only keep metadata type

This commit is contained in:
Denis Mishin 2025-04-23 22:44:53 -04:00
parent f89d144e08
commit 72d03e2add
2 changed files with 46 additions and 1344 deletions

File diff suppressed because it is too large Load diff

View file

@ -285,263 +285,3 @@ message ClientMetadata {
// types"
// };
}
// Represents the request sent to the Client Registration Endpoint (RFC 7591
// Section 3.1).
message ClientRegistrationRequest {
// Fields correspond to ClientMetadata, indicating requested values.
// REQUIRED for redirect flows.
repeated string redirect_uris = 1 [ (buf.validate.field).repeated = {
min_items : 1,
items : {string : {uri : true, min_len : 1}}
} ];
// OPTIONAL. Default is "client_secret_basic".
optional string token_endpoint_auth_method = 2
[ (buf.validate.field).string = {
in : [ "none", "client_secret_post", "client_secret_basic" ]
} ];
// OPTIONAL. Default is ["authorization_code"].
repeated string grant_types = 3
[ (buf.validate.field).repeated .items.string = {
in : [
"authorization_code",
"implicit",
"password",
"client_credentials",
"refresh_token",
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"urn:ietf:params:oauth:grant-type:saml2-bearer"
]
} ];
// OPTIONAL. Default is ["code"].
repeated string response_types = 4 [
(buf.validate.field).repeated .items.string = {in : [ "code", "token" ]}
];
// OPTIONAL. RECOMMENDED.
optional string client_name = 5
[ (buf.validate.field).string = {min_len : 1, max_len : 255} ];
// OPTIONAL.
map<string, string> client_name_localized = 6 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {min_len : 1, max_len : 255}}
} ];
// OPTIONAL. RECOMMENDED.
optional string client_uri = 7 [ (buf.validate.field).string.uri = true ];
// OPTIONAL.
map<string, string> client_uri_localized = 8 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {uri : true}}
} ];
// OPTIONAL.
optional string logo_uri = 9 [ (buf.validate.field).string.uri = true ];
// OPTIONAL.
map<string, string> logo_uri_localized = 10 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {uri : true}}
} ];
// OPTIONAL.
optional string scope = 11 [
(buf.validate.field).string = {pattern : "^\\S+( \\S+)*$", min_len : 1}
];
// OPTIONAL.
repeated string contacts = 12
[ (buf.validate.field).repeated .items.string.email = true ];
// OPTIONAL.
optional string tos_uri = 13 [ (buf.validate.field).string.uri = true ];
// OPTIONAL.
map<string, string> tos_uri_localized = 14 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {uri : true}}
} ];
// OPTIONAL.
optional string policy_uri = 15 [ (buf.validate.field).string.uri = true ];
// OPTIONAL.
map<string, string> policy_uri_localized = 16 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {uri : true}}
} ];
// OPTIONAL. Mutually exclusive with `jwks`.
optional string jwks_uri = 17 [ (buf.validate.field).string.uri = true ];
// OPTIONAL. Mutually exclusive with `jwks_uri`.
optional JsonWebKeySet jwks = 18;
// OPTIONAL.
optional string software_id = 19
[ (buf.validate.field).string = {min_len : 1, max_len : 255} ];
// OPTIONAL.
optional string software_version = 20
[ (buf.validate.field).string = {min_len : 1, max_len : 255} ];
// OPTIONAL. A software statement containing client metadata values about the
// client software as claims.
optional string software_statement = 21 [ (buf.validate.field).string = {
min_len : 1,
pattern : "^[a-zA-Z0-9\\-_]+\\.[a-zA-Z0-9\\-_]+\\.[a-zA-Z0-9\\-_]*$"
} ];
// Message level validation to ensure mutual exclusion of jwks and jwks_uri.
option (buf.validate.message).cel = {
id : "client_registration_request.jwks_mutual_exclusion",
expression : "!has(this.jwks_uri) || !has(this.jwks)",
message : "jwks_uri and jwks are mutually exclusive"
};
}
// Represents the successful response from the Client Registration Endpoint (RFC
// 7591 Section 3.2.1).
message ClientInformationResponse {
// REQUIRED. OAuth 2.0 client identifier string issued by the authorization
// server.
string client_id = 1 [
(buf.validate.field).required = true,
(buf.validate.field).string.min_len = 1
];
// OPTIONAL. OAuth 2.0 client secret string. Only issued for confidential
// clients.
optional string client_secret = 2 [ (buf.validate.field).string.min_len = 1 ];
// OPTIONAL. Time at which the client identifier was issued (Unix timestamp,
// seconds since epoch).
optional int64 client_id_issued_at = 3 [ (buf.validate.field).int64.gt = 0 ];
// REQUIRED if "client_secret" is issued, OPTIONAL otherwise. Time at which
// the client secret will expire (Unix timestamp, seconds since epoch), or 0
// if it will not expire.
optional int64 client_secret_expires_at = 4
[ (buf.validate.field).int64.gte = 0 ];
// Contains all registered metadata about this client, reflecting server
// state. REQUIRED if applicable to the client registration.
repeated string redirect_uris = 5 [ (buf.validate.field).repeated = {
min_items : 1,
items : {string : {uri : true, min_len : 1}}
} ];
