Skip to content

Enhance JWT issuer validation #1580

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
TimHess merged 1 commit into from
Aug 29, 2025
Merged

Enhance JWT issuer validation #1580

TimHess merged 1 commit into from
Aug 29, 2025

Conversation

@TimHess
Copy link
Member

@TimHess TimHess commented Aug 28, 2025

Description

Allow a variation on the authority (that seems to show up only occasionally?) when using the SSO Tile on Cloud Foundry

Note: Steeltoe V3 performed issuer validation based strictly on the presence of uaa in the issuer

Quality checklist

  • Your code complies with our Coding Style.
  • You've updated unit and/or integration tests for your change, where applicable.
  • You've updated documentation for your change, where applicable.
    If your change affects other repositories, such as Documentation, Samples and/or MainSite, add linked PRs here.
  • There's an open issue for the PR that you are making. If you'd like to propose a new feature or change, please open an issue to discuss the change or find an existing issue.
  • You've added required license files and/or file headers (explaining where the code came from with proper attribution), where code is copied from StackOverflow, a blog, or OSS.

@TimHess TimHess added this to the 4.0.0 milestone Aug 28, 2025
@TimHess TimHess self-assigned this Aug 28, 2025
@TimHess TimHess added Component/Security Issues related to Steeltoe Security components (not app-sec) ReleaseLine/4.x Identified as a feature/fix for the 4.x release line labels Aug 28, 2025
@github-actions
Copy link
Contributor

github-actions bot commented Aug 28, 2025
edited
Loading

Summary - All Code Coverage (ubuntu-latest)

Line coverage Branch coverage

Assembly Line coverage Branch coverage
Steeltoe.Bootstrap.AutoConfiguration 97.4% 100%
Steeltoe.Common 85.6% 79.8%
Steeltoe.Common.Certificates 96.2% 85.2%
Steeltoe.Common.Hosting 84% 70%
Steeltoe.Common.Http 100% 85.2%
Steeltoe.Common.Logging 81.1% 41.6%
Steeltoe.Common.Net 64.5% 66.6%
Steeltoe.Configuration.Abstractions 97.8% 92.6%
Steeltoe.Configuration.CloudFoundry 99.1% 91.6%
Steeltoe.Configuration.ConfigServer 97.2% 91.6%
Steeltoe.Configuration.Encryption 97.6% 92.4%
Steeltoe.Configuration.Kubernetes.ServiceBindings 95.1% 89.3%
Steeltoe.Configuration.Placeholder 93.8% 84.7%
Steeltoe.Configuration.RandomValue 93.2% 90%
Steeltoe.Configuration.SpringBoot 98.4% 95.4%
Steeltoe.Connectors 93.9% 89.4%
Steeltoe.Connectors.EntityFrameworkCore 81.5% 75%
Steeltoe.Discovery.Configuration 90.4% 100%
Steeltoe.Discovery.Consul 98% 94.8%
Steeltoe.Discovery.Eureka 92.7% 85.6%
Steeltoe.Discovery.HttpClients 94% 95.4%
Steeltoe.Logging.Abstractions 99.4% 96.9%
Steeltoe.Logging.DynamicConsole 100% 95.4%
Steeltoe.Logging.DynamicSerilog 99.1% 95%
Steeltoe.Management.Abstractions 100% 100%
Steeltoe.Management.Endpoint 95.5% 89.1%
Steeltoe.Management.Prometheus 95.9% 91.6%
Steeltoe.Management.Tasks 100% ****
Steeltoe.Management.Tracing 100% 75%
Steeltoe.Security.Authentication.JwtBearer 100% 100%
Steeltoe.Security.Authentication.OpenIdConnect 73.8% 59%
Steeltoe.Security.Authorization.Certificate 96.3% 75%
Steeltoe.Security.DataProtection.Redis 100% ****

@TimHess TimHess force-pushed the alternate-valid-issuer branch from 43a28c2 to 3252eab Compare August 28, 2025 16:59
@TimHess TimHess marked this pull request as draft August 28, 2025 19:29
@TimHess TimHess force-pushed the alternate-valid-issuer branch from 3252eab to fc5ed95 Compare August 28, 2025 19:33
@TimHess TimHess force-pushed the alternate-valid-issuer branch from fc5ed95 to 5fb7309 Compare August 28, 2025 19:38
@sonarqubecloud
Copy link

sonarqubecloud bot commented Aug 28, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@TimHess TimHess marked this pull request as ready for review August 29, 2025 13:17
@TimHess TimHess merged commit 7a683e8 into main Aug 29, 2025
18 of 19 checks passed
@TimHess TimHess deleted the alternate-valid-issuer branch August 29, 2025 14:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bart-vmware bart-vmware bart-vmware approved these changes

Assignees

@TimHess TimHess

Labels

Component/Security Issues related to Steeltoe Security components (not app-sec) ReleaseLine/4.x Identified as a feature/fix for the 4.x release line

Projects

None yet

Milestone

4.0.0

Development

Successfully merging this pull request may close these issues.

3 participants

@TimHess @bart-vmware