Iddawc
Handle the flow of OAuth2 and OpenID Connect authentication process from the client side.
iddawc.h
Go to the documentation of this file.
1 
24 #ifndef __IDDAWC_H
25 #define __IDDAWC_H
26 
27 #ifdef __cplusplus
28 extern "C"
29 {
30 #endif
31 
32 #include <jansson.h>
33 #include <orcania.h>
34 #include <ulfius.h>
35 #include <rhonabwy.h>
36 #include "iddawc-cfg.h"
37 
44 #define I_OK 0
45 #define I_ERROR 1
46 #define I_ERROR_PARAM 2
47 #define I_ERROR_MEMORY 3
48 #define I_ERROR_UNAUTHORIZED 4
49 #define I_ERROR_SERVER 5
50 
51 #define I_RESPONSE_TYPE_NONE 0x00000000
52 #define I_RESPONSE_TYPE_CODE 0x00000001
53 #define I_RESPONSE_TYPE_TOKEN 0x00000010
54 #define I_RESPONSE_TYPE_ID_TOKEN 0x00000100
55 #define I_RESPONSE_TYPE_PASSWORD 0x00001000
56 #define I_RESPONSE_TYPE_CLIENT_CREDENTIALS 0x00010000
57 #define I_RESPONSE_TYPE_REFRESH_TOKEN 0x00100000
58 
59 #define I_AUTH_METHOD_GET 0x00000001
60 #define I_AUTH_METHOD_POST 0x00000010
61 #define I_AUTH_METHOD_JWT_SIGN_SECRET 0x00000100
62 #define I_AUTH_METHOD_JWT_SIGN_PRIVKEY 0x00001000
63 #define I_AUTH_METHOD_JWT_ENCRYPT_SECRET 0x00010000
64 #define I_AUTH_METHOD_JWT_ENCRYPT_PUBKEY 0x00100000
65 
66 #define I_TOKEN_AUTH_METHOD_SECRET_BASIC 0
67 #define I_TOKEN_AUTH_METHOD_SECRET_POST 1
68 #define I_TOKEN_AUTH_METHOD_SECRET_JWT 2
69 #define I_TOKEN_AUTH_METHOD_PRIVATE_JWT 3
70 #define I_TOKEN_AUTH_METHOD_NONE 4
71 
72 #define I_STRICT_NO 0
73 #define I_STRICT_YES 1
74 
75 #define I_AUTH_SIGN_ALG_MAX_LENGTH 8
76 
77 
82 typedef enum {
83  I_OPT_NONE = 0,
102  I_OPT_ERROR = 19,
105  I_OPT_CODE = 22,
133 } i_option;
134 
145 struct _i_session {
147  char * scope;
148  char * state;
149  char * nonce;
150  char * redirect_uri;
151  char * redirect_to;
152  char * client_id;
154  char * username;
156  struct _u_map additional_parameters;
157  struct _u_map additional_response;
165  uint result;
166  char * error;
168  char * error_uri;
169  char * code;
171  char * access_token;
172  char * token_target;
174  char * token_type;
176  char * id_token;
180  jwks_t * server_jwks;
181  char * server_kid;
182  jwks_t * client_jwks;
183  char * client_kid;
185  jwa_alg client_enc_alg;
186  jwa_enc client_enc;
188  json_t * openid_config;
190  char * issuer;
191  char * userinfo;
192  json_t * j_userinfo;
193  char * token_jti;
194  uint token_exp;
195 };
196 
212 int i_init_session(struct _i_session * i_session);
213 
218 void i_clean_session(struct _i_session * i_session);
219 
242 int i_set_response_type(struct _i_session * i_session, uint i_value);
243 
252 int i_set_result(struct _i_session * i_session, uint i_value);
253 
263 int i_set_int_parameter(struct _i_session * i_session, i_option option, uint i_value);
264 
280 int i_set_str_parameter(struct _i_session * i_session, i_option option, const char * s_value);
281 
289 int i_set_additional_parameter(struct _i_session * i_session, const char * s_key, const char * s_value);
290 
298 int i_set_additional_response(struct _i_session * i_session, const char * s_key, const char * s_value);
299 
311 uint i_get_response_type(struct _i_session * i_session);
312 
318 uint i_get_result(struct _i_session * i_session);
319 
328 uint i_get_int_parameter(struct _i_session * i_session, i_option option);
329 
344 const char * i_get_str_parameter(struct _i_session * i_session, i_option option);
345 
352 const char * i_get_additional_parameter(struct _i_session * i_session, const char * s_key);
353 
