csharp/src/KubernetesClient/Authentication/OidcTokenProvider.cs

using System;
using System.Net.Http.Headers;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Rest;
using IdentityModel.OidcClient;
using k8s.Exceptions;

namespace k8s.Authentication
{
    public class OidcTokenProvider : ITokenProvider
    {
        private OidcClient _oidcClient;
        private string _idToken;
        private string _refreshToken;
        private string _accessToken;
        private DateTime _expiry;

        public OidcTokenProvider(string clientId, string clientSecret, string idpIssuerUrl, string idToken, string refreshToken)
        {
            _idToken = idToken;
            _refreshToken = refreshToken;
            _oidcClient = getClient(clientId, clientSecret, idpIssuerUrl);
        }

        public async Task<AuthenticationHeaderValue> GetAuthenticationHeaderAsync(CancellationToken cancellationToken)
        {
            if (_accessToken == null || DateTime.UtcNow.AddSeconds(30) > _expiry)
            {
                await RefreshToken().ConfigureAwait(false);
            }

            return new AuthenticationHeaderValue("Bearer", _accessToken);
        }

        private OidcClient getClient(string clientId, string clientSecret, string idpIssuerUrl)
        {
            OidcClientOptions options = new OidcClientOptions
            {
                ClientId = clientId,
                ClientSecret = clientSecret ?? "",
                Authority = idpIssuerUrl,
            };

            return new OidcClient(options);
        }

        private async Task RefreshToken()
        {
            try
            {
                var result =
                    await _oidcClient.RefreshTokenAsync(_refreshToken).ConfigureAwait(false);
                _accessToken = result.AccessToken;
                _idToken = result.IdentityToken;
                _refreshToken = result.RefreshToken;
                _expiry = result.AccessTokenExpiration;
            }
            catch (Exception e)
            {
                throw new KubernetesClientException($"Unable to refresh OIDC token. \n {e.Message}", e);
            }
        }
    }
}
OIDC support (#544) * add minimal oidc support * add OidcTokenProvider * add null check for accessToken * deal with missing client-secret in config * fix formatting, typos * remove commented line * trigger github actions to check for non-deterministic test behavior * Update src/KubernetesClient/Authentication/OidcTokenProvider.cs Co-authored-by: Boshi Lian <farmer1992@gmail.com> * Update src/KubernetesClient/Authentication/OidcTokenProvider.cs Co-authored-by: Boshi Lian <farmer1992@gmail.com> * cleanup * add CA1723 to exceptions * remove exception for CA1723, add CA1724 instead Co-authored-by: Boshi Lian <farmer1992@gmail.com> 2021-01-19 23:07:59 +01:00			`using System;`
			`using System.Net.Http.Headers;`
			`using System.Threading;`
			`using System.Threading.Tasks;`
			`using Microsoft.Rest;`
			`using IdentityModel.OidcClient;`
			`using k8s.Exceptions;`

			`namespace k8s.Authentication`
			`{`
			`public class OidcTokenProvider : ITokenProvider`
			`{`
			`private OidcClient _oidcClient;`
			`private string _idToken;`
			`private string _refreshToken;`
			`private string _accessToken;`
			`private DateTime _expiry;`

			`public OidcTokenProvider(string clientId, string clientSecret, string idpIssuerUrl, string idToken, string refreshToken)`
			`{`
			`_idToken = idToken;`
			`_refreshToken = refreshToken;`
			`_oidcClient = getClient(clientId, clientSecret, idpIssuerUrl);`
			`}`

			`public async Task<AuthenticationHeaderValue> GetAuthenticationHeaderAsync(CancellationToken cancellationToken)`
			`{`
remove always false (#561) * remove always false * remove unsupport format arg 2021-02-17 08:25:09 -08:00			`if (_accessToken == null \|\| DateTime.UtcNow.AddSeconds(30) > _expiry)`
OIDC support (#544) * add minimal oidc support * add OidcTokenProvider * add null check for accessToken * deal with missing client-secret in config * fix formatting, typos * remove commented line * trigger github actions to check for non-deterministic test behavior * Update src/KubernetesClient/Authentication/OidcTokenProvider.cs Co-authored-by: Boshi Lian <farmer1992@gmail.com> * Update src/KubernetesClient/Authentication/OidcTokenProvider.cs Co-authored-by: Boshi Lian <farmer1992@gmail.com> * cleanup * add CA1723 to exceptions * remove exception for CA1723, add CA1724 instead Co-authored-by: Boshi Lian <farmer1992@gmail.com> 2021-01-19 23:07:59 +01:00			`{`
			`await RefreshToken().ConfigureAwait(false);`
			`}`

			`return new AuthenticationHeaderValue("Bearer", _accessToken);`
			`}`

			`private OidcClient getClient(string clientId, string clientSecret, string idpIssuerUrl)`
			`{`
			`OidcClientOptions options = new OidcClientOptions`
			`{`
			`ClientId = clientId,`
			`ClientSecret = clientSecret ?? "",`
			`Authority = idpIssuerUrl,`
			`};`

			`return new OidcClient(options);`
			`}`

			`private async Task RefreshToken()`
			`{`
			`try`
			`{`
			`var result =`
			`await _oidcClient.RefreshTokenAsync(_refreshToken).ConfigureAwait(false);`
			`_accessToken = result.AccessToken;`
			`_idToken = result.IdentityToken;`
			`_refreshToken = result.RefreshToken;`
			`_expiry = result.AccessTokenExpiration;`
			`}`
			`catch (Exception e)`
			`{`
			`throw new KubernetesClientException($"Unable to refresh OIDC token. \n {e.Message}", e);`
			`}`
			`}`
			`}`
			`}`