From 9d0020eba7e552e7381d2faee4fdd82657f3965b Mon Sep 17 00:00:00 2001 From: Alex Van Boxel Date: Tue, 21 Feb 2023 19:38:15 +0100 Subject: [PATCH] [extension/oidcauth] Fix case-sensitivity of authorization header (#18607) --- .chloggen/oicdauth-fix-case-auth-header.yaml | 16 ++++++++++++++++ extension/oidcauthextension/extension.go | 3 ++- extension/oidcauthextension/extension_test.go | 7 +++++++ 3 files changed, 25 insertions(+), 1 deletion(-) create mode 100644 .chloggen/oicdauth-fix-case-auth-header.yaml diff --git a/.chloggen/oicdauth-fix-case-auth-header.yaml b/.chloggen/oicdauth-fix-case-auth-header.yaml new file mode 100644 index 000000000000..cdf8cad7694f --- /dev/null +++ b/.chloggen/oicdauth-fix-case-auth-header.yaml @@ -0,0 +1,16 @@ +# One of 'breaking', 'deprecation', 'new_component', 'enhancement', 'bug_fix' +change_type: bug_fix + +# The name of the component, or a single word describing the area of concern, (e.g. filelogreceiver) +component: oidcauthextension + +# A brief description of the change. Surround your text with quotes ("") if it needs to start with a backtick (`). +note: Fix case-sensitivity of authorization header + +# One or more tracking issues related to the change +issues: [18405] + +# (Optional) One or more lines of additional information to render under the primary note. +# These lines will be padded with 2 spaces and then inserted directly into the document. +# Use pipe (|) for multiline entries. +subtext: diff --git a/extension/oidcauthextension/extension.go b/extension/oidcauthextension/extension.go index d992d7d738ea..5e31bed110a7 100644 --- a/extension/oidcauthextension/extension.go +++ b/extension/oidcauthextension/extension.go @@ -90,7 +90,8 @@ func (e *oidcExtension) start(context.Context, component.Host) error { // authenticate checks whether the given context contains valid auth data. Successfully authenticated calls will always return a nil error and a context with the auth data. func (e *oidcExtension) authenticate(ctx context.Context, headers map[string][]string) (context.Context, error) { - authHeaders := headers[e.cfg.Attribute] + metadata := client.NewMetadata(headers) + authHeaders := metadata.Get(e.cfg.Attribute) if len(authHeaders) == 0 { return ctx, errNotAuthenticated } diff --git a/extension/oidcauthextension/extension_test.go b/extension/oidcauthextension/extension_test.go index b4baddeca73b..0f76e27a71ec 100644 --- a/extension/oidcauthextension/extension_test.go +++ b/extension/oidcauthextension/extension_test.go @@ -71,6 +71,13 @@ func TestOIDCAuthenticationSucceeded(t *testing.T) { assert.NoError(t, err) assert.NotNil(t, ctx) + // test, upper-case header + ctx, err = p.Authenticate(context.Background(), map[string][]string{"Authorization": {fmt.Sprintf("Bearer %s", token)}}) + + // verify + assert.NoError(t, err) + assert.NotNil(t, ctx) + // TODO(jpkroehling): assert that the authentication routine set the subject/membership to the resource }