Only validate tokens if ValidateURL resolves to a non-empty string
Fix an unsupported protocol scheme error when validating tokens by ensuring that the ValidateURL generates a non-empty string. The Azure provider doesn't define any ValidateURL and therefore uses the default value of `url.Parse("")` which is not `nil`. The following log summary shows the issue: 2019/06/14 12:26:04 oauthproxy.go:799: 10.244.1.3:34112 ("10.244.1.1") refreshing 16h26m29s old session cookie for Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true} (refresh after 1h0m0s) 2019/06/14 12:26:04 internal_util.go:60: GET ?access_token=eyJ0... 2019/06/14 12:26:04 internal_util.go:61: token validation request failed: Get ?access_token=eyJ0...: unsupported protocol scheme "" 2019/06/14 12:26:04 oauthproxy.go:822: 10.244.1.3:34112 ("10.244.1.1") removing session. error validating Session{email:jonas.fonseca@example.com user:jonas.fonseca token:true}
This commit is contained in:
parent
572646e0d5
commit
7a8fb58ad1
@ -54,6 +54,7 @@
|
|||||||
|
|
||||||
- [#111](https://github.com/pusher/oauth2_proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer)
|
- [#111](https://github.com/pusher/oauth2_proxy/pull/111) Add option for telling where to find a login.gov JWT key file (@timothy-spencer)
|
||||||
- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha)
|
- [#170](https://github.com/pusher/oauth2_proxy/pull/170) Restore binary tarball contents to be compatible with bitlys original tarballs (@zeha)
|
||||||
|
- [#185](https://github.com/pusher/oauth2_proxy/pull/185) Fix an unsupported protocol scheme error during token validation when using the Azure provider (@jonas)
|
||||||
|
|
||||||
# v3.2.0
|
# v3.2.0
|
||||||
|
|
||||||
|
@ -47,7 +47,7 @@ func stripParam(param, endpoint string) string {
|
|||||||
|
|
||||||
// validateToken returns true if token is valid
|
// validateToken returns true if token is valid
|
||||||
func validateToken(p Provider, accessToken string, header http.Header) bool {
|
func validateToken(p Provider, accessToken string, header http.Header) bool {
|
||||||
if accessToken == "" || p.Data().ValidateURL == nil {
|
if accessToken == "" || p.Data().ValidateURL == nil || p.Data().ValidateURL.String() == "" {
|
||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
endpoint := p.Data().ValidateURL.String()
|
endpoint := p.Data().ValidateURL.String()
|
||||||
|
Loading…
Reference in New Issue
Block a user