Fix ticket #1080 - Allow multiple redirect_uris per oauth2 app #1112
Conversation
| local success, result = pcall(json.decode, value); | ||
| if success then | ||
| rows[i][col] = result | ||
| else |
There was a problem hiding this comment.
Quick comment about this: the aim of this code is to allow the code to retrieve oauth2 credentials whose redirect_uri were saved before this PR is (hopefully) merged. For these legacy records, redirect_uri is indeed not serialized, it's just a string, and the json decoding is failing.
I hesitated between doing so and writing a migration file that would convert all the redirect_uri in the new array format. I didn't do so because:
- I believe this approach is better to be able to upgrade a cluster of kong nodes without downtime,
- I don't feel comfortable coding migration files, and don't know how to test them.
If you guys would rather have a migration file, I would appreciate you help me on that one.
|
Coverage decreased (-0.3%) to 64.479% when pulling 4a67a276f0f28c0422c92788a2b063cacdca7b0e on classy-org:feature/multiple_oauth2_redirect_uris into cbd03da on Mashape:next. |
|
@thefosk any idea why the tests are failing? I have no pb when I run them locally. |
…direct_uri to new array format
PGBI
force-pushed
the
feature/multiple_oauth2_redirect_uris
branch
from
cd8f24e to
b2b373b
Compare
|
Hi @PGBI - sorry for keeping this pending for a while. Could you fix the merge problems with |
|
@thefosk I fixed the conflict. Again, unit tests are failing on travis. Any idea why? I can't reproduce on my dev setup (I'm using kong-vagrant for developing and running tests) when running |
| @@ -8,6 +9,21 @@ local function generate_if_missing(v, t, column) | |||
| return true | |||
| end | |||
|
|
|||
| local function validate_uris(v, t, column) | |||
| if v and type(v) == "table" then | |||
There was a problem hiding this comment.
@PGBI correct me if I am wrong, but since redirect_uri is now an array in the schema, we don't have to check if it's a table. It should always be parsed like a table, or nil.
So if v and type(v) == "table" then becomes if v then and that should be enough.
|
Regarding the tests don't worry, if they work locally it's okay - we are having problems with TravisCI. |
|
@thefosk Is there any other concern I did not address? |
|
@PGBI can you squash your commits? |
|
Hi, I'm in vacation right now. Can you please take care of that? Otherwise will do on Monday. Thanks
|
|
Squashed and merged with fb22516 |
|
When did you fix the encoding of the
In 0.9.2, it seems to be returned they way you would expect, as a proper JSON array. |
|
This is actually proper JSON. See mpx/lua-cjson#2 |
|
Hehe, sure it's proper JSON, but still not what you would expect. Had a workaround for this in wicked.haufe.io which bit me now when switching to 0.9.2. |
The aim of this PR is to address the ticket #1080 and allowing an oauth2 app (aka "oauth2 credentials") to register several redirect_uris.
Before the change, oauth2 credentials are of the form:
{ "id": "25b31464-6245-4e11-9205-59c723152444", "consumer_id": "f23bf76d-e691-4b0f-bc29-950e4cf4d651", "client_id": "0323125f47beb13a8f3eb47dee55240c", "client_secret": "3e806877319486387a0528cd5a0bf95f", "redirect_uri": "http://aaa.com", "name": "test", "created_at": 1459329919000, }after the change:
{ "id": "25b31464-6245-4e11-9205-59c723152444", "consumer_id": "f23bf76d-e691-4b0f-bc29-950e4cf4d651", "client_id": "0323125f47beb13a8f3eb47dee55240c", "client_secret": "3e806877319486387a0528cd5a0bf95f", "redirect_uri": [ "http://aaa.com", "http://bbb.com", ], "name": "test", "created_at": 1459329919000, }To be noted: the oauth2 spec specifies that a redirect_uri must not contain a fragment. This check was performed at the authorization endpoint. I moved this check to the admin API, when creating / updating oauth2 credentials.