providers/proxy: add token support for basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

internal/outpost/proxyv2/application/auth.go

@@ -28,7 +28,7 @@ func (a *Application) checkAuth(rw http.ResponseWriter, r *http.Request) (*Claim
 	bearer := a.checkAuthHeaderBearer(r)
 	if bearer != "" {
 		a.log.Trace("checking bearer token")
-		tc := a.attemptBearerAuth(r, bearer)
+		tc := a.attemptBearerAuth(bearer)
 		if tc != nil {
 			return a.saveAndCacheClaims(rw, r, tc.Claims)
 		}

internal/outpost/proxyv2/application/auth_basic.go

@@ -14,7 +14,15 @@ type TokenResponse struct {
 	IDToken     string `json:"id_token"`
 }
 
+const JWTUsername = "goauthentik.io/token"
+
 func (a *Application) attemptBasicAuth(username, password string) *Claims {
+	if username == JWTUsername {
+		res := a.attemptBearerAuth(password)
+		if res != nil {
+			return &res.Claims
+		}
+	}
 	values := url.Values{
 		"grant_type": []string{"client_credentials"},
 		"client_id":  []string{a.oauthConfig.ClientID},

internal/outpost/proxyv2/application/auth_bearer.go

@@ -27,7 +27,7 @@ type TokenIntrospectionResponse struct {
 	ClientID string `json:"client_id"`
 }
 
-func (a *Application) attemptBearerAuth(r *http.Request, token string) *TokenIntrospectionResponse {
+func (a *Application) attemptBearerAuth(token string) *TokenIntrospectionResponse {
 	values := url.Values{
 		"client_id":     []string{a.oauthConfig.ClientID},
 		"client_secret": []string{a.oauthConfig.ClientSecret},