oidc

package

v0.31.0-alpha.0 Latest Latest Go to latest Published: Mar 27, 2024 License: Apache-2.0 Imports: 34 Imported by: 44

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/kubernetes/apiserver

Documentation ¶

Overview ¶

oidc implements the authenticator.Token interface using the OpenID Connect protocol.

config := oidc.Options{
	IssuerURL:     "https://accounts.google.com",
	ClientID:      os.Getenv("GOOGLE_CLIENT_ID"),
	UsernameClaim: "email",
}
tokenAuthenticator, err := oidc.New(config)

Index ¶

func AllValidSigningAlgorithms() []string
func RegisterMetrics()
type AuthenticatorTokenWithHealthCheck
- func New(lifecycleCtx context.Context, opts Options) (AuthenticatorTokenWithHealthCheck, error)
type CAContentProvider
type Options

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func AllValidSigningAlgorithms ¶ added in v0.30.0

func AllValidSigningAlgorithms() []string

func RegisterMetrics ¶ added in v0.30.0

func RegisterMetrics()

Types ¶

type AuthenticatorTokenWithHealthCheck ¶ added in v0.30.0

type AuthenticatorTokenWithHealthCheck interface {
	authenticator.Token
	HealthCheck() error
}

func New ¶

func New(lifecycleCtx context.Context, opts Options) (AuthenticatorTokenWithHealthCheck, error)

New returns an authenticator that is asynchronously initialized when opts.KeySet is not set. The input lifecycleCtx is used to: - terminate background goroutines that are needed for asynchronous initialization - as the base context for any requests that are made (i.e. for key fetching) Thus, once the lifecycleCtx is canceled, the authenticator must not be used. A caller may check if the authenticator is healthy by calling the HealthCheck method.

type CAContentProvider ¶ added in v0.22.0

type CAContentProvider interface {
	CurrentCABundleContent() []byte
}

Subset of dynamiccertificates.CAContentProvider that can be used to dynamically load root CAs.

type Options ¶

type Options struct {
	// JWTAuthenticator is the authenticator that will be used to verify the JWT.
	JWTAuthenticator apiserver.JWTAuthenticator

	// Optional KeySet to allow for synchronous initialization instead of fetching from the remote issuer.
	// Mutually exclusive with JWTAuthenticator.Issuer.DiscoveryURL.
	KeySet oidc.KeySet

	// PEM encoded root certificate contents of the provider.  Mutually exclusive with Client.
	CAContentProvider CAContentProvider

	// Optional http.Client used to make all requests to the remote issuer.  Mutually exclusive with CAContentProvider.
	Client *http.Client

	// SupportedSigningAlgs sets the accepted set of JOSE signing algorithms that
	// can be used by the provider to sign tokens.
	//
	// https://tools.ietf.org/html/rfc7518#section-3.1
	//
	// This value defaults to RS256, the value recommended by the OpenID Connect
	// spec:
	//
	// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
	SupportedSigningAlgs []string

	DisallowedIssuers []string
	// contains filtered or unexported fields
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL