Documentation
¶
Index ¶
- Constants
- func Exchange(ctx context.Context, issuer, audience, idToken string, ...) (string, error)
- func NewTokenSource(ts oauth2.TokenSource, xchg Exchanger) oauth2.TokenSource
- type Exchanger
- type ExchangerOption
- func WithCapabilities(cap ...string) ExchangerOption
- func WithCluster(cluster string) ExchangerOption
- func WithHTTP1Downgrade() ExchangerOption
- func WithIdentity(uid string) ExchangerOption
- func WithIncludeUpstreamToken() ExchangerOption
- func WithScope(scope string) ExchangerOption
- func WithUserAgent(agent string) ExchangerOption
- type HTTP1DowngradeExchanger
Constants ¶
const GulfstreamAudience = "gulfstream"
Variables ¶
This section is empty.
Functions ¶
func Exchange ¶ added in v0.1.2
func Exchange(ctx context.Context, issuer, audience, idToken string, exchangerOptions ...ExchangerOption) (string, error)
Exchange performs an OIDC token exchange with the correct Exchanger based on the provided options.
func NewTokenSource ¶
func NewTokenSource(ts oauth2.TokenSource, xchg Exchanger) oauth2.TokenSource
NewTokenSource creates an oauth2.TokenSource by wrapping another TokenSource in a Chainguard STS exchange brokered by the provided Exchanger.
Types ¶
type Exchanger ¶
type Exchanger interface {
// Exchange performs the actual token exchange, sending "token" to the
// Chainguard issuer's STS interface, and receiving bytes or an error.
Exchange(ctx context.Context, token string, opts ...ExchangerOption) (string, error)
// Refresh exchanges a refresh token for a new access token and refresh token.
Refresh(ctx context.Context, token string, opts ...ExchangerOption) (accessToken string, refreshToken string, err error)
}
Exchanger is an interface for exchanging a third-party token for a Chainguard token.
func New ¶
func New(issuer, audience string, opts ...ExchangerOption) Exchanger
New creates a new Exchanger that works against the provided issuer's STS endpoint, and requests token with the specified audience. It's behavior can be further customized via optional ExchangerOption parameters.
type ExchangerOption ¶
type ExchangerOption func(*options)
ExchangerOption is a way of customizing the behavior of the Exchanger constructed via New()
func WithCapabilities ¶
func WithCapabilities(cap ...string) ExchangerOption
WithCapabilities sets the capabilities sent by the Exchanger.
func WithCluster ¶
func WithCluster(cluster string) ExchangerOption
WithCluster sets the cluster parameter sent by the Exchanger.
Only one of cluster or scope may be set.
func WithHTTP1Downgrade ¶ added in v0.1.2
func WithHTTP1Downgrade() ExchangerOption
WithHTTP1Downgrade signals Exchange to use HTTP1DowngradeExchanger in the STS exchange.
func WithIdentity ¶
func WithIdentity(uid string) ExchangerOption
WithIdentity sets the the unique ID of the identity so that STS exchange can look up pre-stored verification keys without ambiguity
func WithIncludeUpstreamToken ¶
func WithIncludeUpstreamToken() ExchangerOption
WithIncludeUpstreamToken requests that the upstream token be included in the returned STS token.
func WithScope ¶
func WithScope(scope string) ExchangerOption
WithScope sets the scope parameter sent by the Exchanger.
Only one of cluster or scope may be set.
func WithUserAgent ¶
func WithUserAgent(agent string) ExchangerOption
WithUserAgent sets the user agent sent by the Exchanger.
type HTTP1DowngradeExchanger ¶
type HTTP1DowngradeExchanger struct {
// contains filtered or unexported fields
}
func NewHTTP1DowngradeExchanger ¶
func NewHTTP1DowngradeExchanger(issuer, audience string, opts ...ExchangerOption) *HTTP1DowngradeExchanger
func (*HTTP1DowngradeExchanger) Exchange ¶
func (i *HTTP1DowngradeExchanger) Exchange(ctx context.Context, token string, opts ...ExchangerOption) (string, error)
func (*HTTP1DowngradeExchanger) Refresh ¶ added in v0.1.11
func (i *HTTP1DowngradeExchanger) Refresh(ctx context.Context, token string, opts ...ExchangerOption) (string, string, error)
Source Files