From 11699a822aad4226c65c5f506f4c0b299e25d291 Mon Sep 17 00:00:00 2001 From: Preston Sheldon Date: Fri, 4 Feb 2022 04:22:33 -0500 Subject: [PATCH] Add ValidateSession function to LoginGovProvder to include Auth Header (#1509) * Add ValidateSession function to LoginGovProvder to include Auth Header * Update CHANGELOG for PR 1509 * Update logingov_test to include ValidationURL --- CHANGELOG.md | 1 + providers/logingov.go | 7 ++++++- providers/logingov_test.go | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f75520da..4b8cf14a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,7 @@ - [#1489](https://github.com/oauth2-proxy/oauth2-proxy/pull/1489) Fix Docker Buildx push to include build version (@JoelSpeed) - [#1477](https://github.com/oauth2-proxy/oauth2-proxy/pull/1477) Remove provider documentation for `Microsoft Azure AD` (@omBratteng) +- [#1509](https://github.com/oauth2-proxy/oauth2-proxy/pull/1509) Update LoginGovProvider ValidateSession to pass access_token in Header (@pksheldon4) # V7.2.1 diff --git a/providers/logingov.go b/providers/logingov.go index 80b5e7ad..103fdf11 100644 --- a/providers/logingov.go +++ b/providers/logingov.go @@ -84,7 +84,7 @@ func NewLoginGovProvider(p *ProviderData) *LoginGovProvider { loginURL: loginGovDefaultLoginURL, redeemURL: loginGovDefaultRedeemURL, profileURL: loginGovDefaultProfileURL, - validateURL: nil, + validateURL: loginGovDefaultProfileURL, scope: loginGovDefaultScope, }) return &LoginGovProvider{ @@ -237,3 +237,8 @@ func (p *LoginGovProvider) GetLoginURL(redirectURI, state, _ string) string { a := makeLoginURL(p.ProviderData, redirectURI, state, extraParams) return a.String() } + +// ValidateSession validates the AccessToken +func (p *LoginGovProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool { + return validateToken(ctx, p, s.AccessToken, makeOIDCHeader(s.AccessToken)) +} diff --git a/providers/logingov_test.go b/providers/logingov_test.go index 3ed0f520..db30262e 100644 --- a/providers/logingov_test.go +++ b/providers/logingov_test.go @@ -75,7 +75,7 @@ func TestNewLoginGovProvider(t *testing.T) { g.Expect(providerData.LoginURL.String()).To(Equal("https://secure.login.gov/openid_connect/authorize")) g.Expect(providerData.RedeemURL.String()).To(Equal("https://secure.login.gov/api/openid_connect/token")) g.Expect(providerData.ProfileURL.String()).To(Equal("https://secure.login.gov/api/openid_connect/userinfo")) - g.Expect(providerData.ValidateURL.String()).To(Equal("")) + g.Expect(providerData.ValidateURL.String()).To(Equal("https://secure.login.gov/api/openid_connect/userinfo")) g.Expect(providerData.Scope).To(Equal("email openid")) }