Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: OIDC - Fetch JWK from providers #3137

Merged
merged 47 commits into from
Oct 19, 2023
Merged

feat: OIDC - Fetch JWK from providers #3137

merged 47 commits into from
Oct 19, 2023

Conversation

pablocarle
Copy link
Contributor

Description

This PR implements a mechanism and new properties in OIDC to configure JWK keys location (obtained according to documentation from the authorization server's metadata)

New properties:

  • apiml.security.oidc.jwks.uri: URL to the JWK keys endpoint.
  • apiml.security.oidc.jwks.refreshInternalHours: hours to refresh the JWK keys.

Type of change

  • feat: New feature (non-breaking change which adds functionality)

Checklist:

  • My code follows the style guidelines of this project
  • PR title conforms to commit message guideline ## Commit Message Structure Guideline
  • I have commented my code, particularly in hard-to-understand areas. In JS I did provide JSDoc
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • The java tests in the area I was working on leverage @nested annotations
  • Any dependent changes have been merged and published in downstream modules

Pablo Hernán Carle added 7 commits October 11, 2023 17:22
wip
dde34ce 
Signed-off-by: Pablo Hernán Carle <[email protected]>
fix test
4d6f1c2 
Signed-off-by: Pablo Hernán Carle <[email protected]>
add test for loading jwk
f1b413a 
Signed-off-by: Pablo Hernán Carle <[email protected]>
wip
5f905bd 
Signed-off-by: Pablo Hernán Carle <[email protected]>
update properties in integration tests
8110205 
Signed-off-by: Pablo Hernán Carle <[email protected]>
fix messages, add client_id parameter
387dd45 
Signed-off-by: Pablo Hernán Carle <[email protected]>
use secret
00b4fe7 
Signed-off-by: Pablo Hernán Carle <[email protected]>
@github-actions github-actions bot added the Sensitive Sensitive change that requires peer review label Oct 12, 2023
Shobhajayanna and others added 21 commits October 15, 2023 13:35
@Shobhajayanna
Merge branch 'v2.x.x' into reboot/feat/oidc-jwk
d0c3005
@Shobhajayanna
jwt token validation using jwkeys from the cache
941e4df
@Shobhajayanna
jwt token validation using jwkeys from the cache
03659b8
Merge remote-tracking branch 'origin/v2.x.x' into reboot/feat/oidc-jwk
944f691
wip expressions
ff263df 
Signed-off-by: Pablo Hernán Carle <[email protected]>
@Shobhajayanna
Merge branch 'v2.x.x' into reboot/feat/oidc-jwk
10f3349
updat implementation
4d79d38 
Signed-off-by: Pablo Hernán Carle <[email protected]>
remove unused methods and properties in test
ccc7cca 
Signed-off-by: Pablo Hernán Carle <[email protected]>
@Shobhajayanna
Removed introspectUrl reference
9a146d9
add new properties to start.sh
f415fac 
Signed-off-by: Pablo Hernán Carle <[email protected]>
wip tests
39e2d49 
Signed-off-by: Pablo Hernán Carle <[email protected]>
wip - unit tests pass
1e98d20 
Signed-off-by: Pablo Hernán Carle <[email protected]>
fix unit tests
96a5324 
Signed-off-by: Pablo Hernán Carle <[email protected]>
@Shobhajayanna
Merge branch 'v2.x.x' into reboot/feat/oidc-jwk
31b8816
value parameters not injected
aee119a 
Signed-off-by: Pablo Hernán Carle <[email protected]>
fix constructor in test
f0cf93a 
Signed-off-by: Pablo Hernán Carle <[email protected]>
wip fix init
459f864 
Signed-off-by: Pablo Hernán Carle <[email protected]>
wip fix init
223def9 
Signed-off-by: Pablo Hernán Carle <[email protected]>
@Shobhajayanna
wip ITs
ad3006b
@Shobhajayanna
wip ITs
b2504b8
@Shobhajayanna
wip ITs
6345411
wip fix startup
936db1d 
Signed-off-by: Pablo Hernán Carle <[email protected]>
Pablo Hernán Carle and others added 10 commits October 18, 2023 10:59
address comment
3a755c4 
Signed-off-by: Pablo Hernán Carle <[email protected]>
@pablocarle
Merge branch 'v2.x.x' into reboot/feat/oidc-jwk
9a2de70
add unit tests
dd2f59b 
Signed-off-by: Pablo Hernán Carle <[email protected]>
Merge branch 'reboot/feat/oidc-jwk' of https://github.com/zowe/api-layer
5285a6c 
 into reboot/feat/oidc-jwk
@Shobhajayanna
wip ITs check
cd76719 
Signed-off-by: sj895092 <[email protected]>
@Shobhajayanna
wip ITs check
e4fe5ab 
Signed-off-by: sj895092 <[email protected]>
logs
15bd340 
Signed-off-by: Pablo Hernán Carle <[email protected]>
previous implementation
bb45989 
Signed-off-by: Pablo Hernán Carle <[email protected]>
sonar
426ad5a 
Signed-off-by: Pablo Hernán Carle <[email protected]>
@Shobhajayanna
Merge branch 'v2.x.x' into reboot/feat/oidc-jwk
b9554be
Pablo Hernán Carle added 2 commits October 18, 2023 13:53
restore deleted log
d8abecb 
Signed-off-by: Pablo Hernán Carle <[email protected]>
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

92.4% 92.4% Coverage
0.0% 0.0% Duplication

warning The version of Java (11.0.21) you have used to run this analysis is deprecated and we will stop accepting it soon. Please update to at least Java 17.
Read more here

@pablocarle pablocarle merged commit b23bb8f into v2.x.x Oct 19, 2023
@delete-merged-branch delete-merged-branch bot deleted the reboot/feat/oidc-jwk branch October 19, 2023 15:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@achmelo achmelo achmelo approved these changes

@weinfurt weinfurt Awaiting requested review from weinfurt

@taban03 taban03 Awaiting requested review from taban03

Assignees
No one assigned
Labels
Sensitive Sensitive change that requires peer review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pablocarle @achmelo @Shobhajayanna