Iddawc
Handle the flow of OAuth2 and OpenID Connect authentication process from the client side.
Data Structures | Macros | Enumerations | Functions
iddawc.h File Reference
#include <jansson.h>
#include <orcania.h>
#include <ulfius.h>
#include <rhonabwy.h>
#include "iddawc-cfg.h"

Go to the source code of this file.

Data Structures

struct  _i_session
 

Macros

#define I_OK   0
 Success. More...
 
#define I_ERROR   1
 Error. More...
 
#define I_ERROR_PARAM   2
 Error in parameters. More...
 
#define I_ERROR_MEMORY   3
 Memory error. More...
 
#define I_ERROR_UNAUTHORIZED   4
 Request unauthorized. More...
 
#define I_ERROR_SERVER   5
 Server error. More...
 
#define I_RESPONSE_TYPE_NONE   0x00000000
 No response type. More...
 
#define I_RESPONSE_TYPE_CODE   0x00000001
 Response type code. More...
 
#define I_RESPONSE_TYPE_TOKEN   0x00000010
 Response type token. More...
 
#define I_RESPONSE_TYPE_ID_TOKEN   0x00000100
 Response type id_token. More...
 
#define I_RESPONSE_TYPE_PASSWORD   0x00001000
 Grant type password. More...
 
#define I_RESPONSE_TYPE_CLIENT_CREDENTIALS   0x00010000
 Grant type client_credentials. More...
 
#define I_RESPONSE_TYPE_REFRESH_TOKEN   0x00100000
 Grant type refresh_token. More...
 
#define I_RESPONSE_TYPE_DEVICE_CODE   0x01000000
 Grant type urn:ietf:params:oauth:grant-type:device_code. More...
 
#define I_RESPONSE_TYPE_CIBA   0x10000000
 Grant type urn:openid:params:grant-type:ciba. More...
 
#define I_AUTH_METHOD_GET   0x00000001
 auth endpoint using GET method More...
 
#define I_AUTH_METHOD_POST   0x00000010
 auth endpoint using POST method More...
 
#define I_AUTH_METHOD_JWT_SIGN_SECRET   0x00000100
 auth endpoint using a JWT signed with the client secret More...
 
#define I_AUTH_METHOD_JWT_SIGN_PRIVKEY   0x00001000
 auth endpoint using a JWT signed with the client private key More...
 
#define I_AUTH_METHOD_JWT_ENCRYPT_SECRET   0x00010000
 auth endpoint using a JWT encrypted with the client secret More...
 
#define I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY   0x00100000
 auth endpoint using a JWT encrypted with the server public key More...
 
#define I_TOKEN_AUTH_METHOD_NONE   0x00000000
 token endpoint using no authentication More...
 
#define I_TOKEN_AUTH_METHOD_SECRET_BASIC   0x00000001
 token endpoint using HTTP basic auth with client_id and client password More...
 
#define I_TOKEN_AUTH_METHOD_SECRET_POST   0x00000010
 token endpoint using secret send in POST parameters More...
 
#define I_TOKEN_AUTH_METHOD_TLS_CERTIFICATE   0x00000100
 token endpoint using TLS Certificate authentication More...
 
#define I_TOKEN_AUTH_METHOD_JWT_SIGN_SECRET   0x00001000
 token endpoint using a JWT signed with the client secret More...
 
#define I_TOKEN_AUTH_METHOD_JWT_SIGN_PRIVKEY   0x00010000
 token endpoint using a JWT signed with the client private key More...
 
#define I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_SECRET   0x00100000
 token endpoint using a JWT encrypted with the client secret More...
 
#define I_TOKEN_AUTH_METHOD_JWT_ENCRYPT_PUBKEY   0x01000000
 token endpoint using a JWT signed with the client private key and encrypted with the server public key or the client secret More...
 
#define I_STRICT_NO   0x00000000
 Do not stricly conform to openid config result. More...
 
#define I_STRICT_YES   0x00000001
 Stricly conform to openid config result. More...
 
#define I_STRICT_JWT_AT_SIGNATURE   0x00000010
 Verify JWT access tokens signatures. More...
 
#define I_STRICT_JWT_AT_HEADER_TYP   0x00000100
 Verify JWT access tokens header typ value. More...
 
#define I_STRICT_JWT_AT_CLAIM   0x00001000
 Verify JWT access tokens claims values. More...
 
#define I_AUTH_SIGN_ALG_MAX_LENGTH   8
 Max length of a sign algorithm name. More...
 
#define I_BEARER_TYPE_HEADER   0
 Bearer type header, the token will be available in the header. More...
 
#define I_BEARER_TYPE_BODY   1
 Bearer type body, the token will be available as a body url-encoded parameter. More...
 
#define I_BEARER_TYPE_URL   2
 Bearer type url, the token will be available as a url query parameter. More...
 
#define I_INTROSPECT_REVOKE_AUTH_NONE   0
 Introspection/Revocation - no authentication. More...
 
#define I_INTROSPECT_REVOKE_AUTH_ACCESS_TOKEN   1
 Introspection/Revocation - authentication using access token. More...
 
#define I_INTROSPECT_REVOKE_AUTH_CLIENT_TARGET   2
 Introspection/Revocation - authentication with client credentials. More...
 
#define I_TOKEN_TYPE_ACCESS_TOKEN   0
 
#define I_TOKEN_TYPE_ID_TOKEN   1
 
#define I_TOKEN_TYPE_USERINFO   2
 
#define I_TOKEN_TYPE_INTROSPECTION   3
 
#define I_TOKEN_TYPE_RESPONSE_AUTH   4
 
#define I_HEADER_PREFIX_BEARER   "Bearer "
 
#define I_HEADER_PREFIX_DPOP   "DPoP "
 
#define I_HEADER_AUTHORIZATION   "Authorization"
 
#define I_CONTENT_TYPE_JWKS   "application/jwk-set+json"
 
#define I_BODY_URL_PARAMETER   "access_token"
 
#define I_HEADER_DPOP   "DPoP"
 
#define I_REMOTE_VERIFY_NONE   0x0000
 No TLS Verification. More...
 
#define I_REMOTE_HOST_VERIFY_PEER   0x0001
 Verify TLS session with peers. More...
 
#define I_REMOTE_HOST_VERIFY_HOSTNAME   0x0010
 Verify TLS session with hostname. More...
 
#define I_REMOTE_PROXY_VERIFY_PEER   0x0100
 Verify TLS session with peers. More...
 
#define I_REMOTE_PROXY_VERIFY_HOSTNAME   0x1000
 Verify TLS session with hostname. More...
 
#define I_PKCE_NONE   0
 No PKCE. More...
 
#define I_PKCE_METHOD_PLAIN   1
 PKCE using method plain. More...
 
#define I_PKCE_METHOD_S256   2
 PKCE using method SHA256. More...
 
#define I_CLAIM_TARGET_ALL   0
 Add claim to userinfo and id_token. More...
 
#define I_CLAIM_TARGET_USERINFO   1
 Add claim to userinfo. More...
 
#define I_CLAIM_TARGET_ID_TOKEN   2
 Add claim to id_token. More...
 
#define I_CLAIM_ESSENTIAL_NULL   0
 Set claim value to null. More...
 
#define I_CLAIM_ESSENTIAL_TRUE   1
 Set claim essential value to true. More...
 
#define I_CLAIM_ESSENTIAL_FALSE   2
 Set claim essential value to false. More...
 
#define I_CLAIM_ESSENTIAL_IGNORE   3
 
#define I_CIBA_MODE_NONE   0
 
#define I_CIBA_MODE_POLL   1
 
#define I_CIBA_MODE_PING   2
 
#define I_CIBA_MODE_PUSH   3
 
#define I_CIBA_LOGIN_HINT_FORMAT_JSON   0
 
#define I_CIBA_LOGIN_HINT_FORMAT_JWT   1
 
#define I_CIBA_LOGIN_HINT_FORMAT_ID_TOKEN   2
 

Enumerations

enum  i_option {
  I_OPT_NONE = 0 , I_OPT_RESPONSE_TYPE = 1 , I_OPT_SCOPE = 2 , I_OPT_SCOPE_APPEND = 3 ,
  I_OPT_STATE = 4 , I_OPT_NONCE = 5 , I_OPT_REDIRECT_URI = 6 , I_OPT_REDIRECT_TO = 7 ,
  I_OPT_CLIENT_ID = 8 , I_OPT_CLIENT_SECRET = 9 , I_OPT_ADDITIONAL_PARAMETER = 10 , I_OPT_ADDITIONAL_RESPONSE = 11 ,
  I_OPT_AUTH_ENDPOINT = 12 , I_OPT_TOKEN_ENDPOINT = 13 , I_OPT_OPENID_CONFIG_ENDPOINT = 14 , I_OPT_OPENID_CONFIG = 15 ,
  I_OPT_OPENID_CONFIG_STRICT = 16 , I_OPT_USERINFO_ENDPOINT = 17 , I_OPT_RESULT = 18 , I_OPT_ERROR = 19 ,
  I_OPT_ERROR_DESCRIPTION = 20 , I_OPT_ERROR_URI = 21 , I_OPT_CODE = 22 , I_OPT_REFRESH_TOKEN = 23 ,
  I_OPT_ACCESS_TOKEN = 24 , I_OPT_ID_TOKEN = 25 , I_OPT_AUTH_METHOD = 28 , I_OPT_TOKEN_METHOD = 29 ,
  I_OPT_TOKEN_TYPE = 30 , I_OPT_EXPIRES_IN = 31 , I_OPT_EXPIRES_AT = 32 , I_OPT_USERNAME = 33 ,
  I_OPT_USER_PASSWORD = 34 , I_OPT_ISSUER = 35 , I_OPT_USERINFO = 36 , I_OPT_NONCE_GENERATE = 37 ,
  I_OPT_STATE_GENERATE = 38 , I_OPT_X5U_FLAGS = 39 , I_OPT_SERVER_KID = 40 , I_OPT_SERVER_ENC_ALG = 41 ,
  I_OPT_SERVER_ENC = 42 , I_OPT_SERVER_JWKS_CACHE_EXPIRATION = 43 , I_OPT_CLIENT_KID = 44 , I_OPT_CLIENT_SIGN_ALG = 45 ,
  I_OPT_CLIENT_ENC_ALG = 46 , I_OPT_CLIENT_ENC = 47 , I_OPT_TOKEN_JTI = 48 , I_OPT_TOKEN_JTI_GENERATE = 49 ,
  I_OPT_TOKEN_EXP = 50 , I_OPT_TOKEN_TARGET = 51 , I_OPT_TOKEN_TARGET_TYPE_HINT = 52 , I_OPT_REVOCATION_ENDPOINT = 53 ,
  I_OPT_INTROSPECTION_ENDPOINT = 54 , I_OPT_REGISTRATION_ENDPOINT = 55 , I_OPT_REGISTRATION_CLIENT_URI = 56 , I_OPT_DEVICE_AUTHORIZATION_ENDPOINT = 57 ,
  I_OPT_DEVICE_AUTH_CODE = 58 , I_OPT_DEVICE_AUTH_USER_CODE = 59 , I_OPT_DEVICE_AUTH_VERIFICATION_URI = 60 , I_OPT_DEVICE_AUTH_VERIFICATION_URI_COMPLETE = 61 ,
  I_OPT_DEVICE_AUTH_EXPIRES_IN = 62 , I_OPT_DEVICE_AUTH_INTERVAL = 63 , I_OPT_END_SESSION_ENDPOINT = 64 , I_OPT_CHECK_SESSION_IRAME = 65 ,
  I_OPT_PUSHED_AUTH_REQ_ENDPOINT = 66 , I_OPT_PUSHED_AUTH_REQ_REQUIRED = 67 , I_OPT_PUSHED_AUTH_REQ_EXPIRES_IN = 68 , I_OPT_PUSHED_AUTH_REQ_URI = 69 ,
  I_OPT_USE_DPOP = 70 , I_OPT_DPOP_KID = 71 , I_OPT_DECRYPT_CODE = 72 , I_OPT_DECRYPT_REFRESH_TOKEN = 73 ,
  I_OPT_DECRYPT_ACCESS_TOKEN = 74 , I_OPT_DPOP_SIGN_ALG = 75 , I_OPT_HTTP_PROXY = 76 , I_OPT_TLS_KEY_FILE = 77 ,
  I_OPT_TLS_CERT_FILE = 78 , I_OPT_REMOTE_CERT_FLAG = 79 , I_OPT_PKCE_CODE_VERIFIER = 80 , I_OPT_PKCE_CODE_VERIFIER_GENERATE = 81 ,
  I_OPT_PKCE_METHOD = 82 , I_OPT_RESOURCE_INDICATOR = 83 , I_OPT_ACCESS_TOKEN_SIGNING_ALG = 84 , I_OPT_ACCESS_TOKEN_ENCRYPTION_ALG = 85 ,
  I_OPT_ACCESS_TOKEN_ENCRYPTION_ENC = 86 , I_OPT_ID_TOKEN_SIGNING_ALG = 87 , I_OPT_ID_TOKEN_ENCRYPTION_ALG = 88 , I_OPT_ID_TOKEN_ENCRYPTION_ENC = 89 ,
  I_OPT_USERINFO_SIGNING_ALG = 90 , I_OPT_USERINFO_ENCRYPTION_ALG = 91 , I_OPT_USERINFO_ENCRYPTION_ENC = 92 , I_OPT_REQUEST_OBJECT_SIGNING_ALG = 93 ,
  I_OPT_REQUEST_OBJECT_ENCRYPTION_ALG = 94 , I_OPT_REQUEST_OBJECT_ENCRYPTION_ENC = 95 , I_OPT_TOKEN_ENDPOINT_SIGNING_ALG = 96 , I_OPT_TOKEN_ENDPOINT_ENCRYPTION_ALG = 97 ,
  I_OPT_TOKEN_ENDPOINT_ENCRYPTION_ENC = 98 , I_OPT_CIBA_REQUEST_SIGNING_ALG = 99 , I_OPT_CIBA_REQUEST_ENCRYPTION_ALG = 100 , I_OPT_CIBA_REQUEST_ENCRYPTION_ENC = 101 ,
  I_OPT_AUTH_RESPONSE_SIGNING_ALG = 102 , I_OPT_AUTH_RESPONSE_ENCRYPTION_ALG = 103 , I_OPT_AUTH_RESPONSE_ENCRYPTION_ENC = 104 , I_OPT_CIBA_ENDPOINT = 105 ,
  I_OPT_CIBA_MODE = 106 , I_OPT_CIBA_USER_CODE = 107 , I_OPT_CIBA_LOGIN_HINT = 108 , I_OPT_CIBA_LOGIN_HINT_FORMAT = 109 ,
  I_OPT_CIBA_LOGIN_HINT_KID = 110 , I_OPT_CIBA_BINDING_MESSAGE = 111 , I_OPT_CIBA_REQUESTED_EXPIRY = 112 , I_OPT_CIBA_CLIENT_NOTIFICATION_TOKEN = 113 ,
  I_OPT_CIBA_CLIENT_NOTIFICATION_TOKEN_GENERATE = 114 , I_OPT_CIBA_ACR_VALUES = 115 , I_OPT_CIBA_ACR_VALUES_APPEND = 116 , I_OPT_CIBA_AUTH_REQ_ID = 117 ,
  I_OPT_CIBA_CLIENT_NOTIFICATION_ENDPOINT = 118 , I_OPT_CIBA_AUTH_REQ_EXPIRES_IN = 119 , I_OPT_CIBA_AUTH_REQ_INTERVAL = 120 , I_OPT_FRONTCHANNEL_LOGOUT_URI = 121 ,
  I_OPT_FRONTCHANNEL_LOGOUT_SESSION_REQUIRED = 122 , I_OPT_BACKCHANNEL_LOGOUT_URI = 123 , I_OPT_BACKCHANNEL_LOGOUT_SESSION_REQUIRED = 124 , I_OPT_POST_LOGOUT_REDIRECT_URI = 125 ,
  I_OPT_ID_TOKEN_SID = 126 , I_OPT_SAVE_HTTP_REQUEST_RESPONSE = 127 , I_OPT_DPOP_NONCE_AS = 128 , I_OPT_DPOP_NONCE_RS = 129
}
 

Functions

int i_global_init ()
 
void i_global_close ()
 
void i_free (void *data)
 
int i_init_session (struct _i_session *i_session)
 
void i_clean_session (struct _i_session *i_session)
 
int i_set_response_type (struct _i_session *i_session, unsigned int i_value)
 
int i_set_result (struct _i_session *i_session, unsigned int i_value)
 
int i_set_int_parameter (struct _i_session *i_session, i_option option, unsigned int i_value)
 
int i_set_str_parameter (struct _i_session *i_session, i_option option, const char *s_value)
 
int i_set_additional_parameter (struct _i_session *i_session, const char *s_key, const char *s_value)
 
int i_set_additional_response (struct _i_session *i_session, const char *s_key, const char *s_value)
 
int i_add_claim_request (struct _i_session *i_session, int target, const char *claim, int essential, const char *value)
 
int i_remove_claim_request (struct _i_session *i_session, int target, const char *claim)
 
int i_set_rich_authorization_request_json_t (struct _i_session *i_session, const char *type, json_t *j_value)
 
int i_set_rich_authorization_request_str (struct _i_session *i_session, const char *type, const char *value)
 
int i_remove_rich_authorization_request (struct _i_session *i_session, const char *type)
 
json_t * i_get_rich_authorization_request_json_t (struct _i_session *i_session, const char *type)
 
char * i_get_rich_authorization_request_str (struct _i_session *i_session, const char *type)
 
unsigned int i_get_response_type (struct _i_session *i_session)
 
unsigned int i_get_result (struct _i_session *i_session)
 
unsigned int i_get_int_parameter (struct _i_session *i_session, i_option option)
 
const char * i_get_str_parameter (struct _i_session *i_session, i_option option)
 
const char * i_get_additional_parameter (struct _i_session *i_session, const char *s_key)
 
const char * i_get_additional_response (struct _i_session *i_session, const char *s_key)
 
json_t * i_get_server_configuration (struct _i_session *i_session)
 
int i_set_server_configuration (struct _i_session *i_session, json_t *j_openid_config)
 
json_t * i_get_server_jwks (struct _i_session *i_session)
 
int i_set_server_jwks (struct _i_session *i_session, json_t *j_jwks)
 
json_t * i_get_client_jwks (struct _i_session *i_session)
 
int i_set_client_jwks (struct _i_session *i_session, json_t *j_jwks)
 
int i_set_parameter_list (struct _i_session *i_session,...)
 
json_t * i_export_session_json_t (struct _i_session *i_session)
 
int i_import_session_json_t (struct _i_session *i_session, json_t *j_import)
 
char * i_export_session_str (struct _i_session *i_session)
 
int i_import_session_str (struct _i_session *i_session, const char *str_import)
 
int i_import_session_from_registration (struct _i_session *i_session, json_t *j_registration)
 
int i_get_openid_config (struct _i_session *i_session)
 
int i_build_auth_url_get (struct _i_session *i_session)
 
int i_run_auth_request (struct _i_session *i_session)
 
int i_parse_redirect_to (struct _i_session *i_session)
 
int i_run_token_request (struct _i_session *i_session)
 
int i_parse_token_response (struct _i_session *i_session, int http_status, json_t *j_response)
 
int i_verify_id_token (struct _i_session *i_session)
 
int i_verify_jwt_access_token (struct _i_session *i_session, const char *aud)
 
int i_get_userinfo (struct _i_session *i_session, int get_jwt)
 
int i_get_userinfo_custom (struct _i_session *i_session, const char *http_method, struct _u_map *additional_query, struct _u_map *additional_headers)
 
int i_get_token_introspection (struct _i_session *i_session, json_t **j_result, int authentication, int get_jwt)
 
int i_revoke_token (struct _i_session *i_session, int authentication)
 
int i_register_client (struct _i_session *i_session, json_t *j_parameters, int update_session, json_t **j_result)
 
int i_get_registration_client (struct _i_session *i_session, json_t **j_result)
 
int i_manage_registration_client (struct _i_session *i_session, json_t *j_parameters, int update_session, json_t **j_result)
 
int i_delete_registration_client (struct _i_session *i_session)
 
char * i_generate_dpop_token (struct _i_session *i_session, const char *htm, const char *htu, time_t iat, int add_ath)
 
int i_verify_dpop_proof (const char *dpop_header, const char *htm, const char *htu, time_t max_iat, const char *jkt, const char *access_token)
 
char * i_generate_client_assertion (struct _i_session *i_session, const char *aud)
 
int i_perform_resource_service_request (struct _i_session *i_session, struct _u_request *http_request, struct _u_response *http_response, int refresh_if_expired, int bearer_type, int use_dpop, time_t dpop_iat)
 
int i_run_par_request (struct _i_session *i_session)
 
int i_run_device_auth_request (struct _i_session *i_session)
 
int i_run_ciba_request (struct _i_session *i_session)
 
char * i_build_end_session_url (struct _i_session *i_session)
 
int i_verify_end_session_backchannel_token (struct _i_session *i_session, const char *token)
 
int i_close_session (struct _i_session *i_session, const char *sid)
 
Generated by doxygen 1.9.1