diff --git a/config/README.md b/config/README.md
index 3aa0ffdb..cbd4f5f2 100644
--- a/config/README.md
+++ b/config/README.md
@@ -12,6 +12,7 @@
- [RedisConfig](#authservice-config-v1-oidc-RedisConfig)
- [TokenConfig](#authservice-config-v1-oidc-TokenConfig)
+ - [OIDCConfig.ClientAuthenticationMethod](#authservice-config-v1-oidc-OIDCConfig-ClientAuthenticationMethod)
- [OIDCConfig.CookieAttributes.SameSite](#authservice-config-v1-oidc-OIDCConfig-CookieAttributes-SameSite)
- [v1/mock/config.proto](#v1_mock_config-proto)
@@ -69,6 +70,7 @@ via the standard authorization code grant flow from an OIDC Provider.
| callback_uri | [string](#string) | | This value will be used as the `redirect_uri` param of the authorization code grant [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). This URL must be one of the Redirection URI values for the Client pre-registered at the OIDC provider. Note: The Istio gateway's VirtualService must be prepared to ensure that this URL will get routed to the service so that the Authservice can intercept the request and handle it (see [example](https://github.com/istio-ecosystem/authservice/blob/master/bookinfo-example/config/bookinfo-gateway.yaml)). Required. |
| jwks | [string](#string) | | The JSON JWKS response from the OIDC provider’s `jwks_uri` URI which can be found in the OIDC provider's [configuration response](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse). Note that this JSON value must be escaped when embedded in a json configmap (see [example](https://github.com/istio-ecosystem/authservice/blob/master/bookinfo-example/config/authservice-configmap-template.yaml)). Used during token verification. |
| jwks_fetcher | [OIDCConfig.JwksFetcherConfig](#authservice-config-v1-oidc-OIDCConfig-JwksFetcherConfig) | | Configuration to allow JWKs to be retrieved and updated asynchronously at regular intervals. |
+| client_authentication_method | [OIDCConfig.ClientAuthenticationMethod](#authservice-config-v1-oidc-OIDCConfig-ClientAuthenticationMethod) | | Available [Client Authentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication) methods |
| client_id | [string](#string) | | The OIDC client ID assigned to the filter to be used in the [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). Required. The client ID is used to authenticate to the Token endpoint using HTTP Basic Auth and it must not contain a colon (":") character. |
| client_secret | [string](#string) | | The OIDC client secret assigned to the filter to be used in the [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). This field keeps the client secret in plain text. Recommend to use `client_secret_ref` instead when running in a Kubernetes cluster. |
| client_secret_ref | [OIDCConfig.SecretReference](#authservice-config-v1-oidc-OIDCConfig-SecretReference) | | The Kubernetes secret that contains the OIDC client secret assigned to the filter to be used in the [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest). This is an Opaque secret. The client secret should be stored in the key "client-secret". This filed is only valid when running in a Kubernetes cluster. |
@@ -176,6 +178,21 @@ Defines how a token obtained through an OIDC flow is forwarded to services.
+
+
+### OIDCConfig.ClientAuthenticationMethod
+
+
+| Name | Number | Description |
+| ---- | ------ | ----------- |
+| CLIENT_AUTHENTICATION_METHOD_UNSPECIFIED | 0 | |
+| CLIENT_AUTHENTICATION_METHOD_BASIC | 1 | Clients authenticate using the HTTP Basic authentication scheme |
+| CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_POST | 2 | Clients authenticate by including the Client Credentials in the request body |
+| CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_JWT | 3 | Clients create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256 (currently not implemented) |
+| CLIENT_AUTHENTICATION_METHOD_PRIVATE_KEY_JWT | 4 | Clients that have registered a public key sign a JWT using that key (currently not implemented) |
+
+
+
### OIDCConfig.CookieAttributes.SameSite
diff --git a/config/gen/go/v1/config.pb.go b/config/gen/go/v1/config.pb.go
index 13d9517b..1cc3cae4 100644
--- a/config/gen/go/v1/config.pb.go
+++ b/config/gen/go/v1/config.pb.go
@@ -21,15 +21,13 @@
package configv1
import (
- reflect "reflect"
- sync "sync"
-
_ "github.com/envoyproxy/protoc-gen-validate/validate"
- protoreflect "google.golang.org/protobuf/reflect/protoreflect"
- protoimpl "google.golang.org/protobuf/runtime/protoimpl"
-
mock "github.com/istio-ecosystem/authservice/config/gen/go/v1/mock"
oidc "github.com/istio-ecosystem/authservice/config/gen/go/v1/oidc"
+ protoreflect "google.golang.org/protobuf/reflect/protoreflect"
+ protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ reflect "reflect"
+ sync "sync"
)
const (
diff --git a/config/gen/go/v1/mock/config.pb.go b/config/gen/go/v1/mock/config.pb.go
index aa6e950c..a50a7c9a 100644
--- a/config/gen/go/v1/mock/config.pb.go
+++ b/config/gen/go/v1/mock/config.pb.go
@@ -21,11 +21,10 @@
package mock
import (
- reflect "reflect"
- sync "sync"
-
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
+ reflect "reflect"
+ sync "sync"
)
const (
diff --git a/config/gen/go/v1/oidc/config.pb.go b/config/gen/go/v1/oidc/config.pb.go
index 67f33496..016773fb 100644
--- a/config/gen/go/v1/oidc/config.pb.go
+++ b/config/gen/go/v1/oidc/config.pb.go
@@ -21,14 +21,13 @@
package oidc
import (
- reflect "reflect"
- sync "sync"
-
_ "github.com/envoyproxy/protoc-gen-validate/validate"
protoreflect "google.golang.org/protobuf/reflect/protoreflect"
protoimpl "google.golang.org/protobuf/runtime/protoimpl"
durationpb "google.golang.org/protobuf/types/known/durationpb"
structpb "google.golang.org/protobuf/types/known/structpb"
+ reflect "reflect"
+ sync "sync"
)
const (
@@ -38,6 +37,65 @@ const (
_ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20)
)
+type OIDCConfig_ClientAuthenticationMethod int32
+
+const (
+ OIDCConfig_CLIENT_AUTHENTICATION_METHOD_UNSPECIFIED OIDCConfig_ClientAuthenticationMethod = 0
+ // Clients authenticate using the HTTP Basic authentication scheme
+ OIDCConfig_CLIENT_AUTHENTICATION_METHOD_BASIC OIDCConfig_ClientAuthenticationMethod = 1
+ // Clients authenticate by including the Client Credentials in the request body
+ OIDCConfig_CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_POST OIDCConfig_ClientAuthenticationMethod = 2
+ // Clients create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256 (currently not implemented)
+ OIDCConfig_CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_JWT OIDCConfig_ClientAuthenticationMethod = 3
+ // Clients that have registered a public key sign a JWT using that key (currently not implemented)
+ OIDCConfig_CLIENT_AUTHENTICATION_METHOD_PRIVATE_KEY_JWT OIDCConfig_ClientAuthenticationMethod = 4
+)
+
+// Enum value maps for OIDCConfig_ClientAuthenticationMethod.
+var (
+ OIDCConfig_ClientAuthenticationMethod_name = map[int32]string{
+ 0: "CLIENT_AUTHENTICATION_METHOD_UNSPECIFIED",
+ 1: "CLIENT_AUTHENTICATION_METHOD_BASIC",
+ 2: "CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_POST",
+ 3: "CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_JWT",
+ 4: "CLIENT_AUTHENTICATION_METHOD_PRIVATE_KEY_JWT",
+ }
+ OIDCConfig_ClientAuthenticationMethod_value = map[string]int32{
+ "CLIENT_AUTHENTICATION_METHOD_UNSPECIFIED": 0,
+ "CLIENT_AUTHENTICATION_METHOD_BASIC": 1,
+ "CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_POST": 2,
+ "CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_JWT": 3,
+ "CLIENT_AUTHENTICATION_METHOD_PRIVATE_KEY_JWT": 4,
+ }
+)
+
+func (x OIDCConfig_ClientAuthenticationMethod) Enum() *OIDCConfig_ClientAuthenticationMethod {
+ p := new(OIDCConfig_ClientAuthenticationMethod)
+ *p = x
+ return p
+}
+
+func (x OIDCConfig_ClientAuthenticationMethod) String() string {
+ return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x))
+}
+
+func (OIDCConfig_ClientAuthenticationMethod) Descriptor() protoreflect.EnumDescriptor {
+ return file_v1_oidc_config_proto_enumTypes[0].Descriptor()
+}
+
+func (OIDCConfig_ClientAuthenticationMethod) Type() protoreflect.EnumType {
+ return &file_v1_oidc_config_proto_enumTypes[0]
+}
+
+func (x OIDCConfig_ClientAuthenticationMethod) Number() protoreflect.EnumNumber {
+ return protoreflect.EnumNumber(x)
+}
+
+// Deprecated: Use OIDCConfig_ClientAuthenticationMethod.Descriptor instead.
+func (OIDCConfig_ClientAuthenticationMethod) EnumDescriptor() ([]byte, []int) {
+ return file_v1_oidc_config_proto_rawDescGZIP(), []int{3, 0}
+}
+
type OIDCConfig_CookieAttributes_SameSite int32
const (
@@ -90,11 +148,11 @@ func (x OIDCConfig_CookieAttributes_SameSite) String() string {
}
func (OIDCConfig_CookieAttributes_SameSite) Descriptor() protoreflect.EnumDescriptor {
- return file_v1_oidc_config_proto_enumTypes[0].Descriptor()
+ return file_v1_oidc_config_proto_enumTypes[1].Descriptor()
}
func (OIDCConfig_CookieAttributes_SameSite) Type() protoreflect.EnumType {
- return &file_v1_oidc_config_proto_enumTypes[0]
+ return &file_v1_oidc_config_proto_enumTypes[1]
}
func (x OIDCConfig_CookieAttributes_SameSite) Number() protoreflect.EnumNumber {
@@ -324,6 +382,9 @@ type OIDCConfig struct {
// *OIDCConfig_Jwks
// *OIDCConfig_JwksFetcher
JwksConfig isOIDCConfig_JwksConfig `protobuf_oneof:"jwks_config"`
+ // Available [Client Authentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
+ // methods
+ ClientAuthenticationMethod OIDCConfig_ClientAuthenticationMethod `protobuf:"varint,24,opt,name=client_authentication_method,json=clientAuthenticationMethod,proto3,enum=authservice.config.v1.oidc.OIDCConfig_ClientAuthenticationMethod" json:"client_authentication_method,omitempty"`
// The OIDC client ID assigned to the filter to be used in the
// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
// Required.
@@ -504,6 +565,13 @@ func (x *OIDCConfig) GetJwksFetcher() *OIDCConfig_JwksFetcherConfig {
return nil
}
+func (x *OIDCConfig) GetClientAuthenticationMethod() OIDCConfig_ClientAuthenticationMethod {
+ if x != nil {
+ return x.ClientAuthenticationMethod
+ }
+ return OIDCConfig_CLIENT_AUTHENTICATION_METHOD_UNSPECIFIED
+}
+
func (x *OIDCConfig) GetClientId() string {
if x != nil {
return x.ClientId
@@ -943,7 +1011,7 @@ var file_v1_oidc_config_proto_rawDesc = []byte{
0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72,
0x02, 0x10, 0x01, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x21, 0x0a, 0x0c, 0x72, 0x65, 0x64,
0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52,
- 0x0b, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x55, 0x72, 0x69, 0x22, 0xb0, 0x10, 0x0a,
+ 0x0b, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x55, 0x72, 0x69, 0x22, 0xc6, 0x13, 0x0a,
0x0a, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x2b, 0x0a, 0x11, 0x63,
0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69,
0x18, 0x13, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72,
@@ -962,136 +1030,161 @@ var file_v1_oidc_config_proto_rawDesc = []byte{
0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66,
0x69, 0x67, 0x2e, 0x4a, 0x77, 0x6b, 0x73, 0x46, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x43, 0x6f,
0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x0b, 0x6a, 0x77, 0x6b, 0x73, 0x46, 0x65, 0x74, 0x63,
- 0x68, 0x65, 0x72, 0x12, 0x28, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64,
- 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0b, 0xfa, 0x42, 0x08, 0x72, 0x06, 0x10, 0x01, 0xba,
- 0x01, 0x01, 0x3a, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x2e, 0x0a,
- 0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x06,
- 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, 0x01, 0x48, 0x01, 0x52,
- 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x12, 0x64, 0x0a,
- 0x11, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x72,
- 0x65, 0x66, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73,
- 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31,
- 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
- 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65,
- 0x48, 0x01, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74,
- 0x52, 0x65, 0x66, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x18, 0x07, 0x20,
- 0x03, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x63,
- 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69,
- 0x78, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x4e,
- 0x61, 0x6d, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x64, 0x0a, 0x11, 0x63, 0x6f, 0x6f,
- 0x6b, 0x69, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x18, 0x17,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69,
- 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64,
- 0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x43, 0x6f, 0x6f,
- 0x6b, 0x69, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x52, 0x10, 0x63,
- 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12,
- 0x4c, 0x0a, 0x08, 0x69, 0x64, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28,
- 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e,
- 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x54,
- 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a,
- 0x01, 0x02, 0x10, 0x01, 0x52, 0x07, 0x69, 0x64, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x4a, 0x0a,
- 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0a, 0x20,
- 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
- 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63,
- 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x0b, 0x61, 0x63,
- 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x40, 0x0a, 0x06, 0x6c, 0x6f, 0x67,
- 0x6f, 0x75, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x61, 0x75, 0x74, 0x68,
- 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76,
- 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4c, 0x6f, 0x67, 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e,
- 0x66, 0x69, 0x67, 0x52, 0x06, 0x6c, 0x6f, 0x67, 0x6f, 0x75, 0x74, 0x12, 0x38, 0x0a, 0x18, 0x61,
- 0x62, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x65, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f,
- 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x16, 0x61,
- 0x62, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x69,
- 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x30, 0x0a, 0x14, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x73, 0x65,
