oauth2clientauthextension

package module
v0.99.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 22, 2024 License: Apache-2.0 Imports: 20 Imported by: 9

README

Authenticator - OAuth2 Client Credentials

Status
Stability beta
Distributions contrib
Issues Open issues Closed issues
Code Owners @pavankrish123, @jpkrohling

This extension provides OAuth2 Client Credentials flow authenticator for HTTP and gRPC based exporters. The extension fetches and refreshes the token after expiry automatically. For further details about OAuth2 Client Credentials flow (2-legged workflow) refer https://datatracker.ietf.org/doc/html/rfc6749#section-4.4.

The authenticator type has to be set to oauth2client.

Configuration

extensions:
  oauth2client:
    client_id: someclientid
    client_secret: someclientsecret
    endpoint_params:
      audience: someaudience
    token_url: https://example.com/oauth2/default/v1/token
    scopes: ["api.metrics"]
    # tls settings for the token client
    tls:
      insecure: true
      ca_file: /var/lib/mycert.pem
      cert_file: certfile
      key_file: keyfile
    # timeout for the token client
    timeout: 2s
    
receivers:
  hostmetrics:
    scrapers:
      memory:
  otlp:
    protocols:
      grpc:

exporters:
  otlphttp/withauth:
    endpoint: http://localhost:9000
    auth:
      authenticator: oauth2client
      
  otlp/withauth:
    endpoint: 0.0.0.0:5000
    tls:
      ca_file: /tmp/certs/ca.pem
    auth:
      authenticator: oauth2client

service:
  extensions: [oauth2client]
  pipelines:
    metrics:
      receivers: [hostmetrics]
      processors: []
      exporters: [otlphttp/withauth, otlp/withauth]

Following are the configuration fields

  • token_url - The resource server's token endpoint URLs.
  • client_id - The client identifier issued to the client.
  • client_id_file - The file path to retrieve the client identifier issued to the client. The extension reads this file and updates the client ID used whenever it needs to issue a new token. This enables dynamically changing the client credentials by modifying the file contents when, for example, they need to rotate.
    This setting takes precedence over client_id.
  • client_secret - The secret string associated with above identifier.
  • client_secret_file - The file path to retrieve the secret string associated with above identifier. The extension reads this file and updates the client secret used whenever it needs to issue a new token. This enables dynamically changing the client credentials by modifying the file contents when, for example, they need to rotate.
    This setting takes precedence over client_secret.
  • endpoint_params - Additional parameters that are sent to the token endpoint.
  • scopes - Optional optional requested permissions associated for the client.
  • timeout - Optional specifies the timeout on the underlying client to authorization server for fetching the tokens (initial and while refreshing). This is optional and not setting this configuration implies there is no timeout on the client.

For more information on client side TLS settings, see configtls README.

Documentation

Overview

Package oauth2clientauthextension implements `cauth.Client` This extension provides OAuth2 Client Credentials flow authenticator for HTTP and gRPC based exporters. The extension fetches and refreshes the token after expiry For further details about OAuth2 Client Credentials flow refer https://datatracker.ietf.org/doc/html/rfc6749#section-4.4

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewFactory 

func NewFactory() extension.Factory

NewFactory creates a factory for the oauth2 client Authenticator extension.

Types

type Config 

type Config struct {

	// ClientID is the application's ID.
	// See https://datatracker.ietf.org/doc/html/rfc6749#section-2.2
	ClientID string `mapstructure:"client_id"`

	// ClientIDFile is the file path to read the application's ID from.
	ClientIDFile string `mapstructure:"client_id_file"`

	// ClientSecret is the application's secret.
	// See https://datatracker.ietf.org/doc/html/rfc6749#section-2.3.1
	ClientSecret configopaque.String `mapstructure:"client_secret"`

	// ClientSecretFile is the file pathg to read the application's secret from.
	ClientSecretFile string `mapstructure:"client_secret_file"`

	// EndpointParams specifies additional parameters for requests to the token endpoint.
	EndpointParams url.Values `mapstructure:"endpoint_params"`

	// TokenURL is the resource server's token endpoint
	// URL. This is a constant specific to each server.
	// See https://datatracker.ietf.org/doc/html/rfc6749#section-3.2
	TokenURL string `mapstructure:"token_url"`

	// Scope specifies optional requested permissions.
	// See https://datatracker.ietf.org/doc/html/rfc6749#section-3.3
	Scopes []string `mapstructure:"scopes,omitempty"`

	// TLSSetting struct exposes TLS client configuration for the underneath client to authorization server.
	TLSSetting configtls.ClientConfig `mapstructure:"tls,omitempty"`

	// Timeout parameter configures `http.Client.Timeout` for the underneath client to authorization
	// server while fetching and refreshing tokens.
	Timeout time.Duration `mapstructure:"timeout,omitempty"`
}

Config stores the configuration for OAuth2 Client Credentials (2-legged OAuth2 flow) setup.

func (*Config) Validate 

func (cfg *Config) Validate() error

Validate checks if the extension configuration is valid

Source Files

View all Source files

Directories

Path Synopsis
internal
metadata

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.