proxy: add userinfo and webauthn endpoints (#3755)

* proxy: add userinfo and webauthn endpoints * use TLD for RP id * use EffectiveTLDPlusOne * upgrade webauthn * fix test * Update internal/handlers/jwks.go Co-authored-by: bobby <1544881+desimone@users.noreply.github.com> Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
2025-07-19 17:50:17 +02:00 · 2022-11-22 10:26:35 -07:00 · 2022-11-22 10:26:35 -07:00 · c1a522cd82
commit c1a522cd82
parent 81053ac8ef
33 changed files with 498 additions and 216 deletions
--- a/pkg/webauthnutil/webauthnutil.go
+++ b/pkg/webauthnutil/webauthnutil.go
@ -1,2 +1,32 @@
 // Package webauthnutil contains types and functions for working with the webauthn package.
 package webauthnutil
+
+import (
+	"net"
+	"net/http"
+
+	"golang.org/x/net/publicsuffix"
+
+	"github.com/pomerium/pomerium/pkg/grpc/databroker"
+	"github.com/pomerium/webauthn"
+)
+
+// GetRelyingParty gets a RelyingParty for the given request and databroker client.
+func GetRelyingParty(r *http.Request, client databroker.DataBrokerServiceClient) *webauthn.RelyingParty {
+	return webauthn.NewRelyingParty(
+		"https://"+GetEffectiveDomain(r),
+		NewCredentialStorage(client),
+	)
+}
+
+// GetEffectiveDomain returns the effective domain for an HTTP request.
+func GetEffectiveDomain(r *http.Request) string {
+	h, _, err := net.SplitHostPort(r.Host)
+	if err != nil {
+		h = r.Host
+	}
+	if tld, err := publicsuffix.EffectiveTLDPlusOne(h); err == nil {
+		return tld
+	}
+	return h
+}