Iddawc
Handle the flow of OAuth2 and OpenID Connect authentication process from the client side.
iddawc.h
Go to the documentation of this file.
1 
24 #ifndef __IDDAWC_H
25 #define __IDDAWC_H
26 
27 #ifdef __cplusplus
28 extern "C"
29 {
30 #endif
31 
32 #include <jansson.h>
33 #include <orcania.h>
34 #include <ulfius.h>
35 #include <rhonabwy.h>
36 #include "iddawc-cfg.h"
37 
44 #define I_OK 0
45 #define I_ERROR 1
46 #define I_ERROR_PARAM 2
47 #define I_ERROR_MEMORY 3
48 #define I_ERROR_UNAUTHORIZED 4
49 #define I_ERROR_SERVER 5
50 
51 #define I_RESPONSE_TYPE_NONE 0x00000000
52 #define I_RESPONSE_TYPE_CODE 0x00000001
53 #define I_RESPONSE_TYPE_TOKEN 0x00000010
54 #define I_RESPONSE_TYPE_ID_TOKEN 0x00000100
55 #define I_RESPONSE_TYPE_PASSWORD 0x00001000
56 #define I_RESPONSE_TYPE_CLIENT_CREDENTIALS 0x00010000
57 #define I_RESPONSE_TYPE_REFRESH_TOKEN 0x00100000
58 #define I_RESPONSE_TYPE_DEVICE_CODE 0x01000000
59 
60 #define I_AUTH_METHOD_GET 0x00000001
61 #define I_AUTH_METHOD_POST 0x00000010
62 #define I_AUTH_METHOD_JWT_SIGN_SECRET 0x00000100
63 #define I_AUTH_METHOD_JWT_SIGN_PRIVKEY 0x00001000
64 #define I_AUTH_METHOD_JWT_ENCRYPT_SECRET 0x00010000
65 #define I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY 0x00100000
66 
67 #define I_TOKEN_AUTH_METHOD_NONE 0x00000000
68 #define I_TOKEN_AUTH_METHOD_SECRET_BASIC 0x00000001
69 #define I_TOKEN_AUTH_METHOD_SECRET_POST 0x00000010
70 #define I_TOKEN_AUTH_METHOD_TLS_CERTIFICATE 0x00000100
71 #define I_TOKEN_AUTH_METHOD_JWT_SIGN_SECRET 0x00001000
72 #define I_TOKEN_AUTH_METHOD_JWT_SIGN_PRIVKEY 0x00010000
73 #define I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_SECRET 0x00100000
74 #define I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_PUBKEY 0x01000000
75 
76 #define I_STRICT_NO 0
77 #define I_STRICT_YES 1
78 
79 #define I_AUTH_SIGN_ALG_MAX_LENGTH 8
80 
81 #define I_BEARER_TYPE_HEADER 0
82 #define I_BEARER_TYPE_BODY 1
83 #define I_BEARER_TYPE_URL 2
84 
85 #define I_INTROSPECT_REVOKE_AUTH_NONE 0
86 #define I_INTROSPECT_REVOKE_AUTH_ACCESS_TOKEN 1
87 #define I_INTROSPECT_REVOKE_AUTH_CLIENT_TARGET 2
88 
89 #define I_TOKEN_TYPE_ACCESS_TOKEN 0
90 #define I_TOKEN_TYPE_ID_TOKEN 1
91 #define I_TOKEN_TYPE_USERINFO 2
92 #define I_TOKEN_TYPE_INTROSPECTION 3
93 
94 #define I_HEADER_PREFIX_BEARER "Bearer "
95 #define I_HEADER_AUTHORIZATION "Authorization"
96 #define I_CONTENT_TYPE_JWKS "application/jwk-set+json"
97 #define I_BODY_URL_PARAMETER "access_token"
98 #define I_HEADER_DPOP "DPoP"
99 
100 #define I_REMOTE_VERIFY_NONE 0x0000
101 #define I_REMOTE_HOST_VERIFY_PEER 0x0001
102 #define I_REMOTE_HOST_VERIFY_HOSTNAME 0x0010
103 #define I_REMOTE_PROXY_VERIFY_PEER 0x0100
104 #define I_REMOTE_PROXY_VERIFY_HOSTNAME 0x1000
105 
106 #define I_PKCE_NONE 0
107 #define I_PKCE_METHOD_PLAIN 1
108 #define I_PKCE_METHOD_S256 2
109 
110 #define I_CLAIM_TARGET_ALL 0
111 #define I_CLAIM_TARGET_USERINFO 1
112 #define I_CLAIM_TARGET_ID_TOKEN 2
113 
114 #define I_CLAIM_ESSENTIAL_NULL 0
115 #define I_CLAIM_ESSENTIAL_TRUE 1
116 #define I_CLAIM_ESSENTIAL_FALSE 2
117 #define I_CLAIM_ESSENTIAL_IGNORE 3
118 
124 typedef enum {
144  I_OPT_ERROR = 19,
147  I_OPT_CODE = 22,
205 
216 struct _i_session {
218  char * scope;
219  char * state;
220  char * nonce;
221  char * redirect_uri;
222  char * redirect_to;
223  char * client_id;
225  char * username;
227  struct _u_map additional_parameters;
228  struct _u_map additional_response;
240  uint result;
241  char * error;
243  char * error_uri;
244  char * code;
246  char * access_token;
248  char * token_target;
250  char * token_type;
252  time_t expires_at;
253  char * id_token;
257  jwks_t * server_jwks;
258  char * server_kid;
259  jwa_alg server_enc_alg;
260  jwa_enc server_enc;
261  jwks_t * client_jwks;
262  char * client_kid;
264  jwa_alg client_enc_alg;
265  jwa_enc client_enc;
267  json_t * openid_config;
269  char * issuer;
270  char * userinfo;
271  json_t * j_userinfo;
272  char * token_jti;
273  uint token_exp;
284  int use_dpop;
285  char * dpop_kid;
286  jwa_alg dpop_sign_alg;
290  char * key_file;
291  char * cert_file;
295  json_t * j_claims;
297 };
298 
315 int i_global_init();
316 
320 void i_global_close();
321 
327 void i_free(void * data);
328 
334 int i_init_session(struct _i_session * i_session);
335 
340 void i_clean_session(struct _i_session * i_session);
341 
364 int i_set_response_type(struct _i_session * i_session, uint i_value);
365 
374 int i_set_result(struct _i_session * i_session, uint i_value);
375 
390 int i_set_int_parameter(struct _i_session * i_session, i_option option, uint i_value);
391 
417 int i_set_str_parameter(struct _i_session * i_session, i_option option, const char * s_value);
418 
426 int i_set_additional_parameter(struct _i_session * i_session, const char * s_key, const char * s_value);
427 
435 int i_set_additional_response(struct _i_session * i_session, const char * s_key, const char * s_value);
436 
450 int i_add_claim_request(struct _i_session * i_session, int target, const char * claim, int essential, const char * value);
451 
460 int i_remove_claim_request(struct _i_session * i_session, int target, const char * claim);
461 
469 int i_set_rich_authorization_request_json_t(struct _i_session * i_session, const char * type, json_t * j_value);
470 
478 int i_set_rich_authorization_request_str(struct _i_session * i_session, const char * type, const char * value);
479 
486 int i_remove_rich_authorization_request(struct _i_session * i_session, const char * type);
487 
494 json_t * i_get_rich_authorization_request_json_t(struct _i_session * i_session, const char * type);
495 
502 char * i_get_rich_authorization_request_str(struct _i_session * i_session, const char * type);
503 
515 uint i_get_response_type(struct _i_session * i_session);
516 
522 uint i_get_result(struct _i_session * i_session);
523 
537 uint i_get_int_parameter(struct _i_session * i_session, i_option option);
538 
563 const char * i_get_str_parameter(struct _i_session * i_session, i_option option);
564 
571 const char * i_get_additional_parameter(struct _i_session * i_session, const char * s_key);
572 
579 const char * i_get_additional_response(struct _i_session * i_session, const char * s_key);
580 
586 json_t * i_get_server_configuration(struct _i_session * i_session);
587 
593 json_t * i_get_server_jwks(struct _i_session * i_session);
594 
601 int i_set_server_jwks(struct _i_session * i_session, json_t * j_jwks);
602 
608 json_t * i_get_client_jwks(struct _i_session * i_session);
609 
