cioidc

package
v0.46.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 22, 2026 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Package cioidc provides an http.RoundTripper that authenticates outbound requests on a per-host basis with a JWT obtained from a CI/CD platform's OIDC integration.

Each configured host gets its token one of two ways:

  • WithHostAudience mints an OIDC ID token for the given audience from the GitHub/Forgejo Actions token endpoint (see the actionsoidc package), caching it for the first 50% of its lifetime and reminting on demand.
  • WithHostToken sends a static JWT as-is, e.g. a GitLab CI id_token injected into the job environment.

Requests to hosts that were not configured are forwarded unchanged, so a request to a registry the JWT is not meant for keeps its existing authentication.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Option 

type Option func(*options)

Option configures a Transport.

func WithHostAudience 

func WithHostAudience(host, audience string) Option

WithHostAudience configures host to be authenticated with an OIDC ID token minted for the given audience from the GitHub/Forgejo Actions token endpoint, cached for the first 50% of its lifetime and reminted on demand.

func WithHostToken 

func WithHostToken(host, token string) Option

WithHostToken configures host to be authenticated with the given static JWT, sent as-is (e.g. a GitLab CI id_token).

func WithInner 

func WithInner(rt http.RoundTripper) Option

WithInner sets the underlying RoundTripper that requests are forwarded to. Defaults to http.DefaultTransport.

type Transport 

type Transport struct {
	// contains filtered or unexported fields
}

Transport is an http.RoundTripper that stamps Authorization: Bearer <jwt> on requests whose URL host was configured with WithHostToken or WithHostAudience. Any existing Authorization header on a configured host is overwritten; requests to other hosts pass through untouched.

func NewTransport 

func NewTransport(opts ...Option) (*Transport, error)

NewTransport returns a Transport configured by opts. At least one host must be configured. It returns an error if the same host is configured more than once, whether via WithHostToken, WithHostAudience, or a mix of the two.

func (*Transport) RoundTrip 

func (t *Transport) RoundTrip(req *http.Request) (*http.Response, error)

RoundTrip implements http.RoundTripper.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.