authentik/internal/outpost/proxy/claims.go

package proxy

import (
	"encoding/base64"
	"encoding/json"
	"strings"
)

type Claims struct {
	Proxy struct {
		UserAttributes map[string]interface{} `json:"user_attributes"`
	} `json:"ak_proxy"`
	Groups []string `json:"groups"`
}

func (c *Claims) FromIDToken(idToken string) error {
	// id_token is a base64 encode ID token payload
	// https://developers.google.com/accounts/docs/OAuth2Login#obtainuserinfo
	jwt := strings.Split(idToken, ".")
	jwtData := strings.TrimSuffix(jwt[1], "=")
	b, err := base64.RawURLEncoding.DecodeString(jwtData)
	if err != nil {
		return err
	}

	err = json.Unmarshal(b, c)
	if err != nil {
		return err
	}
	return nil
}
proxy: ask for pb_proxy scope, set authorization header if enabled 2020-09-30 09:49:06 +00:00			`package proxy`

			`import (`
			`"encoding/base64"`
			`"encoding/json"`
			`"strings"`
			`)`

			`type Claims struct {`
			`Proxy struct {`
proxy: add support for additionalHeaders 2020-10-29 21:09:53 +00:00			UserAttributes map[string]interface{} `json:"user_attributes"`
wip: rename to authentik (#361) * root: initial rename * web: rename custom element prefix * root: rename external functions with pb_ prefix * root: fix formatting * root: replace domain with goauthentik.io * proxy: update path * root: rename remaining prefixes * flows: rename file extension * root: pbadmin -> akadmin * docs: fix image filenames * lifecycle: ignore migration files * ci: copy default config from current source before loading last tagged * : new sentry dsn tests: fix missing python3.9-dev package * root: add additional migrations for service accounts created by outposts * core: mark system-created service accounts with attribute * policies/expression: fix pb_ replacement not working * web: fix last linting errors, add lit-analyse * policies/expressions: fix lint errors * web: fix sidebar display on screens where not all items fit * proxy: attempt to fix proxy pipeline * proxy: use go env GOPATH to get gopath * lib: fix user_default naming inconsistency * docs: add upgrade docs * docs: update screenshots to use authentik * admin: fix create button on empty-state of outpost * web: fix modal submit not refreshing SiteShell and Table * web: fix height of app-card and height of generic icon * web: fix rendering of subtext * admin: fix version check error not being caught * web: fix worker count not being shown * docs: update screenshots * root: new icon * web: fix lint error * admin: fix linting error * root: migrate coverage config to pyproject 2020-12-05 21:08:42 +00:00			} `json:"ak_proxy"`
outposts/proxy: add X-Auth-Groups header to pass groups Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org> 2021-07-22 08:47:58 +00:00			Groups []string `json:"groups"`
proxy: ask for pb_proxy scope, set authorization header if enabled 2020-09-30 09:49:06 +00:00			`}`

			`func (c *Claims) FromIDToken(idToken string) error {`
			`// id_token is a base64 encode ID token payload`
			`// https://developers.google.com/accounts/docs/OAuth2Login#obtainuserinfo`
			`jwt := strings.Split(idToken, ".")`
			`jwtData := strings.TrimSuffix(jwt[1], "=")`
			`b, err := base64.RawURLEncoding.DecodeString(jwtData)`
			`if err != nil {`
			`return err`
			`}`

			`err = json.Unmarshal(b, c)`
			`if err != nil {`
			`return err`
			`}`
			`return nil`
			`}`