Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce Authorization Server bound to the RS as per new solid-oidc #27

Open
damooo opened this issue Oct 12, 2023 · 1 comment
Open

Introduce Authorization Server bound to the RS as per new solid-oidc #27

damooo opened this issue Oct 12, 2023 · 1 comment
Labels
scope:manas_authentication scope:solid_oidc
Milestone
V0.3

Comments

@damooo
Copy link
Contributor

damooo commented Oct 12, 2023
edited
Loading

Blocked due to client support as in inrupt/solid-client-authn-js#3181

Also must prune following temporary adjustments, that were introduced for client support.

  1. ath claim in dpop proofs must be mandatory. and following temp-fix must be resolved.

    manas/fcrates/dpop/src/proof/validated.rs

    Lines 118 to 125 in bef113e

    let decoded_ath = decoded_claims
    .ath
    .as_ref()
    // TODO MUST remove following feature and block.
    .or_else(|| cfg!(feature = "unsafe-optional-ath-claim").then_some(&ath))
    .ok_or(InvalidDPoPProof::AthClaimMismatch)?;
  2. azp claimis currenly (de)serialized as client_id for ecosystem interoperability.

    manas/fcrates/solid_oidc_types/src/id_token/payload.rs

    Lines 23 to 28 in bef113e

    /// Authorized party.
    #[serde(alias = "client_id")]
    pub azp: String,
    /// Audience.
  3. aud claim currently accepts single value too.

    manas/fcrates/solid_oidc_types/src/id_token/payload.rs

    Lines 27 to 33 in bef113e

    /// Audience.
    // NOTE: for NSS idp compat, allows deserializing from a string.
    // TODO remove special handling.
    #[serde(deserialize_with = "string_or_vec")]
    pub aud: Vec<String>,

Once solid-client follows the spec, and solidos follows, these changes will be merged.
@damooo
Copy link
Contributor Author

damooo commented Oct 12, 2023
edited
Loading

See also: CommunitySolidServer/CommunitySolidServer#1154
inrupt/solid-client-authn-js#3184

@damooo damooo added duplicate This issue or pull request already exists scope:manas_authentication scope:solid_oidc and removed duplicate This issue or pull request already exists labels Oct 12, 2023
@damooo damooo added this to the V0.3 milestone Oct 12, 2023
@damooo damooo mentioned this issue Oct 12, 2023
Open
3 tasks
@damooo damooo changed the title Introduce Authorization Server bound to the Resource Server as per new solid-oidc Introduce Authorization Server bound to the RS as per new solid-oidc Oct 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
scope:manas_authentication scope:solid_oidc
Projects
None yet
Milestone
V0.3
Development

No branches or pull requests
1 participant
@damooo