auth

package

v1.10.1 Latest Latest Go to latest Published: Dec 28, 2024 License: Apache-2.0 Imports: 7 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/upbound/up-sdk-go

Documentation ¶

Index ¶

Constants
type Client
- func NewClient(cfg *up.Config) *Client
- func (c *Client) GetOrgScopedToken(ctx context.Context, org, token string) (*TokenExchangeResponse, error)
type TokenExchangeResponse

Constants ¶

View Source

const (
	// ScopeOrganizationsPrefix is the required prefix for an upbound
	// organization scope.
	ScopeOrganizationsPrefix = "upbound:org:"

	// ContentTypeFormURLEncoded is the form URL content type accepted by the
	// auth service.
	ContentTypeFormURLEncoded = "application/x-www-form-urlencoded"

	// APIGroupAuth is the resource group for auth requests.
	APIGroupAuth = "tokenexchange.upbound.io"

	// APIGroupAuthVersion is the resource version for auth requests.
	APIGroupAuthVersion = "v1alpha1"
)

View Source

const (
	// AudienceSpacesAPI is the scope for accessing a space itself.
	AudienceSpacesAPI = "upbound:spaces:api"

	// AudienceSpacesControlPlanes is the scope for accessing control planes
	// within the space.
	AudienceSpacesControlPlanes = "upbound:spaces:controlplanes"
)

View Source

const (
	// ParamGrantType specifies which type of authorization type is being
	// granted.
	ParamGrantType = "grant_type"

	// ParamAudience specifies which (possibly multiple) audiences should be
	// granted in an exchange.
	ParamAudience = "audience"

	// ParamScope specifies the scope of the grant for the given token, such as
	// an organization.
	ParamScope = "scope"

	// ParamSubjectToken is the subject up for exchange, such as a session
	// token.
	ParamSubjectToken = "subject_token"

	// ParamSubjectTokenType is the type of the subject being used for the
	// exchange.
	ParamSubjectTokenType = "subject_token_type"
)

View Source

const (
	// GrantTypeTokenExchange means that the grant_type specifies a token exchange flow
	// ref: https://datatracker.ietf.org/doc/html/rfc8693#section-2.1
	GrantTypeTokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange"

	// TokenTypeIDToken means a token type that is OIDC-compliant
	// ref: https://datatracker.ietf.org/doc/html/rfc8693#TokenTypeIdentifiers
	TokenTypeIDToken = "urn:ietf:params:oauth:token-type:id_token"
)

View Source

const (
	// DefaultBaseURL is default URL for all auth calls
	DefaultBaseURL = "https://auth.upbound.io/"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Client ¶

type Client struct {
	*up.Config
}

Client is a tokenexchange client.

func NewClient ¶

func NewClient(cfg *up.Config) *Client

NewClient builds a tokenexchange client from the passed config.

func (*Client) GetOrgScopedToken ¶

func (c *Client) GetOrgScopedToken(ctx context.Context, org, token string) (*TokenExchangeResponse, error)

GetOrgScopedToken returns a token scoped to a specific organization on Upbound, which can be used with spaces and control planes.

type TokenExchangeResponse ¶

type TokenExchangeResponse struct {
	AccessToken     string `json:"access_token"`
	IssuedTokenType string `json:"issued_token_type"`
	TokenType       string `json:"token_type"`
	ExpiresIn       int    `json:"expires_in"`
}

TokenExchangeResponse defines the response from the server when completing a successful token exchange request

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL