2022-04-01 11:18:58 +00:00
|
|
|
package oidc
|
|
|
|
|
|
|
|
// AuthenticationMethodsReferences holds AMR information.
|
|
|
|
type AuthenticationMethodsReferences struct {
|
|
|
|
UsernameAndPassword bool
|
|
|
|
TOTP bool
|
|
|
|
Duo bool
|
2023-04-11 04:40:09 +00:00
|
|
|
WebAuthn bool
|
|
|
|
WebAuthnUserPresence bool
|
|
|
|
WebAuthnUserVerified bool
|
2022-04-01 11:18:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// FactorKnowledge returns true if a "something you know" factor of authentication was used.
|
|
|
|
func (r AuthenticationMethodsReferences) FactorKnowledge() bool {
|
|
|
|
return r.UsernameAndPassword
|
|
|
|
}
|
|
|
|
|
|
|
|
// FactorPossession returns true if a "something you have" factor of authentication was used.
|
|
|
|
func (r AuthenticationMethodsReferences) FactorPossession() bool {
|
2023-04-11 04:40:09 +00:00
|
|
|
return r.TOTP || r.WebAuthn || r.Duo
|
2022-04-01 11:18:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// MultiFactorAuthentication returns true if multiple factors were used.
|
|
|
|
func (r AuthenticationMethodsReferences) MultiFactorAuthentication() bool {
|
|
|
|
return r.FactorKnowledge() && r.FactorPossession()
|
|
|
|
}
|
|
|
|
|
|
|
|
// ChannelBrowser returns true if a browser was used to authenticate.
|
|
|
|
func (r AuthenticationMethodsReferences) ChannelBrowser() bool {
|
2023-04-11 04:40:09 +00:00
|
|
|
return r.UsernameAndPassword || r.TOTP || r.WebAuthn
|
2022-04-01 11:18:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// ChannelService returns true if a non-browser service was used to authenticate.
|
|
|
|
func (r AuthenticationMethodsReferences) ChannelService() bool {
|
|
|
|
return r.Duo
|
|
|
|
}
|
|
|
|
|
|
|
|
// MultiChannelAuthentication returns true if the user used more than one channel to authenticate.
|
|
|
|
func (r AuthenticationMethodsReferences) MultiChannelAuthentication() bool {
|
|
|
|
return r.ChannelBrowser() && r.ChannelService()
|
|
|
|
}
|
|
|
|
|
|
|
|
// MarshalRFC8176 returns the AMR claim slice of strings in the RFC8176 format.
|
|
|
|
// https://datatracker.ietf.org/doc/html/rfc8176
|
|
|
|
func (r AuthenticationMethodsReferences) MarshalRFC8176() []string {
|
|
|
|
var amr []string
|
|
|
|
|
|
|
|
if r.UsernameAndPassword {
|
|
|
|
amr = append(amr, AMRPasswordBasedAuthentication)
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.TOTP {
|
|
|
|
amr = append(amr, AMROneTimePassword)
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.Duo {
|
|
|
|
amr = append(amr, AMRShortMessageService)
|
|
|
|
}
|
|
|
|
|
2023-04-11 04:40:09 +00:00
|
|
|
if r.WebAuthn {
|
2022-04-01 11:18:58 +00:00
|
|
|
amr = append(amr, AMRHardwareSecuredKey)
|
|
|
|
}
|
|
|
|
|
2023-04-11 04:40:09 +00:00
|
|
|
if r.WebAuthnUserPresence {
|
2022-04-01 11:18:58 +00:00
|
|
|
amr = append(amr, AMRUserPresence)
|
|
|
|
}
|
|
|
|
|
2023-04-11 04:40:09 +00:00
|
|
|
if r.WebAuthnUserVerified {
|
2022-04-01 11:18:58 +00:00
|
|
|
amr = append(amr, AMRPersonalIdentificationNumber)
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.MultiFactorAuthentication() {
|
|
|
|
amr = append(amr, AMRMultiFactorAuthentication)
|
|
|
|
}
|
|
|
|
|
|
|
|
if r.MultiChannelAuthentication() {
|
|
|
|
amr = append(amr, AMRMultiChannelAuthentication)
|
|
|
|
}
|
|
|
|
|
|
|
|
return amr
|
|
|
|
}
|