feat(sdk): normalize token exchange #546

mkleene · 2024-04-09T19:03:00Z

move the keycloak provisioning code into a central location so it can be used in commands and sdk tests
move the code that did token exchange into oauth
add a functional option to specify token exchange parameters
use pointers for client credentials option in config so it's obvious when they have been specified
don't get rid of authConfig yet since this pull is already too big

…ormalize-token-exchange

Dockerfile

sdk/options.go

dmihalcik-virtru

Do you have a guide for how to test this?

sdk/idp_token_exchange_token_source.go

mkleene · 2024-04-17T15:41:32Z

Do you have a guide for how to test this?

It has an integration test against keycloak atm which I think is a decent-ish doc. I can add some instructions or something in examples if you think that makes sense.

🤖 I have created a release *beep* *boop* --- ## [0.1.0](lib/fixtures-v0.1.0...lib/fixtures/v0.1.0) (2024-04-22) ### Features * **sdk:** normalize token exchange ([#546](#546)) ([9059dff](9059dff)) ### Bug Fixes * **service:** go.mod version fix sync ([#604](#604)) ([6323efd](6323efd)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.0](sdk-v0.1.0...sdk/v0.1.0) (2024-04-22) ### Features * add structured schema policy config ([#51](#51)) ([8a6b876](8a6b876)) * **auth:** add authorization via casbin ([#417](#417)) ([292f2bd](292f2bd)) * in-process service to service communication ([#311](#311)) ([ec5eb76](ec5eb76)) * **kas:** support HSM and standard crypto ([#497](#497)) ([f0cbe03](f0cbe03)) * key access server assignments ([#111](#111)) ([a48d686](a48d686)), closes [#117](#117) * key access server registry impl ([#66](#66)) ([cf6b3c6](cf6b3c6)) * **namespaces CRUD:** protos, generated SDK, db interactivity for namespaces table ([#54](#54)) ([b3f32b1](b3f32b1)) * **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf ([#586](#586)) ([5e2cba0](5e2cba0)) * **policy:** add FQN pivot table ([#208](#208)) ([abb734c](abb734c)) * **policy:** add soft-delete/deactivation to namespaces, attribute definitions, attribute values [#96](#96) [#108](#108) ([#191](#191)) ([02e92a6](02e92a6)) * **resourcemapping:** resource mapping implementation ([#83](#83)) ([c144db1](c144db1)) * **sdk:** BACK-1966 get auth wired up to SDK using `Options` ([#271](#271)) ([f1bacab](f1bacab)) * **sdk:** BACK-1966 implement fetching a DPoP token ([#45](#45)) ([dbd3cf9](dbd3cf9)) * **sdk:** BACK-1966 make the unwrapper retrieve public keys as well ([#260](#260)) ([7d051a1](7d051a1)) * **sdk:** BACK-1966 pull rewrap into auth config ([#252](#252)) ([84017aa](84017aa)) * **sdk:** Include auth token in grpc ([#367](#367)) ([75cb5cd](75cb5cd)) * **sdk:** normalize token exchange ([#546](#546)) ([9059dff](9059dff)) * **sdk:** Pass dpop key through to `rewrap` ([#435](#435)) ([2d283de](2d283de)) * **sdk:** read `expires_in` from token response and use it to refresh access tokens ([#445](#445)) ([8ecbe79](8ecbe79)) * **sdk:** sdk stub ([#10](#10)) ([8dfca6a](8dfca6a)) * **sdk:** take a function so that callers can use this the way that they want ([#340](#340)) ([72059cb](72059cb)) * **subject-mappings:** refactor to meet db schema ([#59](#59)) ([59a073b](59a073b)) * **tdf:** implement tdf3 encrypt and decrypt ([#73](#73)) ([9d0e0a0](9d0e0a0)) * **tdf:** sdk interface changes ([#123](#123)) ([2aa2422](2aa2422)) * **tdf:** sdk interface cleanup ([#201](#201)) ([6f7d815](6f7d815)) * **tdf:** TDFOption varargs interface ([#235](#235)) ([b3fb720](b3fb720)) ### Bug Fixes * **archive:** remove 10gb zip file test ([#373](#373)) ([6548f55](6548f55)) * attribute missing rpc method for listing attribute values ([#69](#69)) ([1b3a831](1b3a831)) * **attribute value:** fixes attribute value crud ([#86](#86)) ([568df9c](568df9c)) * **issue 90:** remove duplicate attribute_id from attribute value create/update, and consumes schema setup changes in namespaces that were introduced for integration testing ([#100](#100)) ([e0f6d07](e0f6d07)) * **issue-124:** SDK kas registry import name mismatch ([#125](#125)) ([112638b](112638b)), closes [#124](#124) * **proto/acre:** fix resource encoding service typo ([#30](#30)) ([fe709d2](fe709d2)) * remove padding when b64 encoding ([#437](#437)) ([d40e94a](d40e94a)) * SDK Quickstart ([#628](#628)) ([f27ab98](f27ab98)) * **sdk:** change unwrapper creation ([#346](#346)) ([9206435](9206435)) * **sdk:** double bearer token in auth config ([#350](#350)) ([1bf4699](1bf4699)) * **sdk:** fixes Manifests JSONs with OIDC ([#140](#140)) ([a4b6937](a4b6937)) * **sdk:** handle err ([#548](#548)) ([ebabb6c](ebabb6c)) * **sdk:** make KasInfo fields public ([#320](#320)) ([9a70498](9a70498)) * **sdk:** shutdown conn ([#352](#352)) ([3def038](3def038)) * **sdk:** temporarily move unwrapper creation into options func. ([#309](#309)) ([b34c2fe](b34c2fe)) * **sdk:** use the dialoptions even with no client credentials ([#400](#400)) ([a7f1908](a7f1908)) * **security:** add a new encryption keypair different from dpop keypair ([#461](#461)) ([7deb51e](7deb51e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.0](service-v0.1.0...service/v0.1.0) (2024-04-22) ### ⚠ BREAKING CHANGES * Singular platform/service ([#511](#511)) ### Features * ability to add public routes that bypass authn middleware ([#601](#601)) ([7c65308](7c65308)) * ability to set config key or config file from root cmd ([#502](#502)) ([56a0131](56a0131)) * allow --insecure in provision keycloak cmd ([#629](#629)) ([a672325](a672325)) * **kas:** support HSM and standard crypto ([#497](#497)) ([f0cbe03](f0cbe03)) * **opa:** Adding jq OPA builtin for selection ([#527](#527)) ([d4ab17a](d4ab17a)) * **policy:** add `created_at` and `updated_at` timestamps to metadata ([#538](#538)) ([e812563](e812563)) * **policy:** update fixtures, proto comments, and proto field names to reflect use of jq selector syntax within Conditions of Subject Sets ([#523](#523)) ([16f40f7](16f40f7)) * **sdk:** don't require `client_id` in the auth token ([#544](#544)) ([a1e70f9](a1e70f9)) * **sdk:** normalize token exchange ([#546](#546)) ([9059dff](9059dff)) ### Bug Fixes * **authorization:** Hierarchy working in GetDecisions ([#519](#519)) ([2856485](2856485)) * **core:** allow org-admin casbin role to call KAS rewrap endpoint ([#579](#579)) ([a64c62a](a64c62a)) * **core:** fix panic on nil pointer dereference by passing KAS the SDK instance on registration ([#574](#574)) ([327bfca](327bfca)) * **core:** fixes fixtures provisioning after filepath change with repo restructuring ([#521](#521)) ([f128e9f](f128e9f)) * load extraprops for a service config with remainder values ([#524](#524)) ([d3d72dc](d3d72dc)) * **PLAT-3069:** opentdf/platform, gRPC: Namespace with existed attribute(s) can be deactivated w/o any prompts ([#489](#489)) ([e5a3324](e5a3324)) * **policy:** remove hardcoded schema in goose migration 20240405000000 ([#596](#596)) ([36c3b16](36c3b16)) * **policy:** return `created_at` and `updated_at` timestamps in CREATE metadata ([#557](#557)) ([fcaaeea](fcaaeea)) * resolves issues auth policy configuration ([#498](#498)) ([08e67cf](08e67cf)) * **service:** go.mod version fix sync ([#604](#604)) ([6323efd](6323efd)) * url encode db password field to handle special characters ([#624](#624)) ([5069f9d](5069f9d)) ### Code Refactoring * Singular platform/service ([#511](#511)) ([40c8b97](40c8b97)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.0](opentdf/platform@lib/fixtures-v0.1.0...lib/fixtures/v0.1.0) (2024-04-22) ### Features * **sdk:** normalize token exchange ([#546](opentdf/platform#546)) ([9059dff](opentdf/platform@9059dff)) ### Bug Fixes * **service:** go.mod version fix sync ([#604](opentdf/platform#604)) ([6323efd](opentdf/platform@6323efd)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.0](opentdf/platform@sdk-v0.1.0...sdk/v0.1.0) (2024-04-22) ### Features * add structured schema policy config ([#51](opentdf/platform#51)) ([8a6b876](opentdf/platform@8a6b876)) * **auth:** add authorization via casbin ([#417](opentdf/platform#417)) ([292f2bd](opentdf/platform@292f2bd)) * in-process service to service communication ([#311](opentdf/platform#311)) ([ec5eb76](opentdf/platform@ec5eb76)) * **kas:** support HSM and standard crypto ([#497](opentdf/platform#497)) ([f0cbe03](opentdf/platform@f0cbe03)) * key access server assignments ([#111](opentdf/platform#111)) ([a48d686](opentdf/platform@a48d686)), closes [#117](opentdf/platform#117) * key access server registry impl ([#66](opentdf/platform#66)) ([cf6b3c6](opentdf/platform@cf6b3c6)) * **namespaces CRUD:** protos, generated SDK, db interactivity for namespaces table ([#54](opentdf/platform#54)) ([b3f32b1](opentdf/platform@b3f32b1)) * **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf ([#586](opentdf/platform#586)) ([5e2cba0](opentdf/platform@5e2cba0)) * **policy:** add FQN pivot table ([#208](opentdf/platform#208)) ([abb734c](opentdf/platform@abb734c)) * **policy:** add soft-delete/deactivation to namespaces, attribute definitions, attribute values [#96](opentdf/platform#96) [#108](opentdf/platform#108) ([#191](opentdf/platform#191)) ([02e92a6](opentdf/platform@02e92a6)) * **resourcemapping:** resource mapping implementation ([#83](opentdf/platform#83)) ([c144db1](opentdf/platform@c144db1)) * **sdk:** BACK-1966 get auth wired up to SDK using `Options` ([#271](opentdf/platform#271)) ([f1bacab](opentdf/platform@f1bacab)) * **sdk:** BACK-1966 implement fetching a DPoP token ([#45](opentdf/platform#45)) ([dbd3cf9](opentdf/platform@dbd3cf9)) * **sdk:** BACK-1966 make the unwrapper retrieve public keys as well ([#260](opentdf/platform#260)) ([7d051a1](opentdf/platform@7d051a1)) * **sdk:** BACK-1966 pull rewrap into auth config ([#252](opentdf/platform#252)) ([84017aa](opentdf/platform@84017aa)) * **sdk:** Include auth token in grpc ([#367](opentdf/platform#367)) ([75cb5cd](opentdf/platform@75cb5cd)) * **sdk:** normalize token exchange ([#546](opentdf/platform#546)) ([9059dff](opentdf/platform@9059dff)) * **sdk:** Pass dpop key through to `rewrap` ([#435](opentdf/platform#435)) ([2d283de](opentdf/platform@2d283de)) * **sdk:** read `expires_in` from token response and use it to refresh access tokens ([#445](opentdf/platform#445)) ([8ecbe79](opentdf/platform@8ecbe79)) * **sdk:** sdk stub ([#10](opentdf/platform#10)) ([8dfca6a](opentdf/platform@8dfca6a)) * **sdk:** take a function so that callers can use this the way that they want ([#340](opentdf/platform#340)) ([72059cb](opentdf/platform@72059cb)) * **subject-mappings:** refactor to meet db schema ([#59](opentdf/platform#59)) ([59a073b](opentdf/platform@59a073b)) * **tdf:** implement tdf3 encrypt and decrypt ([#73](opentdf/platform#73)) ([9d0e0a0](opentdf/platform@9d0e0a0)) * **tdf:** sdk interface changes ([#123](opentdf/platform#123)) ([2aa2422](opentdf/platform@2aa2422)) * **tdf:** sdk interface cleanup ([#201](opentdf/platform#201)) ([6f7d815](opentdf/platform@6f7d815)) * **tdf:** TDFOption varargs interface ([#235](opentdf/platform#235)) ([b3fb720](opentdf/platform@b3fb720)) ### Bug Fixes * **archive:** remove 10gb zip file test ([#373](opentdf/platform#373)) ([6548f55](opentdf/platform@6548f55)) * attribute missing rpc method for listing attribute values ([#69](opentdf/platform#69)) ([1b3a831](opentdf/platform@1b3a831)) * **attribute value:** fixes attribute value crud ([#86](opentdf/platform#86)) ([568df9c](opentdf/platform@568df9c)) * **issue 90:** remove duplicate attribute_id from attribute value create/update, and consumes schema setup changes in namespaces that were introduced for integration testing ([#100](opentdf/platform#100)) ([e0f6d07](opentdf/platform@e0f6d07)) * **issue-124:** SDK kas registry import name mismatch ([#125](opentdf/platform#125)) ([112638b](opentdf/platform@112638b)), closes [#124](opentdf/platform#124) * **proto/acre:** fix resource encoding service typo ([#30](opentdf/platform#30)) ([fe709d2](opentdf/platform@fe709d2)) * remove padding when b64 encoding ([#437](opentdf/platform#437)) ([d40e94a](opentdf/platform@d40e94a)) * SDK Quickstart ([#628](opentdf/platform#628)) ([f27ab98](opentdf/platform@f27ab98)) * **sdk:** change unwrapper creation ([#346](opentdf/platform#346)) ([9206435](opentdf/platform@9206435)) * **sdk:** double bearer token in auth config ([#350](opentdf/platform#350)) ([1bf4699](opentdf/platform@1bf4699)) * **sdk:** fixes Manifests JSONs with OIDC ([#140](opentdf/platform#140)) ([a4b6937](opentdf/platform@a4b6937)) * **sdk:** handle err ([#548](opentdf/platform#548)) ([ebabb6c](opentdf/platform@ebabb6c)) * **sdk:** make KasInfo fields public ([#320](opentdf/platform#320)) ([9a70498](opentdf/platform@9a70498)) * **sdk:** shutdown conn ([#352](opentdf/platform#352)) ([3def038](opentdf/platform@3def038)) * **sdk:** temporarily move unwrapper creation into options func. ([#309](opentdf/platform#309)) ([b34c2fe](opentdf/platform@b34c2fe)) * **sdk:** use the dialoptions even with no client credentials ([#400](opentdf/platform#400)) ([a7f1908](opentdf/platform@a7f1908)) * **security:** add a new encryption keypair different from dpop keypair ([#461](opentdf/platform#461)) ([7deb51e](opentdf/platform@7deb51e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.0](opentdf/platform@service-v0.1.0...service/v0.1.0) (2024-04-22) ### ⚠ BREAKING CHANGES * Singular platform/service ([#511](opentdf/platform#511)) ### Features * ability to add public routes that bypass authn middleware ([#601](opentdf/platform#601)) ([7c65308](opentdf/platform@7c65308)) * ability to set config key or config file from root cmd ([#502](opentdf/platform#502)) ([56a0131](opentdf/platform@56a0131)) * allow --insecure in provision keycloak cmd ([#629](opentdf/platform#629)) ([a672325](opentdf/platform@a672325)) * **kas:** support HSM and standard crypto ([#497](opentdf/platform#497)) ([f0cbe03](opentdf/platform@f0cbe03)) * **opa:** Adding jq OPA builtin for selection ([#527](opentdf/platform#527)) ([d4ab17a](opentdf/platform@d4ab17a)) * **policy:** add `created_at` and `updated_at` timestamps to metadata ([#538](opentdf/platform#538)) ([e812563](opentdf/platform@e812563)) * **policy:** update fixtures, proto comments, and proto field names to reflect use of jq selector syntax within Conditions of Subject Sets ([#523](opentdf/platform#523)) ([16f40f7](opentdf/platform@16f40f7)) * **sdk:** don't require `client_id` in the auth token ([#544](opentdf/platform#544)) ([a1e70f9](opentdf/platform@a1e70f9)) * **sdk:** normalize token exchange ([#546](opentdf/platform#546)) ([9059dff](opentdf/platform@9059dff)) ### Bug Fixes * **authorization:** Hierarchy working in GetDecisions ([#519](opentdf/platform#519)) ([2856485](opentdf/platform@2856485)) * **core:** allow