHAR(40) NOT NULL,
+ requested_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ client_id VARCHAR(255) NOT NULL,
+ scope TEXT NOT NULL,
+ granted_scope TEXT NOT NULL,
+ form_data TEXT NOT NULL,
+ session_data TEXT NOT NULL,
+ subject VARCHAR(255) NOT NULL DEFAULT '',
+ device_code_active BOOL NOT NULL DEFAULT true,
+ user_code_state SMALLINT NOT NULL DEFAULT 0,
+ requested_audience TEXT NULL DEFAULT '',
+ granted_audience TEXT NULL DEFAULT '',
+ challenge_id VARCHAR(40) NULL,
+ expires_at TIMESTAMP NULL,
+ nid UUID NULL
+);
+
+CREATE INDEX hydra_oauth2_device_auth_codes_request_id_idx ON hydra_oauth2_device_auth_codes (request_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_client_id_idx ON hydra_oauth2_device_auth_codes (client_id, nid);
+CREATE INDEX hydra_oauth2_device_auth_codes_challenge_id_idx ON hydra_oauth2_device_auth_codes (challenge_id);
+CREATE UNIQUE INDEX hydra_oauth2_device_auth_codes_user_code_signature_idx ON hydra_oauth2_device_auth_codes (user_code_signature, nid);
+
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_challenge_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_code_request_id VARCHAR(255) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_verifier VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_csrf VARCHAR(40) NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_user_code_accepted_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_was_used BOOLEAN NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_handled_at TIMESTAMP NULL;
+ALTER TABLE hydra_oauth2_flow ADD COLUMN device_error TEXT NULL;
+
+CREATE INDEX hydra_oauth2_flow_device_challenge_idx ON hydra_oauth2_flow (device_challenge_id);
+
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_id_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_access_token_lifespan BIGINT NULL DEFAULT NULL;
+ALTER TABLE hydra_client ADD COLUMN device_authorization_grant_refresh_token_lifespan BIGINT NULL DEFAULT NULL;
diff --git a/quickstart-cockroach.yml b/quickstart-cockroach.yml
index 339f317866b..ebb9218f495 100644
--- a/quickstart-cockroach.yml
+++ b/quickstart-cockroach.yml
@@ -9,7 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-version: "3.7"
services:
hydra-migrate:
environment:
@@ -18,7 +17,7 @@ services:
environment:
- DSN=cockroach://root@cockroachd:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4
cockroachd:
- image: cockroachdb/cockroach:v22.1.10
+ image: cockroachdb/cockroach:latest-v24.1
ports:
- "26257:26257"
command: start-single-node --insecure
diff --git a/quickstart-cors.yml b/quickstart-cors.yml
index 0bde8012573..8bc137897ff 100644
--- a/quickstart-cors.yml
+++ b/quickstart-cors.yml
@@ -9,9 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-
-version: "3.7"
-
services:
hydra:
environment:
diff --git a/quickstart-debug.yml b/quickstart-debug.yml
index a64b28efc2e..40780f7260d 100644
--- a/quickstart-debug.yml
+++ b/quickstart-debug.yml
@@ -9,9 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-
-version: "3.7"
-
services:
hydra:
environment:
diff --git a/quickstart-hsm.yml b/quickstart-hsm.yml
index 709ab55e81b..c5822f9ae64 100644
--- a/quickstart-hsm.yml
+++ b/quickstart-hsm.yml
@@ -9,9 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-
-version: "3.7"
-
services:
hydra:
build:
diff --git a/quickstart-jwt.yml b/quickstart-jwt.yml
index 0262dd29c0c..8227be78998 100644
--- a/quickstart-jwt.yml
+++ b/quickstart-jwt.yml
@@ -9,9 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-
-version: "3.7"
-
services:
hydra:
environment:
diff --git a/quickstart-mysql.yml b/quickstart-mysql.yml
index b693d1812b2..28a97b92b1b 100644
--- a/quickstart-mysql.yml
+++ b/quickstart-mysql.yml
@@ -9,7 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-version: "3.7"
services:
hydra-migrate:
environment:
@@ -18,7 +17,7 @@ services:
environment:
- DSN=mysql://root:secret@tcp(mysqld:3306)/mysql?max_conns=20&max_idle_conns=4
mysqld:
- image: mysql:8.0.26
+ image: mysql:8.0
ports:
- "3306:3306"
environment:
diff --git a/quickstart-postgres.yml b/quickstart-postgres.yml
index a5e845cb948..331ca81c57c 100644
--- a/quickstart-postgres.yml
+++ b/quickstart-postgres.yml
@@ -9,7 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-version: "3.7"
services:
hydra-migrate:
environment:
@@ -18,7 +17,7 @@ services:
environment:
- DSN=postgres://hydra:secret@postgresd:5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4
postgresd:
- image: postgres:11.8
+ image: postgres:16
ports:
- "5432:5432"
environment:
diff --git a/quickstart-prometheus.yml b/quickstart-prometheus.yml
index 89b2455b755..ba944436aad 100644
--- a/quickstart-prometheus.yml
+++ b/quickstart-prometheus.yml
@@ -9,9 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-
-version: "3.7"
-
services:
prometheus:
image: prom/prometheus:v2.12.0
diff --git a/quickstart-tracing.yml b/quickstart-tracing.yml
index 68d403f5708..ae7758e4a23 100644
--- a/quickstart-tracing.yml
+++ b/quickstart-tracing.yml
@@ -9,9 +9,6 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-
-version: "3.7"
-
services:
hydra:
depends_on:
diff --git a/quickstart.yml b/quickstart.yml
index 999a9782d60..c521a273f9d 100644
--- a/quickstart.yml
+++ b/quickstart.yml
@@ -9,10 +9,9 @@
# endpoint can only be used if you follow the steps in the tutorial. #
# #
###########################################################################
-version: "3.7"
services:
hydra:
- image: oryd/hydra:v2.2.0-rc.3
+ image: oryd/hydra:v2.2.0
ports:
- "4444:4444" # Public port
- "4445:4445" # Admin port
@@ -34,7 +33,7 @@ services:
networks:
- intranet
hydra-migrate:
- image: oryd/hydra:v2.2.0-rc.3
+ image: oryd/hydra:v2.2.0
environment:
- DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
command: migrate -c /etc/config/hydra/hydra.yml sql -e --yes
@@ -52,7 +51,7 @@ services:
consent:
environment:
- HYDRA_ADMIN_URL=http://hydra:4445
- image: oryd/hydra-login-consent-node:v2.2.0-rc.3
+ image: oryd/hydra-login-consent-node:v2.2.0
ports:
- "3000:3000"
restart: unless-stopped
diff --git a/scripts/5min-tutorial.sh b/scripts/5min-tutorial.sh
index f6ec624e3a2..d5b6c8bb242 100755
--- a/scripts/5min-tutorial.sh
+++ b/scripts/5min-tutorial.sh
@@ -4,7 +4,7 @@ DB=${DB:-postgres}
TRACING=${TRACING:-false}
PROMETHEUS=${PROMETHEUS:-false}
-DC="docker-compose -f quickstart.yml"
+DC="docker compose -f quickstart.yml"
if [[ $DB == "mysql" ]]; then
DC+=" -f quickstart-mysql.yml"
fi
@@ -20,4 +20,3 @@ fi
DC+=" up --build"
$DC
-
diff --git a/scripts/db-diff.sh b/scripts/db-diff.sh
index eee37fec8d4..61ce4993edc 100755
--- a/scripts/db-diff.sh
+++ b/scripts/db-diff.sh
@@ -96,7 +96,7 @@ function dump_cockroach {
sleep 4
go run . migrate sql "$TEST_DATABASE_COCKROACHDB" --yes > /dev/null || true
hydra::util::parse-connection-url "${TEST_DATABASE_COCKROACHDB}"
- docker run --rm --net=host -it cockroachdb/cockroach:v20.2.6 dump --dump-all --dump-mode=schema --insecure --user="${DB_USER}" --host="${DB_HOST}" --port="${DB_PORT}"
+ docker run --rm --net=host -it cockroachdb/cockroach:latest-v24.1 dump --dump-all --dump-mode=schema --insecure --user="${DB_USER}" --host="${DB_HOST}" --port="${DB_PORT}"
}
function dump_sqlite {
@@ -107,7 +107,7 @@ function dump_sqlite {
hydra::util::ensure-sqlite
rm "$SQLITE_PATH" > /dev/null 2>&1 || true
- go run -tags sqlite,json1 . migrate sql "sqlite://$SQLITE_PATH?_fk=true" --yes > /dev/null 2>&1 || true
+ go run -tags sqlite,sqlite_omit_load_extension . migrate sql "sqlite://$SQLITE_PATH?_fk=true" --yes > /dev/null 2>&1 || true
echo '.dump' | sqlite3 "$SQLITE_PATH"
}
diff --git a/spec/api.json b/spec/api.json
index c0b4fbdd7d4..ad979c7dc59 100644
--- a/spec/api.json
+++ b/spec/api.json
@@ -2,7 +2,7 @@
"components": {
"responses": {
"emptyResponse": {
- "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is\ntypically 201."
+ "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is\ntypically 204."
},
"errorOAuth2BadRequest": {
"content": {
@@ -68,6 +68,35 @@
"type": "object"
},
"DefaultError": {},
+ "DeviceUserAuthRequest": {
+ "properties": {
+ "challenge": {
+ "description": "ID is the identifier (\"device challenge\") of the device grant request. It is used to\nidentify the session.",
+ "type": "string"
+ },
+ "client": {
+ "$ref": "#/components/schemas/oAuth2Client"
+ },
+ "handled_at": {
+ "$ref": "#/components/schemas/nullTime"
+ },
+ "request_url": {
+ "description": "RequestURL is the original Device Authorization URL requested.",
+ "type": "string"
+ },
+ "requested_access_token_audience": {
+ "$ref": "#/components/schemas/StringSliceJSONFormat"
+ },
+ "requested_scope": {
+ "$ref": "#/components/schemas/StringSliceJSONFormat"
+ }
+ },
+ "required": [
+ "challenge"
+ ],
+ "title": "Contains information on an ongoing device grant request.",
+ "type": "object"
+ },
"JSONRawMessage": {
"title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."
},
@@ -148,8 +177,20 @@
"title": "VerifiableCredentialProof contains the proof of a verifiable credential.",
"type": "object"
},
+ "acceptDeviceUserCodeRequest": {
+ "description": "Contains information on an device verification",
+ "properties": {
+ "user_code": {
+ "type": "string"
+ }
+ },
+ "type": "object"
+ },
"acceptOAuth2ConsentRequest": {
"properties": {
+ "context": {
+ "$ref": "#/components/schemas/JSONRawMessage"
+ },
"grant_access_token_audience": {
"$ref": "#/components/schemas/StringSliceJSONFormat"
},
@@ -286,6 +327,45 @@
"title": "Verifiable Credentials Metadata (Draft 00)",
"type": "object"
},
+ "deviceAuthorization": {
+ "description": "# Ory's OAuth 2.0 Device Authorization API",
+ "properties": {
+ "device_code": {
+ "description": "The device verification code.",
+ "example": "ory_dc_smldfksmdfkl.mslkmlkmlk",
+ "type": "string"
+ },
+ "expires_in": {
+ "description": "The lifetime in seconds of the \"device_code\" and \"user_code\".",
+ "example": 16830,
+ "format": "int64",
+ "type": "integer"
+ },
+ "interval": {
+ "description": "The minimum amount of time in seconds that the client\nSHOULD wait between polling requests to the token endpoint. If no\nvalue is provided, clients MUST use 5 as the default.",
+ "example": 5,
+ "format": "int64",
+ "type": "integer"
+ },
+ "user_code": {
+ "description": "The end-user verification code.",
+ "example": "AAAAAA",
+ "type": "string"
+ },
+ "verification_uri": {
+ "description": "The end-user verification URI on the authorization\nserver. The URI should be short and easy to remember as end users\nwill be asked to manually type it into their user agent.",
+ "example": "https://auth.ory.sh/tv",
+ "type": "string"
+ },
+ "verification_uri_complete": {
+ "description": "A verification URI that includes the \"user_code\" (or\nother information with the same function as the \"user_code\"),\nwhich is designed for non-textual transmission.",
+ "example": "https://auth.ory.sh/tv?user_code=AAAAAA",
+ "type": "string"
+ }
+ },
+ "title": "OAuth2 Device Flow",
+ "type": "object"
+ },
"errorOAuth2": {
"description": "Error",
"properties": {
@@ -371,6 +451,7 @@
"type": "object"
}
},
+ "title": "The not ready status of the service.",
"type": "object"
},
"healthStatus": {
@@ -380,6 +461,7 @@
"type": "string"
}
},
+ "title": "The health status of the service.",
"type": "object"
},
"introspectedOAuth2Token": {
@@ -665,6 +747,15 @@
"format": "date-time",
"type": "string"
},
+ "device_authorization_grant_access_token_lifespan": {
+ "$ref": "#/components/schemas/NullDuration"
+ },
+ "device_authorization_grant_id_token_lifespan": {
+ "$ref": "#/components/schemas/NullDuration"
+ },
+ "device_authorization_grant_refresh_token_lifespan": {
+ "$ref": "#/components/schemas/NullDuration"
+ },
"frontchannel_logout_session_required": {
"description": "OpenID Connect Front-Channel Logout Session Required\n\nBoolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be\nincluded to identify the RP session with the OP when the frontchannel_logout_uri is used.\nIf omitted, the default value is false.",
"type": "boolean"
@@ -753,6 +844,10 @@
"description": "SkipConsent skips the consent screen for this client. This field can only\nbe set from the admin API.",
"type": "boolean"
},
+ "skip_logout_consent": {
+ "description": "SkipLogoutConsent skips the logout consent screen for this client. This field can only\nbe set from the admin API.",
+ "type": "boolean"
+ },
"subject_type": {
"description": "OpenID Connect Subject Type\n\nThe `subject_types_supported` Discovery parameter contains a\nlist of the supported subject_type values for this server. Valid types include `pairwise` and `public`.",
"type": "string"
@@ -798,6 +893,15 @@
"client_credentials_grant_access_token_lifespan": {
"$ref": "#/components/schemas/NullDuration"
},
+ "device_authorization_grant_access_token_lifespan": {
+ "$ref": "#/components/schemas/NullDuration"
+ },
+ "device_authorization_grant_id_token_lifespan": {
+ "$ref": "#/components/schemas/NullDuration"
+ },
+ "device_authorization_grant_refresh_token_lifespan": {
+ "$ref": "#/components/schemas/NullDuration"
+ },
"implicit_grant_access_token_lifespan": {
"$ref": "#/components/schemas/NullDuration"
},
@@ -839,6 +943,10 @@
"context": {
"$ref": "#/components/schemas/JSONRawMessage"
},
+ "device_challenge_id": {
+ "description": "DeviceChallenge is the device challenge this consent challenge belongs to, if this flow was initiated by a device.",
+ "type": "string"
+ },
"login_challenge": {
"description": "LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate\na login and consent request in the login \u0026 consent app.",
"type": "string"
@@ -914,6 +1022,9 @@
"consent_request": {
"$ref": "#/components/schemas/oAuth2ConsentRequest"
},
+ "context": {
+ "$ref": "#/components/schemas/JSONRawMessage"
+ },
"expires_at": {
"properties": {
"access_token": {
@@ -1135,6 +1246,11 @@
},
"type": "array"
},
+ "device_authorization_endpoint": {
+ "description": "OAuth 2.0 Device Authorization Endpoint URL",
+ "example": "https://playground.ory.sh/ory-hydra/public/oauth2/device/oauth",
+ "type": "string"
+ },
"end_session_endpoint": {
"description": "OpenID Connect End-Session Endpoint\n\nURL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.",
"type": "string"
@@ -1268,6 +1384,7 @@
"required": [
"issuer",
"authorization_endpoint",
+ "device_authorization_endpoint",
"token_endpoint",
"jwks_uri",
"subject_types_supported",
@@ -1653,6 +1770,35 @@
"title": "VerifiableCredentialResponse contains the verifiable credential.",
"type": "object"
},
+ "verifyUserCodeRequest": {
+ "properties": {
+ "challenge": {
+ "description": "ID is the identifier (\"device challenge\") of the device request. It is used to\nidentify the session.",
+ "type": "string"
+ },
+ "client": {
+ "$ref": "#/components/schemas/oAuth2Client"
+ },
+ "device_code_request_id": {
+ "type": "string"
+ },
+ "handled_at": {
+ "$ref": "#/components/schemas/nullTime"
+ },
+ "request_url": {
+ "description": "RequestURL is the original Device Authorization URL requested.",
+ "type": "string"
+ },
+ "requested_access_token_audience": {
+ "$ref": "#/components/schemas/StringSliceJSONFormat"
+ },
+ "requested_scope": {
+ "$ref": "#/components/schemas/StringSliceJSONFormat"
+ }
+ },
+ "title": "HandledDeviceUserAuthRequest is the request payload used to accept a device user_code.",
+ "type": "object"
+ },
"version": {
"properties": {
"version": {
@@ -1703,7 +1849,7 @@
"paths": {
"/.well-known/jwks.json": {
"get": {
- "description": "This endpoint returns JSON Web Keys required to verifying OpenID Connect ID Tokens and,\nif enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like\n[node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.",
+ "description": "This endpoint returns JSON Web Keys required to verifying OpenID Connect ID Tokens and,\nif enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like\n[node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.\n\nAdding custom keys requires first creating a keyset via the createJsonWebKeySet operation,\nand then configuring the webfinger.jwks.broadcast_keys configuration value to include the keyset name.",
"operationId": "discoverJsonWebKeys",
"responses": {
"200": {
@@ -2579,6 +2725,58 @@
]
}
},
+ "/admin/oauth2/auth/requests/device/accept": {
+ "put": {
+ "description": "Accepts a device grant user_code request",
+ "operationId": "acceptUserCodeRequest",
+ "parameters": [
+ {
+ "in": "query",
+ "name": "device_challenge",
+ "required": true,
+ "schema": {
+ "type": "string"
+ }
+ }
+ ],
+ "requestBody": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/acceptDeviceUserCodeRequest"
+ }
+ }
+ },
+ "x-originalParamName": "Body"
+ },
+ "responses": {
+ "200": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/oAuth2RedirectTo"
+ }
+ }
+ },
+ "description": "oAuth2RedirectTo"
+ },
+ "default": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/errorOAuth2"
+ }
+ }
+ },
+ "description": "errorOAuth2"
+ }
+ },
+ "summary": "Accepts a device grant user_code request",
+ "tags": [
+ "oAuth2"
+ ]
+ }
+ },
"/admin/oauth2/auth/requests/login": {
"get": {
"description": "When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider\nto authenticate the subject and then tell the Ory OAuth2 Service about it.\n\nPer default, the login provider is Ory itself. You may use a different login provider which needs to be a web-app\nyou write and host, and it must be able to authenticate (\"show the subject a login screen\")\na subject (in OAuth2 the proper name for subject is \"resource owner\").\n\nThe authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login\nprovider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process.",
@@ -3005,7 +3203,7 @@
}
},
{
- "description": "OAuth 2.0 Subject\n\nThe subject to revoke authentication sessions for.",
+ "description": "Login Session ID\n\nThe login session to revoke.",
"in": "query",
"name": "sid",
"schema": {
@@ -3437,7 +3635,7 @@
},
"/oauth2/auth": {
"get": {
- "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries at https://oauth.net/code/\n\nThe Ory SDK is not yet able to this endpoint properly.",
+ "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries at https://oauth.net/code/\n\nThis endpoint should not be used via the Ory SDK and is only included for technical reasons.\nInstead, use one of the libraries linked above.",
"operationId": "oAuth2Authorize",
"responses": {
"302": {
@@ -3460,6 +3658,63 @@
]
}
},
+ "/oauth2/device/auth": {
+ "post": {
+ "description": "This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.\nOAuth2 is a very popular protocol and a library for your programming language will exists.\n\nTo learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc8628",
+ "operationId": "oAuth2DeviceFlow",
+ "responses": {
+ "200": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/deviceAuthorization"
+ }
+ }
+ },
+ "description": "deviceAuthorization"
+ },
+ "default": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/errorOAuth2"
+ }
+ }
+ },
+ "description": "errorOAuth2"
+ }
+ },
+ "summary": "The OAuth 2.0 Device Authorize Endpoint",
+ "tags": [
+ "oAuth2"
+ ]
+ }
+ },
+ "/oauth2/device/verify": {
+ "get": {
+ "description": "This is the device user verification endpoint. The user is redirected her when trying to login using the device flow.",
+ "operationId": "performOAuth2DeviceVerificationFlow",
+ "responses": {
+ "302": {
+ "$ref": "#/components/responses/emptyResponse"
+ },
+ "default": {
+ "content": {
+ "application/json": {
+ "schema": {
+ "$ref": "#/components/schemas/errorOAuth2"
+ }
+ }
+ },
+ "description": "errorOAuth2"
+ }
+ },
+ "summary": "OAuth 2.0 Device Verification Endpoint",
+ "tags": [
+ "oAuth2"
+ ]
+ }
+ },
"/oauth2/register": {
"post": {
"description": "This endpoint behaves like the administrative counterpart (`createOAuth2Client`) but is capable of facing the\npublic internet directly and can be used in self-service. It implements the OpenID Connect\nDynamic Client Registration Protocol. This feature needs to be enabled in the configuration. This endpoint\nis disabled by default. It can be enabled by an administrator.\n\nPlease note that using this endpoint you are not able to choose the `client_secret` nor the `client_id` as those\nvalues will be server generated when specifying `token_endpoint_auth_method` as `client_secret_basic` or\n`client_secret_post`.\n\nThe `client_secret` will be returned in the response and you will not be able to retrieve it later on.\nWrite the secret down and keep it somewhere safe.",
@@ -3713,7 +3968,7 @@
},
"/oauth2/token": {
"post": {
- "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries here https://oauth.net/code/\n\nThe Ory SDK is not yet able to this endpoint properly.",
+ "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries here https://oauth.net/code/\n\nThis endpoint should not be used via the Ory SDK and is only included for technical reasons.\nInstead, use one of the libraries linked above.",
"operationId": "oauth2TokenExchange",
"requestBody": {
"content": {
diff --git a/spec/config.json b/spec/config.json
index 9899db71df0..21a7d76f303 100644
--- a/spec/config.json
+++ b/spec/config.json
@@ -40,7 +40,7 @@
},
"mode": {
"type": "integer",
- "description": "Mode of unix socket in numeric form",
+ "description": "Mode of unix socket in numeric form, base 10.",
"default": 493,
"minimum": 0,
"maximum": 511
@@ -464,6 +464,11 @@
"description": "Sets the session cookie name. Use with care!",
"type": "object",
"properties": {
+ "device_csrf": {
+ "type": "string",
+ "title": "CSRF Cookie Name",
+ "default": "ory_hydra_device_csrf"
+ },
"login_csrf": {
"type": "string",
"title": "CSRF Cookie Name",
@@ -614,6 +619,14 @@
"https://my-service.com/oauth2/auth"
]
},
+ "device_authorization_url": {
+ "type": "string",
+ "description": "Overwrites the OAuth2 Device Auth URL",
+ "format": "uri-reference",
+ "examples": [
+ "https://my-service.com/oauth2/device/auth"
+ ]
+ },
"client_registration_url": {
"description": "Sets the OpenID Connect Dynamic Client Registration Endpoint",
"type": "string",
@@ -803,6 +816,23 @@
"/ui/logout"
]
},
+ "device_verification": {
+ "type": "string",
+ "description": "Sets the device verification URL. Defaults to an internal fallback URL showing an error.",
+ "format": "uri-reference",
+ "examples": [
+ "https://my-app/device",
+ "/ui/device"
+ ]
+ },
+ "post_device_done": {
+ "type": "string",
+ "description": "When a user completes an authentication flow initiated by a device, they will be redirected to this url afterwards.",
+ "format": "uri-reference",
+ "examples": [
+ "https://my-app/device/post"
+ ]
+ },
"error": {
"type": "string",
"description": "Sets the error endpoint. The error ui will be shown when an OAuth2 error occurs that which can not be sent back to the client. Defaults to an internal fallback URL showing an error.",
@@ -947,6 +977,15 @@
"$ref": "#/definitions/duration"
}
]
+ },
+ "device_user_code": {
+ "description": "Configures how long device & user codes are valid.",
+ "default": "10m",
+ "allOf": [
+ {
+ "$ref": "#/definitions/duration"
+ }
+ ]
}
}
},
@@ -1068,6 +1107,21 @@
"type": "object",
"additionalProperties": false,
"properties": {
+ "refresh_token": {
+ "type": "object",
+ "properties": {
+ "grace_period": {
+ "title": "Refresh Token Rotation Grace Period",
+ "description": "Configures how long a Refresh Token remains valid after it has been used. The maximum value is one hour.",
+ "default": "0s",
+ "allOf": [
+ {
+ "$ref": "#/definitions/duration"
+ }
+ ]
+ }
+ }
+ },
"jwt": {
"type": "object",
"additionalProperties": false,
@@ -1109,6 +1163,22 @@
}
]
},
+ "device_authorization": {
+ "type": "object",
+ "additionalProperties": false,
+ "properties": {
+ "token_polling_interval": {
+ "allOf": [
+ {
+ "$ref": "#/definitions/duration"
+ }
+ ],
+ "default": "5s",
+ "description": "configure how often a non-interactive device should poll the device token endpoint",
+ "examples": ["5s", "15s", "1m"]
+ }
+ }
+ },
"token_hook": {
"description": "Sets the token hook endpoint for all grant types. If set it will be called while providing token to customize claims.",
"examples": ["https://my-example.app/token-hook"],
@@ -1122,8 +1192,8 @@
}
]
}
- }
- },
+ }
+ },
"secrets": {
"type": "object",
"additionalProperties": false,
diff --git a/spec/swagger.json b/spec/swagger.json
index a49801ddeb1..3eac3dd839f 100755
--- a/spec/swagger.json
+++ b/spec/swagger.json
@@ -20,7 +20,7 @@
"paths": {
"/.well-known/jwks.json": {
"get": {
- "description": "This endpoint returns JSON Web Keys required to verifying OpenID Connect ID Tokens and,\nif enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like\n[node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.",
+ "description": "This endpoint returns JSON Web Keys required to verifying OpenID Connect ID Tokens and,\nif enabled, OAuth 2.0 JWT Access Tokens. This endpoint can be used with client libraries like\n[node-jwks-rsa](https://github.com/auth0/node-jwks-rsa) among others.\n\nAdding custom keys requires first creating a keyset via the createJsonWebKeySet operation,\nand then configuring the webfinger.jwks.broadcast_keys configuration value to include the keyset name.",
"consumes": [
"application/json"
],
@@ -891,6 +891,55 @@
}
}
},
+ "/admin/oauth2/auth/requests/device/accept": {
+ "put": {
+ "description": "Accepts a device grant user_code request",
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "schemes": [
+ "http",
+ "https"
+ ],
+ "tags": [
+ "oAuth2"
+ ],
+ "summary": "Accepts a device grant user_code request",
+ "operationId": "acceptUserCodeRequest",
+ "parameters": [
+ {
+ "type": "string",
+ "name": "device_challenge",
+ "in": "query",
+ "required": true
+ },
+ {
+ "name": "Body",
+ "in": "body",
+ "schema": {
+ "$ref": "#/definitions/acceptDeviceUserCodeRequest"
+ }
+ }
+ ],
+ "responses": {
+ "200": {
+ "description": "oAuth2RedirectTo",
+ "schema": {
+ "$ref": "#/definitions/oAuth2RedirectTo"
+ }
+ },
+ "default": {
+ "description": "errorOAuth2",
+ "schema": {
+ "$ref": "#/definitions/errorOAuth2"
+ }
+ }
+ }
+ }
+ },
"/admin/oauth2/auth/requests/login": {
"get": {
"description": "When an authorization code, hybrid, or implicit OAuth 2.0 Flow is initiated, Ory asks the login provider\nto authenticate the subject and then tell the Ory OAuth2 Service about it.\n\nPer default, the login provider is Ory itself. You may use a different login provider which needs to be a web-app\nyou write and host, and it must be able to authenticate (\"show the subject a login screen\")\na subject (in OAuth2 the proper name for subject is \"resource owner\").\n\nThe authentication challenge is appended to the login provider URL to which the subject's user-agent (browser) is redirected to. The login\nprovider uses that challenge to fetch information on the OAuth2 request and then accept or reject the requested authentication process.",
@@ -1305,7 +1354,7 @@
},
{
"type": "string",
- "description": "OAuth 2.0 Subject\n\nThe subject to revoke authentication sessions for.",
+ "description": "Login Session ID\n\nThe login session to revoke.",
"name": "sid",
"in": "query"
}
@@ -1687,7 +1736,7 @@
},
"/oauth2/auth": {
"get": {
- "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries at https://oauth.net/code/\n\nThe Ory SDK is not yet able to this endpoint properly.",
+ "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries at https://oauth.net/code/\n\nThis endpoint should not be used via the Ory SDK and is only included for technical reasons.\nInstead, use one of the libraries linked above.",
"consumes": [
"application/x-www-form-urlencoded"
],
@@ -1713,6 +1762,65 @@
}
}
},
+ "/oauth2/device/auth": {
+ "post": {
+ "description": "This endpoint is not documented here because you should never use your own implementation to perform OAuth2 flows.\nOAuth2 is a very popular protocol and a library for your programming language will exists.\n\nTo learn more about this flow please refer to the specification: https://tools.ietf.org/html/rfc8628",
+ "consumes": [
+ "application/x-www-form-urlencoded"
+ ],
+ "schemes": [
+ "http",
+ "https"
+ ],
+ "tags": [
+ "oAuth2"
+ ],
+ "summary": "The OAuth 2.0 Device Authorize Endpoint",
+ "operationId": "oAuth2DeviceFlow",
+ "responses": {
+ "200": {
+ "description": "deviceAuthorization",
+ "schema": {
+ "$ref": "#/definitions/deviceAuthorization"
+ }
+ },
+ "default": {
+ "description": "errorOAuth2",
+ "schema": {
+ "$ref": "#/definitions/errorOAuth2"
+ }
+ }
+ }
+ }
+ },
+ "/oauth2/device/verify": {
+ "get": {
+ "description": "This is the device user verification endpoint. The user is redirected her when trying to login using the device flow.",
+ "consumes": [
+ "application/x-www-form-urlencoded"
+ ],
+ "schemes": [
+ "http",
+ "https"
+ ],
+ "tags": [
+ "oAuth2"
+ ],
+ "summary": "OAuth 2.0 Device Verification Endpoint",
+ "operationId": "performOAuth2DeviceVerificationFlow",
+ "responses": {
+ "302": {
+ "$ref": "#/responses/emptyResponse"
+ },
+ "default": {
+ "description": "errorOAuth2",
+ "schema": {
+ "$ref": "#/definitions/errorOAuth2"
+ }
+ }
+ }
+ }
+ },
"/oauth2/register": {
"post": {
"description": "This endpoint behaves like the administrative counterpart (`createOAuth2Client`) but is capable of facing the\npublic internet directly and can be used in self-service. It implements the OpenID Connect\nDynamic Client Registration Protocol. This feature needs to be enabled in the configuration. This endpoint\nis disabled by default. It can be enabled by an administrator.\n\nPlease note that using this endpoint you are not able to choose the `client_secret` nor the `client_id` as those\nvalues will be server generated when specifying `token_endpoint_auth_method` as `client_secret_basic` or\n`client_secret_post`.\n\nThe `client_secret` will be returned in the response and you will not be able to retrieve it later on.\nWrite the secret down and keep it somewhere safe.",
@@ -1981,7 +2089,7 @@
"oauth2": []
}
],
- "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries here https://oauth.net/code/\n\nThe Ory SDK is not yet able to this endpoint properly.",
+ "description": "Use open source libraries to perform OAuth 2.0 and OpenID Connect\navailable for any programming language. You can find a list of libraries here https://oauth.net/code/\n\nThis endpoint should not be used via the Ory SDK and is only included for technical reasons.\nInstead, use one of the libraries linked above.",
"consumes": [
"application/x-www-form-urlencoded"
],
@@ -2119,6 +2227,35 @@
}
},
"DefaultError": {},
+ "DeviceUserAuthRequest": {
+ "type": "object",
+ "title": "Contains information on an ongoing device grant request.",
+ "required": [
+ "challenge"
+ ],
+ "properties": {
+ "challenge": {
+ "description": "ID is the identifier (\"device challenge\") of the device grant request. It is used to\nidentify the session.",
+ "type": "string"
+ },
+ "client": {
+ "$ref": "#/definitions/oAuth2Client"
+ },
+ "handled_at": {
+ "$ref": "#/definitions/nullTime"
+ },
+ "request_url": {
+ "description": "RequestURL is the original Device Authorization URL requested.",
+ "type": "string"
+ },
+ "requested_access_token_audience": {
+ "$ref": "#/definitions/StringSliceJSONFormat"
+ },
+ "requested_scope": {
+ "$ref": "#/definitions/StringSliceJSONFormat"
+ }
+ }
+ },
"JSONRawMessage": {
"type": "object",
"title": "JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger."
@@ -2169,10 +2306,22 @@
}
}
},
+ "acceptDeviceUserCodeRequest": {
+ "description": "Contains information on an device verification",
+ "type": "object",
+ "properties": {
+ "user_code": {
+ "type": "string"
+ }
+ }
+ },
"acceptOAuth2ConsentRequest": {
"type": "object",
"title": "The request payload used to accept a consent request.",
"properties": {
+ "context": {
+ "$ref": "#/definitions/JSONRawMessage"
+ },
"grant_access_token_audience": {
"$ref": "#/definitions/StringSliceJSONFormat"
},
@@ -2311,6 +2460,45 @@
}
}
},
+ "deviceAuthorization": {
+ "description": "# Ory's OAuth 2.0 Device Authorization API",
+ "type": "object",
+ "title": "OAuth2 Device Flow",
+ "properties": {
+ "device_code": {
+ "description": "The device verification code.",
+ "type": "string",
+ "example": "ory_dc_smldfksmdfkl.mslkmlkmlk"
+ },
+ "expires_in": {
+ "description": "The lifetime in seconds of the \"device_code\" and \"user_code\".",
+ "type": "integer",
+ "format": "int64",
+ "example": 16830
+ },
+ "interval": {
+ "description": "The minimum amount of time in seconds that the client\nSHOULD wait between polling requests to the token endpoint. If no\nvalue is provided, clients MUST use 5 as the default.",
+ "type": "integer",
+ "format": "int64",
+ "example": 5
+ },
+ "user_code": {
+ "description": "The end-user verification code.",
+ "type": "string",
+ "example": "AAAAAA"
+ },
+ "verification_uri": {
+ "description": "The end-user verification URI on the authorization\nserver. The URI should be short and easy to remember as end users\nwill be asked to manually type it into their user agent.",
+ "type": "string",
+ "example": "https://auth.ory.sh/tv"
+ },
+ "verification_uri_complete": {
+ "description": "A verification URI that includes the \"user_code\" (or\nother information with the same function as the \"user_code\"),\nwhich is designed for non-textual transmission.",
+ "type": "string",
+ "example": "https://auth.ory.sh/tv?user_code=AAAAAA"
+ }
+ }
+ },
"errorOAuth2": {
"description": "Error",
"type": "object",
@@ -2390,6 +2578,7 @@
},
"healthNotReadyStatus": {
"type": "object",
+ "title": "The not ready status of the service.",
"properties": {
"errors": {
"description": "Errors contains a list of errors that caused the not ready status.",
@@ -2402,6 +2591,7 @@
},
"healthStatus": {
"type": "object",
+ "title": "The health status of the service.",
"properties": {
"status": {
"description": "Status always contains \"ok\".",
@@ -2685,6 +2875,15 @@
"type": "string",
"format": "date-time"
},
+ "device_authorization_grant_access_token_lifespan": {
+ "$ref": "#/definitions/NullDuration"
+ },
+ "device_authorization_grant_id_token_lifespan": {
+ "$ref": "#/definitions/NullDuration"
+ },
+ "device_authorization_grant_refresh_token_lifespan": {
+ "$ref": "#/definitions/NullDuration"
+ },
"frontchannel_logout_session_required": {
"description": "OpenID Connect Front-Channel Logout Session Required\n\nBoolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be\nincluded to identify the RP session with the OP when the frontchannel_logout_uri is used.\nIf omitted, the default value is false.",
"type": "boolean"
@@ -2773,6 +2972,10 @@
"description": "SkipConsent skips the consent screen for this client. This field can only\nbe set from the admin API.",
"type": "boolean"
},
+ "skip_logout_consent": {
+ "description": "SkipLogoutConsent skips the logout consent screen for this client. This field can only\nbe set from the admin API.",
+ "type": "boolean"
+ },
"subject_type": {
"description": "OpenID Connect Subject Type\n\nThe `subject_types_supported` Discovery parameter contains a\nlist of the supported subject_type values for this server. Valid types include `pairwise` and `public`.",
"type": "string"
@@ -2818,6 +3021,15 @@
"client_credentials_grant_access_token_lifespan": {
"$ref": "#/definitions/NullDuration"
},
+ "device_authorization_grant_access_token_lifespan": {
+ "$ref": "#/definitions/NullDuration"
+ },
+ "device_authorization_grant_id_token_lifespan": {
+ "$ref": "#/definitions/NullDuration"
+ },
+ "device_authorization_grant_refresh_token_lifespan": {
+ "$ref": "#/definitions/NullDuration"
+ },
"implicit_grant_access_token_lifespan": {
"$ref": "#/definitions/NullDuration"
},
@@ -2862,6 +3074,10 @@
"context": {
"$ref": "#/definitions/JSONRawMessage"
},
+ "device_challenge_id": {
+ "description": "DeviceChallenge is the device challenge this consent challenge belongs to, if this flow was initiated by a device.",
+ "type": "string"
+ },
"login_challenge": {
"description": "LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate\na login and consent request in the login \u0026 consent app.",
"type": "string"
@@ -2934,6 +3150,9 @@
"consent_request": {
"$ref": "#/definitions/oAuth2ConsentRequest"
},
+ "context": {
+ "$ref": "#/definitions/JSONRawMessage"
+ },
"grant_access_token_audience": {
"$ref": "#/definitions/StringSliceJSONFormat"
},
@@ -3090,6 +3309,7 @@
"required": [
"issuer",
"authorization_endpoint",
+ "device_authorization_endpoint",
"token_endpoint",
"jwks_uri",
"subject_types_supported",
@@ -3141,6 +3361,11 @@
"$ref": "#/definitions/credentialSupportedDraft00"
}
},
+ "device_authorization_endpoint": {
+ "description": "OAuth 2.0 Device Authorization Endpoint URL",
+ "type": "string",
+ "example": "https://playground.ory.sh/ory-hydra/public/oauth2/device/oauth"
+ },
"end_session_endpoint": {
"description": "OpenID Connect End-Session Endpoint\n\nURL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.",
"type": "string"
@@ -3646,6 +3871,35 @@
}
}
},
+ "verifyUserCodeRequest": {
+ "type": "object",
+ "title": "HandledDeviceUserAuthRequest is the request payload used to accept a device user_code.",
+ "properties": {
+ "challenge": {
+ "description": "ID is the identifier (\"device challenge\") of the device request. It is used to\nidentify the session.",
+ "type": "string"
+ },
+ "client": {
+ "$ref": "#/definitions/oAuth2Client"
+ },
+ "device_code_request_id": {
+ "type": "string"
+ },
+ "handled_at": {
+ "$ref": "#/definitions/nullTime"
+ },
+ "request_url": {
+ "description": "RequestURL is the original Device Authorization URL requested.",
+ "type": "string"
+ },
+ "requested_access_token_audience": {
+ "$ref": "#/definitions/StringSliceJSONFormat"
+ },
+ "requested_scope": {
+ "$ref": "#/definitions/StringSliceJSONFormat"
+ }
+ }
+ },
"version": {
"type": "object",
"properties": {
@@ -3658,7 +3912,7 @@
,"UUID":{"type": "string", "format": "uuid4"}},
"responses": {
"emptyResponse": {
- "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is\ntypically 201."
+ "description": "Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is\ntypically 204."
},
"errorOAuth2BadRequest": {
"description": "Bad Request Error Response",
diff --git a/test/conformance/hydra/Dockerfile b/test/conformance/hydra/Dockerfile
index 9e53cc31174..71449925947 100644
--- a/test/conformance/hydra/Dockerfile
+++ b/test/conformance/hydra/Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.21 AS builder
+FROM golang:1.22 AS builder
RUN apt-get update && \
apt-get install --no-install-recommends -y \
@@ -18,7 +18,7 @@ RUN go mod download
COPY . .
-RUN go build -tags sqlite,json1 -o /usr/bin/hydra
+RUN go build -tags sqlite -o /usr/bin/hydra
VOLUME /var/lib/sqlite
diff --git a/test/conformance/purge.sh b/test/conformance/purge.sh
index caf4491106f..da436588b1d 100755
--- a/test/conformance/purge.sh
+++ b/test/conformance/purge.sh
@@ -3,4 +3,4 @@
set -euxo pipefail
cd "$( dirname "${BASH_SOURCE[0]}" )/../.."
-docker-compose -f quickstart.yml -f quickstart-postgres.yml -f test/conformance/docker-compose.yml down -v
+docker compose -f quickstart.yml -f quickstart-postgres.yml -f test/conformance/docker-compose.yml down -v
diff --git a/test/conformance/run_test.go b/test/conformance/run_test.go
index b9f17a62ac3..abab78dbbc2 100644
--- a/test/conformance/run_test.go
+++ b/test/conformance/run_test.go
@@ -219,7 +219,7 @@ func createPlan(t *testing.T, extra url.Values, isParallel bool) {
t.Skipf("Test module 'oidcc-server-rotate-keys' can not run in parallel tests and was skipped...")
return
} else if module != "oidcc-server-rotate-keys" && !isParallel {
- t.Skipf("Without paralleism only test module 'oidcc-server-rotate-keys' will be executed.")
+ t.Skipf("Without parallelism only test module 'oidcc-server-rotate-keys' will be executed.")
return
}
@@ -272,7 +272,7 @@ func createPlan(t *testing.T, extra url.Values, isParallel bool) {
bo := conf.NextBackOff()
require.NotEqual(t, backoff.Stop, bo, "%+v", err)
- _, _, err = hydra.JwkApi.CreateJsonWebKeySet(context.Background(), "hydra.openid.id-token").CreateJsonWebKeySet(hydrac.CreateJsonWebKeySet{
+ _, _, err = hydra.JwkAPI.CreateJsonWebKeySet(context.Background(), "hydra.openid.id-token").CreateJsonWebKeySet(hydrac.CreateJsonWebKeySet{
Alg: "RS256",
}).Execute()
if err == nil {
diff --git a/test/conformance/start.sh b/test/conformance/start.sh
index 65080fe2c02..09957271f64 100755
--- a/test/conformance/start.sh
+++ b/test/conformance/start.sh
@@ -4,4 +4,4 @@ set -euxo pipefail
cd "$( dirname "${BASH_SOURCE[0]}" )/../.."
# shellcheck disable=SC2086
-docker-compose -f quickstart.yml -f quickstart-postgres.yml -f test/conformance/docker-compose.yml up ${1:-} -d --force-recreate --build
+docker compose -f quickstart.yml -f quickstart-postgres.yml -f test/conformance/docker-compose.yml up ${1:-} -d --force-recreate --build
diff --git a/test/e2e/circle-ci.bash b/test/e2e/circle-ci.bash
index f90ffd15251..1f93dee3b25 100755
--- a/test/e2e/circle-ci.bash
+++ b/test/e2e/circle-ci.bash
@@ -26,7 +26,7 @@ if [[ ! -d "../../node_modules/" ]]; then
(cd ../..; npm ci)
fi
-(cd ../../; go build -tags sqlite,json1 -o test/e2e/hydra . )
+(cd ../../; go build -tags sqlite -o test/e2e/hydra . )
# Install oauth2-client
if [[ ! -d "./oauth2-client/node_modules/" ]]; then
diff --git a/test/e2e/docker-compose.cockroach.yml b/test/e2e/docker-compose.cockroach.yml
index 08fd1cd8c2c..780e8ffdf2a 100644
--- a/test/e2e/docker-compose.cockroach.yml
+++ b/test/e2e/docker-compose.cockroach.yml
@@ -15,7 +15,7 @@ services:
- DSN=cockroach://root@cockroachd:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4
cockroachd:
- image: cockroachdb/cockroach:v22.1.10
+ image: cockroachdb/cockroach:latest-v24.1
ports:
- "26257:26257"
command: start-single-node --insecure
diff --git a/test/e2e/docker-compose.mysql.yml b/test/e2e/docker-compose.mysql.yml
index 703e8f3cfef..5750d3ec81e 100644
--- a/test/e2e/docker-compose.mysql.yml
+++ b/test/e2e/docker-compose.mysql.yml
@@ -15,8 +15,7 @@ services:
- DSN=mysql://root:secret@tcp(mysqld:3306)/mysql?max_conns=20&max_idle_conns=4
mysqld:
- image: mysql:8.0.26
- platform: linux/amd64
+ image: mysql:8.0
ports:
- "3306:3306"
environment:
diff --git a/test/e2e/oauth2-client/package-lock.json b/test/e2e/oauth2-client/package-lock.json
index eb8abe0ac4a..33091833146 100644
--- a/test/e2e/oauth2-client/package-lock.json
+++ b/test/e2e/oauth2-client/package-lock.json
@@ -10,7 +10,7 @@
"dependencies": {
"body-parser": "^1.20.1",
"dotenv": "^7.0.0",
- "express": "^4.18.2",
+ "express": "^4.21.0",
"express-session": "^1.17.0",
"express-winston": "^3.4.0",
"hydra-login-consent-logout": "2.0.4-pre.2",
@@ -409,20 +409,20 @@
}
},
"node_modules/body-parser": {
- "version": "1.20.1",
- "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
- "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+ "version": "1.20.3",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz",
+ "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==",
"dependencies": {
"bytes": "3.1.2",
- "content-type": "~1.0.4",
+ "content-type": "~1.0.5",
"debug": "2.6.9",
"depd": "2.0.0",
"destroy": "1.2.0",
"http-errors": "2.0.0",
"iconv-lite": "0.4.24",
"on-finished": "2.4.1",
- "qs": "6.11.0",
- "raw-body": "2.5.1",
+ "qs": "6.13.0",
+ "raw-body": "2.5.2",
"type-is": "~1.6.18",
"unpipe": "1.0.0"
},
@@ -476,12 +476,12 @@
}
},
"node_modules/braces": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
- "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+ "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"dependencies": {
- "fill-range": "^7.0.1"
+ "fill-range": "^7.1.1"
},
"engines": {
"node": ">=8"
@@ -540,12 +540,18 @@
}
},
"node_modules/call-bind": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz",
- "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==",
+ "version": "1.0.7",
+ "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
+ "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
"dependencies": {
- "function-bind": "^1.1.1",
- "get-intrinsic": "^1.0.2"
+ "es-define-property": "^1.0.0",
+ "es-errors": "^1.3.0",
+ "function-bind": "^1.1.2",
+ "get-intrinsic": "^1.2.4",
+ "set-function-length": "^1.2.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -757,9 +763,9 @@
]
},
"node_modules/content-type": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
- "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==",
+ "version": "1.0.5",
+ "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+ "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
"engines": {
"node": ">= 0.6"
}
@@ -919,6 +925,22 @@
"node": ">=4"
}
},
+ "node_modules/define-data-property": {
+ "version": "1.1.4",
+ "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
+ "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
+ "dependencies": {
+ "es-define-property": "^1.0.0",
+ "es-errors": "^1.3.0",
+ "gopd": "^1.0.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
"node_modules/depd": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
@@ -986,9 +1008,9 @@
}
},
"node_modules/encodeurl": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
- "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+ "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==",
"engines": {
"node": ">= 0.8"
}
@@ -998,6 +1020,25 @@
"resolved": "https://registry.npmjs.org/env-variable/-/env-variable-0.0.5.tgz",
"integrity": "sha512-zoB603vQReOFvTg5xMl9I1P2PnHsHQQKTEowsKKD7nseUfJq6UWzK+4YtlWUO1nhiQUxe6XMkk+JleSZD1NZFA=="
},
+ "node_modules/es-define-property": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz",
+ "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==",
+ "dependencies": {
+ "get-intrinsic": "^1.2.4"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
+ "node_modules/es-errors": {
+ "version": "1.3.0",
+ "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+ "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==",
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
"node_modules/es6-promise": {
"version": "4.2.8",
"resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz",
@@ -1033,36 +1074,36 @@
}
},
"node_modules/express": {
- "version": "4.18.2",
- "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz",
- "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==",
+ "version": "4.21.0",
+ "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz",
+ "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==",
"dependencies": {
"accepts": "~1.3.8",
"array-flatten": "1.1.1",
- "body-parser": "1.20.1",
+ "body-parser": "1.20.3",
"content-disposition": "0.5.4",
"content-type": "~1.0.4",
- "cookie": "0.5.0",
+ "cookie": "0.6.0",
"cookie-signature": "1.0.6",
"debug": "2.6.9",
"depd": "2.0.0",
- "encodeurl": "~1.0.2",
+ "encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"etag": "~1.8.1",
- "finalhandler": "1.2.0",
+ "finalhandler": "1.3.1",
"fresh": "0.5.2",
"http-errors": "2.0.0",
- "merge-descriptors": "1.0.1",
+ "merge-descriptors": "1.0.3",
"methods": "~1.1.2",
"on-finished": "2.4.1",
"parseurl": "~1.3.3",
- "path-to-regexp": "0.1.7",
+ "path-to-regexp": "0.1.10",
"proxy-addr": "~2.0.7",
- "qs": "6.11.0",
+ "qs": "6.13.0",
"range-parser": "~1.2.1",
"safe-buffer": "5.2.1",
- "send": "0.18.0",
- "serve-static": "1.15.0",
+ "send": "0.19.0",
+ "serve-static": "1.16.2",
"setprototypeof": "1.2.0",
"statuses": "2.0.1",
"type-is": "~1.6.18",
@@ -1120,9 +1161,9 @@
}
},
"node_modules/express/node_modules/cookie": {
- "version": "0.5.0",
- "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz",
- "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw==",
+ "version": "0.6.0",
+ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
+ "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw==",
"engines": {
"node": ">= 0.6"
}
@@ -1189,9 +1230,9 @@
"integrity": "sha512-lUGBnIamTAwk4znq5BcqsDaxSmZ9nDVJaij6NvRt/Tg4R69gERA+otPKbS86ROw9nxVMw2/mp1fnaiWqbs6Sdg=="
},
"node_modules/fill-range": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
- "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+ "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"dependencies": {
"to-regex-range": "^5.0.1"
@@ -1201,12 +1242,12 @@
}
},
"node_modules/finalhandler": {
- "version": "1.2.0",
- "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
- "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==",
+ "version": "1.3.1",
+ "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz",
+ "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==",
"dependencies": {
"debug": "2.6.9",
- "encodeurl": "~1.0.2",
+ "encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"on-finished": "2.4.1",
"parseurl": "~1.3.3",
@@ -1237,9 +1278,9 @@
}
},
"node_modules/follow-redirects": {
- "version": "1.15.2",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
- "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+ "version": "1.15.6",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+ "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA==",
"funding": [
{
"type": "individual",
@@ -1317,18 +1358,26 @@
}
},
"node_modules/function-bind": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
- "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+ "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
},
"node_modules/get-intrinsic": {
- "version": "1.1.3",
- "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz",
- "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==",
+ "version": "1.2.4",
+ "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz",
+ "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==",
"dependencies": {
- "function-bind": "^1.1.1",
- "has": "^1.0.3",
- "has-symbols": "^1.0.3"
+ "es-errors": "^1.3.0",
+ "function-bind": "^1.1.2",
+ "has-proto": "^1.0.1",
+ "has-symbols": "^1.0.3",
+ "hasown": "^2.0.0"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -1354,6 +1403,17 @@
"node": ">= 6"
}
},
+ "node_modules/gopd": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz",
+ "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==",
+ "dependencies": {
+ "get-intrinsic": "^1.1.3"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
"node_modules/has": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
@@ -1373,6 +1433,28 @@
"node": ">=4"
}
},
+ "node_modules/has-property-descriptors": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
+ "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
+ "dependencies": {
+ "es-define-property": "^1.0.0"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
+ "node_modules/has-proto": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz",
+ "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q==",
+ "engines": {
+ "node": ">= 0.4"
+ },
+ "funding": {
+ "url": "https://github.com/sponsors/ljharb"
+ }
+ },
"node_modules/has-symbol-support-x": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz",
@@ -1403,6 +1485,17 @@
"node": "*"
}
},
+ "node_modules/hasown": {
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+ "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+ "dependencies": {
+ "function-bind": "^1.1.2"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
"node_modules/hoek": {
"version": "6.1.3",
"resolved": "https://registry.npmjs.org/hoek/-/hoek-6.1.3.tgz",
@@ -1699,9 +1792,9 @@
}
},
"node_modules/jose": {
- "version": "2.0.5",
- "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.5.tgz",
- "integrity": "sha512-BAiDNeDKTMgk4tvD0BbxJ8xHEHBZgpeRZ1zGPPsitSyMgjoMWiLGYAE7H7NpP5h0lPppQajQs871E8NHUrzVPA==",
+ "version": "2.0.7",
+ "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.7.tgz",
+ "integrity": "sha512-5hFWIigKqC+e/lRyQhfnirrAqUdIPMB7SJRqflJaO29dW7q5DFvH1XCSTmv6PQ6pb++0k6MJlLRoS0Wv4s38Wg==",
"dependencies": {
"@panva/asn1.js": "^1.0.0"
},
@@ -1952,9 +2045,12 @@
}
},
"node_modules/merge-descriptors": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
- "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+ "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==",
+ "funding": {
+ "url": "https://github.com/sponsors/sindresorhus"
+ }
},
"node_modules/methods": {
"version": "1.1.2",
@@ -2228,9 +2324,12 @@
}
},
"node_modules/object-inspect": {
- "version": "1.12.2",
- "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
- "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ==",
+ "version": "1.13.2",
+ "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz",
+ "integrity": "sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g==",
+ "engines": {
+ "node": ">= 0.4"
+ },
"funding": {
"url": "https://github.com/sponsors/ljharb"
}
@@ -2429,9 +2528,9 @@
"integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw=="
},
"node_modules/path-to-regexp": {
- "version": "0.1.7",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
- "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
+ "version": "0.1.10",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz",
+ "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w=="
},
"node_modules/picomatch": {
"version": "2.3.1",
@@ -2612,11 +2711,11 @@
"integrity": "sha512-GMu3M5nUL3fju4/egXwZO0XLi6fW/K3T3VTgFQ14GxNi8btlxgT5qZL//JwZFm/2Fa64J/PNS8AZeys3wiMkVA=="
},
"node_modules/qs": {
- "version": "6.11.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
- "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
+ "version": "6.13.0",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
+ "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
"dependencies": {
- "side-channel": "^1.0.4"
+ "side-channel": "^1.0.6"
},
"engines": {
"node": ">=0.6"
@@ -2664,9 +2763,9 @@
}
},
"node_modules/raw-body": {
- "version": "2.5.1",
- "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
- "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+ "version": "2.5.2",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
+ "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
"dependencies": {
"bytes": "3.1.2",
"http-errors": "2.0.0",
@@ -2774,9 +2873,9 @@
}
},
"node_modules/send": {
- "version": "0.18.0",
- "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz",
- "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==",
+ "version": "0.19.0",
+ "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz",
+ "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==",
"dependencies": {
"debug": "2.6.9",
"depd": "2.0.0",
@@ -2804,6 +2903,14 @@
"node": ">= 0.8"
}
},
+ "node_modules/send/node_modules/encodeurl": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+ "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w==",
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
"node_modules/send/node_modules/ms": {
"version": "2.1.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
@@ -2854,19 +2961,35 @@
"integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg=="
},
"node_modules/serve-static": {
- "version": "1.15.0",
- "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz",
- "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==",
+ "version": "1.16.2",
+ "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz",
+ "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==",
"dependencies": {
- "encodeurl": "~1.0.2",
+ "encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"parseurl": "~1.3.3",
- "send": "0.18.0"
+ "send": "0.19.0"
},
"engines": {
"node": ">= 0.8.0"
}
},
+ "node_modules/set-function-length": {
+ "version": "1.2.2",
+ "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
+ "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==",
+ "dependencies": {
+ "define-data-property": "^1.1.4",
+ "es-errors": "^1.3.0",
+ "function-bind": "^1.1.2",
+ "get-intrinsic": "^1.2.4",
+ "gopd": "^1.0.1",
+ "has-property-descriptors": "^1.0.2"
+ },
+ "engines": {
+ "node": ">= 0.4"
+ }
+ },
"node_modules/setprototypeof": {
"version": "1.1.1",
"resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz",
@@ -2894,13 +3017,17 @@
}
},
"node_modules/side-channel": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
- "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==",
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz",
+ "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==",
"dependencies": {
- "call-bind": "^1.0.0",
- "get-intrinsic": "^1.0.2",
- "object-inspect": "^1.9.0"
+ "call-bind": "^1.0.7",
+ "es-errors": "^1.3.0",
+ "get-intrinsic": "^1.2.4",
+ "object-inspect": "^1.13.1"
+ },
+ "engines": {
+ "node": ">= 0.4"
},
"funding": {
"url": "https://github.com/sponsors/ljharb"
@@ -3688,20 +3815,20 @@
"dev": true
},
"body-parser": {
- "version": "1.20.1",
- "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
- "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+ "version": "1.20.3",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.3.tgz",
+ "integrity": "sha512-7rAxByjUMqQ3/bHJy7D6OGXvx/MMc4IqBn/X0fcM1QUcAItpZrBEYhWGem+tzXH90c+G01ypMcYJBO9Y30203g==",
"requires": {
"bytes": "3.1.2",
- "content-type": "~1.0.4",
+ "content-type": "~1.0.5",
"debug": "2.6.9",
"depd": "2.0.0",
"destroy": "1.2.0",
"http-errors": "2.0.0",
"iconv-lite": "0.4.24",
"on-finished": "2.4.1",
- "qs": "6.11.0",
- "raw-body": "2.5.1",
+ "qs": "6.13.0",
+ "raw-body": "2.5.2",
"type-is": "~1.6.18",
"unpipe": "1.0.0"
},
@@ -3745,12 +3872,12 @@
}
},
"braces": {
- "version": "3.0.2",
- "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
- "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+ "version": "3.0.3",
+ "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
+ "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
"dev": true,
"requires": {
- "fill-range": "^7.0.1"
+ "fill-range": "^7.1.1"
}
},
"browserify-zlib": {
@@ -3802,12 +3929,15 @@
}
},
"call-bind": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.2.tgz",
- "integrity": "sha512-7O+FbCihrB5WGbFYesctwmTKae6rOiIzmz1icreWJ+0aA7LJfuqhEso2T9ncpcFtzMQtzXf2QGGueWJGTYsqrA==",
+ "version": "1.0.7",
+ "resolved": "https://registry.npmjs.org/call-bind/-/call-bind-1.0.7.tgz",
+ "integrity": "sha512-GHTSNSYICQ7scH7sZ+M2rFopRoLh8t2bLSW6BbgrtLsahOIB5iyAVJf9GjWK3cYTDaMj4XdBpM1cA6pIS0Kv2w==",
"requires": {
- "function-bind": "^1.1.1",
- "get-intrinsic": "^1.0.2"
+ "es-define-property": "^1.0.0",
+ "es-errors": "^1.3.0",
+ "function-bind": "^1.1.2",
+ "get-intrinsic": "^1.2.4",
+ "set-function-length": "^1.2.1"
}
},
"center-align": {
@@ -3974,9 +4104,9 @@
}
},
"content-type": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
- "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+ "version": "1.0.5",
+ "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+ "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA=="
},
"cookie": {
"version": "0.4.0",
@@ -4095,6 +4225,16 @@
"mimic-response": "^1.0.0"
}
},
+ "define-data-property": {
+ "version": "1.1.4",
+ "resolved": "https://registry.npmjs.org/define-data-property/-/define-data-property-1.1.4.tgz",
+ "integrity": "sha512-rBMvIzlpA8v6E+SJZoo++HAYqsLrkg7MSfIinMPFhmkorw7X+dOXVJQs+QT69zGkzMyfDnIMN2Wid1+NbL3T+A==",
+ "requires": {
+ "es-define-property": "^1.0.0",
+ "es-errors": "^1.3.0",
+ "gopd": "^1.0.1"
+ }
+ },
"depd": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
@@ -4152,15 +4292,28 @@
}
},
"encodeurl": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
- "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="
+ "version": "2.0.0",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz",
+ "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg=="
},
"env-variable": {
"version": "0.0.5",
"resolved": "https://registry.npmjs.org/env-variable/-/env-variable-0.0.5.tgz",
"integrity": "sha512-zoB603vQReOFvTg5xMl9I1P2PnHsHQQKTEowsKKD7nseUfJq6UWzK+4YtlWUO1nhiQUxe6XMkk+JleSZD1NZFA=="
},
+ "es-define-property": {
+ "version": "1.0.0",
+ "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.0.tgz",
+ "integrity": "sha512-jxayLKShrEqqzJ0eumQbVhTYQM27CfT1T35+gCgDFoL82JLsXqTJ76zv6A0YLOgEnLUMvLzsDsGIrl8NFpT2gQ==",
+ "requires": {
+ "get-intrinsic": "^1.2.4"
+ }
+ },
+ "es-errors": {
+ "version": "1.3.0",
+ "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz",
+ "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw=="
+ },
"es6-promise": {
"version": "4.2.8",
"resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.8.tgz",
@@ -4187,36 +4340,36 @@
"integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
},
"express": {
- "version": "4.18.2",
- "resolved": "https://registry.npmjs.org/express/-/express-4.18.2.tgz",
- "integrity": "sha512-5/PsL6iGPdfQ/lKM1UuielYgv3BUoJfz1aUwU9vHZ+J7gyvwdQXFEBIEIaxeGf0GIcreATNyBExtalisDbuMqQ==",
+ "version": "4.21.0",
+ "resolved": "https://registry.npmjs.org/express/-/express-4.21.0.tgz",
+ "integrity": "sha512-VqcNGcj/Id5ZT1LZ/cfihi3ttTn+NJmkli2eZADigjq29qTlWi/hAQ43t/VLPq8+UX06FCEx3ByOYet6ZFblng==",
"requires": {
"accepts": "~1.3.8",
"array-flatten": "1.1.1",
- "body-parser": "1.20.1",
+ "body-parser": "1.20.3",
"content-disposition": "0.5.4",
"content-type": "~1.0.4",
- "cookie": "0.5.0",
+ "cookie": "0.6.0",
"cookie-signature": "1.0.6",
"debug": "2.6.9",
"depd": "2.0.0",
- "encodeurl": "~1.0.2",
+ "encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"etag": "~1.8.1",
- "finalhandler": "1.2.0",
+ "finalhandler": "1.3.1",
"fresh": "0.5.2",
"http-errors": "2.0.0",
- "merge-descriptors": "1.0.1",
+ "merge-descriptors": "1.0.3",
"methods": "~1.1.2",
"on-finished": "2.4.1",
"parseurl": "~1.3.3",
- "path-to-regexp": "0.1.7",
+ "path-to-regexp": "0.1.10",
"proxy-addr": "~2.0.7",
- "qs": "6.11.0",
+ "qs": "6.13.0",
"range-parser": "~1.2.1",
"safe-buffer": "5.2.1",
- "send": "0.18.0",
- "serve-static": "1.15.0",
+ "send": "0.19.0",
+ "serve-static": "1.16.2",
"setprototypeof": "1.2.0",
"statuses": "2.0.1",
"type-is": "~1.6.18",
@@ -4225,9 +4378,9 @@
},
"dependencies": {
"cookie": {
- "version": "0.5.0",
- "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.5.0.tgz",
- "integrity": "sha512-YZ3GUyn/o8gfKJlnlX7g7xq4gyO6OSuhGPKaaGssGB2qgDUS0gPgtTvoyZLTt9Ab6dC4hfc9dV5arkvc/OCmrw=="
+ "version": "0.6.0",
+ "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.6.0.tgz",
+ "integrity": "sha512-U71cyTamuh1CRNCfpGY6to28lxvNwPG4Guz/EVjgf3Jmzv0vlDp1atT9eS5dDjMYHucpHbWns6Lwf3BKz6svdw=="
},
"depd": {
"version": "2.0.0",
@@ -4306,21 +4459,21 @@
"integrity": "sha512-lUGBnIamTAwk4znq5BcqsDaxSmZ9nDVJaij6NvRt/Tg4R69gERA+otPKbS86ROw9nxVMw2/mp1fnaiWqbs6Sdg=="
},
"fill-range": {
- "version": "7.0.1",
- "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
- "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+ "version": "7.1.1",
+ "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
+ "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
"dev": true,
"requires": {
"to-regex-range": "^5.0.1"
}
},
"finalhandler": {
- "version": "1.2.0",
- "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.2.0.tgz",
- "integrity": "sha512-5uXcUVftlQMFnWC9qu/svkWv3GTd2PfUhK/3PLkYNAe7FbqJMt3515HaxE6eRL74GdsriiwujiawdaB1BpEISg==",
+ "version": "1.3.1",
+ "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.1.tgz",
+ "integrity": "sha512-6BN9trH7bp3qvnrRyzsBz+g3lZxTNZTbVO2EV1CS0WIcDbawYVdYvGflME/9QP0h0pYlCDBCTjYa9nZzMDpyxQ==",
"requires": {
"debug": "2.6.9",
- "encodeurl": "~1.0.2",
+ "encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"on-finished": "2.4.1",
"parseurl": "~1.3.3",
@@ -4344,9 +4497,9 @@
}
},
"follow-redirects": {
- "version": "1.15.2",
- "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
- "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
+ "version": "1.15.6",
+ "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.6.tgz",
+ "integrity": "sha512-wWN62YITEaOpSK584EZXJafH1AGpO8RVgElfkuXbTOrPX4fIfOyEpW/CsiNd8JdYrAoOvafRTOEnvsO++qCqFA=="
},
"forwarded": {
"version": "0.2.0",
@@ -4399,18 +4552,20 @@
"optional": true
},
"function-bind": {
- "version": "1.1.1",
- "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
- "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A=="
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
+ "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA=="
},
"get-intrinsic": {
- "version": "1.1.3",
- "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.1.3.tgz",
- "integrity": "sha512-QJVz1Tj7MS099PevUG5jvnt9tSkXN8K14dxQlikJuPt4uD9hHAHjLyLBiLR5zELelBdD9QNRAXZzsJx0WaDL9A==",
+ "version": "1.2.4",
+ "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.2.4.tgz",
+ "integrity": "sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==",
"requires": {
- "function-bind": "^1.1.1",
- "has": "^1.0.3",
- "has-symbols": "^1.0.3"
+ "es-errors": "^1.3.0",
+ "function-bind": "^1.1.2",
+ "has-proto": "^1.0.1",
+ "has-symbols": "^1.0.3",
+ "hasown": "^2.0.0"
}
},
"get-stream": {
@@ -4427,6 +4582,14 @@
"is-glob": "^4.0.1"
}
},
+ "gopd": {
+ "version": "1.0.1",
+ "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.0.1.tgz",
+ "integrity": "sha512-d65bNlIadxvpb/A2abVdlqKqV563juRnZ1Wtk6s1sIR8uNsXR70xqIzVqxVf1eTqDunwT2MkczEeaezCKTZhwA==",
+ "requires": {
+ "get-intrinsic": "^1.1.3"
+ }
+ },
"has": {
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
@@ -4440,6 +4603,19 @@
"resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
"integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0="
},
+ "has-property-descriptors": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/has-property-descriptors/-/has-property-descriptors-1.0.2.tgz",
+ "integrity": "sha512-55JNKuIW+vq4Ke1BjOTjM2YctQIvCT7GFzHwmfZPGo5wnrgkid0YQtnAleFSqumZm4az3n2BS+erby5ipJdgrg==",
+ "requires": {
+ "es-define-property": "^1.0.0"
+ }
+ },
+ "has-proto": {
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/has-proto/-/has-proto-1.0.3.tgz",
+ "integrity": "sha512-SJ1amZAJUiZS+PhsVLf5tGydlaVB8EdFpaSO4gmiUKUOxk8qzn5AIy4ZeJUmh22znIdk/uMAUT2pl3FxzVUH+Q=="
+ },
"has-symbol-support-x": {
"version": "1.4.2",
"resolved": "https://registry.npmjs.org/has-symbol-support-x/-/has-symbol-support-x-1.4.2.tgz",
@@ -4458,6 +4634,14 @@
"has-symbol-support-x": "^1.4.1"
}
},
+ "hasown": {
+ "version": "2.0.2",
+ "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
+ "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
+ "requires": {
+ "function-bind": "^1.1.2"
+ }
+ },
"hoek": {
"version": "6.1.3",
"resolved": "https://registry.npmjs.org/hoek/-/hoek-6.1.3.tgz",
@@ -4697,9 +4881,9 @@
}
},
"jose": {
- "version": "2.0.5",
- "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.5.tgz",
- "integrity": "sha512-BAiDNeDKTMgk4tvD0BbxJ8xHEHBZgpeRZ1zGPPsitSyMgjoMWiLGYAE7H7NpP5h0lPppQajQs871E8NHUrzVPA==",
+ "version": "2.0.7",
+ "resolved": "https://registry.npmjs.org/jose/-/jose-2.0.7.tgz",
+ "integrity": "sha512-5hFWIigKqC+e/lRyQhfnirrAqUdIPMB7SJRqflJaO29dW7q5DFvH1XCSTmv6PQ6pb++0k6MJlLRoS0Wv4s38Wg==",
"requires": {
"@panva/asn1.js": "^1.0.0"
}
@@ -4923,9 +5107,9 @@
"integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
},
"merge-descriptors": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
- "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
+ "version": "1.0.3",
+ "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz",
+ "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ=="
},
"methods": {
"version": "1.1.2",
@@ -5124,9 +5308,9 @@
"integrity": "sha512-OSuu/pU4ENM9kmREg0BdNrUDIl1heYa4mBZacJc+vVWz4GtAwu7jO8s4AIt2aGRUTqxykpWzI3Oqnsm13tTMDA=="
},
"object-inspect": {
- "version": "1.12.2",
- "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.12.2.tgz",
- "integrity": "sha512-z+cPxW0QGUp0mcqcsgQyLVRDoXFQbXOwBaqyF7VIgI4TWNQsDHrBpUQslRmIfAoYWdYzs6UlKJtB2XJpTaNSpQ=="
+ "version": "1.13.2",
+ "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.2.tgz",
+ "integrity": "sha512-IRZSRuzJiynemAXPYtPe5BoI/RESNYR7TYm50MC5Mqbd3Jmw5y790sErYw3V6SryFJD64b74qQQs9wn5Bg/k3g=="
},
"oidc-token-hash": {
"version": "3.0.2",
@@ -5279,9 +5463,9 @@
"integrity": "sha512-GSmOT2EbHrINBf9SR7CDELwlJ8AENk3Qn7OikK4nFYAu3Ote2+JYNVvkpAEQm3/TLNEJFD/xZJjzyxg3KBWOzw=="
},
"path-to-regexp": {
- "version": "0.1.7",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
- "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
+ "version": "0.1.10",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz",
+ "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w=="
},
"picomatch": {
"version": "2.3.1",
@@ -5447,11 +5631,11 @@
"integrity": "sha512-GMu3M5nUL3fju4/egXwZO0XLi6fW/K3T3VTgFQ14GxNi8btlxgT5qZL//JwZFm/2Fa64J/PNS8AZeys3wiMkVA=="
},
"qs": {
- "version": "6.11.0",
- "resolved": "https://registry.npmjs.org/qs/-/qs-6.11.0.tgz",
- "integrity": "sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==",
+ "version": "6.13.0",
+ "resolved": "https://registry.npmjs.org/qs/-/qs-6.13.0.tgz",
+ "integrity": "sha512-+38qI9SOr8tfZ4QmJNplMUxqjbe7LKvvZgWdExBOmd+egZTtjLB67Gu0HRX3u/XOq7UU2Nx6nsjvS16Z9uwfpg==",
"requires": {
- "side-channel": "^1.0.4"
+ "side-channel": "^1.0.6"
}
},
"query-string": {
@@ -5480,9 +5664,9 @@
"integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
},
"raw-body": {
- "version": "2.5.1",
- "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
- "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+ "version": "2.5.2",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
+ "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
"requires": {
"bytes": "3.1.2",
"http-errors": "2.0.0",
@@ -5569,9 +5753,9 @@
"integrity": "sha512-cBznnQ9KjJqU67B52RMC65CMarK2600WFnbkcaiwWq3xy/5haFJlshgnpjovMVJ+Hff49d8GEn0b87C5pDQ10g=="
},
"send": {
- "version": "0.18.0",
- "resolved": "https://registry.npmjs.org/send/-/send-0.18.0.tgz",
- "integrity": "sha512-qqWzuOjSFOuqPjFe4NOsMLafToQQwBSOEpS+FwEt3A2V3vKubTquT3vmLTQpFgMXp8AlFWFuP1qKaJZOtPpVXg==",
+ "version": "0.19.0",
+ "resolved": "https://registry.npmjs.org/send/-/send-0.19.0.tgz",
+ "integrity": "sha512-dW41u5VfLXu8SJh5bwRmyYUbAoSB3c9uQh6L8h/KtsFREPWpbX1lrljJo186Jc4nmci/sGUZ9a0a0J2zgfq2hw==",
"requires": {
"debug": "2.6.9",
"depd": "2.0.0",
@@ -5593,6 +5777,11 @@
"resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
"integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw=="
},
+ "encodeurl": {
+ "version": "1.0.2",
+ "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
+ "integrity": "sha512-TPJXq8JqFaVYm2CWmPvnP2Iyo4ZSM7/QKcSmuMLDObfpH5fi7RUGmd/rTDf+rut/saiDiQEeVTNgAmJEdAOx0w=="
+ },
"ms": {
"version": "2.1.3",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
@@ -5638,14 +5827,27 @@
}
},
"serve-static": {
- "version": "1.15.0",
- "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.15.0.tgz",
- "integrity": "sha512-XGuRDNjXUijsUL0vl6nSD7cwURuzEgglbOaFuZM9g3kwDXOWVTck0jLzjPzGD+TazWbboZYu52/9/XPdUgne9g==",
+ "version": "1.16.2",
+ "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.2.tgz",
+ "integrity": "sha512-VqpjJZKadQB/PEbEwvFdO43Ax5dFBZ2UECszz8bQ7pi7wt//PWe1P6MN7eCnjsatYtBT6EuiClbjSWP2WrIoTw==",
"requires": {
- "encodeurl": "~1.0.2",
+ "encodeurl": "~2.0.0",
"escape-html": "~1.0.3",
"parseurl": "~1.3.3",
- "send": "0.18.0"
+ "send": "0.19.0"
+ }
+ },
+ "set-function-length": {
+ "version": "1.2.2",
+ "resolved": "https://registry.npmjs.org/set-function-length/-/set-function-length-1.2.2.tgz",
+ "integrity": "sha512-pgRc4hJ4/sNjWCSS9AmnS40x3bNMDTknHgL5UaMBTMyJnU90EgWh1Rz+MC9eFu4BuN/UwZjKQuY/1v3rM7HMfg==",
+ "requires": {
+ "define-data-property": "^1.1.4",
+ "es-errors": "^1.3.0",
+ "function-bind": "^1.1.2",
+ "get-intrinsic": "^1.2.4",
+ "gopd": "^1.0.1",
+ "has-property-descriptors": "^1.0.2"
}
},
"setprototypeof": {
@@ -5669,13 +5871,14 @@
"dev": true
},
"side-channel": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.4.tgz",
- "integrity": "sha512-q5XPytqFEIKHkGdiMIrY10mvLRvnQh42/+GoBlFW3b2LXLE2xxJpZFdm94we0BaoV3RwJyGqg5wS7epxTv0Zvw==",
+ "version": "1.0.6",
+ "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.0.6.tgz",
+ "integrity": "sha512-fDW/EZ6Q9RiO8eFG8Hj+7u/oW+XrPTIChwCOM2+th2A6OblDtYYIpve9m+KvI9Z4C9qSEXlaGR6bTEYHReuglA==",
"requires": {
- "call-bind": "^1.0.0",
- "get-intrinsic": "^1.0.2",
- "object-inspect": "^1.9.0"
+ "call-bind": "^1.0.7",
+ "es-errors": "^1.3.0",
+ "get-intrinsic": "^1.2.4",
+ "object-inspect": "^1.13.1"
}
},
"simple-oauth2": {
diff --git a/test/e2e/oauth2-client/package.json b/test/e2e/oauth2-client/package.json
index c1655c0b7aa..5bd2a74b983 100644
--- a/test/e2e/oauth2-client/package.json
+++ b/test/e2e/oauth2-client/package.json
@@ -11,7 +11,7 @@
"dependencies": {
"body-parser": "^1.20.1",
"dotenv": "^7.0.0",
- "express": "^4.18.2",
+ "express": "^4.21.0",
"express-session": "^1.17.0",
"express-winston": "^3.4.0",
"hydra-login-consent-logout": "2.0.4-pre.2",
diff --git a/test/mock-client/main.go b/test/mock-client/main.go
index b568e553975..e553c1a951c 100644
--- a/test/mock-client/main.go
+++ b/test/mock-client/main.go
@@ -181,7 +181,7 @@ func checkTokenResponse(token oauth2token) {
}
}
- intro, resp, err := sdk.OAuth2Api.IntrospectOAuth2Token(context.Background()).Token(token.AccessToken).Execute()
+ intro, resp, err := sdk.OAuth2API.IntrospectOAuth2Token(context.Background()).Token(token.AccessToken).Execute()
defer resp.Body.Close()
if err != nil {
log.Fatalf("Unable to introspect OAuth2 token: %s", err)
diff --git a/test/mock-lcp/main.go b/test/mock-lcp/main.go
index a3c3bc13d3a..266c1d8fad2 100644
--- a/test/mock-lcp/main.go
+++ b/test/mock-lcp/main.go
@@ -24,7 +24,7 @@ func init() {
func login(rw http.ResponseWriter, r *http.Request) {
challenge := r.URL.Query().Get("login_challenge")
- lr, resp, err := client.OAuth2Api.GetOAuth2LoginRequest(r.Context()).LoginChallenge(challenge).Execute()
+ lr, resp, err := client.OAuth2API.GetOAuth2LoginRequest(r.Context()).LoginChallenge(challenge).Execute()
defer resp.Body.Close()
if err != nil {
log.Fatalf("Unable to fetch clogin request: %s", err)
@@ -37,7 +37,7 @@ func login(rw http.ResponseWriter, r *http.Request) {
remember = true
}
- vr, resp, err := client.OAuth2Api.AcceptOAuth2LoginRequest(r.Context()).
