Iddawc
Handle the flow of OAuth2 and OpenID Connect authentication process from the client side.
Macros | Enumerations
Constants and properties

Macros

#define I_OK   0
 Success. More...
 
#define I_ERROR   1
 Error. More...
 
#define I_ERROR_PARAM   2
 Error in parameters. More...
 
#define I_ERROR_MEMORY   3
 Memory error. More...
 
#define I_ERROR_UNAUTHORIZED   4
 Request unauthorized. More...
 
#define I_ERROR_SERVER   5
 Server error. More...
 
#define I_RESPONSE_TYPE_NONE   0x00000000
 No response type. More...
 
#define I_RESPONSE_TYPE_CODE   0x00000001
 Response type code. More...
 
#define I_RESPONSE_TYPE_TOKEN   0x00000010
 Response type token. More...
 
#define I_RESPONSE_TYPE_ID_TOKEN   0x00000100
 Response type id_token. More...
 
#define I_RESPONSE_TYPE_PASSWORD   0x00001000
 Grant type password. More...
 
#define I_RESPONSE_TYPE_CLIENT_CREDENTIALS   0x00010000
 Grant type client_credentials. More...
 
#define I_RESPONSE_TYPE_REFRESH_TOKEN   0x00100000
 Grant type refresh_token. More...
 
#define I_RESPONSE_TYPE_DEVICE_CODE   0x01000000
 Grant type urn:ietf:params:oauth:grant-type:device_code. More...
 
#define I_AUTH_METHOD_GET   0x00000001
 access auth endpoint using GET method More...
 
#define I_AUTH_METHOD_POST   0x00000010
 access auth endpoint using POST method More...
 
#define I_AUTH_METHOD_JWT_SIGN_SECRET   0x00000100
 access auth endpoint using a JWT signed with the client secret More...
 
#define I_AUTH_METHOD_JWT_SIGN_PRIVKEY   0x00001000
 access auth endpoint using a JWT signed with the client private key More...
 
#define I_AUTH_METHOD_JWT_ENCRYPT_SECRET   0x00010000
 access auth endpoint using a JWT encrypted with the client secret More...
 
#define I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY   0x00100000
 access auth endpoint using a JWT encrypted with the client private key More...
 
#define I_TOKEN_AUTH_METHOD_SECRET_BASIC   0
 access token endpoint using HTTP basic auth with client_id and client password More...
 
#define I_TOKEN_AUTH_METHOD_SECRET_POST   1
 access token endpoint using secret send in POST parameters More...
 
#define I_TOKEN_AUTH_METHOD_SECRET_JWT   2
 access token endpoint using a JWT signed with the client secret More...
 
#define I_TOKEN_AUTH_METHOD_PRIVATE_JWT   3
 access token endpoint using a JWT signed with the client private key More...
 
#define I_TOKEN_AUTH_METHOD_NONE   4
 access token endpoint using no authentication More...
 
#define I_STRICT_NO   0
 Do not stricly conform to openid config result. More...
 
#define I_STRICT_YES   1
 Stricly conform to openid config result. More...
 
#define I_AUTH_SIGN_ALG_MAX_LENGTH   8
 Max length of a sign algorithm name. More...
 
#define I_BEARER_TYPE_HEADER   0
 Bearer type header, the token will be available in the header. More...
 
#define I_BEARER_TYPE_BODY   1
 Bearer type body, the token will be available as a body url-encoded parameter. More...
 
#define I_BEARER_TYPE_URL   2
 Bearer type url, the token will be available as a url query parameter. More...
 
#define I_HEADER_PREFIX_BEARER   "Bearer "
 
#define I_HEADER_AUTHORIZATION   "Authorization"
 
#define I_BODY_URL_PARAMETER   "access_token"
 
#define I_HEADER_DPOP   "DPoP"
 

