go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-12-07 23:13:07 +02:00
Code Issues Releases Activity

Support nonce checks in OIDC Provider (#967)

Browse Source 
* Set and verify a nonce with OIDC

* Create a CSRF object to manage nonces & cookies

* Add missing generic cookie unit tests

* Add config flag to control OIDC SkipNonce

* Send hashed nonces in authentication requests

* Encrypt the CSRF cookie

* Add clarity to naming & add more helper methods

* Make CSRF an interface and keep underlying nonces private

* Add ReverseProxy scope to cookie tests

* Align to new 1.16 SameSite cookie default

* Perform SecretBytes conversion on CSRF cookie crypto

* Make state encoding signatures consistent

* Mock time in CSRF struct via Clock

* Improve InsecureSkipNonce docstring
This commit is contained in:
Nick Meves
2021-04-21 02:33:27 -07:00
committed by GitHub
parent d3423408c7
commit 7eeaea0b3f
31 changed files with 860 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
pkg/apis/options/load_test.go
View File

@@ -36,12 +36,13 @@ var _ = Describe("Load", func() {
},
LegacyProvider: LegacyProvider{
ProviderType: "google",
AzureTenant: "common",
ApprovalPrompt: "force",
UserIDClaim: "email",
OIDCEmailClaim: "email",
OIDCGroupsClaim: "groups",
ProviderType: "google",
AzureTenant: "common",
ApprovalPrompt: "force",
UserIDClaim: "email",
OIDCEmailClaim: "email",
OIDCGroupsClaim: "groups",
InsecureOIDCSkipNonce: true,
},
Options: Options{