diff options
| author | James Elliott <james-d-elliott@users.noreply.github.com> | 2024-03-05 20:11:16 +1100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-03-05 19:11:16 +1000 |
| commit | fb50f1a70c66d96391a3e9cae5721c9c78c75d8d (patch) | |
| tree | f49313d4452fbfb8072210c30d93602b81739a75 /internal/configuration/schema/server.go | |
| parent | c70c83f74593c1ed75c2195e2dba74a5dfcd30cc (diff) | |
feat: oauth2 authorization bearer (#6774)
This implements user authorization utilizing the OAuth 2.0 bearer scheme (i.e. RFC6750) for both the authorize code grant and client credentials grant. This effectively allows application "passwords" when used with the client credentials grant.
Closes #2023, Closes #188.
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Diffstat (limited to 'internal/configuration/schema/server.go')
| -rw-r--r-- | internal/configuration/schema/server.go | 42 |
1 files changed, 27 insertions, 15 deletions
diff --git a/internal/configuration/schema/server.go b/internal/configuration/schema/server.go index bc9069c43..2a5e4f299 100644 --- a/internal/configuration/schema/server.go +++ b/internal/configuration/schema/server.go @@ -45,7 +45,8 @@ type ServerEndpointsAuthz struct { // ServerEndpointsAuthzAuthnStrategy is the Authz endpoints configuration for the HTTP server. type ServerEndpointsAuthzAuthnStrategy struct { - Name string `koanf:"name" json:"name" jsonschema:"enum=HeaderAuthorization,enum=HeaderProxyAuthorization,enum=HeaderAuthRequestProxyAuthorization,enum=HeaderLegacy,enum=CookieSession,title=Name" jsonschema_description:"The name of the Authorization strategy to use."` + Name string `koanf:"name" json:"name" jsonschema:"enum=HeaderAuthorization,enum=HeaderProxyAuthorization,enum=HeaderAuthRequestProxyAuthorization,enum=HeaderLegacy,enum=CookieSession,title=Name" jsonschema_description:"The name of the Authorization strategy to use."` + Schemes []string `koanf:"schemes" json:"schemes" jsonschema:"enum=basic,enum=bearer,default=basic,title=Authorization Schemes" jsonschema_description:"The name of the authorization schemes to allow with the header strategies."` } // ServerTLS represents the configuration of the http servers TLS options. @@ -74,39 +75,50 @@ var DefaultServerConfiguration = Server{ }, Endpoints: ServerEndpoints{ Authz: map[string]ServerEndpointsAuthz{ - "legacy": { - Implementation: "Legacy", + AuthzEndpointNameLegacy: { + Implementation: AuthzImplementationLegacy, + AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ + { + Name: AuthzStrategyHeaderLegacy, + }, + { + Name: AuthzStrategyHeaderCookieSession, + }, + }, }, - "auth-request": { - Implementation: "AuthRequest", + AuthzEndpointNameAuthRequest: { + Implementation: AuthzImplementationAuthRequest, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { - Name: "HeaderAuthRequestProxyAuthorization", + Name: AuthzStrategyHeaderAuthorization, + Schemes: []string{SchemeBasic}, }, { - Name: "CookieSession", + Name: AuthzStrategyHeaderCookieSession, }, }, }, - "forward-auth": { - Implementation: "ForwardAuth", + AuthzEndpointNameExtAuthz: { + Implementation: AuthzImplementationExtAuthz, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { - Name: "HeaderProxyAuthorization", + Name: AuthzStrategyHeaderAuthorization, + Schemes: []string{SchemeBasic}, }, { - Name: "CookieSession", + Name: AuthzStrategyHeaderCookieSession, }, }, }, - "ext-authz": { - Implementation: "ExtAuthz", + AuthzEndpointNameForwardAuth: { + Implementation: AuthzImplementationForwardAuth, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { - Name: "HeaderProxyAuthorization", + Name: AuthzStrategyHeaderAuthorization, + Schemes: []string{SchemeBasic}, }, { - Name: "CookieSession", + Name: AuthzStrategyHeaderCookieSession, }, }, }, |