org-admin casbin role to call KAS rewrap endpoint ([#579](opentdf/platform#579)) ([a64c62a](opentdf/platform@a64c62a)) * **core:** fix panic on nil pointer dereference by passing KAS the SDK instance on registration ([#574](opentdf/platform#574)) ([327bfca](opentdf/platform@327bfca)) * **core:** fixes fixtures provisioning after filepath change with repo restructuring ([#521](opentdf/platform#521)) ([f128e9f](opentdf/platform@f128e9f)) * load extraprops for a service config with remainder values ([#524](opentdf/platform#524)) ([d3d72dc](opentdf/platform@d3d72dc)) * **PLAT-3069:** opentdf/platform, gRPC: Namespace with existed attribute(s) can be deactivated w/o any prompts ([#489](opentdf/platform#489)) ([e5a3324](opentdf/platform@e5a3324)) * **policy:** remove hardcoded schema in goose migration 20240405000000 ([#596](opentdf/platform#596)) ([36c3b16](opentdf/platform@36c3b16)) * **policy:** return `created_at` and `updated_at` timestamps in CREATE metadata ([#557](opentdf/platform#557)) ([fcaaeea](opentdf/platform@fcaaeea)) * resolves issues auth policy configuration ([#498](opentdf/platform#498)) ([08e67cf](opentdf/platform@08e67cf)) * **service:** go.mod version fix sync ([#604](opentdf/platform#604)) ([6323efd](opentdf/platform@6323efd)) * url encode db password field to handle special characters ([#624](opentdf/platform#624)) ([5069f9d](opentdf/platform@5069f9d)) ### Code Refactoring * Singular platform/service ([#511](opentdf/platform#511)) ([40c8b97](opentdf/platform@40c8b97)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.0](opentdf/platform@lib/fixtures-v0.1.0...lib/fixtures/v0.1.0) (2024-04-22) ### Features * **sdk:** normalize token exchange ([#546](opentdf/platform#546)) ([9059dff](opentdf/platform@9059dff)) ### Bug Fixes * **service:** go.mod version fix sync ([#604](opentdf/platform#604)) ([6323efd](opentdf/platform@6323efd)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.0](opentdf/platform@sdk-v0.1.0...sdk/v0.1.0) (2024-04-22) ### Features * add structured schema policy config ([#51](opentdf/platform#51)) ([8a6b876](opentdf/platform@8a6b876)) * **auth:** add authorization via casbin ([#417](opentdf/platform#417)) ([292f2bd](opentdf/platform@292f2bd)) * in-process service to service communication ([#311](opentdf/platform#311)) ([ec5eb76](opentdf/platform@ec5eb76)) * **kas:** support HSM and standard crypto ([#497](opentdf/platform#497)) ([f0cbe03](opentdf/platform@f0cbe03)) * key access server assignments ([#111](opentdf/platform#111)) ([a48d686](opentdf/platform@a48d686)), closes [#117](opentdf/platform#117) * key access server registry impl ([#66](opentdf/platform#66)) ([cf6b3c6](opentdf/platform@cf6b3c6)) * **namespaces CRUD:** protos, generated SDK, db interactivity for namespaces table ([#54](opentdf/platform#54)) ([b3f32b1](opentdf/platform@b3f32b1)) * **PLAT-3112:** Initial consumption of ec_key_pair functions by nanotdf ([#586](opentdf/platform#586)) ([5e2cba0](opentdf/platform@5e2cba0)) * **policy:** add FQN pivot table ([#208](opentdf/platform#208)) ([abb734c](opentdf/platform@abb734c)) * **policy:** add soft-delete/deactivation to namespaces, attribute definitions, attribute values [#96](opentdf/platform#96) [#108](opentdf/platform#108) ([#191](opentdf/platform#191)) ([02e92a6](opentdf/platform@02e92a6)) * **resourcemapping:** resource mapping implementation ([#83](opentdf/platform#83)) ([c144db1](opentdf/platform@c144db1)) * **sdk:** BACK-1966 get auth wired up to SDK using `Options` ([#271](opentdf/platform#271)) ([f1bacab](opentdf/platform@f1bacab)) * **sdk:** BACK-1966 implement fetching a DPoP token ([#45](opentdf/platform#45)) ([dbd3cf9](opentdf/platform@dbd3cf9)) * **sdk:** BACK-1966 make the unwrapper retrieve public keys as well ([#260](opentdf/platform#260)) ([7d051a1](opentdf/platform@7d051a1)) * **sdk:** BACK-1966 pull rewrap into auth config ([#252](opentdf/platform#252)) ([84017aa](opentdf/platform@84017aa)) * **sdk:** Include auth token in grpc ([#367](opentdf/platform#367)) ([75cb5cd](opentdf/platform@75cb5cd)) * **sdk:** normalize token exchange ([#546](opentdf/platform#546)) ([9059dff](opentdf/platform@9059dff)) * **sdk:** Pass dpop key through to `rewrap` ([#435](opentdf/platform#435)) ([2d283de](opentdf/platform@2d283de)) * **sdk:** read `expires_in` from token response and use it to refresh access tokens ([#445](opentdf/platform#445)) ([8ecbe79](opentdf/platform@8ecbe79)) * **sdk:** sdk stub ([#10](opentdf/platform#10)) ([8dfca6a](opentdf/platform@8dfca6a)) * **sdk:** take a function so that callers can use this the way that they want ([#340](opentdf/platform#340)) ([72059cb](opentdf/platform@72059cb)) * **subject-mappings:** refactor to meet db schema ([#59](opentdf/platform#59)) ([59a073b](opentdf/platform@59a073b)) * **tdf:** implement tdf3 encrypt and decrypt ([#73](opentdf/platform#73)) ([9d0e0a0](opentdf/platform@9d0e0a0)) * **tdf:** sdk interface changes ([#123](opentdf/platform#123)) ([2aa2422](opentdf/platform@2aa2422)) * **tdf:** sdk interface cleanup ([#201](opentdf/platform#201)) ([6f7d815](opentdf/platform@6f7d815)) * **tdf:** TDFOption varargs interface ([#235](opentdf/platform#235)) ([b3fb720](opentdf/platform@b3fb720)) ### Bug Fixes * **archive:** remove 10gb zip file test ([#373](opentdf/platform#373)) ([6548f55](opentdf/platform@6548f55)) * attribute missing rpc method for listing attribute values ([#69](opentdf/platform#69)) ([1b3a831](opentdf/platform@1b3a831)) * **attribute value:** fixes attribute value crud ([#86](opentdf/platform#86)) ([568df9c](opentdf/platform@568df9c)) * **issue 90:** remove duplicate attribute_id from attribute value create/update, and consumes schema setup changes in namespaces that were introduced for integration testing ([#100](opentdf/platform#100)) ([e0f6d07](opentdf/platform@e0f6d07)) * **issue-124:** SDK kas registry import name mismatch ([#125](opentdf/platform#125)) ([112638b](opentdf/platform@112638b)), closes [#124](opentdf/platform#124) * **proto/acre:** fix resource encoding service typo ([#30](opentdf/platform#30)) ([fe709d2](opentdf/platform@fe709d2)) * remove padding when b64 encoding ([#437](opentdf/platform#437)) ([d40e94a](opentdf/platform@d40e94a)) * SDK Quickstart ([#628](opentdf/platform#628)) ([f27ab98](opentdf/platform@f27ab98)) * **sdk:** change unwrapper creation ([#346](opentdf/platform#346)) ([9206435](opentdf/platform@9206435)) * **sdk:** double bearer token in auth config ([#350](opentdf/platform#350)) ([1bf4699](opentdf/platform@1bf4699)) * **sdk:** fixes Manifests JSONs with OIDC ([#140](opentdf/platform#140)) ([a4b6937](opentdf/platform@a4b6937)) * **sdk:** handle err ([#548](opentdf/platform#548)) ([ebabb6c](opentdf/platform@ebabb6c)) * **sdk:** make KasInfo fields public ([#320](opentdf/platform#320)) ([9a70498](opentdf/platform@9a70498)) * **sdk:** shutdown conn ([#352](opentdf/platform#352)) ([3def038](opentdf/platform@3def038)) * **sdk:** temporarily move unwrapper creation into options func. ([#309](opentdf/platform#309)) ([b34c2fe](opentdf/platform@b34c2fe)) * **sdk:** use the dialoptions even with no client credentials ([#400](opentdf/platform#400)) ([a7f1908](opentdf/platform@a7f1908)) * **security:** add a new encryption keypair different from dpop keypair ([#461](opentdf/platform#461)) ([7deb51e](opentdf/platform@7deb51e)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

