github/kubelogin
1
0
Fork 0
mirror of https://github.com/int128/kubelogin.git synced 2026-05-03 22:56:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Dump all claims of ID token to debug log (#68)

Browse Source 
* Dump all claims of ID token to debug log

* Add dump when a user already has a token
This commit is contained in:
Hidetake Iwata
2019-04-19 10:29:56 +09:00
committed by GitHub
parent d82c8a2dd1
commit 83f85a9b53
2 changed files with 24 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
adaptors_test/cmd_test.go
View File

@@ -171,11 +171,19 @@ func TestCmd_Run(t *testing.T) {
func newIDToken(t *testing.T, issuer string) string {
t.Helper()
token := jwt.NewWithClaims(jwt.SigningMethodRS256, jwt.StandardClaims{
var claims struct {
jwt.StandardClaims
Groups []string `json:"groups"`
}
claims.StandardClaims = jwt.StandardClaims{
Issuer: issuer,
Audience: "kubernetes",
ExpiresAt: time.Now().Add(time.Hour).Unix(),
})
Subject: "SUBJECT",
IssuedAt: time.Now().Unix(),
}
claims.Groups = []string{"admin", "users"}
token := jwt.NewWithClaims(jwt.SigningMethodRS256, claims)
s, err := token.SignedString(keys.JWSKeyPair)
if err != nil {
t.Fatalf("Could not sign the claims: %s", err)

18
usecases/login.go
View File

@@ -77,7 +77,8 @@ func (u *Login) Do(ctx context.Context, in usecases.LoginIn) error {
ClientID: authProvider.ClientID(),
Client: hc,
}); token != nil {
u.Logger.Printf("You already have a valid token (until %s)", token.Expiry)
u.Logger.Printf("You already have a valid token until %s", token.Expiry)
u.dumpIDToken(token)
return nil
}
@@ -100,8 +101,8 @@ func (u *Login) Do(ctx context.Context, in usecases.LoginIn) error {
return errors.Wrapf(err, "could not get token from OIDC provider")
}
u.Logger.Printf("Got a token for subject %s (valid until %s)", out.VerifiedIDToken.Subject, out.VerifiedIDToken.Expiry)
u.Logger.Debugf(1, "Got an ID token %+v", out.VerifiedIDToken)
u.Logger.Printf("You got a valid token until %s", out.VerifiedIDToken.Expiry)
u.dumpIDToken(out.VerifiedIDToken)
authProvider.SetIDToken(out.IDToken)
authProvider.SetRefreshToken(out.RefreshToken)
@@ -113,6 +114,16 @@ func (u *Login) Do(ctx context.Context, in usecases.LoginIn) error {
return nil
}
func (u *Login) dumpIDToken(token *oidc.IDToken) {
var claims map[string]interface{}
if err := token.Claims(&claims); err != nil {
u.Logger.Debugf(1, "Error while inspection of the ID token: %s", err)
}
for k, v := range claims {
u.Logger.Debugf(1, "The ID token has the claim: %s=%v", k, v)
}
}
func (u *Login) findAuthProvider(kubeConfig *kubeconfig.KubeConfig, kubeContextName, kubeUserName string) (*kubeconfig.OIDCAuthProvider, error) {
//TODO: should be moved to domain models
if kubeUserName == "" {
@@ -144,6 +155,5 @@ func (u *Login) verifyIDToken(ctx context.Context, in adaptors.OIDCVerifyTokenIn
u.Logger.Debugf(1, "Could not verify the ID token in the kubeconfig: %s", err)
return nil
}
u.Logger.Debugf(1, "Verified token %+v", token)
return token
}