Documentation ¶
Overview ¶
Package clientregistry defines Pinniped's OAuth2/OIDC clients.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Client ¶
type Client struct { fosite.DefaultOpenIDConnectClient // Optionally provide a lifetime for ID tokens that result from authcode exchanges (initial logins) // and refresh grants for this specific client. This will not impact the lifetime of ID tokens created // via RFC8693 token exchange. When zero, the ID token lifetime will be determined by the defaults // for the FederationDomain. IDTokenLifetimeConfiguration time.Duration }
Client represents a Pinniped OAuth/OIDC client. It can be the static pinniped-cli client or a dynamic client defined by an OIDCClient CR.
func PinnipedCLI ¶
func PinnipedCLI() *Client
PinnipedCLI returns the static Client corresponding to the Pinniped CLI.
func (*Client) GetIDTokenLifetimeConfiguration ¶ added in v0.30.0
func (*Client) GetResponseModes ¶
func (c *Client) GetResponseModes() []fosite.ResponseModeType
type ClientManager ¶
type ClientManager struct {
// contains filtered or unexported fields
}
ClientManager is a fosite.ClientManager with a statically-defined client and with dynamically-defined clients.
func NewClientManager ¶
func NewClientManager( oidcClientsClient supervisorclient.OIDCClientInterface, storage *oidcclientsecretstorage.OIDCClientSecretStorage, minBcryptCost int, ) *ClientManager
func (*ClientManager) ClientAssertionJWTValid ¶
func (*ClientManager) ClientAssertionJWTValid(_ctx context.Context, _jti string) error
ClientAssertionJWTValid returns an error if the JTI is known or the DB check failed and nil if the JTI is not known.
This functionality is not supported by the ClientManager.
func (*ClientManager) GetClient ¶
GetClient returns the client specified by the given ID.
It returns a fosite.ErrNotFound if an unknown client is specified. Other errors returned are plain errors, because fosite will wrap them into a new ErrInvalidClient error and use the plain error's text as that error's debug message (see client_authentication.go in fosite).
func (*ClientManager) SetClientAssertionJWT ¶
func (*ClientManager) SetClientAssertionJWT(_ctx context.Context, _jti string, _exp time.Time) error
SetClientAssertionJWT marks a JTI as known for the given expiry time. Before inserting the new JTI, it will clean up any existing JTIs that have expired as those tokens can not be replayed due to the expiry.
This functionality is not supported by the ClientManager.