Enumerations

enum  i_option {
  I_OPT_NONE = 0 , I_OPT_RESPONSE_TYPE = 1 , I_OPT_SCOPE = 2 , I_OPT_SCOPE_APPEND = 3 ,
  I_OPT_STATE = 4 , I_OPT_NONCE = 5 , I_OPT_REDIRECT_URI = 6 , I_OPT_REDIRECT_TO = 7 ,
  I_OPT_CLIENT_ID = 8 , I_OPT_CLIENT_SECRET = 9 , I_OPT_ADDITIONAL_PARAMETER = 10 , I_OPT_ADDITIONAL_RESPONSE = 11 ,
  I_OPT_AUTH_ENDPOINT = 12 , I_OPT_TOKEN_ENDPOINT = 13 , I_OPT_OPENID_CONFIG_ENDPOINT = 14 , I_OPT_OPENID_CONFIG = 15 ,
  I_OPT_OPENID_CONFIG_STRICT = 16 , I_OPT_USERINFO_ENDPOINT = 17 , I_OPT_RESULT = 18 , I_OPT_ERROR = 19 ,
  I_OPT_ERROR_DESCRIPTION = 20 , I_OPT_ERROR_URI = 21 , I_OPT_CODE = 22 , I_OPT_REFRESH_TOKEN = 23 ,
  I_OPT_ACCESS_TOKEN = 24 , I_OPT_ID_TOKEN = 25 , I_OPT_AUTH_METHOD = 28 , I_OPT_TOKEN_METHOD = 29 ,
  I_OPT_TOKEN_TYPE = 30 , I_OPT_EXPIRES_IN = 31 , I_OPT_EXPIRES_AT = 32 , I_OPT_USERNAME = 33 ,
  I_OPT_USER_PASSWORD = 34 , I_OPT_ISSUER = 35 , I_OPT_USERINFO = 36 , I_OPT_NONCE_GENERATE = 37 ,
  I_OPT_STATE_GENERATE = 38 , I_OPT_X5U_FLAGS = 39 , I_OPT_SERVER_KID = 40 , I_OPT_CLIENT_KID = 41 ,
  I_OPT_CLIENT_SIGN_ALG = 42 , I_OPT_CLIENT_ENC_ALG = 43 , I_OPT_CLIENT_ENC = 44 , I_OPT_TOKEN_JTI = 45 ,
  I_OPT_TOKEN_JTI_GENERATE = 46 , I_OPT_TOKEN_EXP = 47 , I_OPT_TOKEN_TARGET = 48 , I_OPT_TOKEN_TARGET_TYPE_HINT = 49 ,
  I_OPT_REVOCATION_ENDPOINT = 50 , I_OPT_INTROSPECTION_ENDPOINT = 51 , I_OPT_REGISTRATION_ENDPOINT = 52 , I_OPT_DEVICE_AUTHORIZATION_ENDPOINT = 53 ,
  I_OPT_DEVICE_AUTH_CODE = 54 , I_OPT_DEVICE_AUTH_USER_CODE = 55 , I_OPT_DEVICE_AUTH_VERIFICATION_URI = 56 , I_OPT_DEVICE_AUTH_VERIFICATION_URI_COMPLETE = 57 ,
  I_OPT_DEVICE_AUTH_EXPIRES_IN = 58 , I_OPT_DEVICE_AUTH_INTERVAL = 59 , I_OPT_END_SESSION_ENDPOINT = 60 , I_OPT_CHECK_SESSION_IRAME = 61 ,
  I_OPT_PUSHED_AUTH_REQ_ENDPOINT = 62 , I_OPT_PUSHED_AUTH_REQ_REQUIRED = 63 , I_OPT_PUSHED_AUTH_REQ_EXPIRES_IN = 64 , I_OPT_PUSHED_AUTH_REQ_URI = 65
}
 

Detailed Description

Iddawc OAuth2 client library

iddawc.h: structures and functions declarations

Copyright 2019-2020 Nicolas Mora mail@.nosp@m.babe.nosp@m.loues.nosp@m.t.or.nosp@m.g

This program is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; version 2.1 of the License.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU GENERAL PUBLIC LICENSE for more details.

You should have received a copy of the GNU General Public License along with this library. If not, see http://www.gnu.org/licenses/.

Constant values used as input or output

Macro Definition Documentation

◆ I_OK

#define I_OK   0

Success.

◆ I_ERROR

#define I_ERROR   1

Error.

◆ I_ERROR_PARAM

#define I_ERROR_PARAM   2

Error in parameters.

◆ I_ERROR_MEMORY

#define I_ERROR_MEMORY   3

Memory error.

◆ I_ERROR_UNAUTHORIZED

#define I_ERROR_UNAUTHORIZED   4

Request unauthorized.

◆ I_ERROR_SERVER

#define I_ERROR_SERVER   5

Server error.

