backend/internal/model/oidc.go

package model

import (
	"database/sql/driver"
	"encoding/json"
	"fmt"

	datatype "github.com/pocket-id/pocket-id/backend/internal/model/types"
	"gorm.io/gorm"
)

type UserAuthorizedOidcClient struct {
	Scope  string
	UserID string `gorm:"primary_key;"`
	User   User

	ClientID string `gorm:"primary_key;"`
	Client   OidcClient
}

type OidcAuthorizationCode struct {
	Base

	Code                      string
	Scope                     string
	Nonce                     string
	CodeChallenge             *string
	CodeChallengeMethodSha256 *bool
	ExpiresAt                 datatype.DateTime

	UserID string
	User   User

	ClientID string
}

type OidcClient struct {
	Base

	Name               string `sortable:"true"`
	Secret             string
	CallbackURLs       UrlList
	LogoutCallbackURLs UrlList
	ImageType          *string
	HasLogo            bool `gorm:"-"`
	IsPublic           bool
	PkceEnabled        bool

	AllowedUserGroups []UserGroup `gorm:"many2many:oidc_clients_allowed_user_groups;"`
	CreatedByID       string
	CreatedBy         User
}

type OidcRefreshToken struct {
	Base

	Token     string
	ExpiresAt datatype.DateTime
	Scope     string

	UserID string
	User   User

	ClientID string
	Client   OidcClient
}

func (c *OidcClient) AfterFind(_ *gorm.DB) (err error) {
	// Compute HasLogo field
	c.HasLogo = c.ImageType != nil && *c.ImageType != ""
	return nil
}

type UrlList []string //nolint:recvcheck

func (cu *UrlList) Scan(value interface{}) error {
	switch v := value.(type) {
	case []byte:
		return json.Unmarshal(v, cu)
	case string:
		return json.Unmarshal([]byte(v), cu)
	default:
		return fmt.Errorf("unsupported type: %T", value)
	}
}

func (cu UrlList) Value() (driver.Value, error) {
	return json.Marshal(cu)
}

type OidcDeviceCode struct {
	Base
	DeviceCode   string
	UserCode     string
	Scope        string
	ExpiresAt    datatype.DateTime
	IsAuthorized bool

	UserID   *string
	User     User
	ClientID string
	Client   OidcClient
}
initial commit 2024-08-12 11:00:25 +02:00			`package model`

			`import (`
refactor: use dtos in controllers 2024-08-23 17:04:19 +02:00			`"database/sql/driver"`
			`"encoding/json"`
fix: ensure indexes on audit_logs table (#415) Co-authored-by: Kyle Mendell <kmendell@ofkm.us> 2025-04-04 10:05:32 -07:00			`"fmt"`
chore: replace `stonith404` with `pocket-id` after org migration 2025-02-05 18:08:01 +01:00
			`datatype "github.com/pocket-id/pocket-id/backend/internal/model/types"`
initial commit 2024-08-12 11:00:25 +02:00			`"gorm.io/gorm"`
			`)`

			`type UserAuthorizedOidcClient struct {`
			`Scope string`
refactor: use dtos in controllers 2024-08-23 17:04:19 +02:00			UserID string `gorm:"primary_key;"`
feat: add user info endpoint to support more oidc clients 2024-08-19 18:48:18 +02:00			`User User`
initial commit 2024-08-12 11:00:25 +02:00
refactor: use dtos in controllers 2024-08-23 17:04:19 +02:00			ClientID string `gorm:"primary_key;"`
initial commit 2024-08-12 11:00:25 +02:00			`Client OidcClient`
			`}`

			`type OidcAuthorizationCode struct {`
			`Base`

feat: add PKCE support 2024-11-15 15:00:25 +01:00			`Code string`
			`Scope string`
			`Nonce string`
			`CodeChallenge *string`
			`CodeChallengeMethodSha256 *bool`
			`ExpiresAt datatype.DateTime`
initial commit 2024-08-12 11:00:25 +02:00
			`UserID string`
			`User User`

