3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-04-28 18:06:34 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/config/constants.go
Caleb Doxsey b9fd926618
authorize: support authenticating with idp tokens (#5484) 
* identity: add support for verifying access and identity tokens

* allow overriding with policy option

* authenticate: add verify endpoints

* wip

* implement session creation

* add verify test

* implement idp token login

* fix tests

* add pr permission

* make session ids route-specific

* rename method

* add test

* add access token test

* test for newUserFromIDPClaims

* more tests

* make the session id per-idp

* use type for

* add test

* remove nil checks
2025-02-18 13:02:06 -07:00

47 lines
1.8 KiB
Go
Raw Blame History

package config
import (
"errors"
"github.com/mitchellh/mapstructure"
"github.com/spf13/viper"
"google.golang.org/protobuf/encoding/protojson"
"github.com/pomerium/pomerium/config/otelconfig"
)
const (
toKey = "to"
envoyOptsKey = "_envoy_opts"
)
var (
errKeysMustBeStrings = errors.New("cannot convert nested map: all keys must be strings")
errZeroWeight = errors.New("zero load balancing weight not permitted")
errEndpointWeightsSpec = errors.New("either no weights should be provided, or all endpoints must have non-zero weight specified")
errHostnameMustBeSpecified = errors.New("endpoint hostname must be specified")
errSchemeMustBeSpecified = errors.New("url scheme must be provided")
errEmptyUrls = errors.New("url list is empty")
errEitherToOrRedirectOrResponseRequired = errors.New("policy should have either `to` or `redirect` or `response` defined")
)
var protoPartial = protojson.UnmarshalOptions{AllowPartial: true, DiscardUnknown: true}
// ViperPolicyHooks are used to decode options and policy coming from YAML and env vars
var ViperPolicyHooks = viper.DecodeHook(mapstructure.ComposeDecodeHookFunc(
mapstructure.StringToTimeDurationHookFunc(),
mapstructure.StringToSliceHookFunc(","),
// decode policy including all protobuf-native notations - i.e. duration as `1s`
// https://developers.google.com/protocol-buffers/docs/proto3#json
DecodePolicyHookFunc(),
// parse base-64 encoded POLICY that is bound to environment variable
DecodePolicyBase64Hook(),
decodeNullBoolHookFunc(),
decodeJWTClaimHeadersHookFunc(),
decodeBearerTokenFormatHookFunc(),
decodeCodecTypeHookFunc(),
decodePPLPolicyHookFunc(),
decodeSANMatcherHookFunc(),
decodeStringToMapHookFunc(),
otelconfig.OtelDurationFunc(),
))
Reference in a new issue View git blame Copy permalink