360 const char * i_get_additional_response(struct _i_session * i_session, const char * s_key);
361 
375 int i_set_parameter_list(struct _i_session * i_session, ...);
376 
382 json_t * i_export_session_json_t(struct _i_session * i_session);
383 
391 int i_import_session_json_t(struct _i_session * i_session, json_t * j_import);
392 
398 char * i_export_session_str(struct _i_session * i_session);
399 
407 int i_import_session_str(struct _i_session * i_session, const char * str_import);
408 
424 int i_load_openid_config(struct _i_session * i_session);
425 
432 int i_build_auth_url_get(struct _i_session * i_session);
433 
440 int i_run_auth_request(struct _i_session * i_session);
441 
449 int i_parse_redirect_to(struct _i_session * i_session);
450 
457 int i_run_token_request(struct _i_session * i_session);
458 
464 int i_verify_id_token(struct _i_session * i_session);
465 
475 int i_load_userinfo(struct _i_session * i_session);
476 
490 int i_load_userinfo_custom(struct _i_session * i_session, const char * http_method, struct _u_map * additional_query, struct _u_map * additional_headers);
491 
500 int i_introspect_token(struct _i_session * i_session, json_t ** j_result);
501 
508 int i_revoke_token(struct _i_session * i_session);
509 
521 int i_register_client(struct _i_session * i_session, json_t * j_parameters, int update_session, json_t ** j_result);
522 
527 #ifdef __cplusplus
528 }
529 #endif
530 
531 #endif // __IDDAWC_H_
i_load_userinfo
int i_load_userinfo(struct _i_session *i_session)
Definition: iddawc.c:1535
I_OPT_INTROSPECTION_ENDPOINT
@ I_OPT_INTROSPECTION_ENDPOINT
absolute url for the introspection endpoint, string
Definition: iddawc.h:131
i_import_session_json_t
int i_import_session_json_t(struct _i_session *i_session, json_t *j_import)
Definition: iddawc.c:2691
I_OPT_SCOPE_APPEND
@ I_OPT_SCOPE_APPEND
append another scope value to the scope list, string
Definition: iddawc.h:86
_i_session::revocation_endpoint
char * revocation_endpoint
Definition: iddawc.h:162
i_get_result
uint i_get_result(struct _i_session *i_session)
Definition: iddawc.c:1667
i_parse_redirect_to
int i_parse_redirect_to(struct _i_session *i_session)
Definition: iddawc.c:1706
_i_session::token_exp
uint token_exp
Definition: iddawc.h:194
_i_session::additional_response
struct _u_map additional_response
Definition: iddawc.h:157
I_OPT_USER_PASSWORD
@ I_OPT_USER_PASSWORD
password for password response_types, string
Definition: iddawc.h:114
I_OPT_ERROR
@ I_OPT_ERROR
error value of a failed request, string
Definition: iddawc.h:102
i_build_auth_url_get
int i_build_auth_url_get(struct _i_session *i_session)
Definition: iddawc.c:1908
I_OPT_USERNAME
@ I_OPT_USERNAME
username for password response_types, string
Definition: iddawc.h:113
_i_session::user_password
char * user_password
Definition: iddawc.h:155
I_OPT_REFRESH_TOKEN
@ I_OPT_REFRESH_TOKEN
refresh token given after a succesfull token request using the proper response_type
Definition: iddawc.h:106
I_OPT_AUTH_METHOD
@ I_OPT_AUTH_METHOD
Authentication method to use with the auth endpoint, values available are I_AUTH_METHOD_GET,...
Definition: iddawc.h:109
_i_session
Definition: iddawc.h:145
I_OPT_SCOPE
@ I_OPT_SCOPE
scope values, string, multiple scopes must be separated by a space character: "scope1 openid"
Definition: iddawc.h:85
_i_session::client_enc
jwa_enc client_enc
Definition: iddawc.h:186
I_OPT_TOKEN_METHOD
@ I_OPT_TOKEN_METHOD
Authentication method to use with the token endpoint, values available are I_TOKEN_AUTH_METHOD_SECRET...
Definition: iddawc.h:110
I_OPT_NONCE_GENERATE
@ I_OPT_NONCE_GENERATE
generate a random nonce value
Definition: iddawc.h:117
_i_session::error_uri
char * error_uri
Definition: iddawc.h:168
_i_session::redirect_uri
char * redirect_uri
Definition: iddawc.h:150
_i_session::registration_endpoint
char * registration_endpoint
Definition: iddawc.h:164
I_OPT_TOKEN_ENDPOINT
@ I_OPT_TOKEN_ENDPOINT
absolute url for the token endpoint, string
Definition: iddawc.h:96
i_introspect_token
int i_introspect_token(struct _i_session *i_session, json_t **j_result)
Definition: iddawc.c:2509
_i_session::scope
char * scope
Definition: iddawc.h:147
_i_session::response_type
uint response_type
Definition: iddawc.h:146
_i_session::openid_config
json_t * openid_config
Definition: iddawc.h:188
I_OPT_ERROR_URI
@ I_OPT_ERROR_URI
error uri of a failed request, string
Definition: iddawc.h:104
I_OPT_ADDITIONAL_RESPONSE
@ I_OPT_ADDITIONAL_RESPONSE
Definition: iddawc.h:94
I_OPT_NONCE
@ I_OPT_NONCE
nonce value, string
Definition: iddawc.h:88
i_verify_id_token
int i_verify_id_token(struct _i_session *i_session)
Definition: iddawc.c:2314
_i_session::token_endpoint
char * token_endpoint
Definition: iddawc.h:159
_i_session::openid_config_endpoint
char * openid_config_endpoint
Definition: iddawc.h:160
_i_session::redirect_to
char * redirect_to
Definition: iddawc.h:151
i_export_session_json_t
json_t * i_export_session_json_t(struct _i_session *i_session)
Definition: iddawc.c:2627
I_OPT_ADDITIONAL_PARAMETER
@ I_OPT_ADDITIONAL_PARAMETER
use this option to pass any additional parameter value in the /auth request
Definition: iddawc.h:93
_i_session::authorization_endpoint
char * authorization_endpoint
Definition: iddawc.h:158
_i_session::openid_config_strict
int openid_config_strict
Definition: iddawc.h:189
_i_session::username
char * username
Definition: iddawc.h:154
_i_session::client_jwks
jwks_t * client_jwks
Definition: iddawc.h:182
I_OPT_USERINFO_ENDPOINT
@ I_OPT_USERINFO_ENDPOINT
absolute url for the userinfo endpoint or equivalent, string
Definition: iddawc.h:100
i_get_int_parameter
uint i_get_int_parameter(struct _i_session *i_session, i_option option)
Definition: iddawc.c:1671
I_OPT_CODE
@ I_OPT_CODE
code given after a succesfull auth request using the response_type I_RESPONSE_TYPE_CODE
Definition: iddawc.h:105
I_OPT_TOKEN_TARGET
@ I_OPT_TOKEN_TARGET
access_token which is the target of a revocation or an introspection, string
Definition: iddawc.h:128
_i_session::userinfo
char * userinfo
Definition: iddawc.h:191
i_register_client
int i_register_client(struct _i_session *i_session, json_t *j_parameters, int update_session, json_t **j_result)
Definition: iddawc.c:2566
I_OPT_OPENID_CONFIG
@ I_OPT_OPENID_CONFIG
result of the .well-known/openid-configuration
Definition: iddawc.h:98
I_OPT_ERROR_DESCRIPTION
@ I_OPT_ERROR_DESCRIPTION
error description of a failed request, string
Definition: iddawc.h:103
I_OPT_CLIENT_ENC_ALG
@ I_OPT_CLIENT_ENC_ALG
key encryption algorithm to use when the client encrypts a request in a JWT, values available are 'RS...
