Skip to content

[OIDC] Add (backend) validation for entered client config #15960

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tracked by #16862
AlexTugarev opened this issue Jan 23, 2023 · 1 comment
Closed
Tracked by #16862

[OIDC] Add (backend) validation for entered client config #15960

AlexTugarev opened this issue Jan 23, 2023 · 1 comment
Assignees
@AlexTugarev
Labels
meta: stale This issue/PR is stale and will be closed soon

Comments

@AlexTugarev
Copy link
Member

AlexTugarev commented Jan 23, 2023
edited
Loading

There are several means to verify that the entered OIDC client config is actually usable:

  1. A reachability test for the issuer's URL should check if the backend services can actually work with the IdP. We learned several times that this is a common source of failure with different reasons, for instance: typo in URL, filtered by firewall, DNS quirks, etc.

  2. Testing clientID/clientSecret, can only be done by letting the installer use the OIDC flow themselves.

  3. Testing if OIDC discovery is supported, otherwise we need to fall back to full-fledged OIDC client configuration.
@AlexTugarev AlexTugarev converted this from a draft issue Jan 23, 2023
@AlexTugarev AlexTugarev mentioned this issue Jan 23, 2023
Closed
@AlexTugarev AlexTugarev self-assigned this Feb 9, 2023
@AlexTugarev AlexTugarev moved this from Scheduled to In Progress in 🍎 WebApp Team Feb 9, 2023
@AlexTugarev AlexTugarev mentioned this issue Feb 10, 2023
Merged
15 tasks
@geropl geropl mentioned this issue Mar 15, 2023
Closed
@stale
Copy link

stale bot commented May 22, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the meta: stale This issue/PR is stale and will be closed soon label May 22, 2023
@stale stale bot closed this as completed Jun 11, 2023
@github-project-automation github-project-automation bot moved this from In Progress to In Validation in 🍎 WebApp Team Jun 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AlexTugarev AlexTugarev

Labels
meta: stale This issue/PR is stale and will be closed soon
Projects
🍎 WebApp Team
Status: In Validation
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AlexTugarev