summaryrefslogtreecommitdiff
path: root/internal/configuration/validator/const.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/configuration/validator/const.go')
-rw-r--r--internal/configuration/validator/const.go56
1 files changed, 55 insertions, 1 deletions
diff --git a/internal/configuration/validator/const.go b/internal/configuration/validator/const.go
index 75cf261f6..4feea1f72 100644
--- a/internal/configuration/validator/const.go
+++ b/internal/configuration/validator/const.go
@@ -570,7 +570,9 @@ var (
var (
validOIDCCORSEndpoints = []string{oidc.EndpointAuthorization, oidc.EndpointPushedAuthorizationRequest, oidc.EndpointToken, oidc.EndpointIntrospection, oidc.EndpointRevocation, oidc.EndpointUserinfo}
- validOIDCClientScopes = []string{oidc.ScopeOpenID, oidc.ScopeEmail, oidc.ScopeProfile, oidc.ScopeGroups, oidc.ScopeOfflineAccess, oidc.ScopeOffline, oidc.ScopeAutheliaBearerAuthz}
+ validOIDCReservedClaims = []string{oidc.ClaimJWTID, oidc.ClaimSessionID, oidc.ClaimAuthorizedParty, oidc.ClaimClientIdentifier, oidc.ClaimScope, oidc.ClaimScopeNonStandard, oidc.ClaimIssuer, oidc.ClaimSubject, oidc.ClaimAudience, oidc.ClaimSessionID, oidc.ClaimStateHash, oidc.ClaimCodeHash, oidc.ClaimIssuedAt, oidc.ClaimUpdatedAt, oidc.ClaimRequestedAt, oidc.ClaimNotBefore, oidc.ClaimExpirationTime, oidc.ClaimAuthenticationTime, oidc.ClaimAuthenticationMethodsReference, oidc.ClaimAuthenticationContextClassReference, oidc.ClaimNonce}
+ validOIDCClientClaims = []string{oidc.ClaimFullName, oidc.ClaimGivenName, oidc.ClaimFamilyName, oidc.ClaimMiddleName, oidc.ClaimNickname, oidc.ClaimPreferredUsername, oidc.ClaimProfile, oidc.ClaimPicture, oidc.ClaimWebsite, oidc.ClaimEmail, oidc.ClaimEmailVerified, oidc.ClaimGender, oidc.ClaimBirthdate, oidc.ClaimZoneinfo, oidc.ClaimLocale, oidc.ClaimPhoneNumber, oidc.ClaimPhoneNumberVerified, oidc.ClaimAddress, oidc.ClaimGroups, oidc.ClaimEmailAlts}
+ validOIDCClientScopes = []string{oidc.ScopeOpenID, oidc.ScopeEmail, oidc.ScopeProfile, oidc.ScopeAddress, oidc.ScopePhone, oidc.ScopeGroups, oidc.ScopeOfflineAccess, oidc.ScopeOffline, oidc.ScopeAutheliaBearerAuthz}
validOIDCClientConsentModes = []string{auto, oidc.ClientConsentModeImplicit.String(), oidc.ClientConsentModeExplicit.String(), oidc.ClientConsentModePreConfigured.String()}
validOIDCClientResponseModes = []string{oidc.ResponseModeFormPost, oidc.ResponseModeQuery, oidc.ResponseModeFragment, oidc.ResponseModeJWT, oidc.ResponseModeFormPostJWT, oidc.ResponseModeQueryJWT, oidc.ResponseModeFragmentJWT}
validOIDCClientResponseTypes = []string{oidc.ResponseTypeAuthorizationCodeFlow, oidc.ResponseTypeImplicitFlowIDToken, oidc.ResponseTypeImplicitFlowToken, oidc.ResponseTypeImplicitFlowBoth, oidc.ResponseTypeHybridFlowIDToken, oidc.ResponseTypeHybridFlowToken, oidc.ResponseTypeHybridFlowBoth}
@@ -598,6 +600,58 @@ var (
reRFC3986Unreserved = regexp.MustCompile(`^[a-zA-Z0-9._~-]+$`)
)
+const (
+ attributeUserUsername = "username"
+ attributeUserGroups = "groups"
+ attributeUserDisplayName = "display_name"
+ attributeUserEmail = "email"
+ attributeUserEmails = "emails"
+ attributeUserGivenName = "given_name"
+ attributeUserMiddleName = "middle_name"
+ attributeUserFamilyName = "family_name"
+ attributeUserNickname = "nickname"
+ attributeUserProfile = "profile"
+ attributeUserPicture = "picture"
+ attributeUserWebsite = "website"
+ attributeUserGender = "gender"
+ attributeUserBirthdate = "birthdate"
+ attributeUserZoneInfo = "zoneinfo"
+ attributeUserLocale = "locale"
+ attributeUserPhoneNumber = "phone_number"
+ attributeUserPhoneExtension = "phone_extension"
+ attributeUserStreetAddress = "street_address"
+ attributeUserLocality = "locality"
+ attributeUserRegion = "region"
+ attributeUserPostalCode = "postal_code"
+ attributeUserCountry = "country"
+)
+
+var validUserAttributes = []string{
+ attributeUserUsername,
+ attributeUserGroups,
+ attributeUserDisplayName,
+ attributeUserEmail,
+ attributeUserEmails,
+ attributeUserGivenName,
+ attributeUserMiddleName,
+ attributeUserFamilyName,
+ attributeUserNickname,
+ attributeUserProfile,
+ attributeUserPicture,
+ attributeUserWebsite,
+ attributeUserGender,
+ attributeUserBirthdate,
+ attributeUserZoneInfo,
+ attributeUserLocale,
+ attributeUserPhoneNumber,
+ attributeUserPhoneExtension,
+ attributeUserStreetAddress,
+ attributeUserLocality,
+ attributeUserRegion,
+ attributeUserPostalCode,
+ attributeUserCountry,
+}
+
var replacedKeys = map[string]string{
"authentication_backend.ldap.skip_verify": "authentication_backend.ldap.tls.skip_verify",
"authentication_backend.ldap.minimum_tls_version": "authentication_backend.ldap.tls.minimum_version",