Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add audience to the client_options #179

Merged
merged 3 commits into from
Jul 5, 2024
Merged

Add audience to the client_options #179

merged 3 commits into from
Jul 5, 2024

Conversation

manuelvanrijn
Copy link
Contributor

I've come across an issue where the identifier wasn't equal to the audience in the token. This resulted in verification errors because currently it will verify the aud against the identifier if no audience is specified.

In this PR, I introduced the audience as client_options and will pass this along in the verify! of the decoded_id_token so the openid_connect gem can handle the expected audience

@manuelvanrijn
Add audience to the client_options
43407b6 
I've come across an issue where the `identifier` wasn't equal to the `audience` in the token.
This resulted in verification errors because currently it will verify the `aud` against the `identifier` if no `audience` is specified.

In this PR, I introduced the `audience` as `client_options` and will pass this along in the `verify!` of the `decoded_id_token` so the openid_connect gem [can handle the expected audience](https://github.com/nov/openid_connect/blob/e1eb8ea962af43752b1aed2c1063a3e24f96c5bc/lib/openid_connect/response_object/id_token.rb#L30-L32)
@manuelvanrijn
Copy link
Contributor Author

manuelvanrijn commented Jun 5, 2024
edited
Loading

@stanhu @bufferoverflow just a friendly ping 😄 Would you have time to review this ? Thanks in advance!

@stanhu
Copy link
Contributor

stanhu commented Jul 3, 2024

There are also Rubocop failures: https://github.com/omniauth/omniauth_openid_connect/actions/runs/9779345570/job/27001862614?pr=179

@manuelvanrijn manuelvanrijn force-pushed the introduce-audience-client-option branch from 124d76d to 94c649a Compare July 3, 2024 17:32
@manuelvanrijn manuelvanrijn requested a review from stanhu July 3, 2024 17:32
@bufferoverflow bufferoverflow mentioned this pull request Jul 5, 2024
Open
bufferoverflow
bufferoverflow approved these changes Jul 5, 2024
View reviewed changes
Copy link
Member

@bufferoverflow bufferoverflow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, just one little docs suggestion. Feel free to ignore it.

README.md Outdated Show resolved Hide resolved
@manuelvanrijn @bufferoverflow
Update README.md
38ae821 
Co-authored-by: Roger Meier <[email protected]>
@bufferoverflow bufferoverflow merged commit 23d4b13 into omniauth:master Jul 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stanhu stanhu stanhu approved these changes

@bufferoverflow bufferoverflow bufferoverflow approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@manuelvanrijn @stanhu @bufferoverflow