- 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x0d, 0x20,
- 0x01, 0x28, 0x0d, 0x52, 0x12, 0x69, 0x64, 0x6c, 0x65, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e,
- 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x44, 0x0a, 0x1d, 0x74, 0x72, 0x75, 0x73, 0x74,
- 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x48, 0x02,
- 0x52, 0x1b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
- 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x4d, 0x0a,
- 0x22, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
- 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x66,
- 0x69, 0x6c, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x48, 0x02, 0x52, 0x1f, 0x74, 0x72, 0x75,
- 0x73, 0x74, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41,
- 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x7d, 0x0a, 0x2e,
- 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
- 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x72, 0x65,
- 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x16,
- 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72,
- 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52,
- 0x2a, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63,
- 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x52, 0x65, 0x66, 0x72,
- 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x70,
- 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08,
- 0x70, 0x72, 0x6f, 0x78, 0x79, 0x55, 0x72, 0x69, 0x12, 0x64, 0x0a, 0x1a, 0x72, 0x65, 0x64, 0x69,
- 0x73, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f,
- 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61,
- 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69,
- 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x52, 0x65, 0x64, 0x69, 0x73, 0x43,
- 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x17, 0x72, 0x65, 0x64, 0x69, 0x73, 0x53, 0x65, 0x73, 0x73,
- 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x49,
- 0x0a, 0x15, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x70, 0x65,
- 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x12, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e,
- 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e,
- 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x73, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66,
- 0x79, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x1a, 0xbc, 0x01, 0x0a, 0x11, 0x4a, 0x77,
- 0x6b, 0x73, 0x46, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12,
- 0x19, 0x0a, 0x08, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28,
- 0x09, 0x52, 0x07, 0x6a, 0x77, 0x6b, 0x73, 0x55, 0x72, 0x69, 0x12, 0x3d, 0x0a, 0x1b, 0x70, 0x65,
- 0x72, 0x69, 0x6f, 0x64, 0x69, 0x63, 0x5f, 0x66, 0x65, 0x74, 0x63, 0x68, 0x5f, 0x69, 0x6e, 0x74,
- 0x65, 0x72, 0x76, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x63, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52,
- 0x18, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x69, 0x63, 0x46, 0x65, 0x74, 0x63, 0x68, 0x49, 0x6e,
- 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x53, 0x65, 0x63, 0x12, 0x4d, 0x0a, 0x15, 0x73, 0x6b, 0x69,
- 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65,
- 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c,
- 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65,
- 0x42, 0x02, 0x18, 0x01, 0x52, 0x12, 0x73, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79,
- 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x1a, 0x4c, 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x72,
- 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e,
- 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09,
- 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1b, 0x0a, 0x04, 0x6e, 0x61, 0x6d,
- 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72, 0x02, 0x10, 0x01,
- 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xa5, 0x02, 0x0a, 0x10, 0x43, 0x6f, 0x6f, 0x6b, 0x69,
- 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x67, 0x0a, 0x09, 0x73,
- 0x61, 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x40,
+ 0x68, 0x65, 0x72, 0x12, 0x83, 0x01, 0x0a, 0x1c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x61,
+ 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65,
+ 0x74, 0x68, 0x6f, 0x64, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x41, 0x2e, 0x61, 0x75, 0x74,
+ 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e,
+ 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74,
+ 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x52, 0x1a, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74,
+ 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x28, 0x0a, 0x09, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0b, 0xfa, 0x42,
+ 0x08, 0x72, 0x06, 0x10, 0x01, 0xba, 0x01, 0x01, 0x3a, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e,
+ 0x74, 0x49, 0x64, 0x12, 0x2e, 0x0a, 0x0d, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65,
+ 0x63, 0x72, 0x65, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa, 0x42, 0x04, 0x72,
+ 0x02, 0x10, 0x01, 0x48, 0x01, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x65, 0x63,
+ 0x72, 0x65, 0x74, 0x12, 0x64, 0x0a, 0x11, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65,
+ 0x63, 0x72, 0x65, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36,
0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e,
0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43,
- 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x41, 0x74, 0x74,
- 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x53, 0x61, 0x6d, 0x65, 0x53, 0x69, 0x74, 0x65,
- 0x42, 0x08, 0xfa, 0x42, 0x05, 0x82, 0x01, 0x02, 0x10, 0x01, 0x52, 0x08, 0x73, 0x61, 0x6d, 0x65,
- 0x53, 0x69, 0x74, 0x65, 0x12, 0x22, 0x0a, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02,
- 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xfa, 0x42, 0x07, 0x72, 0x05, 0xd0, 0x01, 0x01, 0x68, 0x01,
- 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x20, 0x0a, 0x0b, 0x70, 0x61, 0x72, 0x74,
- 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x70,
- 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x65, 0x64, 0x22, 0x62, 0x0a, 0x08, 0x53, 0x61,
- 0x6d, 0x65, 0x53, 0x69, 0x74, 0x65, 0x12, 0x19, 0x0a, 0x15, 0x53, 0x41, 0x4d, 0x45, 0x5f, 0x53,
- 0x49, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
- 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x53, 0x41, 0x4d, 0x45, 0x5f, 0x53, 0x49, 0x54, 0x45, 0x5f, 0x4c,
- 0x41, 0x58, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x41, 0x4d, 0x45, 0x5f, 0x53, 0x49, 0x54,
- 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x53, 0x41,
- 0x4d, 0x45, 0x5f, 0x53, 0x49, 0x54, 0x45, 0x5f, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x03, 0x42, 0x0d,
- 0x0a, 0x0b, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0x1b, 0x0a,
- 0x14, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x63,
- 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x03, 0xf8, 0x42, 0x01, 0x42, 0x13, 0x0a, 0x11, 0x74, 0x72,
- 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x61, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42,
- 0xf7, 0x01, 0x0a, 0x1e, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76,
- 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69,
- 0x64, 0x63, 0x42, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
- 0x01, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x69, 0x73,
- 0x74, 0x69, 0x6f, 0x2d, 0x65, 0x63, 0x6f, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x2f, 0x61, 0x75,
- 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
- 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31, 0x2f, 0x6f, 0x69, 0x64, 0x63, 0xa2,
- 0x02, 0x04, 0x41, 0x43, 0x56, 0x4f, 0xaa, 0x02, 0x1a, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72,
- 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x56, 0x31, 0x2e, 0x4f,
- 0x69, 0x64, 0x63, 0xca, 0x02, 0x1a, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63,
- 0x65, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5c, 0x56, 0x31, 0x5c, 0x4f, 0x69, 0x64, 0x63,
- 0xe2, 0x02, 0x26, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x43,
- 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5c, 0x56, 0x31, 0x5c, 0x4f, 0x69, 0x64, 0x63, 0x5c, 0x47, 0x50,
- 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x1d, 0x41, 0x75, 0x74, 0x68,
- 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x3a,
- 0x3a, 0x56, 0x31, 0x3a, 0x3a, 0x4f, 0x69, 0x64, 0x63, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f,
- 0x33,
+ 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x65, 0x66,
+ 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x48, 0x01, 0x52, 0x0f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
+ 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x6f,
+ 0x70, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x6f, 0x70, 0x65,
+ 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65,
+ 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x63,
+ 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12,
+ 0x64, 0x0a, 0x11, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62,
+ 0x75, 0x74, 0x65, 0x73, 0x18, 0x17, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x61, 0x75, 0x74,
+ 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e,
+ 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x2e, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75,
+ 0x74, 0x65, 0x73, 0x52, 0x10, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69,
+ 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x4c, 0x0a, 0x08, 0x69, 0x64, 0x5f, 0x74, 0x6f, 0x6b, 0x65,
+ 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65,
+ 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e,
+ 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+ 0x42, 0x08, 0xfa, 0x42, 0x05, 0x8a, 0x01, 0x02, 0x10, 0x01, 0x52, 0x07, 0x69, 0x64, 0x54, 0x6f,
+ 0x6b, 0x65, 0x6e, 0x12, 0x4a, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f,
+ 0x6b, 0x65, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68,
+ 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76,
+ 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x43, 0x6f, 0x6e, 0x66,
+ 0x69, 0x67, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12,
+ 0x40, 0x0a, 0x06, 0x6c, 0x6f, 0x67, 0x6f, 0x75, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32,
+ 0x28, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f,
+ 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e, 0x4c, 0x6f, 0x67,
+ 0x6f, 0x75, 0x74, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x06, 0x6c, 0x6f, 0x67, 0x6f, 0x75,
+ 0x74, 0x12, 0x38, 0x0a, 0x18, 0x61, 0x62, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x65, 0x5f, 0x73, 0x65,
+ 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x0c, 0x20,
+ 0x01, 0x28, 0x0d, 0x52, 0x16, 0x61, 0x62, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x65, 0x53, 0x65, 0x73,
+ 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x30, 0x0a, 0x14, 0x69,
+ 0x64, 0x6c, 0x65, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65,
+ 0x6f, 0x75, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x12, 0x69, 0x64, 0x6c, 0x65, 0x53,
+ 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x44, 0x0a,
+ 0x1d, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69,
+ 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x0e,
+ 0x20, 0x01, 0x28, 0x09, 0x48, 0x02, 0x52, 0x1b, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43,
+ 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72,
+ 0x69, 0x74, 0x79, 0x12, 0x4d, 0x0a, 0x22, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63,
+ 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f,
+ 0x72, 0x69, 0x74, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x09, 0x48,
+ 0x02, 0x52, 0x1f, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66,
+ 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x46, 0x69,
+ 0x6c, 0x65, 0x12, 0x7d, 0x0a, 0x2e, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x65,
+ 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72,
+ 0x69, 0x74, 0x79, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65,
+ 0x72, 0x76, 0x61, 0x6c, 0x18, 0x16, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f,
+ 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72,
+ 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x2a, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x43, 0x65,
+ 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69,
+ 0x74, 0x79, 0x52, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61,
+ 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x0f,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x55, 0x72, 0x69, 0x12, 0x64,
+ 0x0a, 0x1a, 0x72, 0x65, 0x64, 0x69, 0x73, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f,
+ 0x73, 0x74, 0x6f, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x10, 0x20, 0x01,
+ 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65,
+ 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x2e,
+ 0x52, 0x65, 0x64, 0x69, 0x73, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x52, 0x17, 0x72, 0x65, 0x64,
+ 0x69, 0x73, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x53, 0x74, 0x6f, 0x72, 0x65, 0x43, 0x6f,
+ 0x6e, 0x66, 0x69, 0x67, 0x12, 0x49, 0x0a, 0x15, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72,
+ 0x69, 0x66, 0x79, 0x5f, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x12, 0x20,
+ 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f,
+ 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x73, 0x6b, 0x69,
+ 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x1a,
+ 0xbc, 0x01, 0x0a, 0x11, 0x4a, 0x77, 0x6b, 0x73, 0x46, 0x65, 0x74, 0x63, 0x68, 0x65, 0x72, 0x43,
+ 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x19, 0x0a, 0x08, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x75, 0x72,
+ 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6a, 0x77, 0x6b, 0x73, 0x55, 0x72, 0x69,
+ 0x12, 0x3d, 0x0a, 0x1b, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x69, 0x63, 0x5f, 0x66, 0x65, 0x74,
+ 0x63, 0x68, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x63, 0x18,
+ 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x18, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x69, 0x63, 0x46,
+ 0x65, 0x74, 0x63, 0x68, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x53, 0x65, 0x63, 0x12,
+ 0x4d, 0x0a, 0x15, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x70,
+ 0x65, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16,
+ 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66,
+ 0x2e, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x12, 0x73, 0x6b, 0x69, 0x70,
+ 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x50, 0x65, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x1a, 0x4c,
+ 0x0a, 0x0f, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63,
+ 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12,
+ 0x1b, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x07, 0xfa,
+ 0x42, 0x04, 0x72, 0x02, 0x10, 0x01, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xa5, 0x02, 0x0a,
+ 0x10, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65,
+ 0x73, 0x12, 0x67, 0x0a, 0x09, 0x73, 0x61, 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x74, 0x65, 0x18, 0x01,
+ 0x20, 0x01, 0x28, 0x0e, 0x32, 0x40, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69,
+ 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64,
+ 0x63, 0x2e, 0x4f, 0x49, 0x44, 0x43, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x43, 0x6f, 0x6f,
+ 0x6b, 0x69, 0x65, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x53, 0x61,
+ 0x6d, 0x65, 0x53, 0x69, 0x74, 0x65, 0x42, 0x08, 0xfa, 0x42, 0x05, 0x82, 0x01, 0x02, 0x10, 0x01,
+ 0x52, 0x08, 0x73, 0x61, 0x6d, 0x65, 0x53, 0x69, 0x74, 0x65, 0x12, 0x22, 0x0a, 0x06, 0x64, 0x6f,
+ 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x0a, 0xfa, 0x42, 0x07, 0x72,
+ 0x05, 0xd0, 0x01, 0x01, 0x68, 0x01, 0x52, 0x06, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x20,
+ 0x0a, 0x0b, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x65, 0x64, 0x18, 0x03, 0x20,
+ 0x01, 0x28, 0x08, 0x52, 0x0b, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x65, 0x64,
+ 0x22, 0x62, 0x0a, 0x08, 0x53, 0x61, 0x6d, 0x65, 0x53, 0x69, 0x74, 0x65, 0x12, 0x19, 0x0a, 0x15,
+ 0x53, 0x41, 0x4d, 0x45, 0x5f, 0x53, 0x49, 0x54, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43,
+ 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x53, 0x41, 0x4d, 0x45, 0x5f,
+ 0x53, 0x49, 0x54, 0x45, 0x5f, 0x4c, 0x41, 0x58, 0x10, 0x01, 0x12, 0x14, 0x0a, 0x10, 0x53, 0x41,
+ 0x4d, 0x45, 0x5f, 0x53, 0x49, 0x54, 0x45, 0x5f, 0x53, 0x54, 0x52, 0x49, 0x43, 0x54, 0x10, 0x02,
+ 0x12, 0x12, 0x0a, 0x0e, 0x53, 0x41, 0x4d, 0x45, 0x5f, 0x53, 0x49, 0x54, 0x45, 0x5f, 0x4e, 0x4f,
+ 0x4e, 0x45, 0x10, 0x03, 0x22, 0x8d, 0x02, 0x0a, 0x1a, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x41,
+ 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x65, 0x74,
+ 0x68, 0x6f, 0x64, 0x12, 0x2c, 0x0a, 0x28, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x41, 0x55,
+ 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4d, 0x45, 0x54,
+ 0x48, 0x4f, 0x44, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10,
+ 0x00, 0x12, 0x26, 0x0a, 0x22, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x41, 0x55, 0x54, 0x48,
+ 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f,
+ 0x44, 0x5f, 0x42, 0x41, 0x53, 0x49, 0x43, 0x10, 0x01, 0x12, 0x33, 0x0a, 0x2f, 0x43, 0x4c, 0x49,
+ 0x45, 0x4e, 0x54, 0x5f, 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x49,
+ 0x4f, 0x4e, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54,
+ 0x5f, 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x5f, 0x50, 0x4f, 0x53, 0x54, 0x10, 0x02, 0x12, 0x32,
+ 0x0a, 0x2e, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54,
+ 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4d, 0x45, 0x54, 0x48, 0x4f, 0x44, 0x5f, 0x43,
+ 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x53, 0x45, 0x43, 0x52, 0x45, 0x54, 0x5f, 0x4a, 0x57, 0x54,
+ 0x10, 0x03, 0x12, 0x30, 0x0a, 0x2c, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x41, 0x55, 0x54,
+ 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x4d, 0x45, 0x54, 0x48,
+ 0x4f, 0x44, 0x5f, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54, 0x45, 0x5f, 0x4b, 0x45, 0x59, 0x5f, 0x4a,
+ 0x57, 0x54, 0x10, 0x04, 0x42, 0x0d, 0x0a, 0x0b, 0x6a, 0x77, 0x6b, 0x73, 0x5f, 0x63, 0x6f, 0x6e,
+ 0x66, 0x69, 0x67, 0x42, 0x1b, 0x0a, 0x14, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65,
+ 0x63, 0x72, 0x65, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x03, 0xf8, 0x42, 0x01,
+ 0x42, 0x13, 0x0a, 0x11, 0x74, 0x72, 0x75, 0x73, 0x74, 0x65, 0x64, 0x5f, 0x63, 0x61, 0x5f, 0x63,
+ 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x42, 0xf7, 0x01, 0x0a, 0x1e, 0x63, 0x6f, 0x6d, 0x2e, 0x61, 0x75,
+ 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+ 0x2e, 0x76, 0x31, 0x2e, 0x6f, 0x69, 0x64, 0x63, 0x42, 0x0b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67,
+ 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e,
+ 0x63, 0x6f, 0x6d, 0x2f, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2d, 0x65, 0x63, 0x6f, 0x73, 0x79, 0x73,
+ 0x74, 0x65, 0x6d, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f,
+ 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x2f, 0x67, 0x6f, 0x2f, 0x76, 0x31,
+ 0x2f, 0x6f, 0x69, 0x64, 0x63, 0xa2, 0x02, 0x04, 0x41, 0x43, 0x56, 0x4f, 0xaa, 0x02, 0x1a, 0x41,
+ 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69,
+ 0x67, 0x2e, 0x56, 0x31, 0x2e, 0x4f, 0x69, 0x64, 0x63, 0xca, 0x02, 0x1a, 0x41, 0x75, 0x74, 0x68,
+ 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5c, 0x56,
+ 0x31, 0x5c, 0x4f, 0x69, 0x64, 0x63, 0xe2, 0x02, 0x26, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72,
+ 0x76, 0x69, 0x63, 0x65, 0x5c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5c, 0x56, 0x31, 0x5c, 0x4f,
+ 0x69, 0x64, 0x63, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea,
+ 0x02, 0x1d, 0x41, 0x75, 0x74, 0x68, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x3a, 0x3a, 0x43,
+ 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x3a, 0x3a, 0x56, 0x31, 0x3a, 0x3a, 0x4f, 0x69, 0x64, 0x63, 0x62,
+ 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
}
var (
@@ -1106,37 +1199,39 @@ func file_v1_oidc_config_proto_rawDescGZIP() []byte {
return file_v1_oidc_config_proto_rawDescData
}
-var file_v1_oidc_config_proto_enumTypes = make([]protoimpl.EnumInfo, 1)
+var file_v1_oidc_config_proto_enumTypes = make([]protoimpl.EnumInfo, 2)
var file_v1_oidc_config_proto_msgTypes = make([]protoimpl.MessageInfo, 7)
var file_v1_oidc_config_proto_goTypes = []interface{}{
- (OIDCConfig_CookieAttributes_SameSite)(0), // 0: authservice.config.v1.oidc.OIDCConfig.CookieAttributes.SameSite
- (*TokenConfig)(nil), // 1: authservice.config.v1.oidc.TokenConfig
- (*RedisConfig)(nil), // 2: authservice.config.v1.oidc.RedisConfig
- (*LogoutConfig)(nil), // 3: authservice.config.v1.oidc.LogoutConfig
- (*OIDCConfig)(nil), // 4: authservice.config.v1.oidc.OIDCConfig
- (*OIDCConfig_JwksFetcherConfig)(nil), // 5: authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig
- (*OIDCConfig_SecretReference)(nil), // 6: authservice.config.v1.oidc.OIDCConfig.SecretReference
- (*OIDCConfig_CookieAttributes)(nil), // 7: authservice.config.v1.oidc.OIDCConfig.CookieAttributes
- (*durationpb.Duration)(nil), // 8: google.protobuf.Duration
- (*structpb.Value)(nil), // 9: google.protobuf.Value
+ (OIDCConfig_ClientAuthenticationMethod)(0), // 0: authservice.config.v1.oidc.OIDCConfig.ClientAuthenticationMethod
+ (OIDCConfig_CookieAttributes_SameSite)(0), // 1: authservice.config.v1.oidc.OIDCConfig.CookieAttributes.SameSite
+ (*TokenConfig)(nil), // 2: authservice.config.v1.oidc.TokenConfig
+ (*RedisConfig)(nil), // 3: authservice.config.v1.oidc.RedisConfig
+ (*LogoutConfig)(nil), // 4: authservice.config.v1.oidc.LogoutConfig
+ (*OIDCConfig)(nil), // 5: authservice.config.v1.oidc.OIDCConfig
+ (*OIDCConfig_JwksFetcherConfig)(nil), // 6: authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig
+ (*OIDCConfig_SecretReference)(nil), // 7: authservice.config.v1.oidc.OIDCConfig.SecretReference
+ (*OIDCConfig_CookieAttributes)(nil), // 8: authservice.config.v1.oidc.OIDCConfig.CookieAttributes
+ (*durationpb.Duration)(nil), // 9: google.protobuf.Duration
+ (*structpb.Value)(nil), // 10: google.protobuf.Value
}
var file_v1_oidc_config_proto_depIdxs = []int32{
- 5, // 0: authservice.config.v1.oidc.OIDCConfig.jwks_fetcher:type_name -> authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig
- 6, // 1: authservice.config.v1.oidc.OIDCConfig.client_secret_ref:type_name -> authservice.config.v1.oidc.OIDCConfig.SecretReference
- 7, // 2: authservice.config.v1.oidc.OIDCConfig.cookie_attributes:type_name -> authservice.config.v1.oidc.OIDCConfig.CookieAttributes
- 1, // 3: authservice.config.v1.oidc.OIDCConfig.id_token:type_name -> authservice.config.v1.oidc.TokenConfig
- 1, // 4: authservice.config.v1.oidc.OIDCConfig.access_token:type_name -> authservice.config.v1.oidc.TokenConfig
- 3, // 5: authservice.config.v1.oidc.OIDCConfig.logout:type_name -> authservice.config.v1.oidc.LogoutConfig
- 8, // 6: authservice.config.v1.oidc.OIDCConfig.trusted_certificate_authority_refresh_interval:type_name -> google.protobuf.Duration
- 2, // 7: authservice.config.v1.oidc.OIDCConfig.redis_session_store_config:type_name -> authservice.config.v1.oidc.RedisConfig
- 9, // 8: authservice.config.v1.oidc.OIDCConfig.skip_verify_peer_cert:type_name -> google.protobuf.Value
- 9, // 9: authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig.skip_verify_peer_cert:type_name -> google.protobuf.Value
- 0, // 10: authservice.config.v1.oidc.OIDCConfig.CookieAttributes.same_site:type_name -> authservice.config.v1.oidc.OIDCConfig.CookieAttributes.SameSite
- 11, // [11:11] is the sub-list for method output_type
- 11, // [11:11] is the sub-list for method input_type
- 11, // [11:11] is the sub-list for extension type_name
- 11, // [11:11] is the sub-list for extension extendee
- 0, // [0:11] is the sub-list for field type_name
+ 6, // 0: authservice.config.v1.oidc.OIDCConfig.jwks_fetcher:type_name -> authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig
+ 0, // 1: authservice.config.v1.oidc.OIDCConfig.client_authentication_method:type_name -> authservice.config.v1.oidc.OIDCConfig.ClientAuthenticationMethod
+ 7, // 2: authservice.config.v1.oidc.OIDCConfig.client_secret_ref:type_name -> authservice.config.v1.oidc.OIDCConfig.SecretReference
+ 8, // 3: authservice.config.v1.oidc.OIDCConfig.cookie_attributes:type_name -> authservice.config.v1.oidc.OIDCConfig.CookieAttributes
+ 2, // 4: authservice.config.v1.oidc.OIDCConfig.id_token:type_name -> authservice.config.v1.oidc.TokenConfig
+ 2, // 5: authservice.config.v1.oidc.OIDCConfig.access_token:type_name -> authservice.config.v1.oidc.TokenConfig
+ 4, // 6: authservice.config.v1.oidc.OIDCConfig.logout:type_name -> authservice.config.v1.oidc.LogoutConfig
+ 9, // 7: authservice.config.v1.oidc.OIDCConfig.trusted_certificate_authority_refresh_interval:type_name -> google.protobuf.Duration
+ 3, // 8: authservice.config.v1.oidc.OIDCConfig.redis_session_store_config:type_name -> authservice.config.v1.oidc.RedisConfig
+ 10, // 9: authservice.config.v1.oidc.OIDCConfig.skip_verify_peer_cert:type_name -> google.protobuf.Value
+ 10, // 10: authservice.config.v1.oidc.OIDCConfig.JwksFetcherConfig.skip_verify_peer_cert:type_name -> google.protobuf.Value
+ 1, // 11: authservice.config.v1.oidc.OIDCConfig.CookieAttributes.same_site:type_name -> authservice.config.v1.oidc.OIDCConfig.CookieAttributes.SameSite
+ 12, // [12:12] is the sub-list for method output_type
+ 12, // [12:12] is the sub-list for method input_type
+ 12, // [12:12] is the sub-list for extension type_name
+ 12, // [12:12] is the sub-list for extension extendee
+ 0, // [0:12] is the sub-list for field type_name
}
func init() { file_v1_oidc_config_proto_init() }
@@ -1243,7 +1338,7 @@ func file_v1_oidc_config_proto_init() {
File: protoimpl.DescBuilder{
GoPackagePath: reflect.TypeOf(x{}).PkgPath(),
RawDescriptor: file_v1_oidc_config_proto_rawDesc,
- NumEnums: 1,
+ NumEnums: 2,
NumMessages: 7,
NumExtensions: 0,
NumServices: 0,
diff --git a/config/gen/go/v1/oidc/config.pb.validate.go b/config/gen/go/v1/oidc/config.pb.validate.go
index 74accb4d..95b4f841 100644
--- a/config/gen/go/v1/oidc/config.pb.validate.go
+++ b/config/gen/go/v1/oidc/config.pb.validate.go
@@ -408,6 +408,8 @@ func (m *OIDCConfig) validate(all bool) error {
errors = append(errors, err)
}
+ // no validation rules for ClientAuthenticationMethod
+
if utf8.RuneCountInString(m.GetClientId()) < 1 {
err := OIDCConfigValidationError{
field: "ClientId",
diff --git a/config/v1/oidc/config.proto b/config/v1/oidc/config.proto
index 9433c1c4..59d66684 100644
--- a/config/v1/oidc/config.proto
+++ b/config/v1/oidc/config.proto
@@ -129,6 +129,30 @@ message OIDCConfig {
JwksFetcherConfig jwks_fetcher = 17;
}
+ enum ClientAuthenticationMethod {
+ CLIENT_AUTHENTICATION_METHOD_UNSPECIFIED = 0;
+
+ // Clients authenticate using the HTTP Basic authentication scheme
+ CLIENT_AUTHENTICATION_METHOD_BASIC = 1;
+
+ // Clients authenticate by including the Client Credentials in the request body
+ CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_POST = 2;
+
+
+ // Clients create a JWT using an HMAC SHA algorithm, such as HMAC SHA-256 (currently not implemented)
+ CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_JWT = 3;
+
+
+ // Clients that have registered a public key sign a JWT using that key (currently not implemented)
+ CLIENT_AUTHENTICATION_METHOD_PRIVATE_KEY_JWT = 4;
+
+
+ }
+
+ // Available [Client Authentication](https://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication)
+ // methods
+ ClientAuthenticationMethod client_authentication_method = 24;
+
// The OIDC client ID assigned to the filter to be used in the
// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
// Required.
diff --git a/e2e/keycloak/authz-config.json b/e2e/keycloak/authz-config.json
index 4f158cc5..a0442c01 100644
--- a/e2e/keycloak/authz-config.json
+++ b/e2e/keycloak/authz-config.json
@@ -21,6 +21,7 @@
"access_token": {
"header": "x-access-token"
},
+ "client_authentication_method" : "client_secret_basic",
"logout": {
"path": "/logout"
},
diff --git a/internal/authz/oidc.go b/internal/authz/oidc.go
index e8da0dbe..16421f42 100644
--- a/internal/authz/oidc.go
+++ b/internal/authz/oidc.go
@@ -331,18 +331,18 @@ func (o *oidcHandler) retrieveTokens(ctx context.Context, log telemetry.Logger,
return
}
- // build body
- form := url.Values{
- "grant_type": []string{"authorization_code"},
- "code": []string{codeFromReq},
- "redirect_uri": []string{o.config.GetCallbackUri()},
- "code_verifier": []string{stateFromStore.CodeVerifier},
+ headers, err := buildAuthHeader(o.config)
+ if err != nil {
+ log.Error("error building auth header", err)
+ setDenyResponse(resp, newSessionErrorResponse(), codes.Unauthenticated)
+ return
}
- // build headers
- headers := http.Header{
- inthttp.HeaderContentType: []string{inthttp.HeaderContentTypeFormURLEncoded},
- inthttp.HeaderAuthorization: []string{inthttp.BasicAuthHeader(o.config.GetClientId(), o.config.GetClientSecret())},
+ form, err := buildAuthParams(o.config, codeFromReq, stateFromReq)
+ if err != nil {
+ log.Error("error building auth params", err)
+ setDenyResponse(resp, newSessionErrorResponse(), codes.Unauthenticated)
+ return
}
log.Info("performing request to retrieve new tokens")
@@ -396,6 +396,99 @@ func (o *oidcHandler) retrieveTokens(ctx context.Context, log telemetry.Logger,
setDenyResponse(resp, deny, codes.Unauthenticated)
}
+// buildAuthHeader builds the authorization header for the client according to the
+// client authentication method specified in the OIDCConfig.
+//
+// The function returns an error if the client authentication method is unspecified
+// or if the implementation for the specified method is not supported.
