backport-actions-token[bot]
aa9d7b8a8b
authorize: use session.user_id in headers ( #2571 ) ( #2572 )
...
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
2021-09-03 14:56:22 -06:00
backport-actions-token[bot]
90252985c9
authorize: fix X-Pomerium-Claim-Groups ( #2539 ) ( #2540 )
...
Co-authored-by: Caleb Doxsey <cdoxsey@pomerium.com>
2021-08-27 02:31:11 +00:00
Caleb Doxsey
a64e5b5fa1
authorize: add sid to JWT claims ( #2420 )
...
* authorize: add sid to JWT claims
* fix import ordering
2021-08-02 16:11:05 -06:00
Caleb Doxsey
1a95036b8c
sessions: add impersonate_session_id, remove legacy impersonation ( #2407 )
...
* sessions: add impersonate_session_id, remove legacy impersonation
* show impersonated user details
* fix headers
* address feedback
* only check impersonate id on non-nil pbSession
* Revert "only check impersonate id on non-nil pbSession"
This reverts commit a6f7ca5abd
2021-07-30 08:42:36 -06:00
Caleb Doxsey
2156dbc553
envoy: always set jwt claim headers even if no value is available ( #2261 )
...
* envoy: always set jwt claim headers even if no value is available
* add test
2021-06-04 10:01:00 -07:00
wasaga
40ddc2c4b3
jwt: round timestamp ( #2258 )
2021-06-01 14:12:45 -07:00
Caleb Doxsey
dad35bcfb0
ppl: refactor authorize to evaluate PPL ( #2224 )
...
* ppl: refactor authorize to evaluate PPL
* remove opa test step
* add log statement
* simplify assignment
* deny with forbidden if logged in
* add safeEval function
* create evaluator-specific config and options
* embed the headers rego file directly
2021-05-21 09:50:18 -06:00
