mirror of
https://github.com/rocky-linux/peridot.git
synced 2025-01-04 16:20:55 +00:00
263 lines
10 KiB
Go
263 lines
10 KiB
Go
// Code generated by go-swagger; DO NOT EDIT.
|
|
|
|
package models
|
|
|
|
// This file was generated by the swagger tool.
|
|
// Editing this file might prove futile when you re-run the swagger generate command
|
|
|
|
import (
|
|
"context"
|
|
|
|
"github.com/go-openapi/errors"
|
|
"github.com/go-openapi/strfmt"
|
|
"github.com/go-openapi/swag"
|
|
"github.com/go-openapi/validate"
|
|
)
|
|
|
|
// WellKnown WellKnown represents important OpenID Connect discovery metadata
|
|
//
|
|
// It includes links to several endpoints (e.g. /oauth2/token) and exposes information on supported signature algorithms
|
|
// among others.
|
|
//
|
|
// swagger:model wellKnown
|
|
type WellKnown struct {
|
|
|
|
// URL of the OP's OAuth 2.0 Authorization Endpoint.
|
|
// Example: https://playground.ory.sh/ory-hydra/public/oauth2/auth
|
|
// Required: true
|
|
AuthorizationEndpoint *string `json:"authorization_endpoint"`
|
|
|
|
// Boolean value specifying whether the OP can pass a sid (session ID) Claim in the Logout Token to identify the RP
|
|
// session with the OP. If supported, the sid Claim is also included in ID Tokens issued by the OP
|
|
BackchannelLogoutSessionSupported bool `json:"backchannel_logout_session_supported,omitempty"`
|
|
|
|
// Boolean value specifying whether the OP supports back-channel logout, with true indicating support.
|
|
BackchannelLogoutSupported bool `json:"backchannel_logout_supported,omitempty"`
|
|
|
|
// Boolean value specifying whether the OP supports use of the claims parameter, with true indicating support.
|
|
ClaimsParameterSupported bool `json:"claims_parameter_supported,omitempty"`
|
|
|
|
// JSON array containing a list of the Claim Names of the Claims that the OpenID Provider MAY be able to supply
|
|
// values for. Note that for privacy or other reasons, this might not be an exhaustive list.
|
|
ClaimsSupported []string `json:"claims_supported"`
|
|
|
|
// JSON array containing a list of Proof Key for Code Exchange (PKCE) [RFC7636] code challenge methods supported
|
|
// by this authorization server.
|
|
CodeChallengeMethodsSupported []string `json:"code_challenge_methods_supported"`
|
|
|
|
// URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP.
|
|
EndSessionEndpoint string `json:"end_session_endpoint,omitempty"`
|
|
|
|
// Boolean value specifying whether the OP can pass iss (issuer) and sid (session ID) query parameters to identify
|
|
// the RP session with the OP when the frontchannel_logout_uri is used. If supported, the sid Claim is also
|
|
// included in ID Tokens issued by the OP.
|
|
FrontchannelLogoutSessionSupported bool `json:"frontchannel_logout_session_supported,omitempty"`
|
|
|
|
// Boolean value specifying whether the OP supports HTTP-based logout, with true indicating support.
|
|
FrontchannelLogoutSupported bool `json:"frontchannel_logout_supported,omitempty"`
|
|
|
|
// JSON array containing a list of the OAuth 2.0 Grant Type values that this OP supports.
|
|
GrantTypesSupported []string `json:"grant_types_supported"`
|
|
|
|
// JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the ID Token
|
|
// to encode the Claims in a JWT.
|
|
// Required: true
|
|
IDTokenSigningAlgValuesSupported []string `json:"id_token_signing_alg_values_supported"`
|
|
|
|
// URL using the https scheme with no query or fragment component that the OP asserts as its IssuerURL Identifier.
|
|
// If IssuerURL discovery is supported , this value MUST be identical to the issuer value returned
|
|
// by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued from this IssuerURL.
|
|
// Example: https://playground.ory.sh/ory-hydra/public/
|
|
// Required: true
|
|
Issuer *string `json:"issuer"`
|
|
|
|
// URL of the OP's JSON Web Key Set [JWK] document. This contains the signing key(s) the RP uses to validate
|
|
// signatures from the OP. The JWK Set MAY also contain the Server's encryption key(s), which are used by RPs
|
|
// to encrypt requests to the Server. When both signing and encryption keys are made available, a use (Key Use)
|
|
// parameter value is REQUIRED for all keys in the referenced JWK Set to indicate each key's intended usage.
|
|
// Although some algorithms allow the same key to be used for both signatures and encryption, doing so is
|
|
// NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide X.509 representations of
|
|
// keys provided. When used, the bare key values MUST still be present and MUST match those in the certificate.
|
|
// Example: https://playground.ory.sh/ory-hydra/public/.well-known/jwks.json
|
|
// Required: true
|
|
JwksURI *string `json:"jwks_uri"`
|
|
|
|
// URL of the OP's Dynamic Client Registration Endpoint.
|
|
// Example: https://playground.ory.sh/ory-hydra/admin/client
|
|
RegistrationEndpoint string `json:"registration_endpoint,omitempty"`
|
|
|
|
// JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for Request Objects,
|
|
// which are described in Section 6.1 of OpenID Connect Core 1.0 [OpenID.Core]. These algorithms are used both when
|
|
// the Request Object is passed by value (using the request parameter) and when it is passed by reference
|
|
// (using the request_uri parameter).
|
|
RequestObjectSigningAlgValuesSupported []string `json:"request_object_signing_alg_values_supported"`
|
|
|
|
// Boolean value specifying whether the OP supports use of the request parameter, with true indicating support.
|
|
RequestParameterSupported bool `json:"request_parameter_supported,omitempty"`
|
|
|
|
// Boolean value specifying whether the OP supports use of the request_uri parameter, with true indicating support.
|
|
RequestURIParameterSupported bool `json:"request_uri_parameter_supported,omitempty"`
|
|
|
|
// Boolean value specifying whether the OP requires any request_uri values used to be pre-registered
|
|
// using the request_uris registration parameter.
|
|
RequireRequestURIRegistration bool `json:"require_request_uri_registration,omitempty"`
|
|
|
|
// JSON array containing a list of the OAuth 2.0 response_mode values that this OP supports.
|
|
ResponseModesSupported []string `json:"response_modes_supported"`
|
|
|
|
// JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic OpenID
|
|
// Providers MUST support the code, id_token, and the token id_token Response Type values.
|
|
// Required: true
|
|
ResponseTypesSupported []string `json:"response_types_supported"`
|
|
|
|
// URL of the authorization server's OAuth 2.0 revocation endpoint.
|
|
RevocationEndpoint string `json:"revocation_endpoint,omitempty"`
|
|
|
|
// SON array containing a list of the OAuth 2.0 [RFC6749] scope values that this server supports. The server MUST
|
|
// support the openid scope value. Servers MAY choose not to advertise some supported scope values even when this parameter is used
|
|
ScopesSupported []string `json:"scopes_supported"`
|
|
|
|
// JSON array containing a list of the Subject Identifier types that this OP supports. Valid types include
|
|
// pairwise and public.
|
|
// Required: true
|
|
SubjectTypesSupported []string `json:"subject_types_supported"`
|
|
|
|
// URL of the OP's OAuth 2.0 Token Endpoint
|
|
// Example: https://playground.ory.sh/ory-hydra/public/oauth2/token
|
|
// Required: true
|
|
TokenEndpoint *string `json:"token_endpoint"`
|
|
|
|
// JSON array containing a list of Client Authentication methods supported by this Token Endpoint. The options are
|
|
// client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 9 of OpenID Connect Core 1.0
|
|
TokenEndpointAuthMethodsSupported []string `json:"token_endpoint_auth_methods_supported"`
|
|
|
|
// URL of the OP's UserInfo Endpoint.
