AllocAccount makes an empty one in memory.

AllocClaimsScope makes an empty one in memory.

AllocAudClaim make an empty one in memory.

AllocAuthMethod makes an empty one in memory.

AllocCertificate makes an empty one in memory.

AllocClaimsScope makes an empty one in memory.

AllocManagedGroup makes an empty one in memory.

AllocManagedGroupMemberAccount makes an empty one in memory.

AllocPrompt makes an empty one in memory.

AllocSigningAlg makes an empty one in memory.

Callback is an oidc domain service function for processing a successful OIDC Authentication Response from an IdP oidc callback.

EncodeCertificates will encode a number of x509 certificates to PEMs.

ListAccounts lists up to page size oidc accounts, filtering out entries that do not pass the filter item function.

ListAccountsPage lists up to page size oidc accounts, filtering out entries that do not pass the filter item function.

ListAccountsRefresh lists oidc accounts according to the page size and list token, filtering out entries that do not pass the filter item fn.

ListAccountsRefreshPage lists up to page size accounts, filtering out entries that do not pass the filter item function.

ListManagedGroups lists up to page size oidc managed groups, filtering out entries that do not pass the filter item function.

ListManagedGroupsPage lists up to page size oidc managed groups, filtering out entries that do not pass the filter item function.

ListManagedGroupsRefresh lists oidc managed groups according to the page size and list token, filtering out entries that do not pass the filter item fn.

ListManagedGroupsRefreshPage lists up to page size managed groups, filtering out entries that do not pass the filter item function.

NewAccount creates a new in memory Account assigned to OIDC AuthMethod.

NewAudClaim creates a new in memory audience claim assigned to an OIDC AuthMethod.

NewAuthMethod creates a new in memory AuthMethod assigned to scopeId.

NewCertificate creates a new in memory certificate assigned to and OIDC auth method.

NewManagedGroup creates a new in memory ManagedGroup assigned to OIDC AuthMethod.

NewManagedGroupMemberAccount creates a new in memory ManagedGroupMemberAccount assigned to a managed group within an OIDC AuthMethod.

NewPrompt creates a new in memory prompt assigned to an OIDC AuthMethod.

NewRepository creates a new oidc Repository.

NewSigningAlg creates a new in memory signing alg assigned to an OIDC AuthMethod.

ParseAccountClaimMaps will parse the inbound claim maps.

ParseCertificates will parse a number of certificates PEMs to x509s.

StartAuth accepts a request to start an OIDC authentication/authorization attempt.

SupportedAlgorithm returns true iff the provided algorithm is supported by boundary.

SupportedPrompt returns true if the provided prompt is supported by boundary.

TestAccount creates a test oidc auth account.

TestAuthMethod creates a test oidc auth method.

TestConvertToUrls will convert URL string representations to a slice of *url.URL.

TestManagedGroup creates a test oidc managed group.

TestManagedGroupMember adds given account IDs to a managed group.

TestPendingToken will create a pending auth token for the tokenRequestId (aka public id).

TestSortAuthMethods will sort the provided auth methods by public id and it will sort each auth method's embedded value objects (algs, auds, certs, callbacks).

TestTokenRequestId will make a request.Token and encrypt/encode within a request.Wrapper.

TokenRequest is an oidc domain service function for processing a token request from a Boundary client.

UnwrapMessage does just that, it unwraps the encoded request.Wrapper proto message.

WithAccountClaimMap provides an option for specifying an Account Claim map.

WithApiUrl provides optional api URL to use in the various.

WithAudClaims provides optional audience claims.

WithAuthMethod provides an option for passing an AuthMethod to the operation.

WithCertificates provides optional certificates.

WithClaimsScopes provides optional claims scopes.

WithDescription provides an optional description.

WithDryRun provides an option to do a "dry run" of a write operation, which will run verification steps and return any errors, but will not persist the data into the repository.

WithEmail provides an optional email address for the account.

WithForce provides an option to force the write operation, regardless of whether or not it's pre-verification succeeds.

WithFullName provides an optional full name for the account.

WithIssuer provides an option for specifying an issuer.

WithKeyId provides an option for specifying a key id.

WithLimit provides an option to provide a limit.

WithMaxAge provides an optional max age.

WithName provides an optional name.

WithOperationalState provides an option for specifying an issuer.

WithOrderByCreateTime provides an option to specify ordering by the CreateTime field.

WithPrompts provides optional prompts.

WithPublicId provides an option for passing a public id to the operation.

WithReader provides an option for specifying a reader to use for the operation.

WithRoundTripPayload provides an option for passing an payload to be roundtripped during an authentication process.

WithSigningAlgs provides optional signing algorithms.

WithStartPageAfterItem is used to paginate over the results.

WithUnauthenticatedUser provides an option for filtering results for an unauthenticated users.

AttemptExpiration defines the TTL for an authentication attempt.

AuthenticationErrorsEndpoint is the endpoint that will returned as the final redirect from the callback when there are auth errors.

CallbackEndpoint is the endpoint for the oidc callback which will be included in the auth URL returned when an authen attempted is kicked off.

ECDSA using P-256 and SHA-256.

ECDSA using P-384 and SHA-384.

ECDSA using P-521 and SHA-512.

FinalRedirectEndpoint is the endpoint that the oidc callback redirect client to after the callback is complete.

Prompt values defined by OpenID specs.

RSASSA-PSS using SHA256 and MGF1-SHA256.

RSASSA-PSS using SHA384 and MGF1-SHA384.

RSASSA-PSS using SHA512 and MGF1-SHA512.

RSASSA-PKCS-v1.5 using SHA-256.

RSASSA-PKCS-v1.5 using SHA-384.

RSASSA-PKCS-v1.5 using SHA-512.

Account contains an OIDC auth account.

AccountClaimMap defines optional OIDC scope values that are used to request claims, in addition to the default scope of "openid" (see: DefaultClaimsScope).

AudClaim defines an audience claim for an OIDC auth method.

AuthMethod contains an OIDC auth method configuration.

Certificate defines a certificate to use as part of a trust root when connecting to the auth method's OIDC Provider.

ClaimMap defines the To and From of an oidc claim map.

ClaimsScope defines optional OIDC scope values that are used to request claims, in addition to the default scope of "openid" (see: DefaultClaimsScope).

ManagedGroup contains an OIDC managed group.

ManagedGroupMemberAccount contains a mapping between a managed group and a member account.

Prompt defines an prompt supported by an OIDC auth method.

Repository is the oidc repository.

SigningAlg defines an signing algorithm supported by an OIDC auth method.

Alg represents asymmetric signing algorithms.

AuthMethodState defines the possible states for an oidc auth method.

ClientSecret equals an AuthMethod's client secret.

Option - how Options are passed as arguments.

Prompt represents OIDC authentication prompt.