Add Client Token Validation with CEL (#740)

Author: jkroepke

.github/workflows/ci.yaml

@@ -132,6 +132,9 @@ jobs:
           MULTI_STATUS: false
           LINTER_RULES_PATH: .
           GITHUB_ACTIONS_ZIZMOR_CONFIG_FILE: ./.github/zizmor.yml
+          ENABLE_GITHUB_ACTIONS_STEP_SUMMARY: true
+          ENABLE_GITHUB_PULL_REQUEST_SUMMARY_COMMENT: false
+          SAVE_SUPER_LINTER_SUMMARY: true
           VALIDATE_ALL_CODEBASE: true
           VALIDATE_BASH: true
           VALIDATE_BASH_EXEC: true

.idea/go.imports.xml

@@ -239,9 +239,38 @@ func initializeConfigAndLogger(args []string, stdout io.Writer) (config.Config,
 		return config.Config{}, nil, ReturnCodeError
 	}
 
+	logWarnings(logger, conf)
+
 	return conf, logger, ReturnCodeNoError
 }
 
+func logWarnings(logger *slog.Logger, conf config.Config) {
+	if conf.OAuth2.Validate.CEL != "" {
+		logger.Warn("Using CEL validation is experimental and may not be suitable for production use.")
+	}
+	/*
+		if conf.OAuth2.Validate.CommonName != "" {
+			logger.Info("using Common Name validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
+		}
+
+		if conf.OAuth2.Validate.IPAddr {
+			logger.Info("using IP Address validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
+		}
+
+		if len(conf.OAuth2.Validate.Acr) > 0 {
+			logger.Info("using ACR validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
+		}
+
+		if len(conf.OAuth2.Validate.Groups) > 0 {
+			logger.Info("using Groups validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
+		}
+
+		if len(conf.OAuth2.Validate.Roles) > 0 {
+			logger.Info("using Roles validation is deprecated and removed in 2.0. Consider using CEL validation instead.")
+		}
+	*/
+}
+
 // startServices starts all the background services (HTTP server, OpenVPN client, debug listener).
 func startServices(
 	ctx context.Context,