greenpau / caddy-security

🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
https://authcrunch.com/
Apache License 2.0
1.46k stars 72 forks source link

Curl /whoami vs using browser #102

Open wnke opened 2 years ago

wnke commented 2 years ago

Hello!

When curling the /whoami endpoint like on the example it is missing the userinfo field but it shows when using the browser to access the page.

Is there any endpoint to get the userinfo? Or should I get it via other mechanism?

Kind regards

greenpau commented 2 years ago

@wnke , will make an effort adding it in the next version.

In short, this requires modifying pkg/authn/handle_json_whoami.go.

greenpau commented 2 years ago

@wnke , there was a quick fix for this. You can either wait for the next release or add the following to xcaddy. That would use go-authcrunch with the commit where userinfo is not an issue.

--with github.com/greenpau/go-authcrunch@f9e02ec8a1dae8e4bf6d6976536396ba9e3e9732

It is best if you try with the latter and let me know whether it works (it should).

greenpau commented 2 years ago

@wnke , this is now in https://github.com/greenpau/caddy-security/releases/tag/v1.1.11.

Please test 😄