Page MenuHomeSoftware Heritage

auth/backends: Simplify and improve OIDC authentication
ClosedPublic

Authored by anlambert on Mar 25 2020, 1:59 PM.

Details

Summary

While working on T2267, I noticed a couple of improvements could be added to the
OIDC auth backend implementation:

  • there is no need to query the userinfo endpoint of the OIDC server when authenticating as those information can also be found in the decoded access token
  • use a more reliable access token expiration date (use exp timestamp in decoded token)
  • check groups claim is present in decoded token before trying to read it

Diff Detail

Repository
rDWAPPS Web applications
Branch
oidc-auth-backend-improvements
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 11327
Build 17131: Cypress tests for swh-web diffsJenkins
Build 17130: tox-on-jenkinsJenkins
Build 17129: arc lint + arc unit

Event Timeline

Update some comments and docstrings.

This revision is now accepted and ready to land.Mar 26 2020, 7:07 PM

Update: Check groups claim is present in decoded token before trying to read it.