Skip to content

[oidc] Setup db #15305

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 13, 2022
Merged

[oidc] Setup db #15305

merged 1 commit into from
Dec 13, 2022

Conversation

easyCZ
Copy link
Member

@easyCZ easyCZ commented Dec 12, 2022
edited
Loading

Description

Initial db setup for OIDC Client Config

Related Issue(s)

How to test

Unit tests

Release Notes

NONE

Documentation

Werft options:

  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-large-vm
  • /werft with-integration-tests=all
    Valid options are all, workspace, webapp, ide, jetbrains, vscode, ssh

@easyCZ easyCZ marked this pull request as ready for review December 12, 2022 13:39
@easyCZ easyCZ requested a review from a team December 12, 2022 13:39
@github-actions github-actions bot added the team: webapp Issue belongs to the WebApp team label Dec 12, 2022
svenefftinge
svenefftinge reviewed Dec 13, 2022
View reviewed changes
components/gitpod-db/go/oidc_client_config.go

Issuer string `gorm:"column:issuer;type:char;size:255;" json:"issuer"`

Data datatypes.JSON `gorm:"column:data;type:text;size:65535" json:"data"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the idea to store common properties such as ClientID, ClientSecret, RedirectURL` in the generic JSON structure? Also wouldn't we need to look up entries by domain?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Issuer is the domain, as per the oidc spec

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, for now we're storing them as json

svenefftinge
svenefftinge reviewed Dec 13, 2022
View reviewed changes
components/gitpod-db/go/oidc_client_config.go
type OIDCClientConfig struct {
ID uuid.UUID `gorm:"primary_key;column:id;type:char;size:36;" json:"id"`

Issuer string `gorm:"column:issuer;type:char;size:255;" json:"issuer"`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what is the issuer referring to? a user?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the issuer as per the OIDC spec. It can be google for @google.com domains, but other one also.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Issuer (URL) is the ID of a IdP. That's also what is used to associate and validate the ID-tokens.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it Issuer or Issuer Identifier?
From the spec

Issuer
Entity that issues a set of Claims.

Issuer Identifier
Verifiable Identifier for an Issuer. An Issuer Identifier is a case sensitive URL using the https scheme that contains scheme, host, and optionally, port number and path components and no query or fragment components.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is the Issuer Identifier indeed. But it's shortened to simple Issuer (or even iss when talking about claims) in the details of implementation.

So, the issuer is actually an entity, but on the API level we're naming the URL as such.

@easyCZ easyCZ requested review from svenefftinge and a team December 13, 2022 09:26
@roboquat roboquat merged commit 620b0fa into main Dec 13, 2022
@roboquat roboquat deleted the mp/oidc-db branch December 13, 2022 14:14
@roboquat roboquat added deployed: webapp Meta team change is running in production deployed Change is completely running in production labels Dec 14, 2022
@AlexTugarev AlexTugarev mentioned this pull request Dec 15, 2022
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@AlexTugarev AlexTugarev AlexTugarev approved these changes

@svenefftinge svenefftinge Awaiting requested review from svenefftinge

Assignees
No one assigned
Labels
deployed: webapp Meta team change is running in production deployed Change is completely running in production release-note-none size/L team: webapp Issue belongs to the WebApp team
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@easyCZ @svenefftinge @AlexTugarev @roboquat