public_git
/
oauth2-proxy
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add import for provider options

This commit is contained in:
Kevin Kreitner 2025-01-12 17:55:18 +01:00 committed by Jan Larwig
parent 652d16692d
commit 5ee1951f03
No known key found for this signature in database
GPG Key ID: C2172BFA220A037A
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
providers/cidaas.go
View File

@ -7,6 +7,7 @@ import (
"fmt" "fmt"
"github.com/bitly/go-simplejson" "github.com/bitly/go-simplejson"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/options"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/apis/sessions"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/logger"
"github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests" "github.com/oauth2-proxy/oauth2-proxy/v7/pkg/requests"
@ -39,8 +40,6 @@ func NewCIDAASProvider(p *ProviderData, opts options.Provider) *CIDAASProvider {
scope: CidaasDefaultScope, scope: CidaasDefaultScope,
}) })
opts.InsecureSkipNonce = true // Should this be configurable or not?! Do you need to skip the nonce for Cidaas?
return &CIDAASProvider{ return &CIDAASProvider{
OIDCProvider: NewOIDCProvider(p, opts.OIDCConfig), OIDCProvider: NewOIDCProvider(p, opts.OIDCConfig),
} }
@ -55,7 +54,7 @@ func (p *CIDAASProvider) RefreshSession(ctx context.Context, s *sessions.Session
if err := p.redeemRefreshToken(ctx, s); err != nil { if err := p.redeemRefreshToken(ctx, s); err != nil {
return false, fmt.Errorf("unable to redeem refresh token: %w", err) return false, fmt.Errorf("unable to redeem refresh token: %w", err)
} }
if err := p.EnrichSession(ctx, s); err != nil { if err := p.EnrichSession(ctx, s); err != nil {
return false, fmt.Errorf("unable to enrich session data after refresh: %w %v", err, s) return false, fmt.Errorf("unable to enrich session data after refresh: %w %v", err, s)
} }
@ -68,7 +67,7 @@ func (p *CIDAASProvider) EnrichSession(ctx context.Context, s *sessions.SessionS
if p.ProfileURL.String() == "" && s.Email == "" { if p.ProfileURL.String() == "" && s.Email == "" {
return errors.New("id_token did not contain an email and profileURL is not defined") return errors.New("id_token did not contain an email and profileURL is not defined")
} else if p.ProfileURL.String() == "" { } else if p.ProfileURL.String() == "" {
return nil return nil
} }
// Try to get missing emails or groups from a profileURL // Try to get missing emails or groups from a profileURL
@ -115,7 +114,7 @@ func (p *CIDAASProvider) extractGroups(respJSON *simplejson.Json) ([]string, err
if err != nil { if err != nil {
return nil, err return nil, err
} }
var groupsClaimList GroupsClaimList var groupsClaimList GroupsClaimList
err = json.Unmarshal(rawGroupsClaim, &groupsClaimList) err = json.Unmarshal(rawGroupsClaim, &groupsClaimList)
if err != nil { if err != nil {