jfrog
diff --git a/‎README.md‎
Lines changed: 20 additions & 0 deletions b/‎README.md‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎access/manager.go‎
Lines changed: 6 additions & 0 deletions b/‎access/manager.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎access/services/accesstoken.go‎
Lines changed: 41 additions & 1 deletion b/‎access/services/accesstoken.go‎
Lines changed: 41 additions & 1 deletion
diff --git a/‎artifactory/services/utils/multipartupload_test.go‎
Lines changed: 10 additions & 10 deletions b/‎artifactory/services/utils/multipartupload_test.go‎
Lines changed: 10 additions & 10 deletions
diff --git a/‎auth/authutils.go‎
Lines changed: 6 additions & 0 deletions b/‎auth/authutils.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎auth/authutils_test.go‎
Lines changed: 5 additions & 5 deletions b/‎auth/authutils_test.go‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎auth/cert/loader.go‎
Lines changed: 2 additions & 1 deletion b/‎auth/cert/loader.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎go.mod‎
Lines changed: 11 additions & 11 deletions b/‎go.mod‎
Lines changed: 11 additions & 11 deletions
@@ -124,6 +124,7 @@
       - [Get Web Login Authentication Token](#get-web-login-authentication-token)
       - [Creating an Access Token](#creating-an-access-token)
       - [Refreshing an Access Token](#refreshing-an-access-token)
+      - [Exchanging an OIDC Access Token](#exchanging-an-oidc-access-token)
   - [Distribution APIs](#distribution-apis)
     - [Creating Distribution Service Manager](#creating-distribution-service-manager)
       - [Creating Distribution Details](#creating-distribution-details)
@@ -1657,6 +1658,25 @@ params.RefreshToken = "<refresh token>"
 results, err := accessManager.RefreshToken(params)
 ```
 
+### exchanging-an-oidc-access-token
+
+```go
+params := services.CreateOidcTokenParams{
+  GrantType:        "urn:ietf:params:oauth:grant-type:token-exchange", // The type of grant being requested
+  SubjectTokenType: "urn:ietf:params:oauth:token-type:id_token",       // The type of token being exchanged
+  OidcTokenID:      "<oidc token id aka subject_token>",               // The ID of the OIDC token to be exchanged
+  ProjectKey:       "<JFrog project key>",                             // Optional: Key to link the token to a specific project
+  ApplicationKey:   "<application key>",                               // Optional: Key to link the token to a specific application
+  RunId:            "<ci run id>",                                     // Optional: ID to link the token to a specific run
+  JobId:            "<ci job id>",                                     // Optional: ID to link the token to a specific job
+  Repo:             "<source code repository>",                        // Optional: Repository associated with the token
+  Audience:         "<audience>",                                      // The intended audience of the token
+  ProviderName:     "<provider name>",                                 // The name of the OIDC provider
+}
+
+response, err = servicesManager.ExchangeOidcToken(params)
+```
+
 ## Distribution APIs
 
 ### Creating Distribution Service Manager
 
@@ -137,3 +137,9 @@ func (sm *AccessServicesManager) GetLoginAuthenticationToken(uuid string) (auth.
 	loginService.ServiceDetails = sm.config.GetServiceDetails()
 	return loginService.GetLoginAuthenticationToken(uuid)
 }
+
+func (sm *AccessServicesManager) ExchangeOidcToken(params services.CreateOidcTokenParams) (auth.OidcTokenResponseData, error) {
+	tokenService := services.NewTokenService(sm.client)
+	tokenService.ServiceDetails = sm.config.GetServiceDetails()
+	return tokenService.ExchangeOidcToken(params)
+}
@@ -12,7 +12,12 @@ import (
 )
 
 // #nosec G101 -- False positive - no hardcoded credentials.
-const tokensApi = "api/v1/tokens"
+const (
+	// jfrog-ignore - not a real token
+	tokensApi = "api/v1/tokens"
+	// jfrog-ignore - not a real token
+	oidcTokensApi = "api/v1/oidc/token"
+)
 
 type TokenService struct {
 	client         *jfroghttpclient.JfrogHttpClient
@@ -27,6 +32,21 @@ type CreateTokenParams struct {
 	Description           string `json:"description,omitempty"`
 }
 
+type CreateOidcTokenParams struct {
+	GrantType             string `json:"grant_type,omitempty"`
+	SubjectTokenType      string `json:"subject_token_type,omitempty"`
+	OidcTokenID           string `json:"subject_token,omitempty"`
+	ProviderName          string `json:"provider_name,omitempty"`
+	ProjectKey            string `json:"project_key,omitempty"`
+	JobId                 string `json:"job_id,omitempty"`
+	RunId                 string `json:"run_id,omitempty"`
+	Repo                  string `json:"repo,omitempty"`
+	ApplicationKey        string `json:"application_key,omitempty"`
+	Audience              string `json:"audience,omitempty"`
+	IdentityMappingName   string `json:"identity_mapping_name,omitempty"`
+	IncludeReferenceToken *bool  `json:"include_reference_token,omitempty"`
+}
+
 func NewCreateTokenParams(params CreateTokenParams) CreateTokenParams {
 	return CreateTokenParams{CommonTokenParams: params.CommonTokenParams, IncludeReferenceToken: params.IncludeReferenceToken}
 }
@@ -84,6 +104,26 @@ func (ps *TokenService) handleUnauthenticated(params CreateTokenParams, httpDeta
 	return errorutils.CheckErrorf("cannot create access token without credentials")
 }
 
+func (ps *TokenService) ExchangeOidcToken(params CreateOidcTokenParams) (auth.OidcTokenResponseData, error) {
+	var tokenInfo auth.OidcTokenResponseData
+	httpDetails := ps.ServiceDetails.CreateHttpClientDetails()
+	httpDetails.SetContentTypeApplicationJson()
+	requestContent, err := json.Marshal(params)
+	if errorutils.CheckError(err) != nil {
+		return tokenInfo, err
+	}
+	url := fmt.Sprintf("%s%s", ps.ServiceDetails.GetUrl(), oidcTokensApi)
+	resp, body, err := ps.client.SendPost(url, requestContent, &httpDetails)
+	if err != nil {
+		return tokenInfo, err
+	}
+	if err = errorutils.CheckResponseStatusWithBody(resp, body, http.StatusOK); err != nil {
+		return tokenInfo, fmt.Errorf("failed to exchange OIDC token: %w", err)
+	}
+	err = json.Unmarshal(body, &tokenInfo)
+	return tokenInfo, errorutils.CheckError(err)
+}
+
 func prepareForRefresh(p CreateTokenParams) (*CreateTokenParams, error) {
 	// Validate provided parameters
 	if p.RefreshToken == "" {
 
@@ -1,6 +1,7 @@
 package utils
 
 import (
+	"crypto/rand"
 	"encoding/json"
 	"fmt"
 	"net/http"
@@ -16,21 +17,20 @@ import (
 	"github.com/jfrog/jfrog-client-go/utils/log"
 	"github.com/jfrog/jfrog-client-go/utils/tests"
 	"github.com/stretchr/testify/assert"
-	"golang.org/x/exp/rand"
 )
 
 const (
-	localPath     = "localPath"
-	repoKey       = "repoKey"
-	repoPath      = "repoPath"
-	partSize      = SizeGiB
-	partSizeMB    = 1024
-	partNumber    = 2
-	splitCount    = 3
-	token         = "token"
+	localPath  = "localPath"
+	repoKey    = "repoKey"
+	repoPath   = "repoPath"
+	partSize   = SizeGiB
+	partSizeMB = 1024
+	partNumber = 2
+	splitCount = 3
+	token      = "token"
+	// jfrog-ignore - test url
 	partUrl       = "http://dummy-url-part"
 	sha1          = "sha1"
-	nodeId        = "nodeId"
 	checksumToken = "checksumToken"
 )
 
 
@@ -17,6 +17,12 @@ type CreateTokenResponseData struct {
 	TokenId        string `json:"token_id,omitempty"`
 }
 
+type OidcTokenResponseData struct {
+	CommonTokenParams
+	IssuedTokenType string `json:"issued_token_type,omitempty"`
+	Username        string `json:"username,omitempty"`
+}
+
 type CommonTokenParams struct {
 	Scope        string `json:"scope,omitempty"`
 	AccessToken  string `json:"access_token,omitempty"`
 
@@ -9,15 +9,15 @@ import (
 )
 
 var (
-	// #nosec G101 -- Dummy tokens for tests
+	// #nosec G101 -- Dummy tokens for tests jfrog-ignore
 	token1 = "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJIcnU2VHctZk1yOTV3dy12TDNjV3ZBVjJ3Qm9FSHpHdGlwUEFwOE1JdDljIn0.eyJzdWIiOiJqZnJ0QDAxYzNnZmZoZzJlOHc2MTQ5ZTNhMnEwdzk3XC91c2Vyc1wvYWRtaW4iLCJzY3AiOiJtZW1iZXItb2YtZ3JvdXBzOnJlYWRlcnMgYXBpOioiLCJhdWQiOiJqZnJ0QDAxYzNnZmZoZzJlOHc2MTQ5ZTNhMnEwdzk3IiwiaXNzIjoiamZydEAwMWMzZ2ZmaGcyZTh3NjE0OWUzYTJxMHc5NyIsImV4cCI6MTU1NjAzNzc2NSwiaWF0IjoxNTU2MDM0MTY1LCJqdGkiOiI1M2FlMzgyMy05NGM3LTQ0OGItOGExOC1iZGVhNDBiZjFlMjAifQ.Bp3sdvppvRxysMlLgqT48nRIHXISj9sJUCXrm7pp8evJGZW1S9hFuK1olPmcSybk2HNzdzoMcwhUmdUzAssiQkQvqd_HanRcfFbrHeg5l1fUQ397ECES-r5xK18SYtG1VR7LNTVzhJqkmRd3jzqfmIK2hKWpEgPfm8DRz3j4GGtDRxhb3oaVsT2tSSi_VfT3Ry74tzmO0GcCvmBE2oh58kUZ4QfEsalgZ8IpYHTxovsgDx_M7ujOSZx_hzpz-iy268-OkrU22PQPCfBmlbEKeEUStUO9n0pj4l1ODL31AGARyJRy46w4yzhw7Fk5P336WmDMXYs5LAX2XxPFNLvNzA"
-	// #nosec G101
+	// #nosec G101 jfrog-ignore
 	token2 = "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJIcnU2VHctZk1yOTV3dy12TDNjV3ZBVjJ3Qm9FSHpHdGlwUEFwOE1JdDljIn0.eyJzdWIiOiJqZnJ0QDAwMWMzZ2ZmaGcyZTh3NjE0OWUzYTJxMHc5NyIsImV4cCI6MTU1NjAzNzc2NSwiaWF0IjoxNTU2MDM0MTY1LCJqdGkiOiI1M2FlMzgyMy05NGM3LTQ0OGItOGExOC1iZGVhNDBiZjFlMjAifQ.Bp3sdvppvRxysMlLgqT48nRIHXISj9sJUCXrm7pp8evJGZW1S9hFuK1olPmcSybk2HNzdzoMcwhUmdUzAssiQkQvqd_HanRcfFbrHeg5l1fUQ397ECES-r5xK18SYtG1VR7LNTVzhJqkmRd3jzqfmIK2hKWpEgPfm8DRz3j4GGtDRxhb3oaVsT2tSSi_VfT3Ry74tzmO0GcCvmBE2oh58kUZ4QfEsalgZ8IpYHTxovsgDx_M7ujOSZx_hzpz-iy268-OkrU22PQPCfBmlbEKeEUStUO9n0pj4l1ODL31AGARyJRy46w4yzhw7Fk5P336WmDMXYs5LAX2XxPFNLvNzA"
-	// #nosec G101
+	// #nosec G101 jfrog-ignore
 	token3 = "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJIcnU2VHctZk1yOTV3dy12TDNjV3ZBVjJ3Qm9FSHpHdGlwUEFwOE1JdDljIn0"
-	// #nosec G101
+	// #nosec G101 jfrog-ignore
 	token4 = "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJsS0NYXzFvaTBQbTZGdF9XRklkejZLZ1g4U0FULUdOY0lJWXRjTC1KM084In0.eyJzdWIiOiJqZmZlQDAwMFwvdXNlcnNcL3RlbXB1c2VyIiwic2NwIjoiYXBwbGllZC1wZXJtaXNzaW9uc1wvYWRtaW4gYXBpOioiLCJhdWQiOlsiamZydEAqIiwiamZtZEAqIiwiamZldnRAKiIsImpmYWNAKiJdLCJpc3MiOiJqZmZlQDAwMCIsImV4cCI6MTYxNjQ4OTU4NSwiaWF0IjoxNjE2NDg1OTg1LCJqdGkiOiI0OTBlYWEzOS1mMzYxLTQxYjAtOTA5Ni1kNjg5NmQ0ZWQ3YjEifQ.J5P8Pu5tqEjgnLFLEoCdh1LJHWiMmEHht95v0EFuixwO-osq7sfXua_UCGBkKbmqVSGKew9kl_LTcbq_uMe281_5q2yYxT74iqc2wQ1K0uovEUeIU6E65oi70JwUWUwcF3sNJ2gFatnvgSu-2Kv6m-DtSIW36WS3Mh8uMZQ19ob4fmueVmMFyQsp0EEG6xFYeOK6SB8OUd0gAd_XvXiSRuF0eLabhKmXM2pVBLYfd2KIMlkFckEOGGOzeglvA62xmP4Ik7UsF487NAo0LeS_Pd79owr0jtgTYkCTrLlFhUzUMDVmD_LsCMyf_S4CJxhwkCRhhy9SYSs1WPgknL3--w"
-	// #nosec G101
+	// #nosec G101 jfrog-ignore
 	token5 = "eyJ2ZXIiOiIyIiwidHlwIjoiSldUIiwiYWxnIjoiUlMyNTYiLCJraWQiOiJDRlVIRER4UXZaM1VNWEZxS0ZWUlFiOEFROEd6VWxSZkZJMEt4TmIzdk1jIn0.eyJzdWIiOiJ5YWhhdi90ZXN0LXJlcG8iLCJzY3AiOiJhcHBsaWVkLXBlcm1pc3Npb25zL2dyb3VwczpcImFkbWluLWdyb3VwXCIsIiwiYXVkIjoiKkAqIiwiaXNzIjoiamZhY0AwMWdnbXFxcDc0MzZuOTB3d3I4Ym5nMXp5OSIsImV4cCI6MTcxNTE4MzA3MiwiaWF0IjoxNzE1MTgzMDEyLCJqdGkiOiJmN2IxMmIzMi0xMmNkLTQ1Y2ItYWZjYS1iNTYyMjc2YjY0YmQifQ.I6df8E0_1t7uYzSQkiQBNh9GIGyr541rIRQ8BDD401N4DV98dWsqACmdlYTOAaxn_el4Lz7_OaK0GnVNGf9hiZz9QKaXbe-HnL9jG-TobpOlyhkc6iBpnizuZ9T9YiveCG_NgDMWn5syiZ912t6PuZqNN2JmwswqfE9QDm6xCH8fu7h0Rs1qDNkahtgQvO99e5d7LnuOS9VfkXBxLDZ5AeUbd89zmujgDB4hMXB3J-dQ3QxGHRPS_KUo7sf7lRvn4PydYkhbhrhg6GP6ss6rMmEJM5v8azMTrkLwksoCWtK9YpD5S70f7AoE5U5j5BttZ0S5dPGagKWZJiA1egna-w"
 )
 
 
@@ -57,8 +57,9 @@ func GetTransportWithLoadedCert(certificatesDirPath string, insecureTls bool, tr
 	transport.TLSClientConfig = &tls.Config{
 		RootCAs:            caCertPool,
 		ClientSessionCache: tls.NewLRUClientSessionCache(1),
-		//#nosec G402 -- Skipping insecure tls verification was requested by the user.
+		//#nosec G402 jfrog-ignore -- Skipping insecure tls verification was requested by the user.
 		InsecureSkipVerify: insecureTls,
+		MinVersion:         tls.VersionTLS12,
 	}
 
 	return transport, nil
 
@@ -1,23 +1,23 @@
 module github.com/jfrog/jfrog-client-go
 
-go 1.22.9
+go 1.23.7
 
 require (
-	github.com/ProtonMail/go-crypto v1.1.5
+	github.com/ProtonMail/go-crypto v1.1.6
 	github.com/buger/jsonparser v1.1.1
-	github.com/forPelevin/gomoji v1.2.0
-	github.com/go-git/go-git/v5 v5.13.2
-	github.com/golang-jwt/jwt/v4 v4.5.1
+	github.com/forPelevin/gomoji v1.3.0
+	github.com/go-git/go-git/v5 v5.14.0
+	github.com/golang-jwt/jwt/v4 v4.5.2
 	github.com/gookit/color v1.5.4
 	github.com/jfrog/archiver/v3 v3.6.1
 	github.com/jfrog/build-info-go v1.10.10
 	github.com/jfrog/gofrog v1.7.6
 	github.com/minio/sha256-simd v1.0.1
 	github.com/stretchr/testify v1.10.0
 	github.com/xanzy/ssh-agent v0.3.3
-	golang.org/x/crypto v0.32.0
-	golang.org/x/exp v0.0.0-20250128182459-e0ece0dbea4c
-	golang.org/x/term v0.29.0
+	golang.org/x/crypto v0.36.0
+	golang.org/x/exp v0.0.0-20250305212735-054e65f0b394
+	golang.org/x/term v0.30.0
 )
 
 require (
@@ -49,9 +49,9 @@ require (
 	github.com/ulikunitz/xz v0.5.12 // indirect
 	github.com/xi2/xz v0.0.0-20171230120015-48954b6210f8 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/sync v0.11.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/net v0.38.0 // indirect
+	golang.org/x/sync v0.12.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )