boundary icon indicating copy to clipboard operation
boundary copied to clipboard

Published 20 hours ago verified publisher icon hashicorp

feat: Add support for capturing URL actions in request info

Open elimt opened this issue 6 months ago • 0 comments

Auth methods that do not support :callback were successfully authenticating with a token returned. This change prevents that behaviour

  • Pass request context to services to validate actions.
  • Validate actions for auth methods during authentication. /v1/auth-methods/{{AUTH_METHOD_ID}}:authenticate:callback is currently only supported on OIDC auth methods. An error is thrown if :callback is not supported An error is thrown if not supported:
curl --location 'http://127.0.0.1:9200/v1/auth-methods/ampw_1234567890:authenticate:callback' \
--header 'Content-Type: application/json' \
--data '{
    "attributes": {
        "login_name": "admin",
        "password": "password"
    },
    "command": "login"
}'

{
    "kind": "InvalidArgument",
    "message": "Invalid fields provided in request.",
    "details": {
        "request_fields": [
            {
                "name": "request_path",
                "description": "callback is not a valid action for this auth method."
            }
        ]
    }
}

elimt avatar Aug 26 '24 15:08 elimt