3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-29 00:47:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: rework session ID token handling (#5178)

Browse source 
Currently, the Session proto id_token field is populated with Pomerium
session data during initial login, but with IdP ID token data after an
IdP session refresh.

Instead, store only IdP ID token data in this field.

Update the existing SetRawIDToken method to populate the structured data
fields based on the contents of the raw ID token. Remove the other code
that sets these fields (in the authenticateflow package and in
manager.sessionUnmarshaler).

Add a test for the identity manager, exercising the combined effect of
session claims unmarshaling and SetRawIDToken(), to verify that the
combined behavior is preserved unchanged.
This commit is contained in:
Kenneth Jenkins 2024-07-29 12:43:50 -07:00 committed by GitHub
parent dbedfc586f
commit 418ee79e1a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 412 additions and 89 deletions
Download patch file Download diff file Expand all files Collapse all files

4
internal/authenticateflow/authenticateflow.go
View file

@ -5,6 +5,7 @@ package authenticateflow
import (
"fmt"
"time"
"google.golang.org/protobuf/types/known/structpb"
@ -13,6 +14,9 @@ import (
"github.com/pomerium/pomerium/pkg/identity"
)
// timeNow is time.Now but pulled out as a variable for tests.
var timeNow = time.Now
var outboundGRPCConnection = new(grpc.CachedOutboundGRPClientConn)
func populateUserFromClaims(u *user.User, claims map[string]any) {