51 lines
1.2 KiB
Go
51 lines
1.2 KiB
Go
package grpcutils
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"encoding/json"
|
|
|
|
"github.com/go-jose/go-jose/v3/jwt"
|
|
"github.com/grafana/authlib/authn"
|
|
"github.com/grafana/authlib/types"
|
|
"github.com/grafana/grafana/pkg/apimachinery/identity"
|
|
)
|
|
|
|
func ProvideInProcExchanger() authn.StaticTokenExchanger {
|
|
token, err := createInProcToken()
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
|
|
return authn.NewStaticTokenExchanger(token)
|
|
}
|
|
|
|
func createInProcToken() (string, error) {
|
|
claims := authn.Claims[authn.AccessTokenClaims]{
|
|
Claims: jwt.Claims{
|
|
Issuer: "grafana",
|
|
Subject: types.NewTypeID(types.TypeAccessPolicy, "grafana"),
|
|
Audience: []string{"resourceStore"},
|
|
},
|
|
Rest: authn.AccessTokenClaims{
|
|
Namespace: "*",
|
|
Permissions: identity.ServiceIdentityClaims.Rest.Permissions,
|
|
DelegatedPermissions: identity.ServiceIdentityClaims.Rest.DelegatedPermissions,
|
|
},
|
|
}
|
|
|
|
header, err := json.Marshal(map[string]string{
|
|
"alg": "none",
|
|
"typ": authn.TokenTypeAccess,
|
|
})
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
payload, err := json.Marshal(claims)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
|
|
return base64.RawURLEncoding.EncodeToString(header) + "." + base64.RawURLEncoding.EncodeToString(payload) + ".", nil
|
|
}
|