3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-07-12 22:38:21 +02:00
Code Issues Projects Releases Packages Wiki Activity

authenticate: always trust the passed in idp

Browse source
This commit is contained in:
Caleb Doxsey 2023-01-27 13:50:57 -07:00
parent 447e38fc2a
commit d4571fbc9c
2 changed files with 20 additions and 43 deletions
Download patch file Download diff file Expand all files Collapse all files

9
authenticate/identity_profile.go
View file

@ -31,12 +31,9 @@ func (a *Authenticate) buildIdentityProfile(
oauthToken *oauth2.Token,
) (*identitypb.Profile, error) {
options := a.options.Load()
idp, err := options.GetIdentityProviderForID(r.FormValue(urlutil.QueryIdentityProviderID))
if err != nil {
return nil, fmt.Errorf("authenticate: error getting identity provider for id: %w", err)
}
idpID := r.FormValue(urlutil.QueryIdentityProviderID)
authenticator, err := a.cfg.getIdentityProvider(options, idp.GetId())
authenticator, err := a.cfg.getIdentityProvider(options, idpID)
if err != nil {
return nil, fmt.Errorf("authenticate: error getting identity provider authenticator: %w", err)
}
@ -57,7 +54,7 @@ func (a *Authenticate) buildIdentityProfile(
}
return &identitypb.Profile{
ProviderId: idp.GetId(),
ProviderId: idpID,
IdToken: rawIDToken,
OauthToken: rawOAuthToken,
Claims: rawClaims,