-
Notifications
You must be signed in to change notification settings - Fork 23
Expand file tree
/
Copy pathgenerated.go
More file actions
2397 lines (1915 loc) · 88.8 KB
/
generated.go
File metadata and controls
2397 lines (1915 loc) · 88.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Package iam provides primitives to interact with the openapi HTTP API.
//
// Code generated by github.com/oapi-codegen/oapi-codegen/v2 version v2.4.1 DO NOT EDIT.
package iam
import (
"context"
"encoding/json"
"fmt"
"io"
"net/http"
"github.com/labstack/echo/v4"
"github.com/oapi-codegen/runtime"
strictecho "github.com/oapi-codegen/runtime/strictmiddleware/echo"
)
const (
JwtBearerAuthScopes = "jwtBearerAuth.Scopes"
)
// Defines values for ServiceAccessTokenRequestTokenType.
const (
ServiceAccessTokenRequestTokenTypeBearer ServiceAccessTokenRequestTokenType = "Bearer"
ServiceAccessTokenRequestTokenTypeDPoP ServiceAccessTokenRequestTokenType = "DPoP"
)
// Defines values for UserAccessTokenRequestTokenType.
const (
UserAccessTokenRequestTokenTypeBearer UserAccessTokenRequestTokenType = "Bearer"
UserAccessTokenRequestTokenTypeDPoP UserAccessTokenRequestTokenType = "DPoP"
)
// DPoPRequest defines model for DPoPRequest.
type DPoPRequest struct {
// Htm The HTTP method for which the DPoP proof is requested.
Htm string `json:"htm"`
// Htu The URL for which the DPoP proof is requested. Query params and fragments are ignored during validation.
Htu string `json:"htu"`
// Token The access token for which the DPoP proof is requested.
Token string `json:"token"`
}
// DPoPResponse defines model for DPoPResponse.
type DPoPResponse struct {
// Dpop The DPoP proof as specified by https://datatracker.ietf.org/doc/html/rfc9449 for resource requests
Dpop string `json:"dpop"`
}
// DPoPValidateRequest defines model for DPoPValidateRequest.
type DPoPValidateRequest struct {
// DpopProof The DPoP Proof as specified by https://datatracker.ietf.org/doc/html/rfc9449 for resource requests
DpopProof string `json:"dpop_proof"`
// Method The HTTP method against which the DPoP proof is validated.
Method string `json:"method"`
// Thumbprint The thumbprint of the public key used to sign the DPoP proof. Base64url encoded, no padding.
Thumbprint string `json:"thumbprint"`
// Token The access token against which the DPoP proof is validated.
Token string `json:"token"`
// Url The URL against which the DPoP proof is validated. Query params and fragments are ignored during validation.
Url string `json:"url"`
}
// DPoPValidateResponse defines model for DPoPValidateResponse.
type DPoPValidateResponse struct {
// Reason The reason why the DPoP Proof header is invalid.
Reason *string `json:"reason,omitempty"`
// Valid True if the DPoP Proof header is valid for the access token and HTTP request, false if it is not.
Valid bool `json:"valid"`
}
// ExtendedTokenIntrospectionResponse defines model for ExtendedTokenIntrospectionResponse.
type ExtendedTokenIntrospectionResponse struct {
// Active True if the token is active, false if the token is expired, malformed etc. Required per RFC7662
Active bool `json:"active"`
// Aud RFC7662 - Service-specific string identifier or list of string identifiers representing the intended audience for this token, as defined in JWT [RFC7519].
Aud *string `json:"aud,omitempty"`
// ClientId The client identity the access token was issued to. Since the Verifiable Presentation is used to grant access, the client_id reflects the client_id in the access token request.
ClientId *string `json:"client_id,omitempty"`
// Cnf The 'confirmation' claim is used in JWTs to proof the possession of a key.
Cnf *Cnf `json:"cnf,omitempty"`
// Exp Expiration date in seconds since UNIX epoch
Exp *int `json:"exp,omitempty"`
// Iat Issuance time in seconds since UNIX epoch
Iat *int `json:"iat,omitempty"`
// Iss Issuer URL of the authorizer.
Iss *string `json:"iss,omitempty"`
// PresentationDefinitions Presentation Definitions, as described in Presentation Exchange specification, fulfilled to obtain the access token
// The map key is the wallet owner (user/organization)
PresentationDefinitions *RequiredPresentationDefinitions `json:"presentation_definitions,omitempty"`
// PresentationSubmissions Mapping of Presentation Definition IDs that were fulfilled to Presentation Submissions.
PresentationSubmissions *map[string]PresentationSubmission `json:"presentation_submissions,omitempty"`
// Scope granted scopes
Scope *string `json:"scope,omitempty"`
Vps *[]VerifiablePresentation `json:"vps,omitempty"`
AdditionalProperties map[string]interface{} `json:"-"`
}
// OpenIDConfiguration OpenID entity configuration
// Contain properties from several specifications and may grow over time
type OpenIDConfiguration = map[string]interface{}
// RedirectResponseWithID defines model for RedirectResponseWithID.
type RedirectResponseWithID struct {
// RedirectUri The URL to which the user-agent will be redirected after the authorization request.
RedirectUri string `json:"redirect_uri"`
// SessionId The session ID that can be used to retrieve the access token by the calling application.
SessionId string `json:"session_id"`
}
// RequestObjectResponse A JSON Web Token (JWT) whose JWT Claims Set holds the JSON-encoded OAuth 2.0 authorization request parameters.
type RequestObjectResponse = string
// ServiceAccessTokenRequest Request for an access token for a service.
type ServiceAccessTokenRequest struct {
// AuthorizationServer The OAuth Authorization Server's identifier as specified in RFC 8414 (section 2),
// used to locate the OAuth2 Authorization Server metadata.
AuthorizationServer string `json:"authorization_server"`
// Credentials Additional credentials to present (if required by the authorizer), in addition to those in the requester's wallet.
// They must be in the form of a Verifiable Credential in JSON form.
// The serialized form (JWT or JSON-LD) in the resulting Verifiable Presentation depends on the capability of the authorizing party.
// A typical use case is to provide a self-attested credential to convey information about the user that initiated the request.
//
// The following credential fields are automatically filled (when not present), and may be omitted:
// - issuer, credentialSubject.id (MUST be omitted; filled with the DID of the requester)
// - issuanceDate (filled with the current date/time)
// - id (filled with a UUID)
// - proof/signature (MUST be omitted; integrity protection is covered by the VP's proof/signature)
Credentials *[]VerifiableCredential `json:"credentials,omitempty"`
// IdToken An optional ID Token (JWT) that represents the end-user.
// This ID token is included in the Verifiable Presentation that is used to request the access token.
IdToken *string `json:"id_token,omitempty"`
// Scope The scope that will be the service for which this access token can be used.
Scope string `json:"scope"`
// TokenType The type of access token that is preferred, default: DPoP
TokenType *ServiceAccessTokenRequestTokenType `json:"token_type,omitempty"`
}
// ServiceAccessTokenRequestTokenType The type of access token that is preferred, default: DPoP
type ServiceAccessTokenRequestTokenType string
// TokenIntrospectionRequest Token introspection request as described in RFC7662 section 2.1
// Alongside the defined properties, it can return values (additionalProperties) from the Verifiable Credentials that resulted from the Presentation Exchange.
type TokenIntrospectionRequest struct {
Token string `json:"token"`
}
// UserAccessTokenRequest Request for an access token for a user.
type UserAccessTokenRequest struct {
// AuthorizationServer The OAuth Authorization Server's identifier as specified in RFC 8414 (section 2),
// used to locate the OAuth2 Authorization Server metadata.
AuthorizationServer string `json:"authorization_server"`
// PreauthorizedUser Claims about the authorized user.
PreauthorizedUser *UserDetails `json:"preauthorized_user,omitempty"`
// RedirectUri The URL to which the user-agent will be redirected after the authorization request.
// This is the URL of the calling application.
// The OAuth2 flow will finish at the /callback URL of the node and the node will redirect the user to this redirect_uri.
RedirectUri string `json:"redirect_uri"`
// Scope The scope that will be the service for which this access token can be used.
Scope string `json:"scope"`
// TokenType The type of access token that is prefered. Supported values: [Bearer, DPoP], default: DPoP
TokenType *UserAccessTokenRequestTokenType `json:"token_type,omitempty"`
}
// UserAccessTokenRequestTokenType The type of access token that is prefered. Supported values: [Bearer, DPoP], default: DPoP
type UserAccessTokenRequestTokenType string
// UserDetails Claims about the authorized user.
type UserDetails struct {
// Id Machine-readable identifier, uniquely identifying the user in the issuing system.
