Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Oidc refresh #752

Merged
merged 5 commits into from Aug 12, 2021
Merged

Oidc refresh #752

merged 5 commits into from Aug 12, 2021

Conversation

nsklikas
Copy link
Contributor

Fixes #751

This PR adds support for refreshing ID Tokens.

This PR breaks backwards compatibility with RefreshTokenGrant modifiers. If this is a problem, I could change the RefreshTokenGrant modifiers only for OIDC in order to remain backwards compatible.

JonathanHuot
JonathanHuot reviewed Apr 2, 2021
View reviewed changes
Copy link
Member

@JonathanHuot JonathanHuot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can you check & update the documentation generated for oidc please ?

tox -e docs

https://oauthlib.readthedocs.io/en/latest/oauth2/oidc.html#

oauthlib/openid/connect/core/grant_types/refresh_token.py Outdated Show resolved Hide resolved
@thedrow thedrow added Feature OIDC OpenID Connect labels Apr 7, 2021
@zzzevaka
Copy link

Hello! I am making the same functional in my own project and faced with a little problem.

An attribute request.client_id is used in add_id_token, but request.client_id is not set if using client_secret_basic authentication rather than client_secret_post.

I suggest to make modification in add_id_token in this PR:

- id_token['aud'] = request.client_id
+ id_token['aud'] = request.client_id or request.client.client_id

@nsklikas
Copy link
Contributor Author

nsklikas commented Apr 21, 2021
edited

You are correct, this seems like a bug. But I don't think this is the right PR to fix this, unless @JonathanHuot thinks otherwise.

@nsklikas
Copy link
Contributor Author

Any news on this?

@JonathanHuot
Copy link
Member

Hi @zzzevaka , a new PR seems more appropriate for your fix.
@nsklikas , changes are required to support both oauth2 & OIDC provider ; can you have a look please ?
Thanks!

@nsklikas
Copy link
Contributor Author

nsklikas commented Jun 1, 2021

It's not clear to me what changes are required, can you please elaborate?

@JonathanHuot
Copy link
Member

Depending the AS implementation, the id_token can be refreshed :

  1. never
  2. always
  3. depending id_token parameter, like auth_time, or exp of id_token

I see that 1) and 2) can be implemented with the boolean, but not 3). I was wondering if it is possible to implement to support 3) as well.
Maybe if we add a RequestValidator method?
Any thoughts anyone ?

@nsklikas
Copy link
Contributor Author

nsklikas commented Jun 2, 2021

Yea, that makes sense. Moving it to the validator provides more flexibility.

I removed the class variable

@nsklikas
Copy link
Contributor Author

I think it should be fine now.

@nsklikas
Copy link
Contributor Author

Any changes needed?

@JonathanHuot JonathanHuot added this to the 3.2.0 milestone Aug 12, 2021
@JonathanHuot
Copy link
Member

LGTM Thanks for the feature!

@JonathanHuot JonathanHuot merged commit 555e3b0 into oauthlib:master Aug 12, 2021
@burkel24 burkel24 mentioned this pull request Aug 19, 2022
Closed
@burkel24 burkel24 mentioned this pull request Oct 5, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@auvipy auvipy auvipy approved these changes

@JonathanHuot JonathanHuot Awaiting requested review from JonathanHuot

Assignees
No one assigned
Labels
Feature OIDC OpenID Connect
Projects
None yet
Milestone
3.2.0
Development

Successfully merging this pull request may close these issues.

Refresh id tokens
5 participants
@nsklikas @zzzevaka @JonathanHuot @auvipy @thedrow