// OPTIONAL (reflects registered value, may have default).
optional string token_endpoint_auth_method = 6
[ (buf.validate.field).string = {
in : [ "none", "client_secret_post", "client_secret_basic" ]
} ];
// OPTIONAL (reflects registered value, may have default).
repeated string grant_types = 7
[ (buf.validate.field).repeated .items.string = {
in : [
"authorization_code",
"implicit",
"password",
"client_credentials",
"refresh_token",
"urn:ietf:params:oauth:grant-type:jwt-bearer",
"urn:ietf:params:oauth:grant-type:saml2-bearer"
]
} ];
// OPTIONAL (reflects registered value, may have default).
repeated string response_types = 8 [
(buf.validate.field).repeated .items.string = {in : [ "code", "token" ]}
];
// OPTIONAL (reflects registered value).
optional string client_name = 9
[ (buf.validate.field).string = {min_len : 1, max_len : 255} ];
// OPTIONAL (reflects registered value).
map<string, string> client_name_localized = 10 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {min_len : 1, max_len : 255}}
} ];
// OPTIONAL (reflects registered value).
optional string client_uri = 11 [ (buf.validate.field).string.uri = true ];
// OPTIONAL (reflects registered value).
map<string, string> client_uri_localized = 12 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {uri : true}}
} ];
// OPTIONAL (reflects registered value).
optional string logo_uri = 13 [ (buf.validate.field).string.uri = true ];
// OPTIONAL (reflects registered value).
map<string, string> logo_uri_localized = 14 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {uri : true}}
} ];
// OPTIONAL (reflects registered value).
optional string scope = 15 [
(buf.validate.field).string = {pattern : "^\\S+( \\S+)*$", min_len : 1}
];
// OPTIONAL (reflects registered value).
repeated string contacts = 16
[ (buf.validate.field).repeated .items.string.email = true ];
// OPTIONAL (reflects registered value).
optional string tos_uri = 17 [ (buf.validate.field).string.uri = true ];
// OPTIONAL (reflects registered value).
map<string, string> tos_uri_localized = 18 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {uri : true}}
} ];
// OPTIONAL (reflects registered value).
optional string policy_uri = 19 [ (buf.validate.field).string.uri = true ];
// OPTIONAL (reflects registered value).
map<string, string> policy_uri_localized = 20 [ (buf.validate.field).map = {
keys : {string : {pattern : "^[a-zA-Z]{1,8}(-[a-zA-Z0-9]{1,8})*$"}},
values : {string : {uri : true}}
} ];
// OPTIONAL (reflects registered value). Mutually exclusive with `jwks`.
optional string jwks_uri = 21 [ (buf.validate.field).string.uri = true ];
// OPTIONAL (reflects registered value). Mutually exclusive with `jwks_uri`.
optional JsonWebKeySet jwks = 22;
// OPTIONAL (reflects registered value).
optional string software_id = 23
[ (buf.validate.field).string = {min_len : 1, max_len : 255} ];
// OPTIONAL (reflects registered value).
optional string software_version = 24
[ (buf.validate.field).string = {min_len : 1, max_len : 255} ];
// OPTIONAL. If a software statement was used in the request, it MUST be
// returned unmodified.
optional string software_statement = 25 [ (buf.validate.field).string = {
min_len : 1,
pattern : "^[a-zA-Z0-9\\-_]+\\.[a-zA-Z0-9\\-_]+\\.[a-zA-Z0-9\\-_]*$"
} ];
// Message level validation
option (buf.validate.message).cel = {
id : "client_info_response.secret_expiry",
// client_secret_expires_at MUST be present if client_secret is present and
// non-empty
expression : "(!has(this.client_secret) || this.client_secret == '') || "
"has(this.client_secret_expires_at)",
message : "client_secret_expires_at is required when client_secret is "
"issued"
};
option (buf.validate.message).cel = {
id : "client_info_response.jwks_mutual_exclusion",
expression : "!has(this.jwks_uri) || !has(this.jwks)",
message : "jwks_uri and jwks fields are mutually exclusive in the response"
};
}
// Standard error codes for client registration errors (RFC 7591 Section 3.2.2).
enum ErrorCode {
ERROR_CODE_UNSPECIFIED = 0;
// The value of one or more redirection URIs is invalid.
ERROR_CODE_INVALID_REDIRECT_URI = 1;
// The value of one of the client metadata fields is invalid.
ERROR_CODE_INVALID_CLIENT_METADATA = 2;
// The software statement presented is invalid.
ERROR_CODE_INVALID_SOFTWARE_STATEMENT = 3;
// The software statement presented is not approved for use by this server.
ERROR_CODE_UNAPPROVED_SOFTWARE_STATEMENT = 4;
}
// Represents the error response from the Client Registration Endpoint (RFC 7591
// Section 3.2.2).
message ClientRegistrationErrorResponse {
// REQUIRED. Single ASCII error code string from the ErrorCode enum.
ErrorCode error = 1 [
(buf.validate.field).required = true,
(buf.validate.field).enum = {
defined_only : true,
not_in : [ 0 ]
}
];
// OPTIONAL. Human-readable ASCII text description of the error.
optional string error_description = 2
[ (buf.validate.field).string = {min_len : 1, max_len : 1024} ];
}