+func buildAuthHeader(config *oidcv1.OIDCConfig) (http.Header, error) {
+
+ var headers http.Header
+ switch config.GetClientAuthenticationMethod() {
+ case oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_BASIC:
+
+ // Build basic auth header
+ headers = http.Header{
+ inthttp.HeaderContentType: []string{inthttp.HeaderContentTypeFormURLEncoded},
+ inthttp.HeaderAuthorization: []string{inthttp.BasicAuthHeader(config.GetClientId(), config.GetClientSecret())},
+ }
+
+ case oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_POST:
+
+ // Build post auth header
+ headers = http.Header{
+ inthttp.HeaderContentType: []string{inthttp.HeaderContentTypeFormURLEncoded},
+ }
+
+ case oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_JWT:
+ // Build jwt auth header
+ // TODO: implement jwt auth header
+ return nil, errors.New("client authentication method client_secret_jwt is not implemented")
+ case oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_PRIVATE_KEY_JWT:
+ // Build private key jwt auth header
+ // TODO: implement private key jwt auth header
+ return nil, errors.New("client authentication method private_key_jwt is not implemented")
+ default:
+ // Builds basic auth header
+ headers = http.Header{
+ inthttp.HeaderContentType: []string{inthttp.HeaderContentTypeFormURLEncoded},
+ inthttp.HeaderAuthorization: []string{inthttp.BasicAuthHeader(config.GetClientId(), config.GetClientSecret())},
+ }
+ }
+
+ return headers, nil
+}
+
+func buildAuthParams(config *oidcv1.OIDCConfig, codeFromReq string, codeVerifierFromReq string) (url.Values, error) {
+ var params url.Values
+ switch config.GetClientAuthenticationMethod() {
+ case oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_BASIC:
+
+ params = url.Values{
+ "grant_type": []string{"authorization_code"},
+ "code": []string{codeFromReq},
+ "redirect_uri": []string{config.GetCallbackUri()},
+ "code_verifier": []string{codeVerifierFromReq},
+ }
+
+ return params, nil
+
+ case oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_POST:
+ // Build post auth params
+ params = url.Values{
+ "grant_type": []string{"authorization_code"},
+ "code": []string{codeFromReq},
+ "redirect_uri": []string{config.GetCallbackUri()},
+ "code_verifier": []string{codeVerifierFromReq},
+ "client_id": []string{config.GetClientId()},
+ "client_secret": []string{config.GetClientSecret()},
+ }
+
+ case oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_JWT:
+ // Build jwt auth params
+ // TODO: implement jwt auth params
+ return nil, errors.New("client authentication method client_secret_jwt is not implemented")
+
+ case oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_PRIVATE_KEY_JWT:
+ // Build private key jwt auth params
+ // TODO: implement private key jwt auth params
+ return nil, errors.New("client authentication method private_key_jwt is not implemented")
+
+ default:
+
+ // Build basic auth params
+ params = url.Values{
+ "grant_type": []string{"authorization_code"},
+ "code": []string{codeFromReq},
+ "redirect_uri": []string{config.GetCallbackUri()},
+ "code_verifier": []string{codeVerifierFromReq},
+ }
+
+ return params, nil
+ }
+ return params, nil
+}
+
// refreshToken retrieves new tokens from the Identity Provider using the given refresh token.
func (o *oidcHandler) refreshToken(ctx context.Context, log telemetry.Logger, expiredTokens *oidc.TokenResponse, token, sessionID string) *oidc.TokenResponse {
store := o.sessions.Get(o.config)
@@ -802,7 +895,6 @@ func getCookieDirectives(config *oidcv1.OIDCConfig, timeout time.Duration) []str
} else {
directives = append(directives, inthttp.HeaderSetCookieSameSiteLax)
}
-
if timeout >= 0 {
directives = append(directives, fmt.Sprintf("%s=%d", inthttp.HeaderSetCookieMaxAge, int(timeout.Seconds())))
}
diff --git a/internal/authz/oidc_test.go b/internal/authz/oidc_test.go
index e78a80dd..af196fcd 100644
--- a/internal/authz/oidc_test.go
+++ b/internal/authz/oidc_test.go
@@ -133,6 +133,30 @@ var (
newCodeVerifier = "new-code-verifier"
basicOIDCConfig = &oidcv1.OIDCConfig{
+ IdToken: &oidcv1.TokenConfig{
+ Header: "Authorization",
+ Preamble: "Bearer",
+ },
+ AccessToken: &oidcv1.TokenConfig{
+ Header: "X-Access-Token",
+ Preamble: "Bearer",
+ },
+ TokenUri: "http://idp-test-server/token",
+ AuthorizationUri: "http://idp-test-server/auth",
+ CallbackUri: "https://localhost:443/callback",
+ ClientId: "test-client-id",
+ ClientSecretConfig: &oidcv1.OIDCConfig_ClientSecret{
+ ClientSecret: "test-client-secret",
+ },
+ ClientAuthenticationMethod: oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_BASIC,
+ Scopes: []string{"openid", "email"},
+ Logout: &oidcv1.LogoutConfig{
+ Path: "/logout",
+ RedirectUri: "http://idp-test-server/logout?with-params",
+ },
+ }
+
+ emptyAuthMethodOIDCConfig = &oidcv1.OIDCConfig{
IdToken: &oidcv1.TokenConfig{
Header: "Authorization",
Preamble: "Bearer",
@@ -155,6 +179,54 @@ var (
},
}
+ postOIDCConfig = &oidcv1.OIDCConfig{
+ IdToken: &oidcv1.TokenConfig{
+ Header: "Authorization",
+ Preamble: "Bearer",
+ },
+ AccessToken: &oidcv1.TokenConfig{
+ Header: "X-Access-Token",
+ Preamble: "Bearer",
+ },
+ TokenUri: "http://idp-test-server/token",
+ AuthorizationUri: "http://idp-test-server/auth",
+ CallbackUri: "https://localhost:443/callback",
+ ClientId: "test-client-id",
+ ClientSecretConfig: &oidcv1.OIDCConfig_ClientSecret{
+ ClientSecret: "test-client-secret",
+ },
+ ClientAuthenticationMethod: oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_POST,
+ Scopes: []string{"openid", "email"},
+ Logout: &oidcv1.LogoutConfig{
+ Path: "/logout",
+ RedirectUri: "http://idp-test-server/logout?with-params",
+ },
+ }
+
+ jwtAuthMethodOIDCConfig = &oidcv1.OIDCConfig{
+ IdToken: &oidcv1.TokenConfig{
+ Header: "Authorization",
+ Preamble: "Bearer",
+ },
+ AccessToken: &oidcv1.TokenConfig{
+ Header: "X-Access-Token",
+ Preamble: "Bearer",
+ },
+ TokenUri: "http://idp-test-server/token",
+ AuthorizationUri: "http://idp-test-server/auth",
+ CallbackUri: "https://localhost:443/callback",
+ ClientId: "test-client-id",
+ ClientSecretConfig: &oidcv1.OIDCConfig_ClientSecret{
+ ClientSecret: "test-client-secret",
+ },
+ ClientAuthenticationMethod: oidcv1.OIDCConfig_CLIENT_AUTHENTICATION_METHOD_CLIENT_SECRET_JWT,
+ Scopes: []string{"openid", "email"},
+ Logout: &oidcv1.LogoutConfig{
+ Path: "/logout",
+ RedirectUri: "http://idp-test-server/logout?with-params",
+ },
+ }
+
dynamicOIDCConfig = &oidcv1.OIDCConfig{
IdToken: &oidcv1.TokenConfig{
Header: "Authorization",
@@ -205,7 +277,64 @@ var (
wantRedirectBaseURI = "http://idp-test-server/auth"
)
-func TestOIDCProcess(t *testing.T) {
+func TestBasicClientAuthenticationMethod(t *testing.T) {
+
+ testOIDCProcessReusable(t, basicOIDCConfig)
+}
+
+func TestPostClientAuthenticationMethod(t *testing.T) {
+
+ testOIDCProcessReusable(t, postOIDCConfig)
+}
+
+func TestEmptyClientAuthenticationMethod(t *testing.T) {
+
+ testOIDCProcessReusable(t, emptyAuthMethodOIDCConfig)
+}
+
+func TestJWTClientAuthenticationMethodUnauthenticated(t *testing.T) {
+
+ jwkPriv, _ := newKeyPair(t)
+
+ clock := oidc.Clock{}
+ sessions := &mockSessionStoreFactory{store: oidc.NewMemoryStore(&clock, time.Hour, time.Hour)}
+ store := sessions.Get(jwtAuthMethodOIDCConfig)
+ tlsPool := internal.NewTLSConfigPool(context.Background())
+ h, err := NewOIDCHandler(jwtAuthMethodOIDCConfig, tlsPool,
+ oidc.NewJWKSProvider(newConfigFor(basicOIDCConfig), tlsPool), sessions, clock,
+ oidc.NewStaticGenerator(newSessionID, newNonce, newState, newCodeVerifier))
+ require.NoError(t, err)
+
+ idpServer := newServer(wellKnownURIs)
+ h.(*oidcHandler).httpClient = idpServer.newHTTPClient()
+
+ ctx := context.Background()
+
+ idpServer.Start()
+ t.Cleanup(func() {
+ idpServer.Stop()
+ require.NoError(t, store.RemoveSession(ctx, sessionID))
+ })
+
+ idpServer.tokensResponse = &idpTokensResponse{
+ IDToken: newJWT(t, jwkPriv, jwt.NewBuilder().Audience([]string{"test-client-id"}).Claim("nonce", newNonce)),
+ AccessToken: "access-token",
+ TokenType: "Bearer",
+ }
+ idpServer.statusCode = http.StatusOK
+
+ require.NoError(t, store.SetAuthorizationState(ctx, sessionID, validAuthState))
+
+ t.Run("callback request ", func(t *testing.T) {
+ resp := &envoy.CheckResponse{}
+ require.NoError(t, h.Process(ctx, callbackRequest, resp))
+ require.Equal(t, int32(codes.Unauthenticated), resp.GetStatus().GetCode())
+ requireStandardResponseHeaders(t, resp)
+ requireStoredTokens(t, store, sessionID, false)
+ })
+}
+
+func testOIDCProcessReusable(t *testing.T, oidcConfig *oidcv1.OIDCConfig) {
unknownJWKPriv, _ := newKeyPair(t)
jwkPriv, jwkPub := newKeyPair(t)
@@ -222,7 +351,7 @@ func TestOIDCProcess(t *testing.T) {
bytes, err := json.Marshal(newKeySet(t, jwkPub, noAlgJwkPub))
require.NoError(t, err)
- basicOIDCConfig.JwksConfig = &oidcv1.OIDCConfig_Jwks{
+ oidcConfig.JwksConfig = &oidcv1.OIDCConfig_Jwks{
Jwks: string(bytes),
}
@@ -230,8 +359,8 @@ func TestOIDCProcess(t *testing.T) {
sessions := &mockSessionStoreFactory{store: oidc.NewMemoryStore(&clock, time.Hour, time.Hour)}
store := sessions.Get(basicOIDCConfig)
tlsPool := internal.NewTLSConfigPool(context.Background())
- h, err := NewOIDCHandler(basicOIDCConfig, tlsPool,
- oidc.NewJWKSProvider(newConfigFor(basicOIDCConfig), tlsPool), sessions, clock,
+ h, err := NewOIDCHandler(oidcConfig, tlsPool,
+ oidc.NewJWKSProvider(newConfigFor(oidcConfig), tlsPool), sessions, clock,
oidc.NewStaticGenerator(newSessionID, newNonce, newState, newCodeVerifier))
require.NoError(t, err)
@@ -309,7 +438,7 @@ func TestOIDCProcess(t *testing.T) {
responseVerify: func(t *testing.T, resp *envoy.CheckResponse) {
require.Equal(t, int32(codes.OK), resp.GetStatus().GetCode())
require.NotNil(t, resp.GetOkResponse())
- requireTokensInResponse(t, resp.GetOkResponse(), basicOIDCConfig, newJWT(t, jwkPriv, jwt.NewBuilder().Expiration(tomorrow)), "access-token")
+ requireTokensInResponse(t, resp.GetOkResponse(), oidcConfig, newJWT(t, jwkPriv, jwt.NewBuilder().Expiration(tomorrow)), "access-token")
// The sessionID should not have been changed
requireStoredTokens(t, store, sessionID, true)
requireStoredState(t, store, newSessionID, false)
@@ -757,7 +886,7 @@ func TestOIDCProcess(t *testing.T) {
responseVerify: func(t *testing.T, resp *envoy.CheckResponse) {
require.Equal(t, int32(codes.OK), resp.GetStatus().GetCode())
require.NotNil(t, resp.GetOkResponse())
- requireTokensInResponse(t, resp.GetOkResponse(), basicOIDCConfig, validIDToken, "access-token")
+ requireTokensInResponse(t, resp.GetOkResponse(), oidcConfig, validIDToken, "access-token")
requireStoredTokens(t, store, sessionID, true)
requireStoredTokens(t, store, newSessionID, false)
},
@@ -774,7 +903,7 @@ func TestOIDCProcess(t *testing.T) {
responseVerify: func(t *testing.T, resp *envoy.CheckResponse) {
require.Equal(t, int32(codes.OK), resp.GetStatus().GetCode())
require.NotNil(t, resp.GetOkResponse())
- requireTokensInResponse(t, resp.GetOkResponse(), basicOIDCConfig, expiredTokenResponse.IDToken, "access-token")
+ requireTokensInResponse(t, resp.GetOkResponse(), oidcConfig, expiredTokenResponse.IDToken, "access-token")
requireStoredTokens(t, store, sessionID, true)
requireStoredTokens(t, store, newSessionID, false)
},
@@ -792,7 +921,7 @@ func TestOIDCProcess(t *testing.T) {
responseVerify: func(t *testing.T, resp *envoy.CheckResponse) {
require.Equal(t, int32(codes.OK), resp.GetStatus().GetCode())
require.NotNil(t, resp.GetOkResponse())
- requireTokensInResponse(t, resp.GetOkResponse(), basicOIDCConfig, expiredTokenResponse.IDToken, "access-token")
+ requireTokensInResponse(t, resp.GetOkResponse(), oidcConfig, expiredTokenResponse.IDToken, "access-token")
requireStoredTokens(t, store, sessionID, true)
requireStoredTokens(t, store, newSessionID, false)
},
@@ -848,7 +977,7 @@ func TestOIDCProcess(t *testing.T) {
responseVerify: func(t *testing.T, resp *envoy.CheckResponse) {
require.Equal(t, int32(codes.OK), resp.GetStatus().GetCode())
require.NotNil(t, resp.GetOkResponse())
- requireTokensInResponse(t, resp.GetOkResponse(), basicOIDCConfig, validIDTokenWithoutNonce, "access-token")
+ requireTokensInResponse(t, resp.GetOkResponse(), oidcConfig, validIDTokenWithoutNonce, "access-token")
requireStoredTokens(t, store, sessionID, true)
requireStoredTokens(t, store, newSessionID, false)
},
@@ -885,7 +1014,7 @@ func TestOIDCProcess(t *testing.T) {
responseVerify: func(t *testing.T, resp *envoy.CheckResponse) {
require.Equal(t, int32(codes.OK), resp.GetStatus().GetCode())
require.NotNil(t, resp.GetOkResponse())
- requireTokensInResponse(t, resp.GetOkResponse(), basicOIDCConfig, validIDToken, "access-token")
+ requireTokensInResponse(t, resp.GetOkResponse(), oidcConfig, validIDToken, "access-token")
requireStoredTokens(t, store, sessionID, true)
requireStoredTokens(t, store, newSessionID, false)
},
@@ -903,7 +1032,7 @@ func TestOIDCProcess(t *testing.T) {
responseVerify: func(t *testing.T, resp *envoy.CheckResponse) {
require.Equal(t, int32(codes.OK), resp.GetStatus().GetCode())
require.NotNil(t, resp.GetOkResponse())
- requireTokensInResponse(t, resp.GetOkResponse(), basicOIDCConfig, validIDToken, "access-token")
+ requireTokensInResponse(t, resp.GetOkResponse(), oidcConfig, validIDToken, "access-token")
requireStoredTokens(t, store, sessionID, true)
requireStoredTokens(t, store, newSessionID, false)
},