◆ I_RESPONSE_TYPE_NONE

#define I_RESPONSE_TYPE_NONE   0x00000000

No response type.

◆ I_RESPONSE_TYPE_CODE

#define I_RESPONSE_TYPE_CODE   0x00000001

Response type code.

◆ I_RESPONSE_TYPE_TOKEN

#define I_RESPONSE_TYPE_TOKEN   0x00000010

Response type token.

◆ I_RESPONSE_TYPE_ID_TOKEN

#define I_RESPONSE_TYPE_ID_TOKEN   0x00000100

Response type id_token.

◆ I_RESPONSE_TYPE_PASSWORD

#define I_RESPONSE_TYPE_PASSWORD   0x00001000

Grant type password.

◆ I_RESPONSE_TYPE_CLIENT_CREDENTIALS

#define I_RESPONSE_TYPE_CLIENT_CREDENTIALS   0x00010000

Grant type client_credentials.

◆ I_RESPONSE_TYPE_REFRESH_TOKEN

#define I_RESPONSE_TYPE_REFRESH_TOKEN   0x00100000

Grant type refresh_token.

◆ I_RESPONSE_TYPE_DEVICE_CODE

#define I_RESPONSE_TYPE_DEVICE_CODE   0x01000000

Grant type urn:ietf:params:oauth:grant-type:device_code.

◆ I_AUTH_METHOD_GET

#define I_AUTH_METHOD_GET   0x00000001

access auth endpoint using GET method

◆ I_AUTH_METHOD_POST

#define I_AUTH_METHOD_POST   0x00000010

access auth endpoint using POST method

◆ I_AUTH_METHOD_JWT_SIGN_SECRET

#define I_AUTH_METHOD_JWT_SIGN_SECRET   0x00000100

access auth endpoint using a JWT signed with the client secret

◆ I_AUTH_METHOD_JWT_SIGN_PRIVKEY

#define I_AUTH_METHOD_JWT_SIGN_PRIVKEY   0x00001000

access auth endpoint using a JWT signed with the client private key

◆ I_AUTH_METHOD_JWT_ENCRYPT_SECRET

#define I_AUTH_METHOD_JWT_ENCRYPT_SECRET   0x00010000

access auth endpoint using a JWT encrypted with the client secret

◆ I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY

#define I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY   0x00100000

access auth endpoint using a JWT encrypted with the client private key

◆ I_TOKEN_AUTH_METHOD_SECRET_BASIC

#define I_TOKEN_AUTH_METHOD_SECRET_BASIC   0

access token endpoint using HTTP basic auth with client_id and client password

◆ I_TOKEN_AUTH_METHOD_SECRET_POST

#define I_TOKEN_AUTH_METHOD_SECRET_POST   1

access token endpoint using secret send in POST parameters

◆ I_TOKEN_AUTH_METHOD_SECRET_JWT

#define I_TOKEN_AUTH_METHOD_SECRET_JWT   2

access token endpoint using a JWT signed with the client secret

◆ I_TOKEN_AUTH_METHOD_PRIVATE_JWT

#define I_TOKEN_AUTH_METHOD_PRIVATE_JWT   3

access token endpoint using a JWT signed with the client private key

◆ I_TOKEN_AUTH_METHOD_NONE

#define I_TOKEN_AUTH_METHOD_NONE   4

access token endpoint using no authentication

◆ I_STRICT_NO

#define I_STRICT_NO   0

Do not stricly conform to openid config result.

◆ I_STRICT_YES

#define I_STRICT_YES   1

Stricly conform to openid config result.

◆ I_AUTH_SIGN_ALG_MAX_LENGTH

#define I_AUTH_SIGN_ALG_MAX_LENGTH   8

Max length of a sign algorithm name.

◆ I_BEARER_TYPE_HEADER

#define I_BEARER_TYPE_HEADER   0

Bearer type header, the token will be available in the header.

◆ I_BEARER_TYPE_BODY

#define I_BEARER_TYPE_BODY   1

Bearer type body, the token will be available as a body url-encoded parameter.

◆ I_BEARER_TYPE_URL

#define I_BEARER_TYPE_URL   2

Bearer type url, the token will be available as a url query parameter.

◆ I_HEADER_PREFIX_BEARER

#define I_HEADER_PREFIX_BEARER   "Bearer "

◆ I_HEADER_AUTHORIZATION

#define I_HEADER_AUTHORIZATION   "Authorization"

◆ I_BODY_URL_PARAMETER

#define I_BODY_URL_PARAMETER   "access_token"

◆ I_HEADER_DPOP

#define I_HEADER_DPOP   "DPoP"

Enumeration Type Documentation

◆ i_option

enum i_option

Options available to set or get properties using i_set_int_parameter, i_set_str_parameter, i_get_int_parameter or i_get_str_parameter

Enumerator
I_OPT_NONE 

Empty option to complete a i_set_parameter_list.

I_OPT_RESPONSE_TYPE 

response_type, values available are I_RESPONSE_TYPE_CODE, I_RESPONSE_TYPE_TOKEN, I_RESPONSE_TYPE_ID_TOKEN, I_RESPONSE_TYPE_PASSWORD, I_RESPONSE_TYPE_CLIENT_CREDENTIALS and I_RESPONSE_TYPE_REFRESH_TOKEN

I_OPT_SCOPE 

scope values, string, multiple scopes must be separated by a space character: "scope1 openid"

I_OPT_SCOPE_APPEND 

append another scope value to the scope list, string

I_OPT_STATE 

state value, string

I_OPT_NONCE 

nonce value, string

I_OPT_REDIRECT_URI 

redirect_uri, string

I_OPT_REDIRECT_TO 

url where the oauth2 is redirected to after a /auth request

I_OPT_CLIENT_ID 

client_id, string

I_OPT_CLIENT_SECRET 

client secret, string

I_OPT_ADDITIONAL_PARAMETER 

use this option to pass any additional parameter value in the /auth request

I_OPT_ADDITIONAL_RESPONSE 
I_OPT_AUTH_ENDPOINT 

absolute url for the auth endpoint, string

I_OPT_TOKEN_ENDPOINT 

absolute url for the token endpoint, string

I_OPT_OPENID_CONFIG_ENDPOINT 

absolute url for the .well-known/openid-configuration endpoint, string

I_OPT_OPENID_CONFIG 

result of the .well-known/openid-configuration

I_OPT_OPENID_CONFIG_STRICT 

must the .well-known/openid-configuration parameters be strictly

I_OPT_USERINFO_ENDPOINT 

absolute url for the userinfo endpoint or equivalent, string

I_OPT_RESULT 

result of a request

I_OPT_ERROR 

error value of a failed request, string

I_OPT_ERROR_DESCRIPTION 

error description of a failed request, string

I_OPT_ERROR_URI 

error uri of a failed request, string

I_OPT_CODE 

code given after a succesfull auth request using the response_type I_RESPONSE_TYPE_CODE

I_OPT_REFRESH_TOKEN 

refresh token given after a succesfull token request using the proper response_type

I_OPT_ACCESS_TOKEN 

access token given after a succesfull auth or token request using the proper response_type

I_OPT_ID_TOKEN 

id_token given after a succesfull auth or token request using the proper response_type

I_OPT_AUTH_METHOD 

Authentication method to use with the auth endpoint, values available are I_AUTH_METHOD_GET, I_AUTH_METHOD_POST, I_AUTH_METHOD_JWT_SIGN_SECRET, I_AUTH_METHOD_JWT_SIGN_PRIVKEY, I_AUTH_METHOD_JWT_ENCRYPT_SECRET or I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY, values I_AUTH_METHOD_JWT_SIGN_SECRET, I_AUTH_METHOD_JWT_SIGN_PRIVKEY, I_AUTH_METHOD_JWT_ENCRYPT_SECRET or I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY can be combined with I_AUTH_METHOD_GET or I_AUTH_METHOD_POST.

I_OPT_TOKEN_METHOD 

Authentication method to use with the token endpoint, values available are I_TOKEN_AUTH_METHOD_SECRET_BASIC, I_TOKEN_AUTH_METHOD_SECRET_POST, I_TOKEN_AUTH_METHOD_SECRET_JWT, I_TOKEN_AUTH_METHOD_PRIVATE_JWT, I_TOKEN_AUTH_METHOD_NONE.

