github/kubelogin
1
0
Fork 0
mirror of https://github.com/int128/kubelogin.git synced 2026-02-14 08:29:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,339 Commits 6 Branches 74 Tags
master
Commit Graph

158 Commits

Author SHA1 Message Date
Hidetake Iwata
19d4f627ae Remove deprecated flag --oidc-redirect-url-authcode-keyboard (#1452) 2025-11-24 21:20:31 +09:00
Hidetake Iwata
b05e92d466 Remove deprecated flag --oidc-redirect-url-hostname (#1450) 2025-11-24 16:48:14 +09:00
Karolína Lišková
5d091e486a Set auth style when no client secret in use (#1289) 
Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2025-11-23 15:43:21 +09:00
Hidetake Iwata
a993e39ed1 Update help message and doc (#1374) 2025-07-13 15:24:33 +09:00
Hidetake Iwata
7fc48592de Use Endpoint.DeviceAuthURL of oauth2 package (#1372) 2025-07-13 13:54:55 +09:00
Hidetake Iwata
fd9d3a8e9d Split oidc/client.go (#1371) 
* Split oidc/client.go

* Refactor

* Fix

* Improve comment

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-07-13 13:23:33 +09:00
Hidetake Iwata
3981c78387 Add --oidc-request-header flag (#1359) 
* fix(authcode): Set Origin header on token request

Allow passing Azure AD CORS checks.

on-behalf-of: @eon-se opensource@eon.com
Signed-off-by: Maximilian Blatt <maximilian.blatt.external@eon.com>

* Add `--oidc-request-header` flag

* Add doc

---------

Signed-off-by: Maximilian Blatt <maximilian.blatt.external@eon.com>
Co-authored-by: Maximilian Blatt <maximilian.blatt.external@eon.com>
 2025-07-13 11:04:40 +09:00
Hidetake Iwata
7bffbf1e99 Refactor transport package (#1358) 2025-06-16 18:48:24 +09:00
Clay B.
cefacba2d2 Support Client Credentials Flow (#1231) 
* Issue 931: Support Client Credentials Flow

* Move client-credentials to use --oidc-auth-request-extra-params

* Missed a file in moving to --oidc-auth-request-extra-params

* Support --oidc-use-access-token

* make generate

---------

Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2025-06-16 14:16:58 +09:00
Hidetake Iwata
0f2f54d4bf Add --oidc-redirect-url to override redirect URL (#1263) 2025-06-16 13:42:48 +09:00
Hidetake Iwata
db764cd328 Use PKCE verifier of oauth2 package (#1340) 2025-05-19 18:51:43 +09:00
Hidetake Iwata
a4e614aa85 Update github.com/golangci/golangci-lint to v2 (#1336) 
* Update github.com/golangci/golangci-lint to v2

* Handle io.Close()
 2025-05-17 10:05:32 +09:00
Clay B.
751f5f72c7 Provide a token-cache-storage type of none (#1285) 
Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2025-05-13 21:52:09 +09:00
Hidetake Iwata
bc7e71f586 Change default token cache storage to disk (#1264) 
* Change default token cache storage to disk

* Fix

* Fix

* Clean up both storages
 2025-01-30 18:47:07 +09:00
Hidetake Iwata
3a38753ee7 Refactor setup command and docs (#1253) 
* Refactor setup command and docs

* Fix slice flags

* Fix
 2025-01-25 16:08:28 +09:00
James White
6726d851cb Fallback to disk storage if too big for keyring (#1257) 2025-01-25 09:54:28 +09:00
Hidetake Iwata
a2a6ea229d Improve docs (#1250) 
* Refactor docs

* Update --exec-api-version

* Add device authorization grant

* Fix
 2025-01-19 15:02:02 +09:00
Hidetake Iwata
e31ad59e63 Add clean command (#1248) 
* Add clean command

* Refactor

* Refactor
 2025-01-18 22:24:23 +09:00
Hidetake Iwata
aa1f445672 Rename flag to --oidc-pkce-method and improve docs (#1240) 
* Add --oidc-pkce-method and improve docs

* Fix lint

* Refactor

* Refactor
 2025-01-14 09:57:19 +09:00
Hidetake Iwata
898e8a12de Refactor PKCE implementation (#1239) 2025-01-12 21:41:20 +09:00
Hidetake Iwata
606f1cd0b6 Remove unused struct field (#1238) 2025-01-12 15:55:26 +09:00
Hidetake Iwata
562b998ca7 Add [SECURITY RISK] to insecure flag description (#1237) 2025-01-12 15:17:47 +09:00
Hidetake Iwata
6c9d198ef5 Add --token-cache-storage flag (#1236) 2025-01-12 14:55:46 +09:00
Hidetake Iwata
ca273c358d Refactor getDefaultTokenCacheDir() (#1234) 2025-01-12 13:36:28 +09:00
Hidetake Iwata
ccc6b772db Extract tokenCacheOptions (#1232) 
* Extract tokenCacheOptions

* Refactor
 2025-01-12 13:21:03 +09:00
Hidetake Iwata
6f62b25c40 Extract struct tokencache.Config (#1226) 2025-01-11 16:44:56 +09:00
Hidetake Iwata
c66570c030 Remove unused struct member (#1224) 2025-01-08 12:50:15 +09:00
kalle (jag)
afb25f511c Added key cache via OS keyring (#973) 
* Added key cache via OS keyring

* Fix lint issue

* Disable keyring in integration tests

* Disable keyring in system test

---------

Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2025-01-08 12:32:26 +09:00
Hidetake Iwata
97b0a20b0b Remove deprecated --listen-port flag (#1207) 2024-12-27 15:22:53 +09:00
Hidetake Iwata
0e9a39a571 Infer apiVersion from KUBERNETES_EXEC_INFO environment variable (#1162) 
* Infer apiVersion from KUBERNETES_EXEC_INFO