Id string `json:"id"`
// Name Human-readable name of the user.
Name string `json:"name"`
// Role Role of the user.
Role string `json:"role"`
}
// Cnf The 'confirmation' claim is used in JWTs to proof the possession of a key.
type Cnf struct {
// Jkt JWK thumbprint
Jkt string `json:"jkt"`
}
// RequestOpenid4VCICredentialIssuanceJSONBody defines parameters for RequestOpenid4VCICredentialIssuance.
type RequestOpenid4VCICredentialIssuanceJSONBody struct {
AuthorizationDetails []map[string]interface{} `json:"authorization_details"`
// Issuer The OAuth Authorization Server's identifier, that issues the Verifiable Credentials, as specified in RFC 8414 (section 2),
// used to locate the OAuth2 Authorization Server metadata.
Issuer string `json:"issuer"`
// RedirectUri The URL to which the user-agent will be redirected after the authorization request.
RedirectUri string `json:"redirect_uri"`
// WalletDid The DID to which the Verifiable Credential must be issued. Must be owned by the given subject.
WalletDid string `json:"wallet_did"`
}
// RequestServiceAccessTokenParams defines parameters for RequestServiceAccessToken.
type RequestServiceAccessTokenParams struct {
// CacheControl Access tokens are cached by the Nuts node, specify Cache-Control: no-cache to bypass the cache.
// This forces the Nuts node to request a new access token from the authorizer.
//
// A valid use case for this is when the Resource Server rejects the access token with 401 Unauthorized.
// It could be that the Authorization Server lost the access token due to a server restart,
// in combination with (non-recommended) usage of in-memory session storage.
// The local Nuts node then still considers the token valid, while the Authorization Server does not.
//
// Note that this should not be used under normal circumstances, as it will increase round trip time and load on both the requester and authorizer.
CacheControl *string `json:"Cache-Control,omitempty"`
}
// HandleAuthorizeRequestParams defines parameters for HandleAuthorizeRequest.
type HandleAuthorizeRequestParams struct {
Params *map[string]string `form:"params,omitempty" json:"params,omitempty"`
}
// CallbackParams defines parameters for Callback.
type CallbackParams struct {
// Code The authorization code received from the authorization server.
Code *string `form:"code,omitempty" json:"code,omitempty"`
// State The client state.
State *string `form:"state,omitempty" json:"state,omitempty"`
// Error The error code.
Error *string `form:"error,omitempty" json:"error,omitempty"`
// ErrorDescription The error description.
ErrorDescription *string `form:"error_description,omitempty" json:"error_description,omitempty"`
}
// PresentationDefinitionParams defines parameters for PresentationDefinition.
type PresentationDefinitionParams struct {
Scope string `form:"scope" json:"scope"`
WalletOwnerType *WalletOwnerType `form:"wallet_owner_type,omitempty" json:"wallet_owner_type,omitempty"`
}
// RequestJWTByPostFormdataBody defines parameters for RequestJWTByPost.
type RequestJWTByPostFormdataBody struct {
// WalletMetadata OAuth2 Authorization Server Metadata
// Contain properties from several specifications and may grow over time
WalletMetadata *OAuthAuthorizationServerMetadata `form:"wallet_metadata,omitempty" json:"wallet_metadata,omitempty"`
// WalletNonce A String value used to mitigate replay attacks of the Authorization Request.
// When received, the Verifier MUST use it as the wallet_nonce value in the signed authorization request object.
WalletNonce *string `form:"wallet_nonce,omitempty" json:"wallet_nonce,omitempty"`
}
// HandleAuthorizeResponseFormdataBody defines parameters for HandleAuthorizeResponse.
type HandleAuthorizeResponseFormdataBody struct {
// Error error code as defined by the OAuth2 specification
Error *string `form:"error,omitempty" json:"error,omitempty"`
// ErrorDescription error description as defined by the OAuth2 specification
ErrorDescription *string `form:"error_description,omitempty" json:"error_description,omitempty"`
PresentationSubmission *string `form:"presentation_submission,omitempty" json:"presentation_submission,omitempty"`
// State the client state for the verifier
State *string `form:"state,omitempty" json:"state,omitempty"`
// VpToken A Verifiable Presentation in either JSON-LD or JWT format.
VpToken *string `form:"vp_token,omitempty" json:"vp_token,omitempty"`
}
// HandleTokenRequestFormdataBody defines parameters for HandleTokenRequest.
type HandleTokenRequestFormdataBody struct {
Assertion *string `form:"assertion,omitempty" json:"assertion,omitempty"`
ClientId *string `form:"client_id,omitempty" json:"client_id,omitempty"`
Code *string `form:"code,omitempty" json:"code,omitempty"`
CodeVerifier *string `form:"code_verifier,omitempty" json:"code_verifier,omitempty"`
GrantType string `form:"grant_type" json:"grant_type"`
PresentationSubmission *string `form:"presentation_submission,omitempty" json:"presentation_submission,omitempty"`
Scope *string `form:"scope,omitempty" json:"scope,omitempty"`
}
// IntrospectAccessTokenFormdataRequestBody defines body for IntrospectAccessToken for application/x-www-form-urlencoded ContentType.
type IntrospectAccessTokenFormdataRequestBody = TokenIntrospectionRequest
// IntrospectAccessTokenExtendedFormdataRequestBody defines body for IntrospectAccessTokenExtended for application/x-www-form-urlencoded ContentType.
type IntrospectAccessTokenExtendedFormdataRequestBody = TokenIntrospectionRequest
// ValidateDPoPProofJSONRequestBody defines body for ValidateDPoPProof for application/json ContentType.
type ValidateDPoPProofJSONRequestBody = DPoPValidateRequest
// CreateDPoPProofJSONRequestBody defines body for CreateDPoPProof for application/json ContentType.
type CreateDPoPProofJSONRequestBody = DPoPRequest
// RequestOpenid4VCICredentialIssuanceJSONRequestBody defines body for RequestOpenid4VCICredentialIssuance for application/json ContentType.
type RequestOpenid4VCICredentialIssuanceJSONRequestBody RequestOpenid4VCICredentialIssuanceJSONBody
// RequestServiceAccessTokenJSONRequestBody defines body for RequestServiceAccessToken for application/json ContentType.
type RequestServiceAccessTokenJSONRequestBody = ServiceAccessTokenRequest
// RequestUserAccessTokenJSONRequestBody defines body for RequestUserAccessToken for application/json ContentType.
type RequestUserAccessTokenJSONRequestBody = UserAccessTokenRequest
// RequestJWTByPostFormdataRequestBody defines body for RequestJWTByPost for application/x-www-form-urlencoded ContentType.
type RequestJWTByPostFormdataRequestBody RequestJWTByPostFormdataBody
// HandleAuthorizeResponseFormdataRequestBody defines body for HandleAuthorizeResponse for application/x-www-form-urlencoded ContentType.
type HandleAuthorizeResponseFormdataRequestBody HandleAuthorizeResponseFormdataBody
// HandleTokenRequestFormdataRequestBody defines body for HandleTokenRequest for application/x-www-form-urlencoded ContentType.
type HandleTokenRequestFormdataRequestBody HandleTokenRequestFormdataBody
// Getter for additional properties for ExtendedTokenIntrospectionResponse. Returns the specified
// element and whether it was found
func (a ExtendedTokenIntrospectionResponse) Get(fieldName string) (value interface{}, found bool) {
if a.AdditionalProperties != nil {
value, found = a.AdditionalProperties[fieldName]
}
return
}
// Setter for additional properties for ExtendedTokenIntrospectionResponse
func (a *ExtendedTokenIntrospectionResponse) Set(fieldName string, value interface{}) {
if a.AdditionalProperties == nil {
a.AdditionalProperties = make(map[string]interface{})
}
a.AdditionalProperties[fieldName] = value
}
// Override default JSON handling for ExtendedTokenIntrospectionResponse to handle AdditionalProperties
func (a *ExtendedTokenIntrospectionResponse) UnmarshalJSON(b []byte) error {
object := make(map[string]json.RawMessage)
err := json.Unmarshal(b, &object)
if err != nil {
return err
}
if raw, found := object["active"]; found {
err = json.Unmarshal(raw, &a.Active)
if err != nil {
return fmt.Errorf("error reading 'active': %w", err)
}
delete(object, "active")
}
if raw, found := object["aud"]; found {
err = json.Unmarshal(raw, &a.Aud)
if err != nil {
return fmt.Errorf("error reading 'aud': %w", err)
}
delete(object, "aud")
}
if raw, found := object["client_id"]; found {
err = json.Unmarshal(raw, &a.ClientId)
if err != nil {
return fmt.Errorf("error reading 'client_id': %w", err)
}
delete(object, "client_id")
}
if raw, found := object["cnf"]; found {
err = json.Unmarshal(raw, &a.Cnf)
if err != nil {
return fmt.Errorf("error reading 'cnf': %w", err)
}
delete(object, "cnf")
}
if raw, found := object["exp"]; found {
err = json.Unmarshal(raw, &a.Exp)
if err != nil {
return fmt.Errorf("error reading 'exp': %w", err)
}
delete(object, "exp")
}
if raw, found := object["iat"]; found {
err = json.Unmarshal(raw, &a.Iat)
if err != nil {
return fmt.Errorf("error reading 'iat': %w", err)
}
delete(object, "iat")
}
if raw, found := object["iss"]; found {
err = json.Unmarshal(raw, &a.Iss)
if err != nil {
return fmt.Errorf("error reading 'iss': %w", err)
}
delete(object, "iss")
}
if raw, found := object["presentation_definitions"]; found {
err = json.Unmarshal(raw, &a.PresentationDefinitions)
if err != nil {
return fmt.Errorf("error reading 'presentation_definitions': %w", err)
}
delete(object, "presentation_definitions")
}
if raw, found := object["presentation_submissions"]; found {
err = json.Unmarshal(raw, &a.PresentationSubmissions)
if err != nil {
return fmt.Errorf("error reading 'presentation_submissions': %w", err)
}
delete(object, "presentation_submissions")
}
if raw, found := object["scope"]; found {
err = json.Unmarshal(raw, &a.Scope)
if err != nil {
return fmt.Errorf("error reading 'scope': %w", err)
}
delete(object, "scope")
}
if raw, found := object["vps"]; found {
err = json.Unmarshal(raw, &a.Vps)
if err != nil {
return fmt.Errorf("error reading 'vps': %w", err)
}
delete(object, "vps")
}
if len(object) != 0 {
a.AdditionalProperties = make(map[string]interface{})
for fieldName, fieldBuf := range object {
var fieldVal interface{}
err := json.Unmarshal(fieldBuf, &fieldVal)
if err != nil {
return fmt.Errorf("error unmarshaling field %s: %w", fieldName, err)
}
a.AdditionalProperties[fieldName] = fieldVal
}
}
return nil
}
// Override default JSON handling for ExtendedTokenIntrospectionResponse to handle AdditionalProperties
func (a ExtendedTokenIntrospectionResponse) MarshalJSON() ([]byte, error) {
var err error
object := make(map[string]json.RawMessage)
object["active"], err = json.Marshal(a.Active)
if err != nil {
return nil, fmt.Errorf("error marshaling 'active': %w", err)
}
if a.Aud != nil {
object["aud"], err = json.Marshal(a.Aud)
if err != nil {
return nil, fmt.Errorf("error marshaling 'aud': %w", err)
}
}
if a.ClientId != nil {
object["client_id"], err = json.Marshal(a.ClientId)
if err != nil {
return nil, fmt.Errorf("error marshaling 'client_id': %w", err)
}
}
if a.Cnf != nil {
object["cnf"], err = json.Marshal(a.Cnf)
if err != nil {
return nil, fmt.Errorf("error marshaling 'cnf': %w", err)
}
}
if a.Exp != nil {
object["exp"], err = json.Marshal(a.Exp)
if err != nil {
return nil, fmt.Errorf("error marshaling 'exp': %w", err)
}
}
if a.Iat != nil {
object["iat"], err = json.Marshal(a.Iat)
if err != nil {
return nil, fmt.Errorf("error marshaling 'iat': %w", err)
}
}
if a.Iss != nil {
object["iss"], err = json.Marshal(a.Iss)
if err != nil {
return nil, fmt.Errorf("error marshaling 'iss': %w", err)
}
}
if a.PresentationDefinitions != nil {
object["presentation_definitions"], err = json.Marshal(a.PresentationDefinitions)
if err != nil {
return nil, fmt.Errorf("error marshaling 'presentation_definitions': %w", err)
}
}
if a.PresentationSubmissions != nil {
object["presentation_submissions"], err = json.Marshal(a.PresentationSubmissions)
if err != nil {
return nil, fmt.Errorf("error marshaling 'presentation_submissions': %w", err)
}
}
if a.Scope != nil {
object["scope"], err = json.Marshal(a.Scope)
if err != nil {
return nil, fmt.Errorf("error marshaling 'scope': %w", err)
}
}
if a.Vps != nil {
object["vps"], err = json.Marshal(a.Vps)
if err != nil {
return nil, fmt.Errorf("error marshaling 'vps': %w", err)
}
}
for fieldName, field := range a.AdditionalProperties {
object[fieldName], err = json.Marshal(field)
if err != nil {
return nil, fmt.Errorf("error marshaling '%s': %w", fieldName, err)
}
}
return json.Marshal(object)
}
// ServerInterface represents all server handlers.
type ServerInterface interface {
// Get the OAuth2 Authorization Server metadata for the specified subject.
// (GET /.well-known/oauth-authorization-server/oauth2/{subjectID})
OAuthAuthorizationServerMetadata(ctx echo.Context, subjectID string) error
// Get the OpenID entity configuration for the specified subject. Required for OpenID4VP.
// (GET /.well-known/openid-configuration/oauth2/{subjectID})
OpenIDConfiguration(ctx echo.Context, subjectID string) error
// Introspection endpoint to retrieve information from an Access Token as described by RFC7662.
// It returns fields derived from the credentials that were used during authentication.
// (POST /internal/auth/v2/accesstoken/introspect)
IntrospectAccessToken(ctx echo.Context) error
// Introspection endpoint to retrieve information from an Access Token as described by RFC7662.
// It returns the same information as the non-extended API call, but with the Presentation Definitions,
// Presentation Submissions and Verifiable Presentations added.
// (POST /internal/auth/v2/accesstoken/introspect_extended)
IntrospectAccessTokenExtended(ctx echo.Context) error
// Get the access token from the Nuts node that was requested through /request-user-access-token.
// (GET /internal/auth/v2/accesstoken/{sessionID})
RetrieveAccessToken(ctx echo.Context, sessionID string) error
// Handle some of the validation of a DPoP proof as specified by RFC9449.
// (POST /internal/auth/v2/dpop/validate)
ValidateDPoPProof(ctx echo.Context) error
// Create a DPoP proof as specified by RFC9449 for a given access token. It is to be used as HTTP header when accessing resources.
// (POST /internal/auth/v2/dpop/{kid})
CreateDPoPProof(ctx echo.Context, kid string) error
// EXPERIMENTAL Start the Oid4VCI authorization flow.
// (POST /internal/auth/v2/{subjectID}/request-credential)
RequestOpenid4VCICredentialIssuance(ctx echo.Context, subjectID string) error
// Start the authorization flow to get an access token from a remote authorization server.
// (POST /internal/auth/v2/{subjectID}/request-service-access-token)
RequestServiceAccessToken(ctx echo.Context, subjectID string, params RequestServiceAccessTokenParams) error
// EXPERIMENTAL Start the authorization code flow to get an access token from a remote authorization server when user context is required.
// (POST /internal/auth/v2/{subjectID}/request-user-access-token)
RequestUserAccessToken(ctx echo.Context, subjectID string) error
// Used by resource owners (the browser) to initiate the authorization code flow.
// (GET /oauth2/{subjectID}/authorize)
HandleAuthorizeRequest(ctx echo.Context, subjectID string, params HandleAuthorizeRequestParams) error
// The OAuth2 callback endpoint of the client.
// (GET /oauth2/{subjectID}/callback)
Callback(ctx echo.Context, subjectID string, params CallbackParams) error
// Get the OAuth2 Client metadata
// (GET /oauth2/{subjectID}/oauth-client)
OAuthClientMetadata(ctx echo.Context, subjectID string) error
// Used by relying parties to obtain a presentation definition for desired scopes as specified by Nuts RFC021.
// (GET /oauth2/{subjectID}/presentation_definition)
PresentationDefinition(ctx echo.Context, subjectID string, params PresentationDefinitionParams) error
// Get Request Object referenced in an authorization request to the Authorization Server.
// (GET /oauth2/{subjectID}/request.jwt/{id})
RequestJWTByGet(ctx echo.Context, subjectID string, id string) error
// Provide missing information to Client to finish Authorization request's Request Object, which is then returned.
// (POST /oauth2/{subjectID}/request.jwt/{id})
RequestJWTByPost(ctx echo.Context, subjectID string, id string) error
// Used by wallets to post the authorization response or error to.
// (POST /oauth2/{subjectID}/response)
HandleAuthorizeResponse(ctx echo.Context, subjectID string) error
// Used by the OAuth2 client (backend, not the browser) to request access- or refresh tokens.
// (POST /oauth2/{subjectID}/token)
HandleTokenRequest(ctx echo.Context, subjectID string) error
// Get the StatusList2021Credential for the given DID and page
// (GET /statuslist/{did}/{page})
StatusList(ctx echo.Context, did string, page int) error
}
// ServerInterfaceWrapper converts echo contexts to parameters.
type ServerInterfaceWrapper struct {
Handler ServerInterface
}
// OAuthAuthorizationServerMetadata converts echo context to params.
func (w *ServerInterfaceWrapper) OAuthAuthorizationServerMetadata(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.OAuthAuthorizationServerMetadata(ctx, subjectID)
return err
}
// OpenIDConfiguration converts echo context to params.
func (w *ServerInterfaceWrapper) OpenIDConfiguration(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.OpenIDConfiguration(ctx, subjectID)
return err
}
// IntrospectAccessToken converts echo context to params.
func (w *ServerInterfaceWrapper) IntrospectAccessToken(ctx echo.Context) error {
var err error
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.IntrospectAccessToken(ctx)
return err
}
// IntrospectAccessTokenExtended converts echo context to params.
func (w *ServerInterfaceWrapper) IntrospectAccessTokenExtended(ctx echo.Context) error {
var err error
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.IntrospectAccessTokenExtended(ctx)
return err
}
// RetrieveAccessToken converts echo context to params.
func (w *ServerInterfaceWrapper) RetrieveAccessToken(ctx echo.Context) error {
var err error
// ------------- Path parameter "sessionID" -------------
var sessionID string
err = runtime.BindStyledParameterWithOptions("simple", "sessionID", ctx.Param("sessionID"), &sessionID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter sessionID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.RetrieveAccessToken(ctx, sessionID)
return err
}
// ValidateDPoPProof converts echo context to params.
func (w *ServerInterfaceWrapper) ValidateDPoPProof(ctx echo.Context) error {
var err error
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.ValidateDPoPProof(ctx)
return err
}
// CreateDPoPProof converts echo context to params.
func (w *ServerInterfaceWrapper) CreateDPoPProof(ctx echo.Context) error {
var err error
// ------------- Path parameter "kid" -------------
var kid string
kid = ctx.Param("kid")
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.CreateDPoPProof(ctx, kid)
return err
}
// RequestOpenid4VCICredentialIssuance converts echo context to params.
func (w *ServerInterfaceWrapper) RequestOpenid4VCICredentialIssuance(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.RequestOpenid4VCICredentialIssuance(ctx, subjectID)
return err
}
// RequestServiceAccessToken converts echo context to params.
func (w *ServerInterfaceWrapper) RequestServiceAccessToken(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Parameter object where we will unmarshal all parameters from the context
var params RequestServiceAccessTokenParams
headers := ctx.Request().Header
// ------------- Optional header parameter "Cache-Control" -------------
if valueList, found := headers[http.CanonicalHeaderKey("Cache-Control")]; found {
var CacheControl string
n := len(valueList)
if n != 1 {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Expected one value for Cache-Control, got %d", n))
}
err = runtime.BindStyledParameterWithOptions("simple", "Cache-Control", valueList[0], &CacheControl, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationHeader, Explode: false, Required: false})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter Cache-Control: %s", err))
}
params.CacheControl = &CacheControl
}
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.RequestServiceAccessToken(ctx, subjectID, params)
return err
}
// RequestUserAccessToken converts echo context to params.
func (w *ServerInterfaceWrapper) RequestUserAccessToken(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.RequestUserAccessToken(ctx, subjectID)
return err
}
// HandleAuthorizeRequest converts echo context to params.
func (w *ServerInterfaceWrapper) HandleAuthorizeRequest(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Parameter object where we will unmarshal all parameters from the context
var params HandleAuthorizeRequestParams
// ------------- Optional query parameter "params" -------------
err = runtime.BindQueryParameter("form", true, false, "params", ctx.QueryParams(), ¶ms.Params)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter params: %s", err))
}
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.HandleAuthorizeRequest(ctx, subjectID, params)
return err
}
// Callback converts echo context to params.
func (w *ServerInterfaceWrapper) Callback(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Parameter object where we will unmarshal all parameters from the context
var params CallbackParams
// ------------- Optional query parameter "code" -------------
err = runtime.BindQueryParameter("form", true, false, "code", ctx.QueryParams(), ¶ms.Code)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter code: %s", err))
}
// ------------- Optional query parameter "state" -------------
err = runtime.BindQueryParameter("form", true, false, "state", ctx.QueryParams(), ¶ms.State)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter state: %s", err))
}
// ------------- Optional query parameter "error" -------------
err = runtime.BindQueryParameter("form", true, false, "error", ctx.QueryParams(), ¶ms.Error)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter error: %s", err))
}
// ------------- Optional query parameter "error_description" -------------
err = runtime.BindQueryParameter("form", true, false, "error_description", ctx.QueryParams(), ¶ms.ErrorDescription)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter error_description: %s", err))
}
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.Callback(ctx, subjectID, params)
return err
}
// OAuthClientMetadata converts echo context to params.
func (w *ServerInterfaceWrapper) OAuthClientMetadata(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.OAuthClientMetadata(ctx, subjectID)
return err
}
// PresentationDefinition converts echo context to params.
func (w *ServerInterfaceWrapper) PresentationDefinition(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Parameter object where we will unmarshal all parameters from the context
var params PresentationDefinitionParams
// ------------- Required query parameter "scope" -------------
err = runtime.BindQueryParameter("form", true, true, "scope", ctx.QueryParams(), ¶ms.Scope)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter scope: %s", err))
}
// ------------- Optional query parameter "wallet_owner_type" -------------
err = runtime.BindQueryParameter("form", true, false, "wallet_owner_type", ctx.QueryParams(), ¶ms.WalletOwnerType)
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter wallet_owner_type: %s", err))
}
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.PresentationDefinition(ctx, subjectID, params)
return err
}
// RequestJWTByGet converts echo context to params.
func (w *ServerInterfaceWrapper) RequestJWTByGet(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
// ------------- Path parameter "id" -------------
var id string
err = runtime.BindStyledParameterWithOptions("simple", "id", ctx.Param("id"), &id, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter id: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.RequestJWTByGet(ctx, subjectID, id)
return err
}
// RequestJWTByPost converts echo context to params.
func (w *ServerInterfaceWrapper) RequestJWTByPost(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
// ------------- Path parameter "id" -------------
var id string
err = runtime.BindStyledParameterWithOptions("simple", "id", ctx.Param("id"), &id, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter id: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.RequestJWTByPost(ctx, subjectID, id)
return err
}
// HandleAuthorizeResponse converts echo context to params.
func (w *ServerInterfaceWrapper) HandleAuthorizeResponse(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
subjectID = ctx.Param("subjectID")
ctx.Set(JwtBearerAuthScopes, []string{})
// Invoke the callback with all the unmarshaled arguments
err = w.Handler.HandleAuthorizeResponse(ctx, subjectID)
return err
}
// HandleTokenRequest converts echo context to params.
func (w *ServerInterfaceWrapper) HandleTokenRequest(ctx echo.Context) error {
var err error
// ------------- Path parameter "subjectID" -------------
var subjectID string
err = runtime.BindStyledParameterWithOptions("simple", "subjectID", ctx.Param("subjectID"), &subjectID, runtime.BindStyledParameterOptions{ParamLocation: runtime.ParamLocationPath, Explode: false, Required: true})
if err != nil {
return echo.NewHTTPError(http.StatusBadRequest, fmt.Sprintf("Invalid format for parameter subjectID: %s", err))
}
ctx.Set(JwtBearerAuthScopes, []string{})