MCPcopy Index your code
hub / github.com/cloudquery/cloudquery / decodeCQPDClaims

Function decodeCQPDClaims

cli/internal/platform/inject.go:252–273  ·  view source on GitHub ↗

decodeCQPDClaims reads the unverified claims payload of a cqpd_ token. The CLI only needs routing/identity hints (api_url, team) to decide where and as whom to call; the platform still authenticates the token. Wire format is "cqpd_" + base64url(claimsJSON) + "." + base64url(sig). Returns empty strin

(token string)

Source from the content-addressed store, hash-verified

250// for a malformed or non-cqpd_ token. Mirrors the destination plugin's decoder
251// (separate repos — keep the claim keys in sync).
252func decodeCQPDClaims(token string) (apiURL, team string) {
253 rest, ok := strings.CutPrefix(token, cqpdPrefix)
254 if !ok {
255 return "", ""
256 }
257 enc, _, ok := strings.Cut(rest, ".")
258 if !ok {
259 return "", ""
260 }
261 payload, err := base64.RawURLEncoding.DecodeString(enc)
262 if err != nil {
263 return "", ""
264 }
265 var claims struct {
266 APIURL string `json:"u"`
267 Team string `json:"tm"`
268 }
269 if err := json.Unmarshal(payload, &claims); err != nil {
270 return "", ""
271 }
272 return claims.APIURL, claims.Team
273}
274
275// MaybeInjectDestination injects a `platform` destination carrying a freshly
276// minted cqpd_ token — but only when the spec opts in by listing `platform` in

Callers 2

apiURLFromTokenFunction · 0.85
TeamFromTokenFunction · 0.85

Calls

no outgoing calls

Tested by

no test coverage detected