Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add WebView support for SAML registration/login flows #4

Open
wants to merge 572 commits into
base: saml
Choose a base branch
from
Open

feat: add WebView support for SAML registration/login flows #4

wants to merge 572 commits into from

Conversation

splaunov
Copy link

The registration/login flow should end with special redirect if used in WebView on mobile platform

Related issue(s)

ory#2653

Checklist

  • [x ] I have read the contributing guidelines.
  • [x ] I have referenced an issue containing the design document if my change introduces a new feature.
  • [x ] I am following the contributing code guidelines.
  • [x ] I have read the security policy.
  • [x ] I confirm that this pull request does not address a security vulnerability.
    If this pull request addresses a security. vulnerability,
    I confirm that I got green light (please contact security@ory.sh) from the maintainers to push the changes.
  • [x ] I have added tests that prove my fix is effective or that my feature works.
  • I have added or changed the documentation.

Further Comments

@splaunov splaunov mentioned this pull request Sep 16, 2022
Open
13 tasks
@splaunov splaunov changed the title feat: SAML WebView support feat(saml): add WebView support Sep 16, 2022
@splaunov splaunov changed the title feat(saml): add WebView support feat: add WebView support Sep 16, 2022
@splaunov splaunov changed the title feat: add WebView support feat: add WebView support for SAML registration/login flows Sep 16, 2022
@splaunov
Copy link
Author

Have added WebView support and test

@splaunov splaunov marked this pull request as ready for review September 26, 2022 05:59
@splaunov splaunov requested review from Stoakes and removed request for sebferrer and ThibHrrd October 12, 2022 04:10
sebferrer
sebferrer requested changes Oct 18, 2022
View reviewed changes
Copy link
Member

@sebferrer sebferrer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In order to better follow Ory's design pattern, we have reorganized the files concerning our part of the code. The SAML handler is now in the strategy package, no longer in flow.
Could you please follow this new file architecture in your PR?
Thanks again! :)

@splaunov
Copy link
Author

Yes, will update my branch.

@splaunov splaunov requested review from sebferrer and Stoakes and removed request for Stoakes and sebferrer December 23, 2022 15:24
@splaunov
Copy link
Author

The branch has been updated. Please review and merge.

@splaunov
Copy link
Author

Have added validation error for unknown provider. We need this when the provider discovery is based on a user input.

@sebferrer
Copy link
Member

Hey @splaunov! Sorry we've been very busy lately. We had to force-push to rebase on the ory/kratos master. The changes are not major and should not generate too many conflicts. Can you please rebase to our SAML branch? Sorry for the inconvenience. We will finally have time to take care of the merge of this PR :)

ory-bot and others added 27 commits April 25, 2024 07:46
@ory-bot
autogen(openapi): regenerate swagger spec and internal client
ec90929 
[skip ci]
@jonas-jonas
fix: enum type of session expandables (ory#3895)
c435727
@ory-bot
autogen(openapi): regenerate swagger spec and internal client
da6b38a 
[skip ci]
@ory-bot
autogen(docs): regenerate and update changelog
41310b3 
[skip ci]
@hperl
fix: db index and duplicate credentials error (ory#3896)
9f34a21 
* fix: don't return password cred type if empty
* fix: better index for config.user_handle on identity_credentials
@ory-bot
autogen(openapi): regenerate swagger spec and internal client
ab8e1b5 
[skip ci]
@testwill
fix: close res body (ory#3870)
cc39f8d 
Signed-off-by: guoguangwu <guoguangwug@gmail.com>
@ory-bot
autogen(docs): regenerate and update changelog
264395a 
[skip ci]
@camcui @jonas-jonas
chore: fix function name in comment (ory#3869)
3ecdf2b 
Signed-off-by: camcui <cuishua@sina.cn>
Co-authored-by: Jonas Hungershausen <jonas.hungershausen@ory.sh>
@jonas-jonas
docs: remove delete reference from batch patch identity (ory#3906)
cd01cb9
@ory-bot
autogen(openapi): regenerate swagger spec and internal client
644e669 
[skip ci]
@alnr
fix: CVEs in dependencies (ory#3902)
e5d3b0a
@aeneasr
chore: make identity schema provider a proper service (ory#3908)
5288bc7
@ory-bot
autogen(openapi): regenerate swagger spec and internal client
d9dbaad 
[skip ci]
@aeneasr
fix(oidc): grace period for continuity container on oidc callbacks (o…
1a9a096 
…ry#3915)
@ory-bot
autogen(openapi): regenerate swagger spec and internal client
5dcbb77 
[skip ci]
@aeneasr
chore: allow smtp jim config (ory#3932)
83792ef
@jacwil
fix: change return urls in quickstarts (ory#3928)
9730e09
@aeneasr
chore: update repository templates to ory/meta@e838bee
de8e59c
@jonas-jonas
test: resolve flaky e2e tests (ory#3935)
a14927d 
* test: resolve flaky code registration tests

* chore: don't fail logout if cookie is not found

* chore: remove .only

* chore: reduce wait

* chore: u

* chore: u

* chore: u
@jonas-jonas
chore: upgrade nyaruka/phonenumbers to v1.3.6 (ory#3940)
050a4dc
@aeneasr
chore: improve courier logging (ory#3943)
fbbac77
@zepatrik
feat: allow admin to create API code recovery flows (ory#3939)
25d1ecd
@ory-bot
autogen(openapi): regenerate swagger spec and internal client
3c06689 
[skip ci]
@aeneasr
autogen: pin v1.2.0-pre.0 release commit
2baecae
@aeneasr
autogen: pin v1.2.0 release commit
1a70648
@ThibHrrd @splaunov
all commits before 2024 rebase
9ef0a8a 
feat(saml): api flow support (PS-35)

all commits before Jan 2024

fix(saml): applied recent changes from ovh/saml branch (PS-35)

fix(saml): fixed compilation errors after rebase (PS-35)

feat: extend admin api to read SAML providers configs (CORE-966)

(cherry picked from commit a55dee2)

ignore: add test to check token is valid in webview flow (CORE-2202)

(cherry picked from commit 2cee177)

feat(saml): add “provider id” parameter to kratos session (CORE-2073)

(cherry picked from commit ffa32d7)

feat(oidc): add “provider id” parameter to kratos session (CORE-2073)

(cherry picked from commit ddea269)

feat: link credentials when second login is OIDC (CORE-2041)

(cherry picked from commit 2a0b706)

feat: extend SAML cookie lifetime and set SameSite to None (CORE-2024)

(cherry picked from commit ef9918f)

feat: extend SAML cookie lifetime and set SameSite to None (CORE-2024)

(cherry picked from commit 7c6352a)

fix: panic when linked flow does not exist (CORE-2017)

(cherry picked from commit 98597ef)

feat(saml): return flow id when doing sso webview first login and email already exists (CORE-1986)

(cherry picked from commit 10690c8)

feat(saml): return error in webview redirect url when provider is not found (CORE-1982)

(cherry picked from commit 58be1df)

fix(saml): missed CSRF token when login with Google SAML and email is already used (CORE-1975)

(cherry picked from commit d808af6)

feat: link credentials when login - add LoginAndLinkCredentials method to login and registrations flows

(cherry picked from commit a6b8ad1)

feat: link credentials when login

(cherry picked from commit 9ea2707)

fix(saml): saml settings link redirect path

(cherry picked from commit 514b47b)

feat(saml): saml link/unlink

(cherry picked from commit 2cf82e8)

fix(saml): forward to registration flow when user with email is found

(cherry picked from commit 8f145c8)

fix(saml): forward to registration flow when user with email is found

(cherry picked from commit 58165d5)

fix(saml): An error occurred while retrieving the middeware, it is null

(cherry picked from commit c00246a)

fix(saml): saml creates identity with wrong default schema id

(cherry picked from commit 995d429)

fix(saml): add debug info to errors

(cherry picked from commit ef7fab2)

fix(saml): add debug info to errors

(cherry picked from commit e836c74)

feat(saml): set login flow error code and message if provider not found

(cherry picked from commit 2ac84f4)

feat(saml): support WebView flow for saml strategy

(cherry picked from commit dceaea1)

feat(saml): relaystate continuity fix + unit tests
Signed-off-by: sebferrer <sebferrer@users.noreply.github.com>

Co-authored-by: ThibaultHerard <thibaultherard10@gmail.com>
(cherry picked from commit aeb172c)

feat(saml): improved error handling
Signed-off-by: ThibaultHerard <thibaultherard10@gmail.com>

Co-authored-by: sebferrer <sebferrer@users.noreply.github.com>
(cherry picked from commit 37f7bbe)

feat(saml): use ory/x fetcher
Signed-off-by: ThibaultHerard <thibaultherard10@gmail.com>

Co-authored-by: sebferrer <sebferrer@users.noreply.github.com>
(cherry picked from commit b26f11d)

feat(saml): saml 2.0 implementation
Signed-off-by: ThibaultHerard <thibaultherard10@gmail.com>

Co-authored-by: sebferrer <sebferrer@users.noreply.github.com>
Co-authored-by: psauvage <psauvage0@users.noreply.github.com>
Co-authored-by: alexGNX <alexGNX@users.noreply.github.com>
Co-authored-by: Stoakes <Stoakes@users.noreply.github.com>
(cherry picked from commit 3f5480f)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Stoakes Stoakes Stoakes left review comments

@sebferrer sebferrer Awaiting requested review from sebferrer

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.