From a8a1b9ec10794a7854b3cc73c4d6c3d14e3ca437 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrien=20Sur=C3=A9e?= Date: Fri, 15 Nov 2024 14:28:41 +0100 Subject: [PATCH] oid_introspection: add SetOIDCClaims MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This method allows third-party filters to set the oidcClaimsCacheKey which enables the use of the oidcClaimsQuery filter. Signed-off-by: Adrien Surée --- filters/auth/grant.go | 6 +----- filters/auth/grant_test.go | 2 ++ filters/auth/oidc_introspection.go | 8 ++++++++ 3 files changed, 11 insertions(+), 5 deletions(-) diff --git a/filters/auth/grant.go b/filters/auth/grant.go index a828caab78..9344082326 100644 --- a/filters/auth/grant.go +++ b/filters/auth/grant.go @@ -175,11 +175,7 @@ func (f *grantFilter) setupToken(token *oauth2.Token, tokeninfo map[string]inter // By piggy-backing on the OIDC token container, // we gain downstream compatibility with the oidcClaimsQuery filter. - ctx.StateBag()[oidcClaimsCacheKey] = tokenContainer{ - OAuth2Token: token, - Subject: subject, - Claims: tokeninfo, - } + SetOIDCClaims(ctx, tokeninfo) // Set the tokeninfo also in the tokeninfoCacheKey state bag, so we // can reuse e.g. the forwardToken() filter. diff --git a/filters/auth/grant_test.go b/filters/auth/grant_test.go index 70270e73ca..18818f96cb 100644 --- a/filters/auth/grant_test.go +++ b/filters/auth/grant_test.go @@ -210,6 +210,7 @@ func newAuthProxy(t *testing.T, config *auth.OAuthConfig, routes []*eskip.Route, fr.Register(config.NewGrantCallback()) fr.Register(config.NewGrantClaimsQuery()) fr.Register(config.NewGrantLogout()) + fr.Register(auth.NewOIDCQueryClaimsFilter()) pc := proxytest.Config{ RoutingOptions: routing.Options{ @@ -331,6 +332,7 @@ func TestGrantFlow(t *testing.T) { config := newGrantTestConfig(tokeninfo.URL, provider.URL) routes := eskip.MustParse(`* -> oauthGrant() + -> oidcClaimsQuery("/:sub") -> status(204) -> setResponseHeader("Backend-Request-Cookie", "${request.header.Cookie}") -> diff --git a/filters/auth/oidc_introspection.go b/filters/auth/oidc_introspection.go index a32752a7c0..8d21dc4ec1 100644 --- a/filters/auth/oidc_introspection.go +++ b/filters/auth/oidc_introspection.go @@ -42,6 +42,14 @@ func NewOIDCQueryClaimsFilter() filters.Spec { } } +// Sets OIDC claims in the state bag. +// Intended for use with the oidcClaimsQuery filter. +func SetOIDCClaims(ctx filters.FilterContext, claims map[string]interface{}) { + ctx.StateBag()[oidcClaimsCacheKey] = tokenContainer{ + Claims: claims, + } +} + func (spec *oidcIntrospectionSpec) Name() string { switch spec.typ { case checkOIDCQueryClaims: