Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 21826: Initial data structures and metatype for OIDC Private Key JWT client authn #25079

Merged
merged 2 commits into from
Apr 24, 2023
Merged

Issue 21826: Initial data structures and metatype for OIDC Private Key JWT client authn #25079

merged 2 commits into from
Apr 24, 2023

Conversation

ayoho
Copy link
Member

@ayoho ayoho commented Apr 21, 2023

  • Adds a private_key_jwt option to the tokenEndpointAuthMethod attributes in <openidConnectClient> and <oidcLogin>. **Note: ** This is still strictly beta-level code and remains incomplete.
  • Adds a new PrivateKeyJwtAuthMethod class to encapsulate the logic for creating JWTs to use for client authentication.

For #21826

@ayoho ayoho self-assigned this Apr 21, 2023
@ayoho
Copy link
Member Author

ayoho commented Apr 21, 2023

#build
#spawn.fullfat.buckets=com.ibm.ws.security.oauth_fat,com.ibm.ws.security.oidc.client_fat.1,com.ibm.ws.security.oidc.client_fat.2,com.ibm.ws.security.oidc.client_fat.backchannelLogout,com.ibm.ws.security.oidc.client_fat.backchannelLogout.saml,com.ibm.ws.security.oidc.client_fat.claimPropagation,com.ibm.ws.security.oidc.client_fat.jaxrs,com.ibm.ws.security.oidc.client_fat.spnego,com.ibm.ws.security.oidc.server_fat,com.ibm.ws.security.oidc.server_fat.backchannelLogout,com.ibm.ws.security.oidc.server_fat.jaxrs.config.commonTest,com.ibm.ws.security.oidc.server_fat.jaxrs.config.noOP,com.ibm.ws.security.oidc.server_fat.jaxrs.config.oauth,com.ibm.ws.security.oidc.server_fat.jaxrs.config.oidc,com.ibm.ws.security.oidc.server_fat.oidc,com.ibm.ws.security.social_fat,com.ibm.ws.security.social_fat.LibertyOP.1,com.ibm.ws.security.social_fat.LibertyOP.2,com.ibm.ws.security.social_fat.LibertyOP.backchannelLogout,com.ibm.ws.security.social_fat.LibertyOP.claimPropagation,com.ibm.ws.security.social_fat.OpenShift,com.ibm.ws.security.social_fat.delegated,com.ibm.ws.security.social_fat.multiProvider,com.ibm.ws.security.social_fat.okdServiceLogin,io.openliberty.security.jakartasec.3.0.internal_fat,io.openliberty.security.jakartasec.3.0.internal_fat.config.1,io.openliberty.security.jakartasec.3.0.internal_fat.config.2,io.openliberty.security.jakartasec.3.0.internal_fat.logout,io.openliberty.security.jakartasec.3.0.internal_fat.refresh

@LibbyBot
Copy link

Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_pTtmoOBcEe2OBOiL2tO6zA

Target locations of links might be accessible only to IBM employees.

jimmy1wu
jimmy1wu previously approved these changes Apr 21, 2023
View reviewed changes
@ayoho
Copy link
Member Author

ayoho commented Apr 21, 2023

#libby
#build
#spawn.fullfat.buckets=com.ibm.ws.security.oauth_fat,com.ibm.ws.security.oidc.client_fat.1,com.ibm.ws.security.oidc.client_fat.2,com.ibm.ws.security.oidc.client_fat.backchannelLogout,com.ibm.ws.security.oidc.client_fat.backchannelLogout.saml,com.ibm.ws.security.oidc.client_fat.claimPropagation,com.ibm.ws.security.oidc.client_fat.jaxrs,com.ibm.ws.security.oidc.client_fat.spnego,com.ibm.ws.security.oidc.server_fat,com.ibm.ws.security.oidc.server_fat.backchannelLogout,com.ibm.ws.security.oidc.server_fat.jaxrs.config.commonTest,com.ibm.ws.security.oidc.server_fat.jaxrs.config.noOP,com.ibm.ws.security.oidc.server_fat.jaxrs.config.oauth,com.ibm.ws.security.oidc.server_fat.jaxrs.config.oidc,com.ibm.ws.security.oidc.server_fat.oidc,com.ibm.ws.security.social_fat,com.ibm.ws.security.social_fat.LibertyOP.1,com.ibm.ws.security.social_fat.LibertyOP.2,com.ibm.ws.security.social_fat.LibertyOP.backchannelLogout,com.ibm.ws.security.social_fat.LibertyOP.claimPropagation,com.ibm.ws.security.social_fat.OpenShift,com.ibm.ws.security.social_fat.delegated,com.ibm.ws.security.social_fat.multiProvider,com.ibm.ws.security.social_fat.okdServiceLogin,io.openliberty.security.jakartasec.3.0.internal_fat,io.openliberty.security.jakartasec.3.0.internal_fat.config.1,io.openliberty.security.jakartasec.3.0.internal_fat.config.2,io.openliberty.security.jakartasec.3.0.internal_fat.logout,io.openliberty.security.jakartasec.3.0.internal_fat.refresh

@LibbyBot
Copy link

Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_tCPhUOBxEe2OBOiL2tO6zA

Target locations of links might be accessible only to IBM employees.

@LibbyBot
Copy link

Code analysis and actions

DO NOT DELETE THIS COMMENT.

  • 11 product code files were changed.

  • Please describe in a separate comment how you tested your changes.

  • 2 NLS files were changed and need an ID review.

  • @OpenLiberty/message-reviewer Please review.

  • dev/com.ibm.ws.security.openidconnect.client/resources/OSGI-INF/l10n/metatype.properties

  • dev/com.ibm.ws.security.social/resources/OSGI-INF/l10n/metatype.properties

@LibbyBot
Copy link

The build ayoho-25079-20230421-1253
https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_tCPhUOBxEe2OBOiL2tO6zA
completed and has errors or failures.

For help analyzing your personal build, go to https://cognitive.hursley.ibm.com/buildAnalysis.html?uuid=_tCPhUOBxEe2OBOiL2tO6zA

@ayoho ayoho merged commit 063297b into OpenLiberty:integration Apr 24, 2023
@ayoho ayoho deleted the 21826-oidcPrivateKeyJwt-1 branch April 24, 2023 13:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jimmy1wu jimmy1wu jimmy1wu approved these changes

@arunavemulapalli arunavemulapalli arunavemulapalli approved these changes

Assignees

@ayoho ayoho

Labels
CLA Signed team:Security SSO
Projects
Security SSO
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ayoho @LibbyBot @arunavemulapalli @jimmy1wu