Golang proposal: x/oauth2/jwt: add optional field for assertion token

Proposal Details

Currently, the JWT package supports the creation of Tokes from JWT Bearer tokens, but expects the claimSets, subjects audience and the private key needed for the signing of the claim.

But there are situations where components (clients) that make use of this TokenSource would have the assertion token available instead of the above-mentioned fields. At that point, this package cannot be used.

Therefore, I would request the addition of an additional field assertion that can be called in the Token method as an alternative to the building the token something like

type Config struct {
    Email string
    PrivateKey []byte
        .
        .
        .
       Assertion string
}
.
.
func (js jwtSource) Token() (*oauth2.Token, error) {
.
.
if js.conf.Assertion != "" {
        payload = js.conf.Assertion
    } else {
        claimSet := &jws.ClaimSet{
            Iss:           js.conf.Email,
.
.
.

Kindly consider this along with the support for client_assertion https://github.com/golang/go/issues/73431, While the jwt package seems to be generating the assertion in the Token call, this function would be easy to use for clients where clients are required to forward assertion tokens that are generated externally.

Example Scenarios:- Clients that run in pipeline scenarios like github actions where the JWT assertion is provided clients like cf cli that take an assertion and client-assertion JWT Tokens.

Thanks

Comment From: gabyhelp

Related Issues

• proposal: x/oauth2: add support for client_assertion #73431

_{(Emoji vote if this was helpful or unhelpful; more detailed feedback welcome in this discussion.)}