models

package
v0.0.0-...-f7bec94 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 8, 2022 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type AcceptConsentRequest

type AcceptConsentRequest struct {

	// grant access token audience
	GrantAccessTokenAudience StringSlicePipeDelimiter `json:"grant_access_token_audience,omitempty"`

	// grant scope
	GrantScope StringSlicePipeDelimiter `json:"grant_scope,omitempty"`

	// handled at
	// Format: date-time
	HandledAt NullTime `json:"handled_at,omitempty"`

	// Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same
	// client asks the same user for the same, or a subset of, scope.
	Remember bool `json:"remember,omitempty"`

	// RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the
	// authorization will be remembered indefinitely.
	RememberFor int64 `json:"remember_for,omitempty"`

	// session
	Session *ConsentRequestSession `json:"session,omitempty"`
}

AcceptConsentRequest The request payload used to accept a consent request.

swagger:model acceptConsentRequest

func (*AcceptConsentRequest) ContextValidate

func (m *AcceptConsentRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this accept consent request based on the context it is used

func (*AcceptConsentRequest) MarshalBinary

func (m *AcceptConsentRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*AcceptConsentRequest) UnmarshalBinary

func (m *AcceptConsentRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*AcceptConsentRequest) Validate

func (m *AcceptConsentRequest) Validate(formats strfmt.Registry) error

Validate validates this accept consent request

type AcceptLoginRequest

type AcceptLoginRequest struct {

	// ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
	// to express that, for example, a user authenticated using two factor authentication.
	Acr string `json:"acr,omitempty"`

	// amr
	Amr StringSlicePipeDelimiter `json:"amr,omitempty"`

	// context
	Context JSONRawMessage `json:"context,omitempty"`

	// ForceSubjectIdentifier forces the "pairwise" user ID of the end-user that authenticated. The "pairwise" user ID refers to the
	// (Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID
	// Connect specification. It allows you to set an obfuscated subject ("user") identifier that is unique to the client.
	//
	// Please note that this changes the user ID on endpoint /userinfo and sub claim of the ID Token. It does not change the
	// sub claim in the OAuth 2.0 Introspection.
	//
	// Per default, ORY Hydra handles this value with its own algorithm. In case you want to set this yourself
	// you can use this field. Please note that setting this field has no effect if `pairwise` is not configured in
	// ORY Hydra or the OAuth 2.0 Client does not expect a pairwise identifier (set via `subject_type` key in the client's
	// configuration).
	//
	// Please also be aware that ORY Hydra is unable to properly compute this value during authentication. This implies
	// that you have to compute this value on every authentication process (probably depending on the client ID or some
	// other unique value).
	//
	// If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail.
	ForceSubjectIdentifier string `json:"force_subject_identifier,omitempty"`

	// Remember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store
	// a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she
	// will not be asked to log in again.
	Remember bool `json:"remember,omitempty"`

	// RememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the
	// authorization will be remembered for the duration of the browser session (using a session cookie).
	RememberFor int64 `json:"remember_for,omitempty"`

	// Subject is the user ID of the end-user that authenticated.
	// Required: true
	Subject *string `json:"subject"`
}

AcceptLoginRequest HandledLoginRequest is the request payload used to accept a login request.

swagger:model acceptLoginRequest

func (*AcceptLoginRequest) ContextValidate

func (m *AcceptLoginRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this accept login request based on the context it is used

func (*AcceptLoginRequest) MarshalBinary

func (m *AcceptLoginRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*AcceptLoginRequest) UnmarshalBinary

func (m *AcceptLoginRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*AcceptLoginRequest) Validate

func (m *AcceptLoginRequest) Validate(formats strfmt.Registry) error

Validate validates this accept login request

type CompletedRequest

type CompletedRequest struct {

	// RedirectURL is the URL which you should redirect the user to once the authentication process is completed.
	// Required: true
	RedirectTo *string `json:"redirect_to"`
}

CompletedRequest The response payload sent when accepting or rejecting a login or consent request.

swagger:model completedRequest

func (*CompletedRequest) ContextValidate

func (m *CompletedRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this completed request based on context it is used

func (*CompletedRequest) MarshalBinary

func (m *CompletedRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*CompletedRequest) UnmarshalBinary

func (m *CompletedRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*CompletedRequest) Validate

func (m *CompletedRequest) Validate(formats strfmt.Registry) error

Validate validates this completed request

type ConsentRequest

type ConsentRequest struct {

	// ACR represents the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
	// to express that, for example, a user authenticated using two factor authentication.
	Acr string `json:"acr,omitempty"`

	// amr
	Amr StringSlicePipeDelimiter `json:"amr,omitempty"`

	// ID is the identifier ("authorization challenge") of the consent authorization request. It is used to
	// identify the session.
	// Required: true
	Challenge *string `json:"challenge"`

	// client
	Client *OAuth2Client `json:"client,omitempty"`

	// context
	Context JSONRawMessage `json:"context,omitempty"`

	// LoginChallenge is the login challenge this consent challenge belongs to. It can be used to associate
	// a login and consent request in the login & consent app.
	LoginChallenge string `json:"login_challenge,omitempty"`

	// LoginSessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag)
	// this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false)
	// this will be a new random value. This value is used as the "sid" parameter in the ID Token and in OIDC Front-/Back-
	// channel logout. It's value can generally be used to associate consecutive login requests by a certain user.
	LoginSessionID string `json:"login_session_id,omitempty"`

	// oidc context
	OidcContext *OpenIDConnectContext `json:"oidc_context,omitempty"`

	// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which
	// initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but
	// might come in handy if you want to deal with additional request parameters.
	RequestURL string `json:"request_url,omitempty"`

	// requested access token audience
	RequestedAccessTokenAudience StringSlicePipeDelimiter `json:"requested_access_token_audience,omitempty"`

	// requested scope
	RequestedScope StringSlicePipeDelimiter `json:"requested_scope,omitempty"`

	// Skip, if true, implies that the client has requested the same scopes from the same user previously.
	// If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the
	// consent request using the usual API call.
	Skip bool `json:"skip,omitempty"`

	// Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope
	// requested by the OAuth 2.0 client.
	Subject string `json:"subject,omitempty"`
}

ConsentRequest Contains information on an ongoing consent request.

swagger:model consentRequest

func (*ConsentRequest) ContextValidate

func (m *ConsentRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this consent request based on the context it is used

func (*ConsentRequest) MarshalBinary

func (m *ConsentRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*ConsentRequest) UnmarshalBinary

func (m *ConsentRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*ConsentRequest) Validate

func (m *ConsentRequest) Validate(formats strfmt.Registry) error

Validate validates this consent request

type ConsentRequestSession

type ConsentRequestSession struct {

	// AccessToken sets session data for the access and refresh token, as well as any future tokens issued by the
	// refresh grant. Keep in mind that this data will be available to anyone performing OAuth 2.0 Challenge Introspection.
	// If only your services can perform OAuth 2.0 Challenge Introspection, this is usually fine. But if third parties
	// can access that endpoint as well, sensitive data from the session might be exposed to them. Use with care!
	AccessToken interface{} `json:"access_token,omitempty"`

	// IDToken sets session data for the OpenID Connect ID token. Keep in mind that the session'id payloads are readable
	// by anyone that has access to the ID Challenge. Use with care!
	IDToken interface{} `json:"id_token,omitempty"`
}

ConsentRequestSession Used to pass session data to a consent request.

swagger:model consentRequestSession

func (*ConsentRequestSession) ContextValidate

func (m *ConsentRequestSession) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this consent request session based on context it is used

func (*ConsentRequestSession) MarshalBinary

func (m *ConsentRequestSession) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*ConsentRequestSession) UnmarshalBinary

func (m *ConsentRequestSession) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*ConsentRequestSession) Validate

func (m *ConsentRequestSession) Validate(formats strfmt.Registry) error

Validate validates this consent request session

type DefaultSession

type DefaultSession struct {

	// expires at
	ExpiresAt map[string]strfmt.DateTime `json:"expires_at,omitempty"`

	// headers
	Headers *Headers `json:"headers,omitempty"`

	// id token claims
	IDTokenClaims *IDTokenClaims `json:"id_token_claims,omitempty"`

	// subject
	Subject string `json:"subject,omitempty"`

	// username
	Username string `json:"username,omitempty"`
}

DefaultSession IDTokenSession is a session container for the id token

swagger:model DefaultSession

func (*DefaultSession) ContextValidate

func (m *DefaultSession) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this default session based on the context it is used

func (*DefaultSession) MarshalBinary

func (m *DefaultSession) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*DefaultSession) UnmarshalBinary

func (m *DefaultSession) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*DefaultSession) Validate

func (m *DefaultSession) Validate(formats strfmt.Registry) error

Validate validates this default session

type FlushInactiveOAuth2TokensRequest

type FlushInactiveOAuth2TokensRequest struct {

	// NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history
	// of recently issued tokens for auditing.
	// Format: date-time
	NotAfter strfmt.DateTime `json:"notAfter,omitempty"`
}

