pop

package

v0.1.1 Latest Latest Go to latest Published: Feb 23, 2024 License: MIT Imports: 15 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Azure/kubelogin

Links

Open Source Insights

Documentation ¶

Index ¶

func AcquirePoPTokenByUsernamePassword(context context.Context, popClaims map[string]string, scopes []string, ...) (string, int64, error)
func AcquirePoPTokenConfidential(context context.Context, popClaims map[string]string, scopes []string, ...) (string, int64, error)
func AcquirePoPTokenInteractive(context context.Context, popClaims map[string]string, scopes []string, ...) (string, int64, error)
func GetSwPoPKey() (*swKey, error)
func GetSwPoPKeyWithRSAKey(rsaKey *rsa.PrivateKey) (*swKey, error)
type PoPAuthenticationScheme
type PoPKey

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AcquirePoPTokenByUsernamePassword ¶ added in v0.1.1

func AcquirePoPTokenByUsernamePassword(
	context context.Context,
	popClaims map[string]string,
	scopes []string,
	authority,
	clientID,
	username,
	password string,
	options *azcore.ClientOptions,
) (string, int64, error)

AcquirePoPTokenByUsernamePassword acquires a PoP token using MSAL's username/password login flow This flow does not require user interaction as credentials have already been provided

func AcquirePoPTokenConfidential ¶

func AcquirePoPTokenConfidential(
	context context.Context,
	popClaims map[string]string,
	scopes []string,
	cred confidential.Credential,
	authority,
	clientID,
	tenantID string,
	options *azcore.ClientOptions,
) (string, int64, error)

AcquirePoPTokenConfidential acquires a PoP token using MSAL's confidential login flow. This flow does not require user interaction as the credentials for the request have already been provided

func AcquirePoPTokenInteractive ¶

func AcquirePoPTokenInteractive(
	context context.Context,
	popClaims map[string]string,
	scopes []string,
	authority,
	clientID string,
	options *azcore.ClientOptions,
) (string, int64, error)

AcquirePoPTokenInteractive acquires a PoP token using MSAL's interactive login flow. Requires user to authenticate via browser

func GetSwPoPKey ¶

func GetSwPoPKey() (*swKey, error)

GetSwPoPKey generates a new PoP key that rotates every 8 hours and returns it

func GetSwPoPKeyWithRSAKey ¶

func GetSwPoPKeyWithRSAKey(rsaKey *rsa.PrivateKey) (*swKey, error)

Types ¶

type PoPAuthenticationScheme ¶

type PoPAuthenticationScheme struct {
	// host is the u claim we will add on the pop token
	Host   string
	PoPKey PoPKey
}

PoPAuthenticationScheme is a PoP token implementation of the MSAL AuthenticationScheme interface used by the Azure Arc Platform team. This implementation will only use the passed-in u-claim (representing the ARM ID of the cluster/host); other claims passed in during a PoP token request will be disregarded

func (*PoPAuthenticationScheme) AccessTokenType ¶

func (as *PoPAuthenticationScheme) AccessTokenType() string

AccessTokenType returns the PoP access token type

func (*PoPAuthenticationScheme) FormatAccessToken ¶

func (as *PoPAuthenticationScheme) FormatAccessToken(accessToken string) (string, error)

FormatAccessToken takes an access token, formats it as a PoP token, and returns it as a base-64 encoded string

func (*PoPAuthenticationScheme) FormatAccessTokenWithOptions ¶

func (as *PoPAuthenticationScheme) FormatAccessTokenWithOptions(accessToken, nonce string, timestamp int64) (string, error)

FormatAccessTokenWithOptions takes an access token, nonce, and timestamp, formats the token as a PoP token containing the given fields, and returns it as a base-64 encoded string

func (*PoPAuthenticationScheme) KeyID ¶

func (as *PoPAuthenticationScheme) KeyID() string

KeyID returns the key used to sign the PoP token

func (*PoPAuthenticationScheme) TokenRequestParams ¶

func (as *PoPAuthenticationScheme) TokenRequestParams() map[string]string

TokenRequestParams returns the params to use when sending a request for a PoP token

type PoPKey ¶

type PoPKey interface {
	// encryption/signature algo
	Alg() string
	// kid
	KeyID() string
	// jwk that can be embedded in JWT w/ PoP token's cnf claim
	JWK() string
	// https://tools.ietf.org/html/rfc7638 compliant jwk thumbprint
	JWKThumbprint() string
	// req_cnf claim that can be included in access token request to AAD
	ReqCnf() string
	// sign payload using private key
	Sign([]byte) ([]byte, error)
}

PoPKey is a generic interface for PoP key properties and methods

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL