feat(jans-fido2): add dropOffRate and completionRate to metrics error…#13360
Merged
Conversation
…s analytics endpoint Signed-off-by: imran <imranishaq7071@gmail.com>
Contributor
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
📝 WalkthroughWalkthroughAdds two new error-analytics metrics (completionRate, dropOffRate), changes successRate/failureRate denominators to ATTEMPT (started) counts, updates service logic to compute and normalize rates with legacy fallback, and updates documentation/OpenAPI schema and metric constants. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Tip Try Coding Plans. Let us write the prompt for your AI agent so you can ship faster (with fewer bugs). Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Member
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
mo-auto
added
area-documentation
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@jans-fido2/server/src/main/java/io/jans/fido2/service/metric/Fido2MetricsService.java`:
- Around line 512-515: The analysis map is using hardcoded keys "completionRate"
and "dropOffRate" in Fido2MetricsService.put calls; add new constants (e.g.,
COMPLETION_RATE and DROP_OFF_RATE) to Fido2MetricsConstants and replace the
hardcoded strings in Fido2MetricsService (where analysis.put("completionRate",
...) and analysis.put("dropOffRate", ...)) to use
Fido2MetricsConstants.COMPLETION_RATE and Fido2MetricsConstants.DROP_OFF_RATE so
all metric keys are centralized and consistent.
- Around line 505-511: In Fido2MetricsService (around the block computing
successRate/failureRate), guard completionRate/dropOffRate against out-of-range
values caused by mixing legacy completion-only records: after computing
successRate and failureRate (using successfulOperations, failedOperations,
totalStarted), compute completionRate = successRate + failureRate and then clamp
it to [0.0, 1.0] (e.g., completionRate = Math.max(0.0, Math.min(1.0,
completionRate))); recompute dropOffRate = 1.0 - completionRate and similarly
ensure dropOffRate stays within [0.0, 1.0]. Ensure these clamped values are used
for subsequent metric reporting.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (3)
jans-fido2/docs/METRICS_WIKI.mdjans-fido2/docs/jansFido2Swagger.yamljans-fido2/server/src/main/java/io/jans/fido2/service/metric/Fido2MetricsService.java
…s analytics endpoint 1 Signed-off-by: imran <imranishaq7071@gmail.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@jans-fido2/server/src/main/java/io/jans/fido2/service/metric/Fido2MetricsService.java`:
- Around line 507-516: The computation in Fido2MetricsService currently clamps
completionRate independently, causing completionRate != successRate +
failureRate; fix by computing rawSum = successRate + failureRate, then clamp
completionRate = Math.min(1.0, rawSum) and if rawSum > 0 and rawSum !=
completionRate scale successRate and failureRate proportionally (successRate *=
completionRate / rawSum; failureRate *= completionRate / rawSum) so their sum
equals completionRate before putting them into analysis (use the existing
successfulOperations, failedOperations, totalStarted, and Fido2MetricsConstants
names to locate the code).
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (2)
jans-fido2/model/src/main/java/io/jans/fido2/model/metric/Fido2MetricsConstants.javajans-fido2/server/src/main/java/io/jans/fido2/service/metric/Fido2MetricsService.java
…s analytics endpoint 2 Signed-off-by: imran <imranishaq7071@gmail.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@jans-fido2/server/src/main/java/io/jans/fido2/service/metric/Fido2MetricsService.java`:
- Around line 523-533: The fallback branch in Fido2MetricsService currently
skips adding SUCCESS_RATE, FAILURE_RATE, COMPLETION_RATE, and DROP_OFF_RATE to
the analysis map when totalCompleted == 0, causing missing keys for empty
datasets; modify the else branch that computes totalCompleted from
successfulOperations and failedOperations so it always puts those four keys into
the analysis map even when totalCompleted == 0 — compute successRate and
failureRate as 0.0 when totalCompleted == 0, set completionRate to 0.0 and
dropOffRate to 0.0 in that case, and continue to use the existing constants
Fido2MetricsConstants.SUCCESS_RATE, FAILURE_RATE, COMPLETION_RATE, DROP_OFF_RATE
and the analysis map to ensure stable response shape.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
jans-fido2/server/src/main/java/io/jans/fido2/service/metric/Fido2MetricsService.java
…s analytics endpoint 3 Signed-off-by: imran <imranishaq7071@gmail.com>
Contributor
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In
`@jans-fido2/server/src/main/java/io/jans/fido2/service/metric/Fido2MetricsService.java`:
- Around line 494-503: The three separate streams counting
ATTEMPT/SUCCESS/FAILURE in Fido2MetricsService (producing totalStarted,
successfulOperations, failedOperations) should be collapsed into a single pass
to avoid traversing entries multiple times: iterate once (or use
entries.stream().collect(Collectors.groupingBy(e -> e.getStatus(),
Collectors.counting()))) to produce counts keyed by Fido2MetricsConstants values
and then assign totalStarted/successfulOperations/failedOperations from that
single tally; update any downstream code to use these consolidated counts.
ℹ️ Review info
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
📒 Files selected for processing (1)
jans-fido2/server/src/main/java/io/jans/fido2/service/metric/Fido2MetricsService.java
…s analytics endpoint 4 Signed-off-by: imran <imranishaq7071@gmail.com>
yurem
approved these changes
Mar 4, 2026
olehbozhok
pushed a commit
that referenced
this pull request
Mar 13, 2026
#13360) * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint Signed-off-by: imran <imranishaq7071@gmail.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 1 Signed-off-by: imran <imranishaq7071@gmail.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 2 Signed-off-by: imran <imranishaq7071@gmail.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 3 Signed-off-by: imran <imranishaq7071@gmail.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 4 Signed-off-by: imran <imranishaq7071@gmail.com> --------- Signed-off-by: imran <imranishaq7071@gmail.com> Co-authored-by: YuriyM <Yuriy.Movchan@gmail.com>
olehbozhok
added a commit
that referenced
this pull request
Mar 20, 2026
…ipals (#13538) * refactor(authz): remove unused authorization methods and clean up code (#13416) - Removed the `authorize` method that accepted a `Request` type from the `Cedarling` implementation. - Cleaned up the `AuthorizeResult` struct by removing unnecessary fields and their associated serialization logic. - Deleted the `trust_mode.rs` file as it was no longer needed. - Updated imports and references across the codebase to reflect these changes. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * feat(jans-cedarling): Clean Up Configuration Modules for deprecated authz (#13427) * refactor(authz): simplify authorization configuration by removing unused fields - Removed `use_user_principal` and `use_workload_principal` fields from `AuthorizationConfig` and related structures. - Eliminated `IdTokenTrustMode` and its associated logic from the codebase. - Updated the `BootstrapConfig` and `EntityBuilderConfig` to reflect these changes, ensuring a cleaner and more maintainable code structure. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(authz): remove unused parameters from authorization methods - Eliminated `_workload_uid` and `_person_uid` parameters from the `new_for_many_principals` function in `AuthorizeResult`. - Updated the call to `new_for_many_principals` in the `Authz` implementation to reflect these changes, enhancing code clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(authz): clean up authorization entity building code - Removed the `build_entities` method from `EntityBuilder`, which was previously responsible for constructing various authorization entities. - Updated imports to reflect the removal of unused code, enhancing overall code clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(authz): streamline authorization configuration and remove unused fields - Removed unused fields related to user and workload principals from `AuthorizationConfig` and `EntityBuilderConfig`. - Simplified test configurations by utilizing default settings for authorization and entity building. - Cleaned up related test files to enhance clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(entity_builder): remove workload configuration from entity builder - Eliminated the `with_workload()` method call from `EntityBuilderConfig` across multiple entity builder files, simplifying the configuration process. - Updated tests to use default settings, enhancing clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> --------- Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * feat(jans-cedarling): Update All Language Bindings (Python, WASM, Go, UniFFI) (#13440) * refactor(authz): streamline authorization configuration by removing deprecated fields - Removed `decision_log_user_claims` and `decision_log_workload_claims` from `AuthorizationConfig` and related structures. - Updated `BootstrapConfig` and `EntityBuilder` to reflect these changes, enhancing code clarity and maintainability. - Cleaned up associated tests to ensure consistency with the new configuration structure. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(python_bindings): remove deprecated request handling and clean up authorization code - Eliminated the `Request` struct and its associated logic from the authorization module, streamlining the codebase. - Removed the `authorize` method from the `Cedarling` implementation that accepted a `Request` type. - Cleaned up the `AuthorizeResult` struct by removing unnecessary fields and their serialization logic. - Updated imports and references across the codebase to reflect these changes, enhancing clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(python_bindings): remove unused authorization methods and clean up code - Eliminated the `authorize` method from the `Cedarling` class, which accepted a `Request` type, to streamline the authorization process. - Removed the `IdTokenTrustModeError` class from the `authorize_errors` module, simplifying error handling. - Updated the `Request` class definition to remove unused fields, enhancing clarity and maintainability. - Cleaned up the `AuthorizeResult` struct by removing unnecessary methods, further refining the codebase. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(python_binding_tests): streamline authorization tests by removing unnecessary assertions - Removed assertions checking for `workload` and `person` being `None` in the `test_authorize_unsigned` and `test_authorize_unsigned_json_rule_by_uid` functions, as they are no longer relevant. - Updated the `test_logger` to utilize `RequestUnsigned` and simplified the logging configuration for better clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(wasm_bindings): transition to unsigned request handling in authorization - Updated the authorization process to utilize `REQUEST_UNSIGNED` instead of `REQUEST`, allowing for principals to be provided as entity data without JWT tokens. - Removed deprecated fields and methods related to standard authorization, streamlining the codebase. - Adjusted related tests to reflect the new unsigned request structure, enhancing clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * fix(wasm_bindings): add 'sub' field to principals in example data and tests - Introduced the 'sub' field in the principals of the REQUEST_UNSIGNED structure to ensure proper identification of users. - Updated test cases to include the 'sub' field for user principals, enhancing the accuracy of authorization tests. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(go_bindings): remove deprecated authorize method from G2RCall trait - Eliminated the `authorize` method from the `G2RCall` trait to streamline the authorization process. - Updated the implementation in `G2RCallImpl` to reflect this change, enhancing code clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(go_bindings): remove deprecated authorization methods and clean up request structures - Eliminated the `Authorize` method from the `Cedarling` class and the associated `Request` struct to streamline the authorization process. - Removed unnecessary fields from the `AuthorizeResult` struct, enhancing clarity and maintainability. - Updated related tests and configurations to reflect these changes, ensuring consistency across the codebase. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(cedarling_go): update README to reflect new authorization methods and configuration changes - Added `AuthorizeMultiIssuer()` to the features list for multi-issuer authorization support. - Updated example configuration by removing deprecated fields and clarifying the usage of `CEDARLING_ID_TOKEN_TRUST_MODE`. - Revised sections on authorization processes to reflect changes in method names and request structures, enhancing clarity for users. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(cedarling_uniffi): streamline error handling and clean up serialization logic - Refactored error handling in the `try_from` implementation for `DataEntry` to improve readability and maintainability. - Simplified serialization error messages for `data_type` and `value` fields. - Removed deprecated fields from the `AuthorizeResult` struct, enhancing clarity in the authorization response structure. - Cleaned up the `authorize_unsigned` method to ensure consistent error handling. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(cedarling_uniffi): update configuration files and clean up tests - Removed deprecated fields from `bootstrap.json` to streamline configuration. - Added a new `principals.json` file to define test principals for authorization. - Cleaned up the test suite by removing unused test cases, enhancing maintainability and clarity. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(cedarling_uniffi): update action and principals for authorization - Changed the action in configuration files from `Update` to `UpdateTestPrincipal` to reflect new testing requirements. - Introduced `principals.json` files for both Android and iOS to define test principals for authorization processes. - Updated the authorization logic in the Java and Swift implementations to utilize the new principals structure, enhancing the flexibility of authorization handling. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(cedarling_uniffi): update README to clarify authorization methods and configuration - Revised the description of the Cedarling initialization process to specify the use of `authorizeUnsigned` with sample principals. - Introduced new authorization methods: `authorizeUnsigned` and `authorizeMultiIssuer`, detailing their usage and input requirements. - Removed the deprecated `CEDARLING_ID_TOKEN_TRUST_MODE` section and updated the configuration example for clarity. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(cedarling_java): remove deprecated authorization fields and update tests - Eliminated deprecated fields from `bootstrap.json` to streamline configuration. - Refactored the `authorize` method in `CedarlingAdapter` to use `authorizeUnsigned`, enhancing clarity in authorization handling. - Updated test cases in `CedarlingAdapterTest` to reflect changes in authorization logic and ensure consistency across tests. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(cedarling_java): remove ID Token Trust Mode section from README Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> --------- Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * chore(deps): bump mkdocs-material from 9.7.3 to 9.7.4 in /docs (#13409) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.7.3 to 9.7.4. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.7.3...9.7.4) --- updated-dependencies: - dependency-name: mkdocs-material dependency-version: 9.7.4 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics error… (#13360) * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint Signed-off-by: imran <imranishaq7071@gmail.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 1 Signed-off-by: imran <imranishaq7071@gmail.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 2 Signed-off-by: imran <imranishaq7071@gmail.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 3 Signed-off-by: imran <imranishaq7071@gmail.com> * feat(jans-fido2): add dropOffRate and completionRate to metrics errors analytics endpoint 4 Signed-off-by: imran <imranishaq7071@gmail.com> --------- Signed-off-by: imran <imranishaq7071@gmail.com> Co-authored-by: YuriyM <Yuriy.Movchan@gmail.com> * feat (jans-cedarling): Load trusted issuers on startup on the background (#13125) * fix(docker-jans-all-in-one): resolve path to healthcheck endpoint when running monitor script (#13385) * feat(jans-cli-tui): add arguments --auth-url, --config-url, --scim-url (#13414) * feat(jans-cli-tui): add arguments --auth-url, --config-url, --scim-url Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): copilot suggestion Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): coderabbitai suggestions Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): coderabbitai suggestions Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): Initialize logging before emitting normalized URL Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com> * chore(deps): bump cargo-bins/cargo-binstall from 1.17.4 to 1.17.6 (#13391) Bumps [cargo-bins/cargo-binstall](https://github.com/cargo-bins/cargo-binstall) from 1.17.4 to 1.17.6. - [Release notes](https://github.com/cargo-bins/cargo-binstall/releases) - [Changelog](https://github.com/cargo-bins/cargo-binstall/blob/main/release-plz.toml) - [Commits](https://github.com/cargo-bins/cargo-binstall/compare/ec80feb9e330418e014932e5982599255eff6dbb...bc432b49369a3f25c8c8b19578a82060c18a5dd6) --- updated-dependencies: - dependency-name: cargo-bins/cargo-binstall dependency-version: 1.17.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 (#13372) Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6.0.0 to 7.0.0. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump PyO3/maturin-action from 1.50.0 to 1.50.1 (#13389) Bumps [PyO3/maturin-action](https://github.com/pyo3/maturin-action) from 1.50.0 to 1.50.1. - [Release notes](https://github.com/pyo3/maturin-action/releases) - [Commits](https://github.com/pyo3/maturin-action/compare/b1bd829e37fef14c63f19162034228a2f3dc1021...04ac600d27cdf7a9a280dadf7147097c42b757ad) --- updated-dependencies: - dependency-name: PyO3/maturin-action dependency-version: 1.50.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github/codeql-action from 4.32.4 to 4.32.5 (#13390) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.4 to 4.32.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...c793b717bc78562f491db7b0e93a3a178b099162) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * feat(jans-auth-server): harden allowed schemes for redirects #13423 (#13429) * feat(jans-auth-server): harden allowed schemes for redirects #13423 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * Fixes Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> --------- Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * feat(jans-cedarling): Implement disabling file checksum validation using configuration (#13424) * feat(policy_store): add SHA-1 checksum support and validation - Updated `load_policy_store_directory` and related functions to accept a `validate_checksum` parameter for manifest validation. - Enhanced `ManifestValidator` to support SHA-1 checksums alongside SHA-256. - Modified error messages to reflect the new checksum format. - Updated tests to cover SHA-1 checksum computation and validation. This change improves the integrity verification of policy store files by allowing both SHA-1 and SHA-256 checksums. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * feat(policy_store): add validate_checksum option for policy store configuration - Introduced `validate_checksum` field in `PolicyStoreConfig` to control checksum validation when loading policy stores from directories or archives. - Updated `BootstrapConfig` and `PolicyStoreConfigRaw` to support the new field, with a default value of `true`. - Enhanced the decoding logic to utilize the `validate_checksum` parameter for policy store configurations. This change improves flexibility in policy store loading by allowing users to disable checksum validation if needed. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * feat(policy_store): enable checksum validation in policy store configurations - Added `validate_checksum` option to `PolicyStoreConfig` in multiple benchmark files to enhance policy store integrity checks. - Updated relevant configurations in `authz_authorize_benchmark.rs`, `authz_authorize_multi_issuer_benchmark.rs`, `context_data_store_benchmark.rs`, and `startup_benchmark.rs`. This change ensures that checksum validation can be consistently applied across different benchmarks, improving the reliability of policy store loading. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * feat(policy_store): enable checksum validation in additional examples - Added `validate_checksum` option to `PolicyStoreConfig` in various example files, including `authorize_unsigned.rs`, `authorize_with_jwt_validation.rs`, `authorize_without_jwt_validation.rs`, `bulk_authorization_benchmark.rs`, `lock_integration.rs`, `log_init.rs`, and `profiling.rs`. - This enhancement ensures consistent checksum validation across different examples, improving the integrity checks for policy store configurations. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * feat(policy_store): enable checksum validation in policy store tests - Updated `load_policy_store_archive_bytes` calls in test files to include the `validate_checksum` parameter. - Modified `PolicyStoreConfig` in various test configurations to ensure consistent checksum validation across tests. This change enhances the integrity checks for policy store loading in the test suite. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(tests): Updated the `validate_file` method call in the tests to use `expect` for clearer error handling. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(config): format `policy_store_validate_checksum` field for improved readability and use `is_some` Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * feat(policy_store): refactor checksum computation into a method Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * fix(jans-cedarling): fix loading default supported algorithms Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): add check if supported algorisms list is not empty Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): set default true for `CEDARLING_POLICY_STORE_VALIDATE_CHECKSUM` parameter Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): remove word duplication Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): fix clippy issue Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> --------- Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> Co-authored-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * feat(cloud-native): add subchart for Gateway API conformant implementation (#13415) * feat(cloud-native): add subchart for Gateway API conformant implementation Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix: resolve incorrect route labels and annotations Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix: grpc endpoints support for airlock-microgateway Signed-off-by: iromli <isman.firmansyah@gmail.com> * refactor: explicit h2c protocol Signed-off-by: iromli <isman.firmansyah@gmail.com> * docs: change WARNING message about legacy gatewayApi values Signed-off-by: iromli <isman.firmansyah@gmail.com> * refactor: use gateway-api instead of gatewayApi Signed-off-by: iromli <isman.firmansyah@gmail.com> * docs(cloud-native): conform to changes in gateway-api configuration Signed-off-by: iromli <isman.firmansyah@gmail.com> * ci(cloud-native): change reference of Gateway API configuration Signed-off-by: iromli <isman.firmansyah@gmail.com> * ci: attach global.lbIp to the gateway if using NodePort service Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix: guard the optional legacy flag lookup Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore: fix minimum requirement for gateway-api subchart Signed-off-by: iromli <isman.firmansyah@gmail.com> * docs: update subchart docs Signed-off-by: iromli <isman.firmansyah@gmail.com> * docs: add migration for attribute changes Signed-off-by: iromli <isman.firmansyah@gmail.com> * docs: fix link to subchart source code Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * fix(jans-auth-server): harden jwe nested jwt verification #13437 (#13438) * fix(jans-auth-server): harden jwe nested jwt verification #13437 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * fixes Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * minor Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> --------- Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * chore(deps): bump step-security/harden-runner from 2.15.0 to 2.15.1 (#13430) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.15.0 to 2.15.1. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...58077d3c7e43986b6b15fba718e8ea69e387dfcc) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.15.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix(jans-cli-tui): catch exceptions while getting smtp configuration (#13439) * fix(jans-cli-tui): catch exceptions while getting smtp configuration Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): coderabbitai suggestions Signed-off-by: Mustafa Baser <mbaser@mail.com> * fix(jans-cli-tui): typo Signed-off-by: Mustafa Baser <mbaser@mail.com> --------- Signed-off-by: Mustafa Baser <mbaser@mail.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> * chore(deps): bump cargo-bins/cargo-binstall from 1.17.6 to 1.17.7 (#13442) Bumps [cargo-bins/cargo-binstall](https://github.com/cargo-bins/cargo-binstall) from 1.17.6 to 1.17.7. - [Release notes](https://github.com/cargo-bins/cargo-binstall/releases) - [Changelog](https://github.com/cargo-bins/cargo-binstall/blob/main/release-plz.toml) - [Commits](https://github.com/cargo-bins/cargo-binstall/compare/bc432b49369a3f25c8c8b19578a82060c18a5dd6...1800853f2578f8c34492ec76154caef8e163fbca) --- updated-dependencies: - dependency-name: cargo-bins/cargo-binstall dependency-version: 1.17.7 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * ci: improves token permission score (#13445) Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * chore(deps): bump docker/setup-buildx-action from 3.12.0 to 4.0.0 (#13420) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.12.0 to 4.0.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/8d2750c68a42422c14e847fe6c8ac0403b4cbd6f...4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#13419) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.7.0 to 4.0.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/c94ce9fb468520275223c153574b00df6fe4bcc9...b45d80f862d83dbcd57f89517bcf500b2ab88fb2) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 4.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0 (#13418) Bumps [actions/dependency-review-action](https://github.com/actions/dependency-review-action) from 4.8.3 to 4.9.0. - [Release notes](https://github.com/actions/dependency-review-action/releases) - [Commits](https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...2031cfc080254a8a887f58cffee85186f0e49e48) --- updated-dependencies: - dependency-name: actions/dependency-review-action dependency-version: 4.9.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * feat(jans-auth-server): support X-Forwarded-Client-Cert header #13444 (#13446) * feat(jans-auth-server): support X-Forwarded-Client-Cert header #13444 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * added explicit test scope for mockito Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * improved docs Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * fixed bug if xfcc cert has blank value Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * improved docs Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> --------- Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * chore(deps-dev): bump org.apache.maven.plugins:maven-dependency-plugin from 3.8.1 to 3.10.0 in /jans-casa (#13288) chore(deps-dev): bump org.apache.maven.plugins:maven-dependency-plugin Bumps [org.apache.maven.plugins:maven-dependency-plugin](https://github.com/apache/maven-dependency-plugin) from 3.8.1 to 3.10.0. - [Release notes](https://github.com/apache/maven-dependency-plugin/releases) - [Commits](https://github.com/apache/maven-dependency-plugin/compare/maven-dependency-plugin-3.8.1...maven-dependency-plugin-3.10.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-dependency-plugin dependency-version: 3.10.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump org.apache.maven.plugins:maven-assembly-plugin from 3.1.0 to 3.8.0 in /jans-casa (#13318) chore(deps): bump org.apache.maven.plugins:maven-assembly-plugin Bumps [org.apache.maven.plugins:maven-assembly-plugin](https://github.com/apache/maven-assembly-plugin) from 3.1.0 to 3.8.0. - [Release notes](https://github.com/apache/maven-assembly-plugin/releases) - [Commits](https://github.com/apache/maven-assembly-plugin/compare/maven-assembly-plugin-3.1.0...v3.8.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-assembly-plugin dependency-version: 3.8.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin from 3.5.4 to 3.5.5 in /agama (#13328) chore(deps-dev): bump org.apache.maven.plugins:maven-surefire-plugin Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.4 to 3.5.5. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.5.4...surefire-3.5.5) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump org.apache.maven.plugins:maven-war-plugin from 3.4.0 to 3.5.1 in /jans-casa (#13290) chore(deps): bump org.apache.maven.plugins:maven-war-plugin Bumps [org.apache.maven.plugins:maven-war-plugin](https://github.com/apache/maven-war-plugin) from 3.4.0 to 3.5.1. - [Release notes](https://github.com/apache/maven-war-plugin/releases) - [Commits](https://github.com/apache/maven-war-plugin/compare/maven-war-plugin-3.4.0...maven-war-plugin-3.5.1) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-war-plugin dependency-version: 3.5.1 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump crazy-max/ghaction-import-gpg from 6.1.0 to 7.0.0 (#13453) Bumps [crazy-max/ghaction-import-gpg](https://github.com/crazy-max/ghaction-import-gpg) from 6.1.0 to 7.0.0. - [Release notes](https://github.com/crazy-max/ghaction-import-gpg/releases) - [Commits](https://github.com/crazy-max/ghaction-import-gpg/compare/01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4...2dc316deee8e90f13e1a351ab510b4d5bc0c82cd) --- updated-dependencies: - dependency-name: crazy-max/ghaction-import-gpg dependency-version: 7.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.0 (#13452) Bumps [sigstore/cosign-installer](https://github.com/sigstore/cosign-installer) from 4.0.0 to 4.1.0. - [Release notes](https://github.com/sigstore/cosign-installer/releases) - [Commits](https://github.com/sigstore/cosign-installer/compare/faadad0cce49287aee09b3a48701e75088a2c6ad...ba7bc0a3fef59531c69a25acd34668d6d3fe6f22) --- updated-dependencies: - dependency-name: sigstore/cosign-installer dependency-version: 4.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump github.com/hashicorp/terraform-plugin-sdk/v2 from 2.39.0 to 2.40.0 in /terraform-provider-jans (#13451) chore(deps): bump github.com/hashicorp/terraform-plugin-sdk/v2 Bumps [github.com/hashicorp/terraform-plugin-sdk/v2](https://github.com/hashicorp/terraform-plugin-sdk) from 2.39.0 to 2.40.0. - [Release notes](https://github.com/hashicorp/terraform-plugin-sdk/releases) - [Changelog](https://github.com/hashicorp/terraform-plugin-sdk/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/terraform-plugin-sdk/compare/v2.39.0...v2.40.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/terraform-plugin-sdk/v2 dependency-version: 2.40.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 (#13450) Bumps [actions/setup-node](https://github.com/actions/setup-node) from 6.2.0 to 6.3.0. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](https://github.com/actions/setup-node/compare/6044e13b5dc448c55e2357c09f80417699197238...53b83947a5a98c8d113130e565377fae1a50d02f) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: 6.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump github/codeql-action from 4.32.5 to 4.32.6 (#13449) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.32.5 to 4.32.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c793b717bc78562f491db7b0e93a3a178b099162...0d579ffd059c29b07949a3cce3983f0780820c98) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.32.6 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump certifi from 2026.1.4 to 2026.2.25 in /docs (#13421) Bumps [certifi](https://github.com/certifi/python-certifi) from 2026.1.4 to 2026.2.25. - [Commits](https://github.com/certifi/python-certifi/compare/2026.01.04...2026.02.25) --- updated-dependencies: - dependency-name: certifi dependency-version: 2026.2.25 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * ci: improves openssf vuln score (#13458) * ci: improves openssf vuln score Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * fix: restrict cryptography version to <47.0.0 Signed-off-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * fix: cryptography version constraint Signed-off-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> --------- Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> Signed-off-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps-dev): bump @types/node from 24.12.0 to 25.4.0 in /demos/janssen-tarp/mcp-server (#13443) chore(deps-dev): bump @types/node in /demos/janssen-tarp/mcp-server Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.12.0 to 25.4.0. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.4.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump uuid from 9.0.1 to 13.0.0 in /demos/janssen-tarp/browser-extension (#13396) chore(deps): bump uuid in /demos/janssen-tarp/browser-extension Bumps [uuid](https://github.com/uuidjs/uuid) from 9.0.1 to 13.0.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](https://github.com/uuidjs/uuid/compare/v9.0.1...v13.0.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 13.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps-dev): bump style-loader from 3.3.4 to 4.0.0 in /demos/janssen-tarp/browser-extension (#13395) chore(deps-dev): bump style-loader Bumps [style-loader](https://github.com/webpack-contrib/style-loader) from 3.3.4 to 4.0.0. - [Release notes](https://github.com/webpack-contrib/style-loader/releases) - [Changelog](https://github.com/webpack/style-loader/blob/main/CHANGELOG.md) - [Commits](https://github.com/webpack-contrib/style-loader/compare/v3.3.4...v4.0.0) --- updated-dependencies: - dependency-name: style-loader dependency-version: 4.0.0 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps): bump react-dropzone from 14.4.1 to 15.0.0 in /demos/janssen-tarp/browser-extension (#13394) chore(deps): bump react-dropzone Bumps [react-dropzone](https://github.com/react-dropzone/react-dropzone) from 14.4.1 to 15.0.0. - [Release notes](https://github.com/react-dropzone/react-dropzone/releases) - [Commits](https://github.com/react-dropzone/react-dropzone/compare/v14.4.1...v15.0.0) --- updated-dependencies: - dependency-name: react-dropzone dependency-version: 15.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps-dev): bump webpack-merge from 5.10.0 to 6.0.1 in /demos/janssen-tarp/browser-extension (#13393) chore(deps-dev): bump webpack-merge Bumps [webpack-merge](https://github.com/survivejs/webpack-merge) from 5.10.0 to 6.0.1. - [Changelog](https://github.com/survivejs/webpack-merge/blob/develop/CHANGELOG.md) - [Commits](https://github.com/survivejs/webpack-merge/compare/v5.10.0...v6.0.1) --- updated-dependencies: - dependency-name: webpack-merge dependency-version: 6.0.1 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(deps-dev): bump org.apache.maven.plugins:maven-jar-plugin from 3.3.0 to 3.5.0 in /jans-fido2 (#13378) chore(deps-dev): bump org.apache.maven.plugins:maven-jar-plugin Bumps [org.apache.maven.plugins:maven-jar-plugin](https://github.com/apache/maven-jar-plugin) from 3.3.0 to 3.5.0. - [Release notes](https://github.com/apache/maven-jar-plugin/releases) - [Commits](https://github.com/apache/maven-jar-plugin/compare/maven-jar-plugin-3.3.0...maven-jar-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-jar-plugin dependency-version: 3.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM <Yuriy.Movchan@gmail.com> * chore(deps-dev): bump org.apache.maven.plugins:maven-clean-plugin from 3.2.0 to 3.5.0 in /jans-fido2 (#13376) chore(deps-dev): bump org.apache.maven.plugins:maven-clean-plugin Bumps [org.apache.maven.plugins:maven-clean-plugin](https://github.com/apache/maven-clean-plugin) from 3.2.0 to 3.5.0. - [Release notes](https://github.com/apache/maven-clean-plugin/releases) - [Commits](https://github.com/apache/maven-clean-plugin/compare/maven-clean-plugin-3.2.0...maven-clean-plugin-3.5.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-clean-plugin dependency-version: 3.5.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM <Yuriy.Movchan@gmail.com> * chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin from 3.0.0 to 3.5.5 in /jans-fido2 (#13375) chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.0.0 to 3.5.5. - [Release notes](https://github.com/apache/maven-surefire/releases) - [Commits](https://github.com/apache/maven-surefire/compare/surefire-3.0.0...surefire-3.5.5) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-surefire-plugin dependency-version: 3.5.5 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM <Yuriy.Movchan@gmail.com> Co-authored-by: Yuriy M. <95305560+yuremm@users.noreply.github.com> * chore(deps): bump org.codehaus.mojo:buildnumber-maven-plugin from 3.0.0 to 3.3.0 in /jans-fido2 (#13374) chore(deps): bump org.codehaus.mojo:buildnumber-maven-plugin Bumps [org.codehaus.mojo:buildnumber-maven-plugin](https://github.com/mojohaus/buildnumber-maven-plugin) from 3.0.0 to 3.3.0. - [Release notes](https://github.com/mojohaus/buildnumber-maven-plugin/releases) - [Commits](https://github.com/mojohaus/buildnumber-maven-plugin/compare/buildnumber-maven-plugin-3.0.0...buildnumber-maven-plugin-3.3.0) --- updated-dependencies: - dependency-name: org.codehaus.mojo:buildnumber-maven-plugin dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM <Yuriy.Movchan@gmail.com> * chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugin from 3.8.0 to 3.12.0 in /jans-fido2 (#13377) chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugin Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.8.0 to 3.12.0. - [Release notes](https://github.com/apache/maven-javadoc-plugin/releases) - [Commits](https://github.com/apache/maven-javadoc-plugin/compare/maven-javadoc-plugin-3.8.0...maven-javadoc-plugin-3.12.0) --- updated-dependencies: - dependency-name: org.apache.maven.plugins:maven-javadoc-plugin dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: YuriyM <Yuriy.Movchan@gmail.com> Co-authored-by: Yuriy M. <95305560+yuremm@users.noreply.github.com> * feat(jans-cedarling) add OPA plugin (#13406) * feat(jans-cedarling): initialize opa plugin rebased Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * chore: use json config file Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * docs: add readme Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * chore: address reviews Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * chore: address more comments Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * chore: address comments Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * chore: address comment Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * chore: address another comment Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * chore: address review Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> --------- Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * feat(jans-cedarling): use multi-issuer-authz on sidecar (#13463) * feat(jans-cedarling): switch to multi issuer authz Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * docs: update openapi Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * docs(jans-cedarling): update readme and dockerfile Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * chore: address reviews Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> * docs: update openapi Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> --------- Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * fix: add op logout and github widgets for stars and watches (#13466) * fix: add op logout and github widgets for stars and watches Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * fix: address comments Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> --------- Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * chore(jans-auth-server): removed old deprecated code before 2.x release #13084 (#13410) * chore(jans-auth-server): remove /revoke_session endpoint (in favor of Global Token Revocation) https://github.com/JanssenProject/jans/issues/13084 Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * cache: removed redundant cache methods that use region Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> --------- Signed-off-by: yuriyz <yzabrovarniy@gmail.com> * ci: sign helm packages (#13468) * ci: sign helm packages Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * style: remove comment Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * ci: revert ghaction import version Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * ci: merge signing step Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> --------- Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> * chore(deps): bump commons-io:commons-io from 2.19.0 to 2.21.0 in /jans-casa (#13456) chore(deps): bump commons-io:commons-io in /jans-casa Bumps [commons-io:commons-io](https://github.com/apache/commons-io) from 2.19.0 to 2.21.0. - [Changelog](https://github.com/apache/commons-io/blob/master/RELEASE-NOTES.txt) - [Commits](https://github.com/apache/commons-io/compare/rel/commons-io-2.19.0...rel/commons-io-2.21.0) --- updated-dependencies: - dependency-name: commons-io:commons-io dependency-version: 2.21.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore(cloud-native): upgrade cryptography library in OCI images (#13488) * chore(cloud-native): upgrade cryptography library in OCI images Signed-off-by: iromli <isman.firmansyah@gmail.com> * chore: target specific JANS_SOURCE_VERSION that introduces cryptography upgrade Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix: disable unsupported command until we have proper SAML component Signed-off-by: iromli <isman.firmansyah@gmail.com> * fix: avoid silent success path of calling kc-sync command Signed-off-by: iromli <isman.firmansyah@gmail.com> --------- Signed-off-by: iromli <isman.firmansyah@gmail.com> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> * chore: casa flow code refactoring (#13494) * fix: compilation error #13447 Signed-off-by: jgomer2001 <bonustrack310@gmail.com> * chore: oidc code flow refactoring #13447 Signed-off-by: jgomer2001 <bonustrack310@gmail.com> * fix: compilation error #13447 Signed-off-by: jgomer2001 <bonustrack310@gmail.com> --------- Signed-off-by: jgomer2001 <bonustrack310@gmail.com> * chore(jans-cedarling): remove wrong import Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * feat(jans-cedarling): Update Tests, Examples, and Benchmarks After Core Changes (#13464) * refactor(tests): remove deprecated test files and streamline test configurations - Deleted several obsolete test files including `authorize_resource_entity.rs`, `cases_authorize_different_principals.rs`, `cases_authorize_namespace_jans2.rs`, `cases_authorize_without_check_jwt.rs`, and `schema_type_mapping.rs` to clean up the test suite. - Updated `authorize_multi_issuer.rs` to remove unnecessary parameters in callback functions. - Adjusted `mod.rs` to reflect the removal of deleted test modules, enhancing clarity and maintainability of the test structure. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(benches): streamline authorization benchmarks and remove deprecated fields - Updated `authz_authorize_benchmark.rs` to utilize `RequestUnsigned` and renamed the benchmark function for clarity. - Simplified `prepare_cedarling` function by removing unused parameters and deprecated fields in `AuthorizationConfig`. - Adjusted `authz_authorize_multi_issuer_benchmark.rs` and `context_data_store_benchmark.rs` to remove unnecessary fields related to user and workload principals. - Cleaned up `startup_benchmark.rs` by eliminating deprecated fields from `BootstrapConfig` and `EntityBuilderConfig`. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(examples): streamline authorization configurations and remove deprecated files - Updated `authorize_unsigned.rs`, `bulk_authorization_benchmark.rs`, `lock_integration.rs`, `log_init.rs`, and `profiling.rs` to utilize default settings for `AuthorizationConfig` and `EntityBuilderConfig`, removing unnecessary fields. - Deleted obsolete files `authorize_with_jwt_validation.rs` and `authorize_without_jwt_validation.rs` to clean up the examples directory. - Adjusted imports and function calls to reflect the removal of deprecated fields, enhancing code clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(authz): remove built_entities method and related documentation - Eliminated the `built_entities` method from the `AuthorizeEntitiesData` implementation, streamlining the authorization logic. - Removed associated documentation comments to enhance code clarity and maintainability. - Adjusted imports to reflect the removal of the unused method. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(entity_builder): remove deprecated entity building files and streamline imports - Deleted obsolete files related to role and token entity building, including `build_role_entity.rs` and `build_token_entities.rs`, to clean up the entity builder module. - Refactored imports in `build_multi_issuer_entity.rs` and `build_principal_entity.rs` to remove unused dependencies and enhance code clarity. - Removed legacy user and workload entity building logic from `build_principal_entity.rs`, aligning with the current authorization paths. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(jwt): simplify token handling and remove deprecated methods - Removed unused fields and methods from the `JwtService` and `Token` structures, including `signed_authz_available` and `jwt_sig_validation_required`. - Streamlined the `validate_tokens` method by eliminating unnecessary logic and comments, focusing on single token validation. - Updated imports to reflect the removal of deprecated items, enhancing code clarity and maintainability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(config): remove deprecated authorization fields from configuration files and examples - Eliminated `CEDARLING_USER_AUTHZ`, `CEDARLING_WORKLOAD_AUTHZ`, and `CEDARLING_ID_TOKEN_TRUST_MODE` from various configuration files including JSON and YAML examples. - Streamlined the `bootstrap_props` and `docker-compose-env` configurations to enhance clarity and maintainability. - Updated test configurations to reflect the removal of deprecated fields, ensuring consistency across the codebase. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(tests): remove obsolete policy store files and update configurations - Deleted multiple deprecated policy store files including `agama-store_2.yaml`, `policy-store_entity_mapping.yaml`, and others to clean up the test suite. - Updated `bootstrap_props.json` and `bootstrap_props.yaml` to reference the new policy store file `policy-store_ok.yaml`. - Removed unused files related to local JWKS and policy store locks, enhancing clarity and maintainability of the test configurations. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * chore(jans-cedarling): remove claim mappings Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): remove role mapping Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): remove user_id Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): remove get_token_metadata Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): add fix build app after merging Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): clean up unused imports and redundant code and fix failing tests - Removed unused imports from `lib.rs` and `mod.rs`. - Eliminated unnecessary `continue` statements in `build_entity_attrs.rs`. - Cleaned up commented-out test code in `mod.rs`. - Streamlined imports in `token.rs` for clarity. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * feat(jans-cedarling): add multi-issuer profiling example - Introduced a new example file `profiling_multi_issuer.rs` to demonstrate profiling for multi-issuer JWT validation. - Implemented a main function that initializes Cedarling with multiple issuers, validates authorization requests, and generates a flamegraph for performance analysis. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> --------- Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> Co-authored-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * docs: Update Documentation (#13515) * refactor(docs): rename authorization methods for clarity - Updated method names in the Cedarling Rust documentation to improve clarity: - Renamed `authorize()` to `authorize_unsigned()` for unsigned authorization with directly provided principals. - Renamed `authorize_unsigned()` to `authorize_multi_issuer()` for token-based authorization using multi-issuer tokens. - Adjusted corresponding examples in the mobile apps documentation to reflect these changes. - Removed deprecated configuration fields from the sidecar tutorial to streamline setup instructions. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * docs(cedarling): update README to reflect changes in authorization interfaces - Revised the Cedarling documentation to clarify the number of core interfaces, reducing from six to five. - Enhanced descriptions for `authorize_unsigned` and `authorize_multi_issuer` methods to improve understanding of their functionality and use cases. - Removed redundant explanations and streamlined the text for better readability. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * docs(cedarling): remove deprecated configuration fields from KrakenD integration guide - Eliminated `CEDARLING_WORKLOAD_AUTHZ` and `CEDARLING_ID_TOKEN_TRUST_MODE` from the KrakenD integration documentation to reflect recent changes in authorization configurations. - Updated the instructions for clarity and to ensure alignment with the current setup requirements. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * docs(cedarling): update authorization documentation to reflect multi-issuer changes - Removed references to deprecated configuration fields `CEDARLING_USER_AUTHZ` and `CEDARLING_WORKLOAD_AUTHZ` from the quick start and reference guides. - Enhanced the `cedarling-authz.md` and `cedarling-entities.md` documentation to clarify the creation of User and Workload entities in the context of the new `authorize_multi_issuer` method. - Updated examples and descriptions to align with the latest authorization methods and their usage. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * docs(cedarling): update authorization tutorials - Removed deprecated configuration fields and streamlined examples to enhance clarity and usability. - Updated context and request building sections to align with the latest authorization practices. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * docs(cedarling): remove deprecated configuration fields from sample inputs - Eliminated `CEDARLING_ID_TOKEN_TRUST_MODE`, `CEDARLING_USER_AUTHZ`, and `CEDARLING_WORKLOAD_AUTHZ` from the sample inputs documentation to reflect recent changes in authorization configurations. - Streamlined the documentation for improved clarity and alignment with current practices. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * docs(cedarling): update README files to reflect changes in authorization methods - Revised the README documentation across multiple components to clarify the usage of `authorize_unsigned` and remove references to deprecated fields such as `CEDARLING_ID_TOKEN_TRUST_MODE`. - Enhanced examples and descriptions for better alignment with current authorization practices, including updates to the Python and WASM bindings. - Added new bootstrap config fixtures for testing purposes to support the updated authorization methods. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * refactor(policies): Removed legacy User and Workload policies from `policy-store_no_trusted_issuers.yaml` and `policy-store_ok_2.yaml` to focus on TestPrincipal entities. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * docs(cedarling): update authorization documentation and examples - Revised the Cedarling Rust and Go documentation to reflect the new `authorize_multi_issuer` method, replacing references to the deprecated `authorize` method. - Updated examples in the Go and Python tutorials to demonstrate the new multi-issuer token handling and clarified the differences between authorization methods. - Removed outdated sections and streamlined content for better clarity and alignment with current practices. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> * chore(jans-cedarling): remove unused params from test files Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * docs(cedarling): update authorization method references and examples - Revised documentation across Rust, JavaScript, Python, and Java tutorials to replace deprecated `authorize` method references with `authorize_unsigned` and `authorize_multi_issuer`. - Added a new example for multi-issuer profiling in the Rust documentation. - Clarified the retrieval of `request_id` in the logging documentation to include both `authorize_unsigned` and `authorize_multi_issuer` methods. Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> --------- Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> Co-authored-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * fix(jans-cedarling): fix unsigned benchmark Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): add for unsigned auth realistic payload Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * fix(jans-cedarling): add returning error on build entity with schema (#13539) * refactor(jans-cedarling): update `build_entity_attrs_with_shape` to return error Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * fix(jans-cedarling): fix errors surfaced by `build_entity_attrs_with_shape` returning Result - Skip type mismatch errors for optional attributes instead of failing - Pass all claims (incl. synthetic token_type/validated_at) to build_entity_attrs instead of filtering reserved claims and re-adding them - Fix test schemas: use Url record type for TrustedIssuer.issuer_entity_id - Check for default resource entity before attribute validation - Update can_build_entity_with_optional_attr test to provide required attrs Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * refactor(jans-cedarling): cosmetic code changes Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> --------- Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> * chore(jans-cedarling): remove duplicate `CEDARLING_LOCK` entry and run `cargo fmt --all` Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> --------- Signed-off-by: haileyesus2433 <haileyesusbe@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: imran <imranishaq7071@gmail.com> Signed-off-by: Mustafa Baser <mbaser@mail.com> Signed-off-by: yuriyz <yzabrovarniy@gmail.com> Signed-off-by: Oleh Bozhok <6554798+olehbozhok@users.noreply.github.com> Signed-off-by: iromli <isman.firmansyah@gmail.com> Signed-off-by: YuriyZ <yzabrovarniy@gmail.com> Signed-off-by: moabu <47318409+moabu@users.noreply.github.com> Signed-off-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Signed-off-by: SafinWasi <6601566+SafinWasi@users.noreply.github.com> Signed-off-by: jgomer2001 <bonustrack310@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Imran <78725662+imran-ishaq@users.noreply.github.com> Co-authored-by: YuriyM <Yuriy.Movchan@gmail.com> Co-authored-by: Oleh <6554798+olehbozhok@users.noreply.github.com> Co-authored-by: Isman Firmansyah <iromli@users.noreply.github.com> Co-authored-by: Devrim <devrimyatar@gluu.org> Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Co-authored-by: YuriyZ <yzabrovarniy@gmail.com> Co-authored-by: Arnab Dutta <arnab.bdutta@gmail.com> Co-authored-by: Yuriy M. <95305560+yuremm@users.noreply.github.com> Co-authored-by: Safin Wasi <6601566+SafinWasi@users.noreply.github.com> Co-authored-by: Jose Gonzalez <bonustrack310@gmail.com>
This was referenced May 11, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Adds dropOffRate and completionRate to the GET /metrics/analytics/errors response. Rates are based on started operations (ATTEMPT count): completionRate = successRate + failureRate, dropOffRate = 1 - completionRate. Includes a fallback when no ATTEMPT entries exist (e.g. legacy data)
Target issue
Adds explicit drop-off and completion metrics to the FIDO2 metrics errors analytics endpoint so administrators can track abandonment and completion rates (fixes #[issue-number] if you have one).
closes #13351
Implementation Details
Test and Document the changes
Please check the below before submitting your PR. The PR will not be merged if there are no commits that start with
docs:to indicate documentation changes or if the below checklist is not selected.Summary by CodeRabbit
New Features
Documentation