3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-03 03:12:50 +02:00
Code Issues Projects Releases Packages Wiki Activity

authorize: add support for passing access or id token upstream (#3047)

Browse source 
* authorize: add support for passing access or id token upstream

* use an enum
This commit is contained in:
Caleb Doxsey 2022-02-17 09:28:31 -07:00 committed by GitHub
parent 7140562a82
commit 99b9a3ee12
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 726 additions and 538 deletions
Download patch file Download diff file Expand all files Collapse all files

12
docs/reference/readme.md
View file

@ -1476,6 +1476,18 @@ explicitly set, then `timeout` would be unlimited (`0s`). You still may specify
of the connection using `timeout` value (i.e. to 1 day).
### Set Authorization Header
- `yaml`/`json` setting: `set_authorization_header`
- Type: `string` (`pass_through`, `access_token` or `id_token`)
- Optional
- Default: `pass_through`
Set Authorization Header allows you to send a user's identity token through as a Bearer token in the Authorization header.
Use `access_token` to send the OAuth access token, `id_token` to send the OIDC id token, or `pass_through` (the default) to leave the Authorization header unchanged
when it's not used for Pomerium authentication.
### Set Request Headers
- Config File Key: `set_request_headers`
- Type: map of `strings` key value pairs

13
docs/reference/settings.yaml
View file

@ -1622,6 +1622,19 @@ settings:
or set it to unlimited (`0s`). If `idle_timeout` is specified, and `timeout` is not
explicitly set, then `timeout` would be unlimited (`0s`). You still may specify maximum lifetime
of the connection using `timeout` value (i.e. to 1 day).
- name: "Set Authorization Header"
keys: ["set_authorization_header"]
attributes: |
- `yaml`/`json` setting: `set_authorization_header`
- Type: `string` (`pass_through`, `access_token` or `id_token`)
- Optional
- Default: `pass_through`
doc: |
Set Authorization Header allows you to send a user's identity token through as a Bearer token in the Authorization header.
Use `access_token` to send the OAuth access token, `id_token` to send the OIDC id token, or `pass_through` (the default) to leave the Authorization header unchanged
when it's not used for Pomerium authentication.
- name: "Set Request Headers"
keys: ["set_request_headers"]
attributes: |