bridge

package
v0.0.16 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2026 License: Apache-2.0 Imports: 13 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BridgeManager 

type BridgeManager struct {
	// contains filtered or unexported fields
}

BridgeManager manages all bridge functions for the OIDC provider plugin.

func NewBridgeManager 

func NewBridgeManager(
	clientRepo *repository.OAuthClientRepository,
	tokenRepo *repository.OAuthTokenRepository,
	consentRepo *repository.OAuthConsentRepository,
	deviceCodeRepo *repository.DeviceCodeRepository,
	service OIDCServiceInterface,
	logger forge.Logger,
) *BridgeManager

NewBridgeManager creates a new bridge manager.

func (*BridgeManager) CleanupExpiredDeviceCodes 

func (bm *BridgeManager) CleanupExpiredDeviceCodes(ctx bridge.Context, input CleanupExpiredDeviceCodesInput) (*CleanupExpiredDeviceCodesOutput, error)

CleanupExpiredDeviceCodes triggers cleanup of expired device codes.

func (*BridgeManager) CreateClient 

func (bm *BridgeManager) CreateClient(ctx bridge.Context, input CreateClientInput) (*CreateClientOutput, error)

CreateClient creates a new OAuth client.

func (*BridgeManager) DeleteClient 

func (bm *BridgeManager) DeleteClient(ctx bridge.Context, input DeleteClientInput) (*DeleteClientOutput, error)

DeleteClient deletes an OAuth client and revokes all associated tokens.

func (*BridgeManager) GetClient 

func (bm *BridgeManager) GetClient(ctx bridge.Context, input GetClientInput) (*GetClientOutput, error)

GetClient retrieves a single OAuth client.

func (*BridgeManager) GetClientStats 

func (bm *BridgeManager) GetClientStats(ctx bridge.Context, input GetClientStatsInput) (*GetClientStatsOutput, error)

GetClientStats retrieves usage statistics for a client.

func (*BridgeManager) GetClients 

func (bm *BridgeManager) GetClients(ctx bridge.Context, input GetClientsInput) (*GetClientsOutput, error)

GetClients lists OAuth clients with pagination and search.

func (*BridgeManager) GetDeviceCodes 

func (bm *BridgeManager) GetDeviceCodes(ctx bridge.Context, input GetDeviceCodesInput) (*GetDeviceCodesOutput, error)

GetDeviceCodes lists device authorization codes.

func (*BridgeManager) GetSettings 

func (bm *BridgeManager) GetSettings(ctx bridge.Context, input GetSettingsInput) (*GetSettingsOutput, error)

GetSettings retrieves current OIDC provider configuration.

func (*BridgeManager) GetStats 

func (bm *BridgeManager) GetStats(ctx bridge.Context, input GetStatsInput) (*GetStatsOutput, error)

GetStats retrieves overall OAuth/OIDC statistics.

func (*BridgeManager) RegenerateSecret 

func (bm *BridgeManager) RegenerateSecret(ctx bridge.Context, input RegenerateSecretInput) (*RegenerateSecretOutput, error)

RegenerateSecret generates a new client secret.

func (*BridgeManager) RevokeDeviceCode 

func (bm *BridgeManager) RevokeDeviceCode(ctx bridge.Context, input RevokeDeviceCodeInput) (*RevokeDeviceCodeOutput, error)

RevokeDeviceCode manually revokes a device code.

func (*BridgeManager) RotateKeys 

func (bm *BridgeManager) RotateKeys(ctx bridge.Context, input RotateKeysInput) (*RotateKeysOutput, error)

RotateKeys triggers a manual JWT key rotation.

func (*BridgeManager) UpdateClient 

func (bm *BridgeManager) UpdateClient(ctx bridge.Context, input UpdateClientInput) (*UpdateClientOutput, error)

UpdateClient updates an existing OAuth client.

func (*BridgeManager) UpdateDeviceFlowSettings 

func (bm *BridgeManager) UpdateDeviceFlowSettings(ctx bridge.Context, input UpdateDeviceFlowSettingsInput) (*UpdateDeviceFlowSettingsOutput, error)

