mwdb-core icon indicating copy to clipboard operation
mwdb-core copied to clipboard

Published 20 hours ago verified publisher icon CERT-Polska

Feature/discover endpoint OIDC

Open Repumba opened this issue 2 years ago • 1 comments

Your checklist for this pull request

  • [X] I've read the contributing guideline.
  • [X] I've tested my changes by building and running the project, and testing changed functionality (if applicable)
  • [ ] I've added automated tests for my change (if applicable, optional)
  • [ ] I've updated documentation to reflect my change (if applicable)

What is the current behaviour?

You have to manually fill every field while adding new OAuth provider

What is the new behaviour?

You can input only discovery endpoint and get information about other endpoints automatically.

Test plan

Manual tests

Closing issues

Repumba avatar Feb 16 '23 14:02 Repumba

If you want to test it with keycloak from docker-compose-oidc-dev.yml, use http://keycloak:8080/realms/mwdb-oidc-dev/.well-known/openid-configuration as discovery endpoint

Repumba avatar May 09 '23 11:05 Repumba

I thought about reviving this PR but there are significant issues:

  • It provides an ability to send arbitrary GET request from the server. In addition, any JSON-like response will be sent back to user as "pure". We also don't check if user is an administrator. This is pretty serious security issue.
  • Changes in authentication methods (None, None) that are out of scope for this PR

psrok1 avatar Aug 19 '24 15:08 psrok1