Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(oxauth): end session - if id_token is expired but signature is correct, we should make attempt to look up session by "sid" claim #1759

Closed
yuriyz opened this issue Dec 6, 2022 · 1 comment
Closed

feat(oxauth): end session - if id_token is expired but signature is correct, we should make attempt to look up session by "sid" claim #1759

yuriyz opened this issue Dec 6, 2022 · 1 comment
Assignees
@yuriyz
Labels
enhancement libs update, re-factroring, etc.
Milestone
4.5

Comments

@yuriyz
Copy link
Contributor

yuriyz commented Dec 6, 2022

Describe the issue

feat(oxauth): end session - if id_token is expired but signature is correct, we should make attempt to look up session by "sid" claim

Expected behavior

AS should make attempt to look up session by sid claim.

Actual behavior

Currently it's not the case.
@yuriyz yuriyz added the enhancement libs update, re-factroring, etc. label Dec 6, 2022
@yuriyz yuriyz added this to the 4.5 milestone Dec 6, 2022
@yuriyz yuriyz self-assigned this Dec 6, 2022
@yuriyz yuriyz mentioned this issue Dec 6, 2022
Closed
2 tasks
yuriyz added a commit that referenced this issue Dec 9, 2022
@yuriyz
feat(oxauth): end session - if id_token is expired but signature is c…
b0ab9d1 
…orrect, we should make attempt to look up session by "sid" claim #1759
@yuriyz yuriyz mentioned this issue Dec 9, 2022
Merged
yuriyz added a commit that referenced this issue Dec 9, 2022
@yuriyz
feat(oxauth): end session - if id_token is expired but signature is c…
b548f44 
…orrect, we should make attempt to look up session by "sid" claim #1759 (#1763)
@yuriyz
Copy link
Contributor Author

yuriyz commented Dec 9, 2022

There is one fix and one feature implemented:

  1. fixed look up grant by id_token
  2. search session by id_token's sid claim even if id_token is expired and does not exist in db anymore (id_token signature is validated before search)

Implemented in #1763

@yuriyz yuriyz closed this as completed Dec 9, 2022
yurem added a commit that referenced this issue Dec 15, 2022
@yurem @yuriyz
merge from master (#1764)
405237f 
* feat(oxauth): end session - if id_token is expired but signature is correct, we should make attempt to look up session by "sid" claim #1759 (#1763)

* fix: catch org.eclipse.jetty.http.BadMessageException: in jans #3330

Co-authored-by: YuriyZ <yzabrovarniy@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yuriyz yuriyz

Labels
enhancement libs update, re-factroring, etc.
Projects
None yet
Milestone
4.5
Development

No branches or pull requests
1 participant
@yuriyz