package oidc
import "k8s.io/apiserver/plugin/pkg/authenticator/token/oidc"
oidc implements the authenticator.Token interface using the OpenID Connect protocol.
config := oidc.Options{
IssuerURL: "https://accounts.google.com",
ClientID: os.Getenv("GOOGLE_CLIENT_ID"),
UsernameClaim: "email",
}
tokenAuthenticator, err := oidc.New(config)
Index ¶
- type Authenticator
- func New(opts Options) (*Authenticator, error)
- func (a *Authenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error)
- func (a *Authenticator) Close()
- type CAContentProvider
- type Options
Types ¶
type Authenticator ¶
type Authenticator struct {
// contains filtered or unexported fields
}
func New ¶
func New(opts Options) (*Authenticator, error)
func (*Authenticator) AuthenticateToken ¶
func (a *Authenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error)
func (*Authenticator) Close ¶
func (a *Authenticator) Close()
type CAContentProvider ¶
type CAContentProvider interface {
CurrentCABundleContent() []byte
}
Subset of dynamiccertificates.CAContentProvider that can be used to dynamically load root CAs.
type Options ¶
type Options struct {
// JWTAuthenticator is the authenticator that will be used to verify the JWT.
JWTAuthenticator apiserver.JWTAuthenticator
// Optional KeySet to allow for synchronous initialization instead of fetching from the remote issuer.
KeySet oidc.KeySet
// PEM encoded root certificate contents of the provider. Mutually exclusive with Client.
CAContentProvider CAContentProvider
// Optional http.Client used to make all requests to the remote issuer. Mutually exclusive with CAContentProvider.
Client *http.Client
// SupportedSigningAlgs sets the accepted set of JOSE signing algorithms that
// can be used by the provider to sign tokens.
//
// https://tools.ietf.org/html/rfc7518#section-3.1
//
// This value defaults to RS256, the value recommended by the OpenID Connect
// spec:
//
// https://openid.net/specs/openid-connect-core-1_0.html#IDTokenValidation
SupportedSigningAlgs []string
// contains filtered or unexported fields
}
Source Files ¶
oidc.go
- Version
- v0.29.0-rc.2
- Published
- Dec 8, 2023
- Platform
- js/wasm
- Imports
- 28 packages
- Last checked
- 1 second ago –
Tools for package owners.