Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enhance validation for configured Issuer #649

Closed
wants to merge 1 commit into from
Closed

Enhance validation for configured Issuer #649

wants to merge 1 commit into from

Conversation

NotFound403
Copy link
Contributor

@NotFound403 NotFound403 commented Mar 19, 2022
edited

rfc8414#section-2

issuer REQUIRED. The authorization server's issuer identifier, which is a URL that uses the "https" scheme
and has no query or fragment components.

The "https" schema in development may be unsuited, but others should be vailidated.

  • required
  • no query
  • no fragment

I'm not sure if the above has been considered, further discussion is required

@NotFound403 NotFound403 marked this pull request as ready for review March 19, 2022 15:09
@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Mar 19, 2022
jgrandja
jgrandja requested changes Mar 29, 2022
View reviewed changes
Copy link
Collaborator

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the PR @NotFound403. Please see review comments.

...ork/security/config/annotation/web/configuration/OAuth2AuthorizationServerConfiguration.java Outdated Show resolved Hide resolved
...otation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java Show resolved Hide resolved
...n/java/org/springframework/security/oauth2/server/authorization/config/ProviderSettings.java Outdated Show resolved Hide resolved
@jgrandja jgrandja self-assigned this Mar 29, 2022
@jgrandja jgrandja added type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Mar 29, 2022
@jgrandja jgrandja changed the title Add Validation for Issuer in OAuth 2.0 Server Metadata (RFC 8414) Enhance validation for configured Issuer Mar 29, 2022
NotFound403
NotFound403 commented Mar 30, 2022
View reviewed changes
Copy link
Contributor Author

@NotFound403 NotFound403 left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jgrandja I have modified my code as you suggested.

jgrandja
jgrandja requested changes Apr 28, 2022
View reviewed changes
Copy link
Collaborator

@jgrandja jgrandja left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the updates @NotFound403. Please see review comments.

Also, please squash commits and rebase on main. There should only be 1 commit as part of this change.

...otation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java Outdated Show resolved Hide resolved
...otation/web/configurers/oauth2/server/authorization/OAuth2AuthorizationServerConfigurer.java Outdated Show resolved Hide resolved
...a/org/springframework/security/oauth2/server/authorization/config/ProviderSettingsTests.java Outdated Show resolved Hide resolved
@jgrandja jgrandja closed this in d0bb94b May 6, 2022
jgrandja added a commit that referenced this pull request May 6, 2022
@jgrandja
Polish gh-649
08d3777
@jgrandja jgrandja added this to the 0.3.0 milestone May 6, 2022
@jgrandja
Copy link
Collaborator

jgrandja commented May 6, 2022

Thanks for the updates @NotFound403. This is now merged in main.

FYI, I added a bit of polish to the tests.

@NotFound403
Copy link
Contributor Author

Thanks for the updates @NotFound403. This is now merged in main.

FYI, I added a bit of polish to the tests.

Thank you,Joe

@NotFound403 NotFound403 deleted the provider/iss branch May 13, 2022 08:55
doba16 pushed a commit to doba16/spring-authorization-server that referenced this pull request Apr 21, 2023
@NotFound403 @jgrandja
Enhance validation for configured issuer
bbff79d 
Closes spring-projectsgh-649
doba16 pushed a commit to doba16/spring-authorization-server that referenced this pull request Apr 21, 2023
@jgrandja
Polish spring-projectsgh-649
4a98d65
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jgrandja jgrandja Awaiting requested review from jgrandja

Assignees

@jgrandja jgrandja

Labels
type: enhancement A general enhancement
Projects
None yet
Milestone
0.3.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@NotFound403 @jgrandja @spring-projects-issues