Skip to content

Add reqval.fill_id_token with technicals OIDC fields into id_token #660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 15 commits into from
May 6, 2019
Merged

Add reqval.fill_id_token with technicals OIDC fields into id_token #660

merged 15 commits into from
May 6, 2019

Conversation

JonathanHuot
Copy link
Member

@JonathanHuot JonathanHuot commented Mar 5, 2019
edited
Loading

Add support of:

  • nonce
  • c_hash
  • at_hash

Deprecate the 3.0.0 get_id_token in favor of finalize_id_token fill_id_token. However, get_id_token is still working if implemented. It gives the user the choice to either implement the full JWT build, or take the advantage of oauthlib and completing the id_token & signing it.

Work is still to be done regarding max_time/auth_time, claims, and maybe few others.

@JonathanHuot
Removed duplicated OIDC members in OAuth2.RequestValidator
73032fe
@JonathanHuot
Add technicals fields of id_token in oauthlib OIDC support
7c570c7 
A new RequestValidator `fill_id_token` has been introduced to replace `get_id_token`. It aims to have the bare minimum amount of fields to complete a full OIDC id_token support. `get_id_token` is still valid but optional, and if it is implemented, `fill_id_token` will not be called. The current `fill_id_token` came with full support of `aud`, `iat`, `nonce`, `at_hash` and `c_hash`. More could come in the future e.g. `auth_time`, ...
@JonathanHuot
Add c_hash. Add summary about when nonce/hashes are added to id_token
62152d4
@JonathanHuot
Change to 3.0.2-dev as long as master is in "dev"
84cd5a4
@JonathanHuot
Merge branch 'master' into oidc-hashes
55b152c
@JonathanHuot JonathanHuot added Feature OIDC OpenID Connect labels Mar 5, 2019
@JonathanHuot JonathanHuot added this to the 3.1.0 milestone Mar 5, 2019
@JonathanHuot JonathanHuot self-assigned this Mar 5, 2019
@JonathanHuot JonathanHuot requested a review from wiliamsouza March 5, 2019 09:29
@JonathanHuot JonathanHuot mentioned this pull request Mar 5, 2019
Closed
2 tasks
skion
skion reviewed Mar 5, 2019
View reviewed changes
Copy link
Member

@skion skion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor comments, but need to give it a better read still...

@wiliamsouza
Copy link
Member

The only concern is when we need support claim extension if will be easy to do in configurable way. Any ideia on that?

@JonathanHuot
Copy link
Member Author

Hi @skion, your initial comments have been solved. I have also added the missing unittests to increase coverage. Could you have another look?

Hi @wiliamsouza, yes, claims is the next feature that it should be improved. I don't see any roadblocks to this.?

@JonathanHuot JonathanHuot changed the title WIP: Add reqval.fill_id_token with technicals OIDC fields into id_token Add reqval.fill_id_token with technicals OIDC fields into id_token Mar 27, 2019
skion
skion approved these changes Apr 6, 2019
View reviewed changes
Copy link
Member

@skion skion left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I quite like it, nice.

@JonathanHuot JonathanHuot merged commit 754b003 into master May 6, 2019
@JonathanHuot JonathanHuot mentioned this pull request Jul 23, 2019
Merged
This was referenced Mar 12, 2021
Closed
Closed
@JonathanHuot JonathanHuot deleted the oidc-hashes branch June 1, 2021 21:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@skion skion skion approved these changes

@wiliamsouza wiliamsouza Awaiting requested review from wiliamsouza

Assignees

@JonathanHuot JonathanHuot

Labels
Feature OIDC OpenID Connect
Projects
None yet
Milestone
3.1.0
Development

Successfully merging this pull request may close these issues.
3 participants
@JonathanHuot @wiliamsouza @skion
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy