New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify callback URL options; remove path
, protocol
, and host
.
#214
Conversation
Just a few thoughts about this pending breaking change. IMHO breaking change could be that this code block along with related configuration options would be removed completely: Lines 145 to 158 in 7bf1593
Now there is unnecessary "complexity" even though at the end of the day from library API point of view developer has to provide exactly same information ...
host: "mysite.local",
path: "/ACS",
protocol: "https",
... Option2 ...
callbackUrl: "https://mysite.local/ACS"
... Hard to see "added value" of multiple ways to configure exactly same information. I'm suggesting that Option2 would be way forward. ACS callback url configuration has been throughout the history a bit problematic due multiple ways to configure that information see e.g. discussion at those pull requests: https://github.com/node-saml/passport-saml/pulls?q=is%3Apr+callbackurl+is%3Aclosed Once there is exactly one way to configure it then solving this node-saml/passport-saml#509 would be easy because there would not be too many code paths to consider. I.e. it would be just matter of comparing
source: http://docs.oasis-open.org/security/saml/v2.0/saml-profiles-2.0-os.pdf Furthermore it seems that after passport-saml --> core node-saml split one problematic codepath was already removed because callbackUrl generation does not use values from node-saml/src/passport-saml/saml.ts Lines 219 to 227 in 0d983aa
(*) When SP is introduced to IdP (trust relationship is established) one has to configure to IdP a SP's ACS URL (i.e. |
I agree. So doing nothing here is also a reasonable option. As I understand, "localhost SSL certs" can be a pain and don't do much security. Using plain So I'd be in favor if either doing nothing or to taking @srd90's suggestion to simplify the code with a breaking change to how |
Codecov Report
@@ Coverage Diff @@
## master #214 +/- ##
==========================================
- Coverage 80.82% 80.54% -0.29%
==========================================
Files 11 11
Lines 824 812 -12
Branches 252 248 -4
==========================================
- Hits 666 654 -12
Misses 68 68
Partials 90 90
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
LGTM. |
@cjbarth maybe this #214 PR's title should be modified prior to node-saml v5 release because
|
path
, protocol
, and host
.
@srd90 , thanks for pointing this out. Change made. |
This should have been done in node-saml#214.
Description
Remove callback options
path
,protocol
, andhost
, use existingcallbackUrl
instead.Addresses node-saml/passport-saml#677 (comment)