golang-github-coreos-go-oidc-dev 0.0~git20151022.0.e9c0807-1 / usr / share / gocode / src / github.com / coreos / go-oidc / oidc / transport.go

This file is indexed.

/usr/share/gocode/src/github.com/coreos/go-oidc/oidc/transport.go is in golang-github-coreos-go-oidc-dev 0.0~git20151022.0.e9c0807-1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
package oidc

import (
	"fmt"
	"net/http"
	"sync"

	phttp "github.com/coreos/go-oidc/http"
	"github.com/coreos/go-oidc/jose"
)

type TokenRefresher interface {
	// Verify checks if the provided token is currently valid or not.
	Verify(jose.JWT) error

	// Refresh attempts to authenticate and retrieve a new token.
	Refresh() (jose.JWT, error)
}

type ClientCredsTokenRefresher struct {
	Issuer     string
	OIDCClient *Client
}

func (c *ClientCredsTokenRefresher) Verify(jwt jose.JWT) (err error) {
	_, err = VerifyClientClaims(jwt, c.Issuer)
	return
}

func (c *ClientCredsTokenRefresher) Refresh() (jwt jose.JWT, err error) {
	if err = c.OIDCClient.Healthy(); err != nil {
		err = fmt.Errorf("unable to authenticate, unhealthy OIDC client: %v", err)
		return
	}

	jwt, err = c.OIDCClient.ClientCredsToken([]string{"openid"})
	if err != nil {
		err = fmt.Errorf("unable to verify auth code with issuer: %v", err)
		return
	}

	return
}

type AuthenticatedTransport struct {
	TokenRefresher
	http.RoundTripper

	mu  sync.Mutex
	jwt jose.JWT
}

func (t *AuthenticatedTransport) verifiedJWT() (jose.JWT, error) {
	t.mu.Lock()
	defer t.mu.Unlock()

	if t.TokenRefresher.Verify(t.jwt) == nil {
		return t.jwt, nil
	}

	jwt, err := t.TokenRefresher.Refresh()
	if err != nil {
		return jose.JWT{}, fmt.Errorf("unable to acquire valid JWT: %v", err)
	}

	t.jwt = jwt
	return t.jwt, nil
}

func (t *AuthenticatedTransport) RoundTrip(r *http.Request) (*http.Response, error) {
	jwt, err := t.verifiedJWT()
	if err != nil {
		return nil, err
	}

	req := phttp.CopyRequest(r)
	req.Header.Set("Authorization", fmt.Sprintf("Bearer %s", jwt.Encode()))
	return t.RoundTripper.RoundTrip(req)
}

APT Browse - Built by Thomas Orozco.