Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

identity/oidc: optional nonce parameter for authorize request #13231

Merged
merged 3 commits into from
Nov 22, 2021
Merged

identity/oidc: optional nonce parameter for authorize request #13231

merged 3 commits into from
Nov 22, 2021

Conversation

austingebauer
Copy link
Member

Overview

This PR makes the nonce parameter optional for the Authorization Endpoint published by Vault OIDC providers. It includes updates to documentation for this change.

Fixes #13204.

Additionally, this PR renames requiredClaims -> reservedClaims because it makes more sense as a variable name.

Testing

I've added test coverage to this PR. I also manually tested that the nonce isn't required and doesn't appear as an ID token claim when omitted.

@austingebauer austingebauer added this to the 1.9.1 milestone Nov 19, 2021
@vercel vercel bot temporarily deployed to Preview – vault November 19, 2021 23:59 Inactive
@vercel vercel bot temporarily deployed to Preview – vault-storybook November 19, 2021 23:59 Inactive
@austingebauer austingebauer merged commit 87c355e into main Nov 22, 2021
@austingebauer austingebauer deleted the oidc-optional-nonce branch November 22, 2021 17:42
austingebauer added a commit that referenced this pull request Nov 22, 2021
@austingebauer
identity/oidc: optional nonce parameter for authorize request (#13231)
a5b3c7e
@austingebauer austingebauer mentioned this pull request Nov 22, 2021
Merged
austingebauer added a commit that referenced this pull request Nov 24, 2021
@austingebauer
Backport 1.9.x: identity/oidc: optional nonce parameter for authorize…
79019d0 
… request (#13231) (#13242)
@braunsonm braunsonm mentioned this pull request Dec 16, 2021
Closed
qk4l pushed a commit to qk4l/vault that referenced this pull request Feb 4, 2022
@austingebauer
identity/oidc: optional nonce parameter for authorize request (hashic…
862aea2 
…orp#13231)
@thiskevinwang thiskevinwang mentioned this pull request Apr 25, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@calvn calvn calvn approved these changes

@fairclothjm fairclothjm fairclothjm approved these changes

@robmonte robmonte Awaiting requested review from robmonte

@vinay-gopalan vinay-gopalan Awaiting requested review from vinay-gopalan

@taoism4504 taoism4504 Awaiting requested review from taoism4504

Assignees
No one assigned
Labels
identity/oidc
Projects
None yet
Milestone
1.9.1
Development

Successfully merging this pull request may close these issues.

OIDC provider: nonce should be optional in authorization code flow
3 participants
@austingebauer @calvn @fairclothjm