GNUnet  0.17.6
Data Structures | Functions | Variables
oidc_helper.c File Reference

helper library for OIDC related functions More...

#include "platform.h"
#include <inttypes.h>
#include <jansson.h>
#include <jose/jose.h>
#include "gnunet_util_lib.h"
#include "gnunet_reclaim_lib.h"
#include "gnunet_reclaim_service.h"
#include "gnunet_signatures.h"
#include "oidc_helper.h"
#include <gcrypt.h>
Include dependency graph for oidc_helper.c:

Go to the source code of this file.

Data Structures

struct  OIDC_Parameters
 The signature used to generate the authorization code. More...
 

Functions

static enum GNUNET_GenericReturnValue is_claim_in_address_scope (const char *claim)
 
static char * create_jwt_hmac_header (void)
 
static void replace_char (char *str, char find, char replace)
 
static void fix_base64 (char *str)
 
static json_t * generate_userinfo_json (const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
 
char * OIDC_generate_userinfo (const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
 Generate userinfo JSON as string. More...
 
char * generate_id_token_body (const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce)
 
char * OIDC_generate_id_token_rsa (const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const json_t *secret_rsa_key)
 Create a JWT using RSA256 algorithm from attributes. More...
 
char * OIDC_generate_id_token_hmac (const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
 Create a JWT using HMAC (HS256) from attributes. More...
 
char * OIDC_build_authz_code (const struct GNUNET_IDENTITY_PrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce_str, const char *code_challenge)
 Builds an OIDC authorization code including a reclaim ticket and nonce. More...
 
enum GNUNET_GenericReturnValue check_code_challenge (const char *code_challenge, uint32_t code_challenge_len, const char *code_verifier)
 
int OIDC_parse_authz_code (const struct GNUNET_IDENTITY_PublicKey *audience, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce_str, enum OIDC_VerificationOptions opts)
 Parse reclaim ticket and nonce from authorization code. More...
 
void OIDC_build_token_response (const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
 Build a token response for a token request TODO: Maybe we should add the scope here? More...
 
char * OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket)
 Generate a new access token. More...
 
int OIDC_access_token_parse (const char *token, struct GNUNET_RECLAIM_Ticket **ticket)
 Parse an access token. More...
 
enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request (const char *scopes, const char *attr)
 Checks if a claim is implicitly requested through standard scope(s) or explicitly through non-standard scope. More...
 

Variables

static GNUNET_NETWORK_STRUCT_END char OIDC_profile_claims [14][32]
 Standard claims represented by the "profile" scope in OIDC. More...
 
static char OIDC_email_claims [2][16]
 Standard claims represented by the "email" scope in OIDC. More...
 
static char OIDC_phone_claims [2][32]
 Standard claims represented by the "phone" scope in OIDC. More...
 
static char OIDC_address_claims [5][32]
 Standard claims represented by the "address" scope in OIDC. More...
 

Detailed Description

helper library for OIDC related functions

Author
Martin Schanzenbach
Tristan Schwieren

Definition in file oidc_helper.c.

Function Documentation

◆ is_claim_in_address_scope()

static enum GNUNET_GenericReturnValue is_claim_in_address_scope ( const char *  claim)
static

Definition at line 100 of file oidc_helper.c.

106 {
107  int i;
108  for (i = 0; i < 5; i++)
109  {
110  if (0 == strcmp (claim, OIDC_address_claims[i]))
111  {
112  return GNUNET_YES;
113  }
114  }
115  return GNUNET_NO;
116 }
struct GNUNET_RECLAIM_Attribute * claim
Claim to store.
@ GNUNET_YES
@ GNUNET_NO
Definition: gnunet_common.h:98
static char OIDC_address_claims[5][32]
Standard claims represented by the "address" scope in OIDC.
Definition: oidc_helper.c:100

Referenced by generate_userinfo_json().

Here is the caller graph for this function:

◆ create_jwt_hmac_header()

static char* create_jwt_hmac_header ( void  )
static

Definition at line 120 of file oidc_helper.c.

121 {
122  json_t *root;
123  char *json_str;
124 
125  root = json_object ();
126  json_object_set_new (root, JWT_ALG, json_string (JWT_ALG_VALUE_HMAC));
127  json_object_set_new (root, JWT_TYP, json_string (JWT_TYP_VALUE));
128 
129  json_str = json_dumps (root, JSON_INDENT (0) | JSON_COMPACT);
130  json_decref (root);
131  return json_str;
132 }
#define JWT_TYP_VALUE
Definition: oidc_helper.h:32
#define JWT_ALG
Definition: oidc_helper.h:30
#define JWT_TYP
Definition: oidc_helper.h:31
#define JWT_ALG_VALUE_HMAC
Definition: oidc_helper.h:34

References JWT_ALG, JWT_ALG_VALUE_HMAC, JWT_TYP, and JWT_TYP_VALUE.

Referenced by OIDC_generate_id_token_hmac().

Here is the caller graph for this function:

◆ replace_char()

static void replace_char ( char *  str,
char  find,
char  replace 
)
static

Definition at line 136 of file oidc_helper.c.

137 {
138  char *current_pos = strchr (str, find);
139 
140  while (current_pos)
141  {
142  *current_pos = replace;
143  current_pos = strchr (current_pos, find);
144  }
145 }
static int replace
Replace DID Document Flag.
Definition: gnunet-did.c:56

References replace.

Referenced by fix_base64().

Here is the caller graph for this function:

◆ fix_base64()

static void fix_base64 ( char *  str)
static

Definition at line 150 of file oidc_helper.c.

151 {
152  // Replace + with -
153  replace_char (str, '+', '-');
154 
155  // Replace / with _
156  replace_char (str, '/', '_');
157 }
static void replace_char(char *str, char find, char replace)
Definition: oidc_helper.c:136

References replace_char().

Referenced by OIDC_generate_id_token_hmac().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ generate_userinfo_json()

static json_t* generate_userinfo_json ( const struct GNUNET_IDENTITY_PublicKey sub_key,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations 
)
static

There is this weird quirk that the individual address claim(s) must be inside a JSON object of the "address" claim.

There is this weird quirk that the individual address claim(s) must be inside a JSON object of the "address" claim.

This is/can only be set once!

Definition at line 161 of file oidc_helper.c.

165 {
168  char *subject;
169  char *source_name;
170  char *attr_val_str;
171  char *pres_val_str;
172  json_t *body;
173  json_t *aggr_names;
174  json_t *aggr_sources;
175  json_t *aggr_sources_jwt;
176  json_t *addr_claim = NULL;
177  int num_presentations = 0;
178  for (le = attrs->list_head; NULL != le; le = le->next)
179  {
181  num_presentations++;
182  }
183 
184  subject =
186  sizeof(struct
188  body = json_object ();
189  aggr_names = json_object ();
190  aggr_sources = json_object ();
191 
192  // iss REQUIRED case sensitive server uri with https
193  // The issuer is the local reclaim instance (e.g.
194  // https://reclaim.id/api/openid)
195  json_object_set_new (body, "iss", json_string (SERVER_ADDRESS));
196  // sub REQUIRED public key identity, not exceed 255 ASCII length
197  json_object_set_new (body, "sub", json_string (subject));
199  pres_val_str = NULL;
200  source_name = NULL;
201  int i = 0;
202  for (ple = presentations->list_head; NULL != ple; ple = ple->next)
203  {
204  // New presentation
205  GNUNET_asprintf (&source_name,
206  "src%d",
207  i);
209  "Adding new presentation source #%d\n", i);
210  aggr_sources_jwt = json_object ();
211  pres_val_str =
213  ple->presentation->data,
214  ple->presentation->data_size);
216  "Presentation is: %s\n", pres_val_str);
217  json_object_set_new (aggr_sources_jwt,
219  ple->presentation->type),
220  json_string (pres_val_str) );
221  json_object_set_new (aggr_sources, source_name, aggr_sources_jwt);
222  GNUNET_free (pres_val_str);
223  GNUNET_free (source_name);
224  source_name = NULL;
225  i++;
226  }
227 
228  int addr_is_aggregated = GNUNET_NO;
229  int addr_is_normal = GNUNET_NO;
230  for (le = attrs->list_head; NULL != le; le = le->next)
231  {
233  "Processing %s for userinfo body\n",
234  le->attribute->name);
236  {
237  attr_val_str =
239  le->attribute->data,
240  le->attribute->data_size);
246  {
247  if (GNUNET_YES == addr_is_aggregated)
248  {
250  "Address is set as aggregated claim. Skipping self-issued value...\n");
251  GNUNET_free (attr_val_str);
252  continue;
253  }
254  addr_is_normal = GNUNET_YES;
255 
256  if (NULL == addr_claim)
257  {
258  addr_claim = json_object ();
259  json_object_set_new (body, "address", addr_claim);
260  }
261  json_object_set_new (addr_claim, le->attribute->name,
262  json_string (attr_val_str));
263 
264  }
265  else
266  {
267  json_object_set_new (body, le->attribute->name,
268  json_string (attr_val_str));
269  }
270  GNUNET_free (attr_val_str);
271  }
272  else
273  {
274  // Check if presentation is there
275  int j = 0;
276  for (ple = presentations->list_head; NULL != ple; ple = ple->next)
277  {
278  if (GNUNET_YES ==
280  &le->attribute->credential))
281  break;
282  j++;
283  }
284  if (NULL == ple)
285  {
287  "Presentation for `%s' missing...\n",
288  le->attribute->name);
289  continue;
290  }
296  {
297  if (GNUNET_YES == addr_is_normal)
298  {
300  "Address is already set as normal claim. Skipping attested value...\n");
301  continue;
302  }
303  addr_is_aggregated = GNUNET_YES;
305  if (NULL != addr_claim)
306  continue;
307  addr_claim = json_object ();
308  GNUNET_asprintf (&source_name,
309  "src%d",
310  j);
311  json_object_set_new (aggr_names, "address",
312  json_string (source_name));
313  GNUNET_free (source_name);
314  }
315  else
316  {
317  // Presentation exists, hence take the respective source str
318  GNUNET_asprintf (&source_name,
319  "src%d",
320  j);
321  json_object_set_new (aggr_names, le->attribute->name,
322  json_string (source_name));
323  GNUNET_free (source_name);
324  }
325  }
326  }
327  if (0 != i)
328  {
329  json_object_set_new (body, "_claim_names", aggr_names);
330  json_object_set_new (body, "_claim_sources", aggr_sources);
331  }
332 
333  return body;
334 }
static char * subject
Subject pubkey string.
Definition: gnunet-abd.c:86
#define GNUNET_log(kind,...)
@ GNUNET_ERROR_TYPE_WARNING
@ GNUNET_ERROR_TYPE_DEBUG
int int GNUNET_asprintf(char **buf, const char *format,...) __attribute__((format(printf
Like asprintf, just portable.
#define GNUNET_free(ptr)
Wrapper around free.
#define GNUNET_RECLAIM_id_is_equal(a, b)
#define GNUNET_RECLAIM_id_is_zero(a)
char * GNUNET_RECLAIM_attribute_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the 'claim' of an attribute to a string.
char * GNUNET_RECLAIM_presentation_value_to_string(uint32_t type, const void *data, size_t data_size)
Convert the 'claim' of a presentation to a string.
const char * GNUNET_RECLAIM_presentation_number_to_typename(uint32_t type)
Convert a presentation type number to the corresponding credential type string.
char * GNUNET_STRINGS_data_to_string_alloc(const void *buf, size_t size)
Return the base32crockford encoding of the given buffer.
Definition: strings.c:764
static enum GNUNET_GenericReturnValue is_claim_in_address_scope(const char *claim)
Definition: oidc_helper.c:105
#define SERVER_ADDRESS
Definition: oidc_helper.h:37
An identity key as per LSD0001.
struct GNUNET_RECLAIM_Attribute * attribute
The attribute claim.
struct GNUNET_RECLAIM_AttributeListEntry * next
DLL.
struct GNUNET_RECLAIM_AttributeListEntry * list_head
List head.
const char * name
The name of the attribute.
struct GNUNET_RECLAIM_Identifier credential
Referenced ID of credential (may be GNUNET_RECLAIM_ID_ZERO if self-creded)
uint32_t type
Type of Claim.
const void * data
Binary value stored as attribute value.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Presentation * presentation
The credential.
struct GNUNET_RECLAIM_PresentationListEntry * next
DLL.
struct GNUNET_RECLAIM_PresentationListEntry * list_head
List head.
const void * data
Binary value stored as presentation value.
uint32_t type
Type/Format of Claim.
size_t data_size
Number of bytes in data.
struct GNUNET_RECLAIM_Identifier credential_id
The credential id of which this is a presentation.

References GNUNET_RECLAIM_AttributeListEntry::attribute, GNUNET_RECLAIM_Attribute::credential, GNUNET_RECLAIM_Presentation::credential_id, GNUNET_RECLAIM_Attribute::data, GNUNET_RECLAIM_Presentation::data, GNUNET_RECLAIM_Attribute::data_size, GNUNET_RECLAIM_Presentation::data_size, GNUNET_asprintf(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_WARNING, GNUNET_free, GNUNET_log, GNUNET_NO, GNUNET_RECLAIM_attribute_value_to_string(), GNUNET_RECLAIM_id_is_equal, GNUNET_RECLAIM_id_is_zero, GNUNET_RECLAIM_presentation_number_to_typename(), GNUNET_RECLAIM_presentation_value_to_string(), GNUNET_STRINGS_data_to_string_alloc(), GNUNET_YES, is_claim_in_address_scope(), GNUNET_RECLAIM_AttributeList::list_head, GNUNET_RECLAIM_PresentationList::list_head, GNUNET_RECLAIM_Attribute::name, GNUNET_RECLAIM_AttributeListEntry::next, GNUNET_RECLAIM_PresentationListEntry::next, GNUNET_RECLAIM_PresentationListEntry::presentation, SERVER_ADDRESS, subject, GNUNET_RECLAIM_Attribute::type, and GNUNET_RECLAIM_Presentation::type.

Referenced by generate_id_token_body(), and OIDC_generate_userinfo().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_generate_userinfo()

char* OIDC_generate_userinfo ( const struct GNUNET_IDENTITY_PublicKey sub_key,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations 
)

Generate userinfo JSON as string.

Parameters
sub_keythe subject (user)
attrsuser attribute list
presentationscredential presentation list (may be empty)
Returns
Userinfo JSON

Definition at line 346 of file oidc_helper.c.

350 {
351  char *body_str;
352  json_t*body = generate_userinfo_json (sub_key,
353  attrs,
354  presentations);
355  body_str = json_dumps (body, JSON_INDENT (0) | JSON_COMPACT);
356  json_decref (body);
357  return body_str;
358 }
static json_t * generate_userinfo_json(const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
Definition: oidc_helper.c:161

References generate_userinfo_json().

Referenced by consume_fail(), and consume_ticket().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ generate_id_token_body()

char* generate_id_token_body ( const struct GNUNET_IDENTITY_PublicKey aud_key,
const struct GNUNET_IDENTITY_PublicKey sub_key,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations,
const struct GNUNET_TIME_Relative expiration_time,
const char *  nonce 
)

Definition at line 362 of file oidc_helper.c.

369 {
370  struct GNUNET_HashCode signature;
371  struct GNUNET_TIME_Absolute exp_time;
372  struct GNUNET_TIME_Absolute time_now;
373  json_t *body;
374  char *audience;
375  char *subject;
376  char *body_str;
377 
378  body = generate_userinfo_json (sub_key,
379  attrs,
380  presentations);
381  // iat REQUIRED time now
382  time_now = GNUNET_TIME_absolute_get ();
383  // exp REQUIRED time expired from config
384  exp_time = GNUNET_TIME_absolute_add (time_now, *expiration_time);
385  // auth_time only if max_age
386  // nonce only if nonce
387  // OPTIONAL acr,amr,azp
388  subject =
390  sizeof(struct
392  audience =
394  sizeof(struct
396 
397  // aud REQUIRED public key client_id must be there
398  json_object_set_new (body, "aud", json_string (audience));
399  // iat
400  json_object_set_new (body,
401  "iat",
402  json_integer (time_now.abs_value_us / (1000 * 1000)));
403  // exp
404  json_object_set_new (body,
405  "exp",
406  json_integer (exp_time.abs_value_us / (1000 * 1000)));
407  // nbf
408  json_object_set_new (body,
409  "nbf",
410  json_integer (time_now.abs_value_us / (1000 * 1000)));
411  // nonce
412  if (NULL != nonce)
413  json_object_set_new (body, "nonce", json_string (nonce));
414 
415  // Error checking
416  body_str = json_dumps (body, JSON_INDENT (2) | JSON_COMPACT);
417  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,"ID-Token: %s\n", body_str);
418 
419  json_decref (body);
421  GNUNET_free (audience);
422 
423  return body_str;
424 }
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_get(void)
Get the current time.
Definition: time.c:110
struct GNUNET_TIME_Absolute GNUNET_TIME_absolute_add(struct GNUNET_TIME_Absolute start, struct GNUNET_TIME_Relative duration)
Add a given relative duration to the given start time.
Definition: time.c:449
A 512-bit hashcode.
Time for absolute times used by GNUnet, in microseconds.

References GNUNET_TIME_Absolute::abs_value_us, generate_userinfo_json(), GNUNET_ERROR_TYPE_DEBUG, GNUNET_free, GNUNET_log, GNUNET_STRINGS_data_to_string_alloc(), GNUNET_TIME_absolute_add(), GNUNET_TIME_absolute_get(), and subject.

