IntenseWebs/grafana
3
0
Fork 0
mirror of https://github.com/grafana/grafana.git synced 2025-02-25 18:55:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

IDForwarding: Use feature toggle not generate a key if feature is not enabled (#75961)

Browse Source 
* Use feature toggle not generate a key if feature is not enabled

* Fix check
This commit is contained in:
Karl Persson
2023-10-04 16:06:24 +02:00
committed by GitHub
parent 3b51acf44d
commit 09e638cd9d
1 changed files with 30 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
pkg/services/auth/idimpl/signer.go
View File

@@ -7,6 +7,7 @@ import (
"github.com/go-jose/go-jose/v3/jwt"
"github.com/grafana/grafana/pkg/services/auth"
"github.com/grafana/grafana/pkg/services/featuremgmt"
"github.com/grafana/grafana/pkg/services/signingkeys"
)
@@ -14,32 +15,43 @@ const idSignerKeyPrefix = "id"
var _ auth.IDSigner = (*LocalSigner)(nil)
func ProvideLocalSigner(keyService signingkeys.Service) (*LocalSigner, error) {
id, key, err := keyService.GetOrCreatePrivateKey(context.Background(), idSignerKeyPrefix, jose.ES256)
if err != nil {
return nil, err
func ProvideLocalSigner(keyService signingkeys.Service, features featuremgmt.FeatureToggles) (*LocalSigner, error) {
if features.IsEnabled(featuremgmt.FlagIdForwarding) {
id, key, err := keyService.GetOrCreatePrivateKey(context.Background(), idSignerKeyPrefix, jose.ES256)
if err != nil {
return nil, err
}
// FIXME: Handle key rotation
signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: key}, &jose.SignerOptions{
ExtraHeaders: map[jose.HeaderKey]interface{}{
"kid": id,
},
})
if err != nil {
return nil, err
}
return &LocalSigner{
features: features,
signer: signer,
}, nil
}
// FIXME: Handle key rotation
signer, err := jose.NewSigner(jose.SigningKey{Algorithm: jose.ES256, Key: key}, &jose.SignerOptions{
ExtraHeaders: map[jose.HeaderKey]interface{}{
"kid": id,
},
})
if err != nil {
return nil, err
}
return &LocalSigner{
signer: signer,
}, nil
return &LocalSigner{features: features}, nil
}
type LocalSigner struct {
signer jose.Signer
signer jose.Signer
features featuremgmt.FeatureToggles
}
func (s *LocalSigner) SignIDToken(ctx context.Context, claims *auth.IDClaims) (string, error) {
if !s.features.IsEnabled(featuremgmt.FlagIdForwarding) {
return "", nil
}
builder := jwt.Signed(s.signer).Claims(claims.Claims)
token, err := builder.CompactSerialize()