File: oauth2_client.hrl

package info (click to toggle)
rabbitmq-server 4.0.5-8
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 37,972 kB
  • sloc: erlang: 257,835; javascript: 22,466; sh: 3,037; makefile: 2,517; python: 1,966; xml: 646; cs: 335; java: 244; ruby: 212; php: 100; perl: 63; awk: 13
file content (109 lines) | stat: -rw-r--r-- 3,893 bytes parent folder | download | duplicates (2)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
%% This Source Code Form is subject to the terms of the Mozilla Public
%% License, v. 2.0. If a copy of the MPL was not distributed with this
%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
%%
%% Copyright (c) 2020-2023 VMware, Inc. or its affiliates.  All rights reserved.
%%


% define access token request common constants

-define(DEFAULT_HTTP_TIMEOUT, 60000).

% Refresh tome this number of seconds before expires_in token's attribute
-define(REFRESH_IN_BEFORE_EXPIRES_IN, 5).

-define(DEFAULT_OPENID_CONFIGURATION_PATH, "/.well-known/openid-configuration").

% define access token request constants
-define(CONTENT_URLENCODED, "application/x-www-form-urlencoded").
-define(CONTENT_JSON, "application/json").
-define(REQUEST_GRANT_TYPE, "grant_type").
-define(CLIENT_CREDENTIALS_GRANT_TYPE, "client_credentials").
-define(REFRESH_TOKEN_GRANT_TYPE, "refresh_token").

-define(REQUEST_CLIENT_ID, "client_id").
-define(REQUEST_CLIENT_SECRET, "client_secret").
-define(REQUEST_SCOPE, "scope").
-define(REQUEST_REFRESH_TOKEN, "refresh_token").

% define access token response constants
-define(BEARER_TOKEN_TYPE, <<"Bearer">>).

-define(RESPONSE_ACCESS_TOKEN, <<"access_token">>).
-define(RESPONSE_TOKEN_TYPE, <<"token_type">>).
-define(RESPONSE_EXPIRES_IN, <<"expires_in">>).
-define(RESPONSE_REFRESH_TOKEN, <<"refresh_token">>).

-define(RESPONSE_ERROR, <<"error">>).
-define(RESPONSE_ERROR_DESCRIPTION, <<"error_description">>).

-define(RESPONSE_ISSUER, <<"issuer">>).
-define(RESPONSE_TOKEN_ENDPOINT, <<"token_endpoint">>).
-define(RESPONSE_AUTHORIZATION_ENDPOINT, <<"authorization_endpoint">>).
-define(RESPONSE_END_SESSION_ENDPOINT, <<"end_session_endpoint">>).
-define(RESPONSE_JWKS_URI, <<"jwks_uri">>).
-define(RESPONSE_TLS_OPTIONS, <<"ssl_options">>).

%% The closest we have to a type import in Erlang
-type option(T) :: rabbit_types:option(T).

-type oauth_provider_id() :: root | binary().

-record(openid_configuration, {
  issuer :: option(uri_string:uri_string()),
  token_endpoint :: option(uri_string:uri_string()),
  authorization_endpoint :: option(uri_string:uri_string()),
  end_session_endpoint :: option(uri_string:uri_string()),
  jwks_uri :: option(uri_string:uri_string())
  }).
-type openid_configuration() :: #openid_configuration{}.

-record(oauth_provider, {
  id :: oauth_provider_id(),
  issuer :: option(uri_string:uri_string()),
  token_endpoint :: option(uri_string:uri_string()),
  authorization_endpoint :: option(uri_string:uri_string()),
  end_session_endpoint :: option(uri_string:uri_string()),
  jwks_uri :: option(uri_string:uri_string()),
  ssl_options :: option(list())
  }).

-type oauth_provider() :: #oauth_provider{}.

-record(access_token_request, {
  client_id :: string() | binary(),
  client_secret :: string() | binary(),
  scope :: string() | binary() | undefined,
  timeout :: option(integer())
  }).

-type access_token_request() :: #access_token_request{}.

-record(successful_access_token_response, {
  access_token :: binary(),
  token_type :: binary(),
  refresh_token :: option(binary()),    % A refresh token SHOULD NOT be included
                                        % .. for client-credentials flow.
                                        % https://www.rfc-editor.org/rfc/rfc6749#section-4.4.3
  expires_in :: option(integer())
}).

-type successful_access_token_response() :: #successful_access_token_response{}.

-record(unsuccessful_access_token_response, {
  error :: integer(),
  error_description :: binary() | string() | undefined
}).

-type unsuccessful_access_token_response() :: #unsuccessful_access_token_response{}.

-record(refresh_token_request, {
  client_id :: string() | binary(),
  client_secret :: string() | binary(),
  scope :: string() | binary() | undefined,
  refresh_token :: binary(),
  timeout :: option(integer())
  }).

-type refresh_token_request() :: #refresh_token_request{}.