Comments (16)
we have the same issue, and would be grateful if that easy fix can go it quickly.
from omniauth_openid_connect.
Yep, same issue here. Simple fix to not have to monkey patch that class would be appreciated.
from omniauth_openid_connect.
@peregrinator @iknowu10 @carlossilva could you guys test this branch if it fixes the issue and there are no regressions?
gem 'omniauth_openid_connect', git: 'https://github.com/m0n9oose/omniauth_openid_connect.git', branch: 'fix_redundant_token_verification'
from omniauth_openid_connect.
Thank you @m0n9oose, works like a charm!
On a related note, in the callback_phase even for a non id_token response type we have an id token coming in the rack request request.env['omniauth.auth']['credentials']['id_token'] do you feel your gem should verify the id_token if there is one in this case as well?
from omniauth_openid_connect.
On a related note, in the callback_phase even for a non id_token response type we have an id token coming in the rack request request.env['omniauth.auth']['credentials']['id_token'] do you feel your gem should verify the id_token if there is one in this case as well?
Sorry, I'm not sure if I understand this. With this fix gem will try to verify id_token
only if your app has response_type = :id_token
setting. If you use response_type = :code
gem will skip verification step.
from omniauth_openid_connect.
Right, but in my case even with response_type = :code I still get a response from the IDP that includes an id_token. Not necessary at all, most important is that your fix works and would be great to merge back!
Thanks again.
from omniauth_openid_connect.
I see. Not sure if this is good idea. Verification can throw an exception if somethings wrong with id_token
and it could be a problem if you have response_type = :code
and still getting an error because of unwanted id_token
.
from omniauth_openid_connect.
Sounds good, a merge would be great! Thanks @m0n9oose
from omniauth_openid_connect.
@peregrinator @iknowu10 any news?
from omniauth_openid_connect.
Apologies - Iโm currently traveling so wonโt be able to test right away but the code changes look good to me.
from omniauth_openid_connect.
@peregrinator I'd like to wait a bit more to allow you to test this branch on your app and make sure we haven't introduced new regressions. I have no live application and can't reproduce it in the wild.
from omniauth_openid_connect.
@m0n9oose I've tested this and it all works fine now! Would be great if it can be merged in.
from omniauth_openid_connect.
We've been running our fork with these changes for a bit now and haven't seen any problems. Should be good to merge!
from omniauth_openid_connect.
Bumped into this issue as well and the fix in the branch fix_redundant_token_verification
seems to fix this.
from omniauth_openid_connect.
This pull request worked for me!
from omniauth_openid_connect.
@m0n9oose Would you be so kind as to merge this and cut a new release? Thanks!
from omniauth_openid_connect.
Related Issues (20)
- New release compatible with OmniAuth 2.x? HOT 2
- OpenID Certification
- Git tag v0.4.0 HOT 2
- multiple open_id providers with devise HOT 2
- Gitlab client_auth_method basic, secret is url encoded
- OpenIDConnect::Discovery::DiscoveryFailed when discovery is not enabled HOT 3
- When one of the endpoints have a different host
- how to work with endpoints with different hosts but same provider HOT 3
- Using this gem for LTI 1.3
- Allow relaxing state check for IdP initiated SSO HOT 5
- Automatically set (and send?) redirect_uri HOT 2
- Dynamically Set ACR Values HOT 3
- OneLogin OIDC post_logout_redirect_uri issue HOT 3
- OpenID-provider without `userinfo_endpoint`
- Uninitialized constant json::jws::unknownalgorithm HOT 1
- Pitfalls setting up OIDC with ADFS HOT 2
- Why should the logout path be relative to request_path
- Possible bug when upgrading to 0.7.0 and openid_connect to 2.2.0 HOT 2
- When using jwks_uri, default value fails becuase it's not a URI
- OmniAuth::Strategies::OpenIDConnect::CallbackError, csrf_detected | Invalid 'state' parameter HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from omniauth_openid_connect.