FlushInactiveOAuth2TokensRequest flush inactive o auth2 tokens request

swagger:model flushInactiveOAuth2TokensRequest

func (*FlushInactiveOAuth2TokensRequest) ContextValidate

func (m *FlushInactiveOAuth2TokensRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this flush inactive o auth2 tokens request based on context it is used

func (*FlushInactiveOAuth2TokensRequest) MarshalBinary

func (m *FlushInactiveOAuth2TokensRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*FlushInactiveOAuth2TokensRequest) UnmarshalBinary

func (m *FlushInactiveOAuth2TokensRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*FlushInactiveOAuth2TokensRequest) Validate

Validate validates this flush inactive o auth2 tokens request

type FlushLoginConsentRequest

type FlushLoginConsentRequest struct {

	// NotAfter sets after which point tokens should not be flushed. This is useful when you want to keep a history
	// of recent login and consent database entries for auditing.
	// Format: date-time
	NotAfter strfmt.DateTime `json:"notAfter,omitempty"`
}

FlushLoginConsentRequest flush login consent request

swagger:model flushLoginConsentRequest

func (*FlushLoginConsentRequest) ContextValidate

func (m *FlushLoginConsentRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this flush login consent request based on context it is used

func (*FlushLoginConsentRequest) MarshalBinary

func (m *FlushLoginConsentRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*FlushLoginConsentRequest) UnmarshalBinary

func (m *FlushLoginConsentRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*FlushLoginConsentRequest) Validate

func (m *FlushLoginConsentRequest) Validate(formats strfmt.Registry) error

Validate validates this flush login consent request

type GenericError

type GenericError struct {

	// The status code
	// Example: 404
	Code int64 `json:"code,omitempty"`

	// Debug information
	//
	// This field is often not exposed to protect against leaking
	// sensitive information.
	// Example: SQL field \"foo\" is not a bool.
	Debug string `json:"debug,omitempty"`

	// Further error details
	Details interface{} `json:"details,omitempty"`

	// The error ID
	//
	// Useful when trying to identify various errors in application logic.
	ID string `json:"id,omitempty"`

	// Error message
	//
	// The error's message.
	// Example: The resource could not be found
	// Required: true
	Message *string `json:"message"`

	// A human-readable reason for the error
	// Example: User with ID 1234 does not exist.
	Reason string `json:"reason,omitempty"`

	// The request ID
	//
	// The request ID is often exposed internally in order to trace
	// errors across service architectures. This is often a UUID.
	// Example: d7ef54b1-ec15-46e6-bccb-524b82c035e6
	Request string `json:"request,omitempty"`

	// The status description
	// Example: Not Found
	Status string `json:"status,omitempty"`
}

GenericError generic error

swagger:model genericError

func (*GenericError) ContextValidate

func (m *GenericError) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this generic error based on context it is used

func (*GenericError) MarshalBinary

func (m *GenericError) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*GenericError) UnmarshalBinary

func (m *GenericError) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*GenericError) Validate

func (m *GenericError) Validate(formats strfmt.Registry) error

Validate validates this generic error

type Headers

type Headers struct {

	// extra
	Extra interface{} `json:"extra,omitempty"`
}

Headers Headers is the jwt headers

swagger:model Headers

func (*Headers) ContextValidate

func (m *Headers) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this headers based on context it is used

func (*Headers) MarshalBinary

func (m *Headers) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*Headers) UnmarshalBinary

func (m *Headers) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*Headers) Validate

func (m *Headers) Validate(formats strfmt.Registry) error

Validate validates this headers

type HealthNotReadyStatus

type HealthNotReadyStatus struct {

	// Errors contains a list of errors that caused the not ready status.
	Errors map[string]string `json:"errors,omitempty"`
}

HealthNotReadyStatus health not ready status

swagger:model healthNotReadyStatus

func (*HealthNotReadyStatus) ContextValidate

func (m *HealthNotReadyStatus) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this health not ready status based on context it is used

func (*HealthNotReadyStatus) MarshalBinary

func (m *HealthNotReadyStatus) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*HealthNotReadyStatus) UnmarshalBinary

func (m *HealthNotReadyStatus) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*HealthNotReadyStatus) Validate

func (m *HealthNotReadyStatus) Validate(formats strfmt.Registry) error

Validate validates this health not ready status

type HealthStatus

type HealthStatus struct {

	// Status always contains "ok".
	Status string `json:"status,omitempty"`
}

HealthStatus health status

swagger:model healthStatus

func (*HealthStatus) ContextValidate

func (m *HealthStatus) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this health status based on context it is used

func (*HealthStatus) MarshalBinary

func (m *HealthStatus) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*HealthStatus) UnmarshalBinary

func (m *HealthStatus) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*HealthStatus) Validate

func (m *HealthStatus) Validate(formats strfmt.Registry) error

Validate validates this health status

type IDTokenClaims

type IDTokenClaims struct {

	// acr
	Acr string `json:"acr,omitempty"`

	// amr
	Amr []string `json:"amr"`

	// at hash
	AtHash string `json:"at_hash,omitempty"`

	// aud
	Aud []string `json:"aud"`

	// auth time
	// Format: date-time
	AuthTime strfmt.DateTime `json:"auth_time,omitempty"`

	// c hash
	CHash string `json:"c_hash,omitempty"`

	// exp
	// Format: date-time
	Exp strfmt.DateTime `json:"exp,omitempty"`

	// ext
	Ext interface{} `json:"ext,omitempty"`

	// iat
	// Format: date-time
	Iat strfmt.DateTime `json:"iat,omitempty"`

	// iss
	Iss string `json:"iss,omitempty"`

	// jti
	Jti string `json:"jti,omitempty"`

	// nonce
	Nonce string `json:"nonce,omitempty"`

	// rat
	// Format: date-time
	Rat strfmt.DateTime `json:"rat,omitempty"`

	// sub
	Sub string `json:"sub,omitempty"`
}

IDTokenClaims IDTokenClaims represent the claims used in open id connect requests

swagger:model IDTokenClaims

func (*IDTokenClaims) ContextValidate

func (m *IDTokenClaims) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this ID token claims based on context it is used

func (*IDTokenClaims) MarshalBinary

func (m *IDTokenClaims) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*IDTokenClaims) UnmarshalBinary

func (m *IDTokenClaims) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*IDTokenClaims) Validate

func (m *IDTokenClaims) Validate(formats strfmt.Registry) error

Validate validates this ID token claims

type JSONError

type JSONError struct {

	// Name is the error name.
	// Example: The requested resource could not be found
	Error string `json:"error,omitempty"`

	// Debug contains debug information. This is usually not available and has to be enabled.
	// Example: The database adapter was unable to find the element
	ErrorDebug string `json:"error_debug,omitempty"`

	// Description contains further information on the nature of the error.
	// Example: Object with ID 12345 does not exist
	ErrorDescription string `json:"error_description,omitempty"`

	// Code represents the error status code (404, 403, 401, ...).
	// Example: 404
	StatusCode int64 `json:"status_code,omitempty"`
}

JSONError Generic Error Response

Error responses are sent when an error (e.g. unauthorized, bad request, ...) occurred.

swagger:model jsonError

func (*JSONError) ContextValidate

func (m *JSONError) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this json error based on context it is used

func (*JSONError) MarshalBinary

func (m *JSONError) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*JSONError) UnmarshalBinary

func (m *JSONError) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*JSONError) Validate

func (m *JSONError) Validate(formats strfmt.Registry) error

Validate validates this json error

type JSONRawMessage

type JSONRawMessage interface{}

JSONRawMessage JSONRawMessage represents a json.RawMessage that works well with JSON, SQL, and Swagger.

swagger:model JSONRawMessage

type JSONWebKey

type JSONWebKey struct {

	// The "alg" (algorithm) parameter identifies the algorithm intended for
	// use with the key.  The values used should either be registered in the
	// IANA "JSON Web Signature and Encryption Algorithms" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.
	// Example: RS256
	// Required: true
	Alg *string `json:"alg"`

	// crv
	// Example: P-256
	Crv string `json:"crv,omitempty"`

	// d
	// Example: T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE
	D string `json:"d,omitempty"`

	// dp
	// Example: G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0
	Dp string `json:"dp,omitempty"`

	// dq
	// Example: s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk
	Dq string `json:"dq,omitempty"`

	// e
	// Example: AQAB
	E string `json:"e,omitempty"`

	// k
	// Example: GawgguFyGrWKav7AX4VKUg
	K string `json:"k,omitempty"`

	// The "kid" (key ID) parameter is used to match a specific key.  This
	// is used, for instance, to choose among a set of keys within a JWK Set
	// during key rollover.  The structure of the "kid" value is
	// unspecified.  When "kid" values are used within a JWK Set, different
	// keys within the JWK Set SHOULD use distinct "kid" values.  (One
	// example in which different keys might use the same "kid" value is if
	// they have different "kty" (key type) values but are considered to be
	// equivalent alternatives by the application using them.)  The "kid"
	// value is a case-sensitive string.
	// Example: 1603dfe0af8f4596
	// Required: true
	Kid *string `json:"kid"`

	// The "kty" (key type) parameter identifies the cryptographic algorithm
	// family used with the key, such as "RSA" or "EC". "kty" values should
	// either be registered in the IANA "JSON Web Key Types" registry
	// established by [JWA] or be a value that contains a Collision-
	// Resistant Name.  The "kty" value is a case-sensitive string.
	// Example: RSA
	// Required: true
	Kty *string `json:"kty"`

