djpbessems/ContainerImage.Pinniped
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
91cf439b31
ContainerImage.Pinniped/internal/oidc
History
Ryan Richard 0bb2c7beb7 Always add the azp claim to ID tokens to show the original client ID 
When the token exchange grant type is used to get a cluster-scoped
ID token, the returned token has a new audience value. The client ID
of the client which performed the authorization was lost. This didn't
matter before, since the only client was `pinniped-cli`, but now that
dynamic clients can be registered, the information would be lost in the
cluster-scoped ID token. It could be useful for logging, tracing, or
auditing, so preserve the information by putting the client ID into the
`azp` claim in every ID token (authcode exchange, clsuter-scoped, and
refreshed ID tokens).
2022-08-09 16:07:23 -07:00
..
auth Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00
callback Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00
clientregistry Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
csrftoken Add some trivial unit tests to internal/oidc/csrftoken. 2021-02-02 09:38:17 -06:00
discovery Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
downstreamsession Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00
dynamiccodec internal/oidc/dynamiccodec: loosen test to reduce flakes 2020-12-11 11:49:27 -05:00
idpdiscovery Advertise browser_authcode flow in ldap idp discovery 2022-04-25 14:54:21 -07:00
jwks WIP: start to wire signing key into token handler 2020-12-03 15:37:25 -05:00
login Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00
oidcclientvalidator Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
provider Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
token Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00
dynamic_oauth2_hmac_strategy_test.go Add custom prefix to downstream access and refresh tokens and authcodes 2022-04-13 10:13:27 -07:00
dynamic_oauth2_hmac_strategy.go Add custom prefix to downstream access and refresh tokens and authcodes 2022-04-13 10:13:27 -07:00
dynamic_open_id_connect_ecdsa_strategy_test.go Implement upstream LDAP support in auth_handler.go 2021-04-08 17:28:01 -07:00
dynamic_open_id_connect_ecdsa_strategy.go Implement upstream LDAP support in auth_handler.go 2021-04-08 17:28:01 -07:00
kube_storage.go Add more unit tests for dynamic clients and enhance token exchange 2022-07-20 13:55:56 -07:00
nullstorage.go Add more unit tests for dynamic clients and enhance token exchange 2022-07-20 13:55:56 -07:00
oidc.go Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
token_exchange.go Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00