pomerium

mirror of https://github.com/pomerium/pomerium.git synced 2025-08-06 10:21:05 +02:00

Author	SHA1	Message	Date
Caleb Doxsey	622519e901	databroker: update identity manager to use route credentials (#5728 ) ## Summary Currently when we refresh sessions we always use the global IdP credentials. This PR updates the identity manager to use route settings when defined. To do this a new `idp_id` field is added to the session stored in the databroker. ## Related issues - [ENG-2595](https://linear.app/pomerium/issue/ENG-2595/refresh-using-custom-idp-uses-wrong-credentials) - https://github.com/pomerium/pomerium/issues/4759 ## Checklist - [x] reference any related issues - [x] updated unit tests - [x] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [x] ready for review	2025-07-15 18:04:36 -06:00
Caleb Doxsey	13554ec78d	core: more metrics (#5629 ) ## Summary Add some more metrics: - Authenticate token verification - Authorization log duration - Authorization evaluator and header evaluator - IDP token session creator HTTP and gRPC endpoints are already instrumented via middleware, which covers authenticate, proxy and databroker endpoints. Postgres is also already instrumented using `otelpgx`. ## Related issues - [ENG-2407](https://linear.app/pomerium/issue/ENG-2407/add-additional-metrics-and-tracing-spans-to-pomerium) ## Checklist - [x] reference any related issues - [ ] updated unit tests - [ ] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [x] ready for review	2025-05-29 09:34:41 -06:00
Caleb Doxsey	38ca6d52b9	only support loading idp tokens via bearer tokens (#5545 )	2025-03-26 09:47:40 -06:00
Caleb Doxsey	d6b02441b3	authorize: return 403 on invalid sessions (#5536 )	2025-03-19 14:41:28 -06:00
Caleb Doxsey	cb5ee48323	config: preserve existing user when creating sessions from idp token (#5502 ) * config: preserve existing user when creating sessions from idp token * fix	2025-02-27 09:05:31 -07:00
Caleb Doxsey	a9e26b155d	identity: disable session refresh for idp token sessions, fix query cache invalidation (#5495 )	2025-02-24 15:33:23 -07:00
Caleb Doxsey	f15400493d	singleflight incoming idp token session creation (#5491 )	2025-02-24 08:24:57 -07:00
Caleb Doxsey	b9fd926618	authorize: support authenticating with idp tokens (#5484 ) * identity: add support for verifying access and identity tokens * allow overriding with policy option * authenticate: add verify endpoints * wip * implement session creation * add verify test * implement idp token login * fix tests * add pr permission * make session ids route-specific * rename method * add test * add access token test * test for newUserFromIDPClaims * more tests * make the session id per-idp * use type for * add test * remove nil checks	2025-02-18 13:02:06 -07:00
Caleb Doxsey	52d4899d4c	core/proxy: support loading sessions from headers and query string (#5291 ) * core/proxy: support loading sessions from headers and query string * update test	2024-09-19 09:23:13 -06:00
Caleb Doxsey	f684910ab3	core/config: remove cookie secure option (#4907 )	2024-01-12 13:28:14 -07:00
Caleb Doxsey	be0104b842	config: add cookie_same_site option (#4148 )	2023-05-03 14:36:42 -06:00
Caleb Doxsey	6a9d6e45e1	config: allow blank identity providers when loading sessions for service account support (#3709 )	2022-10-27 08:32:06 -06:00
Caleb Doxsey	30bdae3d9e	sessions: check idp id to detect provider changes to force session invalidation (#3707 ) * sessions: check idp id to detect provider changes to force session invalidation * remove dead code * fix test	2022-10-25 16:20:32 -06:00

13 commits