Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for additional claims in the JWT tokens, needed for Google's Identity-Aware Proxy #570

Closed
wants to merge 4 commits into from
Closed

Support for additional claims in the JWT tokens, needed for Google's Identity-Aware Proxy #570

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bdeeb0a
Added: Support for additional claims in the JWT tokens, needed for Go…
kalugny Feb 7, 2019
51667dc
Remove .github directory (prevents from pushing)
renozao Mar 24, 2021
69d744d
Merge tag 'v1.4.6'
renozao Jun 13, 2023
c9c2a33
Merge tag 'v1.4.7'
renozao Sep 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion .github/.gitignore
View file
Open in desktop

This file was deleted.

25 changes: 0 additions & 25 deletions .github/CODE_OF_CONDUCT.md
View file
Open in desktop

This file was deleted.

47 changes: 0 additions & 47 deletions .github/CONTRIBUTING.md
View file
Open in desktop

This file was deleted.

14 changes: 0 additions & 14 deletions .github/ISSUE_TEMPLATE/issue_template.md
View file
Open in desktop

This file was deleted.

35 changes: 0 additions & 35 deletions .github/SUPPORT.md
View file
Open in desktop

This file was deleted.

12 changes: 8 additions & 4 deletions R/oauth-server-side.R
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,11 @@

init_oauth_service_account <- function(secrets, scope = NULL, sub = NULL) {
init_oauth_service_account <- function(secrets, scope = NULL, sub = NULL, ...) {
signature <- jwt_signature(
secrets,
aud = secrets$token_uri,
scope = scope,
sub = sub
sub = sub,
...
)

res <- POST(
Expand Down Expand Up @@ -40,6 +41,7 @@ init_oauth_service_account <- function(secrets, scope = NULL, sub = NULL) {
#' 00:00:00 UTC, January 1, 1970. This value has a maximum of 1 hour from
#' the issued time.
#' @param duration Duration of token, in seconds.
#' @param ... any additional claims for the token.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
#' @param ... any additional claims for the token.
#' @param ... Any additional claims for the token.

#' @keywords internal
#' @examples
#' \dontrun{
Expand All @@ -52,14 +54,16 @@ jwt_signature <- function(credentials,
sub = NULL,
iat = as.integer(Sys.time()),
exp = iat + duration,
duration = 60L * 60L) {
duration = 60L * 60L,
...) {
cs <- compact(list(
iss = credentials$client_email,
scope = scope,
aud = aud,
sub = sub,
iat = iat,
exp = exp
exp = exp,
...
))

jwt_sign(cs, credentials$private_key)
Expand Down
13 changes: 5 additions & 8 deletions R/oauth-token.r
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -301,6 +301,7 @@ Token2.0 <- R6::R6Class("Token2.0", inherit = Token, list(
#' @inheritParams oauth2.0_token
#' @inheritParams jwt_signature
#' @param secrets Secrets loaded from JSON file, downloaded from console.
#' @param ... any additional claims for the token
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you can remove this line since we're already inheriting docs from jwt_signature?

#' @family OAuth
#' @export
#' @examples
Expand All @@ -311,7 +312,7 @@ Token2.0 <- R6::R6Class("Token2.0", inherit = Token, list(
#'
#' token <- oauth_service_token(endpoint, secrets, scope)
#' }
oauth_service_token <- function(endpoint, secrets, scope = NULL, sub = NULL) {
oauth_service_token <- function(endpoint, secrets, scope = NULL, sub = NULL, ...) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using ... here seems a bit broad. I'd think it should be claims or similar?

if (!is.oauth_endpoint(endpoint)) {
stop("`endpoint` must be an OAuth endpoint", call. = FALSE)
}
Expand All @@ -324,7 +325,7 @@ oauth_service_token <- function(endpoint, secrets, scope = NULL, sub = NULL) {
TokenServiceAccount$new(
endpoint = endpoint,
secrets = secrets,
params = list(scope = scope, sub = sub)
params = list(scope = scope, sub = sub, ...)
)
}

Expand All @@ -343,16 +344,12 @@ TokenServiceAccount <- R6::R6Class("TokenServiceAccount", inherit = Token2.0, li
TRUE
},
refresh = function() {
self$credentials <- init_oauth_service_account(
self$secrets,
scope = self$params$scope,
sub = self$params$sub
)
self$credentials <- do.call(init_oauth_service_account, c(list(secrets = self$secrets), self$params))
self
},
sign = function(method, url) {
config <- add_headers(
Authorization = paste("Bearer", self$credentials$access_token)
Authorization = paste("Bearer", self$credentials$access_token %||% self$credentials$id_token)
)
request_build(method = method, url = url, config)
},
Expand Down
6 changes: 5 additions & 1 deletion man/jwt_signature.Rd
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 3 additions & 1 deletion man/oauth_service_token.Rd
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.