* Test client.authentication.k8s.io/v1

* Set --exec-interactive-mode

* Set --exec-interactive-mode=Never

* Fix comments
 2024-11-03 17:21:25 +09:00
Hidetake Iwata
f1f2a37adc Include essential options to token cache key (#1161) 2024-10-26 21:42:23 +09:00
Hidetake Iwata
438068e9de refactor: Move useAccessToken to oidc.Provider (#1160) 
* refactor: Move useAccessToken to oidc.Provider

* Generated by GitHub Actions (go / generate)

https://github.com/int128/kubelogin/actions/runs/11530911738

---------

Co-authored-by: update-generated-files-action <41898282+github-actions[bot]@users.noreply.github.com>
 2024-10-26 21:07:44 +09:00
Hidetake Iwata
c2cbc47438 Lock dedicated file instead of token cache file (#1146) 
* Run test on Windows

* Run integration_test on Windows and macOS

* Lock dedicated file instead of token cache file

* Add comment
 2024-09-24 14:39:53 +09:00
Hidetake Iwata
3d114bfeba Lock token cache file before authentication (#1126) 
* Lock token cache file in authentication

* Fix tests

* make generate

* Lock before FindByKey

* Fix test
 2024-09-21 14:54:32 +09:00
Hidetake Iwata
b1c8a18c76 Add wire to make generate (#1127) 2024-08-18 11:10:49 +09:00
Hidetake Iwata
66127ff3fc Migrate to mockery packages feature (#1124) 
* Migrate to mockery packages feature

* Fix workflow
 2024-08-17 12:27:13 +09:00
Adam Kafka
905238ce07 Add new --oidc-use-access-token flag to get-token (#1084) 
* Add new `--oidc-use-access-token` flag to `get-token`

Implements https://github.com/int128/kubelogin/issues/1083. See
description there for context.

In its current form, this PR is bare bones functionality. I have not yet
added any tests to confirm this behavior. Additionally, we could
consider updtating some of the naming. It is confusing to return a
`TokenSet` where `IDToken` actually has an `accessToken`. I'm open to
feedback on how best to improve this.

However, this PR is functional. I have validated it locally. Without
adding `--oidc-use-access-token`, and `id_token` is successfully
returned. Adding `--oidc-use-access-token` results in an `access_token`
being successfully returned.

* Fix failing tests

Needed to plumb through our new parameter `UseAccessToken` to the mocks
as well.

* Add a test to make sure new flag is plumbed through

* Support Access Tokens whose audience differ from the client_id

As noted in the PR, there are some cases where the access token `aud`
field will not be the `client_id`. To allow for these, we use a
different token verifier that will not verify that claim.

---------

Co-authored-by: Adam kafka <akafka@tesla.com>
 2024-08-16 16:57:05 +09:00
Hidetake Iwata
a2f4e935dc Remove golang.org/x/net/context (#1112) 2024-08-03 11:42:54 +09:00
github-actions[bot]
5dd50923c2 Generated by GitHub Actions (go / fmt) (#1018) 
https://github.com/int128/kubelogin/actions/runs/7229804014

Co-authored-by: update-generated-files-action <41898282+github-actions[bot]@users.noreply.github.com>
 2023-12-16 13:35:36 +09:00
Tobias Wolter
9da00c5e21 Respect KUBECACHEDIR environment variable (#975) 
This adds a check for the existence of a (non-empty) `KUBECACHEDIR`
environment variable that will be used to construct the cache directory
path if present.
 2023-12-16 13:32:42 +09:00
Hidetake Iwata
622dc5ba0b Refactor #944 (#951) 2023-06-24 15:26:39 +09:00
Reza Nikoopour
069ff68d99 Added flag to let user set redirect uri for authcode-keyboard (#944) 2023-06-23 16:53:55 +09:00
renovate[bot]
9e2fcd8cdb fix(deps): update module github.com/golang-jwt/jwt/v4 to v5 (#925) 
* fix(deps): update module github.com/golang-jwt/jwt/v4 to v5

* Replace with `jwt.RegisteredClaims`

* Replace with `jwt.NewNumericDate`

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2023-05-14 21:38:48 +09:00
renovate[bot]
974369fe6f fix(deps): update module golang.org/x/oauth2 to v0.8.0 (#922) 2023-05-14 19:19:18 +09:00
Hidetake Iwata
10412effa2 Run go fmt (#866) 
* Run go fmt

* Generated by GitHub Actions (go / generate)

https://github.com/int128/kubelogin/actions/runs/4971610724

---------

Co-authored-by: update-generated-files-action <41898282+github-actions[bot]@users.noreply.github.com>
 2023-05-14 18:21:55 +09:00
Martin Linkhorst
f03d4fe821 get-token: add --force-refresh flag to refresh ID token (#879) 2023-02-17 15:25:11 +09:00
Hidetake Iwata
adfbc48b24 Handle verification_url field in device flow (#846) 2022-12-24 19:10:21 +09:00
Hidetake Iwata
345465a5d3 Refactor test (#847) 2022-12-24 17:00:59 +09:00
Bastian
cda2eccaac feat(authentication): add oauth2 device grant (#837) 2022-12-22 08:03:10 +09:00
renovate[bot]
b640aa17df chore(deps): update module go to 1.19 (#751) 
* chore(deps): update module go to 1.19

* Fix deprecations

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Hidetake Iwata <int128@gmail.com>
 2022-11-19 21:45:08 +09:00