v0.1.21 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2024 License: Apache-2.0 Imports: 13 Imported by: 8




View Source
const GulfstreamAudience = "gulfstream"


This section is empty.


func Exchange added in v0.1.2

func Exchange(ctx context.Context, issuer, audience, idToken string, exchangerOptions ...ExchangerOption) (string, error)

Exchange performs an OIDC token exchange with the correct Exchanger based on the provided options.

func NewTokenSource

func NewTokenSource(ts oauth2.TokenSource, xchg Exchanger) oauth2.TokenSource

NewTokenSource creates an oauth2.TokenSource by wrapping another TokenSource in a Chainguard STS exchange brokered by the provided Exchanger.


type Exchanger

type Exchanger interface {
	// Exchange performs the actual token exchange, sending "token" to the
	// Chainguard issuer's STS interface, and receiving bytes or an error.
	Exchange(ctx context.Context, token string, opts ...ExchangerOption) (string, error)

	// Refresh exchanges a refresh token for a new access token and refresh token.
	Refresh(ctx context.Context, token string, opts ...ExchangerOption) (accessToken string, refreshToken string, err error)

Exchanger is an interface for exchanging a third-party token for a Chainguard token.

func New

func New(issuer, audience string, opts ...ExchangerOption) Exchanger

New creates a new Exchanger that works against the provided issuer's STS endpoint, and requests token with the specified audience. It's behavior can be further customized via optional ExchangerOption parameters.

type ExchangerOption

type ExchangerOption func(*options)

ExchangerOption is a way of customizing the behavior of the Exchanger constructed via New()

func WithCapabilities

func WithCapabilities(cap ...string) ExchangerOption

WithCapabilities sets the capabilities sent by the Exchanger.

func WithHTTP1Downgrade added in v0.1.2

func WithHTTP1Downgrade() ExchangerOption

WithHTTP1Downgrade signals Exchange to use HTTP1DowngradeExchanger in the STS exchange.

func WithIdentity

func WithIdentity(uid string) ExchangerOption

WithIdentity sets the the unique ID of the identity so that STS exchange can look up pre-stored verification keys without ambiguity

func WithScope

func WithScope(scope string) ExchangerOption

WithScope sets the scope parameter sent by the Exchanger.

Only one of cluster or scope may be set.

func WithUserAgent

func WithUserAgent(agent string) ExchangerOption

WithUserAgent sets the user agent sent by the Exchanger.

type HTTP1DowngradeExchanger

type HTTP1DowngradeExchanger struct {
	// contains filtered or unexported fields

func NewHTTP1DowngradeExchanger

func NewHTTP1DowngradeExchanger(issuer, audience string, opts ...ExchangerOption) *HTTP1DowngradeExchanger

func (*HTTP1DowngradeExchanger) Exchange

func (i *HTTP1DowngradeExchanger) Exchange(ctx context.Context, token string, opts ...ExchangerOption) (string, error)

func (*HTTP1DowngradeExchanger) Refresh added in v0.1.11

func (i *HTTP1DowngradeExchanger) Refresh(ctx context.Context, token string, opts ...ExchangerOption) (string, string, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL