Iddawc
Handle the flow of OAuth2 and OpenID Connect authentication process from the client side.
Macros | Enumerations
Constants and properties

Macros

#define I_OK   0
 Success. More...
 
#define I_ERROR   1
 Error. More...
 
#define I_ERROR_PARAM   2
 Error in parameters. More...
 
#define I_ERROR_MEMORY   3
 Memory error. More...
 
#define I_ERROR_UNAUTHORIZED   4
 Request unauthorized. More...
 
#define I_ERROR_SERVER   5
 Server error. More...
 
#define I_RESPONSE_TYPE_NONE   0x00000000
 No response type. More...
 
#define I_RESPONSE_TYPE_CODE   0x00000001
 Response type code. More...
 
#define I_RESPONSE_TYPE_TOKEN   0x00000010
 Response type token. More...
 
#define I_RESPONSE_TYPE_ID_TOKEN   0x00000100
 Response type id_token. More...
 
#define I_RESPONSE_TYPE_PASSWORD   0x00001000
 Grant type password. More...
 
#define I_RESPONSE_TYPE_CLIENT_CREDENTIALS   0x00010000
 Grant type client_credentials. More...
 
#define I_RESPONSE_TYPE_REFRESH_TOKEN   0x00100000
 Grant type refresh_token. More...
 
#define I_RESPONSE_TYPE_DEVICE_CODE   0x01000000
 Grant type urn:ietf:params:oauth:grant-type:device_code. More...
 
#define I_AUTH_METHOD_GET   0x00000001
 auth endpoint using GET method More...
 
#define I_AUTH_METHOD_POST   0x00000010
 auth endpoint using POST method More...
 
#define I_AUTH_METHOD_JWT_SIGN_SECRET   0x00000100
 auth endpoint using a JWT signed with the client secret More...
 
#define I_AUTH_METHOD_JWT_SIGN_PRIVKEY   0x00001000
 auth endpoint using a JWT signed with the client private key More...
 
#define I_AUTH_METHOD_JWT_ENCRYPT_SECRET   0x00010000
 auth endpoint using a JWT encrypted with the client secret More...
 
#define I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY   0x00100000
 auth endpoint using a JWT encrypted with the server public key More...
 
#define I_TOKEN_AUTH_METHOD_NONE   0x00000000
 token endpoint using no authentication More...
 
#define I_TOKEN_AUTH_METHOD_SECRET_BASIC   0x00000001
 token endpoint using HTTP basic auth with client_id and client password More...
 
#define I_TOKEN_AUTH_METHOD_SECRET_POST   0x00000010
 token endpoint using secret send in POST parameters More...
 
#define I_TOKEN_AUTH_METHOD_TLS_CERTIFICATE   0x00000100
 token endpoint using TLS Certificate authentication More...
 
#define I_TOKEN_AUTH_METHOD_JWT_SIGN_SECRET   0x00001000
 token endpoint using a JWT signed with the client secret More...
 
#define I_TOKEN_AUTH_METHOD_JWT_SIGN_PRIVKEY   0x00010000
 token endpoint using a JWT signed with the client private key More...
 
#define I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_SECRET   0x00100000
 token endpoint using a JWT encrypted with the client secret More...
 
#define I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_PUBKEY   0x01000000
 token endpoint using a JWT signed with the client private key and encrypted with the server public key or the client secret More...
 
#define I_STRICT_NO   0
 Do not stricly conform to openid config result. More...
 
#define I_STRICT_YES   1
 Stricly conform to openid config result. More...
 
#define I_AUTH_SIGN_ALG_MAX_LENGTH   8
 Max length of a sign algorithm name. More...
 
#define I_BEARER_TYPE_HEADER   0
 Bearer type header, the token will be available in the header. More...
 
#define I_BEARER_TYPE_BODY   1
 Bearer type body, the token will be available as a body url-encoded parameter. More...
 
#define I_BEARER_TYPE_URL   2
 Bearer type url, the token will be available as a url query parameter. More...
 