	// n
	// Example: vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0
	N string `json:"n,omitempty"`

	// p
	// Example: 6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ
	P string `json:"p,omitempty"`

	// q
	// Example: 0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ
	Q string `json:"q,omitempty"`

	// qi
	// Example: GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU
	Qi string `json:"qi,omitempty"`

	// Use ("public key use") identifies the intended use of
	// the public key. The "use" parameter is employed to indicate whether
	// a public key is used for encrypting data or verifying the signature
	// on data. Values are commonly "sig" (signature) or "enc" (encryption).
	// Example: sig
	// Required: true
	Use *string `json:"use"`

	// x
	// Example: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU
	X string `json:"x,omitempty"`

	// The "x5c" (X.509 certificate chain) parameter contains a chain of one
	// or more PKIX certificates [RFC5280].  The certificate chain is
	// represented as a JSON array of certificate value strings.  Each
	// string in the array is a base64-encoded (Section 4 of [RFC4648] --
	// not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
	// The PKIX certificate containing the key value MUST be the first
	// certificate.
	X5c []string `json:"x5c"`

	// y
	// Example: x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0
	Y string `json:"y,omitempty"`
}

JSONWebKey It is important that this model object is named JSONWebKey for "swagger generate spec" to generate only on definition of a JSONWebKey.

swagger:model JSONWebKey

func (*JSONWebKey) ContextValidate

func (m *JSONWebKey) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this JSON web key based on context it is used

func (*JSONWebKey) MarshalBinary

func (m *JSONWebKey) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*JSONWebKey) UnmarshalBinary

func (m *JSONWebKey) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*JSONWebKey) Validate

func (m *JSONWebKey) Validate(formats strfmt.Registry) error

Validate validates this JSON web key

type JSONWebKeySet

type JSONWebKeySet struct {

	// The value of the "keys" parameter is an array of JWK values.  By
	// default, the order of the JWK values within the array does not imply
	// an order of preference among them, although applications of JWK Sets
	// can choose to assign a meaning to the order for their purposes, if
	// desired.
	Keys []*JSONWebKey `json:"keys"`
}

JSONWebKeySet It is important that this model object is named JSONWebKeySet for "swagger generate spec" to generate only on definition of a JSONWebKeySet. Since one with the same name is previously defined as client.Client.JSONWebKeys and this one is last, this one will be effectively written in the swagger spec.

swagger:model JSONWebKeySet

func (*JSONWebKeySet) ContextValidate

func (m *JSONWebKeySet) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this JSON web key set based on the context it is used

func (*JSONWebKeySet) MarshalBinary

func (m *JSONWebKeySet) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*JSONWebKeySet) UnmarshalBinary

func (m *JSONWebKeySet) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*JSONWebKeySet) Validate

func (m *JSONWebKeySet) Validate(formats strfmt.Registry) error

Validate validates this JSON web key set

type JSONWebKeySetGeneratorRequest

type JSONWebKeySetGeneratorRequest struct {

	// The algorithm to be used for creating the key. Supports "RS256", "ES256", "ES512", "HS512", and "HS256"
	// Required: true
	Alg *string `json:"alg"`

	// The kid of the key to be created
	// Required: true
	Kid *string `json:"kid"`

	// The "use" (public key use) parameter identifies the intended use of
	// the public key. The "use" parameter is employed to indicate whether
	// a public key is used for encrypting data or verifying the signature
	// on data. Valid values are "enc" and "sig".
	// Required: true
	Use *string `json:"use"`
}

JSONWebKeySetGeneratorRequest json web key set generator request

swagger:model jsonWebKeySetGeneratorRequest

func (*JSONWebKeySetGeneratorRequest) ContextValidate

func (m *JSONWebKeySetGeneratorRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this json web key set generator request based on context it is used

func (*JSONWebKeySetGeneratorRequest) MarshalBinary

func (m *JSONWebKeySetGeneratorRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*JSONWebKeySetGeneratorRequest) UnmarshalBinary

func (m *JSONWebKeySetGeneratorRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*JSONWebKeySetGeneratorRequest) Validate

func (m *JSONWebKeySetGeneratorRequest) Validate(formats strfmt.Registry) error

Validate validates this json web key set generator request

type JoseJSONWebKeySet

type JoseJSONWebKeySet interface{}

JoseJSONWebKeySet jose JSON web key set

swagger:model JoseJSONWebKeySet

type LoginRequest

type LoginRequest struct {

	// ID is the identifier ("login challenge") of the login request. It is used to
	// identify the session.
	// Required: true
	Challenge *string `json:"challenge"`

	// client
	// Required: true
	Client *OAuth2Client `json:"client"`

	// oidc context
	OidcContext *OpenIDConnectContext `json:"oidc_context,omitempty"`

	// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which
	// initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but
	// might come in handy if you want to deal with additional request parameters.
	// Required: true
	RequestURL *string `json:"request_url"`

	// requested access token audience
	// Required: true
	RequestedAccessTokenAudience StringSlicePipeDelimiter `json:"requested_access_token_audience"`

	// requested scope
	// Required: true
	RequestedScope StringSlicePipeDelimiter `json:"requested_scope"`

	// SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag)
	// this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false)
	// this will be a new random value. This value is used as the "sid" parameter in the ID Token and in OIDC Front-/Back-
	// channel logout. It's value can generally be used to associate consecutive login requests by a certain user.
	SessionID string `json:"session_id,omitempty"`

	// Skip, if true, implies that the client has requested the same scopes from the same user previously.
	// If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.
	//
	// This feature allows you to update / set session information.
	// Required: true
	Skip *bool `json:"skip"`

	// Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope
	// requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type
	// when accepting the login request, or the request will fail.
	// Required: true
	Subject *string `json:"subject"`
}

LoginRequest Contains information on an ongoing login request.

swagger:model loginRequest

func (*LoginRequest) ContextValidate

func (m *LoginRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this login request based on the context it is used

func (*LoginRequest) MarshalBinary

func (m *LoginRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*LoginRequest) UnmarshalBinary

func (m *LoginRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*LoginRequest) Validate

func (m *LoginRequest) Validate(formats strfmt.Registry) error

Validate validates this login request

type LogoutRequest

type LogoutRequest struct {

	// Challenge is the identifier ("logout challenge") of the logout authentication request. It is used to
	// identify the session.
	Challenge string `json:"challenge,omitempty"`

	// client
	Client *OAuth2Client `json:"client,omitempty"`

	// RequestURL is the original Logout URL requested.
	RequestURL string `json:"request_url,omitempty"`

	// RPInitiated is set to true if the request was initiated by a Relying Party (RP), also known as an OAuth 2.0 Client.
	RpInitiated bool `json:"rp_initiated,omitempty"`

	// SessionID is the login session ID that was requested to log out.
	Sid string `json:"sid,omitempty"`

	// Subject is the user for whom the logout was request.
	Subject string `json:"subject,omitempty"`
}

LogoutRequest Contains information about an ongoing logout request.

swagger:model logoutRequest

func (*LogoutRequest) ContextValidate

func (m *LogoutRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this logout request based on the context it is used

func (*LogoutRequest) MarshalBinary

func (m *LogoutRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*LogoutRequest) UnmarshalBinary

func (m *LogoutRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*LogoutRequest) Validate

func (m *LogoutRequest) Validate(formats strfmt.Registry) error

Validate validates this logout request

type NullDuration

type NullDuration string

NullDuration NullDuration represents a nullable JSON and SQL compatible time.Duration.

TODO delete this type and replace it with ory/x/sqlxx/NullDuration when applying the custom client token TTL patch to Hydra 2.x

swagger:model NullDuration

func (NullDuration) ContextValidate

func (m NullDuration) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this null duration based on context it is used

func (NullDuration) Validate

func (m NullDuration) Validate(formats strfmt.Registry) error

Validate validates this null duration

type NullTime

type NullTime strfmt.DateTime

NullTime NullTime implements sql.NullTime functionality.

swagger:model nullTime

func (NullTime) ContextValidate

func (m NullTime) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this null time based on context it is used

func (*NullTime) MarshalBinary

func (m *NullTime) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (NullTime) MarshalJSON

func (m NullTime) MarshalJSON() ([]byte, error)

MarshalJSON retrieves a NullTime value as JSON output

func (*NullTime) UnmarshalBinary

func (m *NullTime) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*NullTime) UnmarshalJSON

func (m *NullTime) UnmarshalJSON(b []byte) error

UnmarshalJSON sets a NullTime value from JSON input

func (NullTime) Validate

func (m NullTime) Validate(formats strfmt.Registry) error

Validate validates this null time

type OAuth2AccessRequest

type OAuth2AccessRequest struct {

	// ClientID is the identifier of the OAuth 2.0 client.
	ClientID string `json:"client_id,omitempty"`

	// GrantTypes is the requests grant types.
	GrantTypes []string `json:"grant_types"`

	// GrantedAudience is the list of audiences granted to the OAuth 2.0 client.
	GrantedAudience []string `json:"granted_audience"`

	// GrantedScopes is the list of scopes granted to the OAuth 2.0 client.
	GrantedScopes []string `json:"granted_scopes"`
}

OAuth2AccessRequest Requester is a token endpoint's request context.

swagger:model oAuth2AccessRequest

func (*OAuth2AccessRequest) ContextValidate

func (m *OAuth2AccessRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this o auth2 access request based on context it is used

func (*OAuth2AccessRequest) MarshalBinary

func (m *OAuth2AccessRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*OAuth2AccessRequest) UnmarshalBinary

func (m *OAuth2AccessRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*OAuth2AccessRequest) Validate

func (m *OAuth2AccessRequest) Validate(formats strfmt.Registry) error

Validate validates this o auth2 access request

type OAuth2Client

type OAuth2Client struct {

	// allowed cors origins
	AllowedCorsOrigins StringSlicePipeDelimiter `json:"allowed_cors_origins,omitempty"`

	// audience
	Audience StringSlicePipeDelimiter `json:"audience,omitempty"`

	// authorization code grant access token lifespan
	AuthorizationCodeGrantAccessTokenLifespan NullDuration `json:"authorization_code_grant_access_token_lifespan,omitempty"`

	// authorization code grant id token lifespan
	AuthorizationCodeGrantIDTokenLifespan NullDuration `json:"authorization_code_grant_id_token_lifespan,omitempty"`

	// authorization code grant refresh token lifespan
	AuthorizationCodeGrantRefreshTokenLifespan NullDuration `json:"authorization_code_grant_refresh_token_lifespan,omitempty"`

	// Boolean value specifying whether the RP requires that a sid (session ID) Claim be included in the Logout
	// Token to identify the RP session with the OP when the backchannel_logout_uri is used.
	// If omitted, the default value is false.
	BackchannelLogoutSessionRequired bool `json:"backchannel_logout_session_required,omitempty"`

	// RP URL that will cause the RP to log itself out when sent a Logout Token by the OP.
	BackchannelLogoutURI string `json:"backchannel_logout_uri,omitempty"`

	// client credentials grant access token lifespan
	ClientCredentialsGrantAccessTokenLifespan NullDuration `json:"client_credentials_grant_access_token_lifespan,omitempty"`

	// ID  is the id for this client.
	ClientID string `json:"client_id,omitempty"`

	// Name is the human-readable string name of the client to be presented to the
	// end-user during authorization.
	ClientName string `json:"client_name,omitempty"`

	// Secret is the client's secret. The secret will be included in the create request as cleartext, and then
	// never again. The secret is stored using BCrypt so it is impossible to recover it. Tell your users
	// that they need to write the secret down as it will not be made available again.
	ClientSecret string `json:"client_secret,omitempty"`

	// SecretExpiresAt is an integer holding the time at which the client
	// secret will expire or 0 if it will not expire. The time is
	// represented as the number of seconds from 1970-01-01T00:00:00Z as
	// measured in UTC until the date/time of expiration.
	//
	// This feature is currently not supported and it's value will always
	// be set to 0.
	ClientSecretExpiresAt int64 `json:"client_secret_expires_at,omitempty"`

	// ClientURI is an URL string of a web page providing information about the client.
	// If present, the server SHOULD display this URL to the end-user in
	// a clickable fashion.
	ClientURI string `json:"client_uri,omitempty"`

	// contacts
	Contacts StringSlicePipeDelimiter `json:"contacts,omitempty"`

	// CreatedAt returns the timestamp of the client's creation.
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty"`

	// Boolean value specifying whether the RP requires that iss (issuer) and sid (session ID) query parameters be
	// included to identify the RP session with the OP when the frontchannel_logout_uri is used.
	// If omitted, the default value is false.
	FrontchannelLogoutSessionRequired bool `json:"frontchannel_logout_session_required,omitempty"`

	// RP URL that will cause the RP to log itself out when rendered in an iframe by the OP. An iss (issuer) query
	// parameter and a sid (session ID) query parameter MAY be included by the OP to enable the RP to validate the
	// request and to determine which of the potentially multiple sessions is to be logged out; if either is
	// included, both MUST be.
	FrontchannelLogoutURI string `json:"frontchannel_logout_uri,omitempty"`

	// grant types
	GrantTypes StringSlicePipeDelimiter `json:"grant_types,omitempty"`

	// implicit grant access token lifespan
	ImplicitGrantAccessTokenLifespan NullDuration `json:"implicit_grant_access_token_lifespan,omitempty"`

	// implicit grant id token lifespan
	ImplicitGrantIDTokenLifespan NullDuration `json:"implicit_grant_id_token_lifespan,omitempty"`

	// jwks
	Jwks JoseJSONWebKeySet `json:"jwks,omitempty"`

	// URL for the Client's JSON Web Key Set [JWK] document. If the Client signs requests to the Server, it contains
	// the signing key(s) the Server uses to validate signatures from the Client. The JWK Set MAY also contain the
	// Client's encryption keys(s), which are used by the Server to encrypt responses to the Client. When both signing
	// and encryption keys are made available, a use (Key Use) parameter value is REQUIRED for all keys in the referenced
	// JWK Set to indicate each key's intended usage. Although some algorithms allow the same key to be used for both
	// signatures and encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used
	// to provide X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST
	// match those in the certificate.
	JwksURI string `json:"jwks_uri,omitempty"`

	// jwt bearer grant access token lifespan
	JwtBearerGrantAccessTokenLifespan NullDuration `json:"jwt_bearer_grant_access_token_lifespan,omitempty"`

	// LogoURI is an URL string that references a logo for the client.
	LogoURI string `json:"logo_uri,omitempty"`

	// metadata
	Metadata JSONRawMessage `json:"metadata,omitempty"`

	// Owner is a string identifying the owner of the OAuth 2.0 Client.
	Owner string `json:"owner,omitempty"`

	// password grant access token lifespan
	PasswordGrantAccessTokenLifespan NullDuration `json:"password_grant_access_token_lifespan,omitempty"`

	// password grant refresh token lifespan
	PasswordGrantRefreshTokenLifespan NullDuration `json:"password_grant_refresh_token_lifespan,omitempty"`

	// PolicyURI is a URL string that points to a human-readable privacy policy document
	// that describes how the deployment organization collects, uses,
	// retains, and discloses personal data.
	PolicyURI string `json:"policy_uri,omitempty"`

	// post logout redirect uris
	PostLogoutRedirectUris StringSlicePipeDelimiter `json:"post_logout_redirect_uris,omitempty"`

	// redirect uris
	RedirectUris StringSlicePipeDelimiter `json:"redirect_uris,omitempty"`

	// refresh token grant access token lifespan
	RefreshTokenGrantAccessTokenLifespan NullDuration `json:"refresh_token_grant_access_token_lifespan,omitempty"`

	// refresh token grant id token lifespan
	RefreshTokenGrantIDTokenLifespan NullDuration `json:"refresh_token_grant_id_token_lifespan,omitempty"`

	// refresh token grant refresh token lifespan
	RefreshTokenGrantRefreshTokenLifespan NullDuration `json:"refresh_token_grant_refresh_token_lifespan,omitempty"`

	// RegistrationAccessToken can be used to update, get, or delete the OAuth2 Client.
	RegistrationAccessToken string `json:"registration_access_token,omitempty"`

	// RegistrationClientURI is the URL used to update, get, or delete the OAuth2 Client.
	RegistrationClientURI string `json:"registration_client_uri,omitempty"`

	// JWS [JWS] alg algorithm [JWA] that MUST be used for signing Request Objects sent to the OP. All Request Objects
	// from this Client MUST be rejected, if not signed with this algorithm.
	RequestObjectSigningAlg string `json:"request_object_signing_alg,omitempty"`

	// request uris
	RequestUris StringSlicePipeDelimiter `json:"request_uris,omitempty"`

	// response types
	ResponseTypes StringSlicePipeDelimiter `json:"response_types,omitempty"`

	// Scope is a string containing a space-separated list of scope values (as
	// described in Section 3.3 of OAuth 2.0 [RFC6749]) that the client
	// can use when requesting access tokens.
	// Pattern: ([a-zA-Z0-9\.\*]+\s?)+
	Scope string `json:"scope,omitempty"`

	// URL using the https scheme to be used in calculating Pseudonymous Identifiers by the OP. The URL references a
	// file with a single JSON array of redirect_uri values.
	SectorIdentifierURI string `json:"sector_identifier_uri,omitempty"`

	// SubjectType requested for responses to this Client. The subject_types_supported Discovery parameter contains a
	// list of the supported subject_type values for this server. Valid types include `pairwise` and `public`.
	SubjectType string `json:"subject_type,omitempty"`

	// Requested Client Authentication method for the Token Endpoint. The options are client_secret_post,
	// client_secret_basic, private_key_jwt, and none.
	TokenEndpointAuthMethod string `json:"token_endpoint_auth_method,omitempty"`

	// Requested Client Authentication signing algorithm for the Token Endpoint.
	TokenEndpointAuthSigningAlg string `json:"token_endpoint_auth_signing_alg,omitempty"`

	// TermsOfServiceURI is a URL string that points to a human-readable terms of service
	// document for the client that describes a contractual relationship
	// between the end-user and the client that the end-user accepts when
	// authorizing the client.
	TosURI string `json:"tos_uri,omitempty"`

	// UpdatedAt returns the timestamp of the last update.
	// Format: date-time
	UpdatedAt strfmt.DateTime `json:"updated_at,omitempty"`

	// JWS alg algorithm [JWA] REQUIRED for signing UserInfo Responses. If this is specified, the response will be JWT
	// [JWT] serialized, and signed using JWS. The default, if omitted, is for the UserInfo Response to return the Claims
	// as a UTF-8 encoded JSON object using the application/json content-type.
	UserinfoSignedResponseAlg string `json:"userinfo_signed_response_alg,omitempty"`
}

OAuth2Client Client represents an OAuth 2.0 Client.

swagger:model oAuth2Client

func (*OAuth2Client) ContextValidate

func (m *OAuth2Client) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this o auth2 client based on the context it is used

func (*OAuth2Client) MarshalBinary

func (m *OAuth2Client) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*OAuth2Client) UnmarshalBinary

func (m *OAuth2Client) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*OAuth2Client) Validate

func (m *OAuth2Client) Validate(formats strfmt.Registry) error

Validate validates this o auth2 client

type OAuth2TokenIntrospection

type OAuth2TokenIntrospection struct {

	// Active is a boolean indicator of whether or not the presented token
	// is currently active.  The specifics of a token's "active" state
	// will vary depending on the implementation of the authorization
	// server and the information it keeps about its tokens, but a "true"
	// value return for the "active" property will generally indicate
	// that a given token has been issued by this authorization server,
	// has not been revoked by the resource owner, and is within its
	// given time window of validity (e.g., after its issuance time and
	// before its expiration time).
	// Required: true
	Active *bool `json:"active"`

	// Audience contains a list of the token's intended audiences.
	Aud []string `json:"aud"`

	// ID is aclient identifier for the OAuth 2.0 client that
	// requested this token.
	ClientID string `json:"client_id,omitempty"`

	// Expires at is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token will expire.
	Exp int64 `json:"exp,omitempty"`

	// Extra is arbitrary data set by the session.
	Ext interface{} `json:"ext,omitempty"`

	// Issued at is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token was
	// originally issued.
	Iat int64 `json:"iat,omitempty"`

	// IssuerURL is a string representing the issuer of this token
	Iss string `json:"iss,omitempty"`

	// NotBefore is an integer timestamp, measured in the number of seconds
	// since January 1 1970 UTC, indicating when this token is not to be
	// used before.
	Nbf int64 `json:"nbf,omitempty"`

	// ObfuscatedSubject is set when the subject identifier algorithm was set to "pairwise" during authorization.
	// It is the `sub` value of the ID Token that was issued.
	ObfuscatedSubject string `json:"obfuscated_subject,omitempty"`

	// Scope is a JSON string containing a space-separated list of
	// scopes associated with this token.
	Scope string `json:"scope,omitempty"`

	// Subject of the token, as defined in JWT [RFC7519].
	// Usually a machine-readable identifier of the resource owner who
	// authorized this token.
	Sub string `json:"sub,omitempty"`

	// TokenType is the introspected token's type, typically `Bearer`.
	TokenType string `json:"token_type,omitempty"`

	// TokenUse is the introspected token's use, for example `access_token` or `refresh_token`.
	TokenUse string `json:"token_use,omitempty"`

	// Username is a human-readable identifier for the resource owner who
	// authorized this token.
	Username string `json:"username,omitempty"`
}

OAuth2TokenIntrospection Introspection contains an access token's session data as specified by IETF RFC 7662, see:

https://tools.ietf.org/html/rfc7662

swagger:model oAuth2TokenIntrospection

func (*OAuth2TokenIntrospection) ContextValidate

func (m *OAuth2TokenIntrospection) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this o auth2 token introspection based on context it is used

func (*OAuth2TokenIntrospection) MarshalBinary

func (m *OAuth2TokenIntrospection) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*OAuth2TokenIntrospection) UnmarshalBinary

func (m *OAuth2TokenIntrospection) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*OAuth2TokenIntrospection) Validate

func (m *OAuth2TokenIntrospection) Validate(formats strfmt.Registry) error

Validate validates this o auth2 token introspection

type Oauth2TokenResponse

type Oauth2TokenResponse struct {

	// access token
	AccessToken string `json:"access_token,omitempty"`

	// expires in
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// id token
	IDToken string `json:"id_token,omitempty"`

	// refresh token
	RefreshToken string `json:"refresh_token,omitempty"`

	// scope
	Scope string `json:"scope,omitempty"`

	// token type
	TokenType string `json:"token_type,omitempty"`
}

Oauth2TokenResponse The Access Token Response

swagger:model oauth2TokenResponse

func (*Oauth2TokenResponse) ContextValidate

func (m *Oauth2TokenResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this oauth2 token response based on context it is used

func (*Oauth2TokenResponse) MarshalBinary

func (m *Oauth2TokenResponse) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*Oauth2TokenResponse) UnmarshalBinary

func (m *Oauth2TokenResponse) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*Oauth2TokenResponse) Validate

func (m *Oauth2TokenResponse) Validate(formats strfmt.Registry) error

Validate validates this oauth2 token response

type OauthTokenResponse

type OauthTokenResponse struct {

	// The access token issued by the authorization server.
	AccessToken string `json:"access_token,omitempty"`

	// The lifetime in seconds of the access token.  For
	// example, the value "3600" denotes that the access token will
	// expire in one hour from the time the response was generated.
	ExpiresIn int64 `json:"expires_in,omitempty"`

	// To retrieve a refresh token request the id_token scope.
	IDToken int64 `json:"id_token,omitempty"`

	// The refresh token, which can be used to obtain new
	// access tokens. To retrieve it add the scope "offline" to your access token request.
	RefreshToken string `json:"refresh_token,omitempty"`

	// The scope of the access token
	Scope int64 `json:"scope,omitempty"`

	// The type of the token issued
	TokenType string `json:"token_type,omitempty"`
}

OauthTokenResponse The token response

swagger:model oauthTokenResponse

func (*OauthTokenResponse) ContextValidate

func (m *OauthTokenResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this oauth token response based on context it is used

func (*OauthTokenResponse) MarshalBinary

func (m *OauthTokenResponse) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*OauthTokenResponse) UnmarshalBinary

func (m *OauthTokenResponse) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*OauthTokenResponse) Validate

func (m *OauthTokenResponse) Validate(formats strfmt.Registry) error

Validate validates this oauth token response

type OpenIDConnectContext

type OpenIDConnectContext struct {

	// ACRValues is the Authentication AuthorizationContext Class Reference requested in the OAuth 2.0 Authorization request.
	// It is a parameter defined by OpenID Connect and expresses which level of authentication (e.g. 2FA) is required.
	//
	// OpenID Connect defines it as follows:
	// > Requested Authentication AuthorizationContext Class Reference values. Space-separated string that specifies the acr values
	// that the Authorization Server is being requested to use for processing this Authentication Request, with the
	// values appearing in order of preference. The Authentication AuthorizationContext Class satisfied by the authentication
	// performed is returned as the acr Claim Value, as specified in Section 2. The acr Claim is requested as a
	// Voluntary Claim by this parameter.
	AcrValues []string `json:"acr_values"`

	// Display is a string value that specifies how the Authorization Server displays the authentication and consent user interface pages to the End-User.
	// The defined values are:
	// page: The Authorization Server SHOULD display the authentication and consent UI consistent with a full User Agent page view. If the display parameter is not specified, this is the default display mode.
	// popup: The Authorization Server SHOULD display the authentication and consent UI consistent with a popup User Agent window. The popup User Agent window should be of an appropriate size for a login-focused dialog and should not obscure the entire window that it is popping up over.
	// touch: The Authorization Server SHOULD display the authentication and consent UI consistent with a device that leverages a touch interface.
	// wap: The Authorization Server SHOULD display the authentication and consent UI consistent with a "feature phone" type display.
	//
	// The Authorization Server MAY also attempt to detect the capabilities of the User Agent and present an appropriate display.
	Display string `json:"display,omitempty"`

	// IDTokenHintClaims are the claims of the ID Token previously issued by the Authorization Server being passed as a hint about the
	// End-User's current or past authenticated session with the Client.
	IDTokenHintClaims interface{} `json:"id_token_hint_claims,omitempty"`

	// LoginHint hints about the login identifier the End-User might use to log in (if necessary).
	// This hint can be used by an RP if it first asks the End-User for their e-mail address (or other identifier)
	// and then wants to pass that value as a hint to the discovered authorization service. This value MAY also be a
	// phone number in the format specified for the phone_number Claim. The use of this parameter is optional.
	LoginHint string `json:"login_hint,omitempty"`

	// UILocales is the End-User'id preferred languages and scripts for the user interface, represented as a
	// space-separated list of BCP47 [RFC5646] language tag values, ordered by preference. For instance, the value
	// "fr-CA fr en" represents a preference for French as spoken in Canada, then French (without a region designation),
	// followed by English (without a region designation). An error SHOULD NOT result if some or all of the requested
	// locales are not supported by the OpenID Provider.
	UILocales []string `json:"ui_locales"`
}