			`ClientID string`
			`}`

refactor: use dtos in controllers 2024-08-23 17:04:19 +02:00			`type OidcClient struct {`
			`Base`

feat: add end session endpoint (#232) 2025-02-14 17:09:27 +01:00			Name string `sortable:"true"`
			`Secret string`
			`CallbackURLs UrlList`
			`LogoutCallbackURLs UrlList`
			`ImageType *string`
			HasLogo bool `gorm:"-"`
			`IsPublic bool`
			`PkceEnabled bool`
refactor: use dtos in controllers 2024-08-23 17:04:19 +02:00
feat: map allowed groups to OIDC clients (#202) 2025-02-03 18:41:15 +01:00			AllowedUserGroups []UserGroup `gorm:"many2many:oidc_clients_allowed_user_groups;"`
			`CreatedByID string`
			`CreatedBy User`
initial commit 2024-08-12 11:00:25 +02:00			`}`

feat: add OIDC refresh_token support (#325) Co-authored-by: Elias Schneider <login@eliasschneider.com> 2025-03-23 15:14:26 -05:00			`type OidcRefreshToken struct {`
			`Base`

			`Token string`
			`ExpiresAt datatype.DateTime`
			`Scope string`

			`UserID string`
			`User User`

			`ClientID string`
			`Client OidcClient`
			`}`

refactor: use dtos in controllers 2024-08-23 17:04:19 +02:00			`func (c OidcClient) AfterFind(_ gorm.DB) (err error) {`
			`// Compute HasLogo field`
			`c.HasLogo = c.ImageType != nil && *c.ImageType != ""`
			`return nil`
initial commit 2024-08-12 11:00:25 +02:00			`}`

refactor: fix code smells 2025-03-27 16:48:36 +01:00			`type UrlList []string //nolint:recvcheck`
refactor: use dtos in controllers 2024-08-23 17:04:19 +02:00
feat: add end session endpoint (#232) 2025-02-14 17:09:27 +01:00			`func (cu *UrlList) Scan(value interface{}) error {`
fix: ensure indexes on audit_logs table (#415) Co-authored-by: Kyle Mendell <kmendell@ofkm.us> 2025-04-04 10:05:32 -07:00			`switch v := value.(type) {`
			`case []byte:`
feat: add support for multiple callback urls 2024-08-24 00:49:08 +02:00			`return json.Unmarshal(v, cu)`
fix: ensure indexes on audit_logs table (#415) Co-authored-by: Kyle Mendell <kmendell@ofkm.us> 2025-04-04 10:05:32 -07:00			`case string:`
			`return json.Unmarshal([]byte(v), cu)`
			`default:`
			`return fmt.Errorf("unsupported type: %T", value)`
refactor: use dtos in controllers 2024-08-23 17:04:19 +02:00			`}`
initial commit 2024-08-12 11:00:25 +02:00			`}`
refactor: use dependency injection in backend 2024-08-17 21:57:14 +02:00
feat: add end session endpoint (#232) 2025-02-14 17:09:27 +01:00			`func (cu UrlList) Value() (driver.Value, error) {`
feat: add support for multiple callback urls 2024-08-24 00:49:08 +02:00			`return json.Marshal(cu)`
refactor: use dependency injection in backend 2024-08-17 21:57:14 +02:00			`}`
feat: device authorization endpoint (#270) Co-authored-by: Elias Schneider <login@eliasschneider.com> 2025-04-25 12:14:51 -05:00
			`type OidcDeviceCode struct {`
			`Base`
			`DeviceCode string`
			`UserCode string`
			`Scope string`
			`ExpiresAt datatype.DateTime`
			`IsAuthorized bool`

			`UserID *string`
			`User User`
			`ClientID string`
			`Client OidcClient`
			`}`