Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.15.x][ELY-2362] Add support for the bearer-only option when using the OIDC HTTP mechanism #1917

Merged
merged 12 commits into from Jun 14, 2023
Merged

[1.15.x][ELY-2362] Add support for the bearer-only option when using the OIDC HTTP mechanism #1917

merged 12 commits into from Jun 14, 2023

Conversation

fjuma
Copy link
Contributor

@fjuma fjuma commented Jun 13, 2023
edited

https://issues.redhat.com/browse/ELY-2362
https://issues.redhat.com/browse/JBEAP-24828

This PR backports the support for the bearer-only option along with other related bug fixes.

Upstream PRs:
#1735 (bearer-only support)
#1739 (Azure specific fixes)
#1829 (bearer-only fix)
#1671 (OIDC roles fix)

Related ELY issues:
https://issues.redhat.com/browse/ELY-2356
https://issues.redhat.com/browse/ELY-2357
https://issues.redhat.com/browse/ELY-2487
https://issues.redhat.com/browse/ELY-2303

fjuma and others added 12 commits June 8, 2023 10:51
@fjuma
[ELY-2362] Fix invalid configuration logic for bearer auth
cd2557e
@fjuma
[ELY-2362] Add support for the bearer-only option when using the OIDC…
0c62f94 
… HTTP mechanism
@fjuma
[ELY-2362] Add the ability to handle CORS preflight requests
01640ef
@fjuma
[ELY-2362] Ensure that a bearer token passed via an access_token quer…
201869a 
…y parameter can be processed appropriately
@fjuma
[ELY-2362] Add the ability to retrieve the bearer token using credent…
3fafb91 
…ials obtained from Basic auth
@fjuma
[ELY-2362] Return resource name if client-id hasn't been configured
875343a
@fjuma
[ELY-2362] Add tests for bearer-only authentication
38a29ce
@fjuma
[ELY-2362] Small fixes for bearer-only support
d4f222f
@fjuma
[ELY-2356] No need to sanitize the providerUrl
b32780c
@fjuma
[ELY-2357] Set the issuer URL for OIDC based on discovery
39d9716
@santoszv @fjuma
[ELY-2487] Misplaced invocation of isAutodetectedBearerOnly()
8931eed 
Method isAutodetectedBearerOnly() should be invoked after checking cached token.

Invoking isAutodetectedBearerOnly() early will break every AJAX request that relies on HTTP session. A clear example is JSF Partial Request, it will never send the header "Authorization" neither the query parameter "auth". During the initial load of view the user was authenticated, then the token was stored in HTTP session, so, JSF Partial Request relies on HTTP session onwards.

https://issues.redhat.com/browse/ELY-2487
@reinhapa @fjuma
[ELY-2303] enables combined realm & resource roles
d541f51 
Signed-off-by: Patrick Reinhart <patrick@reini.net>
@fjuma fjuma requested review from Skyllarr and darranl June 13, 2023 21:59
@fjuma fjuma changed the title [ELY-2362] Add support for the bearer-only option when using the OIDC HTTP mechanism [1.15.x][ELY-2362] Add support for the bearer-only option when using the OIDC HTTP mechanism Jun 13, 2023
This was referenced Jun 13, 2023
Merged
Merged
@fjuma fjuma merged commit 6b6eee9 into wildfly-security:1.15.x Jun 14, 2023
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darranl darranl darranl approved these changes

@Skyllarr Skyllarr Skyllarr approved these changes

Assignees
No one assigned
Labels
Maintenance
Projects
None yet
Milestone
No milestone
5 participants
@fjuma @darranl @Skyllarr @santoszv @reinhapa