3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-29 10:26:29 +02:00
Code Issues Projects Releases Packages Wiki Activity

prototype: k8s jwt auth support

Browse source
This commit is contained in:
Joe Kralicky 2024-10-16 18:14:11 -04:00
parent 298a5a94a5
commit 6629170eb3
No known key found for this signature in database
GPG key ID: 75C4875F34A9FB79
3 changed files with 20 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
authorize/evaluator/opa/policy/headers.rego
View file

@ -77,7 +77,7 @@ jwt_payload_aud := v if {
v := input.issuer
} else := ""
jwt_payload_iss := v if {
jwt_payload_iss := concat("", ["https://", v, "/"]) if {
v := input.issuer
} else := ""
@ -201,6 +201,7 @@ set_request_headers := h if {
"pomerium.id_token": session_id_token,
"pomerium.access_token": session_access_token,
"pomerium.client_cert_fingerprint": client_cert_fingerprint,
"pomerium.jwt": signed_jwt,
}
h := [[header_name, header_value] |
some header_name

1
internal/controlplane/http.go
View file

@ -71,6 +71,7 @@ func (srv *Server) mountCommonEndpoints(root *mux.Router, cfg *config.Config) er
root.Handle("/.well-known/pomerium", handlers.WellKnownPomerium(authenticateURL))
root.Handle("/.well-known/pomerium/", handlers.WellKnownPomerium(authenticateURL))
root.Path("/.well-known/pomerium/jwks.json").Methods(http.MethodGet).Handler(handlers.JWKSHandler(signingKey))
root.Path("/.well-known/pomerium/openid-configuration").Methods(http.MethodGet).HandlerFunc(handlers.OpenidConfiguration)
root.Path(urlutil.HPKEPublicKeyPath).Methods(http.MethodGet).Handler(hpke_handlers.HPKEPublicKeyHandler(hpkePublicKey))
return nil
}

17
internal/handlers/openid_configuration.go Normal file
View file

@ -0,0 +1,17 @@
package handlers
import (
"encoding/json"
"net/http"
"net/url"
"github.com/pomerium/pomerium/internal/urlutil"
)
func OpenidConfiguration(w http.ResponseWriter, r *http.Request) {
u := urlutil.GetAbsoluteURL(r)
json.NewEncoder(w).Encode(map[string]string{
"issuer": u.ResolveReference(&url.URL{Path: "/"}).String(),
"jwks_uri": u.ResolveReference(&url.URL{Path: "/.well-known/pomerium/jwks.json"}).String(),
})
}