diff --git a/pkg/rfc7523/rfc7523.go b/pkg/rfc7523/rfc7523.go index e21dcbd..5ca7bb3 100644 --- a/pkg/rfc7523/rfc7523.go +++ b/pkg/rfc7523/rfc7523.go @@ -43,6 +43,12 @@ type ( Credential = credential.Result ) +type Provider interface { + isRFC7523Provider() +} + +func (cp *credentialsProvider) isRFC7523Provider() {} + // CredentialsProvider exchanges identity JWTs for OAuth2 access tokens via the // RFC 7523 jwt-bearer grant type. type CredentialsProvider interface { diff --git a/pkg/rfc8693/rfc8693.go b/pkg/rfc8693/rfc8693.go index 7834bbb..01e7132 100644 --- a/pkg/rfc8693/rfc8693.go +++ b/pkg/rfc8693/rfc8693.go @@ -52,6 +52,12 @@ type ( Credential = credential.Result ) +type Provider interface { + isRFC8693Provider() +} + +func (cp *credentialsProvider) isRFC8693Provider() {} + type CredentialsProvider interface { GetCredentials(ctx context.Context, tokenEndpointURL string, subjectTokenProvider token.IdentityTokenProvider, opts ...option.Option) (<-chan Credential, error) } @@ -79,6 +85,25 @@ func NewCredentialsProvider(_ context.Context, logger logr.Logger) (*credentials return &credentialsProvider{logger: logger}, nil } +// GetCredentialsWithOptions implements credential.Provider using option-based configuration. +// +// Required options: WithTokenEndpointURL, WithTokenProvider. +func (cp *credentialsProvider) GetCredentialsWithOptions(ctx context.Context, opts ...option.Option) (<-chan Credential, error) { + cfg := &credentialsConfig{} + + for _, opt := range opts { + if o, ok := isCredentialsOption(opt); ok { + o.Apply(cfg) + } + } + + if err := validateConfig(cfg); err != nil { + return nil, err + } + + return cp.GetCredentials(ctx, cfg.tokenEndpointURL, cfg.subjectTokenProvider, opts...) +} + func (cp *credentialsProvider) GetCredentials( ctx context.Context, tokenEndpointURL string,