authorize: implement allowed_idp_claims (#1542)

* add arbitrary claims to session * add support for maps * update flattened claims * fix eol * fix trailing whitespace * fix tests
2025-08-03 08:50:42 +02:00 · 2020-10-23 14:05:37 -06:00 · 2020-10-23 14:05:37 -06:00 · 153e438eb6
commit 153e438eb6
parent 2a97e92d50
24 changed files with 1369 additions and 743 deletions
--- a/internal/identity/manager/misc.go
+++ b/internal/identity/manager/misc.go
@ -1,90 +1,14 @@
 package manager

 import (
-	"fmt"
 	"strings"

 	"github.com/golang/protobuf/ptypes"
-	structpb "github.com/golang/protobuf/ptypes/struct"
 	"golang.org/x/oauth2"
-	"google.golang.org/protobuf/types/known/anypb"
-	"google.golang.org/protobuf/types/known/wrapperspb"

 	"github.com/pomerium/pomerium/pkg/grpc/session"
 )

-func toAny(value interface{}) (*anypb.Any, error) {
-	switch v := value.(type) {
-	case bool:
-		return ptypes.MarshalAny(&wrapperspb.BoolValue{Value: v})
-	case []byte:
-		return ptypes.MarshalAny(&wrapperspb.BytesValue{Value: v})
-	case float64:
-		return ptypes.MarshalAny(&wrapperspb.DoubleValue{Value: v})
-	case float32:
-		return ptypes.MarshalAny(&wrapperspb.FloatValue{Value: v})
-	case int32:
-		return ptypes.MarshalAny(&wrapperspb.Int32Value{Value: v})
-	case int64:
-		return ptypes.MarshalAny(&wrapperspb.Int64Value{Value: v})
-	case string:
-		return ptypes.MarshalAny(&wrapperspb.StringValue{Value: v})
-	case uint32:
-		return ptypes.MarshalAny(&wrapperspb.UInt32Value{Value: v})
-	case uint64:
-		return ptypes.MarshalAny(&wrapperspb.UInt64Value{Value: v})
-
-	case []interface{}:
-		lst := &structpb.ListValue{}
-		for _, c := range v {
-			if cv, err := toValue(c); err == nil {
-				lst.Values = append(lst.Values, cv)
-			}
-		}
-		return ptypes.MarshalAny(lst)
-	}
-	return nil, fmt.Errorf("unknown type %T", value)
-}
-
-func toValue(value interface{}) (*structpb.Value, error) {
-	switch v := value.(type) {
-	case bool:
-		return &structpb.Value{
-			Kind: &structpb.Value_BoolValue{BoolValue: v},
-		}, nil
-	case float64:
-		return &structpb.Value{
-			Kind: &structpb.Value_NumberValue{NumberValue: v},
-		}, nil
-	case float32:
-		return &structpb.Value{
-			Kind: &structpb.Value_NumberValue{NumberValue: float64(v)},
-		}, nil
-	case int32:
-		return &structpb.Value{
-			Kind: &structpb.Value_NumberValue{NumberValue: float64(v)},
-		}, nil
-	case int64:
-		return &structpb.Value{
-			Kind: &structpb.Value_NumberValue{NumberValue: float64(v)},
-		}, nil
-	case string:
-		return &structpb.Value{
-			Kind: &structpb.Value_StringValue{StringValue: v},
-		}, nil
-	case uint32:
-		return &structpb.Value{
-			Kind: &structpb.Value_NumberValue{NumberValue: float64(v)},
-		}, nil
-	case uint64:
-		return &structpb.Value{
-			Kind: &structpb.Value_NumberValue{NumberValue: float64(v)},
-		}, nil
-
-	}
-	return nil, fmt.Errorf("unknown type %T", value)
-}
-
 func toSessionSchedulerKey(userID, sessionID string) string {
 	return userID + "\037" + sessionID
 }