OpenIDConnectContext Contains optional information about the OpenID Connect request.

swagger:model openIDConnectContext

func (*OpenIDConnectContext) ContextValidate

func (m *OpenIDConnectContext) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this open ID connect context based on context it is used

func (*OpenIDConnectContext) MarshalBinary

func (m *OpenIDConnectContext) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*OpenIDConnectContext) UnmarshalBinary

func (m *OpenIDConnectContext) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*OpenIDConnectContext) Validate

func (m *OpenIDConnectContext) Validate(formats strfmt.Registry) error

Validate validates this open ID connect context

type PatchDocument

type PatchDocument struct {

	// A JSON-pointer
	From string `json:"from,omitempty"`

	// The operation to be performed
	// Example: \"replace\
	// Required: true
	Op *string `json:"op"`

	// A JSON-pointer
	// Example: \"/name\
	// Required: true
	Path *string `json:"path"`

	// The value to be used within the operations
	Value interface{} `json:"value,omitempty"`
}

PatchDocument A JSONPatch document as defined by RFC 6902

swagger:model patchDocument

func (*PatchDocument) ContextValidate

func (m *PatchDocument) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this patch document based on context it is used

func (*PatchDocument) MarshalBinary

func (m *PatchDocument) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*PatchDocument) UnmarshalBinary

func (m *PatchDocument) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*PatchDocument) Validate

func (m *PatchDocument) Validate(formats strfmt.Registry) error

Validate validates this patch document

type PatchRequest

type PatchRequest []*PatchDocument

PatchRequest A JSONPatch request

swagger:model patchRequest

func (PatchRequest) ContextValidate

func (m PatchRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this patch request based on the context it is used

func (PatchRequest) Validate

func (m PatchRequest) Validate(formats strfmt.Registry) error

Validate validates this patch request

type PreviousConsentSession

type PreviousConsentSession struct {

	// consent request
	ConsentRequest *ConsentRequest `json:"consent_request,omitempty"`

	// grant access token audience
	GrantAccessTokenAudience StringSlicePipeDelimiter `json:"grant_access_token_audience,omitempty"`

	// grant scope
	GrantScope StringSlicePipeDelimiter `json:"grant_scope,omitempty"`

	// handled at
	// Format: date-time
	HandledAt NullTime `json:"handled_at,omitempty"`

	// Remember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same
	// client asks the same user for the same, or a subset of, scope.
	Remember bool `json:"remember,omitempty"`

	// RememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the
	// authorization will be remembered indefinitely.
	RememberFor int64 `json:"remember_for,omitempty"`

	// session
	Session *ConsentRequestSession `json:"session,omitempty"`
}

PreviousConsentSession The response used to return used consent requests same as HandledLoginRequest, just with consent_request exposed as json

swagger:model PreviousConsentSession

func (*PreviousConsentSession) ContextValidate

func (m *PreviousConsentSession) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this previous consent session based on the context it is used

func (*PreviousConsentSession) MarshalBinary

func (m *PreviousConsentSession) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*PreviousConsentSession) UnmarshalBinary

func (m *PreviousConsentSession) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*PreviousConsentSession) Validate

func (m *PreviousConsentSession) Validate(formats strfmt.Registry) error

Validate validates this previous consent session

type RefreshTokenHookRequest

type RefreshTokenHookRequest struct {

	// ClientID is the identifier of the OAuth 2.0 client.
	ClientID string `json:"client_id,omitempty"`

	// GrantedAudience is the list of audiences granted to the OAuth 2.0 client.
	GrantedAudience []string `json:"granted_audience"`

	// GrantedScopes is the list of scopes granted to the OAuth 2.0 client.
	GrantedScopes []string `json:"granted_scopes"`

	// requester
	Requester *OAuth2AccessRequest `json:"requester,omitempty"`

	// session
	Session *Session `json:"session,omitempty"`

	// Subject is the identifier of the authenticated end-user.
	Subject string `json:"subject,omitempty"`
}

RefreshTokenHookRequest RefreshTokenHookRequest is the request body sent to the refresh token hook.

swagger:model refreshTokenHookRequest

func (*RefreshTokenHookRequest) ContextValidate

func (m *RefreshTokenHookRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this refresh token hook request based on the context it is used

func (*RefreshTokenHookRequest) MarshalBinary

func (m *RefreshTokenHookRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*RefreshTokenHookRequest) UnmarshalBinary

func (m *RefreshTokenHookRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*RefreshTokenHookRequest) Validate

func (m *RefreshTokenHookRequest) Validate(formats strfmt.Registry) error

Validate validates this refresh token hook request

type RefreshTokenHookResponse

type RefreshTokenHookResponse struct {

	// session
	Session *ConsentRequestSession `json:"session,omitempty"`
}

RefreshTokenHookResponse RefreshTokenHookResponse is the response body received from the refresh token hook.

swagger:model refreshTokenHookResponse

func (*RefreshTokenHookResponse) ContextValidate

func (m *RefreshTokenHookResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this refresh token hook response based on the context it is used

func (*RefreshTokenHookResponse) MarshalBinary

func (m *RefreshTokenHookResponse) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*RefreshTokenHookResponse) UnmarshalBinary

func (m *RefreshTokenHookResponse) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*RefreshTokenHookResponse) Validate

func (m *RefreshTokenHookResponse) Validate(formats strfmt.Registry) error

Validate validates this refresh token hook response

type RejectRequest

type RejectRequest struct {

	// The error should follow the OAuth2 error format (e.g. `invalid_request`, `login_required`).
	//
	// Defaults to `request_denied`.
	Error string `json:"error,omitempty"`

	// Debug contains information to help resolve the problem as a developer. Usually not exposed
	// to the public but only in the server logs.
	ErrorDebug string `json:"error_debug,omitempty"`

	// Description of the error in a human readable format.
	ErrorDescription string `json:"error_description,omitempty"`

	// Hint to help resolve the error.
	ErrorHint string `json:"error_hint,omitempty"`

	// Represents the HTTP status code of the error (e.g. 401 or 403)
	//
	// Defaults to 400
	StatusCode int64 `json:"status_code,omitempty"`
}

RejectRequest The request payload used to accept a login or consent request.

swagger:model rejectRequest

func (*RejectRequest) ContextValidate

func (m *RejectRequest) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this reject request based on context it is used

func (*RejectRequest) MarshalBinary

func (m *RejectRequest) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*RejectRequest) UnmarshalBinary

func (m *RejectRequest) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*RejectRequest) Validate

func (m *RejectRequest) Validate(formats strfmt.Registry) error

Validate validates this reject request

type RequestWasHandledResponse

type RequestWasHandledResponse struct {

	// Original request URL to which you should redirect the user if request was already handled.
	// Required: true
	RedirectTo *string `json:"redirect_to"`
}

RequestWasHandledResponse The response payload sent when there is an attempt to access already handled request.

swagger:model requestWasHandledResponse

func (*RequestWasHandledResponse) ContextValidate

func (m *RequestWasHandledResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this request was handled response based on context it is used

func (*RequestWasHandledResponse) MarshalBinary

func (m *RequestWasHandledResponse) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*RequestWasHandledResponse) UnmarshalBinary

func (m *RequestWasHandledResponse) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*RequestWasHandledResponse) Validate

func (m *RequestWasHandledResponse) Validate(formats strfmt.Registry) error

Validate validates this request was handled response

type Session

type Session struct {

	// allowed top level claims
	AllowedTopLevelClaims []string `json:"allowed_top_level_claims"`

	// client id
	ClientID string `json:"client_id,omitempty"`

	// consent challenge
	ConsentChallenge string `json:"consent_challenge,omitempty"`

	// exclude not before claim
	ExcludeNotBeforeClaim bool `json:"exclude_not_before_claim,omitempty"`

	// expires at
	ExpiresAt map[string]strfmt.DateTime `json:"expires_at,omitempty"`

	// extra
	Extra interface{} `json:"extra,omitempty"`

	// headers
	Headers *Headers `json:"headers,omitempty"`

	// id token claims
	IDTokenClaims *IDTokenClaims `json:"id_token_claims,omitempty"`

	// kid
	Kid string `json:"kid,omitempty"`

	// subject
	Subject string `json:"subject,omitempty"`

	// username
	Username string `json:"username,omitempty"`
}

Session session

swagger:model Session

func (*Session) ContextValidate

func (m *Session) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this session based on the context it is used

func (*Session) MarshalBinary

func (m *Session) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*Session) UnmarshalBinary

func (m *Session) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*Session) Validate

func (m *Session) Validate(formats strfmt.Registry) error

Validate validates this session

type StringSlicePipeDelimiter

type StringSlicePipeDelimiter []string

StringSlicePipeDelimiter StringSlicePipeDelimiter de/encodes the string slice to/from a SQL string.

swagger:model StringSlicePipeDelimiter

func (StringSlicePipeDelimiter) ContextValidate

func (m StringSlicePipeDelimiter) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this string slice pipe delimiter based on context it is used

func (StringSlicePipeDelimiter) Validate

func (m StringSlicePipeDelimiter) Validate(formats strfmt.Registry) error

Validate validates this string slice pipe delimiter

type TrustJwtGrantIssuerBody

type TrustJwtGrantIssuerBody struct {

	// The "allow_any_subject" indicates that the issuer is allowed to have any principal as the subject of the JWT.
	AllowAnySubject bool `json:"allow_any_subject,omitempty"`

