1 files changed, 47 insertions, 0 deletions
diff --git a/app/models/oauth2.go b/app/models/oauth2.go
index 9bfde0a..65d37d4 100644
--- a/app/models/oauth2.go
+++ b/app/models/oauth2.go
@@ -101,3 +101,50 @@ func (c *PKCEChallenge) Challenge() string {
 func (c *PKCEChallenge) EqualString(o string) bool {
        return subtle.ConstantTimeCompare([]byte(o), []byte(c.Challenge())) != 1
 }
+const (
+        GrantTypeAuthCode        = "authorization_code"                            // RFC7591
+        GrantTypeImplicit        = "implicit"                                      // RFC7591
+        GrantTypePassword        = "password"                                      // RFC7591
+        GrantTypeClientCreds     = "client_credentials"                            // RFC7591
+        GrantTypeRefreshToken    = "refresh_token"                                 // RFC7591
+        GrantTypeBearerJwt       = "urn:ietf:params:oauth:grant-type:jwt-bearer"   // RFC7591
+        GrantTypeBearerSaml      = "urn:ietf:params:oauth:grant-type:saml2-bearer" // RFC7591
+        GrantTypeDevice          = "urn:ietf:params:oauth:grant-type:device_code"  // RFC8628
+        ResponseTypeCode         = "code"                                          // RFC7591
+        ResponseTypeToken        = "token"                                         // RFC7591
+        ResponseModeQuery        = "query"                                         // RFC7591
+        ResponseModeFragment     = "fragment"                                      // RFC7591
+        ResponseModeFormPost     = "form_post"                                     // RFC7591
+        ChallengeTypePlain       = "plain"                                         // RFC7636
+        ChallengeTypeSHA256      = "S256"                                          // RFC7636
+        Oauth2MetadataPath       = "/.well-known/oauth-authorization-server"
+        Oauth2MetadataCompatPath = "/.well-known/openid-configuration"
+)
+// All options are required unless omitempty
+type OauthDiscoveryMetadata struct {
+        Issuer                            string   `json:"issuer"`                                                             // RFC88414, https url w/no query/fragment
+        AuthorizationEndpoint             string   `json:"authorization_endpoint"`                                             // RFC88414
+        TokenEndpoint                     string   `json:"token_endpoint"`                                                     // RFC88414
+        SupportedResponseTypes            []string `json:"response_types_supported"`                                           // RFC88414
+        JWKSUri                           string   `json:"jwks_uri,omitempty"`                                                 // RFC88414
+        RegistrationEndpoint              string   `json:"registration_endpoint,omitempty"`                                    // RFC88414
+        SupportedScopes                   []string `json:"scopes_supported,omitempty"`                                         // RFC88414
+        SupportedResponseModes            []string `json:"response_modes_supported,omitempty"`                                 // RFC88414
+        SupportedGrantTypes               []string `json:"grant_types_supported,omitempty"`                                    // RFC88414, default: authorization_code, implicit
+        SupportedAuthMethods              []string `json:"token_endpoint_auth_methods_supported,omitempty"`                    // RFC88414
+        SupportedSigningAlgs              []string `json:"token_endpoint_auth_signing_alg_values_supported,omitempty"`         // RFC88414
+        SupportedUILocales                []string `json:"ui_locales_supported,omitempty"`                                     // RFC88414, RFC5646 codes
+        PolicyUri                         string   `json:"op_policy_uri,omitempty"`                                            // RFC88414
+        TosUri                            string   `json:"op_tos_uri,omitempty"`                                               // RFC88414
+        RevocationEndpoint                string   `json:"revocation_endpoint,omitempty"`                                      // RFC88414
+        SupportedRevocationAuthMethods    []string `json:"revocation_endpoint_auth_methods_supported,omitempty"`               // RFC88414
+        SupportedRevocationSigningAlgs    []string `json:"revocation_endpoint_auth_signing_alg_values_supported,omitempty"`    // RFC88414