UpdateDeviceFlowSettings updates device flow configuration.

func (*BridgeManager) UpdateTokenSettings 

func (bm *BridgeManager) UpdateTokenSettings(ctx bridge.Context, input UpdateTokenSettingsInput) (*UpdateTokenSettingsOutput, error)

UpdateTokenSettings updates token lifetime configuration.

type CleanupExpiredDeviceCodesInput 

type CleanupExpiredDeviceCodesInput struct {
	AppID string `json:"appId"`
}

CleanupExpiredDeviceCodesInput is the input for cleanup.

type CleanupExpiredDeviceCodesOutput 

type CleanupExpiredDeviceCodesOutput struct {
	Data struct {
		ExpiredCount  int `json:"expiredCount"`
		ConsumedCount int `json:"consumedCount"`
	} `json:"data"`
}

CleanupExpiredDeviceCodesOutput is the output for cleanup.

type ClientDTO 

type ClientDTO struct {
	ID                string    `json:"id"`
	ClientID          string    `json:"clientId"`
	ClientName        string    `json:"clientName"`
	ApplicationType   string    `json:"applicationType"`
	LogoURI           string    `json:"logoUri,omitempty"`
	GrantTypes        []string  `json:"grantTypes"`
	ResponseTypes     []string  `json:"responseTypes"`
	RedirectURIs      []string  `json:"redirectUris"`
	AllowedScopes     []string  `json:"allowedScopes"`
	RequirePKCE       bool      `json:"requirePkce"`
	RequireConsent    bool      `json:"requireConsent"`
	TrustedClient     bool      `json:"trustedClient"`
	OrganizationID    string    `json:"organizationId,omitempty"`
	IsOrgLevel        bool      `json:"isOrgLevel"`
	TokenEndpointAuth string    `json:"tokenEndpointAuth"`
	CreatedAt         time.Time `json:"createdAt"`
	UpdatedAt         time.Time `json:"updatedAt"`
}

ClientDTO represents an OAuth client in API responses.

type ClientStatsDTO 

type ClientStatsDTO struct {
	TotalTokens     int64 `json:"totalTokens"`
	ActiveTokens    int64 `json:"activeTokens"`
	TotalUsers      int64 `json:"totalUsers"`
	TokensToday     int64 `json:"tokensToday"`
	TokensThisWeek  int64 `json:"tokensThisWeek"`
	TokensThisMonth int64 `json:"tokensThisMonth"`
}

ClientStatsDTO represents client usage statistics.

type ClientWithSecretDTO 

type ClientWithSecretDTO struct {
	ClientDTO

	ClientSecret string `json:"clientSecret,omitempty"`
}

ClientWithSecretDTO includes the client secret (only returned on creation).

type CreateClientInput 

type CreateClientInput struct {
	AppID                   string   `json:"appId"`
	ClientName              string   `json:"clientName"`
	ApplicationType         string   `json:"applicationType,omitempty"` // web, native, spa
	LogoURI                 string   `json:"logoUri,omitempty"`
	RedirectURIs            []string `json:"redirectUris,omitempty"`
	PostLogoutRedirectURIs  []string `json:"postLogoutRedirectUris,omitempty"`
	GrantTypes              []string `json:"grantTypes,omitempty"`
	ResponseTypes           []string `json:"responseTypes,omitempty"`
	AllowedScopes           []string `json:"allowedScopes,omitempty"`
	TokenEndpointAuthMethod string   `json:"tokenEndpointAuthMethod,omitempty"` // client_secret_basic, client_secret_post, none
	RequirePKCE             bool     `json:"requirePkce,omitempty"`
	RequireConsent          bool     `json:"requireConsent,omitempty"`
	TrustedClient           bool     `json:"trustedClient,omitempty"`
	OrganizationID          string   `json:"organizationId,omitempty"` // If set, client is org-specific
	PolicyURI               string   `json:"policyUri,omitempty"`
	TosURI                  string   `json:"tosUri,omitempty"`
	Contacts                []string `json:"contacts,omitempty"`
}

