From b3e40c6aedfa059a7375129d021ce3635a37e0c0 Mon Sep 17 00:00:00 2001 From: Jens Langhammer Date: Mon, 6 Dec 2021 13:54:59 +0100 Subject: [PATCH] outposts/proxy: don't save raw jwt in cookie to prevent securecookie: the value is too long Signed-off-by: Jens Langhammer --- internal/outpost/proxyv2/application/claims.go | 2 -- internal/outpost/proxyv2/application/mode_common.go | 1 - internal/outpost/proxyv2/application/oauth_callback.go | 1 - 3 files changed, 4 deletions(-) diff --git a/internal/outpost/proxyv2/application/claims.go b/internal/outpost/proxyv2/application/claims.go index 4ff89dbff..40cd148a2 100644 --- a/internal/outpost/proxyv2/application/claims.go +++ b/internal/outpost/proxyv2/application/claims.go @@ -13,6 +13,4 @@ type Claims struct { Name string `json:"name"` PreferredUsername string `json:"preferred_username"` Groups []string `json:"groups"` - - RawToken string } diff --git a/internal/outpost/proxyv2/application/mode_common.go b/internal/outpost/proxyv2/application/mode_common.go index a1430ad1e..cb3aa499b 100644 --- a/internal/outpost/proxyv2/application/mode_common.go +++ b/internal/outpost/proxyv2/application/mode_common.go @@ -25,7 +25,6 @@ func (a *Application) addHeaders(headers http.Header, c *Claims) { headers.Set("X-authentik-email", c.Email) headers.Set("X-authentik-name", c.Name) headers.Set("X-authentik-uid", c.Sub) - headers.Set("X-authentik-jwt", c.RawToken) // System headers headers.Set("X-authentik-meta-jwks", a.proxyConfig.OidcConfiguration.JwksUri) diff --git a/internal/outpost/proxyv2/application/oauth_callback.go b/internal/outpost/proxyv2/application/oauth_callback.go index acd66cf31..7f2937184 100644 --- a/internal/outpost/proxyv2/application/oauth_callback.go +++ b/internal/outpost/proxyv2/application/oauth_callback.go @@ -45,6 +45,5 @@ func (a *Application) redeemCallback(r *http.Request, shouldState string) (*Clai if err := idToken.Claims(&claims); err != nil { return nil, err } - claims.RawToken = rawIDToken return claims, nil }