mirrors/pinniped
1
0
Fork 0
mirror of https://github.com/vmware-tanzu/pinniped.git synced 2026-01-03 11:45:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,674 Commits 21 Branches 50 Tags
dce9409ccccda0fa2c7e8a79c3299d10fceef33b
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Ryan Richard dce9409ccc login oidc cmd checks access token expiry before doing token exchange 
In the RFC8693 token exchange, the CLI sends your access token and
receives in exchange a new cluster-scoped ID token.

Fix a bug in the CLI. Whenever the "pinniped login oidc" command was
planning to perform the RFC8693 token exchange, it failed to check if
the cached access token was still valid before performing the exchange,
which sends the access token. It instead checked if the cached ID token
was still valid, but that it not relevant in this situation because the
ID token is not going to be used for anything (instead the new ID token
returned by the RFC8693 token exchange will be used for auth).

This bug doesn't actually matter today, because the Supervisor-issued
access and ID tokens always both have the same 2-minute lifetimes.
However, future enhancements may cause them to have different lifetimes
in certain circumstances. Fixing this CLI bug now to prepare for those
potential future enhancements.
2024-02-09 13:33:30 -08:00
.github
disable dependabot for some things in favor of our own tooling
2024-01-19 11:34:47 -08:00
apis
update FederationDomain.status.conditions to come from metav1
2023-09-11 13:06:52 -07:00
cmd
login oidc cmd checks access token expiry before doing token exchange
2024-02-09 13:33:30 -08:00
deploy
Rerun codegen after upgrading CI controller-gen from v0.13.0 to v0.14.0
2024-02-08 13:27:02 -08:00
generated
Rerun codegen after upgrading CI controller-gen from v0.13.0 to v0.14.0
2024-02-08 13:27:02 -08:00
hack
Bump dependencies
2024-02-07 20:09:08 +00:00
internal
login oidc cmd checks access token expiry before doing token exchange
2024-02-09 13:33:30 -08:00
pkg
login oidc cmd checks access token expiry before doing token exchange
2024-02-09 13:33:30 -08:00
proposals
Update proposal doc statuses
2023-09-11 11:14:05 -07:00
public
added search functionality to docs on Pinniped.dev
2021-04-09 10:58:39 -05:00
site
Updated versions in docs for v0.28.0 release
2023-12-15 18:56:15 +00:00
test
login oidc cmd checks access token expiry before doing token exchange
2024-02-09 13:33:30 -08:00
.dockerignore
Update website docs for arm64 support
2023-10-05 14:48:14 -07:00
.gitattributes
Target hack/Dockerfile_fips correctly
2022-04-06 15:32:08 -04:00
.gitignore
Update website docs for arm64 support
2023-10-05 14:48:14 -07:00
.golangci.yaml
Upgrade the linter to golangci-lint@v1.55.1
2023-11-02 09:54:16 -07:00
.pre-commit-config.yaml
Lightly standardize import aliases
2023-11-15 13:52:17 -06:00
ADOPTERS.md
Add OK a.m.b.a. to adopters.md file
2021-04-14 18:38:11 -05:00
CODE_OF_CONDUCT.md
Rename the CoC and contributor guide to the names GitHub recognizes.
2020-10-02 15:53:48 -05:00
CONTRIBUTING.md
update CI URL in CONTRIBUTING.md
2024-01-19 11:34:47 -08:00
Dockerfile
Bump dependencies
2024-02-07 20:09:08 +00:00
go.mod
Bump dependencies
2024-02-09 14:02:39 +00:00
go.sum
Bump dependencies
2024-02-09 14:02:39 +00:00
GOVERNANCE.md
Auto-format GOVERNANCE.md
2022-02-17 10:08:37 -08:00
LICENSE
Add Apache 2.0 license.
2020-07-06 13:50:31 -05:00
MAINTAINERS.md
Update team members on website
2023-04-03 16:54:10 -07:00
README.md
pause community meeting for a little while
2022-07-25 12:07:18 -07:00
ROADMAP.md
Update ROADMAP.md
2022-09-09 11:18:48 -04:00
SCOPE.md
Move scope doc out of website to SCOPE.md.
2021-02-23 11:11:07 -06:00
SECURITY.md
SECURITY.md: follow established pattern
2021-02-09 09:08:19 -05:00

README.md

Pinniped Logo

Overview

Pinniped provides identity services to Kubernetes.

  • Easily plug in external identity providers into Kubernetes clusters while offering a simple install and configuration experience. Leverage first class integration with Kubernetes and kubectl command-line.
  • Give users a consistent, unified login experience across all your clusters, including on-premises and managed cloud environments.
  • Securely integrate with an enterprise IDP using standard protocols or use secure, externally managed identities instead of relying on simple, shared credentials.

To learn more, please visit the Pinniped project's website, https://pinniped.dev.

Getting started with Pinniped

Care to kick the tires? It's easy to install and try Pinniped.

Discussion

Got a question, comment, or idea? Please don't hesitate to reach out via GitHub Discussions, GitHub Issues, or in the Kubernetes Slack Workspace within the #pinniped channel. Join our Google Group to receive updates and meeting invitations.

Contributions

Pinniped is better because of our contributors and maintainers. It is because of you that we can bring great software to the community.

Want to get involved? Contributions are welcome.

Please see the contributing guide for more information about reporting bugs, requesting features, building and testing the code, submitting PRs, and other contributor topics.

Adopters

Some organizations and products using Pinniped are featured in ADOPTERS.md. Add your own organization or product here.

Reporting security vulnerabilities

Please follow the procedure described in SECURITY.md.

License

Pinniped is open source and licensed under Apache License Version 2.0. See LICENSE.

Copyright 2020-2022 the Pinniped contributors. All Rights Reserved.

Description
No description provided
Readme Apache-2.0 32 MiB
Languages
Go 97.3%
Shell 1.6%
HTML 0.4%
SCSS 0.4%
CSS 0.1%
Other 0.1%