mirror of
https://github.com/kubernetes/client-go.git
synced 2025-12-25 14:12:27 +00:00
1309db5ec6
This PR attempts to simplify the OpenID Connect client plugin to reduce round trips. The steps taken by the client are now: * If ID Token isn't expired: * Do nothing. * If ID Token is expired: * Query /.well-known discovery URL to find token_endpoint. * Use an OAuth2 client and refresh token to request new ID token. This avoids the previous pattern of always initializing a client, which would hit the /.well-known endpoint several times. The client no longer does token validation since the server already does this. As a result, this code no longer imports github.com/coreos/go-oidc, instead just using golang.org/x/oauth2 for refreshing. Kubernetes-commit: 6915f857574505a2cd2072c32d9d6da66ce6f55a