Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(oidc settings): effective JWS algorithm setting #9712

Merged
merged 1 commit into from Jan 25, 2024
Merged

fix(oidc settings): effective JWS algorithm setting #9712

merged 1 commit into from Jan 25, 2024

Conversation

darnaut
Copy link
Collaborator

@darnaut darnaut commented Jan 24, 2024
edited

Due to a bug in OidcConfigs, the preferredJwsAlgorithm setting was never used when OIDC "dynamic" settings are set/enabled. Probably to workaround this bug, a change was made to use auth.oidc.preferredJwsAlgorithm from the application configuration (same as AUTH_OIDC_PREFERRED_JWS_ALGORITHM environment variable) if the preferredJwsAlgorithm setting was not specified in the OIDC dynamic settings - which is always the case due to the bug. This workaround also prevents us from simply using an existing preferredJwsAlgorithm setting as it could differ from an actually used configuration option which might have a different value - causing breakage to existing deployments.

This change introduces a new preferredJwsAlgorithm2 field in the OIDC settings that is actually used if set. The workaround is also partially preserved in that if preferredJwsAlgorithm2 is not set, the value from auth.oidc.preferredJwsAlgorithm is used. The response from the auth/getSsoSettings endpoint now returns the value of preferredJwsAlgorithm2 but still uses the same field name.

Checklist

  • The PR conforms to DataHub's Contributing Guideline (particularly Commit Message Format)
  • Links to related issues (if applicable)
  • Tests for the changes have been added/updated (if applicable)
  • Docs related to the changes have been added/updated (if applicable). If a new feature has been added a Usage Guide has been added for the same.
  • For any breaking change/potential downtime/deprecation/big changes an entry has been made in Updating DataHub

@github-actions github-actions bot added product PR or Issue related to the DataHub UI/UX devops PR or Issue related to DataHub backend & deployment community-contribution PR or Issue raised by member(s) of DataHub Community labels Jan 24, 2024
@darnaut darnaut merged commit 23277f8 into master Jan 25, 2024
59 checks passed
@darnaut darnaut deleted the darnaut-dynamic-preferred-jws-algorithm branch January 25, 2024 01:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-leifker david-leifker david-leifker approved these changes

Assignees
No one assigned
Labels
community-contribution PR or Issue raised by member(s) of DataHub Community devops PR or Issue related to DataHub backend & deployment product PR or Issue related to the DataHub UI/UX
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@darnaut @david-leifker