update lib; add mytoken support

indigo-dc · Oct 5, 2022 · 245bd08 · 245bd08
1 parent 17c2e98
commit 245bd08
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 4 deletions.
diff --git a/go.mod b/go.mod
@@ -4,6 +4,7 @@ go 1.11
 
 require (
  github.com/adrg/xdg v0.4.0
- github.com/stretchr/testify v1.7.0
+ github.com/oidc-mytoken/api v0.8.0
+ github.com/stretchr/testify v1.8.0
  golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a
 )
diff --git a/go.sum b/go.sum
@@ -1,12 +1,18 @@
 github.com/adrg/xdg v0.4.0 h1:RzRqFcjH4nE5C6oTAxhBtoE2IRyjBSa62SCbyPidvls=
 github.com/adrg/xdg v0.4.0/go.mod h1:N6ag73EX4wyxeaoeHctc1mas01KZgsj5tYiAIwqJE/E=
-github.com/davecgh/go-spew v1.1.0 h1:ZDRjVQ15GmhC3fiQ8ni8+OwkZQO4DARzQgrnXU1Liz8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/oidc-mytoken/api v0.8.0 h1:V/8LyLcVtYX1xxj+r6KyShDYUhl1giHLPVB6dTZyQtk=
+github.com/oidc-mytoken/api v0.8.0/go.mod h1:DBIlUbaIgGlf607VZx8zFC97VR3WNN0kaMVO1AqyTdE=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a h1:kr2P4QFmQr29mSLA43kwrOcgcReGTfbE9N577tCTuBc=
 golang.org/x/crypto v0.0.0-20210513164829-c07d793c2f9a/go.mod h1:P+XmwS30IXTQdn5tA2iutPOUgjI07+tq3H3K9MVA1s8=
 golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg=
@@ -18,5 +24,6 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/liboidcagent.go b/liboidcagent.go
@@ -7,6 +7,7 @@ import (
  "time"
 
  "github.com/adrg/xdg"
+ mytoken "github.com/oidc-mytoken/api/v0"
 )
 
 // TokenResponse is a parsed response from the oidc-agent
@@ -19,6 +20,16 @@ type TokenResponse struct {
  ExpiresAt time.Time
 }
 
+// MytokenResponse is a parse response from the oidc-agent compatible with the struct from the mytoken api,
+// but with ExpiresAt set instead of ExpiresIn
+type MytokenResponse struct {
+ mytoken.MytokenResponse
+ OIDCIssuer string
+ MytokenIssuer string
+ // The time when the token expires
+ ExpiresAt time.Time
+}
+
 // TokenRequest is used to request an access token from the agent
 type TokenRequest struct {
  // ShortName that should be used (Can be omitted if IssuerURL is specified)
@@ -39,11 +50,27 @@ type TokenRequest struct {
  ApplicationHint string
 }
 
+// MytokenRequest is used to request a mytoken from the agent
+type MytokenRequest struct {
+ // ShortName that should be used
+ ShortName string
+ // A mytoken profile describing the properties of the requested mytoken
+ MytokenProfile string
+ // A string describing the requesting application (i.e. its name). It might
+ // be displayed to the user, if the request must be confirmed or an account
+ // configuration loaded.
+ ApplicationHint string
+}
+
 type tokenResponse struct {
  Token string `json:"access_token"`
  Issuer string `json:"issuer"`
  ExpiresAt int64 `json:"expires_at"`
 
+ mytoken.MytokenResponse
+ OIDCIssuer string `json:"oidc_issuer"`
+ MytokenIssuer string `json:"mytoken_issuer"`
+
  Status string `json:"status,omitempty"`
  Error string `json:"error,omitempty"`
  Help string `json:"info,omitempty"`
@@ -57,6 +84,7 @@ type tokenRequest struct {
  Audience string `json:"audience,omitempty"`
  ApplicationHint string `json:"application_hint,omitempty"`
  MinValidPeriod uint64 `json:"min_valid_period"`
+ MytokenProfile string `json:"mytoken_profile"`
 }
 
 func (c *agentConnection) parseTokenResponse(rawResponse tokenResponse) (res TokenResponse, err error) {
@@ -83,6 +111,31 @@ func (c *agentConnection) parseTokenResponse(rawResponse tokenResponse) (res Tok
  return
 }
 
+func (c *agentConnection) parseMytokenResponse(rawResponse tokenResponse) (res MytokenResponse, err error) {
+ if rawResponse.Error != "" {
+ err = OIDCAgentError{
+ err: rawResponse.Error,
+ help: rawResponse.Help,
+ remote: c.Socket.Remote,
+ }
+ return
+ }
+ if rawResponse.Status == "failure" {
+ err = OIDCAgentError{
+ err: "unknown error",
+ remote: c.Socket.Remote,
+ }
+ return
+ }
+ res = MytokenResponse{
+ MytokenResponse: rawResponse.MytokenResponse,
+ OIDCIssuer: rawResponse.OIDCIssuer,
+ MytokenIssuer: rawResponse.MytokenIssuer,
+ ExpiresAt: time.Unix(rawResponse.ExpiresAt, 0),
+ }
+ return
+}
+
 // GetTokenResponse gets a TokenResponse
 func GetTokenResponse(req TokenRequest) (resp TokenResponse, err error) {
  if req.ShortName == "" && req.IssuerURL == "" {
@@ -120,6 +173,40 @@ func GetAccessToken(req TokenRequest) (string, error) {
  return res.Token, err
 }
 
+// GetMytokenResponse gets a mytoken response from the agent
+func GetMytokenResponse(req MytokenRequest) (resp MytokenResponse, err error) {
+ if req.ShortName == "" {
+ err = OIDCAgentError{err: "'Shortname' not provided"}
+ return
+ }
+ conn, err := newEncryptedConn()
+ if err != nil {
+ return
+ }
+ defer conn.close()
+
+ rawReq := tokenRequest{
+ Request: "mytoken",
+ AccountName: req.ShortName,
+ MytokenProfile: req.MytokenProfile,
+ ApplicationHint: req.ApplicationHint,
+ }
+ var rawResp tokenResponse
+ err = conn.sendJSONRequest(rawReq, &rawResp)
+ if err != nil {
+ return
+ }
+
+ resp, err = conn.parseMytokenResponse(rawResp)
+ return
+}
+
+// GetMytoken gets an mytoken
+func GetMytoken(req MytokenRequest) (string, error) {
+ res, err := GetMytokenResponse(req)
+ return res.Mytoken, err
+}
+
 func getLoadedAccounts() (accountNames []string, err error) {
  conn, err := newEncryptedConn()
  if err != nil {