forked from asgardeo/thunder
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconstants.go
More file actions
256 lines (226 loc) · 11.7 KB
/
constants.go
File metadata and controls
256 lines (226 loc) · 11.7 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
/*
* Copyright (c) 2025, WSO2 LLC. (https://www.wso2.com).
*
* WSO2 LLC. licenses this file to you under the Apache License,
* Version 2.0 (the "License"); you may not use this file except
* in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
// Package common defines common constants and models used across the flow components.
package common
import "time"
// FlowType defines the type of flow execution.
type FlowType string
const (
// FlowTypeAuthentication represents a flow execution for user authentication.
FlowTypeAuthentication FlowType = "AUTHENTICATION"
// FlowTypeRegistration represents a flow execution for user registration.
FlowTypeRegistration FlowType = "REGISTRATION"
// FlowTypeUserOnboarding represents an admin-initiated user onboarding flow.
FlowTypeUserOnboarding FlowType = "USER_ONBOARDING"
)
// FlowStatus defines the status of a flow execution.
type FlowStatus string
const (
// FlowStatusComplete indicates that the flow execution is complete.
FlowStatusComplete FlowStatus = "COMPLETE"
// FlowStatusIncomplete indicates that the flow execution is incomplete.
FlowStatusIncomplete FlowStatus = "INCOMPLETE"
// FlowStatusError indicates that there was an error during the flow execution.
FlowStatusError FlowStatus = "ERROR"
)
// FlowStepType defines the type of a step in the flow execution.
type FlowStepType string
const (
// StepTypeView represents a step in the flow that requires user interaction.
StepTypeView FlowStepType = "VIEW"
// StepTypeRedirection represents a step in the flow that redirects the user to another URL.
StepTypeRedirection FlowStepType = "REDIRECTION"
)
// NodeType defines the node types in the flow execution.
type NodeType string
const (
// NodeTypeStart represents the beginning of a flow (representation node)
NodeTypeStart NodeType = "START"
// NodeTypeEnd represents the end of a flow (representation node)
NodeTypeEnd NodeType = "END"
// NodeTypeTaskExecution represents a task execution node
NodeTypeTaskExecution NodeType = "TASK_EXECUTION"
// NodeTypePrompt represents a prompt node
NodeTypePrompt NodeType = "PROMPT"
)
// NodeStatus defines the status of a node in the flow execution.
type NodeStatus string
const (
// NodeStatusComplete indicates that the node has completed its execution successfully.
NodeStatusComplete NodeStatus = "COMPLETE"
// NodeStatusIncomplete indicates that the node has not completed its execution.
NodeStatusIncomplete NodeStatus = "INCOMPLETE"
// NodeStatusFailure indicates that the node has failed during its execution.
NodeStatusFailure NodeStatus = "FAILURE"
// NodeStatusForward indicates that the engine should forward execution to NextNodeID.
// Used for scenarios like onFailure handlers where context should be preserved.
NodeStatusForward NodeStatus = "FORWARD"
)
// NodeResponseType defines the type of response from a node in the flow execution.
type NodeResponseType string
const (
// NodeResponseTypeView indicates that the node response is a view type, requiring user interaction.
NodeResponseTypeView NodeResponseType = "VIEW"
// NodeResponseTypeRedirection indicates that the node response is a redirection type, redirecting to another URL.
NodeResponseTypeRedirection NodeResponseType = "REDIRECTION"
// NodeResponseTypeRetry indicates that the node response is a retry type, indicating a retry action.
NodeResponseTypeRetry NodeResponseType = "RETRY"
)
// ExecutorStatus defines the status of an executor in the flow execution.
type ExecutorStatus string
const (
// ExecComplete indicates that the executor has completed its execution successfully.
ExecComplete ExecutorStatus = "COMPLETE"
// ExecUserInputRequired indicates that the executor requires user input to proceed.
ExecUserInputRequired ExecutorStatus = "USER_INPUT_REQUIRED"
// ExecExternalRedirection indicates that the executor is redirecting to an external URL.
ExecExternalRedirection ExecutorStatus = "EXTERNAL_REDIRECTION"
// ExecFailure indicates that the executor has failed during its execution.
ExecFailure ExecutorStatus = "FAILURE"
// ExecRetry indicates that the executor is retrying its execution.
ExecRetry ExecutorStatus = "RETRY"
)
// ExecutorType defines the type of an executor in the flow execution.
type ExecutorType string
const (
// ExecutorTypeAuthentication represents an executor that performs authentication.
ExecutorTypeAuthentication ExecutorType = "AUTHENTICATION"
// ExecutorTypeRegistration represents an executor that handles user registration/provisioning.
ExecutorTypeRegistration ExecutorType = "REGISTRATION"
// ExecutorTypeUtility represents a utility executor for common operations.
ExecutorTypeUtility ExecutorType = "UTILITY"
)
const (
// DataIDPName is the key used for the identity provider name in the flow response.
DataIDPName = "idpName"
// DataConsentPrompt is the key used for the consent prompt data in the flow response.
DataConsentPrompt = "consentPrompt"
// DataStepTimeout is the key used for the step expiry timestamp in the flow response.
DataStepTimeout = "stepTimeout"
// DataInviteLink is the key used for the invite link in the flow response additional data.
DataInviteLink = "inviteLink"
// DataEmailSent is the key used to indicate that an email was sent successfully in the flow response.
DataEmailSent = "emailSent"
// DataSMSSent is the key used to indicate that an SMS was sent successfully in the flow response.
DataSMSSent = "smsSent"
// DataRootOUID is the key used to pass the root OU ID to the frontend for the OU tree picker.
DataRootOUID = "rootOuId"
// DataPromptMessage is the key used to pass a message to be displayed in the prompt node.
DataPromptMessage = "message"
)
// DefaultHTTPTimeout defines the default timeout duration for HTTP requests.
const DefaultHTTPTimeout = 5 * time.Second
const (
// NodePropertyAllowAuthenticationWithoutLocalUser indicates whether authentication is allowed without a local user
NodePropertyAllowAuthenticationWithoutLocalUser = "allowAuthenticationWithoutLocalUser"
// NodePropertyAllowRegistrationWithExistingUser indicates whether registration is allowed with an existing user
NodePropertyAllowRegistrationWithExistingUser = "allowRegistrationWithExistingUser"
// NodePropertyAllowCrossOUProvisioning indicates whether an existing user should be provisioned to the
// target OU when they accept an invite. Used together with allowRegistrationWithExistingUser. When true,
// the user is created in the target OU; when false, provisioning is skipped entirely.
NodePropertyAllowCrossOUProvisioning = "allowCrossOUProvisioning"
// NodePropertyOUResolveFrom specifies the strategy for resolving the organization unit.
// Supported values: "caller" (use the caller's OU).
NodePropertyOUResolveFrom = "resolveFrom"
)
const (
// RuntimeKeyUserAutoProvisioned indicates whether the user was auto-provisioned
RuntimeKeyUserAutoProvisioned = "userAutoProvisioned"
// RuntimeKeyUserEligibleForProvisioning indicates whether the user is eligible for auto provisioning
RuntimeKeyUserEligibleForProvisioning = "userEligibleForProvisioning"
// RuntimeKeyUserAmbiguous indicates the user exists in multiple OUs and requires disambiguation
RuntimeKeyUserAmbiguous = "userAmbiguous"
// RuntimeKeySkipProvisioning indicates whether to skip provisioning
RuntimeKeySkipProvisioning = "skipProvisioning"
// RuntimeKeyClientID holds the OAuth client ID for the current flow execution, if applicable.
RuntimeKeyClientID = "clientId"
// RuntimeKeyRequestedPermissions holds the space-separated permission scopes requested by the OAuth client.
RuntimeKeyRequestedPermissions = "requested_permissions"
// RuntimeKeyRequiredEssentialAttributes holds the space-separated essential user attributes required for the flow.
RuntimeKeyRequiredEssentialAttributes = "required_essential_attributes"
// RuntimeKeyRequiredOptionalAttributes holds the space-separated optional user attributes required for the flow.
RuntimeKeyRequiredOptionalAttributes = "required_optional_attributes"
// RuntimeKeyRequiredLocales holds the space-separated locales requested for claims.
RuntimeKeyRequiredLocales = "required_locales"
// RuntimeKeyConsentID holds the consent record ID after consent has been recorded.
RuntimeKeyConsentID = "consent_id"
// RuntimeKeyStepTimeout holds the expiry timestamp for the current flow step.
RuntimeKeyStepTimeout = "step_timeout"
// RuntimeKeyConsentedAttributes holds a space-separated set of attributes that the user has consented to share.
RuntimeKeyConsentedAttributes = "consented_attributes"
// RuntimeKeyConsentSessionToken holds the signed JWT session token for consent validation.
RuntimeKeyConsentSessionToken = "consent_session_token"
// RuntimeKeyStoredInviteToken holds the generated invite token stored during the invite send phase.
RuntimeKeyStoredInviteToken = "storedInviteToken"
// RuntimeKeyUserAttributesCacheTTLSeconds indicates the TTL of the user attributes cache.
RuntimeKeyUserAttributesCacheTTLSeconds = "user_attributes_cache_ttl_seconds"
// RuntimeKeyInviteLink holds the generated invite link for downstream executors (e.g., EmailExecutor).
RuntimeKeyInviteLink = "inviteLink"
// RuntimeKeySkipDelivery indicates that delivery should be skipped for the current flow.
RuntimeKeySkipDelivery = "skipDelivery"
// RuntimeKeyCandidateUsers holds serialized candidate users during disambiguation in resolve mode.
RuntimeKeyCandidateUsers = "candidateUsers"
)
// TODO: Define a go type for InputType when formalizing input types
// InputType constants define known input types used in flow definitions.
const (
// InputTypeText represents a text input type.
InputTypeText = "TEXT_INPUT"
// InputTypeEmail represents an email input type.
InputTypeEmail = "EMAIL_INPUT"
// InputTypePassword represents a password credential input type.
InputTypePassword = "PASSWORD_INPUT"
// InputTypeOTP represents a one-time password input type.
InputTypeOTP = "OTP_INPUT"
// InputTypePhone represents a phone number input type.
InputTypePhone = "PHONE_INPUT"
// InputTypeConsent represents a consent decisions input type.
InputTypeConsent = "CONSENT_INPUT"
// TODO: Add support for other sensitive input types:
// - Passkey credential fields (credentialId, clientDataJSON, authenticatorData, signature, userHandle)
// - OAuth/OIDC authorization codes
// - OIDC nonce
// - Invite tokens
)
// Attribute name constants for well-known user attributes used across flow executors.
const (
// AttributeMobileNumber is the default attribute name for a user's mobile phone number.
AttributeMobileNumber = "mobileNumber"
)
// sensitiveInputTypes contains the list of input types that are considered sensitive.
var sensitiveInputTypes = []string{
InputTypePassword,
InputTypeOTP,
}
// ActionType represents the type of action in a prompt.
type ActionType string
const (
// ActionTypeSubmit represents a primary/approve action
ActionTypeSubmit ActionType = "SUBMIT"
// ActionTypeReject represents a reject/deny action
ActionTypeReject ActionType = "REJECT"
)
// ForwardedData key constants define keys used in the ForwardedData map.
const (
// ForwardedDataKeyInputs is the key used to store input data in ForwardedData
ForwardedDataKeyInputs = "inputs"
// ForwardedDataKeyConsentPrompt is the key used to forward consent prompt data to the prompt node
ForwardedDataKeyConsentPrompt = "consent_prompt"
// ForwardedDataKeyActionType holds the action type selected by the user for the immediate next node
ForwardedDataKeyActionType = "actionType"
)