strategy

package

v0.36.0 Latest Latest Go to latest Published: Dec 9, 2024 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/vmware-tanzu/pinniped

Documentation ¶

Index ¶

type DynamicOauth2HMACStrategy
- func NewDynamicOauth2HMACStrategy(fositeConfig *fosite.Config, keyFunc func() []byte) *DynamicOauth2HMACStrategy
type DynamicOpenIDConnectECDSAStrategy
- func NewDynamicOpenIDConnectECDSAStrategy(fositeConfig *fosite.Config, jwksProvider jwks.DynamicJWKSProvider) *DynamicOpenIDConnectECDSAStrategy
- func (s *DynamicOpenIDConnectECDSAStrategy) GenerateIDToken(ctx context.Context, lifespan time.Duration, requester fosite.Requester) (string, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type DynamicOauth2HMACStrategy ¶

type DynamicOauth2HMACStrategy struct {
	// contains filtered or unexported fields
}

DynamicOauth2HMACStrategy is an oauth2.CoreStrategy that can dynamically load an HMAC key to sign stuff (access tokens, refresh tokens, and auth codes). We want this dynamic capability since our controllers for loading FederationDomain's and signing keys run in parallel, and thus the signing key might not be ready when an FederationDomain is otherwise ready.

If we ever update FederationDomain's to hold their signing key, we might not need this type, since we could have an invariant that routes to an FederationDomain's endpoints are only wired up if an FederationDomain has a valid signing key.

Tokens start with a custom prefix to make them identifiable as tokens when seen by a user out of context, such as when accidentally committed to a GitHub repo. After we implemented the custom prefix feature, fosite later added the same feature, but did not make the prefix customizable. Therefore, this code has been updated to replace the fosite prefix with our custom prefix.

func NewDynamicOauth2HMACStrategy ¶

func NewDynamicOauth2HMACStrategy(
	fositeConfig *fosite.Config,
	keyFunc func() []byte,
) *DynamicOauth2HMACStrategy

func (*DynamicOauth2HMACStrategy) AccessTokenSignature ¶

func (s *DynamicOauth2HMACStrategy) AccessTokenSignature(ctx context.Context, token string) string

func (*DynamicOauth2HMACStrategy) AuthorizeCodeSignature ¶

func (s *DynamicOauth2HMACStrategy) AuthorizeCodeSignature(ctx context.Context, token string) string

func (*DynamicOauth2HMACStrategy) GenerateAccessToken ¶

func (s *DynamicOauth2HMACStrategy) GenerateAccessToken(
	ctx context.Context,
	requester fosite.Requester,
) (string, string, error)

func (*DynamicOauth2HMACStrategy) GenerateAuthorizeCode ¶

func (s *DynamicOauth2HMACStrategy) GenerateAuthorizeCode(
	ctx context.Context,
	requester fosite.Requester,
) (string, string, error)

func (*DynamicOauth2HMACStrategy) GenerateRefreshToken ¶

func (s *DynamicOauth2HMACStrategy) GenerateRefreshToken(
	ctx context.Context,
	requester fosite.Requester,
) (string, string, error)

func (*DynamicOauth2HMACStrategy) RefreshTokenSignature ¶

func (s *DynamicOauth2HMACStrategy) RefreshTokenSignature(ctx context.Context, token string) string

func (*DynamicOauth2HMACStrategy) ValidateAccessToken ¶

func (s *DynamicOauth2HMACStrategy) ValidateAccessToken(
	ctx context.Context,
	requester fosite.Requester,
	token string,
) error

func (*DynamicOauth2HMACStrategy) ValidateAuthorizeCode ¶

func (s *DynamicOauth2HMACStrategy) ValidateAuthorizeCode(
	ctx context.Context,
	requester fosite.Requester,
	token string,
) error

func (*DynamicOauth2HMACStrategy) ValidateRefreshToken ¶

func (s *DynamicOauth2HMACStrategy) ValidateRefreshToken(
	ctx context.Context,
	requester fosite.Requester,
	token string,
) error

type DynamicOpenIDConnectECDSAStrategy ¶

type DynamicOpenIDConnectECDSAStrategy struct {
	// contains filtered or unexported fields
}

DynamicOpenIDConnectECDSAStrategy is an openid.OpenIDConnectTokenStrategy that can dynamically load a signing key to issue ID tokens. We want this dynamic capability since our controllers for loading FederationDomain's and signing keys run in parallel, and thus the signing key might not be ready when an FederationDomain is otherwise ready.

If we ever update FederationDomain's to hold their signing key, we might not need this type, since we could have an invariant that routes to an FederationDomain's endpoints are only wired up if an FederationDomain has a valid signing key.

func NewDynamicOpenIDConnectECDSAStrategy ¶

func NewDynamicOpenIDConnectECDSAStrategy(
	fositeConfig *fosite.Config,
	jwksProvider jwks.DynamicJWKSProvider,
) *DynamicOpenIDConnectECDSAStrategy

func (*DynamicOpenIDConnectECDSAStrategy) GenerateIDToken ¶

func (s *DynamicOpenIDConnectECDSAStrategy) GenerateIDToken(
	ctx context.Context,
	lifespan time.Duration,
	requester fosite.Requester,
) (string, error)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL