Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BREAKING] feat/refactor/docs: multiple providers, large refactor, configurable ticking interval, fix for jwks endpoint has different host #99

Open
wants to merge 36 commits into
base: main
Choose a base branch
from

Conversation

antonengelhardt
Copy link
Owner

@antonengelhardt antonengelhardt commented Sep 5, 2024

Please describe your changes and why you made them

Multiple OpenID providers

  • the plugin can now be configured to use multiple providers for token issuing and validation
  • the discovery fetches all information from the configured providers, loads the jwks etc.
  • if there is more than one provider, then the user can select a provider to authenticate with on a dedicated page. this happens with a callback (_wasm-oidc-plugin/provider-selection?authorize_with_provider=wwu&return_to=lw), which then redirect to the authorization_endpoint, because otherwise we would not be able to know which server sent the code in the code callback.
  • if there is only one provider, the redirection will happen right away

Small features

Refactor & fixes

Does this PR introduce a breaking change?

Warning

This PR introduces a breaking change:
Please see envoy.yaml for the updated config structure

TODOs

Other information and Screenshots (if appropriate)

🤫 It has darkmode

Arc 2024-09-05 23 39 19

Screenshot-Arc-008756@2x

Linked

For #93

more to come

@antonengelhardt antonengelhardt added semver:minor Release in the next minor version feature New Feature or enhancement refactor Code refactoring docs Documentation labels Sep 5, 2024
@antonengelhardt antonengelhardt self-assigned this Sep 5, 2024
@antonengelhardt antonengelhardt force-pushed the mulitple-open-id-providers branch 2 times, most recently from e6806c9 to 0d882e9 Compare September 5, 2024 22:02
@antonengelhardt antonengelhardt linked an issue Sep 6, 2024 that may be closed by this pull request
@antonengelhardt antonengelhardt changed the title [BREAKING] feat/refactor/docs: multiple providers, large refactor [BREAKING] feat/refactor/docs: multiple providers, large refactor, configurable ticking interval, fix for jwks endpoint has different host Sep 9, 2024
@antonengelhardt antonengelhardt force-pushed the mulitple-open-id-providers branch 2 times, most recently from 80e497e to d94b6df Compare September 9, 2024 16:00
@antonengelhardt antonengelhardt force-pushed the mulitple-open-id-providers branch from 36c5896 to 818a32c Compare October 2, 2024 08:41
@antonengelhardt antonengelhardt force-pushed the mulitple-open-id-providers branch 3 times, most recently from eb3e9de to 17ac0f4 Compare October 17, 2024 15:37
* plugin can now have more than one oidc provider
* the discovery will load information from all providers
* user selects the provider on an auth page if there is >1 provider
* more logs
* more comments

TODO:
* error handling
* performance and linting
* large refactoring to file structure

This is just a POC!

THIS IS A BREAKING CHANGE!

Signed-off-by: Anton Engelhardt <[email protected]>
* add auth.rs for code flow
* rename cookies.rs to session.rs
* add pause.rs

Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
antonengelhardt and others added 26 commits November 4, 2024 18:28
Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
Signed-off-by: Anton Engelhardt <[email protected]>
this avoids problems with leftover cookie parts preventing decryption
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt antonengelhardt force-pushed the mulitple-open-id-providers branch from 55da665 to 9c4c076 Compare November 4, 2024 17:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
docs Documentation feature New Feature or enhancement refactor Code refactoring semver:minor Release in the next minor version
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Error IDs on Error Page & in Logs Logout Route to clear cookies Multiple OIDC providers
2 participants