dex/session/session.go

76 lines
1.8 KiB
Go
Raw Normal View History

2015-08-18 05:57:27 +05:30
package session
import (
"net/url"
"time"
"github.com/coreos/go-oidc/jose"
"github.com/coreos/go-oidc/oidc"
"github.com/coreos/dex/scope"
2015-08-18 05:57:27 +05:30
)
const (
sessionKeyValidityWindow = 10 * time.Minute //RFC6749
// The default token expiration time.
// This is exported, so it can be used to set the expiration
// time in refresh token flow.
DefaultSessionValidityWindow = 12 * time.Hour
)
type SessionState string
const (
SessionStateNew = SessionState("NEW")
SessionStateRemoteAttached = SessionState("REMOTE_ATTACHED")
SessionStateIdentified = SessionState("IDENTIFIED")
SessionStateDead = SessionState("EXCHANGED")
)
type SessionKey struct {
Key string
SessionID string
}
type Session struct {
ConnectorID string
ID string
State SessionState
CreatedAt time.Time
ExpiresAt time.Time
ClientID string
ClientState string
RedirectURL url.URL
Identity oidc.Identity
UserID string
// Regsiter indicates that this session is a registration flow.
Register bool
// Nonce is optionally provided in the initial authorization request, and
// propogated in such cases to the generated claims.
2015-08-18 05:57:27 +05:30
Nonce string
2015-08-29 04:33:51 +05:30
// Scope is the 'scope' field in the authentication request. Example scopes
// are 'openid', 'email', 'offline', etc.
Scope scope.Scopes
2016-07-16 04:30:59 +05:30
// Groups the user belongs to.
Groups []string
2015-08-18 05:57:27 +05:30
}
// Claims returns a new set of Claims for the current session.
// The "sub" of the returned Claims is that of the dex User, not whatever
// remote Identity was used to authenticate.
func (s *Session) Claims(issuerURL string) jose.Claims {
claims := oidc.NewClaims(issuerURL, s.UserID, s.ClientID, s.CreatedAt, s.ExpiresAt)
if s.Nonce != "" {
claims["nonce"] = s.Nonce
}
2016-07-16 04:30:59 +05:30
if s.Scope.HasScope(scope.ScopeGroups) {
claims["groups"] = s.Groups
}
2015-08-18 05:57:27 +05:30
return claims
}