GNUnet 0.24.1-16-gbc519cf4b
oidc_helper.h
Go to the documentation of this file.
1/*
2 This file is part of GNUnet
3 Copyright (C) 2010-2015 GNUnet e.V.
4
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
9
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
14
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
17
18 SPDX-License-Identifier: AGPL3.0-or-later
19 */
20
27#ifndef JWT_H
28#define JWT_H
29
30#include "gnunet_util_lib.h"
31#include "gnunet_reclaim_service.h"
32#define JWT_ALG "alg"
33#define JWT_TYP "typ"
34#define JWT_TYP_VALUE "jwt"
35
36#define JWT_ALG_VALUE_HMAC "HS512"
37#define JWT_ALG_VALUE_RSA "RS256"
38
39#define SERVER_ADDRESS "http://localhost:7776"
40
41enum OIDC_VerificationOptions
42{
46 OIDC_VERIFICATION_DEFAULT = 0,
47
51 OIDC_VERIFICATION_NO_CODE_VERIFIER = 1
52};
53
65char *
66OIDC_generate_id_token_rsa (const char *rp_uri,
67 const struct GNUNET_CRYPTO_PublicKey *sub_key,
68 const struct GNUNET_RECLAIM_AttributeList *attrs,
69 const struct
70 GNUNET_RECLAIM_PresentationList *presentations,
71 const struct GNUNET_TIME_Relative *expiration_time,
72 const char *nonce,
73 const json_t *secret_rsa_key);
74
86char*
87OIDC_generate_id_token_hmac (const char *rp_uri,
88 const struct GNUNET_CRYPTO_PublicKey *sub_key,
89 const struct GNUNET_RECLAIM_AttributeList *attrs,
90 const struct
91 GNUNET_RECLAIM_PresentationList *presentations,
92 const struct GNUNET_TIME_Relative *expiration_time,
93 const char *nonce,
94 const char *secret_key);
95
109char*
110OIDC_build_authz_code (const struct GNUNET_CRYPTO_PrivateKey *issuer,
111 const struct GNUNET_RECLAIM_Ticket *ticket,
112 const struct GNUNET_RECLAIM_AttributeList *attrs,
113 const struct
114 GNUNET_RECLAIM_PresentationList *presentations,
115 const char *nonce,
116 const char *code_challenge);
117
132int
133OIDC_parse_authz_code (const char *rp_uri,
134 const struct GNUNET_CRYPTO_PublicKey *cid,
135 const char *code,
136 const char *code_verifier,
137 struct GNUNET_RECLAIM_Ticket *ticket,
138 struct GNUNET_RECLAIM_AttributeList **attrs,
139 struct GNUNET_RECLAIM_PresentationList **presentations,
140 char **nonce,
141 enum OIDC_VerificationOptions opts, char **emsg);
142
152void
153OIDC_build_token_response (const char *access_token,
154 const char *id_token,
155 const struct GNUNET_TIME_Relative *expiration_time,
156 char **token_response);
157
161char*
162OIDC_access_token_new (const struct GNUNET_RECLAIM_Ticket *ticket,
163 const char *rp_uri);
164
168int
169OIDC_access_token_parse (const char *token,
170 struct GNUNET_RECLAIM_Ticket **ticket,
171 char **rp_uri);
172
173
182enum GNUNET_GenericReturnValue
183OIDC_check_scopes_for_claim_request (const char *scopes,
184 const char *attr);
185
186
195char *
196OIDC_generate_userinfo (const struct GNUNET_CRYPTO_PublicKey *sub_key,
197 const struct GNUNET_RECLAIM_AttributeList *attrs,
198 const struct
199 GNUNET_RECLAIM_PresentationList *presentations);
200
201#endif
ticket
static struct GNUNET_RECLAIM_Ticket ticket
Ticket to consume.
Definition: gnunet-reclaim.c:164
gnunet_reclaim_service.h
reclaim service; implements identity and personal data sharing for GNUnet
gnunet_util_lib.h
GNUNET_GenericReturnValue
GNUNET_GenericReturnValue
Named constants for return values.
Definition: gnunet_common.h:108
OIDC_generate_id_token_rsa
char * OIDC_generate_id_token_rsa(const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const json_t *secret_rsa_key)
Create a JWT using RSA256 algorithm from attributes.
Definition: oidc_helper.c:423
OIDC_generate_userinfo
char * OIDC_generate_userinfo(const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations)
Generate userinfo JSON as string.
Definition: oidc_helper.c:348
OIDC_parse_authz_code
int OIDC_parse_authz_code(const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *cid, const char *code, const char *code_verifier, struct GNUNET_RECLAIM_Ticket *ticket, struct GNUNET_RECLAIM_AttributeList **attrs, struct GNUNET_RECLAIM_PresentationList **presentations, char **nonce, enum OIDC_VerificationOptions opts, char **emsg)
Parse reclaim ticket and nonce from authorization code.
Definition: oidc_helper.c:754
OIDC_generate_id_token_hmac
char * OIDC_generate_id_token_hmac(const char *rp_uri, const struct GNUNET_CRYPTO_PublicKey *sub_key, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const struct GNUNET_TIME_Relative *expiration_time, const char *nonce, const char *secret_key)
Create a JWT using HMAC (HS256) from attributes.
Definition: oidc_helper.c:475
OIDC_access_token_new
char * OIDC_access_token_new(const struct GNUNET_RECLAIM_Ticket *ticket, const char *rp_uri)
Generate a new access token.
Definition: oidc_helper.c:901
OIDC_VerificationOptions
OIDC_VerificationOptions
Definition: oidc_helper.h:42
OIDC_VERIFICATION_NO_CODE_VERIFIER
@ OIDC_VERIFICATION_NO_CODE_VERIFIER
Do not check code verifier even if expected.
Definition: oidc_helper.h:51
OIDC_VERIFICATION_DEFAULT
@ OIDC_VERIFICATION_DEFAULT
Strict verification.
Definition: oidc_helper.h:46
OIDC_access_token_parse
int OIDC_access_token_parse(const char *token, struct GNUNET_RECLAIM_Ticket **ticket, char **rp_uri)
Parse an access token.
Definition: oidc_helper.c:920
OIDC_check_scopes_for_claim_request
enum GNUNET_GenericReturnValue OIDC_check_scopes_for_claim_request(const char *scopes, const char *attr)
Checks if a claim is implicitly requested through standard scope(s)
Definition: oidc_helper.c:959
OIDC_build_token_response
void OIDC_build_token_response(const char *access_token, const char *id_token, const struct GNUNET_TIME_Relative *expiration_time, char **token_response)
Build a token response for a token request TODO: Maybe we should add the scope here?
Definition: oidc_helper.c:873
OIDC_build_authz_code
char * OIDC_build_authz_code(const struct GNUNET_CRYPTO_PrivateKey *issuer, const struct GNUNET_RECLAIM_Ticket *ticket, const struct GNUNET_RECLAIM_AttributeList *attrs, const struct GNUNET_RECLAIM_PresentationList *presentations, const char *nonce, const char *code_challenge)
Builds an OIDC authorization code including a reclaim ticket and nonce.
Definition: oidc_helper.c:567
GNUNET_CRYPTO_PrivateKey
A private key for an identity as per LSD0001.
Definition: gnunet_crypto_lib.h:400
GNUNET_CRYPTO_PublicKey
An identity key as per LSD0001.
Definition: gnunet_crypto_lib.h:427
GNUNET_RECLAIM_AttributeList
A list of GNUNET_RECLAIM_Attribute structures.
Definition: gnunet_reclaim_lib.h:230
GNUNET_RECLAIM_PresentationList
A list of GNUNET_RECLAIM_Presentation structures.
Definition: gnunet_reclaim_lib.h:303
GNUNET_RECLAIM_Ticket
The authorization ticket.
Definition: gnunet_reclaim_service.h:76
GNUNET_TIME_Relative
Time for relative time used by GNUnet, in microseconds.
Definition: gnunet_time_lib.h:79