github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update github.com/coreos/go-oidc

Browse Source
This commit is contained in:
Bobby Rullo
2016-05-04 09:47:11 -07:00
parent a6812d18a5
commit 82bdf9051c
9 changed files with 65 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Godeps/Godeps.json generated
View File

@@ -485,23 +485,23 @@
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/http", "ImportPath": "github.com/coreos/go-oidc/http",
"Rev": "d7cb66526fffc811d602b6770581064f4b66b507" "Rev": "5cf2aa52da8c574d3aa4458f471ad6ae2240fe6b"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/jose", "ImportPath": "github.com/coreos/go-oidc/jose",
"Rev": "d7cb66526fffc811d602b6770581064f4b66b507" "Rev": "5cf2aa52da8c574d3aa4458f471ad6ae2240fe6b"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/key", "ImportPath": "github.com/coreos/go-oidc/key",
"Rev": "d7cb66526fffc811d602b6770581064f4b66b507" "Rev": "5cf2aa52da8c574d3aa4458f471ad6ae2240fe6b"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oauth2", "ImportPath": "github.com/coreos/go-oidc/oauth2",
"Rev": "d7cb66526fffc811d602b6770581064f4b66b507" "Rev": "5cf2aa52da8c574d3aa4458f471ad6ae2240fe6b"
}, },
{ {
"ImportPath": "github.com/coreos/go-oidc/oidc", "ImportPath": "github.com/coreos/go-oidc/oidc",
"Rev": "d7cb66526fffc811d602b6770581064f4b66b507" "Rev": "5cf2aa52da8c574d3aa4458f471ad6ae2240fe6b"
}, },
{ {
"ImportPath": "github.com/coreos/go-semver/semver", "ImportPath": "github.com/coreos/go-semver/semver",

3
vendor/github.com/coreos/go-oidc/jose/sig.go generated vendored
View File

@@ -2,7 +2,6 @@ package jose
import ( import (
"fmt" "fmt"
"strings"
) )
type Verifier interface { type Verifier interface {
@@ -17,7 +16,7 @@ type Signer interface {
} }
func NewVerifier(jwk JWK) (Verifier, error) { func NewVerifier(jwk JWK) (Verifier, error) {
if strings.ToUpper(jwk.Type) != "RSA" { if jwk.Type != "RSA" {
return nil, fmt.Errorf("unsupported key type %q", jwk.Type) return nil, fmt.Errorf("unsupported key type %q", jwk.Type)
} }

3
vendor/github.com/coreos/go-oidc/jose/sig_hmac.go generated vendored
View File

@@ -7,7 +7,6 @@ import (
_ "crypto/sha256" _ "crypto/sha256"
"errors" "errors"
"fmt" "fmt"
"strings"
) )
type VerifierHMAC struct { type VerifierHMAC struct {
@@ -21,7 +20,7 @@ type SignerHMAC struct {
} }
func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) { func NewVerifierHMAC(jwk JWK) (*VerifierHMAC, error) {
if strings.ToUpper(jwk.Alg) != "HS256" { if jwk.Alg != "" && jwk.Alg != "HS256" {
return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg) return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
} }

3
vendor/github.com/coreos/go-oidc/jose/sig_rsa.go generated vendored
View File

@@ -5,7 +5,6 @@ import (
"crypto/rand" "crypto/rand"
"crypto/rsa" "crypto/rsa"
"fmt" "fmt"
"strings"
) )
type VerifierRSA struct { type VerifierRSA struct {
@@ -20,7 +19,7 @@ type SignerRSA struct {
} }
func NewVerifierRSA(jwk JWK) (*VerifierRSA, error) { func NewVerifierRSA(jwk JWK) (*VerifierRSA, error) {
if strings.ToUpper(jwk.Alg) != "RS256" { if jwk.Alg != "" && jwk.Alg != "RS256" {
return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg) return nil, fmt.Errorf("unsupported key algorithm %q", jwk.Alg)
} }

2
vendor/github.com/coreos/go-oidc/key/key.go generated vendored
View File

@@ -20,7 +20,7 @@ type PublicKey struct {
} }
func (k *PublicKey) MarshalJSON() ([]byte, error) { func (k *PublicKey) MarshalJSON() ([]byte, error) {
return json.Marshal(k.jwk) return json.Marshal(&k.jwk)
} }
func (k *PublicKey) UnmarshalJSON(data []byte) error { func (k *PublicKey) UnmarshalJSON(data []byte) error {

30
vendor/github.com/coreos/go-oidc/oauth2/oauth2.go generated vendored
View File

