search

jelhub / scimgateway

Using SCIM protocol as a gateway for user provisioning to other endpoints
MIT License
176 stars 57 forks source link

Add PassThrough auth token #77

Closed osbornk closed 1 year ago

osbornk commented 1 year ago

Add a new auth option called BearerTokenPassThrough. The difference between this option and BearerToken is that the token is passed directly to the plugin handlers.

Since scimgateway will not be able to authenticate the token, this auth method should not be used by any endpoints that do not direct to a plugin handler, such as /(|scim/)(ServiceProviderConfigs|ServiceProviderConfig). In order to support these two scenarios, the auth middleware has been moved down to each router instead of being used globally. This also allows endpoints such as /ping to skip authentication.

The bearerTokenPassThrough will do some basic validation of the Bearer token. If it is enabled and if it is found, then the auth token will be added to the context state. This value will then be passed onto the plugin handlers where it can optionally be used.

jelhub commented 1 year ago

Auth PassThrough now included in v.4.1.15