baron-sso/backend/internal/domain/hydra_models.go

package domain

import "time"

type HydraClient struct {
	ClientID                string                 `json:"client_id"`
	ClientName              string                 `json:"client_name,omitempty"`
	ClientSecret            string                 `json:"client_secret,omitempty"` // Added
	ClientURI               string                 `json:"client_uri,omitempty"`
	RedirectURIs            []string               `json:"redirect_uris,omitempty"`
	GrantTypes              []string               `json:"grant_types,omitempty"`
	ResponseTypes           []string               `json:"response_types,omitempty"`
	Scope                   string                 `json:"scope,omitempty"`
	TokenEndpointAuthMethod string                 `json:"token_endpoint_auth_method,omitempty"`
	JWKSUri                 string                 `json:"jwks_uri,omitempty"`
	JWKS                    interface{}            `json:"jwks,omitempty"`
	Metadata                map[string]interface{} `json:"metadata,omitempty"`
}

func (c *HydraClient) IsTrustedRP() bool {
	// A Trusted RP must have a public key registered (URI or Inline)
	// and use private_key_jwt for token endpoint authentication.
	hasPublicKey := c.JWKSUri != "" || c.JWKS != nil
	isPrivateKeyJwt := c.TokenEndpointAuthMethod == "private_key_jwt"
	return hasPublicKey && isPrivateKeyJwt
}

func (c *HydraClient) IsHeadlessLoginEnabled() bool {
	if !c.IsTrustedRP() {
		return false
	}
	if c.Metadata == nil {
		return false
	}
	val, ok := c.Metadata["headless_login_enabled"]
	if !ok {
		return false
	}
	if b, ok := val.(bool); ok {
		return b
	}
	return false
}

type HydraConsentRequest struct {
	Challenge         string      `json:"challenge"`
	RequestedScope    []string    `json:"requested_scope"`
	RequestedAudience []string    `json:"requested_access_token_audience"`
	Skip              bool        `json:"skip"`
	Subject           string      `json:"subject"`
	Client            HydraClient `json:"client"`
}

type HydraLoginRequest struct {
	Challenge string      `json:"challenge"`
	Subject   string      `json:"subject"`
	Skip      bool        `json:"skip"`
	Client    HydraClient `json:"client"`
}

type HydraConsentSession struct {
	ConsentRequestID string               `json:"consent_request_id,omitempty"`
	Subject          string               `json:"subject,omitempty"`
	GrantedScope     []string             `json:"grant_scope,omitempty"`
	GrantedAudience  []string             `json:"grant_access_token_audience,omitempty"`
	Remember         bool                 `json:"remember"`
	RememberFor      int                  `json:"remember_for,omitempty"`
	AuthenticatedAt  *time.Time           `json:"authenticated_at,omitempty"`
	RequestedAt      *time.Time           `json:"requested_at,omitempty"`
	HandledAt        *time.Time           `json:"handled_at,omitempty"`
	Client           HydraClient          `json:"client,omitempty"`
	ConsentRequest   *HydraConsentRequest `json:"consent_request,omitempty"`
}