1
0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-30 09:16:52 +02:00
Commit Graph

10 Commits

Author SHA1 Message Date
Joel Speed
979c3e8cbc
Move internal OIDC package to providers package 2022-02-19 15:37:53 +00:00
Joel Speed
d162b018a8
Move provider initialisation into providers package 2022-02-16 10:38:05 +00:00
Joel Speed
967051314e
Integrate claim extractor into providers 2022-02-16 10:28:33 +00:00
Kevin Schu
25371ea4af
improved audience handling to support client credentials access tokens without aud claims (#1204)
* implementation draft

* add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options

* refactor configs, added logging and add additional claim verification

* simplify logic by just having one configuration similar to oidc-email-claim

* added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers

* refactored verification to reduce complexity

* refactored verification to reduce complexity

* added docs

* adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options

* extend unit tests and ensure that audience is set with the value of aud claim configuration

* revert filemodes and update docs

* update docs

* remove unneccesary logging, refactor audience existence check and added additional unit tests

* fix linting issues after rebase on origin/main

* cleanup: use new imports for migrated libraries after rebase on origin/main

* adapt mock in keycloak_oidc_test.go

* allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation

* fixed formatting issue

* do not pass the whole options struct to minimize complexity and dependency to the configuration structure

* added changelog entry

* update docs

Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com>
Co-authored-by: Christian Zenker <christian.zenker@aoe.com>
2022-02-15 16:12:22 +00:00
Nick Meves
0fa8fca276 Update ADFS to new jwt lib 2021-12-01 19:16:42 -08:00
Nick Meves
bdfca925a3 Handle UPN fallback when profileURL isn't set 2021-12-01 19:08:15 -08:00
Nick Meves
4980f6af7d Use upn claim as a fallback in Enrich & Refresh
Only when `email` claim is missing, fallback to `upn` claim which may have it.
2021-12-01 19:08:10 -08:00
Nick Meves
a53198725e Use upn as EmailClaim throughout ADFSProvider
By only overriding in the EnrichSession, any Refresh calls
would've overriden it with the `email` claim.
2021-12-01 19:06:02 -08:00
Nick Meves
0b4bc36554
Upgrade go-oidc to v3 (#1264) 2021-07-17 09:55:05 -07:00
Sami Racho
a14c0c2121 Added ADFS Provider 2021-06-13 10:19:56 +02:00