feat: fix large group claim handling in azure id tokens #1995

hf · 2025-04-19T16:40:30Z

Handles large group claims in Azure ID tokens by fetching them from the (usually) designated Azure endpoint.

internal/api/provider/oidc.go

internal/api/provider/azure.go

coveralls · 2025-04-19T16:48:34Z

Pull Request Test Coverage Report for Build 14550997722

Details

108 of 121 (89.26%) changed or added relevant lines in 2 files are covered.
No unchanged relevant lines lost coverage.
Overall coverage increased (+0.07%) to 68.487%

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
internal/api/provider/azure.go	107	120	89.17%

Totals
Change from base Build 14521604033:	0.07%
Covered Lines:	10684
Relevant Lines:	15600

💛 - Coveralls

cstockton

Approving since high priority.

I do wonder how many claims end up needing resolved this way? It may be worth having the http request code in an errgroup because depending on latency it might really add up. Being in a func scope would have the additional benefit of more eager defers.

internal/api/provider/azure.go

🤖 I have created a release *beep* *boop* --- ## [2.172.0](v2.171.0...v2.172.0) (2025-05-04) ### Features * fix large group claim handling in azure id tokens ([#1995](#1995)) ([2f323fe](2f323fe)) * use `global_user_id` over `sub` for `vercel_marketplace` issuer ([#1990](#1990)) ([f94f97e](f94f97e)) ### Bug Fixes * azure overage claims start with single `_` not two ([#1999](#1999)) ([29f3440](29f3440)) * remove azure claim overage code. ([#2005](#2005)) ([63dce14](63dce14)) * resolving azure overage claim should include `api-version=1.6` query parameter ([#2000](#2000)) ([44890d0](44890d0)) * upgrade godotenv to v1.5.1 to fix multiline file loading ([#1997](#1997)) ([f2af4b2](f2af4b2)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Handles [large `group` claims in Azure ID tokens](https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference#groups-overage-claim) by fetching them from the ([usually](https://learn.microsoft.com/en-us/graph/api/directoryobject-getmemberobjects?view=graph-rest-1.0&tabs=http)) designated Azure endpoint.

🤖 I have created a release *beep* *boop* --- ## [2.172.0](v2.171.0...v2.172.0) (2025-05-04) ### Features * fix large group claim handling in azure id tokens ([#1995](#1995)) ([2f323fe](2f323fe)) * use `global_user_id` over `sub` for `vercel_marketplace` issuer ([#1990](#1990)) ([f94f97e](f94f97e)) ### Bug Fixes * azure overage claims start with single `_` not two ([#1999](#1999)) ([29f3440](29f3440)) * remove azure claim overage code. ([#2005](#2005)) ([63dce14](63dce14)) * resolving azure overage claim should include `api-version=1.6` query parameter ([#2000](#2000)) ([44890d0](44890d0)) * upgrade godotenv to v1.5.1 to fix multiline file loading ([#1997](#1997)) ([f2af4b2](f2af4b2)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Handles [large `group` claims in Azure ID tokens](https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference#groups-overage-claim) by fetching them from the ([usually](https://learn.microsoft.com/en-us/graph/api/directoryobject-getmemberobjects?view=graph-rest-1.0&tabs=http)) designated Azure endpoint.

🤖 I have created a release *beep* *boop* --- ## [2.172.0](v2.171.0...v2.172.0) (2025-05-04) ### Features * fix large group claim handling in azure id tokens ([#1995](#1995)) ([2f323fe](2f323fe)) * use `global_user_id` over `sub` for `vercel_marketplace` issuer ([#1990](#1990)) ([f94f97e](f94f97e)) ### Bug Fixes * azure overage claims start with single `_` not two ([#1999](#1999)) ([29f3440](29f3440)) * remove azure claim overage code. ([#2005](#2005)) ([63dce14](63dce14)) * resolving azure overage claim should include `api-version=1.6` query parameter ([#2000](#2000)) ([44890d0](44890d0)) * upgrade godotenv to v1.5.1 to fix multiline file loading ([#1997](#1997)) ([f2af4b2](f2af4b2)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

feat: fix large group claim handling in azure id tokens

396506d

hf requested a review from a team as a code owner April 19, 2025 16:40

hf commented Apr 19, 2025

View reviewed changes

internal/api/provider/oidc.go Show resolved Hide resolved

hf commented Apr 19, 2025

View reviewed changes

internal/api/provider/azure.go Show resolved Hide resolved

cstockton approved these changes Apr 21, 2025

View reviewed changes

internal/api/provider/azure.go Show resolved Hide resolved

cstockton merged commit 2f323fe into master Apr 21, 2025
9 checks passed

cstockton deleted the hf/fix-azure-large-groups branch April 21, 2025 15:06

github-actions bot mentioned this pull request Apr 21, 2025

chore(master): release 2.172.0 #1992

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat: fix large group claim handling in azure id tokens #1995

feat: fix large group claim handling in azure id tokens #1995

Uh oh!

hf commented Apr 19, 2025

Uh oh!

Uh oh!

Uh oh!

coveralls commented Apr 19, 2025

Uh oh!

cstockton left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants

feat: fix large group claim handling in azure id tokens #1995

feat: fix large group claim handling in azure id tokens #1995

Uh oh!

Conversation

hf commented Apr 19, 2025

Uh oh!

Uh oh!

Uh oh!

coveralls commented Apr 19, 2025

Pull Request Test Coverage Report for Build 14550997722

Details

💛 - Coveralls

Uh oh!

cstockton left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

4 participants