Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Authn: Add common wrappers for identity and access tokens #25

Merged
merged 15 commits into from Apr 10, 2024
Merged

Authn: Add common wrappers for identity and access tokens #25

merged 15 commits into from Apr 10, 2024

Conversation

kalleep
Copy link
Contributor

@kalleep kalleep commented Apr 2, 2024

This add two wrappers around verifier with common use-cases we have.

One wrapper for extrating and validating grafana id tokens and one for access tokens. I also break the api on verify to include the expected typ of the token. We use at+jwt for access tokens and jwt for id tokens.

@kalleep kalleep requested a review from a team as a code owner April 2, 2024 14:28
kalleep
kalleep commented Apr 2, 2024
View reviewed changes
authn/extractor_access.go Outdated Show resolved Hide resolved
kalleep
kalleep commented Apr 2, 2024
View reviewed changes
authn/extractor_access.go Outdated Show resolved Hide resolved
cinaglia
cinaglia reviewed Apr 5, 2024
View reviewed changes
authn/verifier.go Outdated Show resolved Hide resolved
authn/verifier.go Outdated Show resolved Hide resolved
authn/extractor_access.go Outdated Show resolved Hide resolved
authn/extractor_access.go Outdated Show resolved Hide resolved
authn/verifier.go Outdated Show resolved Hide resolved
kalleep and others added 6 commits April 5, 2024 15:11
@kalleep @cinaglia
Update authn/verifier.go
19e5751 
Co-authored-by: Victor Cinaglia <victorcinaglia@gmail.com>
@kalleep @cinaglia
Update authn/verifier.go
44580e8 
Co-authored-by: Victor Cinaglia <victorcinaglia@gmail.com>
@kalleep
Some refactors
cdf0cf8
@kalleep
rename
4a7989a
@kalleep
Rename structures
af9cdc5
@kalleep
Fix naming
3324ec9
@kalleep
Copy link
Contributor Author

kalleep commented Apr 5, 2024

@cinaglia I refactor it quite a lot, now they are truly just convenient wrappers for access token and id token. They Instead return expected claims, so not doing anything with the audience.

I also moved the type to creation. I was thinking of adding it to config first but not sure it is needed from there. They annoying thing will be to sync these claims when we do changes. But the alternative would be that everyone that uses Verifier directly would have to do it themself. If these wrappers are used it would be done by upgrading the package

kalleep
kalleep commented Apr 5, 2024
View reviewed changes
authn/config.go
@@ -7,12 +7,12 @@ import (
"github.com/go-jose/go-jose/v3/jwt"
)

type IDVerifierConfig struct {
type VerifierConfig struct {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not really IDVerifierConfig, we can use this for other things like access tokens

@kalleep kalleep mentioned this pull request Apr 8, 2024
Closed
3 tasks
cinaglia
cinaglia approved these changes Apr 9, 2024
View reviewed changes
Copy link
Member

@cinaglia cinaglia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

authn/verifier_id_token.go Outdated Show resolved Hide resolved
authn/verifier_access_token.go Outdated Show resolved Hide resolved
kalleep and others added 2 commits April 9, 2024 15:47
@kalleep @cinaglia
Update authn/verifier_id_token.go
6819a85 
Co-authored-by: Victor Cinaglia <victorcinaglia@gmail.com>
@kalleep @cinaglia
Update authn/verifier_access_token.go
c696569 
Co-authored-by: Victor Cinaglia <victorcinaglia@gmail.com>
@kalleep kalleep merged commit ae427f7 into main Apr 10, 2024
2 checks passed
@kalleep kalleep deleted the authn/extractor-wrappers branch April 10, 2024 08:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cinaglia cinaglia cinaglia approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kalleep @cinaglia