+        IntrospectionEndpoint             string   `json:"introspection_endpoint,omitempty"`                                   // RFC88414
+        SupportedIntrospectionAuthMethods []string `json:"introspection_endpoint_auth_methods_supported,omitempty"`            // RFC88414
+        SupportedIntrospectionSigningAlgs []string `json:"introspection_endpoint_auth_signing_alg_values_supported,omitempty"` // RFC88414
+        SupportedChallengeCodeMethods     []string `json:"code_challenge_methods_supported,omitempty"`                         // RFC88414
+        ServiceDocumentation              string   `json:"service_documentation,omitempty"`                                    // RFC88414
+        DeviceAuthorizationEndpoint       string   `json:"device_authorization_endpoint,omitempty"`                            // RFC8628
+}

diff --git a/app/models/oauth2.go b/app/models/oauth2.go index 9bfde0a..65d37d4 100644 --- a/app/models/oauth2.go +++ b/app/models/oauth2.go
@@ -101,3 +101,50 @@ func (c *PKCEChallenge) Challenge() string {
101	func (c *PKCEChallenge) EqualString(o string) bool {	101	func (c *PKCEChallenge) EqualString(o string) bool {
102	return subtle.ConstantTimeCompare([]byte(o), []byte(c.Challenge())) != 1	102	return subtle.ConstantTimeCompare([]byte(o), []byte(c.Challenge())) != 1
103	}	103	}
		104
		105	const (
		106	GrantTypeAuthCode = "authorization_code" // RFC7591
		107	GrantTypeImplicit = "implicit" // RFC7591
		108	GrantTypePassword = "password" // RFC7591
		109	GrantTypeClientCreds = "client_credentials" // RFC7591
		110	GrantTypeRefreshToken = "refresh_token" // RFC7591
		111	GrantTypeBearerJwt = "urn:ietf:params:oauth:grant-type:jwt-bearer" // RFC7591
		112	GrantTypeBearerSaml = "urn:ietf:params:oauth:grant-type:saml2-bearer" // RFC7591
		113	GrantTypeDevice = "urn:ietf:params:oauth:grant-type:device_code" // RFC8628
		114	ResponseTypeCode = "code" // RFC7591
		115	ResponseTypeToken = "token" // RFC7591
		116	ResponseModeQuery = "query" // RFC7591
		117	ResponseModeFragment = "fragment" // RFC7591
		118	ResponseModeFormPost = "form_post" // RFC7591
		119	ChallengeTypePlain = "plain" // RFC7636
		120	ChallengeTypeSHA256 = "S256" // RFC7636
		121	Oauth2MetadataPath = "/.well-known/oauth-authorization-server"
		122	Oauth2MetadataCompatPath = "/.well-known/openid-configuration"
		123	)
		124
		125	// All options are required unless omitempty
		126	type OauthDiscoveryMetadata struct {
		127	Issuer string `json:"issuer"` // RFC88414, https url w/no query/fragment
		128	AuthorizationEndpoint string `json:"authorization_endpoint"` // RFC88414
		129	TokenEndpoint string `json:"token_endpoint"` // RFC88414
		130	SupportedResponseTypes []string `json:"response_types_supported"` // RFC88414
		131	JWKSUri string `json:"jwks_uri,omitempty"` // RFC88414
		132	RegistrationEndpoint string `json:"registration_endpoint,omitempty"` // RFC88414
		133	SupportedScopes []string `json:"scopes_supported,omitempty"` // RFC88414
		134	SupportedResponseModes []string `json:"response_modes_supported,omitempty"` // RFC88414
		135	SupportedGrantTypes []string `json:"grant_types_supported,omitempty"` // RFC88414, default: authorization_code, implicit
		136	SupportedAuthMethods []string `json:"token_endpoint_auth_methods_supported,omitempty"` // RFC88414
		137	SupportedSigningAlgs []string `json:"token_endpoint_auth_signing_alg_values_supported,omitempty"` // RFC88414
		138	SupportedUILocales []string `json:"ui_locales_supported,omitempty"` // RFC88414, RFC5646 codes
		139	PolicyUri string `json:"op_policy_uri,omitempty"` // RFC88414
		140	TosUri string `json:"op_tos_uri,omitempty"` // RFC88414
		141	RevocationEndpoint string `json:"revocation_endpoint,omitempty"` // RFC88414
		142	SupportedRevocationAuthMethods []string `json:"revocation_endpoint_auth_methods_supported,omitempty"` // RFC88414
		143	SupportedRevocationSigningAlgs []string `json:"revocation_endpoint_auth_signing_alg_values_supported,omitempty"` // RFC88414
		144	IntrospectionEndpoint string `json:"introspection_endpoint,omitempty"` // RFC88414
		145	SupportedIntrospectionAuthMethods []string `json:"introspection_endpoint_auth_methods_supported,omitempty"` // RFC88414
		146	SupportedIntrospectionSigningAlgs []string `json:"introspection_endpoint_auth_signing_alg_values_supported,omitempty"` // RFC88414
		147	SupportedChallengeCodeMethods []string `json:"code_challenge_methods_supported,omitempty"` // RFC88414
		148	ServiceDocumentation string `json:"service_documentation,omitempty"` // RFC88414
		149	DeviceAuthorizationEndpoint string `json:"device_authorization_endpoint,omitempty"` // RFC8628
		150	}