MCPcopy
hub / github.com/smallstep/cli / NewTokenFlow

Function NewTokenFlow

utils/cautils/token_flow.go:101–183  ·  view source on GitHub ↗

NewTokenFlow implements the common flow used to generate a token

(ctx *cli.Context, tokType int, subject string, sans []string, caURL, root string, notBefore, notAfter time.Time, certNotBefore, certNotAfter provisioner.TimeDuration, opts ...Option)

Source from the content-addressed store, hash-verified

99
100// NewTokenFlow implements the common flow used to generate a token
101func NewTokenFlow(ctx *cli.Context, tokType int, subject string, sans []string, caURL, root string, notBefore, notAfter time.Time, certNotBefore, certNotAfter provisioner.TimeDuration, opts ...Option) (string, error) {
102 // Apply options to shared context
103 for _, opt := range opts {
104 opt.apply(&sharedContext)
105 }
106
107 // Get audience from ca-url
108 audience, err := parseAudience(ctx, tokType)
109 if err != nil {
110 return "", err
111 }
112
113 // All provisioners use the same type of tokens to do a X.509 renewal.
114 if tokType == RenewType {
115 return generateRenewToken(ctx, audience, subject)
116 }
117
118 provisioners, err := pki.GetProvisioners(caURL, root)
119 if err != nil {
120 return "", err
121 }
122 p, err := provisionerPrompt(ctx, provisioners)
123 if err != nil {
124 return "", err
125 }
126
127 if subject == "" {
128 // For OIDC provisioners the CA automatically generates the principals
129 // from the email address.
130 if _, ok := p.(*provisioner.OIDC); !ok {
131 q := "What DNS names or IP addresses would you like to use? (e.g. internal.smallstep.com)"
132 if tokType == SSHUserSignType {
133 q = "What user principal would you like to use? (e.g. alice)"
134 }
135 subject, err = ui.Prompt(q, ui.WithValidateNotEmpty())
136 if err != nil {
137 return "", err
138 }
139 }
140 }
141
142 tokAttrs := tokenAttrs{
143 subject: subject,
144 root: root,
145 caURL: caURL,
146 audience: audience,
147 sans: sans,
148 notBefore: notBefore,
149 notAfter: notAfter,
150 certNotBefore: certNotBefore,
151 certNotAfter: certNotAfter,
152 }
153
154 switch p := p.(type) {
155 case *provisioner.JWK: // Get the step standard JWT.
156 return generateJWKToken(ctx, p, tokType, tokAttrs)
157 case *provisioner.OIDC: // Run step oauth.
158 return generateOIDCToken(ctx, p)

Callers 5

GenerateTokenMethod · 0.92
tokenActionFunction · 0.92
GenerateTokenMethod · 0.85
GenerateSSHTokenMethod · 0.85
NewAdminClientFunction · 0.85

Calls 11

parseAudienceFunction · 0.85
generateRenewTokenFunction · 0.85
provisionerPromptFunction · 0.85
generateJWKTokenFunction · 0.85
generateOIDCTokenFunction · 0.85
generateX5CTokenFunction · 0.85
generateNebulaTokenFunction · 0.85
generateSSHPOPTokenFunction · 0.85
generateK8sSATokenFunction · 0.85
applyMethod · 0.65
GetProvisionersMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…