hydra: github.com/ory/hydra/x Index | Files

package x

import "github.com/ory/hydra/x"

* Copyright © 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io> * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * @author Aeneas Rekkas <aeneas+oss@aeneas.io> * @copyright 2015-2018 Aeneas Rekkas <aeneas+oss@aeneas.io> * @license Apache-2.0 *

Index

Package Files

audit.go basic_auth.go clean_sql.go const.go errors.go fosite_storer.go hasher.go redirect_uri.go registry.go router.go secret.go socket.go sqlx.go swagger.go test_helpers.go tls_termination.go

Constants

const (
    OpenIDConnectKeyName = "hydra.openid.id-token"
    OAuth2JWTKeyName     = "hydra.jwt.access-token"
)

Variables

var (
    ErrNotFound = &fosite.RFC6749Error{
        Code:        http.StatusNotFound,
        Name:        http.StatusText(http.StatusNotFound),
        Description: "Unable to located the requested resource",
    }
    ErrConflict = &fosite.RFC6749Error{
        Code:        http.StatusConflict,
        Name:        http.StatusText(http.StatusConflict),
        Description: "Unable to process the requested resource because of conflict in the current state",
    }
)

func AddressIsUnixSocket Uses

func AddressIsUnixSocket(address string) bool

func BasicAuth Uses

func BasicAuth(username, password string) string

func CleanSQL Uses

func CleanSQL(t *testing.T, db *sqlx.DB)

func CleanSQLPop Uses

func CleanSQLPop(t *testing.T, c *pop.Connection)

func FositeStore Uses

func FositeStore() *storage.MemoryStore

func GenerateSecret Uses

func GenerateSecret(length int) ([]byte, error)

func HashByteSecret Uses

func HashByteSecret(secret []byte) []byte

HashByteSecret hashes the secret for consumption by the AEAD encryption algorithm which expects exactly 32 bytes.

The system secret is being hashed to always match exactly the 32 bytes required by AEAD, even if the secret is long or shorter.

func HashStringSecret Uses

func HashStringSecret(secret string) []byte

HashStringSecret hashes the secret for consumption by the AEAD encryption algorithm which expects exactly 32 bytes.

The system secret is being hashed to always match exactly the 32 bytes required by AEAD, even if the secret is long or shorter.

func IsRedirectURISecure Uses

func IsRedirectURISecure(rc redirectConfiguration) func(redirectURI *url.URL) bool

func LogAudit Uses

func LogAudit(r *http.Request, message interface{}, logger *logrusx.Logger)

func LogError Uses

func LogError(r *http.Request, err error, logger *logrusx.Logger)

func MatchesRange Uses

func MatchesRange(r *http.Request, ranges []string) error

func RejectInsecureRequests Uses

func RejectInsecureRequests(reg tlsRegistry, c tlsConfig) negroni.HandlerFunc

type BCrypt Uses

type BCrypt struct {
    // contains filtered or unexported fields
}

BCrypt implements a BCrypt hasher.

func NewBCrypt Uses

func NewBCrypt(c config) *BCrypt

NewBCrypt returns a new BCrypt instance.

func (*BCrypt) Compare Uses

func (b *BCrypt) Compare(ctx context.Context, hash, data []byte) error

func (*BCrypt) Hash Uses

func (b *BCrypt) Hash(ctx context.Context, data []byte) ([]byte, error)

type FositeStorer Uses

type FositeStorer interface {
    fosite.Storage
    oauth2.CoreStorage
    openid.OpenIDConnectRequestStorage
    pkce.PKCERequestStorage

    RevokeRefreshToken(ctx context.Context, requestID string) error

    RevokeAccessToken(ctx context.Context, requestID string) error

    FlushInactiveAccessTokens(ctx context.Context, notAfter time.Time) error

    DeleteAccessTokens(ctx context.Context, clientID string) error
}

type JSONWebKey Uses

type JSONWebKey struct {
    // Use ("public key use") identifies the intended use of
    // the public key. The "use" parameter is employed to indicate whether
    // a public key is used for encrypting data or verifying the signature
    // on data. Values are commonly "sig" (signature) or "enc" (encryption).
    //
    // required: true
    // example: sig
    Use string `json:"use,omitempty"`

    // The "kty" (key type) parameter identifies the cryptographic algorithm
    // family used with the key, such as "RSA" or "EC". "kty" values should
    // either be registered in the IANA "JSON Web Key Types" registry
    // established by [JWA] or be a value that contains a Collision-
    // Resistant Name.  The "kty" value is a case-sensitive string.
    //
    // required: true
    // example: RSA
    Kty string `json:"kty,omitempty"`

