Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dynamic claim values #23

Merged
merged 17 commits into from
Nov 2, 2021
Merged

Dynamic claim values #23

merged 17 commits into from
Nov 2, 2021

Conversation

bellebaum
Copy link
Contributor

@bellebaum bellebaum commented Nov 2, 2021
edited
Loading

This PR, next to several bugfixes,
adds the option to specify desired values for ID token claims.
This is standardized per OIC Core Spec, Section 5.5.
Additionally, we also support requesting claims for an access token in a similar matter when requesting said token.
This behaviour is not standardized, but follows this IETF draft.

Other changes:

  • ENV is now immediately written to config (this also fixed some subtle bugs)
  • Added a script to execute all tests one after the other for convenience

Bugfixes:

  • Replaced wrong occurences of token with id_token
  • disable ID token creation when openid functionality is disabled
  • wrongly expected nil in /token
  • unconfigured logout redirect
  • Issue HTTP-OPTION Requests result in Error #18 : temporary mitigation by means of explicit OPTION request handling

@bellebaum
Fixed uninitialized variable
573fa86 
A leftover from past changes noticed thanks to issue #19
@bellebaum
Removed references to any particular configuration of user backends
e83e7a1 
A new configuration option was added to the base config to specify a default user backend

This addresses issue #20
@bellebaum
Adapt tests to altered configuration options
55a7ab1
@bellebaum
Allowed scopes of clients are now checked when issuing tokens
e0c686c
@bellebaum
Reduced code duplications in tests
07bc3fe 
And fixed a bug where certain attributes were not updated via the admin API
@bellebaum
Write release notes
2ef9bbe
@bellebaum
Minor Bugfixes:
c0787e2 
Replaced wrong occurences of 'token' with 'id_token'
Load webfinger conf through config.rb
Disable id_token creation when openid is set to false
@bellebaum
several ENV variables are now written to config files
2ef4693 
This allows specifying them through the config files alone
and removes several bugs where ENV did not have an effect when it should

Includes some bugfixes:
- expected nil when checking the scopen in /token, got []
- logout redirect unconfigured
@bellebaum
This is a temporary mitigation for issue #18
9d179fa 
It disables sinatra/cors and handles OPTION requests and Access-Control-Allow-* Headers manually

At some point we want to revisit this.
@bellebaum
One script - all tests
6732b28 
For convenience
@bellebaum
Adapted omejdn.yml
793f56c
@bellebaum
Merge branch 'bugfixes2' into bugfixes
de7758f
@bellebaum
Added requestable claim values
975eeda
@bellebaum
Ensure ENV does not overwrite the config
a3a633b
@bellebaum
Copy link
Contributor Author

I will rework the README and merge then

@sonarcloud
Copy link

sonarcloud bot commented Nov 2, 2021

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 4 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication

@bellebaum bellebaum merged commit b83ec8b into master Nov 2, 2021
@bellebaum bellebaum deleted the dynamic-claims-oiclike branch November 4, 2021 07:30
@oxisto oxisto mentioned this pull request Nov 10, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bellebaum