pop

package
v0.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 23, 2024 License: MIT Imports: 15 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AcquirePoPTokenByUsernamePassword added in v0.1.1

func AcquirePoPTokenByUsernamePassword(
	context context.Context,
	popClaims map[string]string,
	scopes []string,
	authority,
	clientID,
	username,
	password string,
	options *azcore.ClientOptions,
) (string, int64, error)

AcquirePoPTokenByUsernamePassword acquires a PoP token using MSAL's username/password login flow This flow does not require user interaction as credentials have already been provided

func AcquirePoPTokenConfidential

func AcquirePoPTokenConfidential(
	context context.Context,
	popClaims map[string]string,
	scopes []string,
	cred confidential.Credential,
	authority,
	clientID,
	tenantID string,
	options *azcore.ClientOptions,
) (string, int64, error)

AcquirePoPTokenConfidential acquires a PoP token using MSAL's confidential login flow. This flow does not require user interaction as the credentials for the request have already been provided

func AcquirePoPTokenInteractive

func AcquirePoPTokenInteractive(
	context context.Context,
	popClaims map[string]string,
	scopes []string,
	authority,
	clientID string,
	options *azcore.ClientOptions,
) (string, int64, error)

AcquirePoPTokenInteractive acquires a PoP token using MSAL's interactive login flow. Requires user to authenticate via browser

func GetSwPoPKey

func GetSwPoPKey() (*swKey, error)

GetSwPoPKey generates a new PoP key that rotates every 8 hours and returns it

func GetSwPoPKeyWithRSAKey

func GetSwPoPKeyWithRSAKey(rsaKey *rsa.PrivateKey) (*swKey, error)

Types

type PoPAuthenticationScheme

type PoPAuthenticationScheme struct {
	// host is the u claim we will add on the pop token
	Host   string
	PoPKey PoPKey
}

PoPAuthenticationScheme is a PoP token implementation of the MSAL AuthenticationScheme interface used by the Azure Arc Platform team. This implementation will only use the passed-in u-claim (representing the ARM ID of the cluster/host); other claims passed in during a PoP token request will be disregarded

func (*PoPAuthenticationScheme) AccessTokenType

func (as *PoPAuthenticationScheme) AccessTokenType() string

AccessTokenType returns the PoP access token type

func (*PoPAuthenticationScheme) FormatAccessToken

func (as *PoPAuthenticationScheme) FormatAccessToken(accessToken string) (string, error)

FormatAccessToken takes an access token, formats it as a PoP token, and returns it as a base-64 encoded string

func (*PoPAuthenticationScheme) FormatAccessTokenWithOptions

func (as *PoPAuthenticationScheme) FormatAccessTokenWithOptions(accessToken, nonce string, timestamp int64) (string, error)

FormatAccessTokenWithOptions takes an access token, nonce, and timestamp, formats the token as a PoP token containing the given fields, and returns it as a base-64 encoded string

func (*PoPAuthenticationScheme) KeyID

func (as *PoPAuthenticationScheme) KeyID() string

KeyID returns the key used to sign the PoP token

func (*PoPAuthenticationScheme) TokenRequestParams

func (as *PoPAuthenticationScheme) TokenRequestParams() map[string]string

TokenRequestParams returns the params to use when sending a request for a PoP token

type PoPKey

type PoPKey interface {
	// encryption/signature algo
	Alg() string
	// kid
	KeyID() string
	// jwk that can be embedded in JWT w/ PoP token's cnf claim
	JWK() string
	// https://tools.ietf.org/html/rfc7638 compliant jwk thumbprint
	JWKThumbprint() string
	// req_cnf claim that can be included in access token request to AAD
	ReqCnf() string
	// sign payload using private key
	Sign([]byte) ([]byte, error)
}

PoPKey is a generic interface for PoP key properties and methods

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL