Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: allow additional id token audiences #3616

Merged
merged 4 commits into from
Nov 13, 2023
Merged

feat: allow additional id token audiences #3616

merged 4 commits into from
Nov 13, 2023

Conversation

jonas-jonas
Copy link
Member

Fixes ory/network#343

Related issue(s)

Checklist

  • I have read the contributing guidelines.
  • I have referenced an issue containing the design document if my change
    introduces a new feature.
  • I am following the
    contributing code guidelines.
  • I have read the security policy.
  • I confirm that this pull request does not address a security
    vulnerability. If this pull request addresses a security vulnerability, I
    confirm that I got the approval (please contact
    [email protected]) from the maintainers to push
    the changes.
  • I have added tests that prove my fix is effective or that my feature
    works.
  • I have added or changed the documentation.

Further Comments

@jonas-jonas jonas-jonas self-assigned this Nov 10, 2023
@codecov Codecov
Copy link

codecov bot commented Nov 12, 2023
edited
Loading

Codecov Report

Merging #3616 (0bc6807) into master (f7c6767) will decrease coverage by 0.51%.
Report is 2 commits behind head on master.
The diff coverage is 91.66%.

❗ Current head 0bc6807 differs from pull request most recent head 6035910. Consider uploading reports for the commit 6035910 to get more accurate results

@@            Coverage Diff             @@
##           master    #3616      +/-   ##
==========================================
- Coverage   78.79%   78.29%   -0.51%     
==========================================
  Files         343      343              
  Lines       24024    23406     -618     
==========================================
- Hits        18930    18326     -604     
- Misses       3700     3701       +1     
+ Partials     1394     1379      -15
Files Coverage Δ
selfservice/strategy/oidc/provider_apple.go 35.00% <100.00%> (-3.64%) ⬇️
selfservice/strategy/oidc/provider_config.go 60.00% <ø> (ø)
selfservice/strategy/oidc/provider_google.go 89.18% <100.00%> (+2.52%) ⬆️
selfservice/strategy/oidc/token_verifier.go 90.00% <90.00%> (ø)

... and 11 files with indirect coverage changes

aeneasr
aeneasr reviewed Nov 13, 2023
View reviewed changes
selfservice/strategy/oidc/token_verifier.go Outdated
func verifyToken(ctx context.Context, keySet oidc.KeySet, config *Configuration, rawIDToken, issuerURL string) (*Claims, error) {
tokenAudiences := append([]string{config.ClientID}, config.AdditionalIDTokenAudiences...)
var token *oidc.IDToken
var err error
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I suggest initializing this with a default error, otherwise the default err is nil, so no error, so audience validated.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, I added the fallback.

@aeneasr aeneasr merged commit 0fa648d into master Nov 13, 2023
17 of 18 checks passed
@aeneasr aeneasr deleted the jonas-jonas/allowAdditionalIDTokenAudiences branch November 13, 2023 11:45
moose115 pushed a commit to moose115/kratos that referenced this pull request Dec 7, 2023
@jonas-jonas @moose115
feat: allow additional id token audiences (ory#3616)
d873fa6
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr aeneasr approved these changes

@zepatrik zepatrik Awaiting requested review from zepatrik

@hperl hperl Awaiting requested review from hperl

Assignees

@jonas-jonas jonas-jonas

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support additional client IDs for Apple native sign in
2 participants
@jonas-jonas @aeneasr