代码拉取完成,页面将自动刷新
/*
* Copyright 2017-2019 Kopano and its licensors
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*/
package konnect
import (
"errors"
"github.com/dgrijalva/jwt-go"
"stash.kopano.io/kc/konnect/oidc/payload"
)
// Access token claims used by Konnect.
const (
IsAccessTokenClaim = "kc.isAccessToken"
AuthorizedScopesClaim = "kc.authorizedScopes"
IsRefreshTokenClaim = "kc.isRefreshToken"
RefClaim = "kc.ref"
IdentityClaim = "kc.identity"
IdentityProvider = "kc.provider"
)
// Identifier identity sub claims used by Konnect.
const (
IdentifiedUserClaim = "kc.i.us"
IdentifiedUserIDClaim = "kc.i.id"
IdentifiedUsernameClaim = "kc.i.un"
IdentifiedDisplayNameClaim = "kc.i.dn"
IdentifiedData = "kc.i.da"
IdentifiedUserIsGuest = "kc.i.guest"
)
// AccessTokenClaims define the claims found in access tokens issued
// by Konnect.
type AccessTokenClaims struct {
jwt.StandardClaims
IsAccessToken bool `json:"kc.isAccessToken"`
AuthorizedScopesList []string `json:"kc.authorizedScopes"`
AuthorizedClaimsRequest *payload.ClaimsRequest `json:"kc.authorizedClaims,omitempty"`
IdentityClaims jwt.MapClaims `json:"kc.identity"`
IdentityProvider string `json:"kc.provider,omitempty"`
}
// Valid implements the jwt.Claims interface.
func (c AccessTokenClaims) Valid() error {
if err := c.StandardClaims.Valid(); err != nil {
return err
}
if c.IdentityClaims != nil {
if err := c.IdentityClaims.Valid(); err != nil {
return err
}
}
if c.IsAccessToken {
return nil
}
return errors.New("kc.isAccessToken claim not valid")
}
// AuthorizedScopes returns a map with scope keys and true value of all scopes
// set in the accociated access token.
func (c AccessTokenClaims) AuthorizedScopes() map[string]bool {
authorizedScopes := make(map[string]bool)
for _, scope := range c.AuthorizedScopesList {
authorizedScopes[scope] = true
}
return authorizedScopes
}
// RefreshTokenClaims define the claims used by refresh tokens.
type RefreshTokenClaims struct {
jwt.StandardClaims
IsRefreshToken bool `json:"kc.isRefreshToken"`
ApprovedScopesList []string `json:"kc.approvedScopes"`
ApprovedClaimsRequest *payload.ClaimsRequest `json:"kc.approvedClaims,omitempty"`
Ref string `json:"kc.ref"`
IdentityClaims jwt.MapClaims `json:"kc.identity"`
IdentityProvider string `json:"kc.provider,omitempty"`
}
// Valid implements the jwt.Claims interface.
func (c RefreshTokenClaims) Valid() error {
if err := c.StandardClaims.Valid(); err != nil {
return err
}
if c.IdentityClaims != nil {
if err := c.IdentityClaims.Valid(); err != nil {
return err
}
}
if c.IsRefreshToken {
return nil
}
return errors.New("kc.isRefreshToken claim not valid")
}
// IDClaims define the claims used with the konnect/id scope.
type IDClaims struct {
// NOTE(longsleep): Always keep these claims compatible with the GitLab API
// https://docs.gitlab.com/ce/api/users.html#for-user.
KCID int64 `json:"id,omitempty"`
KCIDUsername string `json:"username,omitempty"`
}
// Valid implements the jwt.Claims interface.
func (c IDClaims) Valid() error {
if c.KCIDUsername == "" {
return errors.New("username claim not valid")
}
return nil
}
// UniqueUserIDClaims define the claims used with the konnect/uuid scope.
type UniqueUserIDClaims struct {
KCUniqueUserID string `json:"kc.uuid,omitempty"`
}
// Valid implements the jwt.Claims interface.
func (c UniqueUserIDClaims) Valid() error {
if c.KCUniqueUserID == "" {
return errors.New("kc.uuid claim not valid")
}
return nil
}
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手