mystiq/dex
Archived
4
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity

schema: add public clients to schema

Browse source 
and update docs
This commit is contained in:
Bobby Rullo 2016-06-16 10:50:13 -07:00
parent 61d3e5659e
commit ff933812f5
4 changed files with 33 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
schema/adminschema/README.md
View file

@ -26,11 +26,12 @@ __Version:__ v1
``` ```
{ {
clientName: string // OPTIONAL. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) ., clientName: string // OPTIONAL for normal cliens. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ). REQUIRED for public clients,
clientURI: string // OPTIONAL. URL of the home page of the Client. The value of this field MUST point to a valid Web page. If present, the server SHOULD display this URL to the End-User in a followable fashion. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) ., clientURI: string // OPTIONAL. URL of the home page of the Client. The value of this field MUST point to a valid Web page. If present, the server SHOULD display this URL to the End-User in a followable fashion. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) .,
id: string // The client ID. Ignored in client create requests., id: string // The client ID. Ignored in client create requests.,
isAdmin: boolean, isAdmin: boolean,
logoURI: string // OPTIONAL. URL that references a logo for the Client application. If present, the server SHOULD display this image to the End-User during approval. The value of this field MUST point to a valid image file. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) ., logoURI: string // OPTIONAL. URL that references a logo for the Client application. If present, the server SHOULD display this image to the End-User during approval. The value of this field MUST point to a valid image file. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) .,
public: boolean // OPTIONAL. Determines if the client is public. Public clients have certain restrictions: They cannot use their credentials to obtain a client JWT. Their redirects URLs cannot be specified: they are always http://localhost:$PORT or urn:ietf:wg:oauth:2.0:oob,
redirectURIs: [ redirectURIs: [
string string
], ],

30
schema/adminschema/v1-gen.go
View file

@ -110,10 +110,11 @@ type Admin struct {
} }
type Client struct { type Client struct {
// ClientName: OPTIONAL. Name of the Client to be presented to the // ClientName: OPTIONAL for normal cliens. Name of the Client to be
// End-User. If desired, representation of this Claim in different // presented to the End-User. If desired, representation of this Claim
// languages and scripts is represented as described in Section 2.1 ( // in different languages and scripts is represented as described in
// Metadata Languages and Scripts ) . // Section 2.1 ( Metadata Languages and Scripts ). REQUIRED for public
// clients
ClientName string `json:"clientName,omitempty"` ClientName string `json:"clientName,omitempty"`
// ClientURI: OPTIONAL. URL of the home page of the Client. The value of // ClientURI: OPTIONAL. URL of the home page of the Client. The value of
@ -137,13 +138,20 @@ type Client struct {
// Section 2.1 ( Metadata Languages and Scripts ) . // Section 2.1 ( Metadata Languages and Scripts ) .
LogoURI string `json:"logoURI,omitempty"` LogoURI string `json:"logoURI,omitempty"`
// RedirectURIs: REQUIRED. Array of Redirection URI values used by the // Public: OPTIONAL. Determines if the client is public. Public clients
// Client. One of these registered Redirection URI values MUST exactly // have certain restrictions: They cannot use their credentials to
// match the redirect_uri parameter value used in each Authorization // obtain a client JWT. Their redirects URLs cannot be specified: they
// Request, with the matching performed as described in Section 6.2.1 of // are always http://localhost:$PORT or urn:ietf:wg:oauth:2.0:oob
// [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, Public bool `json:"public,omitempty"`
// “Uniform Resource Identifier (URI): Generic Syntax,” January
// 2005. ) (Simple String Comparison). // RedirectURIs: REQUIRED for normal clients. Array of Redirection URI
// values used by the Client. One of these registered Redirection URI
// values MUST exactly match the redirect_uri parameter value used in
// each Authorization Request, with the matching performed as described
// in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L.
// Masinter, “Uniform Resource Identifier (URI): Generic Syntax,”
// January 2005. ) (Simple String Comparison). DISALLOWED for public
// clients.
RedirectURIs []string `json:"redirectURIs,omitempty"` RedirectURIs []string `json:"redirectURIs,omitempty"`
// Secret: The client secret. Ignored in client create requests. // Secret: The client secret. Ignored in client create requests.

8
schema/adminschema/v1-json.go
View file

@ -72,11 +72,11 @@ const DiscoveryJSON = `{
"items": { "items": {
"type": "string" "type": "string"
}, },
"description": "REQUIRED. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005. ) (Simple String Comparison)." "description": "REQUIRED for normal clients. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005. ) (Simple String Comparison). DISALLOWED for public clients."
}, },
"clientName": { "clientName": {
"type": "string", "type": "string",
"description": "OPTIONAL. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) ." "description": "OPTIONAL for normal cliens. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ). REQUIRED for public clients"
}, },
"logoURI": { "logoURI": {
"type": "string", "type": "string",
@ -92,6 +92,10 @@ const DiscoveryJSON = `{
"type": "string" "type": "string"
}, },
"description": "Array of ClientIDs of clients that are allowed to mint ID tokens for the client being created." "description": "Array of ClientIDs of clients that are allowed to mint ID tokens for the client being created."
},
"public": {
"type": "boolean",
"description": "OPTIONAL. Determines if the client is public. Public clients have certain restrictions: They cannot use their credentials to obtain a client JWT. Their redirects URLs cannot be specified: they are always http://localhost:$PORT or urn:ietf:wg:oauth:2.0:oob"
} }
} }
}, },

8
schema/adminschema/v1.json
View file

@ -65,11 +65,11 @@
"items": { "items": {
"type": "string" "type": "string"
}, },
"description": "REQUIRED. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005. ) (Simple String Comparison)." "description": "REQUIRED for normal clients. Array of Redirection URI values used by the Client. One of these registered Redirection URI values MUST exactly match the redirect_uri parameter value used in each Authorization Request, with the matching performed as described in Section 6.2.1 of [RFC3986] ( Berners-Lee, T., Fielding, R., and L. Masinter, “Uniform Resource Identifier (URI): Generic Syntax,” January 2005. ) (Simple String Comparison). DISALLOWED for public clients."
}, },
"clientName": { "clientName": {
"type": "string", "type": "string",
"description": "OPTIONAL. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ) ." "description": "OPTIONAL for normal cliens. Name of the Client to be presented to the End-User. If desired, representation of this Claim in different languages and scripts is represented as described in Section 2.1 ( Metadata Languages and Scripts ). REQUIRED for public clients"
}, },
"logoURI": { "logoURI": {
"type": "string", "type": "string",
@ -85,6 +85,10 @@
"type": "string" "type": "string"
}, },
"description": "Array of ClientIDs of clients that are allowed to mint ID tokens for the client being created." "description": "Array of ClientIDs of clients that are allowed to mint ID tokens for the client being created."
},
"public": {
"type": "boolean",
"description": "OPTIONAL. Determines if the client is public. Public clients have certain restrictions: They cannot use their credentials to obtain a client JWT. Their redirects URLs cannot be specified: they are always http://localhost:$PORT or urn:ietf:wg:oauth:2.0:oob."
} }
} }
}, },