Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oidc): private key jwt client auth #5280

Merged
merged 5 commits into from
May 15, 2023
Merged

feat(oidc): private key jwt client auth #5280

merged 5 commits into from
May 15, 2023

Conversation

james-d-elliott
Copy link
Member

This adds support for the private_key_jwt client authentication method.

@authelia
Copy link

authelia bot commented Apr 19, 2023

Artifacts

These changes are published for testing on Buildkite, DockerHub and GitHub Container Registry.

Docker Container

  • docker pull authelia/authelia:feat-oidc-private-key-jwt
  • docker pull ghcr.io/authelia/authelia:feat-oidc-private-key-jwt

@netlify
Copy link

netlify bot commented Apr 19, 2023
edited

Deploy Preview for authelia-staging ready!

Name Link
🔨 Latest commit fcd93bb
🔍 Latest deploy log https://app.netlify.com/sites/authelia-staging/deploys/646177b5097c8a0008f91049
😎 Deploy Preview https://deploy-preview-5280--authelia-staging.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

@codecov
Copy link

codecov bot commented Apr 19, 2023
edited

Codecov Report

Merging #5280 (fcd93bb) into master (cef374c) will increase coverage by 2.26%.
The diff coverage is 94.14%.

Additional details and impacted files

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #5280      +/-   ##
==========================================
+ Coverage   67.79%   70.06%   +2.26%     
==========================================
  Files         281      280       -1     
  Lines       22627    22789     +162     
  Branches      438      438              
==========================================
+ Hits        15340    15966     +626     
+ Misses       6466     6041     -425     
+ Partials      821      782      -39
Flag Coverage Δ
backend 71.13% <94.14%> (+2.44%) ⬆️
frontend 56.70% <ø> (-0.06%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
internal/configuration/deprecation.go 83.33% <ø> (ø)
internal/configuration/schema/types.go 61.61% <ø> (+1.01%) ⬆️
internal/oidc/types.go 91.78% <ø> (+2.44%) ⬆️
internal/oidc/authentication.go 76.06% <59.09%> (ø)
internal/oidc/keys.go 82.19% <78.00%> (+12.03%) ⬆️
internal/oidc/core_strategy_hmac.go 90.16% <92.30%> (-0.47%) ⬇️
...rnal/configuration/validator/identity_providers.go 99.33% <100.00%> (+1.90%) ⬆️
internal/configuration/validator/notifier.go 100.00% <100.00%> (+3.37%) ⬆️
internal/configuration/validator/server.go 100.00% <100.00%> (+2.01%) ⬆️
internal/configuration/validator/shared.go 100.00% <100.00%> (+26.08%) ⬆️
... and 6 more

... and 7 files with indirect coverage changes

autheliabot
autheliabot reviewed Apr 19, 2023
View reviewed changes
internal/oidc/authentication.go Show resolved Hide resolved
internal/oidc/authentication_test.go Outdated Show resolved Hide resolved
internal/oidc/const_test.go Show resolved Hide resolved
autheliabot
autheliabot reviewed Apr 19, 2023
View reviewed changes
internal/oidc/keys.go Outdated Show resolved Hide resolved
autheliabot
autheliabot reviewed Apr 19, 2023
View reviewed changes
internal/oidc/authentication_test.go Outdated Show resolved Hide resolved
internal/oidc/authentication_test.go Outdated Show resolved Hide resolved
internal/oidc/authentication_test.go Outdated Show resolved Hide resolved
internal/oidc/authentication_test.go Outdated Show resolved Hide resolved
@james-d-elliott james-d-elliott force-pushed the feat-oidc-private-key-jwt branch 3 times, most recently from 68869c3 to b98aad0 Compare April 19, 2023 11:58
@james-d-elliott james-d-elliott force-pushed the feat-oidc-private-key-jwt branch 4 times, most recently from 0780634 to 4a69fe8 Compare April 20, 2023 00:45
@james-d-elliott james-d-elliott force-pushed the feat-oidc-private-key-jwt branch 2 times, most recently from 3c1078a to 899c8b8 Compare April 20, 2023 01:01
@james-d-elliott james-d-elliott force-pushed the feat-oidc-private-key-jwt branch 7 times, most recently from c78908f to 3bb7ad7 Compare April 20, 2023 13:41
@james-d-elliott james-d-elliott force-pushed the feat-oidc-private-key-jwt branch 7 times, most recently from c3766ac to 49cafb6 Compare May 8, 2023 04:21
nightah
nightah requested changes May 11, 2023
View reviewed changes
Copy link
Member

@nightah nightah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Found some typos, nits and questions/suggestions.

config.template.yml Outdated Show resolved Hide resolved
docs/content/en/configuration/identity-providers/openid-connect/clients.md Outdated Show resolved Hide resolved
docs/content/en/configuration/identity-providers/openid-connect/clients.md Outdated Show resolved Hide resolved
docs/content/en/configuration/methods/secrets.md Outdated Show resolved Hide resolved
docs/content/en/configuration/miscellaneous/privacy-policy.md Outdated Show resolved Hide resolved
internal/oidc/const.go Outdated Show resolved Hide resolved
internal/oidc/discovery_test.go Outdated Show resolved Hide resolved
internal/oidc/discovery_test.go Outdated Show resolved Hide resolved
internal/oidc/discovery_test.go Outdated Show resolved Hide resolved
internal/oidc/discovery_test.go Outdated Show resolved Hide resolved
@james-d-elliott james-d-elliott force-pushed the feat-oidc-private-key-jwt branch 2 times, most recently from 3824400 to fa3a6aa Compare May 11, 2023 09:12
@james-d-elliott james-d-elliott force-pushed the feat-oidc-private-key-jwt branch 5 times, most recently from 2fc0455 to 2445b2e Compare May 11, 2023 12:22
nightah
nightah approved these changes May 14, 2023
View reviewed changes
Copy link
Member

@nightah nightah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM.

This was referenced May 14, 2023
Merged
Merged
james-d-elliott and others added 5 commits May 15, 2023 10:06
@james-d-elliott
feat(oidc): client_secret_jwt authentication
de28cf6 
This adds the authentication machinery for the client_secret_jwt Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
@james-d-elliott
feat(oidc): client_secret_jwt authentication
262c274 
This adds the authentication machinery for the client_secret_jwt Default Client Authentication Strategy.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
@james-d-elliott
feat(oidc): multiple jwk algorithms
d7c65a0 
This adds support for multiple JWK algorithms and keys and allows for per-client algorithm choices.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
@james-d-elliott
feat(oidc): private key jwt client auth
570bc0e 
This adds support for the private_key_jwt client authentication method.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
@james-d-elliott @nightah
refactor: apply suggestions from code review
fcd93bb 
Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
@james-d-elliott james-d-elliott merged commit 65ecfe4 into master May 15, 2023
46 checks passed
@james-d-elliott james-d-elliott deleted the feat-oidc-private-key-jwt branch May 15, 2023 00:32
@james-d-elliott james-d-elliott added this to the v4.38.0 milestone Aug 2, 2023
@james-d-elliott james-d-elliott added the area/openid-connect OpenID Connect 1.0 / OAuth 2.0 related features/bugs label Aug 20, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@autheliabot autheliabot autheliabot left review comments

@nightah nightah nightah approved these changes

Assignees
No one assigned
Labels
area/openid-connect OpenID Connect 1.0 / OAuth 2.0 related features/bugs
Projects
None yet
Milestone
v4.38.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@james-d-elliott @nightah @autheliabot