databroker: update identity manager to use route credentials (#5728)

## Summary Currently when we refresh sessions we always use the global IdP credentials. This PR updates the identity manager to use route settings when defined. To do this a new `idp_id` field is added to the session stored in the databroker. ## Related issues - [ENG-2595](https://linear.app/pomerium/issue/ENG-2595/refresh-using-custom-idp-uses-wrong-credentials) - https://github.com/pomerium/pomerium/issues/4759 ## Checklist - [x] reference any related issues - [x] updated unit tests - [x] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [x] ready for review
2025-08-06 10:21:05 +02:00 · 2025-07-15 18:04:36 -06:00 · 2025-07-15 18:04:36 -06:00 · 622519e901
commit 622519e901
parent e5e799a868
14 changed files with 185 additions and 123 deletions
--- a/config/session_test.go
+++ b/config/session_test.go
@ -375,7 +375,7 @@ func Test_newSessionFromIDPClaims(t *testing.T) {
 			c := &incomingIDPTokenSessionCreator{
 				timeNow: func() time.Time { return tm1 },
 			}
-			actual := c.newSessionFromIDPClaims(cfg, tc.sessionID, tc.claims)
+			actual := c.newSessionFromIDPClaims(cfg, "", tc.sessionID, tc.claims)
 			testutil.AssertProtoEqual(t, tc.expect, actual)
 		})
 	}