Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OIDC/OAuth Revocation improvements part 2 #4771

Open
wants to merge 10 commits into
base: master
from

Conversation

@julienhuon
Copy link
Contributor

julienhuon commented Mar 23, 2020

Hello Misagh,

This the second and last part of my work on the OAuth/OIDC revocation process. I still have to add tests & doc for the new revocation endpoints but I thought it would be easier for you to start reviewing from now.

Here the changelog:

  • Revocation is now but supported inside the /oauth2.0 & oidc urls instead of /oidc only
  • Add support for public clients
  • Fix a bug which allow a client to revoke a token from another client
  • Refresh token revocation now revoke all Access Token related to the Refresh Token submitted

Take your time to review and let me know if you need any further information.

Regards,
Julien

* Revocation is now supported inside the /oauth2.0 url instead of /oidc 
only

* add support for public clients

* Fix a bug which allow a client to revoke a token from another client

* Refresh token revocation new revoke all Access Token related to the 
Refresh Token submitted
@codecov

This comment has been minimized.

Copy link

codecov bot commented Mar 24, 2020

Codecov Report

Merging #4771 into master will decrease coverage by 2.31950%.
The diff coverage is 84.00000%.

Impacted file tree graph

@@                  Coverage Diff                  @@
##                master       #4771         +/-   ##
=====================================================
- Coverage     51.67306%   49.35356%   -2.31949%     
+ Complexity        8520        8196        -324     
=====================================================
  Files             2661        2668          +7     
  Lines            54750       54916        +166     
  Branches          4398        4423         +25     
=====================================================
- Hits             28291       27103       -1188     
- Misses           24214       25502       +1288     
- Partials          2245        2311         +66     
Flag Coverage Δ Complexity Δ
#AmazonWebServices 8.45109% <0.00000%> (-0.02379%) 1065.00000 <0.00000> (-1.00000)
#Cassandra 7.95215% <0.00000%> (-0.01497%) 1091.00000 <0.00000> (-1.00000)
#CosmosDb 0.00000% <0.00000%> (ø) 0.00000 <0.00000> (ø)
#Couchbase ? ?
#DynamoDb ? ?
#FileSystem 10.77282% <0.00000%> (-0.01257%) 1602.00000 <0.00000> (+8.00000) ⬇️
#Groovy 12.04385% <0.00000%> (-0.02555%) 1917.00000 <0.00000> (+1.00000) ⬇️
#Ignite ? ?
#JDBC 13.73552% <0.00000%> (-0.02338%) 2179.00000 <0.00000> (+4.00000) ⬇️
#JMS ? ?
#LDAP 12.79409% <0.00000%> (-0.02782%) 1884.00000 <0.00000> (+1.00000) ⬇️
#MAIL ? ?
#MFA 12.79955% <0.00000%> (+0.07261%) 1993.00000 <0.00000> (+43.00000)
#MSSQL ? ?
#MariaDb ? ?
#Memcached ? ?
#MongoDb ? ?
#MySQL ? ?
#OAUTH 15.50368% <79.00000%> (+0.13747%) 2375.00000 <29.00000> (+33.00000)
#OAUTHUMA 9.88783% <13.00000%> (+0.00838%) 1433.00000 <5.00000> (+6.00000)
#OIDC 12.72853% <18.00000%> (-0.00389%) 1991.00000 <7.00000> (+5.00000) ⬇️
#Oracle ? ?
#PostgreSQL ? ?
#REST 14.73705% <0.00000%> (-0.00450%) 2314.00000 <0.00000> (+5.00000) ⬇️
#Radius ? ?
#Redis ? ?
#SAML 17.49581% <0.00000%> (?) 2690.00000 <0.00000> (?)
#WEBFLOW 24.70865% <0.00000%> (-0.04751%) 4065.00000 <0.00000> (+4.00000) ⬇️
#ZooKeeper ? ?
Impacted Files Coverage Δ Complexity Δ
...o/cas/ticket/refreshtoken/OAuth20RefreshToken.java 0.00000% <ø> (ø) 0.00000 <0.00000> (ø)
...rt/oauth/web/OAuth20HandlerInterceptorAdapter.java 0.00000% <0.00000%> (ø) 0.00000 <0.00000> (ø)
...eo/cas/config/CasOAuth20ThrottleConfiguration.java 50.00000% <50.00000%> (+1.28205%) 6.00000 <0.00000> (ø)
...ollers/token/OidcRevocationEndpointController.java 66.66667% <66.66667%> (+55.95238%) 1.00000 <1.00000> (-1.00000) ⬆️
...dator/token/OAuth20RevocationRequestValidator.java 91.66667% <91.66667%> (ø) 5.00000 <5.00000> (?)
...endpoints/OAuth20RevocationEndpointController.java 96.66667% <96.66667%> (ø) 21.00000 <21.00000> (?)
...rg/apereo/cas/support/oauth/util/OAuth20Utils.java 66.41791% <100.00000%> (+0.25251%) 40.00000 <1.00000> (+1.00000)
...org/apereo/cas/config/CasOAuth20Configuration.java 91.69675% <100.00000%> (+0.21527%) 69.00000 <2.00000> (+2.00000)
...eo/cas/oidc/web/OidcHandlerInterceptorAdapter.java 27.27273% <100.00000%> (ø) 2.00000 <1.00000> (ø)
.../org/apereo/cas/oidc/config/OidcConfiguration.java 96.77419% <100.00000%> (+0.01494%) 58.00000 <0.00000> (ø)
... and 423 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 4e37aee...dd24ba6. Read the comment docs.

@julienhuon

This comment has been minimized.

Copy link
Contributor Author

julienhuon commented Mar 24, 2020

Misagh,

I still have to do:

  • audit
  • tests
  • doc
  • JEEContext

Feel free to requests me other changes. :)

Regards,
Julien

julienhuon added 2 commits Mar 24, 2020
@mmoayyed

This comment has been minimized.

Copy link
Member

mmoayyed commented Mar 25, 2020

I appreciate your commitment, thank you.

The master branch is a bit in flux right now, but don't let that discourage you from making progress here. The build status will eventually turn green.Focus on the changes for the PR only please and I'll take care of the build status and other unrelated failures in due time.

Thanks again!

@julienhuon julienhuon changed the title WIP : OIDC/OAuth Revocation improvements part 2 OIDC/OAuth Revocation improvements part 2 Mar 29, 2020
@julienhuon

This comment has been minimized.

Copy link
Contributor Author

julienhuon commented Mar 29, 2020

Misagh,

I think it's done. Let me know if any change is needed.

Regards,
Julien

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.