@@ -84,92 +84,91 @@ type Flow struct {
84
84
// identify the session.
85
85
//
86
86
// required: true
87
- ID string `db:"login_challenge"`
88
- NID uuid.UUID `db:"nid"`
87
+ ID string `db:"login_challenge" json:"i" `
88
+ NID uuid.UUID `db:"nid" json:"n" `
89
89
90
90
// RequestedScope contains the OAuth 2.0 Scope requested by the OAuth 2.0 Client.
91
91
//
92
92
// required: true
93
- RequestedScope sqlxx.StringSliceJSONFormat `db:"requested_scope"`
93
+ RequestedScope sqlxx.StringSliceJSONFormat `db:"requested_scope" json:"rs,omitempty" `
94
94
95
95
// RequestedAudience contains the access token audience as requested by the OAuth 2.0 Client.
96
96
//
97
97
// required: true
98
- RequestedAudience sqlxx.StringSliceJSONFormat `db:"requested_at_audience"`
98
+ RequestedAudience sqlxx.StringSliceJSONFormat `db:"requested_at_audience" json:"ra,omitempty" `
99
99
100
100
// LoginSkip, if true, implies that the client has requested the same scopes from the same user previously.
101
101
// If true, you can skip asking the user to grant the requested scopes, and simply forward the user to the redirect URL.
102
102
//
103
103
// This feature allows you to update / set session information.
104
104
//
105
105
// required: true
106
- LoginSkip bool `db:"login_skip"`
106
+ LoginSkip bool `db:"login_skip" json:"ls,omitempty" `
107
107
108
108
// Subject is the user ID of the end-user that authenticated. Now, that end user needs to grant or deny the scope
109
109
// requested by the OAuth 2.0 client. If this value is set and `skip` is true, you MUST include this subject type
110
110
// when accepting the login request, or the request will fail.
111
111
//
112
112
// required: true
113
- Subject string `db:"subject"`
113
+ Subject string `db:"subject" json:"s,omitempty" `
114
114
115
115
// OpenIDConnectContext provides context for the (potential) OpenID Connect context. Implementation of these
116
116
// values in your app are optional but can be useful if you want to be fully compliant with the OpenID Connect spec.
117
- OpenIDConnectContext * OAuth2ConsentRequestOpenIDConnectContext `db:"oidc_context"`
117
+ OpenIDConnectContext * OAuth2ConsentRequestOpenIDConnectContext `db:"oidc_context" json:"oc" `
118
118
119
119
// Client is the OAuth 2.0 Client that initiated the request.
120
120
//
121
121
// required: true
122
- Client * client.Client `db:"-"`
123
-
124
- ClientID string `db:"client_id"`
122
+ Client * client.Client `db:"-" json:"client,omitempty"`
123
+ ClientID string `db:"client_id" json:"ci,omitempty"`
125
124
126
125
// RequestURL is the original OAuth 2.0 Authorization URL requested by the OAuth 2.0 client. It is the URL which
127
126
// initiates the OAuth 2.0 Authorization Code or OAuth 2.0 Implicit flow. This URL is typically not needed, but
128
127
// might come in handy if you want to deal with additional request parameters.
129
128
//
130
129
// required: true
131
- RequestURL string `db:"request_url"`
130
+ RequestURL string `db:"request_url" json:"r,omitempty" `
132
131
133
132
// SessionID is the login session ID. If the user-agent reuses a login session (via cookie / remember flag)
134
133
// this ID will remain the same. If the user-agent did not have an existing authentication session (e.g. remember is false)
135
134
// this will be a new random value. This value is used as the "sid" parameter in the ID Token and in OIDC Front-/Back-
136
135
// channel logout. Its value can generally be used to associate consecutive login requests by a certain user.
137
- SessionID sqlxx.NullString `db:"login_session_id"`
136
+ SessionID sqlxx.NullString `db:"login_session_id" json:"si,omitempty" `
138
137
139
138
// IdentityProviderSessionID is the session ID of the end-user that authenticated.
140
139
// If specified, we will use this value to propagate the logout.
141
- IdentityProviderSessionID sqlxx.NullString `db:"identity_provider_session_id"`
140
+ IdentityProviderSessionID sqlxx.NullString `db:"identity_provider_session_id" json:"is,omitempty" `
142
141
143
- LoginVerifier string `db:"login_verifier"`
144
- LoginCSRF string `db:"login_csrf"`
142
+ LoginVerifier string `db:"login_verifier" json:"lv,omitempty" `
143
+ LoginCSRF string `db:"login_csrf" json:"lc,omitempty" `
145
144
146
- LoginInitializedAt sqlxx.NullTime `db:"login_initialized_at"`
147
- RequestedAt time.Time `db:"requested_at"`
145
+ LoginInitializedAt sqlxx.NullTime `db:"login_initialized_at" json:"li,omitempty" `
146
+ RequestedAt time.Time `db:"requested_at" json:"ia,omitempty" `
148
147
149
- State int16 `db:"state"`
148
+ State int16 `db:"state" json:"q,omitempty" `
150
149
151
150
// LoginRemember, if set to true, tells ORY Hydra to remember this user by telling the user agent (browser) to store
152
151
// a cookie with authentication data. If the same user performs another OAuth 2.0 Authorization Request, he/she
153
152
// will not be asked to log in again.