    // The "kid" (key ID) parameter is used to match a specific key.  This
    // is used, for instance, to choose among a set of keys within a JWK Set
    // during key rollover.  The structure of the "kid" value is
    // unspecified.  When "kid" values are used within a JWK Set, different
    // keys within the JWK Set SHOULD use distinct "kid" values.  (One
    // example in which different keys might use the same "kid" value is if
    // they have different "kty" (key type) values but are considered to be
    // equivalent alternatives by the application using them.)  The "kid"
    // value is a case-sensitive string.
    //
    // required: true
    // example: 1603dfe0af8f4596
    Kid string `json:"kid,omitempty"`

    //  The "alg" (algorithm) parameter identifies the algorithm intended for
    // use with the key.  The values used should either be registered in the
    // IANA "JSON Web Signature and Encryption Algorithms" registry
    // established by [JWA] or be a value that contains a Collision-
    // Resistant Name.
    //
    // required: true
    // example: RS256
    Alg string `json:"alg,omitempty"`

    // The "x5c" (X.509 certificate chain) parameter contains a chain of one
    // or more PKIX certificates [RFC5280].  The certificate chain is
    // represented as a JSON array of certificate value strings.  Each
    // string in the array is a base64-encoded (Section 4 of [RFC4648] --
    // not base64url-encoded) DER [ITU.X690.1994] PKIX certificate value.
    // The PKIX certificate containing the key value MUST be the first
    // certificate.
    X5c []string `json:"x5c,omitempty"`

    // example: vTqrxUyQPl_20aqf5kXHwDZrel-KovIp8s7ewJod2EXHl8tWlRB3_Rem34KwBfqlKQGp1nqah-51H4Jzruqe0cFP58hPEIt6WqrvnmJCXxnNuIB53iX_uUUXXHDHBeaPCSRoNJzNysjoJ30TIUsKBiirhBa7f235PXbKiHducLevV6PcKxJ5cY8zO286qJLBWSPm-OIevwqsIsSIH44Qtm9sioFikhkbLwoqwWORGAY0nl6XvVOlhADdLjBSqSAeT1FPuCDCnXwzCDR8N9IFB_IjdStFkC-rVt2K5BYfPd0c3yFp_vHR15eRd0zJ8XQ7woBC8Vnsac6Et1pKS59pX6256DPWu8UDdEOolKAPgcd_g2NpA76cAaF_jcT80j9KrEzw8Tv0nJBGesuCjPNjGs_KzdkWTUXt23Hn9QJsdc1MZuaW0iqXBepHYfYoqNelzVte117t4BwVp0kUM6we0IqyXClaZgOI8S-WDBw2_Ovdm8e5NmhYAblEVoygcX8Y46oH6bKiaCQfKCFDMcRgChme7AoE1yZZYsPbaG_3IjPrC4LBMHQw8rM9dWjJ8ImjicvZ1pAm0dx-KHCP3y5PVKrxBDf1zSOsBRkOSjB8TPODnJMz6-jd5hTtZxpZPwPoIdCanTZ3ZD6uRBpTmDwtpRGm63UQs1m5FWPwb0T2IF0
    N   string `json:"n,omitempty"`

    // example: AQAB
    E   string `json:"e,omitempty"`

    // example: T_N8I-6He3M8a7X1vWt6TGIx4xB_GP3Mb4SsZSA4v-orvJzzRiQhLlRR81naWYxfQAYt5isDI6_C2L9bdWo4FFPjGQFvNoRX-_sBJyBI_rl-TBgsZYoUlAj3J92WmY2inbA-PwyJfsaIIDceYBC-eX-xiCu6qMqkZi3MwQAFL6bMdPEM0z4JBcwFT3VdiWAIRUuACWQwrXMq672x7fMuaIaHi7XDGgt1ith23CLfaREmJku9PQcchbt_uEY-hqrFY6ntTtS4paWWQj86xLL94S-Tf6v6xkL918PfLSOTq6XCzxvlFwzBJqApnAhbwqLjpPhgUG04EDRrqrSBc5Y1BLevn6Ip5h1AhessBp3wLkQgz_roeckt-ybvzKTjESMuagnpqLvOT7Y9veIug2MwPJZI2VjczRc1vzMs25XrFQ8DpUy-bNdp89TmvAXwctUMiJdgHloJw23Cv03gIUAkDnsTqZmkpbIf-crpgNKFmQP_EDKoe8p_PXZZgfbRri3NoEVGP7Mk6yEu8LjJhClhZaBNjuWw2-KlBfOA3g79mhfBnkInee5KO9mGR50qPk1V-MorUYNTFMZIm0kFE6eYVWFBwJHLKYhHU34DoiK1VP-svZpC2uAMFNA_UJEwM9CQ2b8qe4-5e9aywMvwcuArRkAB5mBIfOaOJao3mfukKAE
    D   string `json:"d,omitempty"`

