Page MenuHomeSoftware Heritage
Differential D2876

auth/backends: Simplify and improve OIDC authentication
ClosedPublic
Actions

Authored by anlambert on Mar 25 2020, 1:59 PM.

Details

Reviewers
ardumont
Group Reviewers
Reviewers
Commits
rDWAPPSd4446bcac766: auth/backends: Simplify and improve OIDC authentication
Summary

While working on T2267, I noticed a couple of improvements could be added to the
OIDC auth backend implementation:

  • there is no need to query the userinfo endpoint of the OIDC server when authenticating as those information can also be found in the decoded access token
  • use a more reliable access token expiration date (use exp timestamp in decoded token)
  • check groups claim is present in decoded token before trying to read it

Diff Detail

Repository
rDWAPPS Web applications
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

anlambert created this revision.Mar 25 2020, 1:59 PM
Herald added a reviewer: Reviewers. · View Herald TranscriptMar 25 2020, 1:59 PM
anlambert added a child revision: D2877: auth: Add OIDC session silent refresh middleware.Mar 25 2020, 2:04 PM
swh-public-ci added a comment.Mar 25 2020, 2:04 PM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/1030/ for more details.

anlambert updated this revision to Diff 10251.Mar 25 2020, 2:07 PM

Update some comments and docstrings.

swh-public-ci added a comment.Mar 25 2020, 2:09 PM

Build has FAILED

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/639/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/639/console

Harbormaster failed remote builds in B11327: Diff 10249!Mar 25 2020, 2:09 PM
swh-public-ci added a comment.Mar 25 2020, 2:13 PM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/1032/ for more details.

swh-public-ci added a comment.Mar 25 2020, 2:27 PM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/641/ for more details.

Harbormaster completed remote builds in B11329: Diff 10251.Mar 25 2020, 2:27 PM
ardumont accepted this revision.Mar 26 2020, 7:07 PM
ardumont added a subscriber: ardumont.

lgtm

This revision is now accepted and ready to land.Mar 26 2020, 7:07 PM
anlambert updated this revision to Diff 10304.Mar 26 2020, 9:35 PM

Update: Check groups claim is present in decoded token before trying to read it.

anlambert edited the summary of this revision. (Show Details)Mar 26 2020, 9:35 PM
swh-public-ci added a comment.Mar 26 2020, 9:39 PM

Build has FAILED

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/647/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/647/console

Harbormaster failed remote builds in B11385: Diff 10304!Mar 26 2020, 9:39 PM
swh-public-ci added a comment.Mar 26 2020, 9:40 PM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/1037/ for more details.

anlambert updated this revision to Diff 10323.Mar 27 2020, 10:33 AM

Rebase

swh-public-ci added a comment.Mar 27 2020, 10:37 AM

Build has FAILED

Link to build: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/649/
See console output for more information: https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/649/console

Harbormaster failed remote builds in B11403: Diff 10323!Mar 27 2020, 10:37 AM
swh-public-ci added a comment.Mar 27 2020, 10:39 AM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/tox/1039/ for more details.

swh-public-ci added a comment.Mar 27 2020, 11:09 AM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/651/ for more details.

swh-public-ci added a comment.Mar 27 2020, 11:50 AM

Build is green
See https://jenkins.softwareheritage.org/job/DWAPPS/job/cypress-diff/653/ for more details.

Harbormaster completed remote builds in B11403: Diff 10323.Mar 27 2020, 11:50 AM
Closed by commit rDWAPPSd4446bcac766: auth/backends: Simplify and improve OIDC authentication (authored by anlambert). · Explain WhyMar 27 2020, 12:27 PM
This revision was automatically updated to reflect the committed changes.
anlambert added a commit: rDWAPPSd4446bcac766: auth/backends: Simplify and improve OIDC authentication.
anlambert removed a child revision: D2877: auth: Add OIDC session silent refresh middleware.Mar 27 2020, 12:28 PM

Revision Contents
Changeset List

PathSize
swh/
web/
auth/
89 lines
6 lines
2 lines
tests/
auth/
10 lines
43 lines

Diff 10336

View Options

swh/web/auth/backends.py

Loading...
View Options

swh/web/auth/models.py

Loading...
View Options

swh/web/auth/views.py

Loading...
View Options

swh/web/tests/auth/keycloak_mock.py

Loading...
View Options

swh/web/tests/auth/test_backends.py

Loading...
About · Developer information · Legal