154
- LoginRemember bool `db:"login_remember"`
153
+ LoginRemember bool `db:"login_remember" json:"lr,omitempty" `
155
154
156
155
// LoginRememberFor sets how long the authentication should be remembered for in seconds. If set to `0`, the
157
156
// authorization will be remembered for the duration of the browser session (using a session cookie).
158
- LoginRememberFor int `db:"login_remember_for"`
157
+ LoginRememberFor int `db:"login_remember_for" json:"lf,omitempty" `
159
158
160
159
// LoginExtendSessionLifespan, if set to true, session cookie expiry time will be updated when session is
161
160
// refreshed (login skip=true).
162
- LoginExtendSessionLifespan bool `db:"login_extend_session_lifespan"`
161
+ LoginExtendSessionLifespan bool `db:"login_extend_session_lifespan" json:"ll,omitempty" `
163
162
164
163
// ACR sets the Authentication AuthorizationContext Class Reference value for this authentication session. You can use it
165
164
// to express that, for example, a user authenticated using two factor authentication.
166
- ACR string `db:"acr"`
165
+ ACR string `db:"acr" json:"a,omitempty" `
167
166
168
167
// AMR sets the Authentication Methods References value for this
169
168
// authentication session. You can use it to specify the method a user used to
170
169
// authenticate. For example, if the acr indicates a user used two factor
171
170
// authentication, the amr can express they used a software-secured key.
172
- AMR sqlxx.StringSliceJSONFormat `db:"amr"`
171
+ AMR sqlxx.StringSliceJSONFormat `db:"amr" json:"am,omitempty" `
173
172
174
173
// ForceSubjectIdentifier forces the "pairwise" user ID of the end-user that authenticated. The "pairwise" user ID refers to the
175
174
// (Pairwise Identifier Algorithm)[http://openid.net/specs/openid-connect-core-1_0.html#PairwiseAlg] of the OpenID
@@ -188,58 +187,58 @@ type Flow struct {
188
187
// other unique value).
189
188
//
190
189
// If you fail to compute the proper value, then authentication processes which have id_token_hint set might fail.
191
- ForceSubjectIdentifier string `db:"forced_subject_identifier"`
190
+ ForceSubjectIdentifier string `db:"forced_subject_identifier" json:"fs,omitempty" `
192
191
193
192
// Context is an optional object which can hold arbitrary data. The data will be made available when fetching the
194
193
// consent request under the "context" field. This is useful in scenarios where login and consent endpoints share
195
194
// data.
196
- Context sqlxx.JSONRawMessage `db:"context"`
195
+ Context sqlxx.JSONRawMessage `db:"context" json:"ct" `
197
196
198
197
// LoginWasUsed set to true means that the login request was already handled.
199
198
// This can happen on form double-submit or other errors. If this is set we
200
199
// recommend redirecting the user to `request_url` to re-initiate the flow.
201
- LoginWasUsed bool `db:"login_was_used"`
200
+ LoginWasUsed bool `db:"login_was_used" json:"lu,omitempty" `
202
201
203
- LoginError * RequestDeniedError `db:"login_error"`
204
- LoginAuthenticatedAt sqlxx.NullTime `db:"login_authenticated_at"`
202
+ LoginError * RequestDeniedError `db:"login_error" json:"le,omitempty" `
203
+ LoginAuthenticatedAt sqlxx.NullTime `db:"login_authenticated_at" json:"la,omitempty" `
205
204
206
205
// ConsentChallengeID is the identifier ("authorization challenge") of the consent authorization request. It is used to
207
206
// identify the session.
208
207
//
209
208
// required: true
210
- ConsentChallengeID sqlxx.NullString `db:"consent_challenge_id"`
209
+ ConsentChallengeID sqlxx.NullString `db:"consent_challenge_id" json:"cc,omitempty" `
211
210
212
211
// ConsentSkip, if true, implies that the client has requested the same scopes from the same user previously.
213
212
// If true, you must not ask the user to grant the requested scopes. You must however either allow or deny the
214
213
// consent request using the usual API call.
215
- ConsentSkip bool `db:"consent_skip"`
216
- ConsentVerifier sqlxx.NullString `db:"consent_verifier"`
217
- ConsentCSRF sqlxx.NullString `db:"consent_csrf"`
214
+ ConsentSkip bool `db:"consent_skip" json:"cs,omitempty" `
215
+ ConsentVerifier sqlxx.NullString `db:"consent_verifier" json:"cv,omitempty" `
216
+ ConsentCSRF sqlxx.NullString `db:"consent_csrf" json:"cr,omitempty" `
218
217
219
218
// GrantedScope sets the scope the user authorized the client to use. Should be a subset of `requested_scope`.
220
- GrantedScope sqlxx.StringSliceJSONFormat `db:"granted_scope"`
219
+ GrantedScope sqlxx.StringSliceJSONFormat `db:"granted_scope" json:"gs,omitempty" `
221
220
222
221
// GrantedAudience sets the audience the user authorized the client to use. Should be a subset of `requested_access_token_audience`.
223
- GrantedAudience sqlxx.StringSliceJSONFormat `db:"granted_at_audience"`
222
+ GrantedAudience sqlxx.StringSliceJSONFormat `db:"granted_at_audience" json:"ga,omitempty" `
224
223
225
224
// ConsentRemember, if set to true, tells ORY Hydra to remember this consent authorization and reuse it if the same
226
225
// client asks the same user for the same, or a subset of, scope.
227
- ConsentRemember bool `db:"consent_remember"`
226
+ ConsentRemember bool `db:"consent_remember" json:"ce,omitempty" `
228
227
229
228
// ConsentRememberFor sets how long the consent authorization should be remembered for in seconds. If set to `0`, the
230
229
// authorization will be remembered indefinitely.
231
- ConsentRememberFor * int `db:"consent_remember_for"`
230
+ ConsentRememberFor * int `db:"consent_remember_for" json:"cf" `
232
231
233
232
// ConsentHandledAt contains the timestamp the consent request was handled.
234
- ConsentHandledAt sqlxx.NullTime `db:"consent_handled_at"`
233
+ ConsentHandledAt sqlxx.NullTime `db:"consent_handled_at" json:"ch,omitempty" `
235
234
236
235
// ConsentWasHandled set to true means that the request was already handled.
237
236
// This can happen on form double-submit or other errors. If this is set we
238
237
// recommend redirecting the user to `request_url` to re-initiate the flow.
239
- ConsentWasHandled bool `db:"consent_was_used"`
240
- ConsentError * RequestDeniedError `db:"consent_error"`
241
- SessionIDToken sqlxx.MapStringInterface `db:"session_id_token" faker:"-"`
242
- SessionAccessToken sqlxx.MapStringInterface `db:"session_access_token" faker:"-"`
238
+ ConsentWasHandled bool `db:"consent_was_used" json:"cw,omitempty" `
239
+ ConsentError * RequestDeniedError `db:"consent_error" json:"cx" `
240
+ SessionIDToken sqlxx.MapStringInterface `db:"session_id_token" faker:"-" json:"st" `
241
+ SessionAccessToken sqlxx.MapStringInterface `db:"session_access_token" faker:"-" json:"sa" `
243
242
}
244
243
245
244
func NewFlow (r * LoginRequest ) * Flow {
@@ -511,21 +510,37 @@ type CipherProvider interface {
511
510
}
512
511
513
512
// ToLoginChallenge converts the flow into a login challenge.
514
- func (f * Flow ) ToLoginChallenge (ctx context.Context , cipherProvider CipherProvider ) (string , error ) {
513
+ func (f Flow ) ToLoginChallenge (ctx context.Context , cipherProvider CipherProvider ) (string , error ) {
514
+ if f .Client != nil {
515
+ f .ClientID = f .Client .GetID ()
516
+ }
517
+ f .Client = nil
515
518
return flowctx .Encode (ctx , cipherProvider .FlowCipher (), f , flowctx .AsLoginChallenge )
516
519
}
517
520
518
521
// ToLoginVerifier converts the flow into a login verifier.
519
- func (f * Flow ) ToLoginVerifier (ctx context.Context , cipherProvider CipherProvider ) (string , error ) {
522
+ func (f Flow ) ToLoginVerifier (ctx context.Context , cipherProvider CipherProvider ) (string , error ) {
523
+ if f .Client != nil {
524
+ f .ClientID = f .Client .GetID ()
525
+ }
526
+ f .Client = nil
520
527
return flowctx .Encode (ctx , cipherProvider .FlowCipher (), f , flowctx .AsLoginVerifier )
521
528
}
522
529
523
530
// ToConsentChallenge converts the flow into a consent challenge.
524
- func (f * Flow ) ToConsentChallenge (ctx context.Context , cipherProvider CipherProvider ) (string , error ) {
531
+ func (f Flow ) ToConsentChallenge (ctx context.Context , cipherProvider CipherProvider ) (string , error ) {
532
+ if f .Client != nil {
533
+ f .ClientID = f .Client .GetID ()
534
+ }
535
+ f .Client = nil
525
536
return flowctx .Encode (ctx , cipherProvider .FlowCipher (), f , flowctx .AsConsentChallenge )
526
537
}
527
538
528
539
// ToConsentVerifier converts the flow into a consent verifier.
529
- func (f * Flow ) ToConsentVerifier (ctx context.Context , cipherProvider CipherProvider ) (string , error ) {
540
+ func (f Flow ) ToConsentVerifier (ctx context.Context , cipherProvider CipherProvider ) (string , error ) {
541
+ if f .Client != nil {
542
+ f .ClientID = f .Client .GetID ()
543
+ }
544
+ f .Client = nil
530
545
return flowctx .Encode (ctx , cipherProvider .FlowCipher (), f , flowctx .AsConsentVerifier )
531
546
}
0 commit comments