Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement RFC 8628 #826

Open
wants to merge 22 commits into
base: master
Choose a base branch
from
Open

Implement RFC 8628 #826

wants to merge 22 commits into from

Conversation

nsklikas
Copy link

@nsklikas nsklikas commented Sep 30, 2024
edited
Loading 

BREAKING CHANGES: This patch breaks up `OAuth2AuthorizeExplicitFactory` into
`OAuth2AuthorizeExplicitAuthFactory` and `Oauth2AuthorizeExplicitTokenFactory`

Related Design Document

Implements RFC 8628.

Checklist

  • I have read the contributing guidelines and signed the CLA.
  • I have referenced an issue containing the design document if my change introduces a new feature.
  • I have read the security policy.
  • I confirm that this pull request does not address a security vulnerability.
    If this pull request addresses a security vulnerability,
    I confirm that I got approval (please contact security@ory.sh) from the maintainers to push the changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added the necessary documentation within the code base (if appropriate).

Further comments

This PR is based on the work done on #701, by @supercairos and @BuzzBumbleBee. That PR was based on an older version of fosite and was missing some features/tests.

Comments:

  • Due to some dependency issues we had to switch to go.uber.org/mock/gomock (github.com/golang/mock/gomock is deprecated)
  • We had to do a small refactor of the AuthorizeExplicitGrantHandler to generalize it to reduce code duplication

nsklikas and others added 21 commits September 25, 2024 20:46
@nsklikas
fix: Use Requester param in WriteAccessError
3408f21 
The WriteAccessError is used to construct error responses as described
in Section 5.2 of [RFC6749]. It is not limited to access token
responses.

Perhaps we should rename the function to Rfc6749TokenError.
@nsklikas
fix: generalize validateAuthorizeAudience method
3938bcf
@nsklikas
feat: add device flow base logic
b753539
@nsklikas
fix: add handler for device authorization req
4d27c2e
@nsklikas
fix: add device flow handlers to compose
c11da9e
@nsklikas
fix: update memory storage
c9d373c
@nsklikas
chore: update integration tests
c17d93e
@nsklikas
fix: review comments
e2e0dc7
@wood-push-melon @nsklikas
feat: implement the access token handling for device authorization flow
f5b2a41 
feat: add the access token endpoint handling for device authorization flow
@wood-push-melon @nsklikas
fix: passing the correct authorization request when validating if the…
53e66ad 
… auth/device code is expired
@wood-push-melon @nsklikas
feat: error handling for authorization pending in device flow
651bd86
@wood-push-melon @nsklikas
test: reorganize the testcases
02c7b8e
@wood-push-melon @nsklikas
chore: resolve comments
2196146
@wood-push-melon @nsklikas
fix: fix oauth2 core storage interface and device flow session type a…
93f7123 
…ssertion
@nsklikas
fix: implement rate limiting
036f20d
@nsklikas
fix: token endpoint rate limiting
18519db
@nsklikas
fix: do not validate request when creating response
b18eb34
@wood-push-melon @nsklikas
fix: add the OIDC handler for device flow (#13)
76428a6 
fix: add the OIDC handler for device flow
@wood-push-melon @nsklikas
fix: fix the refresh token issue (#14)
8ac652b 
* fix: fix the refresh token issue

* fix: fix the OIDC token missing issue
@nsklikas
fix: use correct grant lifespan to issue tokens
6eefc96
@wood-push-melon @nsklikas
fix: handle the user code generation duplication
31eb7b3
@CLAassistant
Copy link

CLAassistant commented Sep 30, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

@nsklikas nsklikas mentioned this pull request Sep 30, 2024
Open
7 tasks
@nsklikas
Copy link
Author

Looks like the conformity tests are failing because it tries to use this version of fosite on hydra master. But they pass on the hydra PR with this version of fosite. Changes are needed on the hydra config DefaultProvider object, how should we fix this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aeneasr aeneasr Awaiting requested review from aeneasr aeneasr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nsklikas @CLAassistant @wood-push-melon