config: remove set_authorization_header option

Remove the deprecated set_authorization_header option entirely. Add an entry to the removedConfigFields map with a link to the relevant Upgrading page section.
2025-07-31 07:19:16 +02:00 · 2023-08-28 12:30:16 -07:00 · 2023-08-28 12:30:16 -07:00 · eeb1fc23cd
commit eeb1fc23cd
parent 5a4acc5cd3
8 changed files with 658 additions and 818 deletions
--- a/authorize/evaluator/headers_evaluator.go
+++ b/authorize/evaluator/headers_evaluator.go
@ -15,7 +15,6 @@ import (
 	"github.com/pomerium/pomerium/authorize/internal/store"
 	"github.com/pomerium/pomerium/config"
 	"github.com/pomerium/pomerium/internal/telemetry/trace"
-	configpb "github.com/pomerium/pomerium/pkg/grpc/config"
 )

 // HeadersRequest is the input to the headers.rego script.
@ -27,8 +26,6 @@ type HeadersRequest struct {
 	ToAudience                                string                `json:"to_audience"`
 	Session                                   RequestSession        `json:"session"`
 	ClientCertificate                         ClientCertificateInfo `json:"client_certificate"`
-	PassAccessToken                           bool                  `json:"pass_access_token"`
-	PassIDToken                               bool                  `json:"pass_id_token"`
 	SetRequestHeaders                         map[string]string     `json:"set_request_headers"`
 }

@ -44,8 +41,6 @@ func NewHeadersRequestFromPolicy(policy *config.Policy, http RequestHTTP) *Heade
 		for _, wu := range policy.To {
 			input.ToAudience = "https://" + wu.URL.Hostname()
 		}
-		input.PassAccessToken = policy.GetSetAuthorizationHeader() == configpb.Route_ACCESS_TOKEN
-		input.PassIDToken = policy.GetSetAuthorizationHeader() == configpb.Route_ID_TOKEN
 		input.ClientCertificate = http.ClientCertificate
 		input.SetRequestHeaders = policy.SetRequestHeaders
 	}