🤖 I have created a release *beep* *boop* --- ## [0.1.0](opentdf/platform@service-v0.1.0...service/v0.1.0) (2024-04-22) ### ⚠ BREAKING CHANGES * Singular platform/service ([#511](opentdf/platform#511)) ### Features * ability to add public routes that bypass authn middleware ([#601](opentdf/platform#601)) ([7c65308](opentdf/platform@7c65308)) * ability to set config key or config file from root cmd ([#502](opentdf/platform#502)) ([56a0131](opentdf/platform@56a0131)) * allow --insecure in provision keycloak cmd ([#629](opentdf/platform#629)) ([a672325](opentdf/platform@a672325)) * **kas:** support HSM and standard crypto ([#497](opentdf/platform#497)) ([f0cbe03](opentdf/platform@f0cbe03)) * **opa:** Adding jq OPA builtin for selection ([#527](opentdf/platform#527)) ([d4ab17a](opentdf/platform@d4ab17a)) * **policy:** add `created_at` and `updated_at` timestamps to metadata ([#538](opentdf/platform#538)) ([e812563](opentdf/platform@e812563)) * **policy:** update fixtures, proto comments, and proto field names to reflect use of jq selector syntax within Conditions of Subject Sets ([#523](opentdf/platform#523)) ([16f40f7](opentdf/platform@16f40f7)) * **sdk:** don't require `client_id` in the auth token ([#544](opentdf/platform#544)) ([a1e70f9](opentdf/platform@a1e70f9)) * **sdk:** normalize token exchange ([#546](opentdf/platform#546)) ([9059dff](opentdf/platform@9059dff)) ### Bug Fixes * **authorization:** Hierarchy working in GetDecisions ([#519](opentdf/platform#519)) ([2856485](opentdf/platform@2856485)) * **core:** allow org-admin casbin role to call KAS rewrap endpoint ([#579](opentdf/platform#579)) ([a64c62a](opentdf/platform@a64c62a)) * **core:** fix panic on nil pointer dereference by passing KAS the SDK instance on registration ([#574](opentdf/platform#574)) ([327bfca](opentdf/platform@327bfca)) * **core:** fixes fixtures provisioning after filepath change with repo restructuring ([#521](opentdf/platform#521)) ([f128e9f](opentdf/platform@f128e9f)) * load extraprops for a service config with remainder values ([#524](opentdf/platform#524)) ([d3d72dc](opentdf/platform@d3d72dc)) * **PLAT-3069:** opentdf/platform, gRPC: Namespace with existed attribute(s) can be deactivated w/o any prompts ([#489](opentdf/platform#489)) ([e5a3324](opentdf/platform@e5a3324)) * **policy:** remove hardcoded schema in goose migration 20240405000000 ([#596](opentdf/platform#596)) ([36c3b16](opentdf/platform@36c3b16)) * **policy:** return `created_at` and `updated_at` timestamps in CREATE metadata ([#557](opentdf/platform#557)) ([fcaaeea](opentdf/platform@fcaaeea)) * resolves issues auth policy configuration ([#498](opentdf/platform#498)) ([08e67cf](opentdf/platform@08e67cf)) * **service:** go.mod version fix sync ([#604](opentdf/platform#604)) ([6323efd](opentdf/platform@6323efd)) * url encode db password field to handle special characters ([#624](opentdf/platform#624)) ([5069f9d](opentdf/platform@5069f9d)) ### Code Refactoring * Singular platform/service ([#511](opentdf/platform#511)) ([40c8b97](opentdf/platform@40c8b97)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: opentdf-automation[bot] <149537512+opentdf-automation[bot]@users.noreply.github.com>

mkleene added 13 commits April 4, 2024 11:05

ok

6381a82

Merge remote-tracking branch 'origin/main' into normalize-token-exchange

27add89

Merge remote-tracking branch 'origin/main' into normalize-token-exchange

c6f9cf5

Merge remote-tracking branch 'origin/main' into normalize-token-exchange

9041528

remove token requirement

2be4941

Merge remote-tracking branch 'origin/main' into normalize-token-exchange

87083b8

just saving

4e614d3

Merge remote-tracking branch 'origin/main' into normalize-token-exchange

6abd78a

point this at the new module

58044d2

Update auth_config.go

d641004

don't need this

28c1fe6

Merge remote-tracking branch 'origin/normalize-token-exchange' into n…

733d4c3

…ormalize-token-exchange

also not needed

065b503

mkleene changed the title ~~Normalize token exchange~~ feat(sdk): normalize token exchange Apr 9, 2024

mkleene added 16 commits April 9, 2024 15:15

use the right version

741dff8

work out types

39242f8

lint

f787df1

lint

9d50cb3

Dockerfile

25ee148

just saving

7e5a86a

add a better test

c1e87e6

move

c375d35

update tests

08282c3

fix modules

157f8aa

Merge remote-tracking branch 'origin/main' into normalize-token-exchange

721c06e

fix flag names

930d056

pass the context through

5d9ec7b

add the module

16f5662

just saving

475867a

get the scope working

4fcd79b

strantalis reviewed Apr 15, 2024

View reviewed changes

Dockerfile Show resolved Hide resolved

Update options.go

4be989b

mkleene dismissed ttschampel’s stale review via 4be989b April 15, 2024 17:34

strantalis reviewed Apr 15, 2024

View reviewed changes

sdk/options.go Show resolved Hide resolved

strantalis mentioned this pull request Apr 15, 2024

feat(provisioning): Keycloak provisioning from custom config #573

Merged

Merge remote-tracking branch 'origin/main' into normalize-token-exchange

60d7d5a

mkleene requested a review from strantalis April 16, 2024 18:41

Merge remote-tracking branch 'origin/main' into normalize-token-exchange

dce23d9

dmihalcik-virtru reviewed Apr 17, 2024

View reviewed changes

sdk/idp_token_exchange_token_source.go Show resolved Hide resolved

dmihalcik-virtru approved these changes Apr 17, 2024

View reviewed changes

mkleene enabled auto-merge April 17, 2024 16:01

strantalis approved these changes Apr 17, 2024

View reviewed changes

mkleene added this pull request to the merge queue Apr 17, 2024

Merged via the queue into main with commit 9059dff Apr 17, 2024
16 checks passed

mkleene deleted the normalize-token-exchange branch April 17, 2024 16:30

This was referenced Apr 18, 2024

chore(main): release lib/fixtures 0.1.0 #611

Merged

chore(main): release service 0.1.0 #614

Merged

chore(main): release sdk 0.1.0 #612

Merged

strantalis mentioned this pull request Apr 30, 2024

token-exchange go sdk #156

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(sdk): normalize token exchange #546

feat(sdk): normalize token exchange #546

mkleene commented Apr 9, 2024 •

edited

Loading

dmihalcik-virtru left a comment

mkleene commented Apr 17, 2024

feat(sdk): normalize token exchange #546

feat(sdk): normalize token exchange #546

Conversation

mkleene commented Apr 9, 2024 • edited Loading

dmihalcik-virtru left a comment

Choose a reason for hiding this comment

mkleene commented Apr 17, 2024

mkleene commented Apr 9, 2024 •

edited

Loading