Add ValidateSession function to LoginGovProvder to include Auth Header (#1509)

* Add ValidateSession function to LoginGovProvder to include Auth Header * Update CHANGELOG for PR 1509 * Update logingov_test to include ValidationURL
2024-10-03 23:28:20 +03:00 · 2022-02-04 04:22:33 -05:00 · 2022-02-04 04:22:33 -05:00 · 11699a822a
commit 11699a822a
parent 88709d8b69
3 changed files with 8 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -10,6 +10,7 @@

 - [#1489](https://github.com/oauth2-proxy/oauth2-proxy/pull/1489) Fix Docker Buildx push to include build version (@JoelSpeed)
 - [#1477](https://github.com/oauth2-proxy/oauth2-proxy/pull/1477) Remove provider documentation for `Microsoft Azure AD` (@omBratteng)
+- [#1509](https://github.com/oauth2-proxy/oauth2-proxy/pull/1509) Update LoginGovProvider ValidateSession to pass access_token in Header (@pksheldon4)

 # V7.2.1

--- a/providers/logingov.go
+++ b/providers/logingov.go
@ -84,7 +84,7 @@ func NewLoginGovProvider(p *ProviderData) *LoginGovProvider {
 		loginURL:    loginGovDefaultLoginURL,
 		redeemURL:   loginGovDefaultRedeemURL,
 		profileURL:  loginGovDefaultProfileURL,
-		validateURL: nil,
+		validateURL: loginGovDefaultProfileURL,
 		scope:       loginGovDefaultScope,
 	})
 	return &LoginGovProvider{
@ -237,3 +237,8 @@ func (p *LoginGovProvider) GetLoginURL(redirectURI, state, _ string) string {
 	a := makeLoginURL(p.ProviderData, redirectURI, state, extraParams)
 	return a.String()
 }
+
+// ValidateSession validates the AccessToken
+func (p *LoginGovProvider) ValidateSession(ctx context.Context, s *sessions.SessionState) bool {
+	return validateToken(ctx, p, s.AccessToken, makeOIDCHeader(s.AccessToken))
+}
--- a/providers/logingov_test.go
+++ b/providers/logingov_test.go
@ -75,7 +75,7 @@ func TestNewLoginGovProvider(t *testing.T) {
 	g.Expect(providerData.LoginURL.String()).To(Equal("https://secure.login.gov/openid_connect/authorize"))
 	g.Expect(providerData.RedeemURL.String()).To(Equal("https://secure.login.gov/api/openid_connect/token"))
 	g.Expect(providerData.ProfileURL.String()).To(Equal("https://secure.login.gov/api/openid_connect/userinfo"))
-	g.Expect(providerData.ValidateURL.String()).To(Equal(""))
+	g.Expect(providerData.ValidateURL.String()).To(Equal("https://secure.login.gov/api/openid_connect/userinfo"))
 	g.Expect(providerData.Scope).To(Equal("email openid"))
 }