mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-24 12:08:19 +02:00
save session in the authorization request
This commit is contained in:
parent
52af622cc4
commit
42e1d462da
5 changed files with 69 additions and 20 deletions
|
@ -2,11 +2,14 @@ package mcp
|
|||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
|
||||
"github.com/go-jose/go-jose/v3/jwt"
|
||||
"google.golang.org/grpc/codes"
|
||||
"google.golang.org/grpc/status"
|
||||
|
||||
"github.com/pomerium/pomerium/internal/httputil"
|
||||
"github.com/pomerium/pomerium/internal/log"
|
||||
"github.com/pomerium/pomerium/internal/oauth21"
|
||||
)
|
||||
|
@ -20,7 +23,14 @@ func (srv *Handler) Authorize(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
ctx := r.Context()
|
||||
|
||||
v, err := oauth21.ParseCodeGrantAuthorizeRequest(r)
|
||||
sessionID, err := getSessionFromRequest(r)
|
||||
if err != nil {
|
||||
log.Ctx(ctx).Error().Err(err).Msg("session is not present, this is a misconfigured request")
|
||||
http.Error(w, "internal server error", http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
|
||||
v, err := oauth21.ParseCodeGrantAuthorizeRequest(r, sessionID)
|
||||
if err != nil {
|
||||
log.Ctx(ctx).Error().Err(err).Msg("failed to parse authorization request")
|
||||
oauth21.ErrorResponse(w, http.StatusBadRequest, oauth21.InvalidRequest)
|
||||
|
@ -55,3 +65,23 @@ func (srv *Handler) Authorize(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
http.Error(w, "not implemented", http.StatusNotImplemented)
|
||||
}
|
||||
|
||||
func getSessionFromRequest(r *http.Request) (string, error) {
|
||||
h := r.Header.Get(httputil.HeaderPomeriumJWTAssertion)
|
||||
if h == "" {
|
||||
return "", fmt.Errorf("missing %s header", httputil.HeaderPomeriumJWTAssertion)
|
||||
}
|
||||
|
||||
token, err := jwt.ParseSigned(h)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to parse JWT: %w", err)
|
||||
}
|
||||
var m map[string]any
|
||||
_ = token.UnsafeClaimsWithoutVerification(&m)
|
||||
sessionID, ok := m["sid"].(string)
|
||||
if !ok {
|
||||
return "", fmt.Errorf("missing session ID in JWT")
|
||||
}
|
||||
|
||||
return sessionID, nil
|
||||
}
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue