tking/guildhouse-spire-plugins
SHA256
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
guildhouse-spire-plugins/cmd/oidc-attestor/plugin.go

18 lines
679 B
Go
Raw Blame History

package main
// OIDCAttestor implements the SPIRE WorkloadAttestor plugin interface.
//
// When SPIRE Agent needs to attest a workload, it calls Attest() with the
// workload's process ID. This plugin reads the workload's OIDC token and
// returns selectors based on the verified claims.
//
// Selectors produced:
// - oidc:sub:<subject> — OIDC subject claim
// - oidc:iss:<issuer> — OIDC issuer
// - oidc:email:<email> — OIDC email claim (if present)
// - oidc:group:<group> — One per OIDC group claim (if present)
type OIDCAttestor struct {
// TODO: add fields
// - oidc.Verifier for token validation
// - config for token discovery path
}
Reference in a new issue View git blame Copy permalink