From d63b94b77846c3ebc31e36afa2e45f232bd5aff1 Mon Sep 17 00:00:00 2001 From: paulbdavis Date: Sat, 16 Nov 2019 11:31:56 -0700 Subject: [PATCH 1/2] add cookie as an option for oauth2_introspection authenticator --- .schemas/config.schema.json | 16 ++++++++++++++-- helper/bearer.go | 7 +++++++ 2 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.schemas/config.schema.json b/.schemas/config.schema.json index dbad4be5ac..2a1f25817c 100644 --- a/.schemas/config.schema.json +++ b/.schemas/config.schema.json @@ -481,7 +481,7 @@ "header": { "title": "Header", "type": "string", - "description": "The header (case insensitive) that must contain a token for request authentication.\n It can't be set along with query_parameter." + "description": "The header (case insensitive) that must contain a token for request authentication.\n It can't be set along with query_parameter or cookie." } } }, @@ -493,7 +493,19 @@ "query_parameter": { "title": "Query Parameter", "type": "string", - "description": "The query parameter (case sensitive) that must contain a token for request authentication.\n It can't be set along with header." + "description": "The query parameter (case sensitive) that must contain a token for request authentication.\n It can't be set along with header or cookie." + } + } + }, + { + "required": [ + "cookie" + ], + "properties": { + "query_parameter": { + "title": "Cookie", + "type": "string", + "description": "The cookie (case sensitive) that must contain a token for request authentication.\n It can't be set along with header or query_parameter." } } } diff --git a/helper/bearer.go b/helper/bearer.go index 4aac2c9fc8..e49a6311bd 100644 --- a/helper/bearer.go +++ b/helper/bearer.go @@ -32,6 +32,7 @@ const ( type BearerTokenLocation struct { Header *string `json:"header"` QueryParameter *string `json:"query_parameter"` + Cookie *string `json:"cookie"` } func BearerTokenFromRequest(r *http.Request, tokenLocation *BearerTokenLocation) string { @@ -40,6 +41,12 @@ func BearerTokenFromRequest(r *http.Request, tokenLocation *BearerTokenLocation) return r.Header.Get(*tokenLocation.Header) } else if tokenLocation.QueryParameter != nil { return r.FormValue(*tokenLocation.QueryParameter) + } else if tokenLocation.Cookie != nil { + cookie, err := r.Cookie(*tokenLocation.Cookie) + if err != nil { + return "" + } + return cookie.Value } } token := r.Header.Get(defaultAuthorizationHeader) From 52e85d02c31a8e39823795da78635aaecb53de25 Mon Sep 17 00:00:00 2001 From: paulbdavis Date: Mon, 18 Nov 2019 11:44:18 -0700 Subject: [PATCH 2/2] fix schema --- .schemas/config.schema.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.schemas/config.schema.json b/.schemas/config.schema.json index 2a1f25817c..f2815c1607 100644 --- a/.schemas/config.schema.json +++ b/.schemas/config.schema.json @@ -502,7 +502,7 @@ "cookie" ], "properties": { - "query_parameter": { + "cookie": { "title": "Cookie", "type": "string", "description": "The cookie (case sensitive) that must contain a token for request authentication.\n It can't be set along with header or query_parameter." @@ -1254,4 +1254,4 @@ }, "required": [], "additionalProperties": false -} \ No newline at end of file +}