djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2d3e53e6ac
ContainerImage.Pinniped/internal/oidc/dynamic_global_secret_config.go
Ryan Richard e1a0367b03 Upgrade project Go dependencies 
Most of the changes in this commit are because of these fosite PRs
which changed behavior and/or APIs in fosite:
- https://github.com/ory/fosite/pull/667
- https://github.com/ory/fosite/pull/679 (from me!)
- https://github.com/ory/fosite/pull/675
- https://github.com/ory/fosite/pull/688

Due to the changes in fosite PR #688, we need to bump our storage
version for anything which stores the DefaultSession struct as JSON.
2022-12-14 08:47:16 -08:00

64 lines
2.0 KiB
Go
Raw Blame History

// Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
package oidc
import (
"context"
"hash"
"time"
"github.com/ory/fosite"
"github.com/ory/fosite/compose"
)
// DynamicGlobalSecretConfig is a wrapper around fosite.Config which allows us to always return dynamic secrets,
// since those secrets can change at any time when they are loaded or reloaded by our controllers.
type DynamicGlobalSecretConfig struct {
fositeConfig *fosite.Config
keyFunc func() []byte
}
var _ compose.HMACSHAStrategyConfigurator = &DynamicGlobalSecretConfig{}
func NewDynamicGlobalSecretConfig(
fositeConfig *fosite.Config,
keyFunc func() []byte,
) *DynamicGlobalSecretConfig {
return &DynamicGlobalSecretConfig{
fositeConfig: fositeConfig,
keyFunc: keyFunc,
}
}
func (d *DynamicGlobalSecretConfig) GetAccessTokenLifespan(ctx context.Context) time.Duration {
return d.fositeConfig.GetAccessTokenLifespan(ctx)
}
func (d *DynamicGlobalSecretConfig) GetRefreshTokenLifespan(ctx context.Context) time.Duration {
return d.fositeConfig.GetRefreshTokenLifespan(ctx)
}
func (d *DynamicGlobalSecretConfig) GetAuthorizeCodeLifespan(ctx context.Context) time.Duration {
return d.fositeConfig.GetAuthorizeCodeLifespan(ctx)
}
func (d *DynamicGlobalSecretConfig) GetTokenEntropy(ctx context.Context) int {
return d.fositeConfig.GetTokenEntropy(ctx)
}
func (d *DynamicGlobalSecretConfig) GetHMACHasher(ctx context.Context) func() hash.Hash {
return d.fositeConfig.GetHMACHasher(ctx)
}
func (d *DynamicGlobalSecretConfig) GetGlobalSecret(ctx context.Context) ([]byte, error) {
// Always call keyFunc() without ever caching its value, because that is the whole point
// of this type. We want the global secret to be dynamic.
return d.keyFunc(), nil
}
func (d *DynamicGlobalSecretConfig) GetRotatedGlobalSecrets(ctx context.Context) ([][]byte, error) {
// We don't support having multiple global secrets yet, but when we do we will need to implement this.
return nil, nil
}
Reference in New Issue View Git Blame Copy Permalink