36 #include "iddawc-cfg.h"
46 #define I_ERROR_PARAM 2
47 #define I_ERROR_MEMORY 3
48 #define I_ERROR_UNAUTHORIZED 4
49 #define I_ERROR_SERVER 5
51 #define I_RESPONSE_TYPE_NONE 0x00000000
52 #define I_RESPONSE_TYPE_CODE 0x00000001
53 #define I_RESPONSE_TYPE_TOKEN 0x00000010
54 #define I_RESPONSE_TYPE_ID_TOKEN 0x00000100
55 #define I_RESPONSE_TYPE_PASSWORD 0x00001000
56 #define I_RESPONSE_TYPE_CLIENT_CREDENTIALS 0x00010000
57 #define I_RESPONSE_TYPE_REFRESH_TOKEN 0x00100000
58 #define I_RESPONSE_TYPE_DEVICE_CODE 0x01000000
60 #define I_AUTH_METHOD_GET 0x00000001
61 #define I_AUTH_METHOD_POST 0x00000010
62 #define I_AUTH_METHOD_JWT_SIGN_SECRET 0x00000100
63 #define I_AUTH_METHOD_JWT_SIGN_PRIVKEY 0x00001000
64 #define I_AUTH_METHOD_JWT_ENCRYPT_SECRET 0x00010000
65 #define I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY 0x00100000
67 #define I_TOKEN_AUTH_METHOD_SECRET_BASIC 0
68 #define I_TOKEN_AUTH_METHOD_SECRET_POST 1
69 #define I_TOKEN_AUTH_METHOD_SECRET_JWT 2
70 #define I_TOKEN_AUTH_METHOD_PRIVATE_JWT 3
71 #define I_TOKEN_AUTH_METHOD_NONE 4
74 #define I_STRICT_YES 1
76 #define I_AUTH_SIGN_ALG_MAX_LENGTH 8
78 #define I_BEARER_TYPE_HEADER 0
79 #define I_BEARER_TYPE_BODY 1
80 #define I_BEARER_TYPE_URL 2
82 #define I_HEADER_PREFIX_BEARER "Bearer "
83 #define I_HEADER_AUTHORIZATION "Authorization"
84 #define I_BODY_URL_PARAMETER "access_token"
85 #define I_HEADER_DPOP "DPoP"
633 int i_perform_api_request(
struct _i_session * i_session,
struct _u_request * http_request,
struct _u_response * http_response,
int refresh_if_expired,
int bearer_type,
int use_dpop, time_t dpop_iat);
i_option
Definition: iddawc.h:91
@ I_OPT_EXPIRES_AT
expires_at value after a succesfull auth or token request, time_t
Definition: iddawc.h:122
@ I_OPT_TOKEN_TYPE
token_type value after a succesfull auth or token request, string
Definition: iddawc.h:120
@ I_OPT_PUSHED_AUTH_REQ_REQUIRED
are pushed authorization requests required, boolean
Definition: iddawc.h:153
@ I_OPT_TOKEN_EXP
JWT token request expiration time in seconds.
Definition: iddawc.h:137
@ I_OPT_DEVICE_AUTH_CODE
device authorization code sent by the AS
Definition: iddawc.h:144
@ I_OPT_ISSUER
issuer value, string
Definition: iddawc.h:125
@ I_OPT_ACCESS_TOKEN
access token given after a succesfull auth or token request using the proper response_type
Definition: iddawc.h:116
@ I_OPT_PUSHED_AUTH_REQ_ENDPOINT
absolute url for the pushed authoization endpoint, string
Definition: iddawc.h:152
@ I_OPT_TOKEN_JTI
jti value, string
Definition: iddawc.h:135
@ I_OPT_TOKEN_TARGET
access_token which is the target of a revocation or an introspection, string
Definition: iddawc.h:138
@ I_OPT_INTROSPECTION_ENDPOINT
absolute url for the introspection endpoint, string
Definition: iddawc.h:141
@ I_OPT_TOKEN_TARGET_TYPE_HINT
access_token which is the target of a revocation or an introspection, string
Definition: iddawc.h:139
@ I_OPT_TOKEN_METHOD
Authentication method to use with the token endpoint, values available are I_TOKEN_AUTH_METHOD_SECRET...
Definition: iddawc.h:119
@ I_OPT_X5U_FLAGS
x5u flage to apply when JWK used have a x5u property, values available are R_FLAG_IGNORE_SERVER_CERTI...
Definition: iddawc.h:129
@ I_OPT_TOKEN_JTI_GENERATE
generate a random jti value
Definition: iddawc.h:136
@ I_OPT_SERVER_KID
key id to use if multiple jwk are available on the server, string
Definition: iddawc.h:130
@ I_OPT_CODE
code given after a succesfull auth request using the response_type I_RESPONSE_TYPE_CODE
Definition: iddawc.h:114
@ I_OPT_OPENID_CONFIG_ENDPOINT
absolute url for the .well-known/openid-configuration endpoint, string
Definition: iddawc.h:106
@ I_OPT_ID_TOKEN
id_token given after a succesfull auth or token request using the proper response_type
Definition: iddawc.h:117
@ I_OPT_DEVICE_AUTHORIZATION_ENDPOINT
absolute url for the pushed authorization endpoint, string
Definition: iddawc.h:143
@ I_OPT_OPENID_CONFIG
result of the .well-known/openid-configuration
Definition: iddawc.h:107
@ I_OPT_NONE
Empty option to complete a i_set_parameter_list.
Definition: iddawc.h:92
@ I_OPT_CHECK_SESSION_IRAME
absolute url for the check session iframe, string
Definition: iddawc.h:151
@ I_OPT_DEVICE_AUTH_EXPIRES_IN
device authorization code expiration sent by the AS
Definition: iddawc.h:148
@ I_OPT_DEVICE_AUTH_INTERVAL
device authorization code verification interval sent by the AS
Definition: iddawc.h:149
@ I_OPT_REDIRECT_URI
redirect_uri, string
Definition: iddawc.h:98
@ I_OPT_CLIENT_ENC_ALG
key encryption algorithm to use when the client encrypts a request in a JWT, values available are 'RS...
Definition: iddawc.h:133
@ I_OPT_ERROR_URI
error uri of a failed request, string
Definition: iddawc.h:113
@ I_OPT_CLIENT_KID
key id to use if multiple jwk are available on the client, string
Definition: iddawc.h:131
@ I_OPT_REDIRECT_TO
url where the oauth2 is redirected to after a /auth request
Definition: iddawc.h:99
@ I_OPT_ADDITIONAL_RESPONSE
Definition: iddawc.h:103
@ I_OPT_NONCE
nonce value, string
Definition: iddawc.h:97
@ I_OPT_PUSHED_AUTH_REQ_EXPIRES_IN
pushed authorization request expiration time in seconds
Definition: iddawc.h:154
@ I_OPT_USER_PASSWORD
password for password response_types, string
Definition: iddawc.h:124
@ I_OPT_PUSHED_AUTH_REQ_URI
request_uri sent by the par endpoint result, string
Definition: iddawc.h:155
@ I_OPT_REVOCATION_ENDPOINT
absolute url for the revocation endpoint, string
Definition: iddawc.h:140
@ I_OPT_TOKEN_ENDPOINT
absolute url for the token endpoint, string
Definition: iddawc.h:105
@ I_OPT_REFRESH_TOKEN
refresh token given after a succesfull token request using the proper response_type
Definition: iddawc.h:115
@ I_OPT_STATE_GENERATE
generate a random state value
Definition: iddawc.h:128
@ I_OPT_CLIENT_SECRET
client secret, string
Definition: iddawc.h:101
@ I_OPT_CLIENT_SIGN_ALG
signature algorithm to use when the client signs a request in a JWT, values available are 'none',...
Definition: iddawc.h:132
@ I_OPT_SCOPE_APPEND
append another scope value to the scope list, string
Definition: iddawc.h:95
@ I_OPT_DEVICE_AUTH_VERIFICATION_URI
device authorization verification URI sent by the AS
Definition: iddawc.h:146
@ I_OPT_REGISTRATION_ENDPOINT
absolute url for the client registration endpoint, string
Definition: iddawc.h:142
@ I_OPT_CLIENT_ENC
data encryption algorithm to use when the client encrypts a request in a JWT, values available are 'A...
Definition: iddawc.h:134
@ I_OPT_EXPIRES_IN
expires_in value after a succesfull auth or token request, integer
Definition: iddawc.h:121
@ I_OPT_CLIENT_ID
client_id, string
Definition: iddawc.h:100
@ I_OPT_RESPONSE_TYPE
response_type, values available are I_RESPONSE_TYPE_CODE, I_RESPONSE_TYPE_TOKEN, I_RESPONSE_TYPE_ID_T...
Definition: iddawc.h:93
@ I_OPT_ERROR_DESCRIPTION
error description of a failed request, string
Definition: iddawc.h:112
@ I_OPT_AUTH_METHOD
Authentication method to use with the auth endpoint, values available are I_AUTH_METHOD_GET,...
Definition: iddawc.h:118
@ I_OPT_DEVICE_AUTH_USER_CODE
device authorization user code sent by the AS
Definition: iddawc.h:145
@ I_OPT_END_SESSION_ENDPOINT
absolute url for the end session endpoint, string
Definition: iddawc.h:150
@ I_OPT_ERROR
error value of a failed request, string
Definition: iddawc.h:111
@ I_OPT_USERINFO_ENDPOINT
absolute url for the userinfo endpoint or equivalent, string
Definition: iddawc.h:109
@ I_OPT_STATE
state value, string
Definition: iddawc.h:96
@ I_OPT_AUTH_ENDPOINT
absolute url for the auth endpoint, string
Definition: iddawc.h:104
@ I_OPT_USERNAME
username for password response_types, string
Definition: iddawc.h:123
@ I_OPT_OPENID_CONFIG_STRICT
must the .well-known/openid-configuration parameters be strictly
Definition: iddawc.h:108
@ I_OPT_SCOPE
scope values, string, multiple scopes must be separated by a space character: "scope1 openid"
Definition: iddawc.h:94
@ I_OPT_NONCE_GENERATE
generate a random nonce value
Definition: iddawc.h:127
@ I_OPT_USERINFO
userinfo result, string
Definition: iddawc.h:126
@ I_OPT_ADDITIONAL_PARAMETER
use this option to pass any additional parameter value in the /auth request
Definition: iddawc.h:102
@ I_OPT_RESULT
result of a request
Definition: iddawc.h:110
@ I_OPT_DEVICE_AUTH_VERIFICATION_URI_COMPLETE
device authorization verification URI complete sent by the AS
Definition: iddawc.h:147
int i_init_session(struct _i_session *i_session)
Definition: iddawc.c:901
void i_clean_session(struct _i_session *i_session)
Definition: iddawc.c:998
int i_global_init()
Definition: iddawc.c:883
void i_free(void *data)
Definition: iddawc.c:897
void i_global_close()
Definition: iddawc.c:892
uint i_get_int_parameter(struct _i_session *i_session, i_option option)
Definition: iddawc.c:1871
uint i_get_result(struct _i_session *i_session)
Definition: iddawc.c:1867
int i_set_additional_parameter(struct _i_session *i_session, const char *s_key, const char *s_value)
Definition: iddawc.c:1570
char * i_export_session_str(struct _i_session *i_session)
Definition: iddawc.c:3137
int i_import_session_json_t(struct _i_session *i_session, json_t *j_import)
Definition: iddawc.c:3040
int i_set_int_parameter(struct _i_session *i_session, i_option option, uint i_value)
Definition: iddawc.c:1059
char * i_get_rich_authorization_request(struct _i_session *i_session, const char *type)
Definition: iddawc.c:3393
const char * i_get_additional_parameter(struct _i_session *i_session, const char *s_key)
Definition: iddawc.c:2134
json_t * i_export_session_json_t(struct _i_session *i_session)
Definition: iddawc.c:2958
int i_set_result(struct _i_session *i_session, uint i_value)
Definition: iddawc.c:1055
const char * i_get_additional_response(struct _i_session *i_session, const char *s_key)
Definition: iddawc.c:2142
int i_set_parameter_list(struct _i_session *i_session,...)
Definition: iddawc.c:1594
const char * i_get_str_parameter(struct _i_session *i_session, i_option option)
Definition: iddawc.c:1993
int i_remove_rich_authorization_request(struct _i_session *i_session, const char *type)
Definition: iddawc.c:3373
uint i_get_response_type(struct _i_session *i_session)
Definition: iddawc.c:1863
int i_import_session_str(struct _i_session *i_session, const char *str_import)
Definition: iddawc.c:3148
int i_set_response_type(struct _i_session *i_session, uint i_value)
Definition: iddawc.c:1051
int i_set_str_parameter(struct _i_session *i_session, i_option option, const char *s_value)
Definition: iddawc.c:1184
int i_set_additional_response(struct _i_session *i_session, const char *s_key, const char *s_value)
Definition: iddawc.c:1582
int i_set_rich_authorization_request(struct _i_session *i_session, const char *type, const char *value)
Definition: iddawc.c:3339
int i_perform_api_request(struct _i_session *i_session, struct _u_request *http_request, struct _u_response *http_response, int refresh_if_expired, int bearer_type, int use_dpop, time_t dpop_iat)
Definition: iddawc.c:3249
int i_build_auth_url_get(struct _i_session *i_session)
Definition: iddawc.c:2150
int i_load_userinfo_custom(struct _i_session *i_session, const char *http_method, struct _u_map *additional_query, struct _u_map *additional_headers)
Definition: iddawc.c:1747
int i_run_auth_request(struct _i_session *i_session)
Definition: iddawc.c:2274
int i_revoke_token(struct _i_session *i_session)
Definition: iddawc.c:2785
char * i_generate_dpop_token(struct _i_session *i_session, const char *htm, const char *htu, time_t iat)
Definition: iddawc.c:3166
int i_run_device_auth_request(struct _i_session *i_session)
Definition: iddawc.c:3410
int i_verify_id_token(struct _i_session *i_session)
Definition: iddawc.c:2645
int i_load_userinfo(struct _i_session *i_session)
Definition: iddawc.c:1735
int i_parse_redirect_to(struct _i_session *i_session)
Definition: iddawc.c:1921
int i_run_par_request(struct _i_session *i_session)
Definition: iddawc.c:3482
int i_register_client(struct _i_session *i_session, json_t *j_parameters, int update_session, json_t **j_result)
Definition: iddawc.c:2897
int i_run_token_request(struct _i_session *i_session)
Definition: iddawc.c:2379
int i_load_openid_config(struct _i_session *i_session)
Definition: iddawc.c:1694
int i_introspect_token(struct _i_session *i_session, json_t **j_result)
Definition: iddawc.c:2840
char * error_description
Definition: iddawc.h:194
uint token_method
Definition: iddawc.h:207
time_t expires_at
Definition: iddawc.h:203
struct _u_map additional_response
Definition: iddawc.h:180
char * device_authorization_endpoint
Definition: iddawc.h:189
struct _u_map additional_parameters
Definition: iddawc.h:179
jwa_alg client_enc_alg
Definition: iddawc.h:213
char * token_target
Definition: iddawc.h:199
uint pushed_authorization_request_expires_in
Definition: iddawc.h:231
uint result
Definition: iddawc.h:192
char * device_auth_code
Definition: iddawc.h:224
char * redirect_to
Definition: iddawc.h:174
char * token_jti
Definition: iddawc.h:221
char * token_target_type_hint
Definition: iddawc.h:200
int x5u_flags
Definition: iddawc.h:215
char * redirect_uri
Definition: iddawc.h:173
jwks_t * client_jwks
Definition: iddawc.h:210
char * pushed_authorization_request_uri
Definition: iddawc.h:232
char * openid_config_endpoint
Definition: iddawc.h:183
char * userinfo_endpoint
Definition: iddawc.h:184
char * code
Definition: iddawc.h:196
json_t * openid_config
Definition: iddawc.h:216
char * error
Definition: iddawc.h:193
char * state
Definition: iddawc.h:171
json_t * j_userinfo
Definition: iddawc.h:220
uint expires_in
Definition: iddawc.h:202
char * userinfo
Definition: iddawc.h:219
char * client_id
Definition: iddawc.h:175
char * refresh_token
Definition: iddawc.h:197
char * revocation_endpoint
Definition: iddawc.h:185
char * user_password
Definition: iddawc.h:178
json_t * id_token_payload
Definition: iddawc.h:205
json_t * j_authorization_details
Definition: iddawc.h:223
uint token_exp
Definition: iddawc.h:222
char * error_uri
Definition: iddawc.h:195
char * client_kid
Definition: iddawc.h:211
char * token_type
Definition: iddawc.h:201
char * token_endpoint
Definition: iddawc.h:182
int openid_config_strict
Definition: iddawc.h:217
char * nonce
Definition: iddawc.h:172
uint require_pushed_authorization_requests
Definition: iddawc.h:230
char * access_token
Definition: iddawc.h:198
uint auth_method
Definition: iddawc.h:206
char * device_auth_verifucation_uri_complete
Definition: iddawc.h:227
char * check_session_iframe
Definition: iddawc.h:188
char * client_secret
Definition: iddawc.h:176
char * device_auth_verifucation_uri
Definition: iddawc.h:226
char * issuer
Definition: iddawc.h:218
char * username
Definition: iddawc.h:177
uint device_auth_interval
Definition: iddawc.h:229
char * server_kid
Definition: iddawc.h:209
char * registration_endpoint
Definition: iddawc.h:190
char * scope
Definition: iddawc.h:170
uint response_type
Definition: iddawc.h:169
char * end_session_endpoint
Definition: iddawc.h:187
jwa_alg client_sign_alg
Definition: iddawc.h:212
char * device_auth_user_code
Definition: iddawc.h:225
jwa_enc client_enc
Definition: iddawc.h:214
char * pushed_authorization_request_endpoint
Definition: iddawc.h:191
char * id_token
Definition: iddawc.h:204
char * authorization_endpoint
Definition: iddawc.h:181
uint device_auth_expires_in
Definition: iddawc.h:228
char * introspection_endpoint
Definition: iddawc.h:186
jwks_t * server_jwks
Definition: iddawc.h:208