    // example: 6NbkXwDWUhi-eR55Cgbf27FkQDDWIamOaDr0rj1q0f1fFEz1W5A_09YvG09Fiv1AO2-D8Rl8gS1Vkz2i0zCSqnyy8A025XOcRviOMK7nIxE4OH_PEsko8dtIrb3TmE2hUXvCkmzw9EsTF1LQBOGC6iusLTXepIC1x9ukCKFZQvdgtEObQ5kzd9Nhq-cdqmSeMVLoxPLd1blviVT9Vm8-y12CtYpeJHOaIDtVPLlBhJiBoPKWg3vxSm4XxIliNOefqegIlsmTIa3MpS6WWlCK3yHhat0Q-rRxDxdyiVdG_wzJvp0Iw_2wms7pe-PgNPYvUWH9JphWP5K38YqEBiJFXQ
    P   string `json:"p,omitempty"`

    // example: 0A1FmpOWR91_RAWpqreWSavNaZb9nXeKiBo0DQGBz32DbqKqQ8S4aBJmbRhJcctjCLjain-ivut477tAUMmzJwVJDDq2MZFwC9Q-4VYZmFU4HJityQuSzHYe64RjN-E_NQ02TWhG3QGW6roq6c57c99rrUsETwJJiwS8M5p15Miuz53DaOjv-uqqFAFfywN5WkxHbraBcjHtMiQuyQbQqkCFh-oanHkwYNeytsNhTu2mQmwR5DR2roZ2nPiFjC6nsdk-A7E3S3wMzYYFw7jvbWWoYWo9vB40_MY2Y0FYQSqcDzcBIcq_0tnnasf3VW4Fdx6m80RzOb2Fsnln7vKXAQ
    Q   string `json:"q,omitempty"`

    // example: P-256
    Crv string `json:"crv,omitempty"`

    // example: G4sPXkc6Ya9y8oJW9_ILj4xuppu0lzi_H7VTkS8xj5SdX3coE0oimYwxIi2emTAue0UOa5dpgFGyBJ4c8tQ2VF402XRugKDTP8akYhFo5tAA77Qe_NmtuYZc3C3m3I24G2GvR5sSDxUyAN2zq8Lfn9EUms6rY3Ob8YeiKkTiBj0
    Dp  string `json:"dp,omitempty"`

    // example: s9lAH9fggBsoFR8Oac2R_E2gw282rT2kGOAhvIllETE1efrA6huUUvMfBcMpn8lqeW6vzznYY5SSQF7pMdC_agI3nG8Ibp1BUb0JUiraRNqUfLhcQb_d9GF4Dh7e74WbRsobRonujTYN1xCaP6TO61jvWrX-L18txXw494Q_cgk
    Dq  string `json:"dq,omitempty"`

    // example: GyM_p6JrXySiz1toFgKbWV-JdI3jQ4ypu9rbMWx3rQJBfmt0FoYzgUIZEVFEcOqwemRN81zoDAaa-Bk0KWNGDjJHZDdDmFhW3AN7lI-puxk_mHZGJ11rxyR8O55XLSe3SPmRfKwZI6yU24ZxvQKFYItdldUKGzO6Ia6zTKhAVRU
    Qi  string `json:"qi,omitempty"`

    // example: GawgguFyGrWKav7AX4VKUg
    K   string `json:"k,omitempty"`

    // example: f83OJ3D2xF1Bg8vub9tLe1gHMzV76e8Tus9uPHvRVEU
    X   string `json:"x,omitempty"`

    // example: x_FEzRu9m36HLN_tue659LNpXW6pCyStikYjKIWI5a0
    Y   string `json:"y,omitempty"`
}

It is important that this model object is named JSONWebKey for "swagger generate spec" to generate only on definition of a JSONWebKey.

swagger:model JSONWebKey

type JoseJSONWebKeySet Uses

type JoseJSONWebKeySet struct {
    // swagger:ignore
    *jose.JSONWebKeySet
}

swagger:type JSONWebKeySet

func (*JoseJSONWebKeySet) Scan Uses

func (n *JoseJSONWebKeySet) Scan(value interface{}) error

func (*JoseJSONWebKeySet) Value Uses

func (n *JoseJSONWebKeySet) Value() (driver.Value, error)

type RegistryCookieStore Uses

type RegistryCookieStore interface {
    CookieStore() sessions.Store
}

type RegistryLogger Uses

type RegistryLogger interface {
    Logger() *logrusx.Logger
    AuditLogger() *logrusx.Logger
}

type RegistryWriter Uses

type RegistryWriter interface {
    Writer() herodot.Writer
}

type RouterAdmin Uses

type RouterAdmin struct {
    *httprouter.Router
}

func NewRouterAdmin Uses

func NewRouterAdmin() *RouterAdmin

func (*RouterAdmin) RouterPublic Uses

func (r *RouterAdmin) RouterPublic() *RouterPublic

type RouterPublic Uses

type RouterPublic struct {
    *httprouter.Router
}

func NewRouterPublic Uses

func NewRouterPublic() *RouterPublic

func (*RouterPublic) RouterAdmin Uses

func (r *RouterPublic) RouterAdmin() *RouterAdmin

Package x imports 31 packages (graph) and is imported by 53 packages. Updated 2020-09-24. Refresh now. Tools for package owners.