Comments (7)
I've got a headers issuer started at https://github.com/zikes/oathkeeper/tree/issuer-header/proxy with a passing test, however I still need to implement incoming header scrubbing and fill in more complex test cases. Let me know if you feel like that's on the right track.
from oathkeeper.
That's a pretty cool idea! I think you can build and cache templates so it shouldn't be too straining on performance. I think the Go template syntax needs getting used to but it's a pretty good place for it. I'd love to see a PR!
from oathkeeper.
@arekkas Some good news and bad news about the Go templating: the good news is that it turns out you can access maps via e.g. {{ .Extra.iss }}
or {{ .Extra.aud }}
. If the key doesn't exist in the map, it will fill in the zero value for the map value's type. The bad news is that the zero value for interface{}
is considered unprintable by the text/template
package, and it will always print <no value>
in such cases even if missingkey=zero
is set for the template.
Currently my fix for this is to use a lookup
FuncMap
function, turning the syntax into {{ lookup .Extra \"iss\" }}
, which looks even worse than the original {{ .Extra[\"iss\"] }}
in my opinion 😬
Would it be possible to change the Extra
field of AuthenticationSession
to a map[string]string
? Alternatively I can pretty easily convert the map to a map[string]string
within the Issuer with fmt.Sprintf
, but I don't know what you have planned for that Extra
field so I don't know how it would behave down the road.
from oathkeeper.
I went ahead and implemented the map conversion method, in favor of having a better interface to present to the users. If Extra
is going to potentially contain more complex data we can figure out a better solution. You can have a look at the current implementation at https://github.com/zikes/oathkeeper/tree/issuer-header/proxy
from oathkeeper.
Extra
can have arbitrary data, for OAuth 2.0 Access Tokens it's - for example - the metadata associated with the access token. Depending on the server this can be float64
, int
, string
, bool
or a nested structure. It should therefore not be map[string]string
from oathkeeper.
How about .String(key)
, .Int(key)
...?
from oathkeeper.
I think I've worked out a FuncMap function that keeps it fairly clean and simple: https://play.golang.org/p/SyzsYJnaepW
I was mostly worried about having to create a complex key lookup system that mimics what text/template
does for nesting maps, but with this function I can fall back on text/template
for the lookup and override how it prints that value. Oathkeeper can specify that the print
FuncMap function is the "safe" way to access keys and should be used for all values.
from oathkeeper.
Related Issues (20)
- Configure JWT authenticator not to logging sensitive data
- Allow/deny `remote(_json)` authorizers depending response content
- Allow API key pre-authorization in oauth2_introspection authenticator HOT 2
- "any" matching option for "required_scope" in JWT authenticator HOT 1
- Docs wrong for `bearer_token` Subject default location
- upstream reference closed: github.com/GoogleContainerTools/distroless/issues/1342
- Authorizer "remote" throws exception "invalid Read on closed Body" if request body is present in request HOT 13
- Basic Authorization header result in Unauthorized when using `anonymous` authenticator handler
- Oathkeeper does not support X-Forwarded headers properly HOT 3
- Reference to .MatchContext.RegexpCaptureGroups doesn't render in access rules authenticator config
- Decision API is not respecting the token_from config
- Outdated OTEL dependencies prevent import
- None of the provided URLs returned a valid JSON Web Key Set HOT 1
- Implement a `delegate` authenticator
- Git as a repository for access rules & granularity: check against specific ingress against specific accessrule files HOT 1
- Duplicate requests using decisions endpoint via NGINX
- Oathkeeper returns encoded cookie
- Oathkeeper bombards Ory Network with requests after upgrade to 40.x HOT 14
- Oathkeeper docker-compose.yml outdated env vars
- Upgrade Oathkeeper helm chart 0.41 causes 503 HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oathkeeper.