@@ -56,6 +56,7 @@ const (
const ( const (
GrantTypeAuthCode = "authorization_code" GrantTypeAuthCode = "authorization_code"
GrantTypeClientCreds = "client_credentials" GrantTypeClientCreds = "client_credentials"
GrantTypeUserCreds = "password"
GrantTypeImplicit = "implicit" GrantTypeImplicit = "implicit"
GrantTypeRefreshToken = "refresh_token" GrantTypeRefreshToken = "refresh_token"
@@ -140,6 +141,11 @@ func NewClient(hc phttp.Client, cfg Config) (c *Client, err error) {
return return
} }
// Return the embedded HTTP client
func (c *Client) HttpClient() phttp.Client {
return c.hc
}
// Generate the url for initial redirect to oauth provider. // Generate the url for initial redirect to oauth provider.
func (c *Client) AuthCodeURL(state, accessType, prompt string) string { func (c *Client) AuthCodeURL(state, accessType, prompt string) string {
v := c.commonURLValues() v := c.commonURLValues()
@@ -220,6 +226,30 @@ func (c *Client) ClientCredsToken(scope []string) (result TokenResponse, err err
return parseTokenResponse(resp) return parseTokenResponse(resp)
} }
// UserCredsToken posts the username and password to obtain a token scoped to the OAuth2 client via the "password" grant_type
// May not be supported by all OAuth2 servers.
func (c *Client) UserCredsToken(username, password string) (result TokenResponse, err error) {
v := url.Values{
"scope": {strings.Join(c.scope, " ")},
"grant_type": {GrantTypeUserCreds},
"username": {username},
"password": {password},
}
req, err := c.newAuthenticatedRequest(c.tokenURL.String(), v)
if err != nil {
return
}
resp, err := c.hc.Do(req)
if err != nil {
return
}
defer resp.Body.Close()
return parseTokenResponse(resp)
}
// RequestToken requests a token from the Token Endpoint with the specified grantType. // RequestToken requests a token from the Token Endpoint with the specified grantType.
// If 'grantType' == GrantTypeAuthCode, then 'value' should be the authorization code. // If 'grantType' == GrantTypeAuthCode, then 'value' should be the authorization code.
// If 'grantType' == GrantTypeRefreshToken, then 'value' should be the refresh token. // If 'grantType' == GrantTypeRefreshToken, then 'value' should be the refresh token.

12
vendor/github.com/coreos/go-oidc/oidc/key.go generated vendored
View File

@@ -11,6 +11,11 @@ import (
"github.com/coreos/go-oidc/key" "github.com/coreos/go-oidc/key"
) )
// DefaultPublicKeySetTTL is the default TTL set on the PublicKeySet if no
// Cache-Control header is provided by the JWK Set document endpoint.
const DefaultPublicKeySetTTL = 24 * time.Hour
// NewRemotePublicKeyRepo is responsible for fetching the JWK Set document.
func NewRemotePublicKeyRepo(hc phttp.Client, ep string) *remotePublicKeyRepo { func NewRemotePublicKeyRepo(hc phttp.Client, ep string) *remotePublicKeyRepo {
return &remotePublicKeyRepo{hc: hc, ep: ep} return &remotePublicKeyRepo{hc: hc, ep: ep}
} }
@@ -20,6 +25,11 @@ type remotePublicKeyRepo struct {
ep string ep string
} }
// Get returns a PublicKeySet fetched from the JWK Set document endpoint. A TTL
// is set on the Key Set to avoid it having to be re-retrieved for every
// encryption event. This TTL is typically controlled by the endpoint returning
// a Cache-Control header, but defaults to 24 hours if no Cache-Control header
// is found.
func (r *remotePublicKeyRepo) Get() (key.KeySet, error) { func (r *remotePublicKeyRepo) Get() (key.KeySet, error) {
req, err := http.NewRequest("GET", r.ep, nil) req, err := http.NewRequest("GET", r.ep, nil)
if err != nil { if err != nil {
@@ -48,7 +58,7 @@ func (r *remotePublicKeyRepo) Get() (key.KeySet, error) {
return nil, err return nil, err
} }
if !ok { if !ok {
return nil, errors.New("HTTP cache headers not set") ttl = DefaultPublicKeySetTTL
} }
exp := time.Now().UTC().Add(ttl) exp := time.Now().UTC().Add(ttl)

7
vendor/github.com/coreos/go-oidc/oidc/provider.go generated vendored
View File

@@ -6,6 +6,7 @@ import (
"fmt" "fmt"
"net/http" "net/http"
"net/url" "net/url"
"strings"
"sync" "sync"
"time" "time"
@@ -618,7 +619,11 @@ func NewHTTPProviderConfigGetter(hc phttp.Client, issuerURL string) *httpProvide
} }
func (r *httpProviderConfigGetter) Get() (cfg ProviderConfig, err error) { func (r *httpProviderConfigGetter) Get() (cfg ProviderConfig, err error) {
req, err := http.NewRequest("GET", r.issuerURL+discoveryConfigPath, nil) // If the Issuer value contains a path component, any terminating / MUST be removed before
// appending /.well-known/openid-configuration.
// https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationRequest
discoveryURL := strings.TrimSuffix(r.issuerURL, "/") + discoveryConfigPath
req, err := http.NewRequest("GET", discoveryURL, nil)
if err != nil { if err != nil {
return return
} }

9
vendor/github.com/coreos/go-oidc/oidc/transport.go generated vendored
View File

@@ -67,6 +67,15 @@ func (t *AuthenticatedTransport) verifiedJWT() (jose.JWT, error) {
return t.jwt, nil return t.jwt, nil
} }
// SetJWT sets the JWT held by the Transport.
// This is useful for cases in which you want to set an initial JWT.
func (t *AuthenticatedTransport) SetJWT(jwt jose.JWT) {
t.mu.Lock()
defer t.mu.Unlock()
t.jwt = jwt
}
func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error) { func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error) {
jwt, err := t.verifiedJWT() jwt, err := t.verifiedJWT()
if err != nil { if err != nil {