1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109
|
%% This Source Code Form is subject to the terms of the Mozilla Public
%% License, v. 2.0. If a copy of the MPL was not distributed with this
%% file, You can obtain one at https://mozilla.org/MPL/2.0/.
%%
%% Copyright (c) 2020-2023 VMware, Inc. or its affiliates. All rights reserved.
%%
% define access token request common constants
-define(DEFAULT_HTTP_TIMEOUT, 60000).
% Refresh tome this number of seconds before expires_in token's attribute
-define(REFRESH_IN_BEFORE_EXPIRES_IN, 5).
-define(DEFAULT_OPENID_CONFIGURATION_PATH, "/.well-known/openid-configuration").
% define access token request constants
-define(CONTENT_URLENCODED, "application/x-www-form-urlencoded").
-define(CONTENT_JSON, "application/json").
-define(REQUEST_GRANT_TYPE, "grant_type").
-define(CLIENT_CREDENTIALS_GRANT_TYPE, "client_credentials").
-define(REFRESH_TOKEN_GRANT_TYPE, "refresh_token").
-define(REQUEST_CLIENT_ID, "client_id").
-define(REQUEST_CLIENT_SECRET, "client_secret").
-define(REQUEST_SCOPE, "scope").
-define(REQUEST_REFRESH_TOKEN, "refresh_token").
% define access token response constants
-define(BEARER_TOKEN_TYPE, <<"Bearer">>).
-define(RESPONSE_ACCESS_TOKEN, <<"access_token">>).
-define(RESPONSE_TOKEN_TYPE, <<"token_type">>).
-define(RESPONSE_EXPIRES_IN, <<"expires_in">>).
-define(RESPONSE_REFRESH_TOKEN, <<"refresh_token">>).
-define(RESPONSE_ERROR, <<"error">>).
-define(RESPONSE_ERROR_DESCRIPTION, <<"error_description">>).
-define(RESPONSE_ISSUER, <<"issuer">>).
-define(RESPONSE_TOKEN_ENDPOINT, <<"token_endpoint">>).
-define(RESPONSE_AUTHORIZATION_ENDPOINT, <<"authorization_endpoint">>).
-define(RESPONSE_END_SESSION_ENDPOINT, <<"end_session_endpoint">>).
-define(RESPONSE_JWKS_URI, <<"jwks_uri">>).
-define(RESPONSE_TLS_OPTIONS, <<"ssl_options">>).
%% The closest we have to a type import in Erlang
-type option(T) :: rabbit_types:option(T).
-type oauth_provider_id() :: root | binary().
-record(openid_configuration, {
issuer :: option(uri_string:uri_string()),
token_endpoint :: option(uri_string:uri_string()),
authorization_endpoint :: option(uri_string:uri_string()),
end_session_endpoint :: option(uri_string:uri_string()),
jwks_uri :: option(uri_string:uri_string())
}).
-type openid_configuration() :: #openid_configuration{}.
-record(oauth_provider, {
id :: oauth_provider_id(),
issuer :: option(uri_string:uri_string()),
token_endpoint :: option(uri_string:uri_string()),
authorization_endpoint :: option(uri_string:uri_string()),
end_session_endpoint :: option(uri_string:uri_string()),
jwks_uri :: option(uri_string:uri_string()),
ssl_options :: option(list())
}).
-type oauth_provider() :: #oauth_provider{}.
-record(access_token_request, {
client_id :: string() | binary(),
client_secret :: string() | binary(),
scope :: string() | binary() | undefined,
timeout :: option(integer())
}).
-type access_token_request() :: #access_token_request{}.
-record(successful_access_token_response, {
access_token :: binary(),
token_type :: binary(),
refresh_token :: option(binary()), % A refresh token SHOULD NOT be included
% .. for client-credentials flow.
% https://www.rfc-editor.org/rfc/rfc6749#section-4.4.3
expires_in :: option(integer())
}).
-type successful_access_token_response() :: #successful_access_token_response{}.
-record(unsuccessful_access_token_response, {
error :: integer(),
error_description :: binary() | string() | undefined
}).
-type unsuccessful_access_token_response() :: #unsuccessful_access_token_response{}.
-record(refresh_token_request, {
client_id :: string() | binary(),
client_secret :: string() | binary(),
scope :: string() | binary() | undefined,
refresh_token :: binary(),
timeout :: option(integer())
}).
-type refresh_token_request() :: #refresh_token_request{}.
|