forked from openshift/osin
-
Notifications
You must be signed in to change notification settings - Fork 2
/
config.go
82 lines (66 loc) · 2.41 KB
/
config.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
package osin
// AllowedAuthorizeType is a collection of allowed auth request types
type AllowedAuthorizeType []AuthorizeRequestType
// Exists returns true if the auth type exists in the list
func (t AllowedAuthorizeType) Exists(rt AuthorizeRequestType) bool {
for _, k := range t {
if k == rt {
return true
}
}
return false
}
// AllowedAccessType is a collection of allowed access request types
type AllowedAccessType []AccessRequestType
// Exists returns true if the access type exists in the list
func (t AllowedAccessType) Exists(rt AccessRequestType) bool {
for _, k := range t {
if k == rt {
return true
}
}
return false
}
// ServerConfig contains server configuration information
type ServerConfig struct {
// Authorization token expiration in seconds (default 5 minutes)
AuthorizationExpiration int32
// Access token expiration in seconds (default 1 hour)
AccessExpiration int32
// Token type to return
TokenType string
// List of allowed authorize types (only CODE by default)
AllowedAuthorizeTypes AllowedAuthorizeType
// List of allowed access types (only AUTHORIZATION_CODE by default)
AllowedAccessTypes AllowedAccessType
// HTTP status code to return for errors - default 200
// Only used if response was created from server
ErrorStatusCode int
// If true allows client secret also in params, else only in
// Authorization header - default false
AllowClientSecretInParams bool
// If true allows access request using GET, else only POST - default false
AllowGetAccessRequest bool
// Require PKCE for code flows for public OAuth clients - default false
RequirePKCEForPublicClients bool
// Separator to support multiple URIs in Client.GetRedirectUri().
// If blank (the default), don't allow multiple URIs.
RedirectUriSeparator string
// RetainTokenAfter Refresh allows the server to retain the access and
// refresh token for re-use - default false
RetainTokenAfterRefresh bool
}
// NewServerConfig returns a new ServerConfig with default configuration
func NewServerConfig() *ServerConfig {
return &ServerConfig{
AuthorizationExpiration: 250,
AccessExpiration: 3600,
TokenType: "Bearer",
AllowedAuthorizeTypes: AllowedAuthorizeType{CODE},
AllowedAccessTypes: AllowedAccessType{AUTHORIZATION_CODE},
ErrorStatusCode: 200,
AllowClientSecretInParams: false,
AllowGetAccessRequest: false,
RetainTokenAfterRefresh: false,
}
}