	// The "expires_at" indicates, when grant will expire, so we will reject assertion from "issuer" targeting "subject".
	// Required: true
	// Format: date-time
	ExpiresAt *strfmt.DateTime `json:"expires_at"`

	// The "issuer" identifies the principal that issued the JWT assertion (same as "iss" claim in JWT).
	// Example: https://jwt-idp.example.com
	// Required: true
	Issuer *string `json:"issuer"`

	// jwk
	// Required: true
	Jwk *JSONWebKey `json:"jwk"`

	// The "scope" contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
	// Example: ["openid","offline"]
	// Required: true
	Scope []string `json:"scope"`

	// The "subject" identifies the principal that is the subject of the JWT.
	// Example: mike@example.com
	Subject string `json:"subject,omitempty"`
}

TrustJwtGrantIssuerBody trust jwt grant issuer body

swagger:model trustJwtGrantIssuerBody

func (*TrustJwtGrantIssuerBody) ContextValidate

func (m *TrustJwtGrantIssuerBody) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this trust jwt grant issuer body based on the context it is used

func (*TrustJwtGrantIssuerBody) MarshalBinary

func (m *TrustJwtGrantIssuerBody) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*TrustJwtGrantIssuerBody) UnmarshalBinary

func (m *TrustJwtGrantIssuerBody) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*TrustJwtGrantIssuerBody) Validate

func (m *TrustJwtGrantIssuerBody) Validate(formats strfmt.Registry) error

Validate validates this trust jwt grant issuer body

type TrustedJSONWebKey

type TrustedJSONWebKey struct {

	// The "key_id" is key unique identifier (same as kid header in jws/jwt).
	// Example: 123e4567-e89b-12d3-a456-426655440000
	Kid string `json:"kid,omitempty"`

	// The "set" is basically a name for a group(set) of keys. Will be the same as "issuer" in grant.
	// Example: https://jwt-idp.example.com
	Set string `json:"set,omitempty"`
}

TrustedJSONWebKey trusted Json web key

swagger:model trustedJsonWebKey

func (*TrustedJSONWebKey) ContextValidate

func (m *TrustedJSONWebKey) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this trusted Json web key based on context it is used

func (*TrustedJSONWebKey) MarshalBinary

func (m *TrustedJSONWebKey) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*TrustedJSONWebKey) UnmarshalBinary

func (m *TrustedJSONWebKey) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*TrustedJSONWebKey) Validate

func (m *TrustedJSONWebKey) Validate(formats strfmt.Registry) error

Validate validates this trusted Json web key

type TrustedJwtGrantIssuer

type TrustedJwtGrantIssuer struct {

	// The "allow_any_subject" indicates that the issuer is allowed to have any principal as the subject of the JWT.
	AllowAnySubject bool `json:"allow_any_subject,omitempty"`

	// The "created_at" indicates, when grant was created.
	// Format: date-time
	CreatedAt strfmt.DateTime `json:"created_at,omitempty"`

	// The "expires_at" indicates, when grant will expire, so we will reject assertion from "issuer" targeting "subject".
	// Format: date-time
	ExpiresAt strfmt.DateTime `json:"expires_at,omitempty"`

	// id
	// Example: 9edc811f-4e28-453c-9b46-4de65f00217f
	ID string `json:"id,omitempty"`

	// The "issuer" identifies the principal that issued the JWT assertion (same as "iss" claim in JWT).
	// Example: https://jwt-idp.example.com
	Issuer string `json:"issuer,omitempty"`

	// public key
	PublicKey *TrustedJSONWebKey `json:"public_key,omitempty"`

	// The "scope" contains list of scope values (as described in Section 3.3 of OAuth 2.0 [RFC6749])
	// Example: ["openid","offline"]
	Scope []string `json:"scope"`

	// The "subject" identifies the principal that is the subject of the JWT.
	// Example: mike@example.com
	Subject string `json:"subject,omitempty"`
}

TrustedJwtGrantIssuer trusted jwt grant issuer

swagger:model trustedJwtGrantIssuer

func (*TrustedJwtGrantIssuer) ContextValidate

func (m *TrustedJwtGrantIssuer) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this trusted jwt grant issuer based on the context it is used

func (*TrustedJwtGrantIssuer) MarshalBinary

func (m *TrustedJwtGrantIssuer) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*TrustedJwtGrantIssuer) UnmarshalBinary

func (m *TrustedJwtGrantIssuer) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*TrustedJwtGrantIssuer) Validate

func (m *TrustedJwtGrantIssuer) Validate(formats strfmt.Registry) error

Validate validates this trusted jwt grant issuer

type TrustedJwtGrantIssuers

type TrustedJwtGrantIssuers []*TrustedJwtGrantIssuer

TrustedJwtGrantIssuers trusted jwt grant issuers

swagger:model trustedJwtGrantIssuers

func (TrustedJwtGrantIssuers) ContextValidate

func (m TrustedJwtGrantIssuers) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this trusted jwt grant issuers based on the context it is used

func (TrustedJwtGrantIssuers) Validate

func (m TrustedJwtGrantIssuers) Validate(formats strfmt.Registry) error

Validate validates this trusted jwt grant issuers

type UUID

type UUID strfmt.UUID4

UUID UUID

swagger:model UUID

func (UUID) ContextValidate

func (m UUID) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this UUID based on context it is used

func (UUID) Validate

func (m UUID) Validate(formats strfmt.Registry) error

Validate validates this UUID

type UpdateOAuth2ClientLifespans

type UpdateOAuth2ClientLifespans struct {

	// authorization code grant access token lifespan
	AuthorizationCodeGrantAccessTokenLifespan NullDuration `json:"authorization_code_grant_access_token_lifespan,omitempty"`

	// authorization code grant id token lifespan
	AuthorizationCodeGrantIDTokenLifespan NullDuration `json:"authorization_code_grant_id_token_lifespan,omitempty"`

	// authorization code grant refresh token lifespan
	AuthorizationCodeGrantRefreshTokenLifespan NullDuration `json:"authorization_code_grant_refresh_token_lifespan,omitempty"`

	// client credentials grant access token lifespan
	ClientCredentialsGrantAccessTokenLifespan NullDuration `json:"client_credentials_grant_access_token_lifespan,omitempty"`

	// implicit grant access token lifespan
	ImplicitGrantAccessTokenLifespan NullDuration `json:"implicit_grant_access_token_lifespan,omitempty"`

	// implicit grant id token lifespan
	ImplicitGrantIDTokenLifespan NullDuration `json:"implicit_grant_id_token_lifespan,omitempty"`

	// jwt bearer grant access token lifespan
	JwtBearerGrantAccessTokenLifespan NullDuration `json:"jwt_bearer_grant_access_token_lifespan,omitempty"`

	// password grant access token lifespan
	PasswordGrantAccessTokenLifespan NullDuration `json:"password_grant_access_token_lifespan,omitempty"`

	// password grant refresh token lifespan
	PasswordGrantRefreshTokenLifespan NullDuration `json:"password_grant_refresh_token_lifespan,omitempty"`

	// refresh token grant access token lifespan
	RefreshTokenGrantAccessTokenLifespan NullDuration `json:"refresh_token_grant_access_token_lifespan,omitempty"`

	// refresh token grant id token lifespan
	RefreshTokenGrantIDTokenLifespan NullDuration `json:"refresh_token_grant_id_token_lifespan,omitempty"`

	// refresh token grant refresh token lifespan
	RefreshTokenGrantRefreshTokenLifespan NullDuration `json:"refresh_token_grant_refresh_token_lifespan,omitempty"`
}

UpdateOAuth2ClientLifespans UpdateOAuth2ClientLifespans holds default lifespan configuration for the different token types that may be issued for the client. This configuration takes precedence over fosite's instance-wide default lifespan, but it may be overridden by a session's expires_at claim.

