github/zot
1
0
Fork 0
mirror of https://github.com/project-zot/zot.git synced 2026-06-19 05:57:57 +08:00
Code Issues Packages Projects Releases Wiki Activity

Add OIDC workload identity authentication support

Browse Source 
- Add BearerOIDCConfig to configuration for OIDC workload auth
- Implement OIDCBearerAuthorizer for validating OIDC ID tokens
- Update bearerAuthHandler to support both traditional and OIDC bearer auth
- Add claim mapping support for extracting username from OIDC tokens
- Support multiple audiences for token validation
- Extract groups from token claims for authorization

Co-authored-by: rchincha <45800463+rchincha@users.noreply.github.com>
This commit is contained in:
copilot-swe-agent[bot]
2026-01-14 21:15:38 +00:00
parent d8110cf6ec
commit f03445b632
4 changed files with 345 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/bearer.go
+2 -2
View File
@@ -65,8 +65,8 @@ type BearerAuthorizer struct {
key crypto.PublicKey
}
func NewBearerAuthorizer(realm string, service string, key crypto.PublicKey) BearerAuthorizer {
return BearerAuthorizer{
func NewBearerAuthorizer(realm string, service string, key crypto.PublicKey) *BearerAuthorizer {
return &BearerAuthorizer{
realm: realm,
service: service,
key: key,