Referenced by OIDC_generate_id_token_hmac(), and OIDC_generate_id_token_rsa().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_generate_id_token_rsa()

char* OIDC_generate_id_token_rsa ( const struct GNUNET_IDENTITY_PublicKey aud_key,
const struct GNUNET_IDENTITY_PublicKey sub_key,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations,
const struct GNUNET_TIME_Relative expiration_time,
const char *  nonce,
const json_t *  secret_rsa_key 
)

Create a JWT using RSA256 algorithm from attributes.

Create a JWT using RSA256 from attributes.

Parameters
aud_keythe public of the audience
sub_keythe public key of the subject
attrsthe attribute list
presentationscredential presentation list (may be empty)
expiration_timethe validity of the token
secret_rsa_keythe key used to sign the JWT
Returns
a new base64-encoded JWT string.

Definition at line 439 of file oidc_helper.c.

447 {
448  json_t *jws;
449  char *body_str;
450  char *result;
451 
452  // Generate the body of the JSON Web Signature
453  body_str = generate_id_token_body (aud_key,
454  sub_key,
455  attrs,
456  presentations,
457  expiration_time,
458  nonce);
459 
460  if (NULL == body_str)
461  {
463  "Body for the JWS could not be generated\n");
464  return NULL;
465  }
466 
467  // Creating the JSON Web Signature.
468  jws = json_pack ("{s:o}", "payload",
469  jose_b64_enc (body_str, strlen (body_str)));
470  GNUNET_free (body_str);
471 
472  if (! jose_jws_sig (NULL, jws, NULL, secret_rsa_key))
473  {
475  "Signature generation failed\n");
476  return NULL;
477  }
478 
479  // Encoding JSON as compact JSON Web Signature
480  GNUNET_asprintf (&result, "%s.%s.%s",
481  json_string_value (json_object_get (jws, "protected")),
482  json_string_value (json_object_get (jws, "payload")),
483  json_string_value (json_object_get (jws, "signature")) );
484 
485  json_decref (jws);
486  return result;
487 }
static int result
Global testing status.
@ GNUNET_ERROR_TYPE_ERROR
char * generate_id_token_body(const struct GNUNET_IDENTITY_PublicKey *aud_key, const struct GNUNET_IDENTITY_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce)
Definition: oidc_helper.c:362

References generate_id_token_body(), GNUNET_asprintf(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, and result.

Referenced by token_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_generate_id_token_hmac()

char* OIDC_generate_id_token_hmac ( const struct GNUNET_IDENTITY_PublicKey aud_key,
const struct GNUNET_IDENTITY_PublicKey sub_key,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations,
const struct GNUNET_TIME_Relative expiration_time,
const char *  nonce,
const char *  secret_key 
)

Create a JWT using HMAC (HS256) from attributes.

Parameters
aud_keythe public of the audience
sub_keythe public key of the subject
attrsthe attribute list
presentationscredential presentation list (may be empty)
expiration_timethe validity of the token
secret_keythe key used to sign the JWT
Returns
a new base64-encoded JWT string.

Creating the JWT signature. This might not be standards compliant, check.

Definition at line 501 of file oidc_helper.c.

509 {
510  struct GNUNET_HashCode signature;
511  struct GNUNET_TIME_Absolute exp_time;
512  struct GNUNET_TIME_Absolute time_now;
513  char *header;
514  char *header_base64;
515  char *body_str;
516  char *body_base64;
517  char *signature_target;
518  char *signature_base64;
519  char *result;
520 
521  // Generate and encode Header
522  header = create_jwt_hmac_header ();
523  if (NULL == header)
524  {
526  "Header for the JWS could not be generated\n");
527  return NULL;
528  }
529  GNUNET_STRINGS_base64url_encode (header, strlen (header), &header_base64);
530  GNUNET_free (header);
531  fix_base64 (header_base64);
532 
533  // Generate and encode the body of the JSON Web Signature
534  body_str = generate_id_token_body (aud_key,
535  sub_key,
536  attrs,
537  presentations,
538  expiration_time,
539  nonce);
540 
541  if (NULL == body_str)
542  {
544  "Body for the JWS could not be generated\n");
545  GNUNET_free (header_base64);
546  return NULL;
547  }
548 
549  GNUNET_STRINGS_base64url_encode (body_str, strlen (body_str), &body_base64);
550  fix_base64 (body_base64);
551 
556  GNUNET_asprintf (&signature_target, "%s.%s", header_base64, body_base64);
557  GNUNET_CRYPTO_hmac_raw (secret_key,
558  strlen (secret_key),
559  signature_target,
560  strlen (signature_target),
561  &signature);
562  GNUNET_STRINGS_base64url_encode ((const char *) &signature,
563  sizeof(struct GNUNET_HashCode),
564  &signature_base64);
565  fix_base64 (signature_base64);
566 
568  "%s.%s.%s",
569  header_base64,
570  body_base64,
571  signature_base64);
572 
573  GNUNET_free (header_base64);
574  GNUNET_free (body_str);
575  GNUNET_free (body_base64);
576  GNUNET_free (signature_target);
577  GNUNET_free (signature_base64);
578  return result;
579 }
void GNUNET_CRYPTO_hmac_raw(const void *key, size_t key_len, const void *plaintext, size_t plaintext_len, struct GNUNET_HashCode *hmac)
Calculate HMAC of a message (RFC 2104) TODO: Shouldn't this be the standard hmac function and the abo...
Definition: crypto_hash.c:299
size_t GNUNET_STRINGS_base64url_encode(const void *in, size_t len, char **output)
Encode into Base64url.
Definition: strings.c:1657
static char * create_jwt_hmac_header(void)
Definition: oidc_helper.c:120
static void fix_base64(char *str)
Definition: oidc_helper.c:150

References create_jwt_hmac_header(), fix_base64(), generate_id_token_body(), GNUNET_asprintf(), GNUNET_CRYPTO_hmac_raw(), GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_log, GNUNET_STRINGS_base64url_encode(), and result.

Referenced by token_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_build_authz_code()

char* OIDC_build_authz_code ( const struct GNUNET_IDENTITY_PrivateKey issuer,
const struct GNUNET_RECLAIM_Ticket ticket,
const struct GNUNET_RECLAIM_AttributeList attrs,
const struct GNUNET_RECLAIM_PresentationList presentations,
const char *  nonce_str,
const char *  code_challenge 
)

Builds an OIDC authorization code including a reclaim ticket and nonce.

Parameters
issuerthe issuer of the ticket, used to sign the ticket and nonce
ticketthe ticket to include in the code
attrslist of attributes which are shared
presentationscredential presentation list (may be empty)
noncethe nonce to include in the code
code_challengePKCE code challenge
Returns
a new authorization code (caller must free)

PLAINTEXT

END

Definition at line 595 of file oidc_helper.c.

602 {
603  struct OIDC_Parameters params;
604  char *code_payload;
605  char *payload;
606  char *tmp;
607  char *code_str;
608  char *buf_ptr = NULL;
609  size_t payload_len;
610  size_t code_payload_len;
611  size_t attr_list_len = 0;
612  size_t pres_list_len = 0;
613  size_t code_challenge_len = 0;
614  uint32_t nonce_len = 0;
616 
618  // Assign ticket
619  memset (&params, 0, sizeof(params));
620  params.ticket = *ticket;
621  // Assign nonce
622  payload_len = sizeof(struct OIDC_Parameters);
623  if ((NULL != nonce_str) && (strcmp ("", nonce_str) != 0))
624  {
625  nonce_len = strlen (nonce_str);
626  payload_len += nonce_len;
627  }
628  params.nonce_len = htonl (nonce_len);
629  // Assign code challenge
630  if (NULL != code_challenge)
631  code_challenge_len = strlen (code_challenge);
632  payload_len += code_challenge_len;
633  params.code_challenge_len = htonl (code_challenge_len);
634  // Assign attributes
635  if (NULL != attrs)
636  {
637  // Get length
639  params.attr_list_len = htonl (attr_list_len);
641  "Length of serialized attributes: %lu\n",
642  attr_list_len);
643  // Get serialized attributes
644  payload_len += attr_list_len;
645  }
646  if (NULL != presentations)
647  {
648  // Get length
649  // FIXME only add presentations relevant for attribute list!!!
650  // This is important because of the distinction between id_token and
651  // userinfo in OIDC
652  pres_list_len =
654  params.pres_list_len = htonl (pres_list_len);
656  "Length of serialized presentations: %lu\n",
657  pres_list_len);
658  // Get serialized attributes
659  payload_len += pres_list_len;
660  }
661 
662  // Get plaintext length
663  payload = GNUNET_malloc (payload_len);
664  memcpy (payload, &params, sizeof(params));
665  tmp = payload + sizeof(params);
666  if (0 < code_challenge_len)
667  {
668  memcpy (tmp, code_challenge, code_challenge_len);
669  tmp += code_challenge_len;
670  }
671  if (0 < nonce_len)
672  {
673  memcpy (tmp, nonce_str, nonce_len);
674  tmp += nonce_len;
675  }
676  if (0 < attr_list_len)
678  tmp += attr_list_len;
679  if (0 < pres_list_len)
680  GNUNET_RECLAIM_presentation_list_serialize (presentations, tmp);
681  tmp += pres_list_len;
682 
685  // Get length
686  code_payload_len = sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
687  + payload_len + sizeof(struct
690  "Length of data to encode: %lu\n",
691  code_payload_len);
692 
693  // Initialize code payload
694  code_payload = GNUNET_malloc (code_payload_len);
695  GNUNET_assert (NULL != code_payload);
696  purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
697  purpose->size = htonl (sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
698  + payload_len);
700  // Store pubkey
701  buf_ptr = (char *) &purpose[1];
702  memcpy (buf_ptr, payload, payload_len);
704  buf_ptr += payload_len;
705  // Sign and store signature
706  if (GNUNET_SYSERR ==
707  GNUNET_IDENTITY_sign_ (issuer,
708  purpose,
709  (struct GNUNET_IDENTITY_Signature *)
710  buf_ptr))
711  {
712  GNUNET_break (0);
713  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Unable to sign code\n");
714  GNUNET_free (code_payload);
715  return NULL;
716  }
717  GNUNET_STRINGS_base64url_encode (code_payload, code_payload_len, &code_str);
718  GNUNET_free (code_payload);
719  return code_str;
720 }
#define GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN
Signature for a GNUid Ticket (Reclaim)
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
static unsigned long long payload
How much data are we currently storing in the database?
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_sign_(const struct GNUNET_IDENTITY_PrivateKey *priv, const struct GNUNET_CRYPTO_EccSignaturePurpose *purpose, struct GNUNET_IDENTITY_Signature *sig)
Sign a given block.
@ GNUNET_SYSERR
Definition: gnunet_common.h:97
#define GNUNET_assert(cond)
Use this for fatal errors that cannot be handled.
#define GNUNET_break(cond)
Use this for internal assertion violations that are not fatal (can be handled) but should not occur.
#define GNUNET_malloc(size)
Wrapper around malloc.
size_t GNUNET_RECLAIM_attribute_list_serialize(const struct GNUNET_RECLAIM_AttributeList *attrs, char *result)
Serialize an attribute list.
size_t GNUNET_RECLAIM_presentation_list_serialize(const struct GNUNET_RECLAIM_PresentationList *presentations, char *result)
Serialize a presentation list.
size_t GNUNET_RECLAIM_presentation_list_serialize_get_size(const struct GNUNET_RECLAIM_PresentationList *presentations)
Get required size for serialization buffer.
size_t GNUNET_RECLAIM_attribute_list_serialize_get_size(const struct GNUNET_RECLAIM_AttributeList *attrs)
Get required size for serialization buffer.
header of what an ECC signature signs this must be followed by "size - 8" bytes of the actual signed ...
uint32_t purpose
What does this signature vouch for? This must contain a GNUNET_SIGNATURE_PURPOSE_XXX constant (from g...
An identity signature as per LSD0001.
The signature used to generate the authorization code.
Definition: oidc_helper.c:45
uint32_t pres_list_len
The length of the presentation list.
Definition: oidc_helper.c:69
uint32_t nonce_len
The nonce length.
Definition: oidc_helper.c:54
uint32_t attr_list_len
The length of the attributes list.
Definition: oidc_helper.c:64
uint32_t code_challenge_len
The length of the PKCE code_challenge.
Definition: oidc_helper.c:59

Referenced by oidc_ticket_issue_cb().