CreateClientInput is the input for creating an OAuth client.

type CreateClientOutput 

type CreateClientOutput struct {
	Data ClientWithSecretDTO `json:"data"`
}

CreateClientOutput is the output for creating an OAuth client.

type DeleteClientInput 

type DeleteClientInput struct {
	ClientID string `json:"clientId"`
}

DeleteClientInput is the input for deleting an OAuth client.

type DeleteClientOutput 

type DeleteClientOutput struct {
	Success bool `json:"success"`
}

DeleteClientOutput is the output for deleting an OAuth client.

type DeviceCodeDTO 

type DeviceCodeDTO struct {
	ID              string     `json:"id"`
	DeviceCode      string     `json:"deviceCode"` // Masked for security
	UserCode        string     `json:"userCode"`
	ClientID        string     `json:"clientId"`
	ClientName      string     `json:"clientName"`
	Scope           string     `json:"scope"`
	Status          string     `json:"status"`
	VerificationURI string     `json:"verificationUri"`
	ExpiresAt       time.Time  `json:"expiresAt"`
	CreatedAt       time.Time  `json:"createdAt"`
	AuthorizedAt    *time.Time `json:"authorizedAt,omitempty"`
	ConsumedAt      *time.Time `json:"consumedAt,omitempty"`
	PollCount       int        `json:"pollCount"`
	TimeRemaining   int64      `json:"timeRemaining"` // Seconds until expiration
}

DeviceCodeDTO represents a device code in API responses.

type DeviceFlowDTO 

type DeviceFlowDTO struct {
	Enabled         bool   `json:"enabled"`
	CodeExpiry      string `json:"codeExpiry"` // Duration string
	UserCodeLength  int    `json:"userCodeLength"`
	UserCodeFormat  string `json:"userCodeFormat"`
	PollingInterval int    `json:"pollingInterval"` // Seconds
	VerificationURI string `json:"verificationUri"`
	MaxPollAttempts int    `json:"maxPollAttempts"`
	CleanupInterval string `json:"cleanupInterval"` // Duration string
}

DeviceFlowDTO represents device flow configuration.

type GetClientInput 

type GetClientInput struct {
	ClientID string `json:"clientId"`
}

GetClientInput is the input for getting a single client.

type GetClientOutput 

type GetClientOutput struct {
	Data ClientDTO `json:"data"`
}

GetClientOutput is the output for getting a single client.

type GetClientStatsInput 

type GetClientStatsInput struct {
	ClientID string `json:"clientId"`
}

GetClientStatsInput is the input for getting client statistics.

type GetClientStatsOutput 

type GetClientStatsOutput struct {
	Data ClientStatsDTO `json:"data"`
}

GetClientStatsOutput is the output for getting client statistics.

type GetClientsInput 

type GetClientsInput struct {
	AppID    string `json:"appId"`
	Page     int    `json:"page,omitempty"`
	PageSize int    `json:"pageSize,omitempty"`
	Search   string `json:"search,omitempty"`
}

GetClientsInput is the input for listing OAuth clients.

type GetClientsOutput 

type GetClientsOutput struct {
	Data       []ClientDTO    `json:"data"`
	Pagination *PaginationDTO `json:"pagination"`
}

GetClientsOutput is the output for listing OAuth clients.

type GetDeviceCodesInput 

type GetDeviceCodesInput struct {
	AppID    string `json:"appId"`
	Status   string `json:"status,omitempty"` // pending, authorized, denied, expired, consumed
	Page     int    `json:"page,omitempty"`
	PageSize int    `json:"pageSize,omitempty"`
}

GetDeviceCodesInput is the input for listing device codes.

type GetDeviceCodesOutput 

type GetDeviceCodesOutput struct {
	Data       []DeviceCodeDTO `json:"data"`
	Pagination *PaginationDTO  `json:"pagination"`
}

GetDeviceCodesOutput is the output for listing device codes.

type GetSettingsInput 

type GetSettingsInput struct {
	AppID string `json:"appId"`
}

GetSettingsInput is the input for getting OIDC settings.

type GetSettingsOutput 

type GetSettingsOutput struct {
	Data SettingsDTO `json:"data"`
}

GetSettingsOutput is the output for getting OIDC settings.

type GetStatsInput 

type GetStatsInput struct {
	AppID  string `json:"appId"`
	Period string `json:"period,omitempty"` // today, week, month, year, all
}

GetStatsInput is the input for getting overall statistics.

type GetStatsOutput 

type GetStatsOutput struct {
	Data OverallStatsDTO `json:"data"`
}

GetStatsOutput is the output for getting overall statistics.

type KeySettingsDTO 

type KeySettingsDTO struct {
	RotationInterval string `json:"rotationInterval"` // Duration string
	KeyLifetime      string `json:"keyLifetime"`      // Duration string
	LastRotation     string `json:"lastRotation"`     // Timestamp
	CurrentKeyID     string `json:"currentKeyId"`
}

KeySettingsDTO represents key management settings.

type OIDCServiceInterface 

type OIDCServiceInterface interface {
	GetConfig() any
	GetCurrentKeyID() (string, error)
	GetLastKeyRotation() time.Time
	RotateKeys() error
	GetDeviceFlowService() any
}

OIDCServiceInterface defines the OIDC service methods needed by bridge functions Using interface{} for config to avoid import cycle issues.

type OverallStatsDTO 

type OverallStatsDTO struct {
	ClientCount          int64           `json:"clientCount"`
	ActiveTokens         int64           `json:"activeTokens"`
	TotalTokensIssued    int64           `json:"totalTokensIssued"`
	TotalUsers           int64           `json:"totalUsers"`
	ActiveDeviceCodes    int64           `json:"activeDeviceCodes"`
	TokensByType         TokensByTypeDTO `json:"tokensByType"`
	TokensIssuedOverTime []TimeSeriesDTO `json:"tokensIssuedOverTime"`
	TopClients           []TopClientDTO  `json:"topClients"`
}

OverallStatsDTO represents overall OAuth/OIDC statistics.

type PaginationDTO 

type PaginationDTO struct {
	Page       int   `json:"page"`
	PageSize   int   `json:"pageSize"`
	Total      int64 `json:"total"`
	TotalPages int64 `json:"totalPages"`
}

PaginationDTO represents pagination info.

type RegenerateSecretInput 

type RegenerateSecretInput struct {
	ClientID string `json:"clientId"`
}

RegenerateSecretInput is the input for regenerating a client secret.

type RegenerateSecretOutput 

type RegenerateSecretOutput struct {
	Data struct {
		ClientSecret string `json:"clientSecret"`
	} `json:"data"`
}

RegenerateSecretOutput is the output for regenerating a client secret.

type RevokeDeviceCodeInput 

type RevokeDeviceCodeInput struct {
	UserCode string `json:"userCode"`
}

RevokeDeviceCodeInput is the input for revoking a device code.

type RevokeDeviceCodeOutput 

type RevokeDeviceCodeOutput struct {
	Success bool `json:"success"`
}

RevokeDeviceCodeOutput is the output for revoking a device code.

type RotateKeysInput 

type RotateKeysInput struct{}

RotateKeysInput is the input for rotating JWT keys.

type RotateKeysOutput 

type RotateKeysOutput struct {
	Success  bool   `json:"success"`
	NewKeyID string `json:"newKeyId"`
}

RotateKeysOutput is the output for rotating JWT keys.

type SettingsDTO 

type SettingsDTO struct {
	Issuer        string           `json:"issuer"`
	DiscoveryURL  string           `json:"discoveryUrl"`
	JWKSURL       string           `json:"jwksUrl"`
	TokenSettings TokenSettingsDTO `json:"tokenSettings"`
	KeySettings   KeySettingsDTO   `json:"keySettings"`
	DeviceFlow    DeviceFlowDTO    `json:"deviceFlow"`
}

SettingsDTO represents OIDC provider configuration.

type TimeSeriesDTO 

type TimeSeriesDTO struct {
	Timestamp time.Time `json:"timestamp"`
	Count     int64     `json:"count"`
}

TimeSeriesDTO represents a time series data point.

type TokenSettingsDTO 

type TokenSettingsDTO struct {
	AccessTokenExpiry  string `json:"accessTokenExpiry"`  // Duration string (e.g., "1h")
	IDTokenExpiry      string `json:"idTokenExpiry"`      // Duration string
	RefreshTokenExpiry string `json:"refreshTokenExpiry"` // Duration string
}

TokenSettingsDTO represents token lifetime settings.

type TokensByTypeDTO 

type TokensByTypeDTO struct {
	AccessTokens  int64 `json:"accessTokens"`
	RefreshTokens int64 `json:"refreshTokens"`
	IDTokens      int64 `json:"idTokens"`
}

TokensByTypeDTO represents token counts by type.

type TopClientDTO 

type TopClientDTO struct {
	ClientID   string `json:"clientId"`
	ClientName string `json:"clientName"`
	TokenCount int64  `json:"tokenCount"`
}

TopClientDTO represents a client with token count.

type UpdateClientInput 

type UpdateClientInput struct {
	ClientID                string   `json:"clientId"`
	ClientName              string   `json:"clientName,omitempty"`
	ApplicationType         string   `json:"applicationType,omitempty"`
	LogoURI                 string   `json:"logoUri,omitempty"`
	RedirectURIs            []string `json:"redirectUris,omitempty"`
	PostLogoutRedirectURIs  []string `json:"postLogoutRedirectUris,omitempty"`
	GrantTypes              []string `json:"grantTypes,omitempty"`
	ResponseTypes           []string `json:"responseTypes,omitempty"`
	AllowedScopes           []string `json:"allowedScopes,omitempty"`
	TokenEndpointAuthMethod string   `json:"tokenEndpointAuthMethod,omitempty"`
	RequirePKCE             bool     `json:"requirePkce,omitempty"`
	RequireConsent          bool     `json:"requireConsent,omitempty"`
	TrustedClient           bool     `json:"trustedClient,omitempty"`
	PolicyURI               string   `json:"policyUri,omitempty"`
	TosURI                  string   `json:"tosUri,omitempty"`
	Contacts                []string `json:"contacts,omitempty"`
}

UpdateClientInput is the input for updating an OAuth client.

type UpdateClientOutput 

type UpdateClientOutput struct {
	Data ClientDTO `json:"data"`
}

UpdateClientOutput is the output for updating an OAuth client.

type UpdateDeviceFlowSettingsInput 

type UpdateDeviceFlowSettingsInput struct {
	Enabled         bool   `json:"enabled,omitempty"`
	CodeExpiry      string `json:"codeExpiry,omitempty"`
	UserCodeLength  int    `json:"userCodeLength,omitempty"`
	UserCodeFormat  string `json:"userCodeFormat,omitempty"`
	PollingInterval int    `json:"pollingInterval,omitempty"`
	VerificationURI string `json:"verificationUri,omitempty"`
	MaxPollAttempts int    `json:"maxPollAttempts,omitempty"`
	CleanupInterval string `json:"cleanupInterval,omitempty"`
}

UpdateDeviceFlowSettingsInput is the input for updating device flow settings.

type UpdateDeviceFlowSettingsOutput 

type UpdateDeviceFlowSettingsOutput struct {
	Success bool `json:"success"`
}

UpdateDeviceFlowSettingsOutput is the output for updating device flow settings.

type UpdateTokenSettingsInput 

type UpdateTokenSettingsInput struct {
	AccessTokenExpiry  string `json:"accessTokenExpiry,omitempty"`
	IDTokenExpiry      string `json:"idTokenExpiry,omitempty"`
	RefreshTokenExpiry string `json:"refreshTokenExpiry,omitempty"`
}

UpdateTokenSettingsInput is the input for updating token settings.

type UpdateTokenSettingsOutput 

type UpdateTokenSettingsOutput struct {
	Success bool `json:"success"`
}

UpdateTokenSettingsOutput is the output for updating token settings.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.