616 int i_set_client_jwks(struct _i_session * i_session, json_t * j_jwks);
617 
631 int i_set_parameter_list(struct _i_session * i_session, ...);
632 
638 json_t * i_export_session_json_t(struct _i_session * i_session);
639 
647 int i_import_session_json_t(struct _i_session * i_session, json_t * j_import);
648 
654 char * i_export_session_str(struct _i_session * i_session);
655 
663 int i_import_session_str(struct _i_session * i_session, const char * str_import);
664 
680 int i_get_openid_config(struct _i_session * i_session);
681 
688 int i_build_auth_url_get(struct _i_session * i_session);
689 
696 int i_run_auth_request(struct _i_session * i_session);
697 
705 int i_parse_redirect_to(struct _i_session * i_session);
706 
713 int i_run_token_request(struct _i_session * i_session);
714 
720 int i_verify_id_token(struct _i_session * i_session);
721 
730 int i_verify_jwt_access_token(struct _i_session * i_session, const char * aud);
731 
742 int i_get_userinfo(struct _i_session * i_session, int get_jwt);
743 
757 int i_get_userinfo_custom(struct _i_session * i_session, const char * http_method, struct _u_map * additional_query, struct _u_map * additional_headers);
758 
772 int i_get_token_introspection(struct _i_session * i_session, json_t ** j_result, int authentication, int get_jwt);
773 
784 int i_revoke_token(struct _i_session * i_session, int authentication);
785 
797 int i_register_client(struct _i_session * i_session, json_t * j_parameters, int update_session, json_t ** j_result);
798 
810 int i_manage_registration_client(struct _i_session * i_session, json_t * j_parameters, int update_session, json_t ** j_result);
811 
819 int i_get_registration_client(struct _i_session * i_session, json_t ** j_result);
820 
830 char * i_generate_dpop_token(struct _i_session * i_session, const char * htm, const char * htu, time_t iat);
831 
840 int i_verify_dpop_proof(const char * dpop_header, const char * htm, const char * htu, time_t max_iat, const char * jkt);
841 
858 int i_perform_resource_service_request(struct _i_session * i_session, struct _u_request * http_request, struct _u_response * http_response, int refresh_if_expired, int bearer_type, int use_dpop, time_t dpop_iat);
859 
866 int i_run_par_request(struct _i_session * i_session);
867 
874 int i_run_device_auth_request(struct _i_session * i_session);
875 
880 #ifdef __cplusplus
881 }
882 #endif
883 
884 #endif // __IDDAWC_H_
i_option
Definition: iddawc.h:124
@ I_OPT_EXPIRES_AT
expires_at value after a succesfull auth or token request, time_t
Definition: iddawc.h:155
@ I_OPT_TOKEN_TYPE
token_type value after a succesfull auth or token request, string
Definition: iddawc.h:153
@ I_OPT_PUSHED_AUTH_REQ_REQUIRED
are pushed authorization requests required, boolean
Definition: iddawc.h:188
@ I_OPT_TOKEN_EXP
JWT token request expiration time in seconds.
Definition: iddawc.h:172
@ I_OPT_DEVICE_AUTH_CODE
device authorization code sent by the AS
Definition: iddawc.h:179
@ I_OPT_DPOP_SIGN_ALG
signature algorithm to use when the client signs a DPoP, values available are 'none',...
Definition: iddawc.h:196
@ I_OPT_ISSUER
issuer value, string
Definition: iddawc.h:158
@ I_OPT_REMOTE_CERT_FLAG
Flags to use with remote connexions to ignore incorrect certificates, flags available are I_REMOTE_HO...
