Skip to content

Commit

Permalink
Merge pull request #611 from fuller-inc/dependabot/go_modules/provide…
Browse files Browse the repository at this point in the history 
…r/assume-role/github.com/shogo82148/goat-0.1.0

Bump github.com/shogo82148/goat from 0.0.6 to 0.1.0 in /provider/assume-role
  • Loading branch information
@shogo82148
shogo82148 authored Oct 11, 2023
2 parents 1131171 + 2f39f75 commit 9249264
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 29 deletions.
33 changes: 18 additions & 15 deletions provider/assume-role/github/parse_id_token.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ package github

import (
"context"
"errors"
"fmt"

"github.com/shogo82148/goat/jwa"
_ "github.com/shogo82148/goat/jwa/rs"
"github.com/shogo82148/goat/jws"
"github.com/shogo82148/goat/jwt"
Expand Down Expand Up @@ -41,23 +41,26 @@ func (c *Client) ParseIDToken(ctx context.Context, idToken string) (*ActionsIDTo
if err != nil {
return nil, fmt.Errorf("github: failed to get JWK Set: %w", err)
}
token, err := jwt.Parse([]byte(idToken), jwt.FindKeyFunc(func(header *jws.Header) (key sig.SigningKey, err error) {
jwk, ok := set.Find(header.KeyID())
if !ok {
return nil, fmt.Errorf("github: kid %s is not found", header.KeyID())
}
if jwk.Algorithm() != "" && header.Algorithm().KeyAlgorithm() != jwk.Algorithm() {
return nil, fmt.Errorf("github: alg parameter mismatch")
}
key = header.Algorithm().New().NewSigningKey(jwk)
return
}))
p := &jwt.Parser{
KeyFinder: jwt.FindKeyFunc(func(ctx context.Context, header *jws.Header) (key sig.SigningKey, err error) {
jwk, ok := set.Find(header.KeyID())
if !ok {
return nil, fmt.Errorf("github: kid %s is not found", header.KeyID())
}
if jwk.Algorithm() != "" && header.Algorithm().KeyAlgorithm() != jwk.Algorithm() {
return nil, fmt.Errorf("github: alg parameter mismatch")
}
key = header.Algorithm().New().NewSigningKey(jwk)
return
}),
AlgorithmVerifier: jwt.AllowedAlgorithms{jwa.RS256},
IssuerSubjectVerifier: jwt.Issuer(oidcIssuer),
AudienceVerifier: jwt.UnsecureAnyAudience,
}
token, err := p.Parse(ctx, []byte(idToken))
if err != nil {
return nil, fmt.Errorf("github: failed to parse id token: %w", err)
}
if token.Claims.Issuer != oidcIssuer {
return nil, errors.New("github: failed to parse id token: invalid issuer")
}

var claims ActionsIDToken
if err := token.Claims.DecodeCustom(&claims); err != nil {
Expand Down
8 changes: 4 additions & 4 deletions provider/assume-role/go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ require (
github.com/shogo82148/aws-xray-yasdk-go v1.7.1
github.com/shogo82148/aws-xray-yasdk-go/xrayaws-v2 v1.1.4
github.com/shogo82148/ctxlog v0.1.0
github.com/shogo82148/goat v0.0.6
github.com/shogo82148/goat v0.1.0
github.com/shogo82148/ridgenative v1.4.0
)

Expand All @@ -23,7 +23,7 @@ require (
github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.9.36 // indirect
github.com/aws/aws-sdk-go-v2/service/sso v1.15.1 // indirect
github.com/aws/aws-sdk-go-v2/service/ssooidc v1.17.2 // indirect
github.com/shogo82148/memoize v0.0.2 // indirect
golang.org/x/crypto v0.11.0 // indirect
golang.org/x/sys v0.10.0 // indirect
github.com/shogo82148/memoize v0.0.4 // indirect
golang.org/x/crypto v0.14.0 // indirect
golang.org/x/sys v0.13.0 // indirect
)
20 changes: 10 additions & 10 deletions provider/assume-role/go.sum
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,18 +40,18 @@ github.com/shogo82148/aws-xray-yasdk-go/xrayaws-v2 v1.1.4 h1:JxcMlEvjbHyyO7YqK6b
github.com/shogo82148/aws-xray-yasdk-go/xrayaws-v2 v1.1.4/go.mod h1:qqeqw2VKFajsyJVGhtM+GdQAcbfZeq1LpOeM2rnD6Oo=
github.com/shogo82148/ctxlog v0.1.0 h1:WN1kcHxnFFPrqMNKK+ZM8GKrjqAKQymWekjeq6EZ7ao=
github.com/shogo82148/ctxlog v0.1.0/go.mod h1:1vzyF5O3lITc5QGi4oYH12DwupLpZytmfxdN2vH1ZZ0=
github.com/shogo82148/goat v0.0.6 h1:QmNrB8HnXOt7BFaS8i890aBo4RRbiXVWcgSagd97S7Q=
github.com/shogo82148/goat v0.0.6/go.mod h1:J5sGtFsP9R1Mh6OLSbCec8pVmXy3oQGaYUj12qtKg94=
github.com/shogo82148/memoize v0.0.2 h1:KBHGjTpwuKPyCzpNlpNT79hKfmJaheHxpIuqdGzqdIE=
github.com/shogo82148/memoize v0.0.2/go.mod h1:sOsvhOlJGVR2nHgCzUchvbEeYB6jNvSP9o4SPHgb+bY=
github.com/shogo82148/pointer v1.2.0 h1:MEPjAx9hK17sdEVhaqHROphdy+RxTH70vaBypZzZ/d8=
github.com/shogo82148/pointer v1.2.0/go.mod h1:agZ5JFpavFPXznbWonIvbG78NDfvDTFppe+7o53up5w=
github.com/shogo82148/goat v0.1.0 h1:CD8v23E0rGSspMyKnS2FqiX+BJnEYs/mhgYDmo4i30k=
github.com/shogo82148/goat v0.1.0/go.mod h1:O2/1GBUA42rPuc0TM5WV3Kx/5/BXCHBRvSh/g9MlAus=
github.com/shogo82148/memoize v0.0.4 h1:3n08PzuwGLbVwawf2jM5kfNC4mV25EqaAIjKrNfqqAs=
github.com/shogo82148/memoize v0.0.4/go.mod h1:sOsvhOlJGVR2nHgCzUchvbEeYB6jNvSP9o4SPHgb+bY=
github.com/shogo82148/pointer v1.3.0 h1:LW5V2jUAjFNjS8e7k/PgFoh3EavOSB/vvN85aGue5+I=
github.com/shogo82148/pointer v1.3.0/go.mod h1:agZ5JFpavFPXznbWonIvbG78NDfvDTFppe+7o53up5w=
github.com/shogo82148/ridgenative v1.4.0 h1:yBsshqKQ86Y155CzgW3iC34DPwpcClceCJ8JQBd36UE=
github.com/shogo82148/ridgenative v1.4.0/go.mod h1:PInWLpQIV0RsZI3j81ZH87hQ2knhDiMGbeDuTli3QIE=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA=
golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio=
golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA=
golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=

0 comments on commit 9249264

Please sign in to comment.