Here is the caller graph for this function:

◆ check_code_challenge()

enum GNUNET_GenericReturnValue check_code_challenge ( const char *  code_challenge,
uint32_t  code_challenge_len,
const char *  code_verifier 
)

Definition at line 595 of file oidc_helper.c.

727 {
728  char *code_verifier_hash;
729  char *expected_code_challenge;
730 
731  if (0 == code_challenge_len) /* Only check if this code requires a CV */
732  return GNUNET_OK;
733  if (NULL == code_verifier)
734  {
736  "Expected code verifier!\n");
737  return GNUNET_SYSERR;
738  }
739  code_verifier_hash = GNUNET_malloc (256 / 8);
740  // hash code verifier
741  gcry_md_hash_buffer (GCRY_MD_SHA256,
742  code_verifier_hash,
743  code_verifier,
744  strlen (code_verifier));
745  // encode code verifier
746  GNUNET_STRINGS_base64url_encode (code_verifier_hash, 256 / 8,
747  &expected_code_challenge);
748  GNUNET_free (code_verifier_hash);
749  if (0 !=
750  strncmp (expected_code_challenge, code_challenge, code_challenge_len))
751  {
753  "Invalid code verifier! Expected: %s, Got: %.*s\n",
754  expected_code_challenge,
755  code_challenge_len,
756  code_challenge);
757  GNUNET_free (expected_code_challenge);
758  return GNUNET_SYSERR;
759  }
760  GNUNET_free (expected_code_challenge);
761  return GNUNET_OK;
762 }
@ GNUNET_OK
Definition: gnunet_common.h:99

References OIDC_Parameters::attr_list_len, OIDC_Parameters::code_challenge_len, GNUNET_assert, GNUNET_break, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_IDENTITY_sign_(), GNUNET_log, GNUNET_malloc, GNUNET_RECLAIM_attribute_list_serialize(), GNUNET_RECLAIM_attribute_list_serialize_get_size(), GNUNET_RECLAIM_presentation_list_serialize(), GNUNET_RECLAIM_presentation_list_serialize_get_size(), GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, GNUNET_STRINGS_base64url_encode(), GNUNET_SYSERR, OIDC_Parameters::nonce_len, payload, OIDC_Parameters::pres_list_len, GNUNET_CRYPTO_EccSignaturePurpose::purpose, ticket, and OIDC_Parameters::ticket.

Referenced by OIDC_parse_authz_code().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_parse_authz_code()

int OIDC_parse_authz_code ( const struct GNUNET_IDENTITY_PublicKey audience,
const char *  code,
const char *  code_verifier,
struct GNUNET_RECLAIM_Ticket ticket,
struct GNUNET_RECLAIM_AttributeList **  attrs,
struct GNUNET_RECLAIM_PresentationList **  presentations,
char **  nonce_str,
enum OIDC_VerificationOptions  opts 
)

Parse reclaim ticket and nonce from authorization code.

This also verifies the signature in the code.

Parameters
audiencethe expected audience of the code
codethe string representation of the code
code_verfierPKCE code verifier. Optional, must be provided if used in request.
ticketwhere to store the ticket
attrsthe attributes in the code
presentationscredential presentation list
nonce_strwhere to store the nonce (if contained)
Returns
GNUNET_OK if successful, else GNUNET_SYSERR

Definition at line 781 of file oidc_helper.c.

789 {
790  char *code_payload;
791  char *ptr;
792  char *plaintext;
793  char *attrs_ser;
794  char *presentations_ser;
795  char *code_challenge;
797  struct GNUNET_IDENTITY_Signature *signature;
798  uint32_t code_challenge_len;
799  uint32_t attrs_ser_len;
800  uint32_t pres_ser_len;
801  size_t plaintext_len;
802  size_t code_payload_len;
803  uint32_t nonce_len = 0;
804  struct OIDC_Parameters *params;
805 
806  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Trying to decode `%s'\n", code);
807  code_payload = NULL;
808  code_payload_len =
809  GNUNET_STRINGS_base64url_decode (code, strlen (code),
810  (void **) &code_payload);
811  if (code_payload_len < sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose)
812  + sizeof(struct OIDC_Parameters)
813  + sizeof(struct GNUNET_IDENTITY_Signature))
814  {
815  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Authorization code malformed\n");
816  GNUNET_free (code_payload);
817  return GNUNET_SYSERR;
818  }
819 
820  purpose = (struct GNUNET_CRYPTO_EccSignaturePurpose *) code_payload;
821  plaintext_len = code_payload_len;
822  plaintext_len -= sizeof(struct GNUNET_CRYPTO_EccSignaturePurpose);
823  ptr = (char *) &purpose[1];
824  plaintext_len -= sizeof(struct GNUNET_IDENTITY_Signature);
825  plaintext = ptr;
826  ptr += plaintext_len;
827  signature = (struct GNUNET_IDENTITY_Signature *) ptr;
828  params = (struct OIDC_Parameters *) plaintext;
829 
830  // cmp code_challenge code_verifier
831  code_challenge_len = ntohl (params->code_challenge_len);
832  code_challenge = ((char *) &params[1]);
834  {
835  if (GNUNET_OK != check_code_challenge (code_challenge,
837  code_verifier))
838  {
839  GNUNET_free (code_payload);
840  return GNUNET_SYSERR;
841  }
842  }
843  nonce_len = ntohl (params->nonce_len);
844  if (0 != nonce_len)
845  {
846  *nonce_str = GNUNET_strndup (code_challenge + code_challenge_len,
847  nonce_len);
848  GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, "Got nonce: %s\n", *nonce_str);
849  }
850 
851  // Ticket
852  memcpy (ticket, &params->ticket, sizeof(params->ticket));
853  // Signature
854  // GNUNET_CRYPTO_ecdsa_key_get_public (ecdsa_priv, &ecdsa_pub);
855  if (0 != GNUNET_memcmp (audience, &ticket->audience))
856  {
857  GNUNET_free (code_payload);
858  if (NULL != *nonce_str)
859  GNUNET_free (*nonce_str);
861  "Audience in ticket does not match client!\n");
862  return GNUNET_SYSERR;
863  }
864  if (GNUNET_OK !=
867  purpose,
868  signature,
869  &(ticket->identity)))
870  {
871  GNUNET_free (code_payload);
872  if (NULL != *nonce_str)
873  GNUNET_free (*nonce_str);
874  GNUNET_log (GNUNET_ERROR_TYPE_ERROR, "Signature of AuthZ code invalid!\n");
875  return GNUNET_SYSERR;
876  }
877  // Attributes
878  attrs_ser = ((char *) &params[1]) + code_challenge_len + nonce_len;
879  attrs_ser_len = ntohl (params->attr_list_len);
880  *attrs = GNUNET_RECLAIM_attribute_list_deserialize (attrs_ser, attrs_ser_len);
881  presentations_ser = ((char*) attrs_ser) + attrs_ser_len;
882  pres_ser_len = ntohl (params->pres_list_len);
883  *presentations =
885  pres_ser_len);
886 
887  GNUNET_free (code_payload);
888  return GNUNET_OK;
889 }
enum GNUNET_GenericReturnValue GNUNET_IDENTITY_signature_verify_(uint32_t purpose, const struct GNUNET_CRYPTO_EccSignaturePurpose *validate, const struct GNUNET_IDENTITY_Signature *sig, const struct GNUNET_IDENTITY_PublicKey *pub)
Verify a given signature.
#define GNUNET_memcmp(a, b)
Compare memory in a and b, where both must be of the same pointer type.
#define GNUNET_strndup(a, length)
Wrapper around GNUNET_xstrndup_.
struct GNUNET_RECLAIM_AttributeList * GNUNET_RECLAIM_attribute_list_deserialize(const char *data, size_t data_size)
Deserialize an attribute list.
struct GNUNET_RECLAIM_PresentationList * GNUNET_RECLAIM_presentation_list_deserialize(const char *data, size_t data_size)
Deserialize a presentation list.
size_t GNUNET_STRINGS_base64url_decode(const char *data, size_t len, void **out)
Decode from Base64url.
Definition: strings.c:1761
enum GNUNET_GenericReturnValue check_code_challenge(const char *code_challenge, uint32_t code_challenge_len, const char *code_verifier)
Definition: oidc_helper.c:724
@ OIDC_VERIFICATION_NO_CODE_VERIFIER
Do not check code verifier even if expected.
Definition: oidc_helper.h:49
struct GNUNET_IDENTITY_PublicKey audience
The ticket audience (= relying party)
struct GNUNET_IDENTITY_PublicKey identity
The ticket issuer (= the user)
struct GNUNET_RECLAIM_Ticket ticket
The reclaim ticket.
Definition: oidc_helper.c:49

References OIDC_Parameters::attr_list_len, GNUNET_RECLAIM_Ticket::audience, check_code_challenge(), OIDC_Parameters::code_challenge_len, GNUNET_ERROR_TYPE_DEBUG, GNUNET_ERROR_TYPE_ERROR, GNUNET_free, GNUNET_IDENTITY_signature_verify_(), GNUNET_log, GNUNET_memcmp, GNUNET_OK, GNUNET_RECLAIM_attribute_list_deserialize(), GNUNET_RECLAIM_presentation_list_deserialize(), GNUNET_SIGNATURE_PURPOSE_RECLAIM_CODE_SIGN, GNUNET_STRINGS_base64url_decode(), GNUNET_strndup, GNUNET_SYSERR, GNUNET_RECLAIM_Ticket::identity, OIDC_Parameters::nonce_len, OIDC_VERIFICATION_NO_CODE_VERIFIER, gnunet-chk::opts, OIDC_Parameters::pres_list_len, GNUNET_CRYPTO_EccSignaturePurpose::purpose, ticket, and OIDC_Parameters::ticket.

Referenced by consume_fail(), and token_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_build_token_response()

void OIDC_build_token_response ( const char *  access_token,
const char *  id_token,
const struct GNUNET_TIME_Relative expiration_time,
char **  token_response 
)

Build a token response for a token request TODO: Maybe we should add the scope here?

Parameters
access_tokenthe access token to include
id_tokenthe id_token to include
expiration_timethe expiration time of the token(s)
token_responsewhere to store the response

Definition at line 902 of file oidc_helper.c.

906 {
907  json_t *root_json;
908 
909  root_json = json_object ();
910 
911  GNUNET_assert (NULL != access_token);
912  GNUNET_assert (NULL != id_token);
913  GNUNET_assert (NULL != expiration_time);
914  json_object_set_new (root_json, "access_token", json_string (access_token));
915  json_object_set_new (root_json, "token_type", json_string ("Bearer"));
916  json_object_set_new (root_json,
917  "expires_in",
918  json_integer (expiration_time->rel_value_us
919  / (1000 * 1000)));
920  json_object_set_new (root_json, "id_token", json_string (id_token));
921  *token_response = json_dumps (root_json, JSON_INDENT (0) | JSON_COMPACT);
922  json_decref (root_json);
923 }
uint64_t rel_value_us
The actual value.

References GNUNET_assert, and GNUNET_TIME_Relative::rel_value_us.

Referenced by token_endpoint().

Here is the caller graph for this function:

◆ OIDC_access_token_new()

char* OIDC_access_token_new ( const struct GNUNET_RECLAIM_Ticket ticket)

Generate a new access token.

Definition at line 930 of file oidc_helper.c.

931 {
932  char *access_token;
933 
935  sizeof(*ticket),
936  &access_token);
937  return access_token;
938 }
size_t GNUNET_STRINGS_base64_encode(const void *in, size_t len, char **output)
Encode into Base64.
Definition: strings.c:1608

References GNUNET_STRINGS_base64_encode(), and ticket.

Referenced by token_endpoint().

Here is the call graph for this function:
Here is the caller graph for this function:

◆ OIDC_access_token_parse()

int OIDC_access_token_parse ( const char *  token,
struct GNUNET_RECLAIM_Ticket **  ticket 
)

Parse an access token.

Definition at line 945 of file oidc_helper.c.

947 {
948  size_t sret;
949  char *decoded;
950  sret = GNUNET_STRINGS_base64_decode (token,
951  strlen (token),
952  (void**) &decoded);
953  if (sizeof (struct GNUNET_RECLAIM_Ticket) != sret)
954  {
955  GNUNET_free (decoded);
956  return GNUNET_SYSERR;
957  }
958  *ticket = (struct GNUNET_RECLAIM_Ticket *) decoded;
959  return GNUNET_OK;
960 }
size_t GNUNET_STRINGS_base64_decode(const char *data, size_t len, void **output)
Decode from Base64.
Definition: strings.c:1696
The authorization ticket.

Referenced by userinfo_endpoint().

Here is the caller graph for this function:

◆ OIDC_check_scopes_for_claim_request()

enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request ( const char *  scopes,
const char *  attr 
)

Checks if a claim is implicitly requested through standard scope(s) or explicitly through non-standard scope.

Checks if a claim is implicitly requested through standard scope(s)

Parameters
scopesthe scopes which have been requested
attrthe attribute name to check
Returns
GNUNET_YES if attribute is implcitly requested

attribute matches requested scope

Definition at line 945 of file oidc_helper.c.

974 {
975  char *scope_variables;
976  char *scope_variable;
977  char delimiter[] = " ";
978  int i;
979 
980  scope_variables = GNUNET_strdup (scopes);
981  scope_variable = strtok (scope_variables, delimiter);
982  while (NULL != scope_variable)
983  {
984  if (0 == strcmp ("profile", scope_variable))
985  {
986  for (i = 0; i < 14; i++)
987  {
988  if (0 == strcmp (attr, OIDC_profile_claims[i]))
989  {
990  GNUNET_free (scope_variables);
991  return GNUNET_YES;
992  }
993  }
994  }
995  else if (0 == strcmp ("address", scope_variable))
996  {
997  for (i = 0; i < 5; i++)
998  {
999  if (0 == strcmp (attr, OIDC_address_claims[i]))
1000  {
1001  GNUNET_free (scope_variables);
1002  return GNUNET_YES;
1003  }
1004  }
1005  }
1006  else if (0 == strcmp ("email", scope_variable))
1007  {
1008  for (i = 0; i < 2; i++)
1009  {
1010  if (0 == strcmp (attr, OIDC_email_claims[i]))
1011  {
1012  GNUNET_free (scope_variables);
1013  return GNUNET_YES;
1014  }
1015  }
1016  }
1017  else if (0 == strcmp ("phone", scope_variable))
1018  {
1019  for (i = 0; i < 2; i++)
1020  {
1021  if (0 == strcmp (attr, OIDC_phone_claims[i]))
1022  {
1023  GNUNET_free (scope_variables);
1024  return GNUNET_YES;
1025  }
1026  }
1027 
1028  }
1029  else if (0 == strcmp (attr, scope_variable))
1030  {
1032  GNUNET_free (scope_variables);
1033  return GNUNET_YES;
1034  }
1035  scope_variable = strtok (NULL, delimiter);
1036  }
1037  GNUNET_free (scope_variables);
1038  return GNUNET_NO;
1039 
1040 }
#define GNUNET_strdup(a)
Wrapper around GNUNET_xstrdup_.
static char OIDC_email_claims[2][16]
Standard claims represented by the "email" scope in OIDC.
Definition: oidc_helper.c:86
static char OIDC_phone_claims[2][32]
Standard claims represented by the "phone" scope in OIDC.
Definition: oidc_helper.c:93
static GNUNET_NETWORK_STRUCT_END char OIDC_profile_claims[14][32]
Standard claims represented by the "profile" scope in OIDC.
Definition: oidc_helper.c:77

Referenced by attr_in_claims_request().

Here is the caller graph for this function:

Variable Documentation

◆ OIDC_profile_claims

GNUNET_NETWORK_STRUCT_END char OIDC_profile_claims[14][32]
static
Initial value:
= {
"name", "family_name", "given_name", "middle_name", "nickname",
"preferred_username", "profile", "picture", "website", "gender", "birthdate",
"zoneinfo", "locale", "updated_at"
}

Standard claims represented by the "profile" scope in OIDC.

Definition at line 77 of file oidc_helper.c.

◆ OIDC_email_claims

char OIDC_email_claims[2][16]
static
Initial value:
= {
"email", "email_verified"
}

Standard claims represented by the "email" scope in OIDC.

Definition at line 86 of file oidc_helper.c.

◆ OIDC_phone_claims

char OIDC_phone_claims[2][32]
static
Initial value:
= {
"phone_number", "phone_number_verified"
}

Standard claims represented by the "phone" scope in OIDC.

Definition at line 93 of file oidc_helper.c.

◆ OIDC_address_claims

char OIDC_address_claims[5][32]
static
Initial value:
= {
"street_address", "locality", "region", "postal_code", "country"
}

Standard claims represented by the "address" scope in OIDC.

Definition at line 100 of file oidc_helper.c.