#define I_INTROSPECT_REVOKE_AUTH_NONE   0
 Introspection/Revocation - no authentication. More...
 
#define I_INTROSPECT_REVOKE_AUTH_ACCESS_TOKEN   1
 Introspection/Revocation - authentication using access token. More...
 
#define I_INTROSPECT_REVOKE_AUTH_CLIENT_TARGET   2
 Introspection/Revocation - authentication with client credentials. More...
 
#define I_TOKEN_TYPE_ACCESS_TOKEN   0
 
#define I_TOKEN_TYPE_ID_TOKEN   1
 
#define I_TOKEN_TYPE_USERINFO   2
 
#define I_TOKEN_TYPE_INTROSPECTION   3
 
#define I_HEADER_PREFIX_BEARER   "Bearer "
 
#define I_HEADER_AUTHORIZATION   "Authorization"
 
#define I_CONTENT_TYPE_JWKS   "application/jwk-set+json"
 
#define I_BODY_URL_PARAMETER   "access_token"
 
#define I_HEADER_DPOP   "DPoP"
 
#define I_REMOTE_VERIFY_NONE   0x0000
 No TLS Verification. More...
 
#define I_REMOTE_HOST_VERIFY_PEER   0x0001
 Verify TLS session with peers. More...
 
#define I_REMOTE_HOST_VERIFY_HOSTNAME   0x0010
 Verify TLS session with hostname. More...
 
#define I_REMOTE_PROXY_VERIFY_PEER   0x0100
 Verify TLS session with peers. More...
 
#define I_REMOTE_PROXY_VERIFY_HOSTNAME   0x1000
 Verify TLS session with hostname. More...
 
#define I_PKCE_NONE   0
 No PKCE. More...
 
#define I_PKCE_METHOD_PLAIN   1
 PKCE using method plain. More...
 
#define I_PKCE_METHOD_S256   2
 PKCE using method SHA256. More...
 
#define I_CLAIM_TARGET_ALL   0
 Add claim to userinfo and id_token. More...
 
#define I_CLAIM_TARGET_USERINFO   1
 Add claim to userinfo. More...
 
#define I_CLAIM_TARGET_ID_TOKEN   2
 Add claim to id_token. More...
 
#define I_CLAIM_ESSENTIAL_NULL   0
 Set claim value to null. More...
 
#define I_CLAIM_ESSENTIAL_TRUE   1
 Set claim essential value to true. More...
 
#define I_CLAIM_ESSENTIAL_FALSE   2
 Set claim essential value to false. More...
 
