3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 18:06:34 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add an 'issuer' field to the /.well-known/pomerium endpoint (#5344)

Browse source 
The field contains the route's base uri, including the https:// scheme
and ending with a trailing slash.
This commit is contained in:
Joe Kralicky 2024-10-25 13:07:57 -04:00 committed by GitHub
parent a42e286637
commit 5464cda90e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
internal/controlplane/server_test.go
View file

@ -52,6 +52,7 @@ func TestServerHTTP(t *testing.T) {
require.NoError(t, err) require.NoError(t, err)
expect := map[string]any{ expect := map[string]any{
"issuer": fmt.Sprintf("https://localhost:%s/", src.GetConfig().HTTPPort),
"authentication_callback_endpoint": "https://authenticate.localhost.pomerium.io/oauth2/callback", "authentication_callback_endpoint": "https://authenticate.localhost.pomerium.io/oauth2/callback",
"frontchannel_logout_uri": fmt.Sprintf("https://localhost:%s/.pomerium/sign_out", src.GetConfig().HTTPPort), "frontchannel_logout_uri": fmt.Sprintf("https://localhost:%s/.pomerium/sign_out", src.GetConfig().HTTPPort),
"jwks_uri": fmt.Sprintf("https://localhost:%s/.well-known/pomerium/jwks.json", src.GetConfig().HTTPPort), "jwks_uri": fmt.Sprintf("https://localhost:%s/.well-known/pomerium/jwks.json", src.GetConfig().HTTPPort),

2
internal/handlers/well_known_pomerium.go
View file

@ -15,10 +15,12 @@ import (
func WellKnownPomerium(authenticateURL *url.URL) http.Handler { func WellKnownPomerium(authenticateURL *url.URL) http.Handler {
return cors.AllowAll().Handler(httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error { return cors.AllowAll().Handler(httputil.HandlerFunc(func(w http.ResponseWriter, r *http.Request) error {
wellKnownURLs := struct { wellKnownURLs := struct {
Issuer string `json:"issuer"`
OAuth2Callback string `json:"authentication_callback_endpoint"` // RFC6749 OAuth2Callback string `json:"authentication_callback_endpoint"` // RFC6749
JSONWebKeySetURL string `json:"jwks_uri"` // RFC7517 JSONWebKeySetURL string `json:"jwks_uri"` // RFC7517
FrontchannelLogoutURI string `json:"frontchannel_logout_uri"` // https://openid.net/specs/openid-connect-frontchannel-1_0.html FrontchannelLogoutURI string `json:"frontchannel_logout_uri"` // https://openid.net/specs/openid-connect-frontchannel-1_0.html
}{ }{
urlutil.GetAbsoluteURL(r).ResolveReference(&url.URL{Path: "/"}).String(),
authenticateURL.ResolveReference(&url.URL{Path: "/oauth2/callback"}).String(), authenticateURL.ResolveReference(&url.URL{Path: "/oauth2/callback"}).String(),
urlutil.GetAbsoluteURL(r).ResolveReference(&url.URL{Path: "/.well-known/pomerium/jwks.json"}).String(), urlutil.GetAbsoluteURL(r).ResolveReference(&url.URL{Path: "/.well-known/pomerium/jwks.json"}).String(),
urlutil.GetAbsoluteURL(r).ResolveReference(&url.URL{Path: "/.pomerium/sign_out"}).String(), urlutil.GetAbsoluteURL(r).ResolveReference(&url.URL{Path: "/.pomerium/sign_out"}).String(),

1
internal/handlers/well_known_pomerium_test.go
View file

@ -27,6 +27,7 @@ func TestWellKnownPomeriumHandler(t *testing.T) {
r := httptest.NewRequest(http.MethodGet, "https://route.example.com", nil) r := httptest.NewRequest(http.MethodGet, "https://route.example.com", nil)
WellKnownPomerium(authenticateURL).ServeHTTP(w, r) WellKnownPomerium(authenticateURL).ServeHTTP(w, r)
assert.JSONEq(t, `{ assert.JSONEq(t, `{
"issuer": "https://route.example.com/",
"authentication_callback_endpoint": "https://authenticate.example.com/oauth2/callback", "authentication_callback_endpoint": "https://authenticate.example.com/oauth2/callback",
"frontchannel_logout_uri": "https://route.example.com/.pomerium/sign_out", "frontchannel_logout_uri": "https://route.example.com/.pomerium/sign_out",
"jwks_uri": "https://route.example.com/.well-known/pomerium/jwks.json" "jwks_uri": "https://route.example.com/.well-known/pomerium/jwks.json"