Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upstream OAuth 2.0 providers: Support signed userinfo and customising the expected id_token signature algorithm #3664

Merged
merged 6 commits into from
Dec 17, 2024
Merged

Upstream OAuth 2.0 providers: Support signed userinfo and customising the expected id_token signature algorithm #3664

merged 6 commits into from
Dec 17, 2024
+338 −131

Conversation

MatMaul
Copy link
Contributor

@MatMaul MatMaul commented Dec 12, 2024
edited
Loading

Add options to upstream OAuth config to specify the expected signing algorithm for the endpoint JWT responses.

@MatMaul MatMaul force-pushed the add-response-alg-param branch 3 times, most recently from 9626af1 to 55c54d0 Compare December 12, 2024 14:00
@MatMaul MatMaul force-pushed the add-response-alg-param branch from 55c54d0 to 7c4f1de Compare December 12, 2024 14:04
sandhose
sandhose requested changes Dec 13, 2024
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this!

A few things to fix:

  • id_token_signed_response_alg shouldn't be optional, I haven't seen that specced anywhere
  • userinfo_signed_response_alg should default to None, as it's the most common case

@MatMaul MatMaul force-pushed the add-response-alg-param branch 3 times, most recently from c5ca149 to dbb5d42 Compare December 16, 2024 12:49
@MatMaul MatMaul force-pushed the add-response-alg-param branch from dbb5d42 to 59a5c8f Compare December 16, 2024 12:55
@MatMaul MatMaul requested a review from sandhose December 16, 2024 13:13
sandhose
sandhose requested changes Dec 17, 2024
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Almost there, just still would like to have the userinfo_signed_response_alg default to Option::None

@MatMaul
Address comments

Verified

This commit was signed with the committer’s verified signature.
aduh95 Antoine du Hamel
GPG key ID: 21D900FFDB233756
Verified
Learn about vigilant mode
5190f87
@MatMaul
Missing suggestion

Verified

This commit was signed with the committer’s verified signature.
tpoisseau tpoisseau
GPG key ID: 0C272CF03FEA3466
Verified
Learn about vigilant mode
fd000da
@MatMaul
clippy
04a0b02
@MatMaul
clippy

Verified

This commit was signed with the committer’s verified signature.
ruyadorno Ruy Adorno
SSH Key Fingerprint: a0Q53NsSfAvyr5XpYW4FsaImO56xcwvzQRhN/l9iWeM
Verified
Learn about vigilant mode
b604b51
@MatMaul MatMaul requested a review from sandhose December 17, 2024 10:25
sandhose
sandhose approved these changes Dec 17, 2024
View reviewed changes
Copy link
Member

@sandhose sandhose left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks a lot!

@sandhose sandhose merged commit 80903ed into element-hq:main Dec 17, 2024
18 checks passed
@sandhose sandhose changed the title Add id_token_signed_response_alg and userinfo_signed_response_alg Upstream OAuth 2.0 providers: Support signed userinfo and customising the expected id_token signature algorithm Jan 24, 2025
@sandhose sandhose added A-Upstream-OAuth Related to login via upstream OAuth 2.0 providers T-Enhancement New feature of request labels Jan 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sandhose sandhose

Assignees
No one assigned
Labels
A-Upstream-OAuth Related to login via upstream OAuth 2.0 providers T-Enhancement New feature of request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@MatMaul @sandhose