sessions: check idp id to detect provider changes to force session invalidation

This commit is contained in:
Caleb Doxsey 2022-10-25 14:23:06 -06:00
parent 3f7a482815
commit 6ceba8ed72
12 changed files with 265 additions and 175 deletions

View file

@ -9,8 +9,6 @@ import (
"github.com/pomerium/pomerium/internal/encoding/jws"
"github.com/pomerium/pomerium/internal/sessions"
"github.com/pomerium/pomerium/internal/sessions/cookie"
"github.com/pomerium/pomerium/internal/sessions/header"
"github.com/pomerium/pomerium/internal/sessions/queryparam"
"github.com/pomerium/pomerium/pkg/cryptutil"
)
@ -26,7 +24,6 @@ type proxyState struct {
encoder encoding.MarshalUnmarshaler
cookieSecret []byte
sessionStore sessions.SessionStore
sessionLoaders []sessions.SessionLoader
jwtClaimHeaders config.JWTClaimHeaders
programmaticRedirectDomainWhitelist []string
@ -84,11 +81,6 @@ func newProxyStateFromConfig(cfg *config.Config) (*proxyState, error) {
if err != nil {
return nil, err
}
state.sessionLoaders = []sessions.SessionLoader{
state.sessionStore,
header.NewStore(state.encoder),
queryparam.NewStore(state.encoder, "pomerium_session"),
}
state.programmaticRedirectDomainWhitelist = cfg.Options.ProgrammaticRedirectDomainWhitelist
return state, nil