Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 (backend) gitlab oicd userinfo endpoint #232

Merged
merged 1 commit into from
Sep 23, 2024
Merged

🐛 (backend) gitlab oicd userinfo endpoint #232

merged 1 commit into from
Sep 23, 2024

Conversation

AntoLC
Copy link
Collaborator

@AntoLC AntoLC commented Sep 5, 2024
edited
Loading

Purpose

Gitlab oidc was failing.

It is failing because the userinfo endpoint can return 2 content types:

  • application/json
  • application/jwt

impress/src/backend/core/authentication/backends.py

Lines 45 to 51 in 53267c7

user_response = requests.get(
self.OIDC_OP_USER_ENDPOINT,
headers={"Authorization": f"Bearer {access_token}"},
verify=self.get_settings("OIDC_VERIFY_SSL", True),
timeout=self.get_settings("OIDC_TIMEOUT", None),
proxies=self.get_settings("OIDC_PROXY", None),
)

Gitlab oidc returns a json object, while Agent Connect oidc returns a jwt token.
We are adapting the authentication to handle both cases.

⚠️ The logout does not seem to work with the Gitlab oidc. I suggest we open an issue, maybe you will want to dig more on that @securitykernel ?

@AntoLC AntoLC self-assigned this Sep 5, 2024
@AntoLC AntoLC requested review from sampaccoud, lebaudantoine and securitykernel and removed request for sampaccoud September 5, 2024 16:01
@AntoLC AntoLC added the backend label Sep 5, 2024
@AntoLC AntoLC changed the title 🛂(backend) oidc userinfo endpoint json format 🐛 (backend) gitlab oicd userinfo endpoint Sep 5, 2024
@AntoLC AntoLC force-pushed the feature/gitlab-oidc branch 2 times, most recently from 53267c7 to 4e94f5b Compare September 12, 2024 11:37
sampaccoud
sampaccoud approved these changes Sep 22, 2024
View reviewed changes
Copy link
Contributor

@sampaccoud sampaccoud left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I proposed a small simplification using the "responses" library that we have in dev dependencies. Otherwise GTM!

@AntoLC AntoLC force-pushed the feature/gitlab-oidc branch 3 times, most recently from 2b81fa7 to 5525774 Compare September 23, 2024 08:42
@AntoLC
🛂(backend) oidc userinfo endpoint json format
d22e510 
The userinfo endpoint can return 2 content types:
- application/json
- application/jwt

Gitlab oidc returns a json object, while
Agent Connect oidc returns a jwt token.
We are adapting the authentication to handle both cases.
@AntoLC AntoLC merged commit 9388c8f into main Sep 23, 2024
15 of 16 checks passed
@AntoLC AntoLC deleted the feature/gitlab-oidc branch September 23, 2024 08:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sampaccoud sampaccoud sampaccoud approved these changes

@lebaudantoine lebaudantoine Awaiting requested review from lebaudantoine

@securitykernel securitykernel Awaiting requested review from securitykernel

Assignees

@AntoLC AntoLC

Labels
backend
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@AntoLC @sampaccoud