3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-25 15:07:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

mcp: handle and pass upstream oauth2 tokens (#5595)

Browse source
This commit is contained in:
Denis Mishin 2025-05-01 12:42:31 -04:00 committed by GitHub
parent 561b6040b5
commit 9d66f762e1
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
14 changed files with 337 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

14
internal/oauth21/proto/authorization_request.proto
View file

@ -10,7 +10,7 @@ option go_package = "github.com/pomerium/pomerium/internal/oauth21/gen";
// https://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-12#section-4.1.1
message AuthorizationRequest {
// The client identifier as described in Section 2.2.
string client_id = 1 [ (buf.validate.field).required = true ];
string client_id = 1 [(buf.validate.field).required = true];
// OPTIONAL if only one redirect URI is registered for this client. REQUIRED
// if multiple redirict URIs are registered for this client.
@ -23,7 +23,7 @@ message AuthorizationRequest {
// code flow.
string response_type = 3 [
(buf.validate.field).required = true,
(buf.validate.field).string = {in : [ "code" ]}
(buf.validate.field).string = {in: ["code"]}
];
// OPTIONAL. An opaque value used by the client to maintain state between the
@ -37,15 +37,17 @@ message AuthorizationRequest {
// REQUIRED, assumes https://www.rfc-editor.org/rfc/rfc7636.html#section-4.1
string code_challenge = 6 [
(buf.validate.field).required = true,
(buf.validate.field).string = {min_len : 43, max_len : 128}
(buf.validate.field).string = {min_len: 43, max_len: 128}
];
// OPTIONAL, defaults to plain if not present in the request. Code verifier
// transformation method is S256 or plain.
optional string code_challenge_method = 7
[ (buf.validate.field).string = {in : [ "S256", "plain" ]} ];
optional string code_challenge_method = 7 [(buf.validate.field).string = {in: ["S256", "plain"]}];
// session this authorization request is associated with.
// This is a Pomerium implementation specific field.
string session_id = 8 [ (buf.validate.field).required = true ];
string session_id = 8 [(buf.validate.field).required = true];
// user id this authorization request is associated with.
// This is a Pomerium implementation specific field.
string user_id = 9 [(buf.validate.field).required = true];
}