types.go at 3f5828bac83682d21fc1aa6c8f258b5af1005f81 · hailey.at/atproto-oauth-golang

this repo has no description
atproto-oauth-golang / types.go
at 3f5828bac83682d21fc1aa6c8f258b5af1005f81 6.4 kB view raw
  1package oauth
  2
  3import (
  4	"encoding/json"
  5	"fmt"
  6	"net/url"
  7)
  8
  9type OauthProtectedResource struct {
 10	Resource               string   `json:"resource"`
 11	AuthorizationServers   []string `json:"authorization_servers"`
 12	ScopesSupported        []string `json:"scopes_supported"`
 13	BearerMethodsSupported []string `json:"bearer_methods_supported"`
 14	ResourceDocumentation  string   `json:"resource_documentation"`
 15}
 16
 17func (opr *OauthProtectedResource) UnmarshalJSON(b []byte) error {
 18	type Tmp OauthProtectedResource
 19	var tmp Tmp
 20
 21	if err := json.Unmarshal(b, &tmp); err != nil {
 22		return err
 23	}
 24
 25	*opr = OauthProtectedResource(tmp)
 26
 27	return nil
 28}
 29
 30type OauthAuthorizationMetadata struct {
 31	Issuer                                     string   `json:"issuer"`
 32	RequestParameterSupported                  bool     `json:"request_parameter_supported"`
 33	RequestUriParameterSupported               bool     `json:"request_uri_parameter_supported"`
 34	RequireRequestUriRegistration              *bool    `json:"require_request_uri_registration,omitempty"`
 35	ScopesSupported                            []string `json:"scopes_supported"`
 36	SubjectTypesSupported                      []string `json:"subject_types_supported"`
 37	ResponseTypesSupported                     []string `json:"response_types_supported"`
 38	ResponseModesSupported                     []string `json:"response_modes_supported"`
 39	GrantTypesSupported                        []string `json:"grant_types_supported"`
 40	CodeChallengeMethodsSupported              []string `json:"code_challenge_methods_supported"`
 41	UILocalesSupported                         []string `json:"ui_locales_supported"`
 42	DisplayValuesSupported                     []string `json:"display_values_supported"`
 43	RequestObjectSigningAlgValuesSupported     []string `json:"request_object_signing_alg_values_supported"`
 44	AuthorizationResponseISSParameterSupported bool     `json:"authorization_response_iss_parameter_supported"`
 45	RequestObjectEncryptionAlgValuesSupported  []string `json:"request_object_encryption_alg_values_supported"`
 46	RequestObjectEncryptionEncValuesSupported  []string `json:"request_object_encryption_enc_values_supported"`
 47	JwksUri                                    string   `json:"jwks_uri"`
 48	AuthorizationEndpoint                      string   `json:"authorization_endpoint"`
 49	TokenEndpoint                              string   `json:"token_endpoint"`
 50	TokenEndpointAuthMethodsSupported          []string `json:"token_endpoint_auth_methods_supported"`
 51	TokenEndpointAuthSigningAlgValuesSupported []string `json:"token_endpoint_auth_signing_alg_values_supported"`
 52	RevocationEndpoint                         string   `json:"revocation_endpoint"`
 53	IntrospectionEndpoint                      string   `json:"introspection_endpoint"`
 54	PushedAuthorizationRequestEndpoint         string   `json:"pushed_authorization_request_endpoint"`
 55	RequirePushedAuthorizationRequests         bool     `json:"require_pushed_authorization_requests"`
 56	DpopSigningAlgValuesSupported              []string `json:"dpop_signing_alg_values_supported"`
 57	ProtectedResources                         []string `json:"protected_resources"`
 58	ClientIDMetadataDocumentSupported          bool     `json:"client_id_metadata_document_supported"`
 59}
 60
 61func (oam *OauthAuthorizationMetadata) Validate(fetch_url *url.URL) error {
 62	if fetch_url == nil {
 63		return fmt.Errorf("fetch_url was nil")
 64	}
 65
 66	iu, err := url.Parse(oam.Issuer)
 67	if err != nil {
 68		oam = nil
 69		return err
 70	}
 71
 72	if iu.Hostname() != fetch_url.Hostname() {
 73		oam = nil
 74		return fmt.Errorf("issuer hostname does not match fetch url hostname")
 75	}
 76
 77	if iu.Scheme != "https" {
 78		oam = nil
 79		return fmt.Errorf("issuer url is not https")
 80	}
 81
 82	if iu.Port() != "" {
 83		oam = nil
 84		return fmt.Errorf("issuer port is not empty")
 85	}
 86
 87	if iu.Path != "" && iu.Path != "/" {
 88		oam = nil
 89		return fmt.Errorf("issuer path is not /")
 90	}
 91
 92	if iu.RawQuery != "" {
 93		oam = nil
 94		return fmt.Errorf("issuer url params are not empty")
 95	}
 96
 97	if !tokenInSet("code", oam.ResponseTypesSupported) {
 98		oam = nil
 99		return fmt.Errorf("`code` is not in response_types_supported")
100	}
101
102	if !tokenInSet("authorization_code", oam.GrantTypesSupported) {
103		oam = nil
104		return fmt.Errorf("`authorization_code` is not in grant_types_supported")
105	}
106
107	if !tokenInSet("refresh_token", oam.GrantTypesSupported) {
108		oam = nil
109		return fmt.Errorf("`refresh_token` is not in grant_types_supported")
110	}
111
112	if !tokenInSet("S256", oam.CodeChallengeMethodsSupported) {
113		oam = nil
114		return fmt.Errorf("`S256` is not in code_challenge_methods_supported")
115	}
116
117	if !tokenInSet("none", oam.TokenEndpointAuthMethodsSupported) {
118		oam = nil
119		return fmt.Errorf("`none` is not in token_endpoint_auth_methods_supported")
120	}
121
122	if !tokenInSet("private_key_jwt", oam.TokenEndpointAuthMethodsSupported) {
123		oam = nil
124		return fmt.Errorf("`private_key_jwt` is not in token_endpoint_auth_methods_supported")
125	}
126
127	if !tokenInSet("ES256", oam.TokenEndpointAuthSigningAlgValuesSupported) {
128		oam = nil
129		return fmt.Errorf("`ES256` is not in token_endpoint_auth_signing_alg_values_supported")
130	}
131
132	if !tokenInSet("atproto", oam.ScopesSupported) {
133		oam = nil
134		return fmt.Errorf("`atproto` is not in scopes_supported")
135	}
136
137	if oam.AuthorizationResponseISSParameterSupported != true {
138		oam = nil
139		return fmt.Errorf("authorization_response_iss_parameter_supported is not true")
140	}
141
142	if oam.PushedAuthorizationRequestEndpoint == "" {
143		oam = nil
144		return fmt.Errorf("pushed_authorization_request_endpoint is empty")
145	}
146
147	if oam.RequirePushedAuthorizationRequests == false {
148		oam = nil
149		return fmt.Errorf("require_pushed_authorization_requests is false")
150	}
151
152	if !tokenInSet("ES256", oam.DpopSigningAlgValuesSupported) {
153		oam = nil
154		return fmt.Errorf("`ES256` is not in dpop_signing_alg_values_supported")
155	}
156
157	if oam.RequireRequestUriRegistration != nil && *oam.RequireRequestUriRegistration == false {
158		oam = nil
159		return fmt.Errorf("require_request_uri_registration present in metadata and was false")
160	}
161
162	if oam.ClientIDMetadataDocumentSupported == false {
163		oam = nil
164		return fmt.Errorf("client_id_metadata_document_supported was false")
165	}
166
167	return nil
168}
169
170func (oam *OauthAuthorizationMetadata) UnmarshalJSON(b []byte) error {
171	type Tmp OauthAuthorizationMetadata
172	var tmp Tmp
173
174	if err := json.Unmarshal(b, &tmp); err != nil {
175		return err
176	}
177
178	*oam = OauthAuthorizationMetadata(tmp)
179
180	return nil
181}