#define I_CLAIM_ESSENTIAL_IGNORE   3
 

Enumerations

enum  i_option {
  I_OPT_NONE = 0 , I_OPT_RESPONSE_TYPE = 1 , I_OPT_SCOPE = 2 , I_OPT_SCOPE_APPEND = 3 ,
  I_OPT_STATE = 4 , I_OPT_NONCE = 5 , I_OPT_REDIRECT_URI = 6 , I_OPT_REDIRECT_TO = 7 ,
  I_OPT_CLIENT_ID = 8 , I_OPT_CLIENT_SECRET = 9 , I_OPT_ADDITIONAL_PARAMETER = 10 , I_OPT_ADDITIONAL_RESPONSE = 11 ,
  I_OPT_AUTH_ENDPOINT = 12 , I_OPT_TOKEN_ENDPOINT = 13 , I_OPT_OPENID_CONFIG_ENDPOINT = 14 , I_OPT_OPENID_CONFIG = 15 ,
  I_OPT_OPENID_CONFIG_STRICT = 16 , I_OPT_USERINFO_ENDPOINT = 17 , I_OPT_RESULT = 18 , I_OPT_ERROR = 19 ,
  I_OPT_ERROR_DESCRIPTION = 20 , I_OPT_ERROR_URI = 21 , I_OPT_CODE = 22 , I_OPT_REFRESH_TOKEN = 23 ,
  I_OPT_ACCESS_TOKEN = 24 , I_OPT_ID_TOKEN = 25 , I_OPT_AUTH_METHOD = 28 , I_OPT_TOKEN_METHOD = 29 ,
  I_OPT_TOKEN_TYPE = 30 , I_OPT_EXPIRES_IN = 31 , I_OPT_EXPIRES_AT = 32 , I_OPT_USERNAME = 33 ,
  I_OPT_USER_PASSWORD = 34 , I_OPT_ISSUER = 35 , I_OPT_USERINFO = 36 , I_OPT_NONCE_GENERATE = 37 ,
  I_OPT_STATE_GENERATE = 38 , I_OPT_X5U_FLAGS = 39 , I_OPT_SERVER_KID = 40 , I_OPT_SERVER_ENC_ALG = 41 ,
  I_OPT_SERVER_ENC = 42 , I_OPT_CLIENT_KID = 43 , I_OPT_CLIENT_SIGN_ALG = 44 , I_OPT_CLIENT_ENC_ALG = 45 ,
  I_OPT_CLIENT_ENC = 46 , I_OPT_TOKEN_JTI = 47 , I_OPT_TOKEN_JTI_GENERATE = 48 , I_OPT_TOKEN_EXP = 49 ,
  I_OPT_TOKEN_TARGET = 50 , I_OPT_TOKEN_TARGET_TYPE_HINT = 51 , I_OPT_REVOCATION_ENDPOINT = 52 , I_OPT_INTROSPECTION_ENDPOINT = 53 ,
  I_OPT_REGISTRATION_ENDPOINT = 54 , I_OPT_DEVICE_AUTHORIZATION_ENDPOINT = 55 , I_OPT_DEVICE_AUTH_CODE = 56 , I_OPT_DEVICE_AUTH_USER_CODE = 57 ,
  I_OPT_DEVICE_AUTH_VERIFICATION_URI = 58 , I_OPT_DEVICE_AUTH_VERIFICATION_URI_COMPLETE = 59 , I_OPT_DEVICE_AUTH_EXPIRES_IN = 60 , I_OPT_DEVICE_AUTH_INTERVAL = 61 ,
  I_OPT_END_SESSION_ENDPOINT = 62 , I_OPT_CHECK_SESSION_IRAME = 63 , I_OPT_PUSHED_AUTH_REQ_ENDPOINT = 64 , I_OPT_PUSHED_AUTH_REQ_REQUIRED = 65 ,
  I_OPT_PUSHED_AUTH_REQ_EXPIRES_IN = 66 , I_OPT_PUSHED_AUTH_REQ_URI = 67 , I_OPT_USE_DPOP = 68 , I_OPT_DPOP_KID = 69 ,
  I_OPT_DECRYPT_CODE = 70 , I_OPT_DECRYPT_REFRESH_TOKEN = 71 , I_OPT_DECRYPT_ACCESS_TOKEN = 72 , I_OPT_DPOP_SIGN_ALG = 73 ,
  I_OPT_TLS_KEY_FILE = 74 , I_OPT_TLS_CERT_FILE = 75 , I_OPT_REMOTE_CERT_FLAG = 76 , I_OPT_PKCE_CODE_VERIFIER = 77 ,
  I_OPT_PKCE_CODE_VERIFIER_GENERATE = 78 , I_OPT_PKCE_METHOD = 79 , I_OPT_RESOURCE_INDICATOR = 80
}
 

Detailed Description

Iddawc OAuth2 client library

iddawc.h: structures and functions declarations

Copyright 2019-2020 Nicolas Mora mail@.nosp@m.babe.nosp@m.loues.nosp@m.t.or.nosp@m.g

This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; version 2.1 of the License.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU GENERAL PUBLIC LICENSE for more details.

You should have received a copy of the GNU General Public License along with this library. If not, see http://www.gnu.org/licenses/.

