github/kubelogin
1
0
Fork 0
mirror of https://github.com/int128/kubelogin.git synced 2026-05-09 17:36:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
5e2bd740aec0089fa032cc4942a6e1004db1fa78
kubelogin/pkg/usecases/authentication/authcode/keyboard.go
Hidetake Iwata 0f2f54d4bf Add --oidc-redirect-url to override redirect URL (#1263)
2025-06-16 13:42:48 +09:00

64 lines
2.0 KiB
Go
Raw Blame History

package authcode
import (
"context"
"fmt"
"github.com/int128/kubelogin/pkg/infrastructure/logger"
"github.com/int128/kubelogin/pkg/infrastructure/reader"
"github.com/int128/kubelogin/pkg/oidc"
"github.com/int128/kubelogin/pkg/oidc/client"
"github.com/int128/kubelogin/pkg/pkce"
)
const keyboardPrompt = "Enter code: "
type KeyboardOption struct {
AuthRequestExtraParams map[string]string
}
// Keyboard provides the authorization code flow with keyboard interactive.
type Keyboard struct {
Reader reader.Interface
Logger logger.Interface
}
func (u *Keyboard) Do(ctx context.Context, o *KeyboardOption, oidcClient client.Interface) (*oidc.TokenSet, error) {
u.Logger.V(1).Infof("starting the authorization code flow with keyboard interactive")
state, err := oidc.NewState()
if err != nil {
return nil, fmt.Errorf("could not generate a state: %w", err)
}
nonce, err := oidc.NewNonce()
if err != nil {
return nil, fmt.Errorf("could not generate a nonce: %w", err)
}
pkceParams, err := pkce.New(oidcClient.NegotiatedPKCEMethod())
if err != nil {
return nil, fmt.Errorf("could not generate the PKCE parameters: %w", err)
}
authCodeURL := oidcClient.GetAuthCodeURL(client.AuthCodeURLInput{
State: state,
Nonce: nonce,
PKCEParams: pkceParams,
AuthRequestExtraParams: o.AuthRequestExtraParams,
})
u.Logger.Printf("Please visit the following URL in your browser: %s", authCodeURL)
code, err := u.Reader.ReadString(keyboardPrompt)
if err != nil {
return nil, fmt.Errorf("could not read an authorization code: %w", err)
}
u.Logger.V(1).Infof("exchanging the code and token")
tokenSet, err := oidcClient.ExchangeAuthCode(ctx, client.ExchangeAuthCodeInput{
Code: code,
PKCEParams: pkceParams,
Nonce: nonce,
})
if err != nil {
return nil, fmt.Errorf("could not exchange the authorization code: %w", err)
}
u.Logger.V(1).Infof("finished the authorization code flow with keyboard interactive")
return tokenSet, nil
}
Reference in New Issue View Git Blame Copy Permalink