I_OPT_TOKEN_TYPE 

token_type value after a succesfull auth or token request, string

I_OPT_EXPIRES_IN 

expires_in value after a succesfull auth or token request, integer

I_OPT_EXPIRES_AT 

expires_at value after a succesfull auth or token request, time_t

I_OPT_USERNAME 

username for password response_types, string

I_OPT_USER_PASSWORD 

password for password response_types, string

I_OPT_ISSUER 

issuer value, string

I_OPT_USERINFO 

userinfo result, string

I_OPT_NONCE_GENERATE 

generate a random nonce value

I_OPT_STATE_GENERATE 

generate a random state value

I_OPT_X5U_FLAGS 

x5u flage to apply when JWK used have a x5u property, values available are R_FLAG_IGNORE_SERVER_CERTIFICATE: ignrore if web server certificate is invalid, R_FLAG_FOLLOW_REDIRECT: follow redirections if necessary, R_FLAG_IGNORE_REMOTE: do not download remote key

I_OPT_SERVER_KID 

key id to use if multiple jwk are available on the server, string

I_OPT_CLIENT_KID 

key id to use if multiple jwk are available on the client, string

I_OPT_CLIENT_SIGN_ALG 

signature algorithm to use when the client signs a request in a JWT, values available are 'none', 'HS256', 'HS384', 'HS512', 'RS256', 'RS384', 'RS512', 'ES256', 'ES384', 'ES512', 'PS256', 'PS384', 'PS512', 'EDDSA'

I_OPT_CLIENT_ENC_ALG 

key encryption algorithm to use when the client encrypts a request in a JWT, values available are 'RSA1_5', 'RSA_OAEP', 'RSA_OAEP_256', 'A128KW', 'A192KW', 'A256KW', 'DIR', 'ECDH_ES', 'ECDH_ES_A128KW', 'ECDH_ES_A192KW', 'ECDH_ES_A256KW', 'A128GCMKW', 'A192GCMKW', 'A256GCMKW', 'PBES2_H256', 'PBES2_H384 or 'PBES2_H512', warning: some algorithm may be unavailable depending on Rhonabwy version used

I_OPT_CLIENT_ENC 

data encryption algorithm to use when the client encrypts a request in a JWT, values available are 'A128CBC,' 'A192CBC,' 'A256CBC,' 'A128GCM,' 'A192GCM,' 'A256GCM,' warning: some algorithm may be unavailable depending on Rhonabwy version used

I_OPT_TOKEN_JTI 

jti value, string

I_OPT_TOKEN_JTI_GENERATE 

generate a random jti value

I_OPT_TOKEN_EXP 

JWT token request expiration time in seconds.

I_OPT_TOKEN_TARGET 

access_token which is the target of a revocation or an introspection, string

I_OPT_TOKEN_TARGET_TYPE_HINT 

access_token which is the target of a revocation or an introspection, string

I_OPT_REVOCATION_ENDPOINT 

absolute url for the revocation endpoint, string

I_OPT_INTROSPECTION_ENDPOINT 

absolute url for the introspection endpoint, string

I_OPT_REGISTRATION_ENDPOINT 

absolute url for the client registration endpoint, string

I_OPT_DEVICE_AUTHORIZATION_ENDPOINT 

absolute url for the pushed authorization endpoint, string

I_OPT_DEVICE_AUTH_CODE 

device authorization code sent by the AS

I_OPT_DEVICE_AUTH_USER_CODE 

device authorization user code sent by the AS

I_OPT_DEVICE_AUTH_VERIFICATION_URI 

device authorization verification URI sent by the AS

I_OPT_DEVICE_AUTH_VERIFICATION_URI_COMPLETE 

device authorization verification URI complete sent by the AS

I_OPT_DEVICE_AUTH_EXPIRES_IN 

device authorization code expiration sent by the AS

I_OPT_DEVICE_AUTH_INTERVAL 

device authorization code verification interval sent by the AS

I_OPT_END_SESSION_ENDPOINT 

absolute url for the end session endpoint, string

I_OPT_CHECK_SESSION_IRAME 

absolute url for the check session iframe, string

I_OPT_PUSHED_AUTH_REQ_ENDPOINT 

absolute url for the pushed authoization endpoint, string

I_OPT_PUSHED_AUTH_REQ_REQUIRED 

are pushed authorization requests required, boolean

I_OPT_PUSHED_AUTH_REQ_EXPIRES_IN 

pushed authorization request expiration time in seconds

I_OPT_PUSHED_AUTH_REQ_URI 

request_uri sent by the par endpoint result, string