cdbc4fbe20
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. oidc authentication: switch to v2 of coreos/go-oidc Switch to v2 of [coreos/go-oidc](https://github.com/coreos/go-oidc), which uses square/go-jose to verify tokens and supports more signing algorithms. Most of this PR removes dependencies used by the older version of github.com/coreos/go-oidc, and updates vendor files. This PR has been tested against tokens issued by Okta, Google, and CoreOS's dex. Closes https://github.com/kubernetes/kubernetes/issues/57806 ```release-note kube-apiserver: the OpenID Connect authenticator can now verify ID Tokens signed with JOSE algorithms other than RS256 through the --oidc-signing-algs flag. kube-apiserver: the OpenID Connect authenticator no longer accepts tokens from the Google v3 token APIs, users must switch to the "https://www.googleapis.com/oauth2/v4/token" endpoint. ``` cc @rithujohn191 @liggitt cc @kubernetes/sig-auth-pr-reviews |
||
|---|---|---|
| .. | ||
| admission | ||
| authenticator | ||
| authorizer | ||
| options | ||
| server | ||
| BUILD | ||
| default_storage_factory_builder.go | ||
| doc.go | ||
| OWNERS | ||