3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-08-01 16:01:26 +02:00
Code Issues Projects Releases Packages Wiki Activity

wip

Browse source
This commit is contained in:
Caleb Doxsey 2025-02-11 16:01:35 -07:00
parent 229ef72e58
commit a8650b1749
13 changed files with 465 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

45
pkg/identity/oidc/oidc.go
View file

@ -360,3 +360,48 @@ func (p *Provider) SignOut(w http.ResponseWriter, r *http.Request, idTokenHint,
httputil.Redirect(w, r, endSessionURL.String(), http.StatusFound)
return nil
}
// VerifyAccessToken verifies a raw access token using the oidc UserInfo endpoint.
func (p *Provider) VerifyAccessToken(ctx context.Context, rawAccessToken string) (claims map[string]any, err error) {
pp, err := p.GetProvider()
if err != nil {
return nil, err
}
userInfo, err := pp.UserInfo(ctx, oauth2.StaticTokenSource(&oauth2.Token{
AccessToken: rawAccessToken,
TokenType: "Bearer",
}))
if err != nil {
return nil, err
}
claims = map[string]any{}
err = userInfo.Claims(claims)
if err != nil {
return nil, err
}
return claims, nil
}
// VerifyIdentityToken verifies a raw identity token using the oidc ID Token Verifier.
func (p *Provider) VerifyIdentityToken(ctx context.Context, rawIdentityToken string) (claims map[string]any, err error) {
verifier, err := p.GetVerifier()
if err != nil {
return nil, err
}
token, err := verifier.Verify(ctx, rawIdentityToken)
if err != nil {
return nil, err
}
claims = map[string]any{}
err = token.Claims(claims)
if err != nil {
return nil, err
}
return claims, nil
}