go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2024-11-28 09:08:44 +02:00
Code Issues Releases Activity
d162b018a8
oauth2-proxy/pkg/validation
History
Kevin Schu 25371ea4af
improved audience handling to support client credentials access tokens without aud claims (#1204) 
* implementation draft

* add cfg options skip-au-when-missing && client-id-verification-claim; enhance the provider data verification logic for sake of the added options

* refactor configs, added logging and add additional claim verification

* simplify logic by just having one configuration similar to oidc-email-claim

* added internal oidc token verifier, so that aud check behavior can be managed with oauth2-proxy and is compatible with extra-jwt-issuers

* refactored verification to reduce complexity

* refactored verification to reduce complexity

* added docs

* adjust tests to support new OIDCAudienceClaim and OIDCExtraAudiences options

* extend unit tests and ensure that audience is set with the value of aud claim configuration

* revert filemodes and update docs

* update docs

* remove unneccesary logging, refactor audience existence check and added additional unit tests

* fix linting issues after rebase on origin/main

* cleanup: use new imports for migrated libraries after rebase on origin/main

* adapt mock in keycloak_oidc_test.go

* allow specifying multiple audience claims, fixed bug where jwt issuers client id was not the being considered and fixed bug where aud claims with multiple audiences has broken the whole validation

* fixed formatting issue

* do not pass the whole options struct to minimize complexity and dependency to the configuration structure

* added changelog entry

* update docs

Co-authored-by: Sofia Weiler <sofia.weiler@aoe.com>
Co-authored-by: Christian Zenker <christian.zenker@aoe.com>
2022-02-15 16:12:22 +00:00
..
allowlist_test.go Improve AllowedRoute test table formatting 2020-10-07 10:13:41 -07:00
allowlist.go Improve AllowedRoute test table formatting 2020-10-07 10:13:41 -07:00
common_test.go SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
common.go SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
cookie_test.go Fix import path for v7 (#800) 2020-09-29 17:44:42 +01:00
cookie.go Fix import path for v7 (#800) 2020-09-29 17:44:42 +01:00
header_test.go SecretSource.Value should be plain text in memory 2020-12-01 08:56:46 +00:00
header.go Add validation for Headers struct 2020-11-07 17:16:54 +00:00
logging.go Fix import path for v7 (#800) 2020-09-29 17:44:42 +01:00
options_test.go rename Upstreams to UpstreamConfig and its Configs member to Upstreams then 2021-09-17 12:37:57 +00:00
options.go improved audience handling to support client credentials access tokens without aud claims (#1204) 2022-02-15 16:12:22 +00:00
providers_test.go Multiple providers in alpha config (#947) 2021-04-03 17:06:30 +01:00
providers.go Multiple providers in alpha config (#947) 2021-04-03 17:06:30 +01:00
sessions_test.go Integrate new header injectors with OAuth2 Proxy 2020-11-07 17:16:58 +00:00
sessions.go Support nonce checks in OIDC Provider (#967) 2021-04-21 10:33:27 +01:00
upstreams_test.go rename Upstreams to UpstreamConfig and its Configs member to Upstreams then 2021-09-17 12:37:57 +00:00
upstreams.go rename Upstreams to UpstreamConfig and its Configs member to Upstreams then 2021-09-17 12:37:57 +00:00
utils.go Add validation for Headers struct 2020-11-07 17:16:54 +00:00
validation_suite_test.go Ensure errors in tests are logged to the GinkgoWriter 2021-02-10 19:50:04 +00:00