- Sort Score
- Result 10 results
- Languages All
Results 1 - 10 of 76 for Aud (0.02 sec)
-
releasenotes/notes/jwt-aud.yaml
Kuat <******@****.***> 1714759362 -0700
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 03 18:02:42 UTC 2024 - 159 bytes - Viewed (0) -
security/pkg/util/jwtutil.go
return listAud, nil } return nil, err } type jwtPayload struct { // Aud is JWT token audience - used to identify 3p tokens. // It is empty for the default K8S tokens. Aud []string `json:"aud"` } // ExtractJwtAud extracts the audiences from a JWT token. If aud cannot be parse, the bool will be set // to false. This distinguishes aud=[] from not parsed. func ExtractJwtAud(jwt string) ([]string, bool) {
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 31 16:07:11 UTC 2024 - 3.2K bytes - Viewed (0) -
security/pkg/util/jwtutil_test.go
testCases := map[string]struct { jwt string aud []string }{ "no audience": { jwt: firstPartyJwt, }, "one audience string": { jwt: oneAudString, aud: []string{"abc"}, }, "one audience list": { jwt: thirdPartyJwt, aud: []string{"yonggangl-istio-4.svc.id.goog"}, }, "two audiences list": { jwt: twoAudList, aud: []string{"abc", "xyz"}, }, }
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Fri May 31 16:07:11 UTC 2024 - 6K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc_test.go
name: "string claim", claims: `{"aud":"foo"}`, do: func(c claims) (interface{}, error) { var s string err := c.unmarshalClaim("aud", &s) return s, err }, want: "foo", }, { name: "mismatched types", claims: `{"aud":"foo"}`, do: func(c claims) (interface{}, error) { var n int err := c.unmarshalClaim("aud", &n) return n, err },
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 97.7K bytes - Viewed (0) -
security/pkg/server/ca/authenticate/oidc.go
return true } } } return false } type JwtPayload struct { // Aud is the expected audience, defaults to istio-ca - but is based on istiod.yaml configuration. // If set to a different value - use the value defined by istiod.yaml. Env variable can // still override Aud []string `json:"aud"` // Exp is not currently used - we don't use the token for authn, just to determine k8s settings
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 5.1K bytes - Viewed (0) -
pkg/serviceaccount/claims_test.go
node *core.Node exp int64 warnafter int64 aud []string err string // desired sc *jwt.Claims pc *privateClaims featureJTI, featurePodNodeInfo, featureNodeBinding bool }{ { // pod and secret sa: sa, pod: pod, sec: sec, // really fast exp: 0, // nil audience aud: nil, err: "internal error, token can only be bound to one object type",
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 17.9K bytes - Viewed (0) -
security/pkg/credentialfetcher/plugin/gce.go
rotateToken = enable } // GCEPlugin is the plugin object. type GCEPlugin struct { // aud is the unique URI agreed upon by both the instance and the system verifying the instance's identity. // For more info: https://cloud.google.com/compute/docs/instances/verifying-instance-identity aud string // The location to save the identity token jwtPath string // identity provider identityProvider string
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Tue Apr 30 13:56:46 UTC 2024 - 4.7K bytes - Viewed (0) -
internal/config/identity/openid/jwt.go
// case sensitive audValues, ok := policy.GetValuesFromClaims(mclaims, audClaim) if !ok { return errors.New("STS JWT Token has `aud` claim invalid, `aud` must match configured OpenID Client ID") } if !audValues.Contains(pCfg.ClientID) { // if audience claims is missing, look for "azp" claims. // OPTIONAL. Authorized party - the party to which the ID
Registered: Sun Jun 16 00:44:34 UTC 2024 - Last Modified: Thu May 30 18:10:41 UTC 2024 - 8.3K bytes - Viewed (0) -
security/pkg/server/ca/authenticate/oidc_test.go
claims := `{"iss": "` + server.URL + `", "aud": ["baz.svc.id.goog"], "sub": "system:serviceaccount:bar:foo", "exp": ` + expStr + `}` token, err := generateJWT(&key, []byte(claims)) if err != nil { t.Fatalf("failed to generate JWT: %v", err) } // Create an expired JWT token expiredStr := strconv.FormatInt(time.Now().Add(-time.Hour).Unix(), 10)
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu May 23 21:07:03 UTC 2024 - 7.3K bytes - Viewed (0) -
tests/common/jwt/jwt_token.go
// Payload { // "aud": foo, // "exp": 4732994801, // "iat": 1579394801, // "iss": "******@****.***", // "sub": "sub-1" // } // Generated by: security/tools/jwt/samples/gen-jwt.py tests/common/jwt/key.pem -jwks=tests/common/jwt/jwks.json // --expire=3153600000 --iss=******@****.*** --sub=sub-1 --aud=foo // nolint: lll
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Wed May 08 23:36:51 UTC 2024 - 12.1K bytes - Viewed (0)