3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-04 01:09:36 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: move sign out and jwks urls to route, update issuer for JWT (#4046)

Browse source 
* authorize: move sign out and jwks urls to route, update issuer for JWT

* fix test
This commit is contained in:
Caleb Doxsey 2023-03-08 12:40:15 -07:00 committed by GitHub
parent 376bfe053d
commit 1dee325b72
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 36 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/controlplane/server_test.go
View file

@ -53,8 +53,8 @@ func TestServerHTTP(t *testing.T) {
expect := map[string]any{
"authentication_callback_endpoint": "https://authenticate.localhost.pomerium.io/oauth2/callback",
"frontchannel_logout_uri": "https://authenticate.localhost.pomerium.io/.pomerium/sign_out",
"jwks_uri": "https://authenticate.localhost.pomerium.io/.well-known/pomerium/jwks.json",
"frontchannel_logout_uri": fmt.Sprintf("https://localhost:%s/.pomerium/sign_out", src.GetConfig().HTTPPort),
"jwks_uri": fmt.Sprintf("https://localhost:%s/.well-known/pomerium/jwks.json", src.GetConfig().HTTPPort),
}
assert.Equal(t, expect, actual)
})

5
internal/handlers/well_known_pomerium.go
View file

@ -8,6 +8,7 @@ import (
"github.com/pomerium/csrf"
"github.com/pomerium/pomerium/internal/httputil"
"github.com/pomerium/pomerium/internal/urlutil"
)
// WellKnownPomerium returns the /.well-known/pomerium handler.
@ -19,8 +20,8 @@ func WellKnownPomerium(authenticateURL *url.URL) http.Handler {
FrontchannelLogoutURI string `json:"frontchannel_logout_uri"` // https://openid.net/specs/openid-connect-frontchannel-1_0.html
}{
authenticateURL.ResolveReference(&url.URL{Path: "/oauth2/callback"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/.well-known/pomerium/jwks.json"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/.pomerium/sign_out"}).String(),
urlutil.GetAbsoluteURL(r).ResolveReference(&url.URL{Path: "/.well-known/pomerium/jwks.json"}).String(),
urlutil.GetAbsoluteURL(r).ResolveReference(&url.URL{Path: "/.pomerium/sign_out"}).String(),
}
w.Header().Set("X-CSRF-Token", csrf.Token(r))
httputil.RenderJSON(w, http.StatusOK, wellKnownURLs)

11
internal/handlers/well_known_pomerium_test.go
View file

@ -21,4 +21,15 @@ func TestWellKnownPomeriumHandler(t *testing.T) {
WellKnownPomerium(authenticateURL).ServeHTTP(w, r)
assert.Equal(t, http.StatusNoContent, w.Result().StatusCode)
})
t.Run("links", func(t *testing.T) {
authenticateURL, _ := url.Parse("https://authenticate.example.com")
w := httptest.NewRecorder()
r := httptest.NewRequest(http.MethodGet, "https://route.example.com", nil)
WellKnownPomerium(authenticateURL).ServeHTTP(w, r)
assert.JSONEq(t, `{
"authentication_callback_endpoint": "https://authenticate.example.com/oauth2/callback",
"frontchannel_logout_uri": "https://route.example.com/.pomerium/sign_out",
"jwks_uri": "https://route.example.com/.well-known/pomerium/jwks.json"
}`, w.Body.String())
})
}