Add support for RFC6750 bearer tokens to ocserv to permit the validation of...
Resolves: #240 (closed)
Add support for RFC6750 bearer tokens to ocserv to permit the validation of OpenID Connect auth tokens OpenID Connect is an OAuth 2.0 protocol used to identify a resource owner (VPN client end-user) to a resource server (VPN server) intermediated by an Authorization server.
To configure bearer auth, add the following to the .config file:
auth = "oidc[config=<path to config file>]"
Config file is JSON with the following format:
{
"openid_configuration_url": "< uri of openid-configuration doc>",
"user_name_claim": "preferred_username",
"required_claims": {
"aud": "SomeAudience",
"iss": "SomeIssuer"
}
}
Example openid-configuration doc URIs are: https://accounts.google.com/.well-known/openid-configuration https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
Required claims controls what claims must be present in a token to permit access.
See your OpenID Connect provider for details on claims and OpenID Connect metadata document URL.
Signed-off-by: Alan TG Jowett alan.jowett@microsoft.com