add tests for scenarios to cover retrieving caller claims from multiple tokens #26878
Conversation
|
#build |
|
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_By9lYH6uEe6pmuZkFgD-jA Target locations of links might be accessible only to IBM employees. |
|
The build arunavemulapalli-26878-20231108-2022 For help analyzing your personal build, go to https://libh-proxy1.fyre.ibm.com/cognitive/buildAnalysis.html?uuid=_By9lYH6uEe6pmuZkFgD-jA |
|
L2 message review not required. |
| @@ -298,3 +298,8 @@ pkceCodeChallengeMethod.S256=S256 | |||
|
|
|||
| tokenRequestOriginHeader=Token request origin header | |||
| tokenRequestOriginHeader.desc=Specifies the value to use in the Origin HTTP header that is included in the HTTP POST request to the token endpoint of the OpenID Connect provider. If not specified, an Origin HTTP header is not included in the request. | |||
|
|
|||
| tokenOrderToFetchCallerClaims=Specify one or more tokens to fetch caller claims | |||
| tokenOrderToFetchCallerClaims.desc=Specifies the order of the token/s to fetch the caller name and group claim values. If the claim does not exist in the first token, then the OpenID Connect client will continue the search with other tokens in the list | |||
There was a problem hiding this comment.
- Change "the order of the token/s" to "token order"
Info: Current style guidelines ask us to use plural ("tokens" instead of "token/s"). With the suggested change you don't need to specify plural.
- Change "will continue" to "continues"
- Add a period to the end of the last sentence
| tokenOrderToFetchCallerClaims=Specify one or more tokens to fetch caller claims | ||
| tokenOrderToFetchCallerClaims.desc=Specifies the order of the token/s to fetch the caller name and group claim values. If the claim does not exist in the first token, then the OpenID Connect client will continue the search with other tokens in the list | ||
| tokenOrderToFetchCallerClaims.IDToken=Use IDToken only to determine the caller claims | ||
| tokenOrderToFetchCallerClaims.ACCESSAndIDAndUITokens=Use AccessToken, IDToken and Userinfo tokens in this order, to determine the caller claims. |
There was a problem hiding this comment.
Add a comma after "IDToken" and remove the comma after "order" >>
"Use AccessToken, IDToken, and Userinfo tokens in this order to determine the caller claims."
There was a problem hiding this comment.
addressed this review comment in the runtime , config PR - #26719
There was a problem hiding this comment.
#26719 looks good. I'll add the ID reviewed label to this PR. Thanks for making the changes!
| /** | ||
| * testing tokenOrderTofetchCallerClaims="Access Token IDToken Userinfo" | ||
| * caller group claim exist in idtoken and userinfo | ||
| * |
| } | ||
|
|
||
| /** | ||
| * testing tokenOrderTofetchCallerClaims="Access Token IDToken Userinfo" |
|
|
||
| /******************************* tests *******************************/ | ||
| /** | ||
| * testing tokenOrderTofetchCallerClaims="Access Token IDToken Userinfo" |
| /******************************* tests *******************************/ | ||
| /** | ||
| * testing tokenOrderTofetchCallerClaims="Access Token IDToken Userinfo" | ||
| * caller group claim exist in all tokens only |
There was a problem hiding this comment.
access_token and userinfo only
| } | ||
|
|
||
| /** | ||
| * testing tokenOrderTofetchCallerClaims="Access Token IDToken Userinfo" |
|
|
||
| } | ||
|
|
||
|
|
There was a problem hiding this comment.
- I would suggest adding some tests that contain the claim that is being tested with different/alt values. If the search order is TOKEN_ORDER_ACCESSTOKEN_IDTOKEN_USERINFO, have access_token contain the claim as expected and then have id_token and userinfo contain some other value (cases with different values and others with a superset of the value in the access_token)
- Have configs with different multiple token orders - such as TOKEN_ORDER_ACCESSTOKEN_IDTOKEN_USERINFO and TOKEN_ORDER_USERINFO_IDTOKEN_ACCESSTOKEN, ...
|
thanks @c00crane for the review |
|
#libby |
|
#build |
|
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_HC7TwIAaEe6pmuZkFgD-jA Target locations of links might be accessible only to IBM employees. |
|
The build arunavemulapalli-26878-20231110-1601 |
arunavemulapalli
force-pushed
the
caller-from-multiple-tokens-tests
branch
from
3af0967 to
e74de8a
Compare
|
#build |
|
Your personal build request is at https://libh-proxy1.fyre.ibm.com/cognitive/pipelineAnalysis.html?uuid=56aca1b4-0b79-473f-a9fa-987ae1414ce2 Target locations of links might be accessible only to IBM employees. |
|
Your personal build request is at https://wasrtc.hursley.ibm.com:9443/jazz/resource/itemOid/com.ibm.team.build.BuildResult/_2zIRAYDtEe6tffXfLjKGSA Target locations of links might be accessible only to IBM employees. |
|
The build arunavemulapalli-26878-20231111-1704 For help analyzing your personal build, go to https://libh-proxy1.fyre.ibm.com/cognitive/buildAnalysis.html?uuid=_2zIRAYDtEe6tffXfLjKGSA |
|
#libby |
Code analysis and actionsDO NOT DELETE THIS COMMENT.
|
Fixes fetch caller claims from multiple tokens - tests #26889
For Support to Obtain the Role Information from the Access Token / OIDC Configuration #25460