diff options
Diffstat (limited to 'src/reclaim/oidc_helper.h')
-rw-r--r-- | src/reclaim/oidc_helper.h | 38 |
1 files changed, 28 insertions, 10 deletions
diff --git a/src/reclaim/oidc_helper.h b/src/reclaim/oidc_helper.h index eb1022423..2a8b7bbae 100644 --- a/src/reclaim/oidc_helper.h +++ b/src/reclaim/oidc_helper.h | |||
@@ -38,6 +38,19 @@ | |||
38 | 38 | ||
39 | #define SERVER_ADDRESS "https://api.reclaim" | 39 | #define SERVER_ADDRESS "https://api.reclaim" |
40 | 40 | ||
41 | enum OIDC_VerificationOptions | ||
42 | { | ||
43 | /** | ||
44 | * Strict verification | ||
45 | */ | ||
46 | OIDC_VERIFICATION_DEFAULT = 0, | ||
47 | |||
48 | /** | ||
49 | * Do not check code verifier even if expected | ||
50 | */ | ||
51 | OIDC_VERIFICATION_NO_CODE_VERIFIER = 1 | ||
52 | }; | ||
53 | |||
41 | /** | 54 | /** |
42 | * Create a JWT from attributes | 55 | * Create a JWT from attributes |
43 | * | 56 | * |
@@ -51,12 +64,13 @@ | |||
51 | */ | 64 | */ |
52 | char* | 65 | char* |
53 | OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key, | 66 | OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key, |
54 | const struct GNUNET_IDENTITY_PublicKey *sub_key, | 67 | const struct GNUNET_IDENTITY_PublicKey *sub_key, |
55 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 68 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
56 | const struct GNUNET_RECLAIM_PresentationList *presentations, | 69 | const struct |
57 | const struct GNUNET_TIME_Relative *expiration_time, | 70 | GNUNET_RECLAIM_PresentationList *presentations, |
58 | const char *nonce, | 71 | const struct GNUNET_TIME_Relative *expiration_time, |
59 | const char *secret_key); | 72 | const char *nonce, |
73 | const char *secret_key); | ||
60 | 74 | ||
61 | /** | 75 | /** |
62 | * Builds an OIDC authorization code including | 76 | * Builds an OIDC authorization code including |
@@ -68,13 +82,15 @@ OIDC_generate_id_token (const struct GNUNET_IDENTITY_PublicKey *aud_key, | |||
68 | * @param presentations credential presentation list | 82 | * @param presentations credential presentation list |
69 | * @param nonce the nonce to include in the code | 83 | * @param nonce the nonce to include in the code |
70 | * @param code_challenge PKCE code challenge | 84 | * @param code_challenge PKCE code challenge |
85 | * @param opts verification options | ||
71 | * @return a new authorization code (caller must free) | 86 | * @return a new authorization code (caller must free) |
72 | */ | 87 | */ |
73 | char* | 88 | char* |
74 | OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, | 89 | OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, |
75 | const struct GNUNET_RECLAIM_Ticket *ticket, | 90 | const struct GNUNET_RECLAIM_Ticket *ticket, |
76 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 91 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
77 | const struct GNUNET_RECLAIM_PresentationList *presentations, | 92 | const struct |
93 | GNUNET_RECLAIM_PresentationList *presentations, | ||
78 | const char *nonce, | 94 | const char *nonce, |
79 | const char *code_challenge); | 95 | const char *code_challenge); |
80 | 96 | ||
@@ -99,7 +115,8 @@ OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *ecdsa_pub, | |||
99 | struct GNUNET_RECLAIM_Ticket *ticket, | 115 | struct GNUNET_RECLAIM_Ticket *ticket, |
100 | struct GNUNET_RECLAIM_AttributeList **attrs, | 116 | struct GNUNET_RECLAIM_AttributeList **attrs, |
101 | struct GNUNET_RECLAIM_PresentationList **presentations, | 117 | struct GNUNET_RECLAIM_PresentationList **presentations, |
102 | char **nonce); | 118 | char **nonce, |
119 | enum OIDC_VerificationOptions opts); | ||
103 | 120 | ||
104 | /** | 121 | /** |
105 | * Build a token response for a token request | 122 | * Build a token response for a token request |
@@ -126,7 +143,7 @@ OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket); | |||
126 | * Parse an access token | 143 | * Parse an access token |
127 | */ | 144 | */ |
128 | int | 145 | int |
129 | OIDC_access_token_parse (const char* token, | 146 | OIDC_access_token_parse (const char*token, |
130 | struct GNUNET_RECLAIM_Ticket **ticket); | 147 | struct GNUNET_RECLAIM_Ticket **ticket); |
131 | 148 | ||
132 | 149 | ||
@@ -154,6 +171,7 @@ OIDC_check_scopes_for_claim_request (const char *scopes, | |||
154 | char * | 171 | char * |
155 | OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, | 172 | OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, |
156 | const struct GNUNET_RECLAIM_AttributeList *attrs, | 173 | const struct GNUNET_RECLAIM_AttributeList *attrs, |
157 | const struct GNUNET_RECLAIM_PresentationList *presentations); | 174 | const struct |
175 | GNUNET_RECLAIM_PresentationList *presentations); | ||
158 | 176 | ||
159 | #endif | 177 | #endif |