aws

package
v0.54.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 19, 2026 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package aws provides functionality to retrieve OIDC tokens from AWS STS GetWebIdentityToken API. It defines a token source that implements oauth2.TokenSource, allowing for easy integration with OAuth2 libraries and frameworks. The package also includes support for custom claims and configurable options for audience, signing algorithm, and AWS configuration.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewHTTPClient 

func NewHTTPClient(ctx context.Context, opts ...Opt) (*http.Client, error)

NewHTTPClient creates an HTTP client configured with GitHub Actions OIDC authentication. The opts parameter allows for configuring the token source, such as setting the audience, signing algorithm, or AWS configuration.

func NewTokenSource 

func NewTokenSource(opts ...Opt) oauth2.TokenSource

NewTokenSource creates a new token source configured with the provided options. It returns an oauth2.TokenSource that can be used to retrieve OIDC tokens from AWS.

Types

type Claims 

type Claims struct {
	jwtvalidator.RegisteredClaims
	CustomClaims
}

Claims represents the JWT claims returned by the AWS OIDC provider, including both standard registered claims and custom AWS-specific claims.

func (*Claims) Validate 

func (c *Claims) Validate(_ context.Context) error

Validate implements the jwtvalidator.Claims interface. It can be used to perform custom validation on the claims if needed.

type CustomClaims 

type CustomClaims struct {
	HttpsStsAmazonawsCom struct {
		Ec2InstanceSourceVpc         string    `json:"ec2_instance_source_vpc"`
		Ec2RoleDelivery              string    `json:"ec2_role_delivery"`
		OrgId                        string    `json:"org_id"`
		AwsAccount                   string    `json:"aws_account"`
		OuPath                       []string  `json:"ou_path"`
		OriginalSessionExp           time.Time `json:"original_session_exp"`
		SourceRegion                 string    `json:"source_region"`
		Ec2SourceInstanceArn         string    `json:"ec2_source_instance_arn"`
		PrincipalId                  string    `json:"principal_id"`
		Ec2InstanceSourcePrivateIpv4 string    `json:"ec2_instance_source_private_ipv4"`
	} `json:"https://sts.amazonaws.com/"`
}

CustomClaims represents the custom claims included in the JWT token returned by AWS STS GetWebIdentityToken API. These claims provide additional information about the AWS environment and the context of the token issuance.

type Opt 

type Opt func(*tokenSource)

Opt defines a functional option for configuring the token source. It allows for setting various parameters such as audience, signing algorithm, and AWS configuration when creating a new token source.

func WithAWSConfig 

func WithAWSConfig(cfg aws.Config) Opt

WithAWSConfig sets the AWS configuration for the token source

func WithAudience 

func WithAudience(aud string) Opt

WithAudience sets the audience for the OIDC token

func WithSigningAlgorithm 

func WithSigningAlgorithm(alg string) Opt

WithSigningAlgorithm sets the signing algorithm for the OIDC token

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.