Skip to content

Improve OpenId Connect Usage#46

Merged
simonwacker merged 16 commits into
developfrom
improve-open-id-connect-usage
May 30, 2023
Merged

Improve OpenId Connect Usage#46
simonwacker merged 16 commits into
developfrom
improve-open-id-connect-usage

Conversation

@simonwacker
Copy link
Copy Markdown
Contributor

@simonwacker simonwacker commented Apr 28, 2023

No description provided.

@simonwacker
Store only subject and name in database and use the /connect/userinfo…
edb27df 
… endpoint of the metabase's OpenId Connect support for all other information (this way the personal info is always up-to-date, there are no concerns regarding encryption of the email address and other user related information in the database and data is not kept twice but only in the metabase)
@simonwacker
Display verification status properly
75e69da
@simonwacker
Do not use a default authentication scheme (be explicit instead to im…
7efacac 
…prove code understanding)
@simonwacker
Show only available user info
7600b69
@simonwacker
Remove next-auth (we use the OpenIddict client instead to authenticat…
7113cad 
…e through the Metabase)
@simonwacker
Seal records
e58a982
@simonwacker
Extract metabase REST and GraphQl querying into common class and impr…
002bb0a 
…ove error reporting
@simonwacker
Use LocalRedirect as an additional security measure to prevent open…
f0cd39f 
…-redirect attacks (because `SanitizeReturnUrl` uses `IsLocalUrl` to sanitize the URL this is actually not necessary --- but better safe than sorry; for details see https://learn.microsoft.com/en-us/aspnet/core/security/preventing-open-redirects?view=aspnetcore-5.0)
@simonwacker
Allow CORS only for GraphQL endpoint
fe029c5
@simonwacker
Fix spelling error
c04cf1a
@simonwacker
Make auth schemes explicit by setting default schemes to null and sup…
452d466 
…port bearer token authentication
@simonwacker
Add antiforgery token support
8983c4e
@simonwacker
Use the same logic for authenticating antiforgery token requests and …
a0f72df 
…GraphQL requests
@simonwacker
Authenticate user before validating antiforgery tokens (otherwise the…
9b755ef 
… token validation logic fails with the message that the token was issued for another user)
@simonwacker
Link to an issue with gotchas regarding antiforgery tokens in ASP.NET…
73522db 
… Core
@simonwacker
Link pull request #46
05d5681
@simonwacker simonwacker merged commit f9d64f9 into develop May 30, 2023
@simonwacker simonwacker deleted the improve-open-id-connect-usage branch May 30, 2023 15:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@simonwacker