Decouple audience claim value from issuer format (#5345)

2025-05-20 12:37:16 +02:00 · 2024-10-25 16:21:19 -04:00 · 2024-10-25 16:21:19 -04:00 · 4f0ff35b4c
commit 4f0ff35b4c
parent fe31799eb5
3 changed files with 37 additions and 10 deletions
--- a/authorize/evaluator/headers_evaluator.go
+++ b/authorize/evaluator/headers_evaluator.go
@ -22,6 +22,7 @@ type HeadersRequest struct {
 	EnableGoogleCloudServerlessAuthentication bool                  `json:"enable_google_cloud_serverless_authentication"`
 	EnableRoutingKey                          bool                  `json:"enable_routing_key"`
 	Issuer                                    string                `json:"issuer"`
+	Audience                                  string                `json:"audience"`
 	KubernetesServiceAccountToken             string                `json:"kubernetes_service_account_token"`
 	ToAudience                                string                `json:"to_audience"`
 	Session                                   RequestSession        `json:"session"`
@ -32,6 +33,7 @@ type HeadersRequest struct {
 // NewHeadersRequestFromPolicy creates a new HeadersRequest from a policy.
 func NewHeadersRequestFromPolicy(policy *config.Policy, http RequestHTTP) (*HeadersRequest, error) {
 	input := new(HeadersRequest)
+	input.Audience = http.Hostname
 	var issuerFormat string
 	if policy != nil {
 		issuerFormat = policy.JWTIssuerFormat