product-is
product-is copied to clipboard
Published
20 hours ago •
wso2
wso2
Improve DPoP to support specification
OAuth 2.0 Demonstrating Proof of Possession (DPoP) specification has been published recently [1]. We already have a soluction which developed from the draft phase of the specification [2]. We need to imporve the code base according to the released specification,
- [ ] Identify the gaps with the draft spec and released specification
- [ ] Improve the code according to the released specification
[1] - https://www.rfc-editor.org/rfc/rfc9449.html [2] - https://github.com/wso2-extensions/identity-oauth-addons/tree/master/component/org.wso2.carbon.identity.dpop
Feb15 2024 (Thu)
- created issue : https://github.com/wso2/product-is/issues/19612 and made a PR addressing the issue
- PR : wso2-extensions/identity-oauth-addons/pull/120
Feb16 2024 (Fri)
- Made changes to the pull request : https://github.com/wso2-extensions/identity-oauth-addons/pull/120 to address the feedback received from a reviewer.
- Worked on the issue https://github.com/wso2/product-is/issues/19606).
Feb 19 2024 (Mon)
- Changes to PR : https://github.com/wso2-extensions/identity-oauth-addons/pull/120 regarding error handling,log improvements.
- Worked on the issue : https://github.com/wso2/product-is/issues/19606
Feb 20 2024 (Tue)
- Engaged in WSO2IS-7.0.0-RC1 testing
- Had the initial discussion on my project
- Meeting Notes - Support DPoP in WSO2 IS and Asgardeo
Feb 21 2024 (Wed)
- Worked on the issue : https://github.com/wso2/product-is/issues/19606 .
Feb 22 2024 (Thu)
- Engaged in WSO2IS-7.0.0-RC2 testing
Feb 26 2024 (Mon)
- Worked on the issue : https://github.com/wso2/product-is/issues/19606 .
- Started a competitor analysis for DPoP feature.
Feb 27 2024 (Tue)
-
Created a pull request for the issue : https://github.com/wso2/product-is/issues/19606. PR : https://github.com/wso2-extensions/identity-oauth-addons/pull/121
-
Worked on the competitor analysis.
Feb 28 2024 (Wed)
- Created a github issue regarding “ath claim” check in DPoP proof headers. Issue : https://github.com/wso2/product-is/issues/19887
- Created a pull request for the issue regarding “ath” claim. PR : https://github.com/wso2-extensions/identity-oauth-addons/pull/123
Feb 29 2024 (Thu)
- Created a github issue regarding the “authorization code binding” feature introduced in DPoP specification. Issue : https://github.com/wso2/product-is/issues/19913
- Worked on implementing the authorization code binding feature.
Mar 01 2024 (Fri)
- Made improvements in wso2-extensions/identity-oauth-addons to store dpop_jkt parameter in authorization request cache.
Mar 04 2024 (Mon)
- Further improvements related to stroring dpop_jkt parameter in cache
Mar 05 2024 (Tue)
- Worked on implementing logic to validate dpop_jkt against the DPoP proof header in the token request.
Mar 06 2024 (Wed)
- Discussed about possible approaches for storing dpop_jkt in db and filtering out multiple DPoP headers, at the weekly sync up.
- Made some Improvemet regarding the dpop_jkt validation.
Mar 07 2024 (Thu)
- Finished the implementation of dpop_jkt validation logic.
- Implemented logic to check if DPoP is enabled for a certain client.
Mar 08 2024 (Fri)
Mar 11 2024 (Mon)
Mar 12 2024 (Tue)
Mar 13 2024 (Wed)
- Found a issue regarding selecting the correct token validator for DPoP type JWT access tokens.
- Created a PR for the issue. PR : https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/2406
Mar 14 2024 (Thu)
- Started working on extending Authorization Code Binding mechanism for PAR requests.
- Identified the improvements that needs to be done in the existing PAR flow.
Mar 15 2024 (Fri)
- Faced an issue regarding validating DPoP headers which are sent with PAR requests.
- Discussed and agreed on a solution for the DPoP header validation issue.
Mar 25 2024 (Mon)
Mar 26 2024 (Tue)
Mar 27 2024 (Wed)
- Started implementing a post listener for authorization code issue.
- wso2-extensions/identity-inbound-auth-oauth/pull/2407/commits/045133e95c53a1b380cfd5b428516e8fbeaa3d09
- wso2-extensions/identity-data-publisher-oauth/pull/108
Mar 28 2024 (Thu)
- Faced an issue where only the sessionDataKey parameter is passed on to the newly introduced post listener via authzReqDTO when the authorization request is an initial request.
- Fixed the issue by including the request parameters as a property in authzReqDTO.
- wso2-extensions/identity-inbound-auth-oauth/pull/2407/commits/2a8e764772e253a70a74c4a57ecbb00165bd9873
Mar 29 2024 (Fri)
- made changes to ensure the post listener for authorization code issue is triggered for all response types containing
codein it. - wso2-extensions/identity-inbound-auth-oauth/pull/2407/commits/94e8d4753969c50833a87d6f106cae9c44df1165
Apr 01 2024 (Mon)
- Introduced a post listener for authorization code issue.
- Implemented the introduced post listener interface in DPoP repository to validate
dpop_jktin authorization code binding - wso2-extensions/identity-oauth-addons/pull/127/commits/3b3d852095331d9371cd9bdc0ae9e6de1990f1fc
Apr 02 2024 (Tue)
- Introduced new cache for persisting
dpop_jktin cache. - implemented mechanism to store
dpop_jktat authorization request and validate thatdpop_jktafter retrieving it at the token request. - wso2-extensions/identity-oauth-addons/pull/127/commits/a2340a0a174b4c49c6e6204fdff78e30f147ac1e
Apr 03 2024 (Wed)
- Started implementing DB persistence for
dpop_jkt. - Introduced a new table for storing
dpop_jktand implemented logic to persist and retrievedpop_jktin DB - wso2-extensions/identity-oauth-addons/pull/127/commits/fcfc6da50dbb62c6888f7cda0e4960e61544d9c3
Apr 04 2024 (Thu)
- Tested the implemented DB persistence mechanism using various DBs like
mysql,mssql,postgre,h2,db2.
Apr 05 2024 (Fri)
- Started implementig unit tests in dpop repository.
- Issue: https://github.com/wso2/product-is/issues/20139
We are tracking supporting DPoP OOTB via https://github.com/wso2/product-is/issues/20428