1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
package schema
import (
"time"
)
// IdentityValidation represents the configuration for identity verification actions/flows.
type IdentityValidation struct {
ResetPassword IdentityValidationResetPassword `koanf:"reset_password" json:"reset_password" jsonschema:"title=Reset Password" jsonschema_description:"Identity Validation options for the Reset Password flow."`
ElevatedSession IdentityValidationElevatedSession `koanf:"elevated_session" json:"elevated_session" jsonschema:"title=Elevated Session" jsonschema_description:"Identity Validation options for obtaining an Elevated Session for flows such as the Credential Management flows."`
}
// IdentityValidationResetPassword represents the tunable aspects of the reset password identity verification action/flow.
type IdentityValidationResetPassword struct {
JWTExpiration time.Duration `koanf:"jwt_lifespan" json:"jwt_lifespan" jsonschema:"title=JWT Lifespan,default=5 minutes" jsonschema_description:"The lifespan of the JSON Web Token after it's initially generated after which it's considered invalid."`
JWTAlgorithm string `koanf:"jwt_algorithm" json:"jwt_algorithm" jsonschema:"title=JWT Algorithm,default=HS256,enum=HS256,enum=HS384,enum=HS512" jsonschema_description:"The JSON Web Token Algorithm (JWA) used to sign the Reset Password flow JSON Web Token's."`
JWTSecret string `koanf:"jwt_secret" json:"jwt_secret" jsonschema:"title=JWT Secret" jsonschema_description:"The secret key used to sign the Reset Password flow JSON Web Token's."`
}
// IdentityValidationElevatedSession represents the tunable aspects of the credential control identity verification action/flow.
type IdentityValidationElevatedSession struct {
CodeLifespan time.Duration `koanf:"code_lifespan" json:"code_lifespan" jsonschema:"title=Code Lifespan,default=5 minutes" jsonschema_description:"The lifespan of the randomly generated One Time Code after which it's considered invalid."`
ElevationLifespan time.Duration `koanf:"elevation_lifespan" json:"elevation_lifespan" jsonschema:"title=Elevation Lifespan,default=10 minutes" jsonschema_description:"The lifespan of the elevation after initially validating the One-Time Code before it expires."`
Characters int `koanf:"characters" json:"otp_characters" jsonschema:"title=OTP Characters,minimum=6,maximum=12,default=8" jsonschema_description:"Number of characters in the generated OTP codes."`
RequireSecondFactor bool `koanf:"require_second_factor" json:"require_second_factor" jsonschema:"title=Require Second Factor,default=false" jsonschema_description:"Requires the user use a second factor if they have any known second factor methods."`
SkipSecondFactor bool `koanf:"skip_second_factor" json:"skip_second_factor" jsonschema:"title=Skip Second Factor,default=false" jsonschema_description:"Skips the primary identity verification process if the user has authenticated with a second factor."`
}
// DefaultIdentityValidation has the default values for the IdentityValidation configuration.
var DefaultIdentityValidation = IdentityValidation{
ResetPassword: IdentityValidationResetPassword{
JWTExpiration: time.Minute * 5,
JWTAlgorithm: "HS256",
},
ElevatedSession: IdentityValidationElevatedSession{
CodeLifespan: time.Minute * 5,
ElevationLifespan: time.Minute * 10,
Characters: 8,
},
}
|
