Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Support for urn:ietf:params:oauth:grant-type:jwt-bearer grant type RFC 7523 #2384

Merged
merged 53 commits into from
Dec 26, 2021
Merged
Changes from 1 commit
Commits
Show all changes
53 commits
Select commit Hold shift + click to select a range
e550200
feat: add auth grant jwt support
Dec 17, 2020
ac8b3f4
fix: mysql migration for grant jwk and table naming
Dec 17, 2020
7474634
fix: check grant existence on attempt to delete it
Jan 19, 2021
b67fd7f
style: imports format
Jan 20, 2021
aabb2f0
docs: add swagger docs for grant API
Jan 21, 2021
c0463b8
fix: grant list was not filtered by optional issuer
Jan 21, 2021
b76c70b
test(grant): add tests for jwt-bearer grant
Jan 25, 2021
a5a33d8
test(grant): add public key scopes tests
Mar 4, 2021
8120145
fix(grant) delete assosiated grant public key on grant deletion
Mar 4, 2021
ebc1bd7
feat(fosite) use fosite v0.38.0
Mar 4, 2021
434bfa7
docs(readme): correct command to reset db in tests
Mar 4, 2021
81ba0ed
feat(grant): add flush handler
Mar 5, 2021
995db84
style: goimports
Mar 5, 2021
dc6354f
feat(config): changed config names for grant jwt
Mar 24, 2021
af66732
docs: add dummy page for oauth2 jwt grant type
aeneasr Apr 5, 2021
5948c87
docs(jwtbearer): Add docs for grant jwt bearer
May 24, 2021
de70e4e
doc(jwtbearer) change naming
May 25, 2021
71d84a8
chore(jwtbearer): regenerate sdk
May 25, 2021
9ee32ca
test(jwtbearer): add handler tests
May 28, 2021
1152a25
Merge remote-tracking branch 'origin/master' into auth-grant-type-jwt…
aeneasr Jul 13, 2021
84cba23
feat: code review
aeneasr Jul 13, 2021
bb5b3fd
feat: code review
aeneasr Jul 13, 2021
02a9a7e
feat: code review
aeneasr Jul 13, 2021
8f1f08d
feat: code review
aeneasr Jul 13, 2021
b349d06
feat: code review
aeneasr Jul 13, 2021
1fa9f77
feat: code review
aeneasr Jul 13, 2021
d4e2c2e
feat: code review
aeneasr Jul 13, 2021
e4bda4c
feat: code review
aeneasr Jul 13, 2021
b01cfab
feat: add end-to-end tests for the jwt bearer grant type (RFC 7523)
jagobagascon Nov 4, 2021
3ede4c0
feat: add grant validator tests
jagobagascon Nov 11, 2021
656c1c6
feat: use pipe instead of space to store jwt grant scopes in the DB
jagobagascon Nov 11, 2021
775a6e9
feat: add index to jwt bearer issuers expires_at column
jagobagascon Nov 11, 2021
91e24f9
refactor: get smallest time to save one DB filter when flushing grants
jagobagascon Nov 12, 2021
a882e6e
refactor: make DeleteGrant in a single transaction
jagobagascon Nov 12, 2021
b3fd42e
refactor: use a single transaction to in the CreateGrant function
jagobagascon Nov 12, 2021
8cb9f17
feat: remove flush expired grants endpoint and add it to the janitor CLI
jagobagascon Nov 15, 2021
1102b2f
fix: circleci
Nov 17, 2021
72862b1
feat: require client authentication when using the jwt bearer grant
jagobagascon Nov 22, 2021
756fab3
feat: remove unnecesary iat-optional and jti-optional flags
jagobagascon Dec 1, 2021
3d9b547
Merge pull request #5 from jagobagascon/auth-grant-type-jwt-bearer
drwatsno Dec 1, 2021
c51a51c
Merge remote-tracking branch 'origin/master' into auth-grant-type-jwt…
Dec 5, 2021
63e7660
fix: make contributors file
Dec 5, 2021
a0a48df
style: make format
Dec 5, 2021
259f23b
feat: programatically generate testing RSA key pairs
jagobagascon Dec 9, 2021
dd18daf
feat: replace Math.random with crypto.getRandomValues
jagobagascon Dec 9, 2021
9a59bd3
chore: format
Dec 14, 2021
8491478
Merge remote-tracking branch 'origin/master' into auth-grant-type-jwt…
aeneasr Dec 26, 2021
533f8e6
chore: code review
aeneasr Dec 26, 2021
8527fab
chore: code review
aeneasr Dec 26, 2021
a8f1a51
chore: format
aeneasr Dec 26, 2021
ac9f7ec
chore: code review
aeneasr Dec 26, 2021
5e161c8
chore: code review
aeneasr Dec 26, 2021
47996e0
u
aeneasr Dec 26, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
style: make format
Vladimir Kalugin committed Dec 5, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit a0a48df356b883d61b02461bf28cf3867e62c672
41 changes: 26 additions & 15 deletions cypress/helpers/index.js
Original file line number Diff line number Diff line change
@@ -59,15 +59,17 @@ const getClient = (id) =>

export const createGrant = (grant) =>
cy
.request('POST', Cypress.env('admin_url') + '/trust/grants/jwt-bearer/issuers', JSON.stringify(grant))
.request(
'POST',
Cypress.env('admin_url') + '/trust/grants/jwt-bearer/issuers',
JSON.stringify(grant)
)
.then((response) => {
const grantID = response.body.id
getGrant(grantID).then((actual) => {
if (actual.id !== grantID) {
return Promise.reject(
new Error(
`Expected id's to match: ${actual.id} !== ${grantID}`
)
new Error(`Expected id's to match: ${actual.id} !== ${grantID}`)
)
}
return Promise.resolve(response)
@@ -76,23 +78,32 @@ export const createGrant = (grant) =>

