Documentation ¶
Overview ¶
Package clientregistry defines Pinniped's OAuth2/OIDC clients.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct {
fosite.DefaultOpenIDConnectClient
}
Client represents a Pinniped OAuth/OIDC client. It can be the static pinniped-cli client or a dynamic client defined by an OIDCClient CR.
func PinnipedCLI ¶
func PinnipedCLI() *Client
PinnipedCLI returns the static Client corresponding to the Pinniped CLI.
func (*Client) GetResponseModes ¶
func (c *Client) GetResponseModes() []fosite.ResponseModeType
type ClientManager ¶ added in v0.20.0
type ClientManager struct {
// contains filtered or unexported fields
}
ClientManager is a fosite.ClientManager with a statically-defined client and with dynamically-defined clients.
func NewClientManager ¶ added in v0.20.0
func NewClientManager( oidcClientsClient supervisorclient.OIDCClientInterface, storage *oidcclientsecretstorage.OIDCClientSecretStorage, minBcryptCost int, ) *ClientManager
func (*ClientManager) ClientAssertionJWTValid ¶ added in v0.20.0
func (*ClientManager) ClientAssertionJWTValid(ctx context.Context, jti string) error
ClientAssertionJWTValid returns an error if the JTI is known or the DB check failed and nil if the JTI is not known.
This functionality is not supported by the ClientManager.
func (*ClientManager) GetClient ¶ added in v0.20.0
GetClient returns the client specified by the given ID.
It returns a fosite.ErrNotFound if an unknown client is specified. Other errors returned are plain errors, because fosite will wrap them into a new ErrInvalidClient error and use the plain error's text as that error's debug message (see client_authentication.go in fosite).
func (*ClientManager) SetClientAssertionJWT ¶ added in v0.20.0
SetClientAssertionJWT marks a JTI as known for the given expiry time. Before inserting the new JTI, it will clean up any existing JTIs that have expired as those tokens can not be replayed due to the expiry.
This functionality is not supported by the ClientManager.