The OIDC Hybrid grant type inherits token lifespan configuration from the implicit grant.

swagger:model UpdateOAuth2ClientLifespans

func (*UpdateOAuth2ClientLifespans) ContextValidate

func (m *UpdateOAuth2ClientLifespans) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validate this update o auth2 client lifespans based on the context it is used

func (*UpdateOAuth2ClientLifespans) MarshalBinary

func (m *UpdateOAuth2ClientLifespans) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*UpdateOAuth2ClientLifespans) UnmarshalBinary

func (m *UpdateOAuth2ClientLifespans) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*UpdateOAuth2ClientLifespans) Validate

func (m *UpdateOAuth2ClientLifespans) Validate(formats strfmt.Registry) error

Validate validates this update o auth2 client lifespans

type UserinfoResponse

type UserinfoResponse struct {

	// End-User's birthday, represented as an ISO 8601:2004 [ISO8601‑2004] YYYY-MM-DD format. The year MAY be 0000, indicating that it is omitted. To represent only the year, YYYY format is allowed. Note that depending on the underlying platform's date related function, providing just year can result in varying month and day, so the implementers need to take this factor into account to correctly process the dates.
	Birthdate string `json:"birthdate,omitempty"`

	// End-User's preferred e-mail address. Its value MUST conform to the RFC 5322 [RFC5322] addr-spec syntax. The RP MUST NOT rely upon this value being unique, as discussed in Section 5.7.
	Email string `json:"email,omitempty"`

	// True if the End-User's e-mail address has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this e-mail address was controlled by the End-User at the time the verification was performed. The means by which an e-mail address is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating.
	EmailVerified bool `json:"email_verified,omitempty"`

	// Surname(s) or last name(s) of the End-User. Note that in some cultures, people can have multiple family names or no family name; all can be present, with the names being separated by space characters.
	FamilyName string `json:"family_name,omitempty"`

	// End-User's gender. Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable.
	Gender string `json:"gender,omitempty"`

	// Given name(s) or first name(s) of the End-User. Note that in some cultures, people can have multiple given names; all can be present, with the names being separated by space characters.
	GivenName string `json:"given_name,omitempty"`

	// End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Relying Parties MAY choose to accept this locale syntax as well.
	Locale string `json:"locale,omitempty"`

	// Middle name(s) of the End-User. Note that in some cultures, people can have multiple middle names; all can be present, with the names being separated by space characters. Also note that in some cultures, middle names are not used.
	MiddleName string `json:"middle_name,omitempty"`

	// End-User's full name in displayable form including all name parts, possibly including titles and suffixes, ordered according to the End-User's locale and preferences.
	Name string `json:"name,omitempty"`

	// Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael.
	Nickname string `json:"nickname,omitempty"`

	// End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim, for example, +1 (425) 555-1212 or +56 (2) 687 2400. If the phone number contains an extension, it is RECOMMENDED that the extension be represented using the RFC 3966 [RFC3966] extension syntax, for example, +1 (604) 555-1234;ext=5678.
	PhoneNumber string `json:"phone_number,omitempty"`

	// True if the End-User's phone number has been verified; otherwise false. When this Claim Value is true, this means that the OP took affirmative steps to ensure that this phone number was controlled by the End-User at the time the verification was performed. The means by which a phone number is verified is context-specific, and dependent upon the trust framework or contractual agreements within which the parties are operating. When true, the phone_number Claim MUST be in E.164 format and any extensions MUST be represented in RFC 3966 format.
	PhoneNumberVerified bool `json:"phone_number_verified,omitempty"`

	// URL of the End-User's profile picture. This URL MUST refer to an image file (for example, a PNG, JPEG, or GIF image file), rather than to a Web page containing an image. Note that this URL SHOULD specifically reference a profile photo of the End-User suitable for displaying when describing the End-User, rather than an arbitrary photo taken by the End-User.
	Picture string `json:"picture,omitempty"`

	// Non-unique shorthand name by which the End-User wishes to be referred to at the RP, such as janedoe or j.doe. This value MAY be any valid JSON string including special characters such as @, /, or whitespace.
	PreferredUsername string `json:"preferred_username,omitempty"`

	// URL of the End-User's profile page. The contents of this Web page SHOULD be about the End-User.
	Profile string `json:"profile,omitempty"`

	// Subject - Identifier for the End-User at the IssuerURL.
	Sub string `json:"sub,omitempty"`

	// Time the End-User's information was last updated. Its value is a JSON number representing the number of seconds from 1970-01-01T0:0:0Z as measured in UTC until the date/time.
	UpdatedAt int64 `json:"updated_at,omitempty"`

	// URL of the End-User's Web page or blog. This Web page SHOULD contain information published by the End-User or an organization that the End-User is affiliated with.
	Website string `json:"website,omitempty"`

	// String from zoneinfo [zoneinfo] time zone database representing the End-User's time zone. For example, Europe/Paris or America/Los_Angeles.
	Zoneinfo string `json:"zoneinfo,omitempty"`
}

UserinfoResponse The userinfo response

swagger:model userinfoResponse

func (*UserinfoResponse) ContextValidate

func (m *UserinfoResponse) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this userinfo response based on context it is used

func (*UserinfoResponse) MarshalBinary

func (m *UserinfoResponse) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*UserinfoResponse) UnmarshalBinary

func (m *UserinfoResponse) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*UserinfoResponse) Validate

func (m *UserinfoResponse) Validate(formats strfmt.Registry) error

Validate validates this userinfo response

type Version

type Version struct {

	// Version is the service's version.
	Version string `json:"version,omitempty"`
}

Version version

swagger:model version

func (*Version) ContextValidate

func (m *Version) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this version based on context it is used

func (*Version) MarshalBinary

func (m *Version) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*Version) UnmarshalBinary

func (m *Version) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*Version) Validate

func (m *Version) Validate(formats strfmt.Registry) error

Validate validates this version

type WellKnown

type WellKnown struct {

	// URL of the OP's OAuth 2.0 Authorization Endpoint.
	// Example: https://playground.ory.sh/ory-hydra/public/oauth2/auth
	// Required: true
	AuthorizationEndpoint *string `json:"authorization_endpoint"`

	// Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP
	// session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP
	BackchannelLogoutSessionSupported bool `json:"backchannel_logout_session_supported,omitempty"`

	// Boolean value specifying whether the OP supports back-channel logout, with true indicating support.
	BackchannelLogoutSupported bool `json:"backchannel_logout_supported,omitempty"`

	// Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support.
	ClaimsParameterSupported bool `json:"claims_parameter_supported,omitempty"`

	// JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply
	// values for. Note that for privacy or other reasons, this might not be an exhaustive list.
	ClaimsSupported []string `json:"claims_supported"`

	// JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported
	// by this authorization server.
	CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`

	// URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
	EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`

	// Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify
	// the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also
	// included in ID Tokens issued by the OP.
	FrontchannelLogoutSessionSupported bool `json:"frontchannel_logout_session_supported,omitempty"`

	// Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support.
	FrontchannelLogoutSupported bool `json:"frontchannel_logout_supported,omitempty"`

	// JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.
	GrantTypesSupported []string `json:"grant_types_supported"`

	// JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token
	// to encode the Claims in a JWT.
	// Required: true
	IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`

	// URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier.
	// If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned
	// by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.
	// Example: https://playground.ory.sh/ory-hydra/public/
	// Required: true
	Issuer *string `json:"issuer"`

	// URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate
	// signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs
	// to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use)
	// parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.
	// Although some algorithms allow the same key to be used for both signatures and encryption, doing so is
	// NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of
	// keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
	// Example: https://playground.ory.sh/ory-hydra/public/.well-known/jwks.json
	// Required: true
	JwksURI *string `json:"jwks_uri"`

	// URL of the OP's Dynamic Client Registration Endpoint.
	// Example: https://playground.ory.sh/ory-hydra/admin/client
	RegistrationEndpoint string `json:"registration_endpoint,omitempty"`

	// JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects,
	// which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when
	// the Request Object is passed by value (using the request parameter) and when it is passed by reference
	// (using the request_uri parameter).
	RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`

	// Boolean value specifying whether the OP supports use of the request parameter, with true indicating support.
	RequestParameterSupported bool `json:"request_parameter_supported,omitempty"`

	// Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.
	RequestURIParameterSupported bool `json:"request_uri_parameter_supported,omitempty"`

	// Boolean value specifying whether the OP requires any request_uri values used to be pre-registered
	// using the request_uris registration parameter.
	RequireRequestURIRegistration bool `json:"require_request_uri_registration,omitempty"`

	// JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports.
	ResponseModesSupported []string `json:"response_modes_supported"`

	// JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID
	// Providers MUST support the code, id_token, and the token id_token Response Type values.
	// Required: true
	ResponseTypesSupported []string `json:"response_types_supported"`

	// URL of the authorization server's OAuth 2.0 revocation endpoint.
	RevocationEndpoint string `json:"revocation_endpoint,omitempty"`

	// SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST
	// support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used
	ScopesSupported []string `json:"scopes_supported"`

	// JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include
	// pairwise and public.
	// Required: true
	SubjectTypesSupported []string `json:"subject_types_supported"`

	// URL of the OP's OAuth 2.0 Token Endpoint
	// Example: https://playground.ory.sh/ory-hydra/public/oauth2/token
	// Required: true
	TokenEndpoint *string `json:"token_endpoint"`

	// JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are
	// client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0
	TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`

	// URL of the OP's UserInfo Endpoint.
	UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`

	// JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
	UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"`
}

WellKnown WellKnown represents important OpenID Connect discovery metadata

It includes links to several endpoints (e.g. /oauth2/token) and exposes information on supported signature algorithms among others.

swagger:model wellKnown

func (*WellKnown) ContextValidate

func (m *WellKnown) ContextValidate(ctx context.Context, formats strfmt.Registry) error

ContextValidate validates this well known based on context it is used

func (*WellKnown) MarshalBinary

func (m *WellKnown) MarshalBinary() ([]byte, error)

MarshalBinary interface implementation

func (*WellKnown) UnmarshalBinary

func (m *WellKnown) UnmarshalBinary(b []byte) error

UnmarshalBinary interface implementation

func (*WellKnown) Validate

func (m *WellKnown) Validate(formats strfmt.Registry) error

Validate validates this well known

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL