istio: istio.io/istio/security/pkg/stsservice Index | Files | Directories

package stsservice

import "istio.io/istio/security/pkg/stsservice"

Index

Package Files

sts.go

type StsErrorResponse Uses

type StsErrorResponse struct {
    // REQUIRED. A single ASCII Error code.
    Error string `json:"error"`
    // OPTIONAL. Human-readable ASCII [USASCII] text providing additional information.
    ErrorDescription string `json:"error_description"`
    // OPTIONAL. A URI identifying a human-readable web page with information
    // about the Error.
    ErrorURI string `json:"error_uri"`
}

StsErrorResponse stores all Error parameters sent as JSON in a STS Error response. The Error parameters are defined in https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-2.2.2.

type StsRequestParameters Uses

type StsRequestParameters struct {
    // REQUIRED. The value "urn:ietf:params:oauth:grant-type:token- exchange"
    // indicates that a token exchange is being performed.
    GrantType string
    // OPTIONAL. Indicates the location of the target service or resource where
    // the client intends to use the requested security token.
    Resource string
    // OPTIONAL. The logical name of the target service where the client intends
    // to use the requested security token.
    Audience string
    // OPTIONAL. A list of space-delimited, case-sensitive strings, that allow
    // the client to specify the desired Scope of the requested security token in the
    // context of the service or Resource where the token will be used.
    Scope string
    // OPTIONAL. An identifier, for the type of the requested security token.
    RequestedTokenType string
    // REQUIRED. A security token that represents the identity of the party on
    // behalf of whom the request is being made.
    SubjectToken string
    // REQUIRED. An identifier, that indicates the type of the security token in
    // the "subject_token" parameter.
    SubjectTokenType string
    // OPTIONAL. A security token that represents the identity of the acting party.
    ActorToken string
    // An identifier, that indicates the type of the security token in the
    // "actor_token" parameter.
    ActorTokenType string
}

StsRequestParameters stores all STS request attributes defined in https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-2.1

type StsResponseParameters Uses

type StsResponseParameters struct {
    // REQUIRED. The security token issued by the authorization server
    // in response to the token exchange request.
    AccessToken string `json:"access_token"`
    // REQUIRED. An identifier, representation of the issued security token.
    IssuedTokenType string `json:"issued_token_type"`
    // REQUIRED. A case-insensitive value specifying the method of using the access
    // token issued. It provides the client with information about how to utilize the
    // access token to access protected resources.
    TokenType string `json:"token_type"`
    // RECOMMENDED. The validity lifetime, in seconds, of the token issued by the
    // authorization server.
    ExpiresIn int64 `json:"expires_in"`
    // OPTIONAL, if the Scope of the issued security token is identical to the
    // Scope requested by the client; otherwise, REQUIRED.
    Scope string `json:"scope"`
    // OPTIONAL. A refresh token will typically not be issued when the exchange is
    // of one temporary credential (the subject_token) for a different temporary
    // credential (the issued token) for use in some other context.
    RefreshToken string `json:"refresh_token"`
}

StsResponseParameters stores all attributes sent as JSON in a successful STS response. These attributes are defined in https://tools.ietf.org/html/draft-ietf-oauth-token-exchange-16#section-2.2.1

type TokenInfo Uses

type TokenInfo struct {
    TokenType  string    `json:"token_type"`
    IssueTime  time.Time `json:"issue_time"`
    ExpireTime time.Time `json:"expire_time"`
    Token      string    `json:"token"`
}

TokenInfo stores token information maintained at TokenManager.

type TokenManager Uses

type TokenManager interface {
    // GenerateToken takes STS request parameters and generates token. Returns
    // StsResponseParameters in JSON.
    GenerateToken(parameters StsRequestParameters) ([]byte, error)
    // DumpTokenStatus dumps status of all generated tokens and returns status in JSON.
    DumpTokenStatus() ([]byte, error)
}

TokenManager contains methods for generating token.

type TokensDump Uses

type TokensDump struct {
    Tokens []TokenInfo `json:"tokens"`
}

TokensDump stores information about all generated tokens.

Directories

PathSynopsis
mock
server
test
test/failure_sts_token_fetch
test/proxy_cached_sts_token
test/renew_sts_token
test/server_cached_short_lived_sts_token
test/server_cached_sts_token
test/sts_fetch_timeout
test/success_sts
tokenmanager
tokenmanager/google
tokenmanager/google/mock

Package stsservice imports 1 packages (graph) and is imported by 4 packages. Updated 2020-03-28. Refresh now. Tools for package owners.