From d517cc72448f4f40413b21c07db6fefaa6412a29 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrien=20Sur=C3=A9e?= <adrien.suree@zalando.de>
Date: Fri, 15 Nov 2024 14:28:41 +0100
Subject: [PATCH] oid_introspection: add SetOIDCClaims
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This method allows third-party filters to set the oidcClaimsCacheKey
which enables the use of the oidcClaimsQuery filter.

Signed-off-by: Adrien Surée <adrien.suree@zalando.de>
---
 filters/auth/oidc.go               | 3 ++-
 filters/auth/oidc_introspection.go | 8 ++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/filters/auth/oidc.go b/filters/auth/oidc.go
index 88c952c52c..f6ade79435 100644
--- a/filters/auth/oidc.go
+++ b/filters/auth/oidc.go
@@ -843,7 +843,8 @@ func (f *tokenOidcFilter) Request(ctx filters.FilterContext) {
 	}
 
 	// saving token info for chained filter
-	ctx.StateBag()[oidcClaimsCacheKey] = container
+	// ctx.StateBag()[oidcClaimsCacheKey] = container
+	SetOIDCClaims(ctx, container.Claims)
 
 	// adding upstream headers
 	err = setHeaders(f.upstreamHeaders, ctx, container)
diff --git a/filters/auth/oidc_introspection.go b/filters/auth/oidc_introspection.go
index a32752a7c0..8d21dc4ec1 100644
--- a/filters/auth/oidc_introspection.go
+++ b/filters/auth/oidc_introspection.go
@@ -42,6 +42,14 @@ func NewOIDCQueryClaimsFilter() filters.Spec {
 	}
 }
 
+// Sets OIDC claims in the state bag.
+// Intended for use with the oidcClaimsQuery filter.
+func SetOIDCClaims(ctx filters.FilterContext, claims map[string]interface{}) {
+	ctx.StateBag()[oidcClaimsCacheKey] = tokenContainer{
+		Claims: claims,
+	}
+}
+
 func (spec *oidcIntrospectionSpec) Name() string {
 	switch spec.typ {
 	case checkOIDCQueryClaims: