package oidc

You can search for identifiers within the package.

in-package search v0.2.0

OpenID Connect
- CHANGES
- README
- Library oidc
  - Oidc
    
    SimpleClient
    
    Client
    
    Discover
    
    Parameters
    
    Display
    
    Prompt
    
    Scopes
    
    Token
    
    Response
    
    Request
    
    RefreshTokenRequest
    
    IDToken
    
    Jwks
    
    Userinfo
    
    Pkce
    
    Verifier
    
    Challenge
    
    Error
- Sources
  - oidc
    
    Claims.ml
    
    Client.ml
    
    Discover.ml
    
    Error.ml
    
    IDToken.ml
    
    Jwks.ml
    
    Oidc.ml
    
    Parameters.ml
    
    Provider.ml
    
    RefreshTokenRequest.ml
    
    Scopes.ml
    
    SimpleClient.ml
    
    States.ml
    
    Token.ml
    
    TokenRequest.ml
    
    TokenResponse.ml
    
    Userinfo.ml
    
    Utils.ml
    
    oidc__.ml
    
    pkce.ml

Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source

Source file `Client.ml`

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
type t =
  { id : string
  ; response_types : string list
  ; grant_types : string list
  ; redirect_uris : Uri.t list
  ; secret : string option
  ; token_endpoint_auth_method : string
  }

let make
      ?secret
      ~response_types
      ~grant_types
      ~redirect_uris
      ~token_endpoint_auth_method
      id
  =
  { id
  ; response_types
  ; grant_types
  ; redirect_uris
  ; token_endpoint_auth_method
  ; secret
  }

type meta =
  { redirect_uris : Uri.t list
  ; response_types : string list option
  ; grant_types : string list option
  ; application_type : string option
  ; contacts : string list option
  ; client_name : string option
  ; token_endpoint_auth_method : string option
  ; logo_uri : Uri.t option
  ; client_uri : Uri.t option
  ; policy_uri : Uri.t option
  ; tos_uri : Uri.t option
  ; jwks_uri : Uri.t option
  ; sector_identifier_uri : Uri.t option
  ; subject_type : string option
  ; id_token_signed_response_alg : Jose.Jwa.alg option
  }

let make_meta
      ?(response_types : string list option)
      ?(grant_types : string list option)
      ?(application_type : string option)
      ?(contacts : string list option)
      ?(client_name : string option)
      ?(token_endpoint_auth_method : string option)
      ?(logo_uri : Uri.t option)
      ?(client_uri : Uri.t option)
      ?(policy_uri : Uri.t option)
      ?(tos_uri : Uri.t option)
      ?(jwks_uri : Uri.t option)
      ?(sector_identifier_uri : Uri.t option)
      ?(subject_type : string option)
      ?(id_token_signed_response_alg : Jose.Jwa.alg option)
      ~(redirect_uris : Uri.t list)
      ()
  =
  { redirect_uris
  ; response_types
  ; grant_types
  ; application_type
  ; contacts
  ; client_name
  ; token_endpoint_auth_method
  ; logo_uri
  ; client_uri
  ; policy_uri
  ; tos_uri
  ; jwks_uri
  ; sector_identifier_uri
  ; subject_type
  ; id_token_signed_response_alg
  }

let meta_to_yojson meta =
  let open Utils in
  let values =
    [ Some
        ( "redirect_uris"
        , `List
            (List.map (fun s -> `String (Uri.to_string s)) meta.redirect_uris)
        )
    ; Option.map
        (fun response_types ->
           ( "response_types"
           , `List (List.map (fun s -> `String s) response_types) ))
        meta.response_types
    ; Option.map
        (fun grant_types ->
           "grant_types", `List (List.map (fun s -> `String s) grant_types))
        meta.grant_types
    ; RJson.to_yojson_string_opt "application_type" meta.application_type
    ; Option.map
        (fun contacts ->
           "contacts", `List (List.map (fun s -> `String s) contacts))
        meta.contacts
    ; RJson.to_yojson_string_opt "client_name" meta.client_name
    ; RJson.to_yojson_string_opt
        "token_endpoint_auth_method"
        meta.token_endpoint_auth_method
    ; RJson.to_yojson_string_opt
        "logo_uri"
        (Option.map Uri.to_string meta.logo_uri)
    ; RJson.to_yojson_string_opt
        "client_uri"
        (Option.map Uri.to_string meta.client_uri)
    ; RJson.to_yojson_string_opt
        "policy_uri"
        (Option.map Uri.to_string meta.policy_uri)
    ; RJson.to_yojson_string_opt
        "tos_uri"
        (Option.map Uri.to_string meta.tos_uri)
    ; RJson.to_yojson_string_opt
        "jwks_uri"
        (Option.map Uri.to_string meta.jwks_uri)
    ; RJson.to_yojson_string_opt
        "sector_identifier_uri"
        (Option.map Uri.to_string meta.sector_identifier_uri)
    ; RJson.to_yojson_string_opt "subject_type" meta.subject_type
    ; RJson.to_yojson_string_opt
        "id_token_signed_response_alg"
        (Option.map Jose.Jwa.alg_to_string meta.id_token_signed_response_alg)
    ]
  in
  `Assoc (List.filter_map (fun x -> x) values)

let meta_to_string c =
  meta_to_yojson c
  |> Yojson.Safe.Util.to_assoc
  |> List.filter (function _, `Null -> false | _ -> true)
  |> fun l -> `Assoc l |> Yojson.Safe.to_string

type dynamic_response =
  { client_id : string
  ; client_secret : string option
  ; registration_access_token : string option
  ; registration_client_uri : string option
  ; client_secret_expires_at : int option
  ; client_id_issued_at : int option
  ; client_id_expires_at : int option
  ; application_type : string option
  }

let dynamic_is_expired dynamic =
  let now = Unix.time () |> int_of_float in
  match dynamic.client_id_expires_at with Some i -> i < now | None -> false

(* If it's not provided we assume it's valid forever *)

let dynamic_of_yojson (json : Yojson.Safe.t) : (dynamic_response, string) result
  =
  try
    let module Json = Yojson.Safe.Util in
    Ok
      { client_id = json |> Json.member "client_id" |> Json.to_string
      ; client_secret =
          json |> Json.member "client_secret" |> Json.to_string_option
      ; registration_access_token =
          json
          |> Json.member "registration_access_token"
          |> Json.to_string_option
      ; registration_client_uri =
          json |> Json.member "registration_client_uri" |> Json.to_string_option
      ; client_secret_expires_at =
          json |> Json.member "client_secret_expires_at" |> Json.to_int_option
      ; client_id_issued_at =
          json |> Json.member "client_id_issued_at" |> Json.to_int_option
      ; client_id_expires_at =
          json |> Json.member "client_id_expires_at" |> Json.to_int_option
      ; application_type =
          json |> Json.member "application_type" |> Json.to_string_option
      }
  with
  | Yojson.Safe.Util.Type_error (str, _) -> Error str

let dynamic_of_string response =
  Yojson.Safe.from_string response |> dynamic_of_yojson

let of_dynamic_and_meta ~dynamic ~meta =
  let open Utils in
  { id = dynamic.client_id
  ; redirect_uris = meta.redirect_uris
  ; secret = dynamic.client_secret
  ; grant_types = ROpt.get_or meta.grant_types ~default:[ "authorization_code" ]
  ; response_types = ROpt.get_or meta.response_types ~default:[ "code" ]
  ; token_endpoint_auth_method =
      ROpt.get_or meta.token_endpoint_auth_method ~default:"client_secret_post"
  }

package oidc

Source file Client.ml

Source file `Client.ml`