Search Options

Results per page
Sort
Preferred Languages
Advance

Results 1 - 10 of 11 for AuthenticateToken (0.33 sec)

  2. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator_test.go 

    	a.AuthenticateToken(context.Background(), "bad1")
	a.AuthenticateToken(context.Background(), "bad2")
	a.AuthenticateToken(context.Background(), "bad3")
	fakeClock.Step(2 * time.Microsecond)
	a.AuthenticateToken(context.Background(), "bad1")
	a.AuthenticateToken(context.Background(), "bad2")
	a.AuthenticateToken(context.Background(), "bad3")
	fakeClock.Step(2 * time.Microsecond)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Jul 03 16:16:51 UTC 2023
    - 20.3K bytes
    - Viewed (0)
  3. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/metrics.go 

    	delegate      AuthenticatorTokenWithHealthCheck
	clock         clock.PassiveClock
}

func (a *instrumentedAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) {
	start := a.clock.Now()
	response, ok, err := a.delegate.AuthenticateToken(ctx, token)
	// this only happens when issuer doesn't match the authenticator
	// we don't want to record metrics for this case
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat Mar 09 19:29:33 UTC 2024
    - 3.3K bytes
    - Viewed (0)
  4. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/authentication/token/cache/cached_token_authenticator.go 

    		hashPool: &sync.Pool{
			New: func() interface{} {
				return hmac.New(sha256.New, randomCacheKey)
			},
		},
	}
}

// AuthenticateToken implements authenticator.Token
func (a *cachedTokenAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) {
	record := a.doAuthenticateToken(ctx, token)
	if !record.ok || record.err != nil {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Mon Jul 03 16:16:51 UTC 2023
    - 9.8K bytes
    - Viewed (0)
  5. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/metrics_test.go 

    		t.Run(tt.name, func(t *testing.T) {
			jwtAuthenticatorLatencyMetric.Reset()
			RegisterMetrics()

			a := newInstrumentedAuthenticatorWithClock(testIssuer, tt.authenticator, dummyClock{})
			_, _, _ = a.AuthenticateToken(context.Background(), "token")

			if err := testutil.GatherAndCompare(legacyregistry.DefaultGatherer, strings.NewReader(tt.expectedValue), "apiserver_authentication_jwt_authenticator_latency_seconds"); err != nil {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat Mar 09 19:29:33 UTC 2024
    - 8.8K bytes
    - Viewed (0)
  6. github.com/kubernetes/kubernetes

    plugin/pkg/auth/authenticator/token/bootstrap/bootstrap.go 

    func tokenErrorf(s *corev1.Secret, format string, i ...interface{}) {
	format = fmt.Sprintf("Bootstrap secret %s/%s matching bearer token ", s.Namespace, s.Name) + format
	klog.V(3).Infof(format, i...)
}

// AuthenticateToken tries to match the provided token to a bootstrap token secret
// in a given namespace. If found, it authenticates the token in the
// "system:bootstrappers" group and with the "system:bootstrap:(token-id)" username.
//
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Thu Mar 30 20:38:15 UTC 2023
    - 5.1K bytes
    - Viewed (0)
  7. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/pkg/authentication/request/websocket/protocol.go 

    	if len(token) > 0 && len(filteredProtocols) == 0 {
		return nil, false, errors.New("missing additional subprotocol")
	}

	if len(token) == 0 {
		return nil, false, nil
	}

	resp, ok, err := a.auth.AuthenticateToken(req.Context(), token)

	// on success, remove the protocol with the token
	if ok {
		// https://tools.ietf.org/html/rfc6455#section-11.3.4 indicates the Sec-WebSocket-Protocol header may appear multiple times
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Wed Jun 07 18:21:43 UTC 2023
    - 3.4K bytes
    - Viewed (0)
  8. github.com/kubernetes/kubernetes

    pkg/serviceaccount/jwt_test.go 

    		ctx := authenticator.WithAudiences(context.Background(), auds)
		if _, ok, err := authn.AuthenticateToken(ctx, "invalid token"); err != nil || ok {
			t.Errorf("%s: Expected err=nil, ok=false for non-JWT token", k)
			continue
		}

		resp, ok, err := authn.AuthenticateToken(ctx, tc.Token)
		if (err != nil) != tc.ExpectedErr {
			t.Errorf("%s: Expected error=%v, got %v", k, tc.ExpectedErr, err)
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Feb 27 22:16:08 UTC 2024
    - 17K bytes
    - Viewed (0)
  9. github.com/kubernetes/kubernetes

    pkg/serviceaccount/jwt.go 

    	// call. This struct should contain fields for any private claims that the
	// Validator requires to validate the JWT.
	NewPrivateClaims() interface{}
}

func (j *jwtTokenAuthenticator) AuthenticateToken(ctx context.Context, tokenData string) (*authenticator.Response, bool, error) {
	if !j.hasCorrectIssuer(tokenData) {
		return nil, false, nil
	}

	tok, err := jwt.ParseSigned(tokenData)
	if err != nil {
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Tue Feb 27 22:16:08 UTC 2024
    - 10.7K bytes
    - Viewed (0)
  10. github.com/kubernetes/kubernetes

    pkg/kubeapiserver/authenticator/config.go 

    		tokenAuthenticators = append(tokenAuthenticators,
			authenticator.TokenFunc(func(ctx context.Context, token string) (*authenticator.Response, bool, error) {
				return jwtAuthenticatorPtr.Load().jwtAuthenticator.AuthenticateToken(ctx, token)
			}),
		)
	}

	if len(config.WebhookTokenAuthnConfigFile) > 0 {
		webhookTokenAuth, err := newWebhookTokenAuthenticator(config)
		if err != nil {
			return nil, nil, nil, nil, err
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat Mar 09 19:29:33 UTC 2024
    - 15.4K bytes
    - Viewed (0)
  11. github.com/kubernetes/kubernetes

    staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go 

    	}
	if v.audiences.HasAny(t.Audience...) {
		return nil
	}

	return fmt.Errorf("oidc: expected audience in %q got %q", sets.List(v.audiences), t.Audience)
}

func (a *jwtAuthenticator) AuthenticateToken(ctx context.Context, token string) (*authenticator.Response, bool, error) {
	if !hasCorrectIssuer(a.jwtAuthenticator.Issuer.URL, token) {
		return nil, false, nil
	}

	verifier, ok := a.idTokenVerifier()
    Registered: Sat Jun 15 01:39:40 UTC 2024
    - Last Modified: Sat Mar 09 19:29:33 UTC 2024
    - 37.9K bytes
    - Viewed (0)
Back to top