| Index: server/auth/auth.go
|
| diff --git a/server/auth/auth.go b/server/auth/auth.go
|
| index 1951dfcbeb6320eb801a678e3cfbe6c40084645e..c1b68e7f7f7a5ef1f94691325ef299b303368c34 100644
|
| --- a/server/auth/auth.go
|
| +++ b/server/auth/auth.go
|
| @@ -13,7 +13,6 @@ import (
|
| "github.com/luci/luci-go/common/errors"
|
| "github.com/luci/luci-go/common/logging"
|
|
|
| - "github.com/luci/luci-go/server/auth/authdb"
|
| "github.com/luci/luci-go/server/auth/delegation"
|
| "github.com/luci/luci-go/server/auth/identity"
|
| "github.com/luci/luci-go/server/auth/signing"
|
| @@ -187,7 +186,7 @@ func (a Authenticator) Authenticate(c context.Context, r *http.Request) (context
|
| delegatedIdentity, err := delegation.CheckToken(c, delegation.CheckTokenParams{
|
| Token: delegationTok,
|
| PeerID: s.peerIdent,
|
| - CertificatesProvider: certsProvider{s.db},
|
| + CertificatesProvider: s.db,
|
| GroupsChecker: s.db,
|
| OwnServiceIdentity: ownServiceIdentity,
|
| })
|
| @@ -234,19 +233,6 @@ func (a Authenticator) LogoutURL(c context.Context, dest string) (string, error)
|
|
|
| ////
|
|
|
| -// certsProvider implements delegation.CertificatesProvider.
|
| -type certsProvider struct {
|
| - db authdb.DB
|
| -}
|
| -
|
| -func (p certsProvider) GetAuthServiceCertificates(c context.Context) (*signing.PublicCertificates, error) {
|
| - serviceURL, err := p.db.GetAuthServiceURL(c)
|
| - if err != nil {
|
| - return nil, err
|
| - }
|
| - return signing.FetchCertificatesFromLUCIService(c, serviceURL)
|
| -}
|
| -
|
| // getOwnServiceIdentity returns 'service:<appID>' identity of the current
|
| // service.
|
| func getOwnServiceIdentity(c context.Context, signer signing.Signer) (identity.Identity, error) {
|
|
|
Chromium Code Reviews
Issue 2386643003:
auth: Make luci-go services trust signatures produced by the token server. (Closed)
