aboutsummaryrefslogtreecommitdiffstats
path: root/kube2msb/src/vendor/github.com/coreos/go-oidc/oidc/transport.go
diff options
context:
space:
mode:
Diffstat (limited to 'kube2msb/src/vendor/github.com/coreos/go-oidc/oidc/transport.go')
-rw-r--r--kube2msb/src/vendor/github.com/coreos/go-oidc/oidc/transport.go88
1 files changed, 0 insertions, 88 deletions
diff --git a/kube2msb/src/vendor/github.com/coreos/go-oidc/oidc/transport.go b/kube2msb/src/vendor/github.com/coreos/go-oidc/oidc/transport.go
deleted file mode 100644
index 61c926d..0000000
--- a/kube2msb/src/vendor/github.com/coreos/go-oidc/oidc/transport.go
+++ /dev/null
@@ -1,88 +0,0 @@
-package oidc
-
-import (
- "fmt"
- "net/http"
- "sync"
-
- phttp "github.com/coreos/go-oidc/http"
- "github.com/coreos/go-oidc/jose"
-)
-
-type TokenRefresher interface {
- // Verify checks if the provided token is currently valid or not.
- Verify(jose.JWT) error
-
- // Refresh attempts to authenticate and retrieve a new token.
- Refresh() (jose.JWT, error)
-}
-
-type ClientCredsTokenRefresher struct {
- Issuer string
- OIDCClient *Client
-}
-
-func (c *ClientCredsTokenRefresher) Verify(jwt jose.JWT) (err error) {
- _, err = VerifyClientClaims(jwt, c.Issuer)
- return
-}
-
-func (c *ClientCredsTokenRefresher) Refresh() (jwt jose.JWT, err error) {
- if err = c.OIDCClient.Healthy(); err != nil {
- err = fmt.Errorf("unable to authenticate, unhealthy OIDC client: %v", err)
- return
- }
-
- jwt, err = c.OIDCClient.ClientCredsToken([]string{"openid"})
- if err != nil {
- err = fmt.Errorf("unable to verify auth code with issuer: %v", err)
- return
- }
-
- return
-}
-
-type AuthenticatedTransport struct {
- TokenRefresher
- http.RoundTripper
-
- mu sync.Mutex
- jwt jose.JWT
-}
-
-func (t *AuthenticatedTransport) verifiedJWT() (jose.JWT, error) {
- t.mu.Lock()
- defer t.mu.Unlock()
-
- if t.TokenRefresher.Verify(t.jwt) == nil {
- return t.jwt, nil
- }
-
- jwt, err := t.TokenRefresher.Refresh()
- if err != nil {
- return jose.JWT{}, fmt.Errorf("unable to acquire valid JWT: %v", err)
- }
-
- t.jwt = jwt
- return t.jwt, nil
-}
-
-// SetJWT sets the JWT held by the Transport.
-// This is useful for cases in which you want to set an initial JWT.
-func (t *AuthenticatedTransport) SetJWT(jwt jose.JWT) {
- t.mu.Lock()
- defer t.mu.Unlock()
-
- t.jwt = jwt
-}
-
-func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error) {
- jwt, err := t.verifiedJWT()
- if err != nil {
- return nil, err
- }
-
- req := phttp.CopyRequest(r)
- req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", jwt.Encode()))
- return t.RoundTripper.RoundTrip(req)
-}