3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-25 14:08:09 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: always trust the passed in idp (#3931)

Browse source 
authenticate: always trust the passed in idp (#3917)

Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
This commit is contained in:
backport-actions-token[bot] 2023-01-30 19:06:35 -07:00 committed by GitHub
parent cc475a3985
commit 3ba74b38ae
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 20 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

9
authenticate/identity_profile.go
View file

@ -31,12 +31,9 @@ func (a *Authenticate) buildIdentityProfile(
oauthToken *oauth2.Token,
) (*identitypb.Profile, error) {
options := a.options.Load()
idp, err := options.GetIdentityProviderForID(r.FormValue(urlutil.QueryIdentityProviderID))
if err != nil {
return nil, fmt.Errorf("authenticate: error getting identity provider for id: %w", err)
}
idpID := r.FormValue(urlutil.QueryIdentityProviderID)
authenticator, err := a.cfg.getIdentityProvider(options, idp.GetId())
authenticator, err := a.cfg.getIdentityProvider(options, idpID)
if err != nil {
return nil, fmt.Errorf("authenticate: error getting identity provider authenticator: %w", err)
}
@ -57,7 +54,7 @@ func (a *Authenticate) buildIdentityProfile(
}
return &identitypb.Profile{
ProviderId: idp.GetId(),
ProviderId: idpID,
IdToken: rawIDToken,
OauthToken: rawOAuthToken,
Claims: rawClaims,