|
|
UserinfoEndpoint string `json:"userinfo_endpoint,omitempty"`
|
|
|
|
// JSON array containing a list of the JWS [JWS] signing algorithms (alg values) [JWA] supported by the UserInfo Endpoint to encode the Claims in a JWT [JWT].
|
|
UserinfoSigningAlgValuesSupported []string `json:"userinfo_signing_alg_values_supported"`
|
|
}
|
|
|
|
// Validate validates this well known
|
|
func (m *WellKnown) Validate(formats strfmt.Registry) error {
|
|
var res []error
|
|
|
|
if err := m.validateAuthorizationEndpoint(formats); err != nil {
|
|
res = append(res, err)
|
|
}
|
|
|
|
if err := m.validateIDTokenSigningAlgValuesSupported(formats); err != nil {
|
|
res = append(res, err)
|
|
}
|
|
|
|
if err := m.validateIssuer(formats); err != nil {
|
|
res = append(res, err)
|
|
}
|
|
|
|
if err := m.validateJwksURI(formats); err != nil {
|
|
res = append(res, err)
|
|
}
|
|
|
|
if err := m.validateResponseTypesSupported(formats); err != nil {
|
|
res = append(res, err)
|
|
}
|
|
|
|
if err := m.validateSubjectTypesSupported(formats); err != nil {
|
|
res = append(res, err)
|
|
}
|
|
|
|
if err := m.validateTokenEndpoint(formats); err != nil {
|
|
res = append(res, err)
|
|
}
|
|
|
|
if len(res) > 0 {
|
|
return errors.CompositeValidationError(res...)
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (m *WellKnown) validateAuthorizationEndpoint(formats strfmt.Registry) error {
|
|
|
|
if err := validate.Required("authorization_endpoint", "body", m.AuthorizationEndpoint); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m *WellKnown) validateIDTokenSigningAlgValuesSupported(formats strfmt.Registry) error {
|
|
|
|
if err := validate.Required("id_token_signing_alg_values_supported", "body", m.IDTokenSigningAlgValuesSupported); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m *WellKnown) validateIssuer(formats strfmt.Registry) error {
|
|
|
|
if err := validate.Required("issuer", "body", m.Issuer); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m *WellKnown) validateJwksURI(formats strfmt.Registry) error {
|
|
|
|
if err := validate.Required("jwks_uri", "body", m.JwksURI); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m *WellKnown) validateResponseTypesSupported(formats strfmt.Registry) error {
|
|
|
|
if err := validate.Required("response_types_supported", "body", m.ResponseTypesSupported); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m *WellKnown) validateSubjectTypesSupported(formats strfmt.Registry) error {
|
|
|
|
if err := validate.Required("subject_types_supported", "body", m.SubjectTypesSupported); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func (m *WellKnown) validateTokenEndpoint(formats strfmt.Registry) error {
|
|
|
|
if err := validate.Required("token_endpoint", "body", m.TokenEndpoint); err != nil {
|
|
return err
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// ContextValidate validates this well known based on context it is used
|
|
func (m *WellKnown) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
|
|
return nil
|
|
}
|
|
|
|
// MarshalBinary interface implementation
|
|
func (m *WellKnown) MarshalBinary() ([]byte, error) {
|
|
if m == nil {
|
|
return nil, nil
|
|
}
|
|
return swag.WriteJSON(m)
|
|
}
|
|
|
|
// UnmarshalBinary interface implementation
|
|
func (m *WellKnown) UnmarshalBinary(b []byte) error {
|
|
var res WellKnown
|
|
if err := swag.ReadJSON(b, &res); err != nil {
|
|
return err
|
|
}
|
|
*m = res
|
|
return nil
|
|
}
|