export const getGrant = (grantID) =>
cy
.request('GET', Cypress.env('admin_url') + '/trust/grants/jwt-bearer/issuers/' + grantID)
.request(
'GET',
Cypress.env('admin_url') + '/trust/grants/jwt-bearer/issuers/' + grantID
)
.then(({ body }) => body)

export const deleteGrants = () =>
cy.request(Cypress.env('admin_url') + '/trust/grants/jwt-bearer/issuers').then(({ body = [] }) => {
;(body || []).forEach(({ id }) => deleteGrant(id))
})
cy
.request(Cypress.env('admin_url') + '/trust/grants/jwt-bearer/issuers')
.then(({ body = [] }) => {
;(body || []).forEach(({ id }) => deleteGrant(id))
})

const deleteGrant = (id) =>
cy.request('DELETE', Cypress.env('admin_url') + '/trust/grants/jwt-bearer/issuers/' + id)
cy.request(
'DELETE',
Cypress.env('admin_url') + '/trust/grants/jwt-bearer/issuers/' + id
)

export const publicJwk = {
kid: 'token-service-key',
kty: 'RSA',
alg: 'RS256',
n: 'xbOXL8LDbB8hz4fe6__qpESz5GqX0IjH9lRIywG1xj7_w9UXnds5oZpXp0L4TM7B9j0na6_wIwcnfTlQr1cW3LHJXjzPS19zK5rrvB5eabNhtv4yIyH2DSfkI5J3y0bmfY74_J_rDFtQ1PdpfMzdF5cceYvw05B3Q6naPwPN_86GjOkxBWeBZ1-jL5-7cpbbAfeICjEEBsKDX0j-2ZyKpQ2r4jrxwxDF-J3Xsf6ieRKHggQfG-_xMucz40j7t_s-ttE8LoOm9Mmg0gl6vsfhL9rBvUiW-FLCgCqAKSB9a4JHp4_cgsUUR4TsPrJXTGXDFPoqd63S4ZLkCqOeFLOMUx7zVM_gVyyDIbfXWG2HRt6IbEiU8-A-irw0PtPKKiZ0mue2DT3gbvRJlKpL4RG8Obhlaxzf1eQ9jLx15_DoJt9M8zrK9m99YNRMBeJWwJ-RaUv0odpMkIMawH-ly0IO4Kc6fV2g0PK0f4lBnoHze802Y5SQfN19D3GaL93xlHDTHIsX_q0ICyQzupHjQeFHSa9ku0mA36p40lE3Ejpxjbx1BNAvwozGIE7OuovtUgnaodzpRp5HMrCS5YSGE0LtpTgyEibrG3pA12tSvQW3WDeB8qx4dPBBo917ujdgO23p9ZYm96ohZMUOSR_ItX7n3Q4N6W490YrNgj6c-r9kfWk',
e: 'AQAB'
kid: 'token-service-key',
kty: 'RSA',
alg: 'RS256',
n:
'xbOXL8LDbB8hz4fe6__qpESz5GqX0IjH9lRIywG1xj7_w9UXnds5oZpXp0L4TM7B9j0na6_wIwcnfTlQr1cW3LHJXjzPS19zK5rrvB5eabNhtv4yIyH2DSfkI5J3y0bmfY74_J_rDFtQ1PdpfMzdF5cceYvw05B3Q6naPwPN_86GjOkxBWeBZ1-jL5-7cpbbAfeICjEEBsKDX0j-2ZyKpQ2r4jrxwxDF-J3Xsf6ieRKHggQfG-_xMucz40j7t_s-ttE8LoOm9Mmg0gl6vsfhL9rBvUiW-FLCgCqAKSB9a4JHp4_cgsUUR4TsPrJXTGXDFPoqd63S4ZLkCqOeFLOMUx7zVM_gVyyDIbfXWG2HRt6IbEiU8-A-irw0PtPKKiZ0mue2DT3gbvRJlKpL4RG8Obhlaxzf1eQ9jLx15_DoJt9M8zrK9m99YNRMBeJWwJ-RaUv0odpMkIMawH-ly0IO4Kc6fV2g0PK0f4lBnoHze802Y5SQfN19D3GaL93xlHDTHIsX_q0ICyQzupHjQeFHSa9ku0mA36p40lE3Ejpxjbx1BNAvwozGIE7OuovtUgnaodzpRp5HMrCS5YSGE0LtpTgyEibrG3pA12tSvQW3WDeB8qx4dPBBo917ujdgO23p9ZYm96ohZMUOSR_ItX7n3Q4N6W490YrNgj6c-r9kfWk',
e: 'AQAB'
}
export const privatePem = `-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAxbOXL8LDbB8hz4fe6//qpESz5GqX0IjH9lRIywG1xj7/w9UX
@@ -198,4 +209,4 @@ gkrdwl3XTM//5Aq8iUZtt5OA7Jel/Iw9e4QBf6F2pYl73BStBbUHtWPC9we8qj3p
JgGFwiBBmFjZqu1oo0Q4mteDIIEHvbebD6G0nibilORZGOFnCVE7f0HYEzHDAzVe
OgyQybTowIznIMk7WuoLS2Kq1GghMm1l1gkmXj5hmmSIg8GBwRWa+5x6
-----END RSA PRIVATE KEY-----
`
`
Loading