3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-18 00:58:08 +02:00
Code Issues Projects Releases Packages Wiki Activity

pomerium-cli: fix kubernetes token caching (#1169)

Browse source 
* pomerium-cli: fix kubernetes token caching

* switch to jose v2
This commit is contained in:
Caleb Doxsey 2020-07-31 09:50:06 -06:00 committed by GitHub
parent fabf773e8b
commit b1d72c829b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

14
cmd/pomerium-cli/kubernetes.go
View file

@ -14,9 +14,9 @@ import (
"github.com/skratchdot/open-golang/open"
"github.com/spf13/cobra"
"github.com/square/go-jose/jwt"
"golang.org/x/crypto/ssh/terminal"
"golang.org/x/sync/errgroup"
jose "gopkg.in/square/go-jose.v2"
)
func init() {
@ -155,22 +155,22 @@ func runHandleJWT(ctx context.Context, serverURL *url.URL, incomingJWT chan stri
}
func parseToken(rawjwt string) (*ExecCredential, error) {
tok, err := jwt.ParseSigned(rawjwt)
tok, err := jose.ParseSigned(rawjwt)
if err != nil {
return nil, err
}
var claims struct {
Exp int64 `json:"exp"`
Expiry int64 `json:"exp"`
}
err = tok.UnsafeClaimsWithoutVerification(&claims)
err = json.Unmarshal(tok.UnsafePayloadWithoutVerification(), &claims)
if err != nil {
return nil, err
}
expiresAt := time.Unix(claims.Exp, 0)
expiresAt := time.Unix(claims.Expiry, 0)
if expiresAt.IsZero() {
expiresAt = time.Now().Add(time.Minute)
expiresAt = time.Now().Add(time.Hour)
}
return &ExecCredential{
@ -179,7 +179,7 @@ func parseToken(rawjwt string) (*ExecCredential, error) {
Kind: "ExecCredential",
},
Status: &ExecCredentialStatus{
ExpirationTimestamp: time.Now().Add(time.Second * 10),
ExpirationTimestamp: expiresAt,
Token: "Pomerium-" + rawjwt,
},
}, nil