mirror of
https://github.com/pomerium/pomerium.git
synced 2025-06-09 06:12:42 +02:00
f6b344fd9e
## Summary For the generic `oidc` provider, used by `auth0`, `cognito`, `gitlab`, `google`, `oidc`, `okta`, `onelogin` and `ping`, add support for direct access and identity token verification. Because Keycloak uses `oidc` this also adds support for Keycloak. Access tokens are verified by using the user info endpoint. If a call to this endpoint succeeds using the access token, that access token is considered valid and the user info claims will be returned. Identity tokens are verified by using the jwks endpoint to retrieve the signing key, and verifying that the identity token was signed with that key. If the identity token is valid the claims in the JWT will be returned. ## Related issues - [ENG-2312](https://linear.app/pomerium/issue/ENG-2312/core-implement-token-validation-for-keycloak) ## Checklist - [x] reference any related issues - [x] updated unit tests - [x] add appropriate label (`enhancement`, `bug`, `breaking`, `dependencies`, `ci`) - [x] ready for review |
||
|---|---|---|
| .. | ||
| auth0 | ||
| azure | ||
| cognito | ||
| gitlab | ||
| okta | ||
| onelogin | ||
| ping | ||
| config.go | ||
| errors.go | ||
| oidc.go | ||
| oidc_test.go | ||
| refresh.go | ||
| refresh_test.go | ||
| userinfo.go | ||
| userinfo_test.go | ||