Add cookie as an option for oauth2_introspection authenticator (#301)

ory · Nov 25, 2019 · e3fa55a · e3fa55a
1 parent 7e86b78
commit e3fa55a
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 2 deletions.
diff --git a/.schemas/config.schema.json b/.schemas/config.schema.json
@@ -491,7 +491,7 @@
                 "header": {
                   "title": "Header",
                   "type": "string",
-                  "description": "The header (case insensitive) that must contain a token for request authentication.\n It can't be set along with query_parameter."
+                  "description": "The header (case insensitive) that must contain a token for request authentication.\n It can't be set along with query_parameter or cookie."
                 }
               }
             },
@@ -503,7 +503,19 @@
                 "query_parameter": {
                   "title": "Query Parameter",
                   "type": "string",
-                  "description": "The query parameter (case sensitive) that must contain a token for request authentication.\n It can't be set along with header."
+                  "description": "The query parameter (case sensitive) that must contain a token for request authentication.\n It can't be set along with header or cookie."
+                }
+              }
+            },
+            {
+              "required": [
+                "cookie"
+              ],
+              "properties": {
+                "cookie": {
+                  "title": "Cookie",
+                  "type": "string",
+                  "description": "The cookie (case sensitive) that must contain a token for request authentication.\n It can't be set along with header or query_parameter."
                 }
               }
             }

diff --git a/helper/bearer.go b/helper/bearer.go
@@ -32,6 +32,7 @@ const (
 type BearerTokenLocation struct {
 	Header         *string `json:"header"`
 	QueryParameter *string `json:"query_parameter"`
+	Cookie         *string `json:"cookie"`
 }
 
 func BearerTokenFromRequest(r *http.Request, tokenLocation *BearerTokenLocation) string {
@@ -40,6 +41,12 @@ func BearerTokenFromRequest(r *http.Request, tokenLocation *BearerTokenLocation)
 			return r.Header.Get(*tokenLocation.Header)
 		} else if tokenLocation.QueryParameter != nil {
 			return r.FormValue(*tokenLocation.QueryParameter)
+		} else if tokenLocation.Cookie != nil {
+			cookie, err := r.Cookie(*tokenLocation.Cookie)
+			if err != nil {
+				return ""
+			}
+			return cookie.Value
 		}
 	}
 	token := r.Header.Get(defaultAuthorizationHeader)