Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add target domain to extauth proto #6882

Merged
merged 21 commits into from
Aug 11, 2022
Merged

Add target domain to extauth proto #6882

merged 21 commits into from
Aug 11, 2022

Conversation

jmhbh
Copy link
Contributor

@jmhbh jmhbh commented Aug 4, 2022
edited
Loading

Description

  • This PR modifies extauth proto to add the target_domain field to InternalSession and RedisSession under UserSession.
  • The purpose of making these changes is so a user applying a authz policy using OIDC can specify a target domain that they want to be stored in a cookie which is then used to validate the request domain to ensure that they match.
  • Tests/use for this api change can be found in this PR

Context

  • In this issue Qualcomm wants to include the target domain in the OIDC cookie and use this domain to validate requests in order to prevent cookie replay attacks.

Checklist:

  • I included a concise, user-facing changelog (for details, see https://github.com/solo-io/go-utils/tree/master/changelogutils) which references the issue that is resolved.
  • If I updated APIs (our protos) or helm values, I ran make -B install-go-tools generated-code to ensure there will be no code diff
  • I followed guidelines laid out in the Gloo Edge contribution guide
  • I opened a draft PR or added the work in progress label if my PR is not ready for review
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

@jmhbh jmhbh added work in progress signals bulldozer to keep pr open (don't auto-merge) keep pr updated signals bulldozer to keep pr up to date with base branch labels Aug 4, 2022
@solo-changelog-bot
Copy link

Issues linked to changelog:
https://github.com/solo-io/ext-auth-service/issues/314

@jmhbh
Copy link
Contributor Author

jmhbh commented Aug 5, 2022

/kick

@jmhbh jmhbh marked this pull request as ready for review August 10, 2022 14:56
@jmhbh jmhbh requested a review from a team as a code owner August 10, 2022 14:56
@github-actions
Copy link

github-actions bot commented Aug 10, 2022
edited
Loading

Visit the preview URL for this PR (updated for commit afd0ed6):

https://gloo-edge--pr6882-use-domain-to-valida-jlgom0es.web.app

(expires Thu, 18 Aug 2022 14:34:31 GMT)

🔥 via Firebase Hosting GitHub Action 🌎

jackstine
jackstine approved these changes Aug 11, 2022
View reviewed changes
Copy link
Contributor

@jackstine jackstine left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@jackstine jackstine merged commit 26e84f0 into master Aug 11, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jackstine jackstine jackstine approved these changes

Assignees
No one assigned
Labels
keep pr updated signals bulldozer to keep pr up to date with base branch work in progress signals bulldozer to keep pr open (don't auto-merge)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jmhbh @jackstine