authenticate: support for per-route client id and client secret (#3030)

* implement dynamic provider support * authenticate: support per-route client id and secret
2025-08-03 16:59:22 +02:00 · 2022-02-16 12:31:55 -07:00 · 2022-02-16 12:31:55 -07:00 · f9b95a276b
commit f9b95a276b
parent 99ffaf233d
19 changed files with 557 additions and 183 deletions
--- a/config/identity.go
+++ b/config/identity.go
@ -0,0 +1,42 @@
+package config
+
+import (
+	"github.com/pomerium/pomerium/pkg/grpc/identity"
+)
+
+// GetIdentityProviderForID returns the identity provider associated with the given IDP id.
+// If none is found the default provider is returned.
+func (o *Options) GetIdentityProviderForID(idpID string) *identity.Provider {
+	for _, policy := range o.GetAllPolicies() {
+		idp := o.GetIdentityProviderForPolicy(&policy) //nolint
+		if idp.GetId() == idpID {
+			return idp
+		}
+	}
+
+	return o.GetIdentityProviderForPolicy(nil)
+}
+
+// GetIdentityProviderForPolicy gets the identity provider associated with the given policy.
+// If policy is nil, or changes none of the default settings, the default provider is returned.
+func (o *Options) GetIdentityProviderForPolicy(policy *Policy) *identity.Provider {
+	idp := &identity.Provider{
+		ClientId:       o.ClientID,
+		ClientSecret:   o.ClientSecret,
+		Type:           o.Provider,
+		Scopes:         o.Scopes,
+		ServiceAccount: o.ServiceAccount,
+		Url:            o.ProviderURL,
+		RequestParams:  o.RequestParams,
+	}
+	if policy != nil {
+		if policy.IDPClientID != "" {
+			idp.ClientId = policy.IDPClientID
+		}
+		if policy.IDPClientSecret != "" {
+			idp.ClientSecret = policy.IDPClientSecret
+		}
+	}
+	idp.Id = idp.Hash()
+	return idp
+}