ContainerImage.Pinniped/internal/testutil
Ryan Richard 0bb2c7beb7 Always add the azp claim to ID tokens to show the original client ID
When the token exchange grant type is used to get a cluster-scoped
ID token, the returned token has a new audience value. The client ID
of the client which performed the authorization was lost. This didn't
matter before, since the only client was `pinniped-cli`, but now that
dynamic clients can be registered, the information would be lost in the
cluster-scoped ID token. It could be useful for logging, tracing, or
auditing, so preserve the information by putting the client ID into the
`azp` claim in every ID token (authcode exchange, clsuter-scoped, and
refreshed ID tokens).
2022-08-09 16:07:23 -07:00
..
fakekubeapi Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 2022-03-08 12:28:09 -08:00
oidctestutil Always add the azp claim to ID tokens to show the original client ID 2022-08-09 16:07:23 -07:00
testlogger Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
tlsserver Remove duplication in secure TLS tests 2022-04-01 10:56:38 -04:00
assertions.go Add more unit tests for dynamic clients and enhance token exchange 2022-07-20 13:55:56 -07:00
certs.go certauthority.go: Refactor issuing client versus server certs 2021-03-12 16:09:37 -08:00
crypto.go Cleanup code via TODOs accumulated during token endpoint work 2020-12-04 10:09:42 -05:00
delete.go Merge branch 'main' into upstream_access_revocation_during_gc 2022-01-14 10:49:22 -08:00
doc.go Allow multiple Pinnipeds to work on same cluster 2021-02-02 15:18:41 -08:00
ioutil.go WIP: add supervisor upstream flags to pinniped get kubeconfig 2021-04-30 14:28:03 -07:00
kube_server_compatibility.go Fix TestOIDCClientStaticValidation on old servers 2022-06-17 09:04:03 -04:00
loginhtml.go Add LDAP browser flow login failure tests to supervisor_login_test.go 2022-05-10 16:28:08 -07:00
observable_with_informer_option.go Add Go vanity import paths. 2020-09-18 14:56:24 -05:00
observable_with_initial_event_option.go kubecertagent: use initial event for when key can't be found 2020-09-24 16:54:20 -04:00
oidcclient_test.go Add more unit tests for dynamic clients and enhance token exchange 2022-07-20 13:55:56 -07:00
oidcclient.go Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
oidcclientsecretstorage.go Allow dynamic clients to be used in downstream OIDC flows 2022-07-14 09:51:11 -07:00
psession.go Create username scope, required for clients to get username in ID token 2022-08-08 16:29:22 -07:00
roundtrip.go internal/groupsuffix: mutate TokenCredentialRequest's Authenticator 2021-02-10 15:53:44 -05:00
tempdir_go1.14.go Update to github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2 2022-03-08 12:28:09 -08:00
tempdir.go Tweak some stdlib usage so we compile under Go 1.14. 2020-11-30 10:11:41 -06:00
tlsserver.go Force the use of secure TLS config 2021-11-17 16:55:35 -05:00
transcript_logger.go Switch to go.uber.org/zap for JSON formatted logging 2022-05-24 11:17:42 -04:00
x509_error.go Error format of untrusted certificate errors should depend on OS 2022-04-14 17:37:36 -07:00