Definition: iddawc.h:199
@ I_OPT_ACCESS_TOKEN
access token given after a succesfull auth or token request using the proper response_type
Definition: iddawc.h:149
@ I_OPT_PUSHED_AUTH_REQ_ENDPOINT
absolute url for the pushed authoization endpoint, string
Definition: iddawc.h:187
@ I_OPT_TOKEN_JTI
jti value, string
Definition: iddawc.h:170
@ I_OPT_TOKEN_TARGET
access_token which is the target of a revocation or an introspection, string
Definition: iddawc.h:173
@ I_OPT_INTROSPECTION_ENDPOINT
absolute url for the introspection endpoint, string
Definition: iddawc.h:176
@ I_OPT_TOKEN_TARGET_TYPE_HINT
access_token which is the target of a revocation or an introspection, string
Definition: iddawc.h:174
@ I_OPT_TOKEN_METHOD
Authentication method to use with the token endpoint, values available are I_TOKEN_AUTH_METHOD_SECRET...
Definition: iddawc.h:152
@ I_OPT_PKCE_CODE_VERIFIER_GENERATE
Generate a random PKCE code verifier.
Definition: iddawc.h:201
@ I_OPT_X5U_FLAGS
x5u flage to apply when JWK used have a x5u property, values available are R_FLAG_IGNORE_SERVER_CERTI...
Definition: iddawc.h:162
@ I_OPT_TOKEN_JTI_GENERATE
Generate a random jti value.
Definition: iddawc.h:171
@ I_OPT_SERVER_KID
key id to use if multiple jwk are available on the server, string
Definition: iddawc.h:163
@ I_OPT_PKCE_METHOD
PKCE method to use, values available are I_PKCE_NONE (no PKCE, default), I_PKCE_METHOD_PLAIN or I_PKC...
Definition: iddawc.h:202
@ I_OPT_CODE
code given after a succesfull auth request using the response_type I_RESPONSE_TYPE_CODE
Definition: iddawc.h:147
@ I_OPT_PKCE_CODE_VERIFIER
PKCE code verifier, must be a string of 43 characters minumum only using the characters [A-Z] / [a-z]...
Definition: iddawc.h:200
@ I_OPT_USE_DPOP
Generate and use a DPoP when accessing endpoints userinfo, introspection and revocation.
Definition: iddawc.h:191
@ I_OPT_OPENID_CONFIG_ENDPOINT
absolute url for the .well-known/openid-configuration endpoint, string
Definition: iddawc.h:139
@ I_OPT_ID_TOKEN
id_token given after a succesfull auth or token request using the proper response_type
Definition: iddawc.h:150
@ I_OPT_DEVICE_AUTHORIZATION_ENDPOINT
absolute url for the pushed authorization endpoint, string
Definition: iddawc.h:178
@ I_OPT_OPENID_CONFIG
result of the .well-known/openid-configuration
Definition: iddawc.h:140
@ I_OPT_NONE
Empty option to complete a i_set_parameter_list.
Definition: iddawc.h:125
@ I_OPT_CHECK_SESSION_IRAME
absolute url for the check session iframe, string
Definition: iddawc.h:186
@ I_OPT_DEVICE_AUTH_EXPIRES_IN
device authorization code expiration sent by the AS
Definition: iddawc.h:183
@ I_OPT_TLS_KEY_FILE
Path to the private key PEM file to use in a TLS authentication.
Definition: iddawc.h:197
@ I_OPT_DEVICE_AUTH_INTERVAL
device authorization code verification interval sent by the AS
Definition: iddawc.h:184
@ I_OPT_REDIRECT_URI
redirect_uri, string
Definition: iddawc.h:131
@ I_OPT_CLIENT_ENC_ALG
key encryption algorithm to use when the client encrypts a request in a JWT, values available are 'RS...
Definition: iddawc.h:168
@ I_OPT_ERROR_URI
error uri of a failed request, string
Definition: iddawc.h:146
@ I_OPT_CLIENT_KID
key id to use if multiple jwk are available on the client, string
Definition: iddawc.h:166
@ I_OPT_REDIRECT_TO
url where the oauth2 is redirected to after a /auth request
Definition: iddawc.h:132
@ I_OPT_ADDITIONAL_RESPONSE
Definition: iddawc.h:136
@ I_OPT_DECRYPT_ACCESS_TOKEN
Decrypt access token when received by the AS as a JWE.
Definition: iddawc.h:195
@ I_OPT_DECRYPT_REFRESH_TOKEN
Decrypt refresh token when received by the AS as a JWE.
Definition: iddawc.h:194
@ I_OPT_NONCE
nonce value, string
Definition: iddawc.h:130
@ I_OPT_DECRYPT_CODE
Decrypt code when received by the AS as a JWE.
Definition: iddawc.h:193
@ I_OPT_RESOURCE_INDICATOR
Resource indicator as detailed in the RFC 8707.
Definition: iddawc.h:203
@ I_OPT_PUSHED_AUTH_REQ_EXPIRES_IN
pushed authorization request expiration time in seconds
Definition: iddawc.h:189
@ I_OPT_USER_PASSWORD
password for password response_types, string
Definition: iddawc.h:157
@ I_OPT_PUSHED_AUTH_REQ_URI
request_uri sent by the par endpoint result, string
Definition: iddawc.h:190
@ I_OPT_REVOCATION_ENDPOINT
absolute url for the revocation endpoint, string
Definition: iddawc.h:175
@ I_OPT_SERVER_ENC_ALG
key id to use if multiple jwk are available on the server, string
Definition: iddawc.h:164
@ I_OPT_TOKEN_ENDPOINT
absolute url for the token endpoint, string
Definition: iddawc.h:138
@ I_OPT_REFRESH_TOKEN
refresh token given after a succesfull token request using the proper response_type
Definition: iddawc.h:148
@ I_OPT_TLS_CERT_FILE
Path to the certificate PEM file to use in a TLS authentication.
Definition: iddawc.h:198
@ I_OPT_STATE_GENERATE
Generate a random state value.
Definition: iddawc.h:161
@ I_OPT_CLIENT_SECRET
client secret, string
Definition: iddawc.h:134
@ I_OPT_CLIENT_SIGN_ALG
signature algorithm to use when the client signs a request in a JWT, values available are 'none',...
Definition: iddawc.h:167
@ I_OPT_SCOPE_APPEND
append another scope value to the scope list, string
Definition: iddawc.h:128
@ I_OPT_DEVICE_AUTH_VERIFICATION_URI
device authorization verification URI sent by the AS
Definition: iddawc.h:181
@ I_OPT_REGISTRATION_ENDPOINT
absolute url for the client registration endpoint, string
Definition: iddawc.h:177
@ I_OPT_SERVER_ENC
key id to use if multiple jwk are available on the server, string
Definition: iddawc.h:165
@ I_OPT_CLIENT_ENC
data encryption algorithm to use when the client encrypts a request in a JWT, values available are 'A...
Definition: iddawc.h:169
@ I_OPT_EXPIRES_IN
expires_in value after a succesfull auth or token request, integer
Definition: iddawc.h:154
@ I_OPT_CLIENT_ID
client_id, string
Definition: iddawc.h:133
@ I_OPT_RESPONSE_TYPE
response_type, values available are I_RESPONSE_TYPE_CODE, I_RESPONSE_TYPE_TOKEN, I_RESPONSE_TYPE_ID_T...
Definition: iddawc.h:126
@ I_OPT_ERROR_DESCRIPTION
error description of a failed request, string
Definition: iddawc.h:145
@ I_OPT_AUTH_METHOD
Authentication method to use with the auth endpoint, values available are I_AUTH_METHOD_GET,...
Definition: iddawc.h:151
@ I_OPT_DEVICE_AUTH_USER_CODE
device authorization user code sent by the AS
Definition: iddawc.h:180
@ I_OPT_END_SESSION_ENDPOINT
absolute url for the end session endpoint, string
Definition: iddawc.h:185
@ I_OPT_ERROR
error value of a failed request, string
Definition: iddawc.h:144
@ I_OPT_USERINFO_ENDPOINT
absolute url for the userinfo endpoint or equivalent, string
Definition: iddawc.h:142
@ I_OPT_STATE
state value, string
Definition: iddawc.h:129
@ I_OPT_AUTH_ENDPOINT
absolute url for the auth endpoint, string
Definition: iddawc.h:137
@ I_OPT_USERNAME
username for password response_types, string
Definition: iddawc.h:156
@ I_OPT_OPENID_CONFIG_STRICT
must the .well-known/openid-configuration parameters be strictly
Definition: iddawc.h:141
@ I_OPT_SCOPE
scope values, string, multiple scopes must be separated by a space character: "scope1 openid"
Definition: iddawc.h:127
@ I_OPT_NONCE_GENERATE
Generate a random nonce value.
Definition: iddawc.h:160
@ I_OPT_USERINFO
userinfo result, string
Definition: iddawc.h:159
@ I_OPT_ADDITIONAL_PARAMETER
use this option to pass any additional parameter value in the /auth request
Definition: iddawc.h:135
@ I_OPT_DPOP_KID
key id to use when signing a DPoP
Definition: iddawc.h:192
@ I_OPT_RESULT
result of a request
Definition: iddawc.h:143
@ I_OPT_DEVICE_AUTH_VERIFICATION_URI_COMPLETE
device authorization verification URI complete sent by the AS
Definition: iddawc.h:182
int i_init_session(struct _i_session *i_session)
Definition: iddawc.c:1388
void i_clean_session(struct _i_session *i_session)
Definition: iddawc.c:1501
int i_global_init()
Definition: iddawc.c:1370
void i_free(void *data)
Definition: iddawc.c:1384
void i_global_close()
Definition: iddawc.c:1379
uint i_get_int_parameter(struct _i_session *i_session, i_option option)
Definition: iddawc.c:2574
int i_set_rich_authorization_request_json_t(struct _i_session *i_session, const char *type, json_t *j_value)
Definition: iddawc.c:4783
int i_set_server_jwks(struct _i_session *i_session, json_t *j_jwks)
Definition: iddawc.c:2913
uint i_get_result(struct _i_session *i_session)
Definition: iddawc.c:2570
int i_set_additional_parameter(struct _i_session *i_session, const char *s_key, const char *s_value)
Definition: iddawc.c:2176
int i_remove_claim_request(struct _i_session *i_session, int target, const char *claim)
Definition: iddawc.c:2243
int i_add_claim_request(struct _i_session *i_session, int target, const char *claim, int essential, const char *value)
Definition: iddawc.c:2200
char * i_export_session_str(struct _i_session *i_session)
Definition: iddawc.c:4452
int i_import_session_json_t(struct _i_session *i_session, json_t *j_import)
Definition: iddawc.c:4326
int i_set_int_parameter(struct _i_session *i_session, i_option option, uint i_value)
Definition: iddawc.c:1569
json_t * i_get_server_jwks(struct _i_session *i_session)
Definition: iddawc.c:2905
json_t * i_get_client_jwks(struct _i_session *i_session)
Definition: iddawc.c:2927
const char * i_get_additional_parameter(struct _i_session *i_session, const char *s_key)
Definition: iddawc.c:2881
json_t * i_export_session_json_t(struct _i_session *i_session)
Definition: iddawc.c:4222
int i_set_result(struct _i_session *i_session, uint i_value)
Definition: iddawc.c:1565
const char * i_get_additional_response(struct _i_session *i_session, const char *s_key)
Definition: iddawc.c:2889
int i_set_parameter_list(struct _i_session *i_session,...)
Definition: iddawc.c:2276
const char * i_get_str_parameter(struct _i_session *i_session, i_option option)
Definition: iddawc.c:2716
int i_remove_rich_authorization_request(struct _i_session *i_session, const char *type)
Definition: iddawc.c:4806
uint i_get_response_type(struct _i_session *i_session)
Definition: iddawc.c:2566
json_t * i_get_server_configuration(struct _i_session *i_session)
Definition: iddawc.c:2897
int i_import_session_str(struct _i_session *i_session, const char *str_import)
Definition: iddawc.c:4463
char * i_get_rich_authorization_request_str(struct _i_session *i_session, const char *type)
Definition: iddawc.c:4843
int i_set_response_type(struct _i_session *i_session, uint i_value)
Definition: iddawc.c:1561
json_t * i_get_rich_authorization_request_json_t(struct _i_session *i_session, const char *type)
Definition: iddawc.c:4826
int i_set_str_parameter(struct _i_session *i_session, i_option option, const char *s_value)
Definition: iddawc.c:1725
int i_set_client_jwks(struct _i_session *i_session, json_t *j_jwks)
Definition: iddawc.c:2935
int i_set_additional_response(struct _i_session *i_session, const char *s_key, const char *s_value)
Definition: iddawc.c:2188
int i_set_rich_authorization_request_str(struct _i_session *i_session, const char *type, const char *value)
Definition: iddawc.c:4763
int i_revoke_token(struct _i_session *i_session, int authentication)
Definition: iddawc.c:3781
int i_build_auth_url_get(struct _i_session *i_session)
Definition: iddawc.c:2949
int i_perform_resource_service_request(struct _i_session *i_session, struct _u_request *http_request, struct _u_response *http_response, int refresh_if_expired, int bearer_type, int use_dpop, time_t dpop_iat)
Definition: iddawc.c:4567
int i_run_auth_request(struct _i_session *i_session)
Definition: iddawc.c:3113
char * i_generate_dpop_token(struct _i_session *i_session, const char *htm, const char *htu, time_t iat)
Definition: iddawc.c:4481
int i_get_userinfo_custom(struct _i_session *i_session, const char *http_method, struct _u_map *additional_query, struct _u_map *additional_headers)
Definition: iddawc.c:2452
int i_verify_jwt_access_token(struct _i_session *i_session, const char *aud)
Definition: iddawc.c:3739
int i_get_userinfo(struct _i_session *i_session, int get_jwt)
Definition: iddawc.c:2435
int i_run_device_auth_request(struct _i_session *i_session)
Definition: iddawc.c:4855
int i_get_registration_client(struct _i_session *i_session, json_t **j_result)
Definition: iddawc.c:4078
int i_verify_id_token(struct _i_session *i_session)
Definition: iddawc.c:3590
int i_verify_dpop_proof(const char *dpop_header, const char *htm, const char *htu, time_t max_iat, const char *jkt)
Definition: iddawc.c:4658
int i_get_openid_config(struct _i_session *i_session)
Definition: iddawc.c:2391
int i_parse_redirect_to(struct _i_session *i_session)
Definition: iddawc.c:2642
int i_get_token_introspection(struct _i_session *i_session, json_t **j_result, int authentication, int get_jwt)
Definition: iddawc.c:3874
int i_manage_registration_client(struct _i_session *i_session, json_t *j_parameters, int update_session, json_t **j_result)
Definition: iddawc.c:4147
int i_run_par_request(struct _i_session *i_session)
Definition: iddawc.c:4939
int i_register_client(struct _i_session *i_session, json_t *j_parameters, int update_session, json_t **j_result)
Definition: iddawc.c:4005
int i_run_token_request(struct _i_session *i_session)
Definition: iddawc.c:3232
Definition: iddawc.h:216
char * error_description
Definition: iddawc.h:242
uint token_method
Definition: iddawc.h:256
time_t expires_at
Definition: iddawc.h:252
struct _u_map additional_response
Definition: iddawc.h:228
char * device_authorization_endpoint
Definition: iddawc.h:237
struct _u_map additional_parameters
Definition: iddawc.h:227
jwa_alg client_enc_alg
Definition: iddawc.h:264
char * token_target
Definition: iddawc.h:248
uint pushed_authorization_request_expires_in
Definition: iddawc.h:282
json_t * access_token_payload
Definition: iddawc.h:247
char * device_auth_verification_uri
Definition: iddawc.h:277
uint result
Definition: iddawc.h:240
char * device_auth_code
Definition: iddawc.h:275
char * redirect_to
Definition: iddawc.h:222
jwa_enc server_enc
Definition: iddawc.h:260
char * token_jti
Definition: iddawc.h:272
char * token_target_type_hint
Definition: iddawc.h:249
char * resource_indicator
Definition: iddawc.h:296
int x5u_flags
Definition: iddawc.h:266
char * redirect_uri
Definition: iddawc.h:221
jwks_t * client_jwks
Definition: iddawc.h:261
int decrypt_access_token
Definition: iddawc.h:289
char * pushed_authorization_request_uri
Definition: iddawc.h:283
char * openid_config_endpoint
Definition: iddawc.h:231
int remote_cert_flag
Definition: iddawc.h:292
char * userinfo_endpoint
Definition: iddawc.h:232
char * code
Definition: iddawc.h:244
json_t * openid_config
Definition: iddawc.h:267
char * error
Definition: iddawc.h:241
char * state
Definition: iddawc.h:219
json_t * j_claims
Definition: iddawc.h:295
int pkce_method
Definition: iddawc.h:294
json_t * j_userinfo
Definition: iddawc.h:271
uint expires_in
Definition: iddawc.h:251
char * userinfo
Definition: iddawc.h:270
char * client_id
Definition: iddawc.h:223
char * refresh_token
Definition: iddawc.h:245
char * revocation_endpoint
Definition: iddawc.h:233
char * cert_file
Definition: iddawc.h:291
char * user_password
Definition: iddawc.h:226
json_t * id_token_payload
Definition: iddawc.h:254
json_t * j_authorization_details
Definition: iddawc.h:274
uint token_exp
Definition: iddawc.h:273
int decrypt_code
Definition: iddawc.h:287
char * error_uri
Definition: iddawc.h:243
char * client_kid
Definition: iddawc.h:262
jwa_alg dpop_sign_alg
Definition: iddawc.h:286
int use_dpop
Definition: iddawc.h:284
char * token_type
Definition: iddawc.h:250
char * token_endpoint
Definition: iddawc.h:230
int openid_config_strict
Definition: iddawc.h:268
char * pkce_code_verifier
Definition: iddawc.h:293
jwa_alg server_enc_alg
Definition: iddawc.h:259
char * dpop_kid
Definition: iddawc.h:285
char * nonce
Definition: iddawc.h:220
uint require_pushed_authorization_requests
Definition: iddawc.h:281
char * access_token
Definition: iddawc.h:246
uint auth_method
Definition: iddawc.h:255
char * check_session_iframe
Definition: iddawc.h:236
char * client_secret
Definition: iddawc.h:224
char * issuer
Definition: iddawc.h:269
char * username
Definition: iddawc.h:225
uint device_auth_interval
Definition: iddawc.h:280
char * server_kid
Definition: iddawc.h:258
char * registration_endpoint
Definition: iddawc.h:238
char * scope
Definition: iddawc.h:218
uint response_type
Definition: iddawc.h:217
char * end_session_endpoint
Definition: iddawc.h:235
jwa_alg client_sign_alg
Definition: iddawc.h:263
char * device_auth_user_code
Definition: iddawc.h:276
jwa_enc client_enc
Definition: iddawc.h:265
char * pushed_authorization_request_endpoint
Definition: iddawc.h:239
char * id_token
Definition: iddawc.h:253
char * key_file
Definition: iddawc.h:290
char * authorization_endpoint
Definition: iddawc.h:229
uint device_auth_expires_in
Definition: iddawc.h:279
char * introspection_endpoint
Definition: iddawc.h:234
jwks_t * server_jwks
Definition: iddawc.h:257
int decrypt_refresh_token
Definition: iddawc.h:288
char * device_auth_verification_uri_complete
Definition: iddawc.h:278