Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add acr_values support for OIDC #2418

Merged
merged 1 commit into from
Mar 8, 2022
Merged

Add acr_values support for OIDC #2418

merged 1 commit into from
Mar 8, 2022

Conversation

dirien
Copy link
Contributor

@dirien dirien commented Feb 22, 2022

Overview

What this PR does / why we need it

This PR adds acr_values support for the OIDC connection
Fixes: #2417

Special notes for your reviewer

Does this PR introduce a user-facing change?

yes, a new non-mandatory field is introduced called acrValues in the config of the OIDC connection

@dirien
Copy link
Contributor Author

dirien commented Feb 22, 2022

Created a PR for the website too -> dexidp/website#110

looking for your feedback!

@nabokihms nabokihms self-requested a review March 3, 2022 18:29
nabokihms
nabokihms requested changes Mar 3, 2022
View reviewed changes
Copy link
Member

@nabokihms nabokihms left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello there! First of all, thank you for the PR. I have a couple of suggestions. Please look through the, when you have time.

  1. Because RFC states that

    act_values is a space-separated string that specifies the acr values

    Let's use the same structure for the acrValues config option for scopes - a slice of strings.

  2. In the Open method of the connector, compose the values of the slice into a single string.

  3. What do you think about validating the acr_values_supported received from the discovery OIDC enpoint before sending a request or event on connector creation? Does it seem to be a good feature, or is it just a complication without benefits?

connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Outdated Show resolved Hide resolved
connector/oidc/oidc.go Show resolved Hide resolved
@dirien
Copy link
Contributor Author

dirien commented Mar 5, 2022

Hi @nabokihms,

thanks for the feedback! I changed your suggestions in the code.

What do you think about validating the acr_values_supported received from the discovery OIDC enpoint before sending a request or event on connector creation? Does it seem to be a good feature, or is it just a complication without benefits?

I would create for this, if needed in the future a seperate issue. Our company well-known/openid-configuration does not return acr_values_supported. So I can't test it proberly.

Looking for your feedback.

@dirien dirien requested a review from nabokihms March 5, 2022 08:35
@dirien
Copy link
Contributor Author

dirien commented Mar 5, 2022

I updated the website too, as we have now a list instead a string

dexidp/website#110

@nabokihms nabokihms added this to the v2.32.0 milestone Mar 6, 2022
@nabokihms nabokihms merged commit cb9f0b5 into dexidp:master Mar 8, 2022
@dirien dirien deleted the acr_values branch March 8, 2022 07:44
@sagikazarmark sagikazarmark changed the title feat: Add acr_values support for OIDC Add acr_values support for OIDC Apr 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kaktor Kaktor Kaktor approved these changes

@nabokihms nabokihms nabokihms approved these changes

Assignees
No one assigned
Labels
area/connector kind/enhancement
Projects
None yet
Milestone
v2.32.0
Development

Successfully merging this pull request may close these issues.

Add acr_values support for OIDC
4 participants
@dirien @nabokihms @Kaktor @sagikazarmark