-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix default scope settings for none oidc providers like GitHub #1927
Fix default scope settings for none oidc providers like GitHub #1927
Conversation
d7aaa29
to
103bd6e
Compare
@JoelSpeed as this seems to be blocking quite a few people and it has been a bug for nearly a year now. I would like to ask you directly to have a look at this PR, if anything is missing to get it merged. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the fix, long term I intend to get this section rewritten and the provider settings will come before this defaulting code, but this certainly resolves the issue for now, so thanks!
Looks like the test updates aren't quite right as one of the scope tests failed, can you please look into that? |
@JoelSpeed my mistake! I had another look at it and it should now work as expected. |
@JoelSpeed can you retrigger the build and tests? 😄 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Lets see if the tests pass! LGTM, thanks
can we get a release of this? Theres no release since october of 2022. Is this project still maintained? |
@bit-herder unfortunately, @JoelSpeed has been looking for successors for a while now. There is an issue open for this very purpose. He moved to another job and doesn't have the time anymore to actively maintain this project. I'll be trying to get in contact with him as I've been interested in helping out this amazing project for a while now. |
@bit-herder we are currently working on getting a new release finalized. |
#2222 could this be related? how do i migrate my config? |
That seems to be the case, see https://github.com/oauth2-proxy/oauth2-proxy/pull/1927/files#r1086869386 @tuunit can you link the PRs please? Are these still open or have these been used? |
Hi @kvanzuijlen I'll check the issue and a possible fix tomorrow. |
Description
As described in detail in bug #1903 and related to #1724.
The current implementation overrides the default scope for all providers with the default oidc scopes when no scope is set in the configuration file. Which is obviously not the expected behaviour.
As the config file values are loaded before the default values of the providers:
oauth2-proxy/providers/providers.go
Lines 34 to 71 in fd2807c
oauth2-proxy/providers/providers.go
Lines 155 to 169 in fd2807c
The scope is overwritten with "openid email profile" which leads to issues later on in the setProviderDefaults method. As the p.Scope will never be empty, therefore all provider default scopes are ignored.
oauth2-proxy/providers/provider_data.go
Lines 197 to 199 in fd2807c
I added a check for the providerName as an additional condition in the default setter while loading the data from config file.
How Has This Been Tested?
I tested it locally with GitHub and dex, to ensure both implementations still work and I extended the unit test cases.
Checklist: