feat: oauth2 authorization bearer (#6774)

This implements user authorization utilizing the OAuth 2.0 bearer scheme (i.e. RFC6750) for both the authorize code grant and client credentials grant. This effectively allows application "passwords" when used with the client credentials grant. Closes #2023, Closes #188. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
author: James Elliott <james-d-elliott@users.noreply.github.com> 2024-03-05 20:11:16 +1100
committer: GitHub <noreply@github.com> 2024-03-05 19:11:16 +1000
commit: fb50f1a70c66d96391a3e9cae5721c9c78c75d8d (patch)
tree: f49313d4452fbfb8072210c30d93602b81739a75 /internal/configuration/validator/access_control.go
parent: c70c83f74593c1ed75c2195e2dba74a5dfcd30cc (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/internal/configuration/validator/access_control.go b/internal/configuration/validator/access_control.go
index 9b92eff80..9b7db2bea 100644
--- a/internal/configuration/validator/access_control.go
+++ b/internal/configuration/validator/access_control.go
@@ -18,7 +18,7 @@ func IsPolicyValid(policy string) (isValid bool) {
 
 // IsSubjectValid check if a subject is valid.
 func IsSubjectValid(subject string) (isValid bool) {
-	return subject == "" || strings.HasPrefix(subject, "user:") || strings.HasPrefix(subject, "group:")
+	return subject == "" || strings.HasPrefix(subject, "user:") || strings.HasPrefix(subject, "group:") || strings.HasPrefix(subject, "oauth2:client:")
 }
 
 // IsNetworkGroupValid check if a network group is valid.
author	James Elliott <james-d-elliott@users.noreply.github.com>	2024-03-05 20:11:16 +1100
committer	GitHub <noreply@github.com>	2024-03-05 19:11:16 +1000
commit	fb50f1a70c66d96391a3e9cae5721c9c78c75d8d (patch)
tree	f49313d4452fbfb8072210c30d93602b81739a75 /internal/configuration/validator/access_control.go
parent	c70c83f74593c1ed75c2195e2dba74a5dfcd30cc (diff)