gotosocial/internal/api/model/oauth.go

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package model

// OAuthAuthorize represents a request sent to https://example.org/oauth/authorize
type OAuthAuthorize struct {
	// Forces the user to re-login, which is necessary for authorizing with multiple accounts from the same instance.
	ForceLogin string `form:"force_login" json:"force_login"`
	// Should be set equal to `code`.
	ResponseType string `form:"response_type" json:"response_type" binding:"required"`
	// Client ID, obtained during app registration.
	ClientID string `form:"client_id" json:"client_id" binding:"required"`
	// Set a URI to redirect the user to.
	// If this parameter is set to urn:ietf:wg:oauth:2.0:oob then the authorization code will be shown instead.
	// Must match one of the redirect URIs declared during app registration.
	RedirectURI string `form:"redirect_uri" json:"redirect_uri" binding:"required"`
	// List of requested OAuth scopes, separated by spaces (or by pluses, if using query parameters).
	// Must be a subset of scopes declared during app registration. If not provided, defaults to read.
	Scope string `form:"scope" json:"scope"`
	// State is used by the application to store request-specific data and/or prevent CSRF attacks.
	// The authorization server must return the unmodified state value back to the application.
	// See https://www.oauth.com/oauth2-servers/authorization/the-authorization-request/
	State string `form:"state" json:"state"`
}
[chore] Improve copyright header handling (#1608) * [chore] Remove years from all license headers Years or year ranges aren't required in license headers. Many projects have removed them in recent years and it avoids a bit of yearly toil. In many cases our copyright claim was also a bit dodgy since we added the 2021-2023 header to files created after 2021 but you can't claim copyright into the past that way. * [chore] Add license header check This ensures a license header is always added to any new file. This avoids maintainers/reviewers needing to remember to check for and ask for it in case a contribution doesn't include it. * [chore] Add missing license headers * [chore] Further updates to license header * Use the more common // indentend comment format * Remove the hack we had for the linter now that we use the // format * Add SPDX license identifier 2023-03-12 16:00:57 +01:00			`// GoToSocial`
			`// Copyright (C) GoToSocial Authors admin@gotosocial.org`
			`// SPDX-License-Identifier: AGPL-3.0-or-later`
			`//`
			`// This program is free software: you can redistribute it and/or modify`
			`// it under the terms of the GNU Affero General Public License as published by`
			`// the Free Software Foundation, either version 3 of the License, or`
			`// (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU Affero General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU Affero General Public License`
			`// along with this program. If not, see <http://www.gnu.org/licenses/>.`
auth flow working for code 2021-03-18 23:27:43 +01:00
Ap (#14) Big restructuring and initial work on activitypub 2021-05-08 14:25:55 +02:00			`package model`
auth flow working for code 2021-03-18 23:27:43 +01:00
			`// OAuthAuthorize represents a request sent to https://example.org/oauth/authorize`
			`type OAuthAuthorize struct {`
			`// Forces the user to re-login, which is necessary for authorizing with multiple accounts from the same instance.`
Auth flow fixes (#82) * preliminary fixes to broken auth flow * fix some auth/cookie weirdness * fmt 2021-07-08 11:32:31 +02:00			ForceLogin string `form:"force_login" json:"force_login"`
auth flow working for code 2021-03-18 23:27:43 +01:00			// Should be set equal to `code`.
[bugfix] Fix '+'-separated scopes not being recognized (#4028) * [bugfix] Fix '+'-separated scopes not being recognized * comment 2025-04-19 21:57:50 +02:00			ResponseType string `form:"response_type" json:"response_type" binding:"required"`
auth flow working for code 2021-03-18 23:27:43 +01:00			`// Client ID, obtained during app registration.`
[bugfix] Fix '+'-separated scopes not being recognized (#4028) * [bugfix] Fix '+'-separated scopes not being recognized * comment 2025-04-19 21:57:50 +02:00			ClientID string `form:"client_id" json:"client_id" binding:"required"`
auth flow working for code 2021-03-18 23:27:43 +01:00			`// Set a URI to redirect the user to.`
			`// If this parameter is set to urn:ietf:wg:oauth:2.0:oob then the authorization code will be shown instead.`
			`// Must match one of the redirect URIs declared during app registration.`
[bugfix] Fix '+'-separated scopes not being recognized (#4028) * [bugfix] Fix '+'-separated scopes not being recognized * comment 2025-04-19 21:57:50 +02:00			RedirectURI string `form:"redirect_uri" json:"redirect_uri" binding:"required"`
auth flow working for code 2021-03-18 23:27:43 +01:00			`// List of requested OAuth scopes, separated by spaces (or by pluses, if using query parameters).`
			`// Must be a subset of scopes declared during app registration. If not provided, defaults to read.`
Auth flow fixes (#82) * preliminary fixes to broken auth flow * fix some auth/cookie weirdness * fmt 2021-07-08 11:32:31 +02:00			Scope string `form:"scope" json:"scope"`
[feature] add 'state' oauth2 param to /oauth/authorize (#730) 2022-07-28 16:43:27 +02:00			`// State is used by the application to store request-specific data and/or prevent CSRF attacks.`
			`// The authorization server must return the unmodified state value back to the application.`
			`// See https://www.oauth.com/oauth2-servers/authorization/the-authorization-request/`
			State string `form:"state" json:"state"`
auth flow working for code 2021-03-18 23:27:43 +01:00			`}`