Skip to content

Commit

Permalink
update lib; add mytoken support
Browse files Browse the repository at this point in the history
  • Loading branch information
zachmann committed Oct 5, 2022
1 parent 17c2e98 commit 245bd08
Show file tree
Hide file tree
Showing 3 changed files with 99 additions and 4 deletions.
3 changes: 2 additions & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ go 1.11

require (
github.com/adrg/xdg v0.4.0
github.com/stretchr/testify v1.7.0
github.com/oidc-mytoken/api v0.8.0
github.com/stretchr/testify v1.8.0
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
)
13 changes: 10 additions & 3 deletions go.sum
Original file line number Diff line number Diff line change
@@ -1,12 +1,18 @@
github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E=
github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/oidc-mytoken/api v0.8.0 h1:V/8LyLcVtYX1xxj+r6KyShDYUhl1giHLPVB6dTZyQtk=
github.com/oidc-mytoken/api v0.8.0/go.mod h1:DBIlUbaIgGlf607VZx8zFC97VR3WNN0kaMVO1AqyTdE=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
Expand All @@ -18,5 +24,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
87 changes: 87 additions & 0 deletions liboidcagent.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ import (
"time"

"github.com/adrg/xdg"
mytoken "github.com/oidc-mytoken/api/v0"
)

// TokenResponse is a parsed response from the oidc-agent
Expand All @@ -19,6 +20,16 @@ type TokenResponse struct {
ExpiresAt time.Time
}

// MytokenResponse is a parse response from the oidc-agent compatible with the struct from the mytoken api,
// but with ExpiresAt set instead of ExpiresIn
type MytokenResponse struct {
mytoken.MytokenResponse
OIDCIssuer string
MytokenIssuer string
// The time when the token expires
ExpiresAt time.Time
}

// TokenRequest is used to request an access token from the agent
type TokenRequest struct {
// ShortName that should be used (Can be omitted if IssuerURL is specified)
Expand All @@ -39,11 +50,27 @@ type TokenRequest struct {
ApplicationHint string
}

// MytokenRequest is used to request a mytoken from the agent
type MytokenRequest struct {
// ShortName that should be used
ShortName string
// A mytoken profile describing the properties of the requested mytoken
MytokenProfile string
// A string describing the requesting application (i.e. its name). It might
// be displayed to the user, if the request must be confirmed or an account
// configuration loaded.
ApplicationHint string
}

type tokenResponse struct {
Token string `json:"access_token"`
Issuer string `json:"issuer"`
ExpiresAt int64 `json:"expires_at"`

mytoken.MytokenResponse
OIDCIssuer string `json:"oidc_issuer"`
MytokenIssuer string `json:"mytoken_issuer"`

Status string `json:"status,omitempty"`
Error string `json:"error,omitempty"`
Help string `json:"info,omitempty"`
Expand All @@ -57,6 +84,7 @@ type tokenRequest struct {
Audience string `json:"audience,omitempty"`
ApplicationHint string `json:"application_hint,omitempty"`
MinValidPeriod uint64 `json:"min_valid_period"`
MytokenProfile string `json:"mytoken_profile"`
}

func (c *agentConnection) parseTokenResponse(rawResponse tokenResponse) (res TokenResponse, err error) {
Expand All @@ -83,6 +111,31 @@ func (c *agentConnection) parseTokenResponse(rawResponse tokenResponse) (res Tok
return
}

func (c *agentConnection) parseMytokenResponse(rawResponse tokenResponse) (res MytokenResponse, err error) {
if rawResponse.Error != "" {
err = OIDCAgentError{
err: rawResponse.Error,
help: rawResponse.Help,
remote: c.Socket.Remote,
}
return
}
if rawResponse.Status == "failure" {
err = OIDCAgentError{
err: "unknown error",
remote: c.Socket.Remote,
}
return
}
res = MytokenResponse{
MytokenResponse: rawResponse.MytokenResponse,
OIDCIssuer: rawResponse.OIDCIssuer,
MytokenIssuer: rawResponse.MytokenIssuer,
ExpiresAt: time.Unix(rawResponse.ExpiresAt, 0),
}
return
}

// GetTokenResponse gets a TokenResponse
func GetTokenResponse(req TokenRequest) (resp TokenResponse, err error) {
if req.ShortName == "" && req.IssuerURL == "" {
Expand Down Expand Up @@ -120,6 +173,40 @@ func GetAccessToken(req TokenRequest) (string, error) {
return res.Token, err
}

// GetMytokenResponse gets a mytoken response from the agent
func GetMytokenResponse(req MytokenRequest) (resp MytokenResponse, err error) {
if req.ShortName == "" {
err = OIDCAgentError{err: "'Shortname' not provided"}
return
}
conn, err := newEncryptedConn()
if err != nil {
return
}
defer conn.close()

rawReq := tokenRequest{
Request: "mytoken",
AccountName: req.ShortName,
MytokenProfile: req.MytokenProfile,
ApplicationHint: req.ApplicationHint,
}
var rawResp tokenResponse
err = conn.sendJSONRequest(rawReq, &rawResp)
if err != nil {
return
}

resp, err = conn.parseMytokenResponse(rawResp)
return
}

// GetMytoken gets an mytoken
func GetMytoken(req MytokenRequest) (string, error) {
res, err := GetMytokenResponse(req)
return res.Mytoken, err
}

func getLoadedAccounts() (accountNames []string, err error) {
conn, err := newEncryptedConn()
if err != nil {
Expand Down

0 comments on commit 245bd08

Please sign in to comment.