3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-03 01:48:02 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add new device_auth_client_type setting to allow attaching the client_secret to device auth requests

Browse source
This commit is contained in:
Joe Kralicky 2024-06-06 15:57:37 -04:00
parent fb7440a607
commit bd5ad2e909
No known key found for this signature in database
GPG key ID: 75C4875F34A9FB79
9 changed files with 1052 additions and 984 deletions
Download patch file Download diff file Expand all files Collapse all files

22
config/identity.go
View file

@ -1,6 +1,8 @@
package config
import (
"fmt"
"github.com/pomerium/pomerium/internal/urlutil"
"github.com/pomerium/pomerium/pkg/grpc/identity"
)
@ -30,13 +32,21 @@ func (o *Options) GetIdentityProviderForPolicy(policy *Policy) (*identity.Provid
return nil, err
}
deviceAuthClientType := "public"
if o.DeviceAuthClientType != "" {
if deviceAuthClientType != "public" && deviceAuthClientType != "confidential" {
return nil, fmt.Errorf("config: invalid device auth client type %q", o.DeviceAuthClientType)
}
deviceAuthClientType = o.DeviceAuthClientType
}
idp := &identity.Provider{
ClientId: o.ClientID,
ClientSecret: clientSecret,
Type: o.Provider,
Scopes: o.Scopes,
Url: o.ProviderURL,
RequestParams: o.RequestParams,
ClientId: o.ClientID,
ClientSecret: clientSecret,
Type: o.Provider,
Scopes: o.Scopes,
Url: o.ProviderURL,
RequestParams: o.RequestParams,
DeviceAuthClientType: &deviceAuthClientType,
}
if policy != nil {
if policy.IDPClientID != "" {