authorize: add support for passing access or id token upstream (#3047)

* authorize: add support for passing access or id token upstream * use an enum
2025-08-03 16:59:22 +02:00 · 2022-02-17 09:28:31 -07:00 · 2022-02-17 09:28:31 -07:00 · 99b9a3ee12
commit 99b9a3ee12
parent 7140562a82
9 changed files with 726 additions and 538 deletions
--- a/pkg/grpc/config/config.go
+++ b/pkg/grpc/config/config.go
@ -1,6 +1,8 @@
 // Package config contains protobuf definitions for config.
 package config

+import "strings"
+
 // IsSet returns true if one of the route redirect options has been chosen.
 func (rr *RouteRedirect) IsSet() bool {
 	if rr == nil {
@ -16,3 +18,9 @@ func (rr *RouteRedirect) IsSet() bool {
 		rr.SchemeRedirect != nil ||
 		rr.HttpsRedirect != nil
 }
+
+// Route_AuthorizationHeaderModeFromString returns the Route_AuthorizationHeaderMode from a string.
+func Route_AuthorizationHeaderModeFromString(raw string) (Route_AuthorizationHeaderMode, bool) { //nolint
+	mode, ok := Route_AuthorizationHeaderMode_value[strings.ToUpper(raw)]
+	return Route_AuthorizationHeaderMode(mode), ok
+}
--- a/pkg/grpc/config/config.pb.go
+++ b/pkg/grpc/config/config.pb.go
--- a/pkg/grpc/config/config.proto
+++ b/pkg/grpc/config/config.proto
@ -34,6 +34,12 @@ message RouteRedirect {
 }

 message Route {
+  enum AuthorizationHeaderMode {
+    PASS_THROUGH = 0;
+    ACCESS_TOKEN = 1;
+    ID_TOKEN = 2;
+  }
+
  string name = 1;

  string from = 2;
@ -86,6 +92,7 @@ message Route {
  repeated string remove_request_headers = 23;
  map<string, string> set_response_headers = 41;
  repeated RouteRewriteHeader rewrite_response_headers = 40;
+  AuthorizationHeaderMode set_authorization_header = 54;

  bool preserve_host_header = 24;
  bool pass_identity_headers = 25;
@ -102,6 +109,7 @@ message Route {
  optional string host_rewrite_header = 51;
  optional string host_path_regex_rewrite_pattern = 52;
  optional string host_path_regex_rewrite_substitution = 53;
+
 }

 message Policy {