mirror of
https://github.com/oauth2-proxy/oauth2-proxy.git
synced 2024-11-28 09:08:44 +02:00
Use ProfileURL for userinfo EnrichSession calls in Keycloak
This commit is contained in:
parent
0886f8035c
commit
138a6b128a
@ -47,6 +47,7 @@ var (
|
||||
}
|
||||
)
|
||||
|
||||
// NewKeycloakProvider creates a KeyCloakProvider using the passed ProviderData
|
||||
func NewKeycloakProvider(p *ProviderData) *KeycloakProvider {
|
||||
p.setProviderDefaults(providerDefaults{
|
||||
name: keycloakProviderName,
|
||||
@ -59,8 +60,16 @@ func NewKeycloakProvider(p *ProviderData) *KeycloakProvider {
|
||||
return &KeycloakProvider{ProviderData: p}
|
||||
}
|
||||
|
||||
// EnrichSession uses the Keycloak userinfo endpoint to populate the session's
|
||||
// email and groups.
|
||||
func (p *KeycloakProvider) EnrichSession(ctx context.Context, s *sessions.SessionState) error {
|
||||
json, err := requests.New(p.ValidateURL.String()).
|
||||
// Fallback to ValidateURL if ProfileURL not set for legacy compatibility
|
||||
userinfoURL := p.ValidateURL.String()
|
||||
if p.ProfileURL != nil {
|
||||
userinfoURL = p.ProfileURL.String()
|
||||
}
|
||||
|
||||
json, err := requests.New(userinfoURL).
|
||||
WithContext(ctx).
|
||||
SetHeader("Authorization", "Bearer "+s.AccessToken).
|
||||
Do().
|
||||
|
@ -131,6 +131,10 @@ var _ = Describe("Keycloak Provider Tests", func() {
|
||||
Scheme: "https",
|
||||
Host: "example.com",
|
||||
Path: "/oauth/token"},
|
||||
ProfileURL: &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "example.com",
|
||||
Path: "/api/v3/user"},
|
||||
ValidateURL: &url.URL{
|
||||
Scheme: "https",
|
||||
Host: "example.com",
|
||||
@ -141,7 +145,7 @@ var _ = Describe("Keycloak Provider Tests", func() {
|
||||
Expect(providerData.ProviderName).To(Equal("Keycloak"))
|
||||
Expect(providerData.LoginURL.String()).To(Equal("https://example.com/oauth/auth"))
|
||||
Expect(providerData.RedeemURL.String()).To(Equal("https://example.com/oauth/token"))
|
||||
Expect(providerData.ProfileURL.String()).To(Equal(""))
|
||||
Expect(providerData.ProfileURL.String()).To(Equal("https://example.com/api/v3/user"))
|
||||
Expect(providerData.ValidateURL.String()).To(Equal("https://example.com/api/v3/user"))
|
||||
Expect(providerData.Scope).To(Equal("profile"))
|
||||
})
|
||||
@ -174,7 +178,7 @@ var _ = Describe("Keycloak Provider Tests", func() {
|
||||
DescribeTable("should return expected results",
|
||||
func(in enrichSessionTableInput) {
|
||||
var err error
|
||||
p.ValidateURL, err = url.Parse(
|
||||
p.ProfileURL, err = url.Parse(
|
||||
fmt.Sprintf("%s%s?testcase=%s", b.URL, keycloakUserinfoPath, in.testcase),
|
||||
)
|
||||
Expect(err).To(BeNil())
|
||||
|
Loading…
Reference in New Issue
Block a user