New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proxy: add userinfo and webauthn endpoints #3755
Conversation
After discussion, we should attempt to use the parent top-level-domain as the origin. For example: |
It now uses the top-level domain name as the origin. Testing this with two routes it appears to register and authenticate existing devices properly. |
(worth mentioning, this is a breaking change, the next version of Pomerium will require devices to be re-registered because now they will be attached to a different name) |
Adding breaking tag so it's flagged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code LGTM, with a few small suggestions, and comments.
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
…m into cdoxsey/proxy-user-info
Summary
Add
/.pomerium
and/.pomerium/webauthn
endpoints to the proxy service. Currently these are only handled by authenticate. With these changes they will also be available on any domain Pomerium handles.I also moved all the common handlers to
internal/handlers
. (I wanted to avoid any circular references inhttputil
, which should be for more generic HTTP functionality)The webauthn relying party is now derived from the request so that the origin used depends on the domain where the webauthn handlers live. As a consequence devices will now be domain-specific. I don't think a device registered on
a.example.com
could be used forb.example.com
, but maybe this needs more testing.Related issues
Checklist
improvement
/bug
/ etc)