summaryrefslogtreecommitdiff
path: root/pkg/authz
diff options
context:
space:
mode:
authormo khan <mo@mokhan.ca>2025-05-28 12:14:11 -0600
committermo khan <mo@mokhan.ca>2025-05-28 12:14:11 -0600
commit591f293c8bcf464ed62701321d3f27de31ceb621 (patch)
tree6b9c8c303f9816a3faf7abb9a75c3c59b6a5808a /pkg/authz
parentf76542bc846bc77e825055a1a6ea7cd0cb178844 (diff)
refactor: parse headers injected by envoy
Diffstat (limited to 'pkg/authz')
-rw-r--r--pkg/authz/id_token.go38
-rw-r--r--pkg/authz/id_token_test.go1
2 files changed, 27 insertions, 12 deletions
diff --git a/pkg/authz/id_token.go b/pkg/authz/id_token.go
index ccc96de..3271af8 100644
--- a/pkg/authz/id_token.go
+++ b/pkg/authz/id_token.go
@@ -5,21 +5,35 @@ import (
"encoding/json"
"errors"
"strings"
- "time"
)
+type CustomClaims struct {
+ Name string `json:"name"`
+ Nickname string `json:"nickname"`
+ Email string `json:"email"`
+ ProfileURL string `json:"profile"`
+ Picture string `json:"picture"`
+ Groups []string `json:"groups_direct"`
+}
+
type IDToken struct {
- // Audience []string `json:"aud"`
- Email string `json:"email"`
- EmailVerified bool `json:"email_verified"`
- ExpiredAt int64 `json:"exp"`
- IssuedAt int64 `json:"iat"`
- Issuer string `json:"iss"`
- Name string `json:"name"`
- Nickname string `json:"nickname"`
- Picture string `json:"picture"`
- Subject string `json:"sub"`
- UpdatedAt time.Time `json:"updated_at"`
+ Issuer string `json:"iss"`
+ Subject string `json:"sub"`
+ Audience any `json:"aud"`
+ Expiry any `json:"exp"`
+ IssuedAt any `json:"iat"`
+ NotBefore any `json:"nbf"`
+ Nonce string `json:"nonce"`
+ AtHash string `json:"at_hash"`
+ ClaimNames map[string]string `json:"_claim_names"`
+ ClaimSources map[string]ClaimSource `json:"_claim_sources"`
+
+ CustomClaims
+}
+
+type ClaimSource struct {
+ Endpoint string `json:"endpoint"`
+ AccessToken string `json:"access_token"`
}
func NewIDToken(raw string) (*IDToken, error) {
diff --git a/pkg/authz/id_token_test.go b/pkg/authz/id_token_test.go
index 22aabc4..054c48b 100644
--- a/pkg/authz/id_token_test.go
+++ b/pkg/authz/id_token_test.go
@@ -15,6 +15,7 @@ func TestIDToken(t *testing.T) {
t.Run("when the token is valid", func(t *testing.T) {
user := mockoidc.DefaultUser()
_, rawIDToken := idp.CreateTokensFor(user)
+ t.Logf("id_token: %v\n", rawIDToken)
token, err := NewIDToken(rawIDToken)
require.NoError(t, err)
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-02 01:33:36 +0000