Add oidc scope configuration option #5926

carlesarnal · 2025-01-28T12:05:17Z

No description provided.

apicurio-bot · 2025-01-28T12:05:23Z

Thank you for creating a pull request!

Pinging @EricWittmann to respond or triage.

EricWittmann

LGTM but how does this fix the recent problem with 2.6.7?

carlesarnal · 2025-01-28T16:49:34Z

LGTM but how does this fix the recent problem with 2.6.7?

https://github.com/Apicurio/apicurio-registry/pull/5371/files#diff-144cc22e098ff9d7ee6b79ad7458306be98fd850a58c499a851d2bb30dbe812eL185 this changed oidc auth to use the access_token (which is right) but, for that to work in Entra ID, the scope has to include the client id so that it's added to the aud claim, so that when the backend validates it, it has been issued for the correct audience. It's a whole chain to have the expected aud claim when access_tokens are used.

Add oidc scope configuration option

e2b6914

apicurio-bot bot added the area/ui label Jan 28, 2025

carlesarnal added port-3.x Port from 2.x to 3.x and removed area/ui labels Jan 28, 2025

carlesarnal modified the milestones: 3.0.7, 2.6.x Jan 28, 2025

EricWittmann approved these changes Jan 28, 2025

View reviewed changes

EricWittmann merged commit c614964 into Apicurio:2.6.x Jan 28, 2025
19 checks passed

bf2robot mentioned this pull request Jan 31, 2025

chore(deps): update apicurio to v2.6.8.final bf2fc6cc711aee1a0c2a/e2e-test-suite#523

Open

1 task

Provide feedback