Roger Meier

icon indicating an email [email protected]

icon company Siemens icon location Greifensee, Zürich, Switzerland icon location Distinguished Engineer @siemens , Service Owner code.siemens.com , Open/Inner Source initiator and promoter, cross domain and discipline collaborator

Results 103 comments of Roger Meier

Add missing GitLab token patterns

new URL https://docs.gitlab.com/ee/security/tokens/index.html#token-prefixes also relevant: - https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-service/-/blob/main/lib/gitlab/secret_detection/core/gitleaks.toml?ref_type=heads - https://gitlab.com/gitlab-org/security-products/secret-detection/secret-detection-rules/-/blob/main/rules/mit/gitlab.toml?ref_type=heads

Problem using microsoft oauth2 as provider because of dynamic issuer

I never tested with common, only with a specific tenant. There you must use the tenant specific endpoints all over or set `discovery: true` to avoid the `client_options`, see https://docs.gitlab.com/ee/integration/azure.html

Problem using microsoft oauth2 as provider because of dynamic issuer

@FLX-0x00 I'm using this gem as part of GitLab since about a year with Entra ID and before with another IdP, works smooth. As [written above](https://github.com/omniauth/omniauth_openid_connect/issues/166#issuecomment-1831313214): `There you must use...

Problem using microsoft oauth2 as provider because of dynamic issuer

@felixstorm as I see within https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration the {tenantid} placeholder is used. So for this case please try with the config mentioned within the issue description or below, but set your...

Problem using microsoft oauth2 as provider because of dynamic issuer

ok, @felixstorm @FLX-0x00 I just verified and it works smooth. Here is the config I used to verify within my gdk: ```yaml - { name: "openid_connect_aad", label: "Microsoft Entra ID",...

Problem using microsoft oauth2 as provider because of dynamic issuer

@felixstorm I just had a personal account and one from the tenant to test. Could you maybe share the id_token received for both use-cases? Maybe we must tweak https://github.com/omniauth/omniauth_openid_connect/blob/master/lib/omniauth/strategies/openid_connect.rb#L470 as...

Problem using microsoft oauth2 as provider because of dynamic issuer

@felixstorm maybe add a `pp(id_token)` at https://github.com/omniauth/omniauth_openid_connect/blob/master/lib/omniauth/strategies/openid_connect.rb#L473 , and provide `aud` and `iss` fields you see there. I guess we need another verification mechanism there for the common provider.

Problem using microsoft oauth2 as provider because of dynamic issuer

@felixstorm thanks for the details! Could you please set the new option `audience` introduced with #179 and maybe uncomment https://github.com/omniauth/omniauth_openid_connect/blob/master/lib/omniauth/strategies/openid_connect.rb#L475 to ignore the issuer for a quick test. If that...

Problem using microsoft oauth2 as provider because of dynamic issuer

There is an issuer check: https://github.com/nov/openid_connect/blob/main/lib/openid_connect/response_object/id_token.rb#L26 so either pass the issuer we received to ignore it or add a list of valid issuers as config options should do the trick

Problem using microsoft oauth2 as provider because of dynamic issuer

see also https://github.com/nov/openid_connect/issues/95