mirror of
https://github.com/int128/kubelogin.git
synced 2026-05-05 23:46:38 +00:00
d55963b7ff
The token cache key computation did not include the AuthRequestExtraParams values from the --oidc-auth-request-extra-params flag. This caused tokens with different extra parameters (e.g., different audience values) to incorrectly share the same cache entry. Changes: - Add AuthRequestExtraParams field to tokencache.Key struct - Add AuthRequestExtraParams() method to GrantOptionSet to extract extra params from whichever grant option is set - Update get_token.go to include extra params in cache key - Add comprehensive tests for cache key differentiation Fixes #1496
36 lines
914 B
Go
36 lines
914 B
Go
package tokencache
|
|
|
|
import (
|
|
"github.com/int128/kubelogin/pkg/oidc"
|
|
"github.com/int128/kubelogin/pkg/tlsclientconfig"
|
|
)
|
|
|
|
// Key represents a key of a token cache.
|
|
type Key struct {
|
|
Provider oidc.Provider
|
|
TLSClientConfig tlsclientconfig.Config
|
|
Username string
|
|
AuthRequestExtraParams map[string]string
|
|
}
|
|
|
|
// Config represents a configuration for the token cache.
|
|
type Config struct {
|
|
// Directory is a path to the directory to store a token cache.
|
|
// Note that a lock file is created into this directory even if the keyring is used.
|
|
Directory string
|
|
|
|
Storage Storage
|
|
}
|
|
|
|
// Storage is an enum of different storage strategies.
|
|
type Storage byte
|
|
|
|
const (
|
|
// StorageDisk will only store cached keys on disk.
|
|
StorageDisk Storage = iota
|
|
// StorageDisk will only store cached keys in the OS keyring.
|
|
StorageKeyring
|
|
// StorageNone will not store cached keys.
|
|
StorageNone
|
|
)
|