fosite icon indicating copy to clipboard operation
fosite copied to clipboard

Published 20 hours ago verified publisher icon ory

feat: token exchange rfc8693 in impersonation mode

Open saxenautkarsh opened this issue 2 years ago • 7 comments

Related Issue or Design Document

Implemented rfc8693 token exchange for the impersonation flow as mentioned here. Sorry for coming back so late 🙇🏼

Checklist

  • [x] I have read the contributing guidelines and signed the CLA.
  • [x] I have referenced an issue containing the design document if my change introduces a new feature.
  • [x] I have read the security policy.
  • [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security vulnerability, I confirm that I got approval (please contact [email protected]) from the maintainers to push the changes.
  • [x] I have added tests that prove my fix is effective or that my feature works.
  • [ ] I have added the necessary documentation within the code base (if appropriate).

Further comments

saxenautkarsh avatar Dec 06 '22 19:12 saxenautkarsh

@aeneasr Sorry but is it possible to take a look at this PR?

saxenautkarsh avatar Jan 30 '23 05:01 saxenautkarsh

@saxenautkarsh I have taken elements of what you have in this PR and incorporated this in a PR that contains support for more token types and also adds delegation. Would you be willing to collaborate? I have the PR here if you would like to take a look - https://github.com/vivshankar/fosite/pull/1. It is missing quite a few tests and I am not too happy currently with the JWT validation approach for the custom JWT type.

vivshankar avatar May 30 '23 16:05 vivshankar

@aeneasr hi! Thanks for the interesting framework fosite! I'm enjoying creating IdPs as a hobby now, and I found this PR when I had the idea to combine GitHub Actions with token-exchange. What do you think about this PR?

oh, I tried this patch set, I found outdated part. e.g. CanHandleTokenEndpointRequest signature has ctx as 1st argument now. Please let me know if there is anything I can do to help.

vvakame avatar Nov 02 '23 13:11 vvakame

So what is the status of this? Work moved to https://github.com/vivshankar/fosite/pull/1?

mitar avatar Feb 15 '24 08:02 mitar

Given I heard nothing back from the original author, I did not advance this. You can however find an implementation in https://github.com/vivshankar/fosite/tree/v0.44.x.

vivshankar avatar Feb 15 '24 13:02 vivshankar

@mitar Actually I didn't port the code into my fosite fork for token exchange. I have both impersonation and delegation written for a variety of different token types, including the device_secret as an actor token for native app SSO spec (draft). It runs in two of the products I work on and is used in different scenarios in production deployments. If there's interest, I am happy to invest the time to port this into my fork first and then create a PR here.

I just wanted to make sure @saxenautkarsh was in the loop given he started this work here.

I will defer to @aeneasr on how he would like to proceed.

vivshankar avatar Feb 17 '24 03:02 vivshankar

@vivshankar Thanks a tonne for your continued interest in this. Sorry I have been off from here for so long. Since creating this PR, I have moved jobs and changed the dev domain. But I would like to help finish this.

If there's interest, I am happy to invest the time to port this into my fork first and then create a PR here.

Sure. I am happy if this helps in your development and would like to help in any way I can. I now have some spare time over the weekends.

saxenautkarsh avatar Feb 21 '24 14:02 saxenautkarsh