Documentation
¶
Index ¶
- type AnonymousOAuthState
- type AuthenticatedOAuthState
- type Codec
- func (s *Codec) EncodeAnonymous(state *AnonymousOAuthState) (string, error)
- func (s *Codec) EncodeAuthenticated(state *AuthenticatedOAuthState) (string, error)
- func (s *Codec) ParseAnonymous(state string) (AnonymousOAuthState, error)
- func (s *Codec) ParseAuthenticated(state string) (AuthenticatedOAuthState, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AnonymousOAuthState ¶
type AnonymousOAuthState struct {
// TokenName is the name of the SPIAccessToken object for which we are initiating the OAuth flow
TokenName string `json:"tokenName"`
// TokenNamespace is the namespace of the SPIAccessToken object for which we are initiating the OAuth flow
TokenNamespace string `json:"tokenNamespace"`
// IssuedAt is the timestamp when the state was generated.
IssuedAt int64 `json:"issuedAt,omitempty"`
// Scopes is the list of the service-provider-specific scopes that we require in the service provider
Scopes []string `json:"scopes"`
// ServiceProviderType is the type of the service provider
ServiceProviderType config.ServiceProviderType `json:"serviceProviderType"`
// ServiceProviderUrl the URL where the service provider is to be reached
ServiceProviderUrl string `json:"serviceProviderUrl"`
}
AnonymousOAuthState is the state that is initially put to the OAuth URL by the operator. It does not hold the information about the user that initiated the OAuth flow because the operator most probably doesn't know the true identity of the initiating human. This state is put by the operator to the status of the SPIAccessToken and points to an endpoint in the OAuth service. OAuth service requires kubernetes authentication on this endpoint, enriches the state with identity of the user accessing the endpoint and redirects the caller once again to the actual service provider with the state that also contains the identity of the requesting caller.
type AuthenticatedOAuthState ¶
type AuthenticatedOAuthState struct {
AnonymousOAuthState
KubernetesIdentity user.DefaultInfo `json:"kubernetesIdentity"`
AuthorizationHeader string `json:"authorizationHeader"`
}
AuthenticatedOAuthState is the state passed by the OAuth service to the service provider. In addition to the data defined by the AnonymousOAuthState, it also includes the kubernetes identity of the caller as well as the actual authorization header provided by the caller. This then can be used after completing the OAuth flow to perform requests to the Kubernetes API in the name of the original caller.
type Codec ¶
type Codec struct {
// contains filtered or unexported fields
}
Codec is in charge of encoding and decoding the state passed through the OAuth flow as the state query parameter.
func NewCodec ¶
NewCodec creates a new codec using the secret used for signing the JWT tokens that represent the state in the query parameters. The signing is used to make it harder to forge malicious OAuth flow requests. We don't need to encrypt the state strings, because they don't contain any information that would not be obtainable from the requests initiating the OAuth flow.
func (*Codec) EncodeAnonymous ¶
func (s *Codec) EncodeAnonymous(state *AnonymousOAuthState) (string, error)
EncodeAnonymous encodes the anonymous state as a string to be passed as a query parameter to the OAuth flow initiating URL.
func (*Codec) EncodeAuthenticated ¶
func (s *Codec) EncodeAuthenticated(state *AuthenticatedOAuthState) (string, error)
EncodeAuthenticated encodes the `AuthenticatedOAuthState` as a string to be used as a state query parameter in the OAuth URL.
func (*Codec) ParseAnonymous ¶
func (s *Codec) ParseAnonymous(state string) (AnonymousOAuthState, error)
ParseAnonymous parses the state from the URL query parameter and returns the anonymous state struct.
func (*Codec) ParseAuthenticated ¶
func (s *Codec) ParseAuthenticated(state string) (AuthenticatedOAuthState, error)
ParseAuthenticated parses the string from the query parameter to an `AuthenticatedOAuthState` struct.
Source Files