Simplify groups claim parsing
This commit is contained in:
parent
7b80d0869a
commit
284d384c3f
2
main.go
2
main.go
@ -26,6 +26,7 @@ func main() {
|
||||
jwtIssuers := StringArray{}
|
||||
googleGroups := StringArray{}
|
||||
permittedGroups := StringArray{}
|
||||
permittedUsers := StringArray{}
|
||||
redisSentinelConnectionURLs := StringArray{}
|
||||
|
||||
config := flagSet.String("config", "", "path to config file")
|
||||
@ -43,6 +44,7 @@ func main() {
|
||||
flagSet.Bool("pass-groups", false, "pass user group information in the X-Forwarded-Groups header to upstream (Azure only)")
|
||||
flagSet.String("filter-groups", "", "exclude groups that do not contain this value in its 'displayName' (Azure only)")
|
||||
flagSet.Var(&permittedGroups, "permit-groups", "restrict logins to members of this group (may be given multiple times; Azure).")
|
||||
flagSet.Var(&permittedUsers, "permit-users", "let users in unconditionally")
|
||||
flagSet.String("groups-delimiter", "|", "delimiter between group names if more than one found. By default it is '|' symbol")
|
||||
flagSet.String("basic-auth-password", "", "the password to set when passing the HTTP Basic Auth header")
|
||||
flagSet.Bool("pass-access-token", false, "pass OAuth access_token to upstream via X-Forwarded-Access-Token header")
|
||||
|
@ -168,6 +168,7 @@ func NewOptions() *Options {
|
||||
FilterGroups: "",
|
||||
GroupsDelimiter: "|",
|
||||
PermitGroups: []string{},
|
||||
PermitUsers: []string{},
|
||||
PassAccessToken: false,
|
||||
PassHostHeader: true,
|
||||
SetAuthorization: false,
|
||||
|
@ -1,6 +1,7 @@
|
||||
package providers
|
||||
|
||||
import (
|
||||
"encoding/json"
|
||||
"errors"
|
||||
"fmt"
|
||||
"net/http"
|
||||
@ -157,17 +158,21 @@ func (p *AzureProvider) GetGroups(s *sessions.SessionState, f string) (map[strin
|
||||
if s.IDToken == "" {
|
||||
return map[string]string{}, nil
|
||||
}
|
||||
parts := strings.Split(s.IDToken, ".")
|
||||
if len(parts) != 3 {
|
||||
return map[string]string{}, nil
|
||||
}
|
||||
rawJSON, err := jwt.DecodeSegment(parts[1])
|
||||
if err != nil {
|
||||
return map[string]string{}, err
|
||||
}
|
||||
|
||||
type GroupClaims struct {
|
||||
Groups []string `json:"groups"`
|
||||
jwt.StandardClaims
|
||||
}
|
||||
|
||||
claims := &GroupClaims{}
|
||||
jwt.ParseWithClaims(s.IDToken, claims, func(token *jwt.Token) (interface{}, error) {
|
||||
return []byte("empty"), nil
|
||||
})
|
||||
|
||||
json.Unmarshal(rawJSON, &claims)
|
||||
groupsMap := make(map[string]string)
|
||||
for _, s := range claims.Groups {
|
||||
groupsMap[s] = s
|
||||
|
Loading…
Reference in New Issue
Block a user