mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-24 20:18:13 +02:00
authorize: support authenticating with idp tokens (#5484)
* identity: add support for verifying access and identity tokens * allow overriding with policy option * authenticate: add verify endpoints * wip * implement session creation * add verify test * implement idp token login * fix tests * add pr permission * make session ids route-specific * rename method * add test * add access token test * test for newUserFromIDPClaims * more tests * make the session id per-idp * use type for * add test * remove nil checks
This commit is contained in:
parent
6e22b7a19a
commit
b9fd926618
36 changed files with 2791 additions and 885 deletions
|
@ -1,7 +1,12 @@
|
|||
package httputil
|
||||
|
||||
// AuthorizationTypePomerium is for Authorization: Pomerium JWT... headers
|
||||
const AuthorizationTypePomerium = "Pomerium"
|
||||
// Pomerium authorization types
|
||||
const (
|
||||
// AuthorizationTypePomerium is for Authorization: Pomerium JWT... headers
|
||||
AuthorizationTypePomerium = "Pomerium"
|
||||
AuthorizationTypePomeriumIDPAccessToken = "Pomerium-IDP-Access-Token" //nolint: gosec
|
||||
AuthorizationTypePomeriumIDPIdentityToken = "Pomerium-IDP-Identity-Token" //nolint: gosec
|
||||
)
|
||||
|
||||
// Standard headers
|
||||
const (
|
||||
|
@ -16,7 +21,9 @@ const (
|
|||
// HeaderPomeriumAuthorization is the header key for a pomerium authorization JWT. It
|
||||
// can be used in place of the standard authorization header if that header is being
|
||||
// used by upstream applications.
|
||||
HeaderPomeriumAuthorization = "x-pomerium-authorization"
|
||||
HeaderPomeriumAuthorization = "x-pomerium-authorization"
|
||||
HeaderPomeriumIDPAccessToken = "x-pomerium-idp-access-token" //nolint: gosec
|
||||
HeaderPomeriumIDPIdentityToken = "x-pomerium-idp-identity-token" //nolint: gosec
|
||||
// HeaderPomeriumResponse is set when pomerium itself creates a response,
|
||||
// as opposed to the upstream application and can be used to distinguish
|
||||
// between an application error, and a pomerium related error when debugging.
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue