rfc8693

package

v0.0.4 Latest Latest Go to latest Published: Feb 17, 2023 License: Apache-2.0 Imports: 15 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/infratographer/identity-api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package rfc8693 contains types and functions for an RFC 8693 Token Exchange service.

Package rfc8693 implements the token exchange grant type per RFC 8693.

Index ¶

Constants
Variables
type ClaimMappingStrategy
- func NewClaimMappingStrategy(issuerSvc types.IssuerService) ClaimMappingStrategy
- func (m ClaimMappingStrategy) MapClaims(ctx context.Context, claims *jwt.JWTClaims) (jwt.JWTClaimsContainer, error)
type ErrorMissingClaim
- func (e *ErrorMissingClaim) Error() string
type TokenExchangeHandler
- func NewTokenExchangeHandler(config fositex.OAuth2Configurator, strategy oauth2.AccessTokenStrategy, ...) *TokenExchangeHandler

Constants ¶

View Source

const (
	// GrantTypeTokenExchange is the grant type for token exchange per RFC 8693.
	GrantTypeTokenExchange = "urn:ietf:params:oauth:grant-type:token-exchange"
	// TokenTypeJWT is the token type for JWT per RFC 8693.
	TokenTypeJWT = "urn:ietf:params:oauth:token-type:jwt"
	// ParamSubjectToken is the OAuth 2.0 request parameter for the subject token.
	ParamSubjectToken = "subject_token"
	// ParamSubjectTokenType is the OAuth 2.0 request parameter for the subject token type.
	ParamSubjectTokenType = "subject_token_type"
	// ParamActorToken is the OAuth 2.0 request parameter for the actor token.
	ParamActorToken = "actor_token"
	// ParamActorTokenType is the OAuth 2.0 request parameter for the actor token type.
	ParamActorTokenType = "actor_token_type"
	// ClaimClientID is the claim for the client ID.
	ClaimClientID = "client_id"
	// SubjectPrefix is the prefix added to the beginning of a token before the userID.
	SubjectPrefix = "urn:infratographer:user"
)

Variables ¶

View Source

var (
	// ErrorMissingSub represents an error where the 'sub' claim is missing from the input claims.
	ErrorMissingSub = &ErrorMissingClaim{
		claim: "sub",
	}

	// ErrorMissingIss represents an error where the 'iss' claim is missing from the input claims.
	ErrorMissingIss = &ErrorMissingClaim{
		claim: "iss",
	}
)

View Source

var (
	// ErrJWKSURIStrategyNotDefined is returned when the issuer JWKS URI strategy is not defined.
	ErrJWKSURIStrategyNotDefined = errors.New("no issuer JWKS URI strategy defined")
)

Functions ¶

This section is empty.

Types ¶

type ClaimMappingStrategy ¶

type ClaimMappingStrategy struct {
	// contains filtered or unexported fields
}

ClaimMappingStrategy represents a mapping from external identity claims to identity-api claims.

func NewClaimMappingStrategy ¶

func NewClaimMappingStrategy(issuerSvc types.IssuerService) ClaimMappingStrategy

NewClaimMappingStrategy creates a ClaimMappingStrategy given an issuer service.

func (ClaimMappingStrategy) MapClaims ¶

func (m ClaimMappingStrategy) MapClaims(ctx context.Context, claims *jwt.JWTClaims) (jwt.JWTClaimsContainer, error)

MapClaims consumes a set of JWT claims and produces a new set of mapped claims.

type ErrorMissingClaim ¶

type ErrorMissingClaim struct {
	// contains filtered or unexported fields
}

ErrorMissingClaim represents an error where a required claim is missing.

func (*ErrorMissingClaim) Error ¶

func (e *ErrorMissingClaim) Error() string

type TokenExchangeHandler ¶

type TokenExchangeHandler struct {
	// contains filtered or unexported fields
}

TokenExchangeHandler contains the logic for the token exchange grant type. it implements the fosite.TokenEndpointHandler interface.

func NewTokenExchangeHandler ¶

func NewTokenExchangeHandler(config fositex.OAuth2Configurator, strategy oauth2.AccessTokenStrategy, storage oauth2.AccessTokenStorage) *TokenExchangeHandler

NewTokenExchangeHandler creates a new TokenExchangeHandler.

func (*TokenExchangeHandler) CanHandleTokenEndpointRequest ¶

func (s *TokenExchangeHandler) CanHandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) bool

CanHandleTokenEndpointRequest returns true if the grant type is token exchange.

func (*TokenExchangeHandler) CanSkipClientAuth ¶

func (s *TokenExchangeHandler) CanSkipClientAuth(ctx context.Context, requester fosite.AccessRequester) bool

CanSkipClientAuth is currently not supported by this handler. It returns false.

func (*TokenExchangeHandler) HandleTokenEndpointRequest ¶

func (s *TokenExchangeHandler) HandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) error

HandleTokenEndpointRequest handles a RFC 8693 token request and provides a response that can be used to generate a token. Currently only supports JWT subject tokens and impersonation semantics.

func (*TokenExchangeHandler) PopulateTokenEndpointResponse ¶

func (s *TokenExchangeHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error

PopulateTokenEndpointResponse populates the response with a token.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL