Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow more configuration over the OIDC flow #565

Merged
merged 1 commit into from
May 2, 2022
Merged

Allow more configuration over the OIDC flow #565

merged 1 commit into from
May 2, 2022

Conversation

apognu
Copy link
Contributor

@apognu apognu commented Apr 30, 2022

Adds knobs to configure three aspects of the OpenID Connect flow:

  • Custom scopes to override the default "openid profile email".
  • Custom parameters to be added to the Authorize Endpoint request.
  • Domain allowlisting for authenticated principals.
  • User allowlisting for authenticated principals.

@apognu
Copy link
Contributor Author

apognu commented Apr 30, 2022

Linting didn't pass because other files (not changed by this MR) were improperly formatted and I didn't want to touch them since they were out of scope for these specific changes. I can rebase once upstream is fixed.

@apognu apognu force-pushed the dev/oidc-custom-config branch 2 times, most recently from 5f46b00 to 68a0394 Compare April 30, 2022 12:06
kradalby
kradalby reviewed May 1, 2022
View reviewed changes
Copy link
Collaborator

@kradalby kradalby left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks very reasonable, couple of questions :)

app.go
Comment on lines +122 to +125
Scope []string
ExtraParams map[string]string
AllowedDomains []string
AllowedUsers []string
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This question is rooted in my lack of knowledge of naming conventions for OIDC, is this the appropriate naming? (I dont doubt that it is, but maybe a link to the spec would be nice)

@apognu
Allow more configuration over the OIDC flow.
7cc58af 
Adds knobs to configure three aspects of the OpenID Connect flow:

 * Custom scopes to override the default "openid profile email".
 * Custom parameters to be added to the Authorize Endpoint request.
 * Domain allowlisting for authenticated principals.
 * User allowlisting for authenticated principals.
@apognu apognu force-pushed the dev/oidc-custom-config branch from 88d0af9 to 7cc58af Compare May 2, 2022 15:11
@apognu apognu requested a review from kradalby May 2, 2022 16:01
@kradalby kradalby merged commit fd452d5 into juanfont:main May 2, 2022
@apognu apognu mentioned this pull request May 3, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kradalby kradalby kradalby approved these changes

@juanfont juanfont Awaiting requested review from juanfont juanfont is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@apognu @kradalby