search

zalando / skipper

An HTTP router and reverse proxy for service composition, including use cases like Kubernetes Ingress
https://opensource.zalando.com/skipper/
Other
3.05k stars 345 forks source link

Allow third-party filters to set the state for oidcClaimsQuery #3139

Open haveo opened 1 week ago

haveo commented 1 week ago

Is your feature request related to a problem? Please describe. The oidcClaimsQuery filter allows for arbitrary queries on claims using GJSON. Besides being able to be used for OIDC, other filters in Skipper that handle different authentication schemes also set the OIDC claims cache key allowing the oidcClaimsQuery filter to be called. However, when working with a third-party filter, it is not possible to create a tokenContainer value because this type is private to the filters/auth package. Therefore it is not possible to set the OIDC claims cache key to a value that would be accepted by oidcClaimsQuery, since the filter expects a value of type tokenContainer to be stored there. This prevents the reuse of oidcClaimsQuery when the authentication is done in a third-party filter.

Describe the solution you would like A function should be exported that sets the OIDC claims cache key (given a map[string]interface{} claims value).

Describe alternatives you've considered (optional) An alternative would be to export the tokenContainer type.

Would you like to work on it? Yes

szuecs commented 5 days ago

Sounds great! Please create a PR, thanks