Constant values used as input or output

Macro Definition Documentation

◆ I_OK

#define I_OK   0

Success.

◆ I_ERROR

#define I_ERROR   1

Error.

◆ I_ERROR_PARAM

#define I_ERROR_PARAM   2

Error in parameters.

◆ I_ERROR_MEMORY

#define I_ERROR_MEMORY   3

Memory error.

◆ I_ERROR_UNAUTHORIZED

#define I_ERROR_UNAUTHORIZED   4

Request unauthorized.

◆ I_ERROR_SERVER

#define I_ERROR_SERVER   5

Server error.

◆ I_RESPONSE_TYPE_NONE

#define I_RESPONSE_TYPE_NONE   0x00000000

No response type.

◆ I_RESPONSE_TYPE_CODE

#define I_RESPONSE_TYPE_CODE   0x00000001

Response type code.

◆ I_RESPONSE_TYPE_TOKEN

#define I_RESPONSE_TYPE_TOKEN   0x00000010

Response type token.

◆ I_RESPONSE_TYPE_ID_TOKEN

#define I_RESPONSE_TYPE_ID_TOKEN   0x00000100

Response type id_token.

◆ I_RESPONSE_TYPE_PASSWORD

#define I_RESPONSE_TYPE_PASSWORD   0x00001000

Grant type password.

◆ I_RESPONSE_TYPE_CLIENT_CREDENTIALS

#define I_RESPONSE_TYPE_CLIENT_CREDENTIALS   0x00010000

Grant type client_credentials.

◆ I_RESPONSE_TYPE_REFRESH_TOKEN

#define I_RESPONSE_TYPE_REFRESH_TOKEN   0x00100000

Grant type refresh_token.

◆ I_RESPONSE_TYPE_DEVICE_CODE

#define I_RESPONSE_TYPE_DEVICE_CODE   0x01000000

Grant type urn:ietf:params:oauth:grant-type:device_code.

◆ I_AUTH_METHOD_GET

#define I_AUTH_METHOD_GET   0x00000001

auth endpoint using GET method

◆ I_AUTH_METHOD_POST

#define I_AUTH_METHOD_POST   0x00000010

auth endpoint using POST method

◆ I_AUTH_METHOD_JWT_SIGN_SECRET

#define I_AUTH_METHOD_JWT_SIGN_SECRET   0x00000100

auth endpoint using a JWT signed with the client secret

◆ I_AUTH_METHOD_JWT_SIGN_PRIVKEY

#define I_AUTH_METHOD_JWT_SIGN_PRIVKEY   0x00001000

auth endpoint using a JWT signed with the client private key

◆ I_AUTH_METHOD_JWT_ENCRYPT_SECRET

#define I_AUTH_METHOD_JWT_ENCRYPT_SECRET   0x00010000

auth endpoint using a JWT encrypted with the client secret

◆ I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY

#define I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY   0x00100000

auth endpoint using a JWT encrypted with the server public key

◆ I_TOKEN_AUTH_METHOD_NONE

#define I_TOKEN_AUTH_METHOD_NONE   0x00000000

token endpoint using no authentication

◆ I_TOKEN_AUTH_METHOD_SECRET_BASIC

#define I_TOKEN_AUTH_METHOD_SECRET_BASIC   0x00000001

token endpoint using HTTP basic auth with client_id and client password

◆ I_TOKEN_AUTH_METHOD_SECRET_POST

#define I_TOKEN_AUTH_METHOD_SECRET_POST   0x00000010

token endpoint using secret send in POST parameters

◆ I_TOKEN_AUTH_METHOD_TLS_CERTIFICATE

#define I_TOKEN_AUTH_METHOD_TLS_CERTIFICATE   0x00000100

token endpoint using TLS Certificate authentication

◆ I_TOKEN_AUTH_METHOD_JWT_SIGN_SECRET

#define I_TOKEN_AUTH_METHOD_JWT_SIGN_SECRET   0x00001000

token endpoint using a JWT signed with the client secret

◆ I_TOKEN_AUTH_METHOD_JWT_SIGN_PRIVKEY

#define I_TOKEN_AUTH_METHOD_JWT_SIGN_PRIVKEY   0x00010000

token endpoint using a JWT signed with the client private key

◆ I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_SECRET

#define I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_SECRET   0x00100000

token endpoint using a JWT encrypted with the client secret

◆ I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_PUBKEY

#define I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_PUBKEY   0x01000000

token endpoint using a JWT signed with the client private key and encrypted with the server public key or the client secret

◆ I_STRICT_NO

#define I_STRICT_NO   0

Do not stricly conform to openid config result.

◆ I_STRICT_YES

#define I_STRICT_YES   1

Stricly conform to openid config result.

◆ I_AUTH_SIGN_ALG_MAX_LENGTH

#define I_AUTH_SIGN_ALG_MAX_LENGTH   8

Max length of a sign algorithm name.

◆ I_BEARER_TYPE_HEADER

#define I_BEARER_TYPE_HEADER   0

Bearer type header, the token will be available in the header.

◆ I_BEARER_TYPE_BODY

#define I_BEARER_TYPE_BODY   1

Bearer type body, the token will be available as a body url-encoded parameter.

◆ I_BEARER_TYPE_URL

#define I_BEARER_TYPE_URL   2

Bearer type url, the token will be available as a url query parameter.

◆ I_INTROSPECT_REVOKE_AUTH_NONE

#define I_INTROSPECT_REVOKE_AUTH_NONE   0

Introspection/Revocation - no authentication.

◆ I_INTROSPECT_REVOKE_AUTH_ACCESS_TOKEN

#define I_INTROSPECT_REVOKE_AUTH_ACCESS_TOKEN   1

Introspection/Revocation - authentication using access token.

◆ I_INTROSPECT_REVOKE_AUTH_CLIENT_TARGET

#define I_INTROSPECT_REVOKE_AUTH_CLIENT_TARGET   2

Introspection/Revocation - authentication with client credentials.

◆ I_TOKEN_TYPE_ACCESS_TOKEN

#define I_TOKEN_TYPE_ACCESS_TOKEN   0

◆ I_TOKEN_TYPE_ID_TOKEN

#define I_TOKEN_TYPE_ID_TOKEN   1

◆ I_TOKEN_TYPE_USERINFO

#define I_TOKEN_TYPE_USERINFO   2

◆ I_TOKEN_TYPE_INTROSPECTION

#define I_TOKEN_TYPE_INTROSPECTION   3

◆ I_HEADER_PREFIX_BEARER

#define I_HEADER_PREFIX_BEARER   "Bearer "

◆ I_HEADER_AUTHORIZATION

#define I_HEADER_AUTHORIZATION   "Authorization"

◆ I_CONTENT_TYPE_JWKS

#define I_CONTENT_TYPE_JWKS   "application/jwk-set+json"

◆ I_BODY_URL_PARAMETER

#define I_BODY_URL_PARAMETER   "access_token"

◆ I_HEADER_DPOP

#define I_HEADER_DPOP   "DPoP"

◆ I_REMOTE_VERIFY_NONE

#define I_REMOTE_VERIFY_NONE   0x0000

No TLS Verification.

◆ I_REMOTE_HOST_VERIFY_PEER

#define I_REMOTE_HOST_VERIFY_PEER   0x0001

Verify TLS session with peers.

◆ I_REMOTE_HOST_VERIFY_HOSTNAME

#define I_REMOTE_HOST_VERIFY_HOSTNAME   0x0010

Verify TLS session with hostname.

◆ I_REMOTE_PROXY_VERIFY_PEER

#define I_REMOTE_PROXY_VERIFY_PEER   0x0100

Verify TLS session with peers.

◆ I_REMOTE_PROXY_VERIFY_HOSTNAME

#define I_REMOTE_PROXY_VERIFY_HOSTNAME   0x1000

Verify TLS session with hostname.

◆ I_PKCE_NONE

#define I_PKCE_NONE   0

No PKCE.

◆ I_PKCE_METHOD_PLAIN

#define I_PKCE_METHOD_PLAIN   1

PKCE using method plain.

◆ I_PKCE_METHOD_S256

#define I_PKCE_METHOD_S256   2

PKCE using method SHA256.

◆ I_CLAIM_TARGET_ALL

#define I_CLAIM_TARGET_ALL   0

Add claim to userinfo and id_token.

◆ I_CLAIM_TARGET_USERINFO

#define I_CLAIM_TARGET_USERINFO   1

Add claim to userinfo.

◆ I_CLAIM_TARGET_ID_TOKEN

#define I_CLAIM_TARGET_ID_TOKEN   2

Add claim to id_token.

◆ I_CLAIM_ESSENTIAL_NULL

#define I_CLAIM_ESSENTIAL_NULL   0

Set claim value to null.

◆ I_CLAIM_ESSENTIAL_TRUE

#define I_CLAIM_ESSENTIAL_TRUE   1

Set claim essential value to true.

◆ I_CLAIM_ESSENTIAL_FALSE

#define I_CLAIM_ESSENTIAL_FALSE   2

Set claim essential value to false.

◆ I_CLAIM_ESSENTIAL_IGNORE

#define I_CLAIM_ESSENTIAL_IGNORE   3

Enumeration Type Documentation

◆ i_option

enum i_option

Options available to set or get properties using i_set_int_parameter, i_set_str_parameter, i_get_int_parameter, i_get_str_parameter or i_set_parameter_list

Enumerator
I_OPT_NONE 

Empty option to complete a i_set_parameter_list.

I_OPT_RESPONSE_TYPE 

response_type, values available are I_RESPONSE_TYPE_CODE, I_RESPONSE_TYPE_TOKEN, I_RESPONSE_TYPE_ID_TOKEN, I_RESPONSE_TYPE_PASSWORD, I_RESPONSE_TYPE_CLIENT_CREDENTIALS and I_RESPONSE_TYPE_REFRESH_TOKEN

I_OPT_SCOPE 

scope values, string, multiple scopes must be separated by a space character: "scope1 openid"

I_OPT_SCOPE_APPEND 

append another scope value to the scope list, string

I_OPT_STATE 

state value, string

I_OPT_NONCE 

nonce value, string

I_OPT_REDIRECT_URI 

redirect_uri, string

I_OPT_REDIRECT_TO 

url where the oauth2 is redirected to after a /auth request

I_OPT_CLIENT_ID 

client_id, string

I_OPT_CLIENT_SECRET 

client secret, string

I_OPT_ADDITIONAL_PARAMETER 

use this option to pass any additional parameter value in the /auth request

I_OPT_ADDITIONAL_RESPONSE 
I_OPT_AUTH_ENDPOINT 

absolute url for the auth endpoint, string

I_OPT_TOKEN_ENDPOINT 

absolute url for the token endpoint, string

I_OPT_OPENID_CONFIG_ENDPOINT 

absolute url for the .well-known/openid-configuration endpoint, string

I_OPT_OPENID_CONFIG 

result of the .well-known/openid-configuration

I_OPT_OPENID_CONFIG_STRICT 

must the .well-known/openid-configuration parameters be strictly

I_OPT_USERINFO_ENDPOINT 

absolute url for the userinfo endpoint or equivalent, string

I_OPT_RESULT 

result of a request

I_OPT_ERROR 

error value of a failed request, string

I_OPT_ERROR_DESCRIPTION 

error description of a failed request, string

I_OPT_ERROR_URI 

error uri of a failed request, string

I_OPT_CODE 

code given after a succesfull auth request using the response_type I_RESPONSE_TYPE_CODE

I_OPT_REFRESH_TOKEN 

refresh token given after a succesfull token request using the proper response_type

I_OPT_ACCESS_TOKEN 

access token given after a succesfull auth or token request using the proper response_type

I_OPT_ID_TOKEN 

id_token given after a succesfull auth or token request using the proper response_type

I_OPT_AUTH_METHOD 

Authentication method to use with the auth endpoint, values available are I_AUTH_METHOD_GET, I_AUTH_METHOD_POST, I_AUTH_METHOD_JWT_SIGN_SECRET, I_AUTH_METHOD_JWT_SIGN_PRIVKEY, I_AUTH_METHOD_JWT_ENCRYPT_SECRET or I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY, values I_AUTH_METHOD_JWT_SIGN_SECRET, I_AUTH_METHOD_JWT_SIGN_PRIVKEY, I_AUTH_METHOD_JWT_ENCRYPT_SECRET or I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY can be combined with I_AUTH_METHOD_GET or I_AUTH_METHOD_POST.

I_OPT_TOKEN_METHOD 

Authentication method to use with the token endpoint, values available are I_TOKEN_AUTH_METHOD_SECRET_BASIC, I_TOKEN_AUTH_METHOD_SECRET_POST, I_TOKEN_AUTH_METHOD_SECRET_JWT, I_TOKEN_AUTH_METHOD_PRIVATE_JWT, I_TOKEN_AUTH_METHOD_NONE.

I_OPT_TOKEN_TYPE 

token_type value after a succesfull auth or token request, string

I_OPT_EXPIRES_IN 

expires_in value after a succesfull auth or token request, integer

I_OPT_EXPIRES_AT 

expires_at value after a succesfull auth or token request, time_t

I_OPT_USERNAME 

username for password response_types, string

I_OPT_USER_PASSWORD 

password for password response_types, string

I_OPT_ISSUER 

issuer value, string

I_OPT_USERINFO 

userinfo result, string

I_OPT_NONCE_GENERATE 

Generate a random nonce value.

I_OPT_STATE_GENERATE 

Generate a random state value.

I_OPT_X5U_FLAGS 

x5u flage to apply when JWK used have a x5u property, values available are R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid, R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary, R_FLAG_IGNORE_REMOTE: do not download remote key

I_OPT_SERVER_KID 

key id to use if multiple jwk are available on the server, string

I_OPT_SERVER_ENC_ALG 

key id to use if multiple jwk are available on the server, string

I_OPT_SERVER_ENC 

key id to use if multiple jwk are available on the server, string

I_OPT_CLIENT_KID 

key id to use if multiple jwk are available on the client, string

I_OPT_CLIENT_SIGN_ALG 

signature algorithm to use when the client signs a request in a JWT, values available are 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512', 'EDDSA'

I_OPT_CLIENT_ENC_ALG 

key encryption algorithm to use when the client encrypts a request in a JWT, values available are 'RSA1_5', 'RSA-OAEP', 'RSA-OAEP-256', 'A128KW', 'A192KW', 'A256KW', 'DIR', 'ECDH-ES', 'ECDH-ES+A128KW', 'ECDH-ES+A192KW', 'ECDH-ES+A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'PBES2-HS256+A128KW', 'PBES2-HS384+A192KW or 'PBES2-HS512+A256KW', warning: some algorithm may be unavailable depending on Rhonabwy version used

I_OPT_CLIENT_ENC 

data encryption algorithm to use when the client encrypts a request in a JWT, values available are 'A128CBC-HS256,' 'A192CBC-HS384,' 'A256CBC-HS512,' 'A128GCM,' 'A192GCM,' 'A256GCM,' warning: some algorithm may be unavailable depending on Rhonabwy version used

I_OPT_TOKEN_JTI 

jti value, string

I_OPT_TOKEN_JTI_GENERATE 

Generate a random jti value.

I_OPT_TOKEN_EXP 

JWT token request expiration time in seconds.

I_OPT_TOKEN_TARGET 

access_token which is the target of a revocation or an introspection, string

I_OPT_TOKEN_TARGET_TYPE_HINT 

access_token which is the target of a revocation or an introspection, string

I_OPT_REVOCATION_ENDPOINT 

absolute url for the revocation endpoint, string

I_OPT_INTROSPECTION_ENDPOINT 

absolute url for the introspection endpoint, string

I_OPT_REGISTRATION_ENDPOINT 

absolute url for the client registration endpoint, string

I_OPT_DEVICE_AUTHORIZATION_ENDPOINT 

absolute url for the pushed authorization endpoint, string

I_OPT_DEVICE_AUTH_CODE 

device authorization code sent by the AS

I_OPT_DEVICE_AUTH_USER_CODE 

device authorization user code sent by the AS

I_OPT_DEVICE_AUTH_VERIFICATION_URI 

device authorization verification URI sent by the AS

I_OPT_DEVICE_AUTH_VERIFICATION_URI_COMPLETE 

device authorization verification URI complete sent by the AS

I_OPT_DEVICE_AUTH_EXPIRES_IN 

device authorization code expiration sent by the AS

I_OPT_DEVICE_AUTH_INTERVAL 

device authorization code verification interval sent by the AS

I_OPT_END_SESSION_ENDPOINT 

absolute url for the end session endpoint, string

I_OPT_CHECK_SESSION_IRAME 

absolute url for the check session iframe, string

I_OPT_PUSHED_AUTH_REQ_ENDPOINT 

absolute url for the pushed authoization endpoint, string

I_OPT_PUSHED_AUTH_REQ_REQUIRED 

are pushed authorization requests required, boolean

I_OPT_PUSHED_AUTH_REQ_EXPIRES_IN 

pushed authorization request expiration time in seconds

I_OPT_PUSHED_AUTH_REQ_URI 

request_uri sent by the par endpoint result, string

I_OPT_USE_DPOP 

Generate and use a DPoP when accessing endpoints userinfo, introspection and revocation.

I_OPT_DPOP_KID 

key id to use when signing a DPoP

I_OPT_DECRYPT_CODE 

Decrypt code when received by the AS as a JWE.

I_OPT_DECRYPT_REFRESH_TOKEN 

Decrypt refresh token when received by the AS as a JWE.

I_OPT_DECRYPT_ACCESS_TOKEN 

Decrypt access token when received by the AS as a JWE.

I_OPT_DPOP_SIGN_ALG 

signature algorithm to use when the client signs a DPoP, values available are 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512', 'EDDSA'

I_OPT_TLS_KEY_FILE 

Path to the private key PEM file to use in a TLS authentication.

I_OPT_TLS_CERT_FILE 

Path to the certificate PEM file to use in a TLS authentication.

I_OPT_REMOTE_CERT_FLAG 

Flags to use with remote connexions to ignore incorrect certificates, flags available are I_REMOTE_HOST_VERIFY_PEER, I_REMOTE_HOST_VERIFY_HOSTNAME, I_REMOTE_PROXY_VERIFY_PEER, I_REMOTE_PROXY_VERIFY_HOSTNAME, I_REMOTE_VERIFY_NONE, default is I_REMOTE_HOST_VERIFY_PEER|I_REMOTE_HOST_VERIFY_HOSTNAME|I_REMOTE_PROXY_VERIFY_PEER|I_REMOTE_PROXY_VERIFY_HOSTNAME.

I_OPT_PKCE_CODE_VERIFIER 

PKCE code verifier, must be a string of 43 characters minumum only using the characters [A-Z] / [a-z] / [0-9] / "-" / "." / "_" / "~".

I_OPT_PKCE_CODE_VERIFIER_GENERATE 

Generate a random PKCE code verifier.

I_OPT_PKCE_METHOD 

PKCE method to use, values available are I_PKCE_NONE (no PKCE, default), I_PKCE_METHOD_PLAIN or I_PKCE_METHOD_S256.

I_OPT_RESOURCE_INDICATOR 

Resource indicator as detailed in the RFC 8707.