Integrate new header injectors with OAuth2 Proxy

2025-12-05 23:08:20 +02:00 · 2020-07-29 20:10:14 +01:00
parent d26c65ba8d
commit 8059a812cd
7 changed files with 485 additions and 551 deletions
--- a/pkg/validation/sessions_test.go
+++ b/pkg/validation/sessions_test.go
@@ -13,10 +13,9 @@ import (

 var _ = Describe("Sessions", func() {
 	const (
-		passAuthorizationMsg = "pass_authorization_header requires oauth tokens in sessions. session_cookie_minimal cannot be set"
-		setAuthorizationMsg  = "set_authorization_header requires oauth tokens in sessions. session_cookie_minimal cannot be set"
-		passAccessTokenMsg   = "pass_access_token requires oauth tokens in sessions. session_cookie_minimal cannot be set"
-		cookieRefreshMsg     = "cookie_refresh > 0 requires oauth tokens in sessions. session_cookie_minimal cannot be set"
+		idTokenConflictMsg     = "id_token claim for header \"X-ID-Token\" requires oauth tokens in sessions. session_cookie_minimal cannot be set"
+		accessTokenConflictMsg = "access_token claim for header \"X-Access-Token\" requires oauth tokens in sessions. session_cookie_minimal cannot be set"
+		cookieRefreshMsg       = "cookie_refresh > 0 requires oauth tokens in sessions. session_cookie_minimal cannot be set"
 	)

 	type cookieMinimalTableInput struct {
@@ -38,14 +37,25 @@ var _ = Describe("Sessions", func() {
 			},
 			errStrings: []string{},
 		}),
-		Entry("No minimal cookie session & passAuthorization", &cookieMinimalTableInput{
+		Entry("No minimal cookie session & request header has access_token claim", &cookieMinimalTableInput{
 			opts: &options.Options{
 				Session: options.SessionOptions{
 					Cookie: options.CookieStoreOptions{
 						Minimal: false,
 					},
 				},
-				PassAuthorization: true,
+				InjectRequestHeaders: []options.Header{
+					{
+						Name: "X-Access-Token",
+						Values: []options.HeaderValue{
+							{
+								ClaimSource: &options.ClaimSource{
+									Claim: "access_token",
+								},
+							},
+						},
+					},
+				},
 			},
 			errStrings: []string{},
 		}),
@@ -59,38 +69,71 @@ var _ = Describe("Sessions", func() {
 			},
 			errStrings: []string{},
 		}),
-		Entry("PassAuthorization conflict", &cookieMinimalTableInput{
+		Entry("Request Header id_token conflict", &cookieMinimalTableInput{
 			opts: &options.Options{
 				Session: options.SessionOptions{
 					Cookie: options.CookieStoreOptions{
 						Minimal: true,
 					},
 				},
-				PassAuthorization: true,
+				InjectRequestHeaders: []options.Header{
+					{
+						Name: "X-ID-Token",
+						Values: []options.HeaderValue{
+							{
+								ClaimSource: &options.ClaimSource{
+									Claim: "id_token",
+								},
+							},
+						},
+					},
+				},
 			},
-			errStrings: []string{passAuthorizationMsg},
+			errStrings: []string{idTokenConflictMsg},
 		}),
-		Entry("SetAuthorization conflict", &cookieMinimalTableInput{
+		Entry("Response Header id_token conflict", &cookieMinimalTableInput{
 			opts: &options.Options{
 				Session: options.SessionOptions{
 					Cookie: options.CookieStoreOptions{
 						Minimal: true,
 					},
 				},
-				SetAuthorization: true,
+				InjectResponseHeaders: []options.Header{
+					{
+						Name: "X-ID-Token",
+						Values: []options.HeaderValue{
+							{
+								ClaimSource: &options.ClaimSource{
+									Claim: "id_token",
+								},
+							},
+						},
+					},
+				},
 			},
-			errStrings: []string{setAuthorizationMsg},
+			errStrings: []string{idTokenConflictMsg},
 		}),
-		Entry("PassAccessToken conflict", &cookieMinimalTableInput{
+		Entry("Request Header access_token conflict", &cookieMinimalTableInput{
 			opts: &options.Options{
 				Session: options.SessionOptions{
 					Cookie: options.CookieStoreOptions{
 						Minimal: true,
 					},
 				},
-				PassAccessToken: true,
+				InjectRequestHeaders: []options.Header{
+					{
+						Name: "X-Access-Token",
+						Values: []options.HeaderValue{
+							{
+								ClaimSource: &options.ClaimSource{
+									Claim: "access_token",
+								},
+							},
+						},
+					},
+				},
 			},
-			errStrings: []string{passAccessTokenMsg},
+			errStrings: []string{accessTokenConflictMsg},
 		}),
 		Entry("CookieRefresh conflict", &cookieMinimalTableInput{
 			opts: &options.Options{
@@ -112,10 +155,32 @@ var _ = Describe("Sessions", func() {
 						Minimal: true,
 					},
 				},
-				PassAuthorization: true,
-				PassAccessToken:   true,
+				InjectResponseHeaders: []options.Header{
+					{
+						Name: "X-ID-Token",
+						Values: []options.HeaderValue{
+							{
+								ClaimSource: &options.ClaimSource{
+									Claim: "id_token",
+								},
+							},
+						},
+					},
+				},
+				InjectRequestHeaders: []options.Header{
+					{
+						Name: "X-Access-Token",
+						Values: []options.HeaderValue{
+							{
+								ClaimSource: &options.ClaimSource{
+									Claim: "access_token",
+								},
+							},
+						},
+					},
+				},
 			},
-			errStrings: []string{passAuthorizationMsg, passAccessTokenMsg},
+			errStrings: []string{idTokenConflictMsg, accessTokenConflictMsg},
 		}),
 	)