virtru_credentials_oidc.h

Go to the documentation of this file.

/*
 * Copyright © 2020 Virtru Corporation
 *
 * SPDX - License - Identifier: MIT
 *
 */
//
//  Virtru TDF3 SDK
//
//  Created by Pat Mancuso on 2020/10/12
//

#ifndef VIRTRU_CREDENTIALS_OIDC_H_
#define VIRTRU_CREDENTIALS_OIDC_H_

#include "network_interface.h"
#include "virtru_credentials.h"

namespace virtru {

    typedef std::map<std::string, std::string> OIDCHeaders;

  //Clients authenticate with Virtru services via OIDC bearer tokens
  //Clients may authenticate with a supported OIDC IdP (identity provider)
  //using whatever authentication methods that IdP supports in order
  //to obtain an OIDC bearer token.
  //Currently, this SDK supports exchanging pregenerated client credentials for an access token.
  //Other forms of credential exchange will be added later, but for the most part the SDK shouldn't care
  //as long as the end result is a valid OIDC bearer token it can pass along.

  class CredentialsOidc : public Credentials {
  public:
    CredentialsOidc(const std::string &owner,
                    const std::string &clientId,
                    const std::string &clientSecret,
                    const std::string &clientPubkey,
                    const std::string &organizationName,
                    const std::string &oidcEndpoint);

    CredentialsOidc(const std::string &owner,
                    const std::string &refreshToken,
                    const std::string &clientPubkey,
                    const std::string &organizationName,
                    const std::string &oidcEndpoint);

      CredentialsOidc(const std::string &userId,
                      const OIDCHeaders& headers);

      CredentialsOidc(const std::string &userId,
                      const std::string &authorizationString,
                      const std::string &clientToken);

#ifndef SWIG
    virtual std::unique_ptr<Credentials> clone() const;
#endif

    virtual ~CredentialsOidc();

    virtual OIDCHeaders generateAuthHeaders(const std::string &url, const std::string &method,
                                            const std::string &body,
                                            const std::map<std::string, std::string> &headers,
                                            const std::string &date);

    virtual std::string getUserId() const;

    virtual std::string str() const;

#ifndef SWIG
    // This credential provider makes network calls to exchange credentials
    // and so for testing it is extremely useful to be able to override the HTTP provider.
    // This is obviously optional - if no provider is set, one will be created.
    void setHTTPServiceProvider(std::weak_ptr<INetwork> httpServiceProvider);
#endif

    std::string getAccessToken();

  private:
    std::tuple<std::string, std::string> exchangeCredentials(const std::string &clientId,
                                                             const std::string &clientSecret) const;

    std::tuple<std::string, std::string> exchangeRefresh(const std::string &refreshToken) const;

    std::tuple<std::string, std::string> userInfo(const std::string &accessToken) const;

    std::shared_ptr<INetwork> getHTTPServiceProvider() const;

  private:
    std::weak_ptr<INetwork> m_networkServiceProvider;
    std::string m_clientId;
    std::string m_clientSecret;
    std::string m_clientPubkey;
    std::string m_orgName;
    std::string m_oidcEndpoint;
    std::string m_owner;
    OIDCHeaders m_headers;
    std::tuple<std::string, std::string> m_tokens;
  };

} // namespace virtru
#endif // VIRTRU_CREDENTIALS_OIDC_H_