aws

package

v0.1.0 Latest Latest Go to latest Published: Mar 1, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/dioad/auth

Links

Open Source Insights

Documentation ¶

Overview ¶

Package aws provides functionality to retrieve OIDC tokens from AWS STS GetWebIdentityToken API. It defines a token source that implements oauth2.TokenSource, allowing for easy integration with OAuth2 libraries and frameworks. The package also includes support for custom claims and configurable options for audience, signing algorithm, and AWS configuration.

Index ¶

func NewHTTPClient(ctx context.Context, opts ...Opt) (*http.Client, error)
func NewTokenSource(opts ...Opt) oauth2.TokenSource
type Claims
- func (c *Claims) Validate(_ context.Context) error
type CustomClaims
type Opt

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func NewHTTPClient ¶

func NewHTTPClient(ctx context.Context, opts ...Opt) (*http.Client, error)

NewHTTPClient creates an HTTP client configured with GitHub Actions OIDC authentication. The opts parameter allows for configuring the token source, such as setting the audience, signing algorithm, or AWS configuration.

func NewTokenSource ¶

func NewTokenSource(opts ...Opt) oauth2.TokenSource

NewTokenSource creates a new token source configured with the provided options. It returns an oauth2.TokenSource that can be used to retrieve OIDC tokens from AWS.

Types ¶

type Claims ¶

type Claims struct {
	jwtvalidator.RegisteredClaims
	CustomClaims
}

Claims represents the JWT claims returned by the AWS OIDC provider, including both standard registered claims and custom AWS-specific claims.

func (*Claims) Validate ¶

func (c *Claims) Validate(_ context.Context) error

Validate implements the jwtvalidator.Claims interface. It can be used to perform custom validation on the claims if needed.

type CustomClaims ¶

type CustomClaims struct {
	HttpsStsAmazonawsCom struct {
		Ec2InstanceSourceVpc         string    `json:"ec2_instance_source_vpc"`
		Ec2RoleDelivery              string    `json:"ec2_role_delivery"`
		OrgId                        string    `json:"org_id"`
		AwsAccount                   string    `json:"aws_account"`
		OuPath                       []string  `json:"ou_path"`
		OriginalSessionExp           time.Time `json:"original_session_exp"`
		SourceRegion                 string    `json:"source_region"`
		Ec2SourceInstanceArn         string    `json:"ec2_source_instance_arn"`
		PrincipalId                  string    `json:"principal_id"`
		Ec2InstanceSourcePrivateIpv4 string    `json:"ec2_instance_source_private_ipv4"`
	} `json:"https://sts.amazonaws.com/"`
}

CustomClaims represents the custom claims included in the JWT token returned by AWS STS GetWebIdentityToken API. These claims provide additional information about the AWS environment and the context of the token issuance.

type Opt ¶

type Opt func(*tokenSource)

Opt defines a functional option for configuring the token source. It allows for setting various parameters such as audience, signing algorithm, and AWS configuration when creating a new token source.

func WithAWSConfig ¶

func WithAWSConfig(cfg aws.Config) Opt

WithAWSConfig sets the AWS configuration for the token source

func WithAudience ¶

func WithAudience(aud string) Opt

WithAudience sets the audience for the OIDC token

func WithSTSClient ¶

func WithSTSClient(client stsClient) Opt

WithSTSClient sets a custom STS client for the token source.

func WithSigningAlgorithm ¶

func WithSigningAlgorithm(alg string) Opt

WithSigningAlgorithm sets the signing algorithm for the OIDC token

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL