New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement Proposal A #146

Merged
merged 24 commits into from Aug 25, 2017

Conversation

Projects
None yet
2 participants
@stephank
Member

stephank commented Aug 24, 2017

This is a large PR, which implements Proposal A as documented in: https://docs.google.com/document/d/1fgIGivGrdUjiDtKf_xuwIoowU_H5qSqUXMRApbQoWTg/edit

In addition, this PR also has:

  • Updates for some dependencies
  • Types for sessions (uses serde_json)
  • Types for IdP documents (also uses serde_json)
  • Improved validation of both emails and URLs
  • Improved IdP error handling (no panics, can't have that now)
  • Session cleanup once auth completes

Currently, Portier only tries the first WebFinger link, ignoring the rest. A timeout of 5 seconds is hardcoded, after which we continue with email fallback. (Discovery continues in the background, so caches are warmed for a next attempt.)

A currently unspecced custom rel is implemented to allow forwarding to Google. A domain can either specify this in the WebFinger response, or Portier can be configured with it per domain using domain_overrides.

A demo IdP is available at: https://github.com/onli/portier_idp

stephank added some commits Aug 12, 2017

Improve email address normalization
Specifically, we now do things in one place, and domains are normalized
according to WHATWG rules.
Don't store client_id in session
Always derive audience from redirect_uri.
Improve error handling and logging
No implicit conversions to BrokerError, always wrap with a contextual message.
Serialization and session refactor
This commit modifies several places to do serialization using types instead of
plucking apart a JSON Value. It touches on HTTP IdP interactions and session
handling.

The JWT stuff is left as is, because it may in the future use an external
library instead.

In addition, this replaces the private scheme for Google with a separate rel.
@onli

onli approved these changes Aug 25, 2017

I think this should also bump the version. Otherwise nothing to change from my side.

@stephank stephank merged commit ad3e9e1 into master Aug 25, 2017

1 of 2 checks passed

coverage/coveralls Coverage pending from Coveralls.io
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details

@stephank stephank deleted the featureProposalA branch Aug 25, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment