kubernetes-client/haskell
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove dependency on jwt package

Browse Source 
As hoauth2 already depends on jose-jwt which offers similar features, jwt was
not required.
This commit is contained in:
Akshay Mankar
2019-08-11 14:43:09 +01:00
parent 7e2a0a69a2
commit c7a536146a
2 changed files with 18 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
kubernetes-client/package.yaml
View File

@@ -48,7 +48,7 @@ dependencies:
- hoauth2 - hoauth2
- http-client >=0.5 && <0.7 - http-client >=0.5 && <0.7
- http-client-tls >=0.3 - http-client-tls >=0.3
- jwt - jose-jwt
- kubernetes-client-core ==0.1.0.1 - kubernetes-client-core ==0.1.0.1
- microlens >=0.4 && <0.5 - microlens >=0.4 && <0.5
- mtl >=2.2 - mtl >=2.2

31
kubernetes-client/src/Kubernetes/Client/Auth/OIDC.hs
View File

@@ -23,8 +23,8 @@ import Network.HTTP.Client.TLS
import Network.OAuth.OAuth2 as OAuth import Network.OAuth.OAuth2 as OAuth
import Network.TLS as TLS import Network.TLS as TLS
import URI.ByteString import URI.ByteString
import Web.JWT as JWT
import Web.OIDC.Client.Discovery as OIDC import Web.OIDC.Client.Discovery as OIDC
import Jose.Jwt
import qualified Data.ByteString as BS import qualified Data.ByteString as BS
import qualified Data.ByteString.Base64 as B64 import qualified Data.ByteString.Base64 as B64
@@ -66,20 +66,23 @@ instance Exception OIDCAuthParsingException
getToken :: OIDCAuth -> IO Text getToken :: OIDCAuth -> IO Text
getToken o@(OIDCAuth{..}) = do getToken o@(OIDCAuth{..}) = do
now <- getPOSIXTime now <- getPOSIXTime
mgr <- newManager tlsManagerSettings maybeIdToken <- readTVarIO idTokenTVar
idToken <- readTVarIO idTokenTVar case maybeIdToken of
let maybeExp = idToken Nothing -> fetchToken o
& (>>= decode) Just idToken -> do
& (fmap claims) let maybeExp = decodeClaims (Text.encodeUtf8 idToken)
& (>>= JWT.exp) & rightToMaybe
& (fmap secondsSinceEpoch) & fmap snd
isValidToken = fromMaybe False (fmap (now <) maybeExp) & (>>= jwtExp)
if not isValidToken case maybeExp of
then fetchToken mgr o Nothing -> fetchToken o
else maybe (throwM $ OIDCGetTokenException "impossible") pure idToken Just (IntDate expiryDate) -> if now < expiryDate
then pure idToken
else fetchToken o
fetchToken :: Manager -> OIDCAuth -> IO Text fetchToken :: OIDCAuth -> IO Text
fetchToken mgr o@(OIDCAuth{..}) = do fetchToken o@(OIDCAuth{..}) = do
mgr <- newManager tlsManagerSettings
maybeToken <- readTVarIO refreshTokenTVar maybeToken <- readTVarIO refreshTokenTVar
case maybeToken of case maybeToken of
Nothing -> throwM $ OIDCGetTokenException "cannot refresh id-token without a refresh token" Nothing -> throwM $ OIDCGetTokenException "cannot refresh id-token without a refresh token"