2 This file is part of GNUnet
3 Copyright (C) 2010-2015 GNUnet e.V.
5 GNUnet is free software: you can redistribute it and/or modify it
6 under the terms of the GNU Affero General Public License as published
7 by the Free Software Foundation, either version 3 of the License,
8 or (at your option) any later version.
10 GNUnet is distributed in the hope that it will be useful, but
11 WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Affero General Public License for more details.
15 You should have received a copy of the GNU Affero General Public License
16 along with this program. If not, see <http://www.gnu.org/licenses/>.
18 SPDX-License-Identifier: AGPL3.0-or-later
22 * @file reclaim/oidc_helper.h
23 * @brief helper library for OIDC related functions
24 * @author Martin Schanzenbach
33 #define JWT_ALG_VALUE "HS512"
37 #define JWT_TYP_VALUE "jwt"
39 #define SERVER_ADDRESS "https://api.reclaim"
42 * Create a JWT from attributes
44 * @param aud_key the public of the audience
45 * @param sub_key the public key of the subject
46 * @param attrs the attribute list
47 * @param expiration_time the validity of the token
48 * @param secret_key the key used to sign the JWT
49 * @return a new base64-encoded JWT string.
52 OIDC_id_token_new (const struct GNUNET_CRYPTO_EcdsaPublicKey *aud_key,
53 const struct GNUNET_CRYPTO_EcdsaPublicKey *sub_key,
54 const struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
55 const struct GNUNET_TIME_Relative *expiration_time,
57 const char *secret_key);
60 * Builds an OIDC authorization code including
61 * a reclaim ticket and nonce
63 * @param issuer the issuer of the ticket, used to sign the ticket and nonce
64 * @param ticket the ticket to include in the code
65 * @param attrs list of attributes to share
66 * @param nonce the nonce to include in the code
67 * @return a new authorization code (caller must free)
70 OIDC_build_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *issuer,
71 const struct GNUNET_RECLAIM_Ticket *ticket,
72 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList *attrs,
76 * Parse reclaim ticket and nonce from
78 * This also verifies the signature in the code.
80 * @param ecdsa_priv the audience of the ticket
81 * @param code the string representation of the code
82 * @param ticket where to store the ticket
83 * @param attrs the attributes found in the code
84 * @param nonce where to store the nonce
85 * @return GNUNET_OK if successful, else GNUNET_SYSERR
88 OIDC_parse_authz_code (const struct GNUNET_CRYPTO_EcdsaPrivateKey *ecdsa_priv,
90 struct GNUNET_RECLAIM_Ticket *ticket,
91 struct GNUNET_RECLAIM_ATTRIBUTE_ClaimList **attrs,
95 * Build a token response for a token request
96 * TODO: Maybe we should add the scope here?
98 * @param access_token the access token to include
99 * @param id_token the id_token to include
100 * @param expiration_time the expiration time of the token(s)
101 * @param token_response where to store the response
104 OIDC_build_token_response (const char *access_token,
105 const char *id_token,
106 const struct GNUNET_TIME_Relative *expiration_time,
107 char **token_response);
109 * Generate a new access token
112 OIDC_access_token_new ();