Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BREAKING] feat/refactor/docs: multiple providers, large refactor, configurable ticking interval, fix for jwks endpoint has different host #99

Open
wants to merge 36 commits into
base: main
Choose a base branch
from
Open

[BREAKING] feat/refactor/docs: multiple providers, large refactor, configurable ticking interval, fix for jwks endpoint has different host #99

wants to merge 36 commits into from

Conversation

antonengelhardt
Copy link
Owner

@antonengelhardt antonengelhardt commented Sep 5, 2024
edited
Loading

Please describe your changes and why you made them

Multiple OpenID providers

  • the plugin can now be configured to use multiple providers for token issuing and validation
  • the discovery fetches all information from the configured providers, loads the jwks etc.
  • if there is more than one provider, then the user can select a provider to authenticate with on a dedicated page. this happens with a callback (_wasm-oidc-plugin/provider-selection?authorize_with_provider=wwu&return_to=lw), which then redirect to the authorization_endpoint, because otherwise we would not be able to know which server sent the code in the code callback.
  • if there is only one provider, the redirection will happen right away

Small features

Refactor & fixes

Does this PR introduce a breaking change?

Warning

This PR introduces a breaking change:
Please see envoy.yaml for the updated config structure

TODOs

Other information and Screenshots (if appropriate)

🤫 It has darkmode

Arc 2024-09-05 23 39 19

Screenshot-Arc-008756@2x

Linked

For #93

more to come

@antonengelhardt antonengelhardt added semver:minor Release in the next minor version feature New Feature or enhancement refactor Code refactoring docs Documentation labels Sep 5, 2024
@antonengelhardt antonengelhardt self-assigned this Sep 5, 2024
@antonengelhardt antonengelhardt force-pushed the mulitple-open-id-providers branch 2 times, most recently from e6806c9 to 0d882e9 Compare September 5, 2024 22:02
This was referenced Sep 6, 2024
Merged
Open
@antonengelhardt antonengelhardt linked an issue Sep 6, 2024 that may be closed by this pull request
Multiple OIDC providers #93
Open
@antonengelhardt antonengelhardt changed the title [BREAKING] feat/refactor/docs: multiple providers, large refactor [BREAKING] feat/refactor/docs: multiple providers, large refactor, configurable ticking interval, fix for jwks endpoint has different host Sep 9, 2024
@antonengelhardt antonengelhardt force-pushed the mulitple-open-id-providers branch 2 times, most recently from 80e497e to d94b6df Compare September 9, 2024 16:00
This was linked to issues Sep 10, 2024
Error IDs on Error Page & in Logs #101
Open
Logout Route to clear cookies #94
Open
@antonengelhardt antonengelhardt force-pushed the mulitple-open-id-providers branch 3 times, most recently from eb3e9de to 17ac0f4 Compare October 17, 2024 15:37
This was referenced Nov 4, 2024
Closed
Closed
Closed
@antonengelhardt
feat(discovery): multiple oidc providers
994cb31 
* plugin can now have more than one oidc provider
* the discovery will load information from all providers
* user selects the provider on an auth page if there is >1 provider
* more logs
* more comments

TODO:
* error handling
* performance and linting
* large refactoring to file structure

This is just a POC!

THIS IS A BREAKING CHANGE!

Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
refactor: split into separate files
6e9f61b 
* add auth.rs for code flow
* rename cookies.rs to session.rs
* add pause.rs

Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
chore: pr template
301ba4c 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
refactor: error page is now generic
7866042 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
style: fmt
3315846 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
style: clippy lints fixed
f36a1ba 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix: add footer to auth page and layout fixes
74060f7 
Signed-off-by: Anton Engelhardt <[email protected]>
antonengelhardt and others added 26 commits November 4, 2024 18:28
@antonengelhardt
style(fmt): order modules
4c72c56 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(discovery): implement Display for ResolverState
b70a756 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(logs): pretty print discovery reponses debug logs
8b03a41 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
refactor/docs: naming change, more comments and log level changes
c63bcc1 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(logs): lower case log
b7d4ea0 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(html): fixed height for all providers cards
0cfa8c9 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
docs: update readme and examples with multiple providers logic
866e100 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
feat(discovery): configurable ticking_interval_in_ms controls ticking
b4a5a61 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
style: fmt
d68a36a 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(discovery): fix if host of jwks endpoint is different
b6f3a13 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(exclude): get scheme to parse url
5b0b1a2 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
feat(errors): use envoy's request-id to log errors and show, helvetica
b520a42 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
refactor: rebase logout path PR with mulitple providers PR
a5ae4be 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(logout): write something to clear the cookie, refactor cookie fn
8b1faf3 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
feat(ci): add audit, outdated and verify-project steps
8bc79b9 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
chore(deps): update envoy to 1.30
025195f 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
chore(deps): update regex to 1.11 and thiserror to 1.0.64
f5073fa 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(ci): run test jobs more quickly
5b9dc69 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
chore: add audit.toml file
a9cda9d 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
fix(html): error page has dark mode now!
a9feaba 
Signed-off-by: Anton Engelhardt <[email protected]>
@miwig @antonengelhardt
style: use inline variables in html.rs
1f103bb
@miwig @antonengelhardt
fix: store number of cookie parts in a cookie
de45f7a 
this avoids problems with leftover cookie parts preventing decryption
@miwig @antonengelhardt
style: use inline formatting in errors.rs
822cbfd
@miwig @antonengelhardt
chore: remove dead code
43a4ce7
@antonengelhardt
chore(deps): update 4 deps
bbc17e7 
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt
refactor: wasm32-wasi renamed to wasm32-wasip1 & rust to 1.78
9c4c076 
proxy-wasm/proxy-wasm-rust-sdk#277

https://blog.rust-lang.org/2024/04/09/updates-to-rusts-wasi-targets.html
Signed-off-by: Anton Engelhardt <[email protected]>
@antonengelhardt antonengelhardt mentioned this pull request Nov 8, 2024
Open
@antonengelhardt antonengelhardt mentioned this pull request Nov 19, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miwig miwig Awaiting requested review from miwig miwig is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@antonengelhardt antonengelhardt

Labels
docs Documentation feature New Feature or enhancement refactor Code refactoring semver:minor Release in the next minor version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Error IDs on Error Page & in Logs Logout Route to clear cookies Multiple OIDC providers
2 participants
@antonengelhardt @miwig