- Sort Score
- Result 10 results
- Languages All
Results 11 - 20 of 477 for audiences (0.27 sec)
-
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc_test.go
"username": "jane", "exp": %d }`, valid.Unix()), wantErr: `oidc: verify token: oidc: expected audience "my-client" got ["not-my-client"]`, }, { // ID tokens may contain multiple audiences: // https://openid.net/specs/openid-connect-core-1_0.html#IDToken name: "multiple-audiences", options: Options{ JWTAuthenticator: apiserver.JWTAuthenticator{ Issuer: apiserver.Issuer{
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Apr 24 18:25:29 UTC 2024 - 97.7K bytes - Viewed (0) -
pilot/pkg/serviceregistry/kube/controller/ambient/testdata/allow-full-in.yaml
notValues: ["not-requestPrincipals", "not-requestPrincipals-prefix-*", "*-not-suffix-requestPrincipals", "*"] - when: - key: "request.auth.audiences" values: ["audiences", "audiences-prefix-*", "*-suffix-audiences", "*"] notValues: ["not-audiences", "not-audiences-prefix-*", "*-not-suffix-audiences", "*"] - when: - key: "request.auth.presenter" values: ["presenter", "presenter-prefix-*", "*-suffix-presenter", "*"]
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Thu Feb 29 18:40:34 UTC 2024 - 4K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook.go
// We take implicit audiences of the API server at WebhookTokenAuthenticator // construction time. The outline of how we validate audience here is: // // * if the ctx is not audience limited, don't do any audience validation. // * if ctx is audience-limited, add the audiences to the tokenreview spec // * if the tokenreview returns with audiences in the status that intersect
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 18 00:47:42 UTC 2022 - 11.5K bytes - Viewed (0) -
common-protos/k8s.io/api/authentication/v1beta1/generated.proto
optional UserInfo user = 2; // Audiences are audience identifiers chosen by the authenticator that are // compatible with both the TokenReview and token. An identifier is any // identifier in the intersection of the TokenReviewSpec audiences and the // token's audiences. A client of the TokenReview API that sets the // spec.audiences field should validate that a compatible audience identifier
Registered: Fri Jun 14 15:00:06 UTC 2024 - Last Modified: Mon Mar 11 18:43:24 UTC 2024 - 5.2K bytes - Viewed (0) -
staging/src/k8s.io/api/authentication/v1/generated.proto
// identifier in the intersection of the TokenReviewSpec audiences and the // token's audiences. A client of the TokenReview API that sets the // spec.audiences field should validate that a compatible audience identifier // is returned in the status.audiences field to ensure that the TokenReview // server is audience aware. If a TokenReview returns an empty // status.audience field where status.authenticated is "true", the token is
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 28 15:34:11 UTC 2024 - 7.7K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/authentication/authenticator/audiences_test.go
{ auds: Audiences{"foo"}, tauds: Audiences{"foo"}, expected: Audiences{"foo"}, }, { auds: Audiences{"foo", "bar"}, tauds: Audiences{"foo", "bar"}, expected: Audiences{"foo", "bar"}, }, { auds: Audiences{"foo", "bar"}, tauds: Audiences{"foo", "wat"}, expected: Audiences{"foo"}, }, { auds: Audiences{"foo", "bar"}, tauds: Audiences{"pls", "wat"},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Wed Oct 31 21:50:11 UTC 2018 - 1.7K bytes - Viewed (0) -
staging/src/k8s.io/api/authentication/v1beta1/generated.proto
// identifier in the intersection of the TokenReviewSpec audiences and the // token's audiences. A client of the TokenReview API that sets the // spec.audiences field should validate that a compatible audience identifier // is returned in the status.audiences field to ensure that the TokenReview // server is audience aware. If a TokenReview returns an empty // status.audience field where status.authenticated is "true", the token is
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Mar 28 15:34:11 UTC 2024 - 5.3K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/webhook/webhook_v1beta1_test.go
}, { description: "bad audiences", implicitAuds: apiAuds, reqAuds: authenticator.Audiences{"other"}, serverResponse: authenticationv1beta1.TokenReviewStatus{ Authenticated: false, }, expectedAuthenticated: false, }, { description: "bad audiences", implicitAuds: apiAuds, reqAuds: authenticator.Audiences{"other"},
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Fri Mar 18 00:47:42 UTC 2022 - 19.2K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/plugin/pkg/authenticator/token/oidc/oidc.go
func (v *idTokenVerifier) verifyAudience(t *oidc.IDToken) error { // We validate audience field is not empty in the authentication configuration. // This check ensures callers of "Verify" using idTokenVerifier are not passing // an empty audience. if v.audiences.Len() == 0 { return fmt.Errorf("oidc: invalid configuration, audiences cannot be empty") }
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Sat Mar 09 19:29:33 UTC 2024 - 37.9K bytes - Viewed (0) -
staging/src/k8s.io/apiserver/pkg/endpoints/filters/metrics_test.go
authentication_attempts{result="failure"} 1 `, }, { desc: "auth failed due to audiences not intersecting", response: &authenticator.Response{ User: &user.DefaultInfo{Name: "admin"}, Audiences: authenticator.Audiences{"audience-x"}, }, status: true, apiAudience: authenticator.Audiences{"audience-y"}, want: ` # HELP authentication_attempts [ALPHA] Counter of authenticated attempts.
Registered: Sat Jun 15 01:39:40 UTC 2024 - Last Modified: Thu Apr 20 13:35:55 UTC 2023 - 8.7K bytes - Viewed (0)