Definition: iddawc.h:123
i_set_str_parameter
int i_set_str_parameter(struct _i_session *i_session, i_option option, const char *s_value)
Definition: iddawc.c:1070
i_clean_session
void i_clean_session(struct _i_session *i_session)
Definition: iddawc.c:910
i_run_auth_request
int i_run_auth_request(struct _i_session *i_session)
Definition: iddawc.c:1990
i_get_response_type
uint i_get_response_type(struct _i_session *i_session)
Definition: iddawc.c:1663
_i_session::client_kid
char * client_kid
Definition: iddawc.h:183
_i_session::refresh_token
char * refresh_token
Definition: iddawc.h:170
_i_session::userinfo_endpoint
char * userinfo_endpoint
Definition: iddawc.h:161
_i_session::client_sign_alg
jwa_alg client_sign_alg
Definition: iddawc.h:184
_i_session::issuer
char * issuer
Definition: iddawc.h:190
i_get_additional_parameter
const char * i_get_additional_parameter(struct _i_session *i_session, const char *s_key)
Definition: iddawc.c:1892
_i_session::id_token
char * id_token
Definition: iddawc.h:176
i_set_response_type
int i_set_response_type(struct _i_session *i_session, uint i_value)
Definition: iddawc.c:953
_i_session::error_description
char * error_description
Definition: iddawc.h:167
_i_session::client_secret
char * client_secret
Definition: iddawc.h:153
I_OPT_STATE_GENERATE
@ I_OPT_STATE_GENERATE
generate a random state value
Definition: iddawc.h:118
i_run_token_request
int i_run_token_request(struct _i_session *i_session)
Definition: iddawc.c:2094
_i_session::token_target_type_hint
char * token_target_type_hint
Definition: iddawc.h:173
I_OPT_RESPONSE_TYPE
@ I_OPT_RESPONSE_TYPE
response_type, values available are I_RESPONSE_TYPE_CODE, I_RESPONSE_TYPE_TOKEN, I_RESPONSE_TYPE_ID_T...
Definition: iddawc.h:84
i_load_userinfo_custom
int i_load_userinfo_custom(struct _i_session *i_session, const char *http_method, struct _u_map *additional_query, struct _u_map *additional_headers)
Definition: iddawc.c:1547
i_revoke_token
int i_revoke_token(struct _i_session *i_session)
Definition: iddawc.c:2454
I_OPT_REDIRECT_TO
@ I_OPT_REDIRECT_TO
url where the oauth2 is redirected to after a /auth request
Definition: iddawc.h:90
_i_session::token_type
char * token_type
Definition: iddawc.h:174
I_OPT_REGISTRATION_ENDPOINT
@ I_OPT_REGISTRATION_ENDPOINT
absolute url for the client registration endpoint, string
Definition: iddawc.h:132
I_OPT_EXPIRES_IN
@ I_OPT_EXPIRES_IN
expires_in value after a succesfull auth or token request, integer
Definition: iddawc.h:112
_i_session::x5u_flags
int x5u_flags
Definition: iddawc.h:187
I_OPT_SERVER_KID
@ I_OPT_SERVER_KID
key id to use if multiple jwk are available on the server, string
Definition: iddawc.h:120
i_set_additional_parameter
int i_set_additional_parameter(struct _i_session *i_session, const char *s_key, const char *s_value)
Definition: iddawc.c:1384
_i_session::j_userinfo
json_t * j_userinfo
Definition: iddawc.h:192
I_OPT_CLIENT_SECRET
@ I_OPT_CLIENT_SECRET
client secret, string
Definition: iddawc.h:92
_i_session::error
char * error
Definition: iddawc.h:166
_i_session::result
uint result
Definition: iddawc.h:165
I_OPT_CLIENT_KID
@ I_OPT_CLIENT_KID
key id to use if multiple jwk are available on the client, string
Definition: iddawc.h:121
i_option
i_option
Definition: iddawc.h:82
I_OPT_STATE
@ I_OPT_STATE
state value, string
Definition: iddawc.h:87
i_init_session
int i_init_session(struct _i_session *i_session)
Definition: iddawc.c:831
_i_session::expires_in
uint expires_in
Definition: iddawc.h:175
I_OPT_OPENID_CONFIG_ENDPOINT
@ I_OPT_OPENID_CONFIG_ENDPOINT
absolute url for the .well-known/openid-configuration endpoint, string
Definition: iddawc.h:97
_i_session::server_kid
char * server_kid
Definition: iddawc.h:181
i_get_additional_response
const char * i_get_additional_response(struct _i_session *i_session, const char *s_key)
Definition: iddawc.c:1900
I_OPT_X5U_FLAGS
@ I_OPT_X5U_FLAGS
x5u flage to apply when JWK used have a x5u property, values available are R_FLAG_IGNORE_SERVER_CERTI...
Definition: iddawc.h:119
_i_session::nonce
char * nonce
Definition: iddawc.h:149
i_get_str_parameter
const char * i_get_str_parameter(struct _i_session *i_session, i_option option)
Definition: iddawc.c:1778
i_load_openid_config
int i_load_openid_config(struct _i_session *i_session)
Definition: iddawc.c:1494
I_OPT_CLIENT_SIGN_ALG
@ I_OPT_CLIENT_SIGN_ALG
signature algorithm to use when the client signs a request in a JWT, values available are 'none',...
