authenticator: support groups (#57)

- authenticate/providers: add group support to azure - authenticate/providers: add group support to google - authenticate/providers: add group support to okta - authenticate/providers: add group support to onelogin - {authenticate/proxy}: change default cookie lifetime timeout to 14 hours - proxy: sign group membership - proxy: add group header - deployment: add CHANGELOG - deployment: fix where make release wasn’t including version
2025-05-30 17:37:25 +02:00 · 2019-02-28 19:34:22 -08:00 · 2019-02-28 19:34:22 -08:00 · 1187be2bf3
commit 1187be2bf3
parent a2d647ee5b
54 changed files with 1757 additions and 1706 deletions
--- a/proto/authenticate/authenticate.proto
+++ b/proto/authenticate/authenticate.proto
@ -4,29 +4,24 @@ import "google/protobuf/timestamp.proto";
 package authenticate;

 service Authenticator {
-  rpc Authenticate(AuthenticateRequest) returns (AuthenticateReply) {}
+  rpc Authenticate(AuthenticateRequest) returns (Session) {}
  rpc Validate(ValidateRequest) returns (ValidateReply) {}
-  rpc Refresh(RefreshRequest) returns (RefreshReply) {}
+  rpc Refresh(Session) returns (Session) {}
 }

 message AuthenticateRequest { string code = 1; }

-message AuthenticateReply {
-  string access_token = 1;
-  string refresh_token = 2;
-  string id_token = 3;
-  string user = 4;
-  string email = 5;
-  google.protobuf.Timestamp expiry = 6;
-}
-
 message ValidateRequest { string id_token = 1; }

 message ValidateReply { bool is_valid = 1; }

-message RefreshRequest { string refresh_token = 1; }
-
-message RefreshReply {
+message Session {
  string access_token = 1;
-  google.protobuf.Timestamp expiry = 2;
-}
+  string refresh_token = 2;
+  string id_token = 3;
+  string user = 4;
+  string email = 5;
+  repeated string groups = 6;
+  google.protobuf.Timestamp refresh_deadline = 7;
+  google.protobuf.Timestamp lifetime_deadline = 8;
+}