Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle JWT tokens with oidc providers #1882

Merged
merged 30 commits into from
Oct 23, 2024
Merged

Handle JWT tokens with oidc providers #1882

merged 30 commits into from
Oct 23, 2024

Conversation

jsdt
Copy link
Contributor

@jsdt jsdt commented Oct 21, 2024
edited
Loading

Description of Changes

This handles JWT tokens from other providers, as long as they host an openid config and public keys.

Tokens with the issuer "localhost" will go through the older flow.

There are some things that should be improved in future PRs:

  1. This uses a global JWK cache. The cache should probably be tied to the NodeDelegate.
  2. This could use more logging and metrics around key fetching and failures.
  3. This is using forks of two jwt/jwk libraries, which we should replace longer term.

Expected complexity level and risk

  1. This doesn't change much aside from including more tokens that can be accepted.

Testing

This has unit tests that spin up a server hosting public keys to test fetching and validation.

@jsdt jsdt marked this pull request as ready for review October 23, 2024 01:12
@jsdt jsdt requested review from bfops and cloutiertyler October 23, 2024 01:12
gefjon
gefjon approved these changes Oct 23, 2024
View reviewed changes
Copy link
Contributor

@gefjon gefjon left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Needs rebase, fmt, clippy, insta and to pass tests, but I trust that you'll get all those things done. Code & logic looks completely reasonable.

cloutiertyler
cloutiertyler approved these changes Oct 23, 2024
View reviewed changes
Copy link
Contributor

@cloutiertyler cloutiertyler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This generally looks good to me. I would not block this from merging. However, I left several nit comments. Perhaps we can address them in another PR.

@jsdt jsdt enabled auto-merge October 23, 2024 05:07
@jsdt jsdt added this pull request to the merge queue Oct 23, 2024
Merged via the queue into master with commit 942fd8b Oct 23, 2024
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cloutiertyler cloutiertyler cloutiertyler approved these changes

@gefjon gefjon gefjon approved these changes

@bfops bfops Awaiting requested review from bfops

Assignees

@cloutiertyler cloutiertyler

Labels
release-rc1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jsdt @cloutiertyler @gefjon @bfops