RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/internal/oidc/const.go

34 lines
972 B
Go
Raw Normal View History

feat(oidc): add additional config options, accurate token times, and refactoring (#1991) * This gives admins more control over their OIDC installation exposing options that had defaults before. Things like lifespans for authorize codes, access tokens, id tokens, refresh tokens, a option to enable the debug client messages, minimum parameter entropy. It also allows admins to configure the response modes. * Additionally this records specific values about a users session indicating when they performed a specific authz factor so this is represented in the token accurately. * Lastly we also implemented a OIDC key manager which calculates the kid for jwk's using the SHA1 digest instead of being static, or more specifically the first 7 chars. As per https://datatracker.ietf.org/doc/html/draft-ietf-jose-json-web-key#section-8.1.1 the kid should not exceed 8 chars. While it's allowed to exceed 8 chars, it must only be done so with a compelling reason, which we do not have.
2021-07-03 23:44:30 +00:00
package oidc
fix(oidc): add preferred username claim (#2801) This adds the missing preferred username claim to the ID Token for OIDC. Fixes #2798
2022-01-18 09:32:06 +00:00
// Scope strings.
const (
feat(oidc): oauth2 discovery support (#2925) * feat(oidc): oauth2 discovery and endpoint rename This implements the oauth2 authorization server discovery document, adds tests to the discovery documents, implements an efficiency upgrade to these docs, and renames some endpoints to be uniform.
2022-03-04 03:09:27 +00:00
ScopeOfflineAccess = "offline_access"
ScopeOpenID = "openid"
ScopeProfile = "profile"
ScopeEmail = "email"
ScopeGroups = "groups"
fix(oidc): add preferred username claim (#2801) This adds the missing preferred username claim to the ID Token for OIDC. Fixes #2798
2022-01-18 09:32:06 +00:00
)
// Claim strings.
const (
ClaimGroups = "groups"
ClaimDisplayName = "name"
ClaimPreferredUsername = "preferred_username"
ClaimEmail = "email"
ClaimEmailVerified = "email_verified"
fix(handlers): include preferred_username claim in meta (#2829) This includes the preferred_username claim in the meta. Also uses the consts for all the applicable claims and scopes.
2022-02-09 22:55:28 +00:00
ClaimEmailAlts = "alt_emails"
fix(oidc): add preferred username claim (#2801) This adds the missing preferred username claim to the ID Token for OIDC. Fixes #2798
2022-01-18 09:32:06 +00:00
)
feat(oidc): oauth2 discovery support (#2925) * feat(oidc): oauth2 discovery and endpoint rename This implements the oauth2 authorization server discovery document, adds tests to the discovery documents, implements an efficiency upgrade to these docs, and renames some endpoints to be uniform.
2022-03-04 03:09:27 +00:00
// Paths.
const (
WellKnownOpenIDConfigurationPath = "/.well-known/openid-configuration"
WellKnownOAuthAuthorizationServerPath = "/.well-known/oauth-authorization-server"
JWKsPath = "/api/oidc/jwks"
AuthorizationPath = "/api/oidc/authorization"
TokenPath = "/api/oidc/token" //nolint:gosec // This is not a hard coded credential, it's a path.
IntrospectionPath = "/api/oidc/introspection"
RevocationPath = "/api/oidc/revocation"
UserinfoPath = "/api/oidc/userinfo"
)