GUACAMOLE-2258 : OpenID code flow, client secret and PKCE#1219
Open
adb014 wants to merge 20 commits into
Open
Conversation
…lient secret and with or without pkce
… PKCE removing the need for local REST redirect and callback function
- Add openid-well-known-endpoint and treat it to automatically find the : * issuer, * authorization_endpoint, * token_endpoint, * jwks_uri - Replace openid-flow-type with openid-response-type - Use an Enum for openid-response-type to limit to the values 'id_token', 'token' or 'code' - Treat the response type as an implicit flow type allowing use of AWS Cognito
- Remove unused configuration getter functions - Combine and simplify validateCode and validateToken - Style fixes - More JsDoc comments and consistent JsDoc style of comment blocks - IOException and not GuacamoleException of URLreader function
…et.http.HttpClient, make the outboud url connection asynchronous
…fier-validity for consistency with openid-max-nonce-validity. Clarification in the comments.
- Style fixes - Comment more code - Use environment.getProperty to set default values rather than local code - Add a latch to getters of well-known endpoint so that they stall rather than incorrectly returning null
The OpenID core specification notes the nonce as optional for code flow, but recommended to reduce the risk of replay attacks. So include the nonce with code flow as well.
- Allow store the full URI in RequestDetails - Add methods to get/set originalURI in AuthenticatedUser and derived classes - Set the originalURI in JDBC base class - Promote session manager to base SSO class; Use it to store the originalURI in openid - Allow redirection to be stored in GuacamoleSession iff new login - Store the redirection in the GuacamoleSession the AuthenticationService - If redirection set in GuacamoleSession pass it back on the /api/tokens REST endpoint - In the javascript in the redirection is set on the /api/tokens endpoint, redirect after authentication
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
CoPilot mistakenly lead me to believe I could create a new branch with my commits that were on my "main" branch without closing my existing pull request. Please refer to the conversation in #1198 for the discussion of this pull request.. Sorry to have lost the conversation