Merge pull request #185 from jonas/check-against-validate-url-string

Only validate tokens if ValidateURL resolves to a non-empty string
This commit is contained in:
Joel Speed 2019-06-15 12:30:03 +02:00 committed by GitHub
commit 77e1fff753
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 2 additions and 1 deletions

View File

@ -55,6 +55,7 @@
- [#111](https://github.com/pusher/oauth2_proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer)
- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha)
- [#185](https://github.com/pusher/oauth2_proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas)
# v3.2.0

View File

@ -47,7 +47,7 @@ func stripParam(param, endpoint string) string {
// validateToken returns true if token is valid
func validateToken(p Provider, accessToken string, header http.Header) bool {
if accessToken == "" || p.Data().ValidateURL == nil {
if accessToken == "" || p.Data().ValidateURL == nil || p.Data().ValidateURL.String() == "" {
return false
}
endpoint := p.Data().ValidateURL.String()