Skip to content

Commit

Permalink
oid_introspection: add SetOIDCClaims
Browse files Browse the repository at this point in the history
This method allows third-party filters to set the oidcClaimsCacheKey
which enables the use of the oidcClaimsQuery filter.

Signed-off-by: Adrien Surée <[email protected]>
  • Loading branch information
Adrien Surée committed Jan 6, 2025
1 parent 44139f3 commit a8a1b9e
Show file tree
Hide file tree
Showing 3 changed files with 11 additions and 5 deletions.
6 changes: 1 addition & 5 deletions filters/auth/grant.go
Original file line number Diff line number Diff line change
Expand Up @@ -175,11 +175,7 @@ func (f *grantFilter) setupToken(token *oauth2.Token, tokeninfo map[string]inter

// By piggy-backing on the OIDC token container,
// we gain downstream compatibility with the oidcClaimsQuery filter.
ctx.StateBag()[oidcClaimsCacheKey] = tokenContainer{
OAuth2Token: token,
Subject: subject,
Claims: tokeninfo,
}
SetOIDCClaims(ctx, tokeninfo)

// Set the tokeninfo also in the tokeninfoCacheKey state bag, so we
// can reuse e.g. the forwardToken() filter.
Expand Down
2 changes: 2 additions & 0 deletions filters/auth/grant_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -210,6 +210,7 @@ func newAuthProxy(t *testing.T, config *auth.OAuthConfig, routes []*eskip.Route,
fr.Register(config.NewGrantCallback())
fr.Register(config.NewGrantClaimsQuery())
fr.Register(config.NewGrantLogout())
fr.Register(auth.NewOIDCQueryClaimsFilter())

pc := proxytest.Config{
RoutingOptions: routing.Options{
Expand Down Expand Up @@ -331,6 +332,7 @@ func TestGrantFlow(t *testing.T) {
config := newGrantTestConfig(tokeninfo.URL, provider.URL)

routes := eskip.MustParse(`* -> oauthGrant()
-> oidcClaimsQuery("/:sub")
-> status(204)
-> setResponseHeader("Backend-Request-Cookie", "${request.header.Cookie}")
-> <shunt>
Expand Down
8 changes: 8 additions & 0 deletions filters/auth/oidc_introspection.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,14 @@ func NewOIDCQueryClaimsFilter() filters.Spec {
}
}

// Sets OIDC claims in the state bag.
// Intended for use with the oidcClaimsQuery filter.
func SetOIDCClaims(ctx filters.FilterContext, claims map[string]interface{}) {
ctx.StateBag()[oidcClaimsCacheKey] = tokenContainer{
Claims: claims,
}
}

func (spec *oidcIntrospectionSpec) Name() string {
switch spec.typ {
case checkOIDCQueryClaims:
Expand Down

0 comments on commit a8a1b9e

Please sign in to comment.