tokencache

package
v1.0.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2024 License: BSD-3-Clause Imports: 19 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func TokenSource 

func TokenSource(src oidc.TokenSource, issuer, audience string, opts ...TokenSourceOpt) oidc.TokenSource

TokenSource wraps an oidc.TokenSource, caching the token results locally so they survive cross-process execution. The result of BestCredentialCache is used for the cache, this can be overridden with the WithCache option. Items are stored in the cache keyed by their issuer and audience, WithScopes and WithACRValues can be used to further refine the keying where differentiation is required on these values.

Types

type CredentialCache 

type CredentialCache interface {
	// Get returns a token from cache for the given issuer, clientID, scopes
	// and ACR values. Cache misses are _not_ considered an error, so a
	// cache miss will be returned as `(nil, nil)`
	Get(issuer string, clientID string, scopes []string, acrValues []string) (*oidc.Token, error)
	// Set sets a token in the cache for the given issuer, clientID, scopes
	// and ACR values.
	Set(issuer string, clientID string, scopes []string, acrValues []string, token *oidc.Token) error
	// Available returns true if the credential cache is supported on this
	// platform or environment.
	Available() bool
}

CredentialCache is capable of caching and retrieving OpenID Connect tokens. At this time, CredentialCache implementations are not required to be goroutine safe. Code that uses a CredentialCache should synchronize access to the caches if goroutine safety is needed.

func BestCredentialCache 

func BestCredentialCache() CredentialCache

BestCredentialCache returns the most preferred available credential client for the platform and environment.

type EncryptedFileCredentialCache 

type EncryptedFileCredentialCache struct {
	// Dir is the path where encrypted cache files will be stored.
	// If empty, defaults to ~/.oidc-cache/
	Dir string

	// PassphrasePromptFunc is a function that prompts the user to enter a
	// passphrase used to encrypt and decrypt a file.
	PassphrasePromptFunc
}

func (*EncryptedFileCredentialCache) Available 

func (e *EncryptedFileCredentialCache) Available() bool

func (*EncryptedFileCredentialCache) Get 

func (e *EncryptedFileCredentialCache) Get(issuer string, clientID string, scopes []string, acrValues []string) (*oidc.Token, error)

func (*EncryptedFileCredentialCache) Set 

func (e *EncryptedFileCredentialCache) Set(issuer string, clientID string, scopes []string, acrValues []string, token *oidc.Token) error

type KeychainCredentialCache 

type KeychainCredentialCache struct{}

func (*KeychainCredentialCache) Available 

func (k *KeychainCredentialCache) Available() bool

func (*KeychainCredentialCache) Get 

func (k *KeychainCredentialCache) Get(issuer string, clientID string, scopes []string, acrValues []string) (*oidc.Token, error)

func (*KeychainCredentialCache) Set 

func (k *KeychainCredentialCache) Set(issuer string, clientID string, scopes []string, acrValues []string, token *oidc.Token) error

type MemoryWriteThroughCredentialCache 

type MemoryWriteThroughCredentialCache struct {
	CredentialCache
	// contains filtered or unexported fields
}

MemoryWriteThroughCredentialCache is a write-through cache for another underlying CredentialCache. If a credential has been previously requested from the underlying store, it is read from memory the next time it is requested.

MemoryWriteThroughCredentialCache is useful when the underlying store requires user input (e.g., a passphrase) or is otherwise expensive.

func (*MemoryWriteThroughCredentialCache) Available 

func (c *MemoryWriteThroughCredentialCache) Available() bool

func (*MemoryWriteThroughCredentialCache) Get 

func (c *MemoryWriteThroughCredentialCache) Get(issuer string, clientID string, scopes []string, acrValues []string) (*oidc.Token, error)

func (*MemoryWriteThroughCredentialCache) Set 

func (c *MemoryWriteThroughCredentialCache) Set(issuer string, clientID string, scopes []string, acrValues []string, token *oidc.Token) error

type NullCredentialCache 

type NullCredentialCache struct{}

NullCredentialCache will not cache tokens. Used it to opt out of caching.

func (*NullCredentialCache) Available 

func (c *NullCredentialCache) Available() bool

func (*NullCredentialCache) Get 

func (c *NullCredentialCache) Get(issuer string, clientID string, scopes []string, acrValues []string) (*oidc.Token, error)

func (*NullCredentialCache) Set 

func (c *NullCredentialCache) Set(issuer string, clientID string, scopes []string, acrValues []string, token *oidc.Token) error

type PassphrasePromptFunc 

type PassphrasePromptFunc func(prompt string) (passphrase string, err error)

type TokenSourceOpt 

type TokenSourceOpt func(*cachingTokenSource)

func WithACRValues 

func WithACRValues(acrValues []string) TokenSourceOpt

WithACRValues keys the cache with the ACR values. Used where tokens of different ACR values are tracked.

func WithCache 

func WithCache(cc CredentialCache) TokenSourceOpt

WithCache uses the passed cache

func WithRefreshClient 

func WithRefreshClient(client *oidc.Client) TokenSourceOpt

WithRefreshClient will add a configured client to the source. This will be used to fetch a new token if the cached token is expired and has a RefreshToken

func WithScopes 

func WithScopes(scopes []string) TokenSourceOpt

WithScopes keys the cache with the additional scopes. Used where tokens need to be differed for different scopes.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.