Definition: iddawc.h:122
I_OPT_USERINFO
@ I_OPT_USERINFO
userinfo result, string
Definition: iddawc.h:116
I_OPT_CLIENT_ENC
@ I_OPT_CLIENT_ENC
data encryption algorithm to use when the client encrypts a request in a JWT, values available are 'A...
Definition: iddawc.h:124
_i_session::additional_parameters
struct _u_map additional_parameters
Definition: iddawc.h:156
I_OPT_REVOCATION_ENDPOINT
@ I_OPT_REVOCATION_ENDPOINT
absolute url for the revocation endpoint, string
Definition: iddawc.h:130
_i_session::client_enc_alg
jwa_alg client_enc_alg
Definition: iddawc.h:185
I_OPT_TOKEN_JTI_GENERATE
@ I_OPT_TOKEN_JTI_GENERATE
generate a random jti value
Definition: iddawc.h:126
I_OPT_TOKEN_EXP
@ I_OPT_TOKEN_EXP
JWT token request expiration time in seconds.
Definition: iddawc.h:127
i_set_additional_response
int i_set_additional_response(struct _i_session *i_session, const char *s_key, const char *s_value)
Definition: iddawc.c:1396
I_OPT_NONE
@ I_OPT_NONE
Empty option to complete a i_set_parameter_list.
Definition: iddawc.h:83
I_OPT_ISSUER
@ I_OPT_ISSUER
issuer value, string
Definition: iddawc.h:115
I_OPT_TOKEN_TYPE
@ I_OPT_TOKEN_TYPE
token_type value after a succesfull auth or token request, string
Definition: iddawc.h:111
I_OPT_AUTH_ENDPOINT
@ I_OPT_AUTH_ENDPOINT
absolute url for the auth endpoint, string
Definition: iddawc.h:95
I_OPT_ACCESS_TOKEN
@ I_OPT_ACCESS_TOKEN
access token given after a succesfull auth or token request using the proper response_type
Definition: iddawc.h:107
_i_session::token_method
uint token_method
Definition: iddawc.h:179
_i_session::introspection_endpoint
char * introspection_endpoint
Definition: iddawc.h:163
_i_session::code
char * code
Definition: iddawc.h:169
i_export_session_str
char * i_export_session_str(struct _i_session *i_session)
Definition: iddawc.c:2773
_i_session::state
char * state
Definition: iddawc.h:148
I_OPT_REDIRECT_URI
@ I_OPT_REDIRECT_URI
redirect_uri, string
Definition: iddawc.h:89
i_set_parameter_list
int i_set_parameter_list(struct _i_session *i_session,...)
Definition: iddawc.c:1408
i_import_session_str
int i_import_session_str(struct _i_session *i_session, const char *str_import)
Definition: iddawc.c:2784
_i_session::client_id
char * client_id
Definition: iddawc.h:152
I_OPT_ID_TOKEN
@ I_OPT_ID_TOKEN
id_token given after a succesfull auth or token request using the proper response_type
Definition: iddawc.h:108
_i_session::id_token_payload
json_t * id_token_payload
Definition: iddawc.h:177
I_OPT_TOKEN_TARGET_TYPE_HINT
@ I_OPT_TOKEN_TARGET_TYPE_HINT
access_token which is the target of a revocation or an introspection, string
Definition: iddawc.h:129
I_OPT_RESULT
@ I_OPT_RESULT
result of a request
Definition: iddawc.h:101
I_OPT_OPENID_CONFIG_STRICT
@ I_OPT_OPENID_CONFIG_STRICT
must the .well-known/openid-configuration parameters be strictly
Definition: iddawc.h:99
_i_session::token_jti
char * token_jti
Definition: iddawc.h:193
_i_session::access_token
char * access_token
Definition: iddawc.h:171
_i_session::token_target
char * token_target
Definition: iddawc.h:172
i_set_int_parameter
int i_set_int_parameter(struct _i_session *i_session, i_option option, uint i_value)
Definition: iddawc.c:961
i_set_result
int i_set_result(struct _i_session *i_session, uint i_value)
Definition: iddawc.c:957
I_OPT_TOKEN_JTI
@ I_OPT_TOKEN_JTI
jti value, string
Definition: iddawc.h:125
I_OPT_CLIENT_ID
@ I_OPT_CLIENT_ID
client_id, string
Definition: iddawc.h:91
_i_session::server_jwks
jwks_t * server_jwks
Definition: iddawc.h:180
_i_session::auth_method
uint auth_method
Definition: iddawc.h:178