Documentation
¶
Index ¶
- func WithFulcioAndDeviceAuthorizationGrantOIDC(fulcioURL *url.URL, oidcIssuerURL *url.URL, ...) internal.Option
- func WithFulcioAndInteractiveOIDC(fulcioURL *url.URL, oidcIssuerURL *url.URL, ...) internal.Option
- func WithFulcioAndPreexistingOIDCIDToken(fulcioURL *url.URL, oidcIDToken string) internal.Option
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WithFulcioAndDeviceAuthorizationGrantOIDC ¶
func WithFulcioAndDeviceAuthorizationGrantOIDC(fulcioURL *url.URL, oidcIssuerURL *url.URL, oidcClientID, oidcClientSecret string, interactiveOutput io.Writer) internal.Option
WithFulcioAndDeviceAuthorizationGrantOIDC sets up signing to use a short-lived key and a Fulcio-issued certificate based on an OIDC ID token obtained using a device authorization grant (RFC 8628).
interactiveOutput must be directly accessible to a human user in real time (i.e. not be just a log file).
func WithFulcioAndInteractiveOIDC ¶
func WithFulcioAndInteractiveOIDC(fulcioURL *url.URL, oidcIssuerURL *url.URL, oidcClientID, oidcClientSecret string, interactiveInput io.Reader, interactiveOutput io.Writer) internal.Option
WithFulcioAndInterativeOIDC sets up signing to use a short-lived key and a Fulcio-issued certificate based on an interactively-obtained OIDC ID token. The token is obtained
- directly using a browser, listening on localhost, automatically opening a browser to the OIDC issuer, to be redirected on localhost. (I.e. the current environment must allow launching a browser that connect back to the current process; either or both may be impossible in a container or a remote VM).
- or by instructing the user to manually open a browser, obtain the OIDC code, and interactively input it as text.
interactiveInput and interactiveOutput must both be directly operable by a human user in real time (i.e. not be just a log file).
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.