Documentation
¶
Index ¶
- type IDTokenSource
- type OIDCWebFlowHelper
- type OIDCWebFlowServer
- func (s *OIDCWebFlowServer) Address() string
- func (s *OIDCWebFlowServer) AuthStartURL() string
- func (s *OIDCWebFlowServer) HealthCheck(w http.ResponseWriter, r *http.Request)
- func (s *OIDCWebFlowServer) NotFoundHandler(w http.ResponseWriter, r *http.Request)
- func (s *OIDCWebFlowServer) Run() (oauth2.TokenSource, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type IDTokenSource ¶
type IDTokenSource struct {
Source oauth2.TokenSource
Verifier *oidc.IDTokenVerifier
}
IDTokenSource is a wrapper around a TokenSource that returns the OpenID token as the access token.
type OIDCWebFlowHelper ¶
type OIDCWebFlowHelper struct {
// contains filtered or unexported fields
}
OIDCWebFlowHelper helps get an OIDC token using the web flow. GetTokenSource returns a token source which surfaces the OIDC token as the AccessToken. This tokensource can used for Authorization flows that use OIDC tokens as the bearer token.
This flow is useful when obtaining OIDC tokens for human based accounts as these require the user to go through an OAuth web flow to generate the credentials.
For robot accounts it should be possible to generate the OIDC token without going through the WebFlow; e.g. by using the private key for the robot account. See for example: https://pkg.go.dev/google.golang.org/api/idtoken
func NewOIDCWebFlowHelper ¶
func NewOIDCWebFlowHelper(oAuthClientFile string, issuer string) (*OIDCWebFlowHelper, error)
NewOIDCWebFlowHelper constructs a new web flow helper. oAuthClientFile should be the path to a credentials.json downloaded from the API console.
func (*OIDCWebFlowHelper) GetOAuthConfig ¶
func (h *OIDCWebFlowHelper) GetOAuthConfig() *oauth2.Config
func (*OIDCWebFlowHelper) GetTokenSource ¶
func (h *OIDCWebFlowHelper) GetTokenSource(ctx context.Context) (oauth2.TokenSource, error)
GetTokenSource requests a token from the web, then returns the retrieved token.
type OIDCWebFlowServer ¶
type OIDCWebFlowServer struct {
// contains filtered or unexported fields
}
OIDCWebFlowServer creates a server to be used as part of client registration in the OIDC protocol.
It is based on the code in https://github.com/coreos/go-oidc/blob/v3/example/idtoken/app.go.
N.B: https://github.com/coreos/go-oidc/issues/354 is discussing creating a reusable server.
func NewOIDCWebFlowServer ¶
func NewOIDCWebFlowServer(config oauth2.Config, verifier *oidc.IDTokenVerifier, log logr.Logger) (*OIDCWebFlowServer, error)
func (*OIDCWebFlowServer) Address ¶
func (s *OIDCWebFlowServer) Address() string
func (*OIDCWebFlowServer) AuthStartURL ¶
func (s *OIDCWebFlowServer) AuthStartURL() string
AuthStartURL returns the URL to kickoff the oauth login flow.
func (*OIDCWebFlowServer) HealthCheck ¶
func (s *OIDCWebFlowServer) HealthCheck(w http.ResponseWriter, r *http.Request)
func (*OIDCWebFlowServer) NotFoundHandler ¶
func (s *OIDCWebFlowServer) NotFoundHandler(w http.ResponseWriter, r *http.Request)
func (*OIDCWebFlowServer) Run ¶
func (s *OIDCWebFlowServer) Run() (oauth2.TokenSource, error)
Run runs the flow to create a tokensource.
Source Files