Documentation
¶
Index ¶
Constants ¶
View Source
const ( DefaultTokenCacheTTL = 5 * time.Minute DefaultClockSkew = 1 * time.Minute DefaultExpectedAudience = "https://management.azure.com" AzureADScope = "https://management.azure.com/.default" )
Default OAuth configuration values
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuthResult ¶
type AuthResult struct {
// Whether authentication was successful
Authenticated bool `json:"authenticated"`
// Token information (if authenticated)
TokenInfo *TokenInfo `json:"token_info,omitempty"`
// Error message (if authentication failed)
Error string `json:"error,omitempty"`
// HTTP status code to return
StatusCode int `json:"status_code"`
}
AuthResult represents the result of authentication
type OAuthConfig ¶
type OAuthConfig struct {
// Enable OAuth authentication
Enabled bool `json:"enabled"`
// Azure AD tenant ID
TenantID string `json:"tenant_id"`
// Azure AD application (client) ID
ClientID string `json:"client_id"`
// Required OAuth scopes for accessing AKS-MCP
RequiredScopes []string `json:"required_scopes"`
// Allowed redirect URIs for OAuth callback
RedirectURIs []string `json:"redirect_uris"`
// Allowed CORS origins for OAuth endpoints (for security, wildcard "*" should be avoided)
AllowedOrigins []string `json:"allowed_origins"`
// Token validation settings
TokenValidation TokenValidationConfig `json:"token_validation"`
}
OAuthConfig represents OAuth configuration for AKS-MCP
func NewDefaultOAuthConfig ¶
func NewDefaultOAuthConfig() *OAuthConfig
NewDefaultOAuthConfig creates a default OAuth configuration
func (*OAuthConfig) Validate ¶
func (cfg *OAuthConfig) Validate() error
Validate validates the OAuth configuration
type TokenInfo ¶
type TokenInfo struct {
// Access token
AccessToken string `json:"access_token"`
// Token type (usually "Bearer")
TokenType string `json:"token_type"`
// Token expiration time
ExpiresAt time.Time `json:"expires_at"`
// Token scope
Scope []string `json:"scope"`
// Subject (user ID)
Subject string `json:"subject"`
// Audience
Audience []string `json:"audience"`
// Issuer
Issuer string `json:"issuer"`
// Additional claims
Claims map[string]interface{} `json:"claims"`
}
TokenInfo represents validated token information
type TokenValidationConfig ¶
type TokenValidationConfig struct {
// SECURITY CRITICAL: Enable JWT token validation
// Setting this to false creates a security vulnerability - for development/testing ONLY
// MUST be true in production environments
ValidateJWT bool `json:"validate_jwt"`
// Enable audience validation
ValidateAudience bool `json:"validate_audience"`
// Expected audience for tokens
ExpectedAudience string `json:"expected_audience"`
// Token cache TTL
CacheTTL time.Duration `json:"cache_ttl"`
// Clock skew tolerance for token validation
ClockSkew time.Duration `json:"clock_skew"`
}
TokenValidationConfig represents token validation configuration
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.