+ vr, resp, err := client.OAuth2API.AcceptOAuth2LoginRequest(r.Context()).
LoginChallenge(challenge).
AcceptOAuth2LoginRequest(hydra.AcceptOAuth2LoginRequest{
Subject: "the-subject",
@@ -49,7 +49,7 @@ func login(rw http.ResponseWriter, r *http.Request) {
}
redirectTo = vr.RedirectTo
} else {
- vr, resp, err := client.OAuth2Api.RejectOAuth2LoginRequest(r.Context()).
+ vr, resp, err := client.OAuth2API.RejectOAuth2LoginRequest(r.Context()).
LoginChallenge(challenge).
RejectOAuth2Request(hydra.RejectOAuth2Request{
Error: pointerx.String("invalid_request"),
@@ -69,7 +69,7 @@ func login(rw http.ResponseWriter, r *http.Request) {
func consent(rw http.ResponseWriter, r *http.Request) {
challenge := r.URL.Query().Get("consent_challenge")
- o, resp, err := client.OAuth2Api.GetOAuth2ConsentRequest(r.Context()).ConsentChallenge(challenge).Execute()
+ o, resp, err := client.OAuth2API.GetOAuth2ConsentRequest(r.Context()).ConsentChallenge(challenge).Execute()
defer resp.Body.Close()
if err != nil {
log.Fatalf("Unable to fetch consent request: %s", err)
@@ -86,7 +86,7 @@ func consent(rw http.ResponseWriter, r *http.Request) {
value = "rab"
}
- v, resp, err := client.OAuth2Api.AcceptOAuth2ConsentRequest(r.Context()).
+ v, resp, err := client.OAuth2API.AcceptOAuth2ConsentRequest(r.Context()).
ConsentChallenge(challenge).
AcceptOAuth2ConsentRequest(hydra.AcceptOAuth2ConsentRequest{
GrantScope: o.RequestedScope,
@@ -102,7 +102,7 @@ func consent(rw http.ResponseWriter, r *http.Request) {
}
redirectTo = v.RedirectTo
} else {
- v, resp, err := client.OAuth2Api.RejectOAuth2ConsentRequest(r.Context()).
+ v, resp, err := client.OAuth2API.RejectOAuth2ConsentRequest(r.Context()).
ConsentChallenge(challenge).
RejectOAuth2Request(hydra.RejectOAuth2Request{Error: pointerx.String("invalid_request")}).Execute()
defer resp.Body.Close()
diff --git a/x/clean_sql.go b/x/clean_sql.go
index a02a9a054ce..2b51ec2cde3 100644
--- a/x/clean_sql.go
+++ b/x/clean_sql.go
@@ -16,6 +16,7 @@ func DeleteHydraRows(t *testing.T, c *pop.Connection) {
"hydra_oauth2_code",
"hydra_oauth2_oidc",
"hydra_oauth2_pkce",
+ "hydra_oauth2_device_auth_codes",
"hydra_oauth2_flow",
"hydra_oauth2_authentication_session",
"hydra_oauth2_obfuscated_authentication_session",
@@ -39,6 +40,7 @@ func CleanSQLPop(t *testing.T, c *pop.Connection) {
"hydra_oauth2_code",
"hydra_oauth2_oidc",
"hydra_oauth2_pkce",
+ "hydra_oauth2_device_auth_codes",
"hydra_oauth2_flow",
"hydra_oauth2_authentication_session",
"hydra_oauth2_obfuscated_authentication_session",
diff --git a/x/doc_swagger.go b/x/doc_swagger.go
index 5c8fb350e8b..b178ae736da 100644
--- a/x/doc_swagger.go
+++ b/x/doc_swagger.go
@@ -4,18 +4,14 @@
package x
// Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is
-// typically 201.
+// typically 204.
//
// swagger:response emptyResponse
-//
-//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
-type emptyResponse struct{}
+type _ struct{}
// Error
//
// swagger:model errorOAuth2
-//
-//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
type errorOAuth2 struct {
// Error
Name string `json:"error"`
@@ -44,9 +40,7 @@ type errorOAuth2 struct {
// Default Error Response
//
// swagger:response errorOAuth2Default
-//
-//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
-type errorOAuth2Default struct {
+type _ struct {
// in: body
Body errorOAuth2
}
@@ -54,9 +48,7 @@ type errorOAuth2Default struct {
// Bad Request Error Response
//
// swagger:response errorOAuth2BadRequest
-//
-//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
-type errorOAuth2BadRequest struct {
+type _ struct {
// in: body
Body errorOAuth2
}
@@ -64,9 +56,7 @@ type errorOAuth2BadRequest struct {
// Not Found Error Response
//
// swagger:response errorOAuth2NotFound
-//
-//lint:ignore U1000 Used to generate Swagger and OpenAPI definitions
-type errorOAuth2NotFound struct {
+type _ struct {
// in: body
Body errorOAuth2
}
diff --git a/x/events/events.go b/x/events/events.go
index b93843f9db9..9bf804ad349 100644
--- a/x/events/events.go
+++ b/x/events/events.go
@@ -20,6 +20,8 @@ const (
// LoginRejected will be emitted when the login UI rejects a login request.
LoginRejected semconv.Event = "OAuth2LoginRejected"
+ DeviceUserCodeAccepted semconv.Event = "OAuth2DeviceUserCodeAccepted"
+
// ConsentAccepted will be emitted when the consent UI accepts a consent request.
ConsentAccepted semconv.Event = "OAuth2ConsentAccepted"
diff --git a/x/fosite_storer.go b/x/fosite_storer.go
index 23654c519b9..2313ca199d8 100644
--- a/x/fosite_storer.go
+++ b/x/fosite_storer.go
@@ -12,22 +12,21 @@ import (
"github.com/ory/fosite/handler/openid"
"github.com/ory/fosite/handler/pkce"
"github.com/ory/fosite/handler/rfc7523"
+ "github.com/ory/fosite/handler/rfc8628"
"github.com/ory/fosite/handler/verifiable"
)
type FositeStorer interface {
fosite.Storage
oauth2.CoreStorage
+ oauth2.TokenRevocationStorage
openid.OpenIDConnectRequestStorage
pkce.PKCERequestStorage
rfc7523.RFC7523KeyStorage
+ rfc8628.RFC8628CoreStorage
verifiable.NonceManager
oauth2.ResourceOwnerPasswordCredentialsGrantStorage
- RevokeRefreshToken(ctx context.Context, requestID string) error
-
- RevokeAccessToken(ctx context.Context, requestID string) error
-
// flush the access token requests from the database.
// no data will be deleted after the 'notAfter' timeframe.
FlushInactiveAccessTokens(ctx context.Context, notAfter time.Time, limit int, batchSize int) error
@@ -44,4 +43,8 @@ type FositeStorer interface {
// DeleteOpenIDConnectSession deletes an OpenID Connect session.
// This is duplicated from Ory Fosite to help against deprecation linting errors.
DeleteOpenIDConnectSession(ctx context.Context, authorizeCode string) error
+
+ GetUserCodeSession(context.Context, string, fosite.Session) (fosite.DeviceRequester, error)
+ GetDeviceCodeSessionByRequestID(ctx context.Context, requestID string, requester fosite.Session) (fosite.DeviceRequester, string, error)
+ UpdateDeviceCodeSessionBySignature(ctx context.Context, requestID string, requester fosite.DeviceRequester) error
}
diff --git a/x/hasher.go b/x/hasher.go
index 1e7bd37a6b0..34d35023120 100644
--- a/x/hasher.go
+++ b/x/hasher.go
@@ -8,8 +8,11 @@ import (
"github.com/ory/fosite"
"github.com/ory/x/hasherx"
+ "github.com/ory/x/otelx"
"go.opentelemetry.io/otel"
+ "go.opentelemetry.io/otel/attribute"
+ "go.opentelemetry.io/otel/trace"
"github.com/ory/x/errorsx"
)
@@ -51,11 +54,14 @@ func NewHasher(c config) *Hasher {
}
}
-func (b *Hasher) Hash(ctx context.Context, data []byte) ([]byte, error) {
- ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "x.hasher.Hash")
- defer span.End()
+func (b *Hasher) Hash(ctx context.Context, data []byte) (_ []byte, err error) {
+ h := b.c.GetHasherAlgorithm(ctx)
- switch b.c.GetHasherAlgorithm(ctx) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "x.hasher.Hash",
+ trace.WithAttributes(attribute.Stringer("algorithm", h)))
+ defer otelx.End(span, &err)
+
+ switch h {
case HashAlgorithmBCrypt:
return b.bcrypt.Generate(ctx, data)
case HashAlgorithmPBKDF2:
@@ -65,9 +71,9 @@ func (b *Hasher) Hash(ctx context.Context, data []byte) ([]byte, error) {
}
}
-func (b *Hasher) Compare(ctx context.Context, hash, data []byte) error {
- _, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "x.hasher.Hash")
- defer span.End()
+func (b *Hasher) Compare(ctx context.Context, hash, data []byte) (err error) {
+ ctx, span := otel.GetTracerProvider().Tracer(tracingComponent).Start(ctx, "x.hasher.Compare")
+ defer otelx.End(span, &err)
if err := hasherx.Compare(ctx, data, hash); err != nil {
return errorsx.WithStack(err)
diff --git a/x/int_to_bytes.go b/x/int_to_bytes.go
index 4cb8c9e8caf..08805ae4de2 100644
--- a/x/int_to_bytes.go
+++ b/x/int_to_bytes.go
@@ -12,7 +12,7 @@ import (
// IntToBytes converts an int64 to a byte slice. It is the inverse of BytesToInt.
func IntToBytes(i int64) []byte {
b := make([]byte, 8)
- binary.LittleEndian.PutUint64(b, uint64(i))
+ binary.LittleEndian.PutUint64(b, uint64(i)) //nolint:gosec
return b
}
@@ -22,5 +22,5 @@ func BytesToInt(b []byte) (int64, error) {
if len(b) != 8 {
return 0, errors.New("byte slice must be 8 bytes long")
}
- return int64(binary.LittleEndian.Uint64(b)), nil
+ return int64(binary.LittleEndian.Uint64(b)), nil //nolint:gosec
}
diff --git a/x/sighash.go b/x/sighash.go
new file mode 100644
index 00000000000..00069c6f998
--- /dev/null
+++ b/x/sighash.go
@@ -0,0 +1,15 @@
+// Copyright © 2024 Ory Corp
+// SPDX-License-Identifier: Apache-2.0
+
+package x
+
+import (
+ "crypto/sha512"
+ "fmt"
+)
+
+// SignatureHash hashes the signature to prevent errors where the signature is
+// longer than 128 characters (and thus doesn't fit into the pk).
+func SignatureHash(signature string) string {
+ return fmt.Sprintf("%x", sha512.Sum384([]byte(signature)))
+}