mirror of
https://github.com/int128/kubelogin.git
synced 2026-02-14 16:39:51 +00:00
905238ce07
* Add new `--oidc-use-access-token` flag to `get-token` Implements https://github.com/int128/kubelogin/issues/1083. See description there for context. In its current form, this PR is bare bones functionality. I have not yet added any tests to confirm this behavior. Additionally, we could consider updtating some of the naming. It is confusing to return a `TokenSet` where `IDToken` actually has an `accessToken`. I'm open to feedback on how best to improve this. However, this PR is functional. I have validated it locally. Without adding `--oidc-use-access-token`, and `id_token` is successfully returned. Adding `--oidc-use-access-token` results in an `access_token` being successfully returned. * Fix failing tests Needed to plumb through our new parameter `UseAccessToken` to the mocks as well. * Add a test to make sure new flag is plumbed through * Support Access Tokens whose audience differ from the client_id As noted in the PR, there are some cases where the access token `aud` field will not be the `client_id`. To allow for these, we use a different token verifier that will not verify that claim. --------- Co-authored-by: Adam kafka <akafka@tesla.com>