MCPcopy Index your code
hub / github.com/smallstep/cli / DoTwoLeggedAuthorization

Method DoTwoLeggedAuthorization

command/oauth/cmd.go:983–1042  ·  view source on GitHub ↗

DoTwoLeggedAuthorization performs two-legged OAuth using the jwt-bearer grant type.

(issuer string)

Source from the content-addressed store, hash-verified

981// DoTwoLeggedAuthorization performs two-legged OAuth using the jwt-bearer
982// grant type.
983func (o *oauth) DoTwoLeggedAuthorization(issuer string) (*token, error) {
984 pemBytes := []byte(o.clientSecret)
985 block, _ := pem.Decode(pemBytes)
986 if block == nil {
987 return nil, fmt.Errorf("failed to read private key pem block")
988 }
989 priv, err := x509.ParsePKCS8PrivateKey(block.Bytes)
990 if err != nil {
991 return nil, errors.Wrap(err, "error parsing private key")
992 }
993
994 // Add claims
995 now := int(time.Now().Unix())
996 c := map[string]interface{}{
997 "aud": o.tokenEndpoint,
998 "nbf": now,
999 "iat": now,
1000 "exp": now + 3600,
1001 "iss": issuer,
1002 "scope": o.scope,
1003 }
1004
1005 so := new(jose.SignerOptions)
1006 so.WithType("JWT")
1007 so.WithHeader("kid", o.clientID)
1008
1009 // Sign JWT
1010 signer, err := jose.NewSigner(jose.SigningKey{
1011 Algorithm: "RS256",
1012 Key: priv,
1013 }, so)
1014 if err != nil {
1015 return nil, errors.Wrapf(err, "error creating JWT signer")
1016 }
1017
1018 raw, err := jose.Signed(signer).Claims(c).CompactSerialize()
1019 if err != nil {
1020 return nil, errors.Wrapf(err, "error serializing JWT")
1021 }
1022
1023 // Construct the POST request to fetch the OAuth token.
1024 params := url.Values{
1025 "assertion": []string{raw},
1026 "grant_type": []string{jwtBearerUrn},
1027 }
1028
1029 // Send the POST request and return token.
1030 resp, err := postForm(o.tokenEndpoint, params)
1031 if err != nil {
1032 return nil, errors.Wrapf(err, "error from token endpoint")
1033 }
1034 defer resp.Body.Close()
1035
1036 var tok token
1037 if err := json.NewDecoder(resp.Body).Decode(&tok); err != nil {
1038 return nil, errors.WithStack(err)
1039 }
1040

Callers 1

oauthCmdFunction · 0.80

Calls 3

postFormFunction · 0.85
CompactSerializeMethod · 0.80
CloseMethod · 0.45

Tested by

no test coverage detected