Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Added JWT Verification In token_auth #161

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
Open

Added JWT Verification In token_auth #161

wants to merge 12 commits into from

Conversation

infohash
Copy link
Contributor

@infohash infohash commented Jul 2, 2023
edited
Loading

Since token_auth was introduced, it has been using Token Introspection for JWT verification which is not required. As JWT can be verified in memory, token introspection has now become optional in token_auth and access_control and is only required for Opaque tokens.

Also addresses #158, audience is now optional to enforce, False by default to comply with the specs: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.3

OIDCAuthentication.introspect_token has been marked for deprecation because its functionality has been merged in token_auth.

@infohash infohash mentioned this pull request Jul 2, 2023
Open
@infohash infohash changed the title Added JWT Verification In token_auth In decorator Added JWT Verification In token_auth Jul 3, 2023
infohash added 6 commits July 6, 2023 15:14
@infohash
Squashed commit of the following:
e6db086 
commit 797aebc
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Thu Jul 6 15:13:48 2023 +0530

    Squashed commit of the following:

    commit b3b6104
    Author: Thore <ThoreKr@users.noreply.github.com>
    Date:   Wed Jul 5 14:07:29 2023 +0200

        Bump oic dependency to fix pydantic incompatibility (zamzterz#162)

        CZ-NIC/pyoidc#861 has been fixed in 1.6.1

    commit 1f3deea
    Author: Samuel Gulliksson <samuel.gulliksson@gmail.com>
    Date:   Mon Jun 26 10:45:39 2023 +0200

        Bump version: 3.13.0 → 3.14.0

    commit b275dee
    Author: Jason Ross <github@csfreak.com>
    Date:   Mon Jun 26 03:37:51 2023 -0500

        Add support for Python 3.11 (zamzterz#155)

        Upgrade pyoidc to1.6.0.

commit 1c715cf
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Sun Jul 2 23:21:53 2023 +0530

    Squashed commit of the following:

    commit 1f3deea
    Author: Samuel Gulliksson <samuel.gulliksson@gmail.com>
    Date:   Mon Jun 26 10:45:39 2023 +0200

        Bump version: 3.13.0 → 3.14.0

    commit b275dee
    Author: Jason Ross <github@csfreak.com>
    Date:   Mon Jun 26 03:37:51 2023 -0500

        Add support for Python 3.11 (zamzterz#155)

        Upgrade pyoidc to1.6.0.

commit 843bf83
Merge: 7b92922 b2fddcb
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Fri Jun 30 21:27:16 2023 +0530

    Merge remote-tracking branch 'upstream/main'

commit 7b92922
Merge: 7d50c3e 50a67f3
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Mon Jul 4 16:20:04 2022 +0530

    Merge remote-tracking branch 'upstream/main'

commit 7d50c3e
Merge: 4b092f3 7d126dd
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Mon Jun 6 00:27:40 2022 +0530

    Merge remote-tracking branch 'upstream/main'

commit 4b092f3
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Sun Jun 5 03:23:26 2022 +0530

    The full response should not be logged as it contains secret tokens

commit 6309cc9
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Sun Jun 5 03:19:30 2022 +0530

    renamed requests_session to client_settings

commit 3b3e50c
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Sun Jun 5 03:16:02 2022 +0530

    require pyoidc version 1.4.0

commit 05cc1cb
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Sun Jun 5 03:13:30 2022 +0530

    removed credentials from request_args (body)

commit 3f2a919
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Thu May 5 22:38:16 2022 +0530

    delegated provider discovery & added session persistence

commit cd4a4a6
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Sun Apr 24 22:52:55 2022 +0530

    Removed call to construct_TokenIntrospectionRequest

    construct_TokenIntrospectionRequest is internally called by do_token_introspection

commit 07b0c39
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Mon Apr 4 02:22:25 2022 +0530

    stateless refresh token request

    Addresses 132#discussion_r841226227

commit 42c0633
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Fri Apr 1 02:19:05 2022 +0530

    PyoidcFacade is intended to be stateless

    All data to be persisted is handled in layers above this (and finally ends up in Flask session).

commit 184827d
Author: infohash <46137868+infohash@users.noreply.github.com>
Date:   Sun Mar 27 16:36:48 2022 +0530

    delegated all requests to pyoidc library

    All requests for IdP are now entrusted to base library.
@infohash
Merge remote-tracking branch 'upstream/main' into feature/in-memory-j…
3342c19 
…wt-verification
@infohash
changed argument name to enforce_audience
71a9a89
@infohash
fixed tests
c670cb4
@infohash
Merge remote-tracking branch 'upstream/main' into feature/in-memory-j…
de3dae4 
…wt-verification
@infohash
Merge remote-tracking branch 'upstream/main' into feature/in-memory-j…
006f330 
…wt-verification
@santtu santtu mentioned this pull request Aug 21, 2023
Open
@infohash infohash mentioned this pull request Mar 12, 2024
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@infohash